From: Sam Sgro (sam_at_freeswan.org)
Date: Tue Nov 05 2002 - 07:53:37 CET
-----BEGIN PGP SIGNED MESSAGE-----
On Mon, 4 Nov 2002, Ken Bantoft wrote:
> /usr/src/linux/include/net/ip.h:
>
> static inline void ip_select_ident(struct iphdr *iph, struct dst_entry *dst, struct sock *sk)
>
>
> klips/net/ipsec/ipsec_tunnel.c:
>
> #ifdef IP_SELECT_IDENT
> /* XXX use of skb->dst below is a questionable
> substitute for &rt->u.dst which is only
> available later-on */
> #ifdef IP_SELECT_IDENT_NEW
> ip_select_ident(iph, skb->dst, NULL);
> #else /* IP_SELECT_IDENT_NEW */
> ip_select_ident(iph, skb->dst);
> #endif /* IP_SELECT_IDENT_NEW */
> #else /* IP_SELECT_IDENT */
> iph->id = htons(ip_id_count++); /* Race condition here? */
> #endif /* IP_SELECT_IDENT */
>
>
> So it appears IP_SELECT_IDENT(_NEW) is being set wrong. I notice you're
> using 2.4.19.SuSE - can you try with stock 2.4.19 ? I'm wondering if a
> SuSE patch in thier kernels is messing things up.
On this point; here's a diff between SuSE's 2.4.19 include/net/ip.h and stock
2.4.19's include/net/ip.h.
- --- ./linux-2.4.19/include/net/ip.h 2001-11-22 14:47:15.000000000 -0500
+++ ./linux-2.4.19.SuSE/include/net/ip.h 2002-11-05 01:42:00.000000000 -0500
@@ -186,20 +186,20 @@
!(dst->mxlock&(1<<RTAX_MTU))));
}
- -extern void __ip_select_ident(struct iphdr *iph, struct dst_entry *dst);
+#define IPID_CPU_GRAB 32
+#define IPID_GRAB_EXPIRE (HZ)
- -static inline void ip_select_ident(struct iphdr *iph, struct dst_entry *dst, struct sock *sk)
- -{
- - if (iph->frag_off&__constant_htons(IP_DF)) {
- - /* This is only to work around buggy Windows95/2000
- - * VJ compression implementations. If the ID field
- - * does not change, they drop every other packet in
- - * a TCP stream using header compression.
- - */
- - iph->id = ((sk && sk->daddr) ? htons(sk->protinfo.af_inet.id++) : 0);
- - } else
- - __ip_select_ident(iph, dst);
- -}
+struct ip_local_data {
+ unsigned long ipid_grab_time;
+ int ipid_left;
+ __u16 ipid;
+} ____cacheline_aligned;
+
+extern struct ip_local_data ip_local_data[NR_CPUS];
+
+#define IP_LOCAL_DATA (&ip_local_data[smp_processor_id()])
+
+extern void ip_select_ident(struct iphdr *iph);
/*
* Map a multicast IP onto multicast MAC for type ethernet.
They've totally redefined the ipsec_select_ident function. Quite interesting.
As an aside, I have found SuSE 8.1 RPMs for FS 1.98, with version 0.9.15 of
the x509 patch (and delete-notify to boot).
http://www.suse.de/~garloff/linux/FreeSWAN/
SuSE 8.1 shipped with the 2.4.19 kernel, and 1.98 and 0.9.14 of x509. Clearly
they have working IPSec using some magic we haven't managed to decipher, yet.
:)
- --
Sam Sgro
sam_at_freeswan.org
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
Comment: For the matching public key, finger the Reply-To: address.
iQCVAwUBPcdq9UOSC4btEQUtAQGGDwP/YXHUj2BxaNm9ZkMA+ukHX4fqjjxqmhhX
69jwAFhQKpUJkPgG9J+QWIujPmZ0zoeR1pUjJasl8XTzPfTSYWmCUBzS2dm+oft8
maYWQnbm/bt+E5TfwVD21wkI+wWpbSdgdtkZyZgv1C9Ciy8gf8RoXq/wuuEQXbfH
WQbGaiqvhU8=
=CdBx
-----END PGP SIGNATURE-----
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Wed Nov 06 2002 - 05:20:36 CET