[Swan-dev] KLIPS crashes after kernel update

Paul Wouters paul at nohats.ca
Thu Oct 31 23:20:15 EET 2013

On Thu, 31 Oct 2013, Thomas Geulig wrote:

> after upgrading from kernel 3.4.65 to 3.4.66 I experienced
> crashes in the KLIPS function ipsec_xmit_ipip().

Is that a linus kernel or a vendor kernel?

> I narrowed the problem down to an API change in the function
> ip_select_ident().
> Before:
> static inline void ip_select_ident(struct iphdr *iph, struct dst_entry *dst,
>        struct sock *sk)
> After:
> static inline void ip_select_ident(struct sk_buff *skb, struct dst_entry *dst,
>        struct sock *sk)
> This function is referencd in linux/include/libreswan/ipsec_param2.h.
> After I changed the first parameter there, the crashes were gone.

I have the "before" in our latest libreswan release 3.6. git log shows
it was never the "after" code. It's always been:

ipsec_param2.h:#define KLIPS_IP_SELECT_IDENT(iph, skb) ip_select_ident(iph, skb_dst(skb), \

Can you confirm which version of libreswan klips you are using?  Seeing
that you CC:ed the openswan list, I think you might be using openswan,
not libreswan.

libreswan 3.6 should work fine up to kernel 3.11.


More information about the Swan-dev mailing list