-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Herbert" == Herbert Xu <herbert@gondor.apana.org.au> writes:
Herbert> The following patches also contain these changes:
Herbert> * Add inbound pass/drop policies.
Herbert> * Fixed policy expiration bug.
Herbert> * Deal with interfaces that share addresses (under Linux IPSEC
Herbert> only).
Herbert> The patch is available against 2.01, snapshot on the 1st of
Herbert> August,
Herbert> as well as SFS 2.00rc8:
Herbert> http://gondor.apana.org.au/~herbert/freeswan/2.01/freeswan-2.01-linux-ipsec-20030825.patch.gz
Herbert> http://gondor.apana.org.au/~herbert/freeswan/snapshot/20030801/freeswan-20030801-linux-ipsec-20030825.patch.gz
I tried applying the patch. It applied perfectly, however, the regression
tests failed afterwards. I'm investigating why, but I do not have a huge
amount of time right now.
It looks like whatever you did causes the outgoing ESP SA not to be
instantiated or grouped with the IPIP SA.
Again, I'd be happy to work with you on getting "make check" setup on
your development machine, so that you can perhaps test 2.6 code under UML,
and also confirm your changes are correct with our testing infrastructure.
The code runs in a UML - any recent (>2.4.9 or something) kernel will run
things.
Your patch to ipsec_tunnel.c is gratuitous - the code has been refactored
such that physdev moves to ixs->physdev.
There are missing initializers (matters to 2.96, which debian and lots
of other systems still run) in kernel.c, line: 2525:
kernel.c:159: warning: missing initializer
kernel.c:159: warning: (near initialization for `null_proto_info[0].reqid')
kernel.c:163: warning: missing initializer
kernel.c:163: warning: (near initialization for `null_proto_info[1].reqid')
static const struct pfkey_proto_info null_proto_info[2] = {
{
proto: IPPROTO_ESP,
encapsulation: ENCAPSULATION_MODE_TRANSPORT,
reqid: 0
},
{
proto: 0,
encapsulation: 0,
reqid: 0
}
};
and: kernel_pfkey.c:
kernel_pfkey.c:886: warning: missing initializer
kernel_pfkey.c:886: warning: (near initialization for `klips_kernel_ops.init')
const struct kernel_ops klips_kernel_ops = {
type: KERNEL_TYPE_KLIPS,
async_fdp: &pfkeyfd,
pfkey_register: klips_pfkey_register,
pfkey_register_response: klips_pfkey_register_response,
process_queue: pfkey_dequeue,
process_msg: pfkey_event,
raw_eroute: pfkey_raw_eroute,
add_sa: pfkey_add_sa,
grp_sa: pfkey_grp_sa,
del_sa: pfkey_del_sa,
get_spi: NULL,
inbound_eroute: FALSE,
policy_lifetime: FALSE,
init: NULL
};
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys - custom hacks make this fully PGP2 compat
iQCVAwUBP0rljoqHRg3pndX9AQHkLAQA7tlLxpuov6vCyvID2Gv9SmH2+gOGL6fW
3gsA/Oio5YMygLz3/rSFPZVLaBVJ/OAna3wVLdLruAoiQcxrz1bcinblyZQYbIvS
YqpENRwT/KFTdQYVG4/fhlTKpCGa6RN9he3mHTbmg4Mn9TbkFWnjVErZfu+WxsRY
tRs5xSVvCIg=
=Vdg0
-----END PGP SIGNATURE-----
-
: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
