openswan 2.4.8r1, klips NAT-T and Kernel 2.6.20.x (OK)

HI,

I am not shure about correct list to post, but...
The several changes in udp.c file makes "make
nattpatch" fail.
I see some msgs about kernel crash, if kernel > 2.6.18
(19). Maybe, the
peeple do not observe a patch fail, a continue the
"make".

This is the patch need post "make nattpath | (cd
/usr/src/linux-2.6.20.3
&& patch -p1)":

--- net/ipv4/udp.c.orig 2007-03-19 23:07:51.000000000 -0300
+++ net/ipv4/udp.c      2007-03-19 23:09:59.000000000 -0300
 -1089,10
+1089,14 
                        return 0;
                }
                if (ret < 0) {
-                       /* process the ESP packet */
-                       ret = xfrm4_rcv_encap(skb,
up->encap_type);
-                      
UDP_INC_STATS_BH(UDP_MIB_INDATAGRAMS, up->pcflag);
-                       return -ret;
+                       if(xfrm4_rcv_encap_func != NULL) {
+                         ret = (*xfrm4_rcv_encap_func)(skb,
up->encap_type);
+                        
UDP_INC_STATS_BH(UDP_MIB_INDATAGRAMS, up->pcflag);
+                       } else {
+                         UDP_INC_STATS_BH(UDP_MIB_INERRORS,
up->pcflag);
+                         ret = 1;
+                       }
+                       return ret;
                }
                /* FALLTHROUGH -- it's a UDP Packet */
        }
=============================

The original udp.c.rej
***************
*** 1021,1030 ****
                        return 0;
                }
                if (ret < 0) {
-                       /* process the ESP packet */
-                       ret = xfrm4_rcv_encap(skb,
up->encap_type);
-                      
UDP_INC_STATS_BH(UDP_MIB_INDATAGRAMS);
-                       return -ret;
                }
                /* FALLTHROUGH -- it's a UDP Packet */
        }
--- 1060,1073 ----
                        return 0;
                }
                if (ret < 0) {
+                       if(xfrm4_rcv_encap_func != NULL) {
+                         ret = (*xfrm4_rcv_encap_func)(skb,
up->encap_type);
+                        
UDP_INC_STATS_BH(UDP_MIB_INDATAGRAMS);
+                       } else {
+                        
UDP_INC_STATS_BH(UDP_MIB_INERRORS);
+                         ret = 1;
+                       }
+                       return ret;
                }
                /* FALLTHROUGH -- it's a UDP Packet */
        }
==========================

Good news: this email passes through NAT-T (client kernel
2.6.20.2, server
 kernel 2.4.34.1)

-- 
Marcos Tadeu
Dep. Eng. Telecomunicações - UFF
echo "thyjvzG{lsljvt5|mm5iy" | perl -pe
's/(.)/chr(ord($1)-7)/ge'




_______________________________________________
Dev mailing list
Devopenswan.org
http:/
/lists.openswan.org/mailman/listinfo/dev

On Mon, 19 Mar 2007, Marcos Tadeu wrote:

> I am not shure about correct list to post, but...
> The several changes in udp.c file makes "make
nattpatch" fail.
> I see some msgs about kernel crash, if kernel >
2.6.18 (19). Maybe, the
> peeple do not observe a patch fail, a continue the
"make".
>
> This is the patch need post "make nattpath | (cd
/usr/src/linux-2.6.20.3
> && patch -p1)":

The problem with just these fixes is that we still crash the
kernel. At
this point I am not entirely sure if it is encapsulation
related, because
we also crash 2.6.19/20/20.1 at other points (eg with aes
and 3des module).

Be careful with running anything above 2.6.18.1 for now. We
are working on
getting things to work with 2.6.20.1

Paul

> --- net/ipv4/udp.c.orig 2007-03-19 23:07:51.000000000
-0300
> +++ net/ipv4/udp.c      2007-03-19 23:09:59.000000000
-0300
>  -1089,10 +1089,14 
>                         return 0;
>                 }
>                 if (ret < 0) {
> -                       /* process the ESP packet */
> -                       ret = xfrm4_rcv_encap(skb,
up->encap_type);
> -                      
UDP_INC_STATS_BH(UDP_MIB_INDATAGRAMS, up->pcflag);
> -                       return -ret;
> +                       if(xfrm4_rcv_encap_func !=
NULL) {
> +                         ret =
(*xfrm4_rcv_encap_func)(skb, up->encap_type);
> +                        
UDP_INC_STATS_BH(UDP_MIB_INDATAGRAMS, up->pcflag);
> +                       } else {
> +                        
UDP_INC_STATS_BH(UDP_MIB_INERRORS, up->pcflag);
> +                         ret = 1;
> +                       }
> +                       return ret;
>                 }
>                 /* FALLTHROUGH -- it's a UDP Packet */
>         }
> =============================
>
> The original udp.c.rej
> ***************
> *** 1021,1030 ****
>                         return 0;
>                 }
>                 if (ret < 0) {
> -                       /* process the ESP packet */
> -                       ret = xfrm4_rcv_encap(skb,
up->encap_type);
> -                      
UDP_INC_STATS_BH(UDP_MIB_INDATAGRAMS);
> -                       return -ret;
>                 }
>                 /* FALLTHROUGH -- it's a UDP Packet */
>         }
> --- 1060,1073 ----
>                         return 0;
>                 }
>                 if (ret < 0) {
> +                       if(xfrm4_rcv_encap_func !=
NULL) {
> +                         ret =
(*xfrm4_rcv_encap_func)(skb, up->encap_type);
> +                        
UDP_INC_STATS_BH(UDP_MIB_INDATAGRAMS);
> +                       } else {
> +                        
UDP_INC_STATS_BH(UDP_MIB_INERRORS);
> +                         ret = 1;
> +                       }
> +                       return ret;
>                 }
>                 /* FALLTHROUGH -- it's a UDP Packet */
>         }
> ==========================
>
> Good news: this email passes through NAT-T (client
kernel 2.6.20.2, server
>  kernel 2.4.34.1)
>
>

-- 
Building and integrating Virtual Private Networks with
Openswan:
http://www.amazon.com/gp/product/1904811
256/104-3099591-2946327?n=283155
_______________________________________________
Dev mailing list
Devopenswan.org
http:/
/lists.openswan.org/mailman/listinfo/dev