[Swan-dev] KLIPS crashes after kernel update

Thomas Geulig geulig at nentec.de
Mon Nov 4 13:22:29 EET 2013


Am Montag, 4. November 2013, 10:31:05 schrieb Roel van Meer:
> Thomas Geulig writes:
> > Am Freitag, 1. November 2013, 15:33:16 schrieb Roel van Meer:
> > > I am seeing the problem that, while your fix makes my kernel not crash
> > > anymore, packets get an incorrect checksum so they are dropped at the
> > > other
> > > end.
> >
> > yes, I'm having the same problem. The problem is with the transmitter
> > (Linux 3.4.66). My receiver is still on Linux 2.6.32. Both are running
> > openswan 2.6.39 btw.

Ok, it's working now.

The problem is, the IP header derived from the skb is not the same as
the "new" IP header which was passed before the change.

The solution is to write a wrapper and call __ip_select_ident() directly.

#define KLIPS_IP_SELECT_IDENT(iph, skb) \
        do { \
            if ((iph->frag_off & htons(IP_DF)) && !skb->local_df) \
		iph->id = 0; \
            else \
                __ip_select_ident(iph, skb_dst(skb), 0); \
        } while (0);

The good thing is, this should work on all kernel versions.

Best regards

Thomas

-------------- next part --------------
A non-text attachment was scrubbed...
Name: ip_select_ident.patch
Type: text/x-patch
Size: 632 bytes
Desc: not available
URL: <https://lists.libreswan.org/pipermail/swan-dev/attachments/20131104/171beabe/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4769 bytes
Desc: not available
URL: <https://lists.libreswan.org/pipermail/swan-dev/attachments/20131104/171beabe/attachment.p7s>


More information about the Swan-dev mailing list