[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openswan-dev
Subject:    [Openswan dev] manual AH connection
From:       "Ronen Shitrit" <rshitrit () marvell ! com>
Date:       2005-12-12 12:46:53
Message-ID: B9FFC3F97441D04093A504CEA31B7C416B15BE () msilexch01 ! marvell ! com
[Download RAW message or body]

Hi

I'm using the OpenSwan KLIPS with kernel 2.6.12,
I tried to use the openswan and open a host to host connection in AH
mode, and it didn't work for me.
After some investigation I found that the Authentication in the receive
side is not done well (at least not when using kernel 2.6.12), attached
a patch fixing this issue.

Regards

Ronen Shitrit
Marvell Semiconductor Israel Ltd


["ipsec_ah.diff" (application/octet-stream)]

--- ipsec_ah.c	2005-12-12 14:31:29.754106928 +0200
+++ ipsec_ah.c	2005-12-12 14:31:16.000197840 +0200
@@ -162,7 +162,7 @@
 	/* finally, do the packet contents themselves */
 	(*aa->update)((void*)&tctx,
 		      (caddr_t)skb->h.raw + ahhlen,
-		      skb->len - irs->iphlen - ahhlen);
+		      skb->len /*- irs->iphlen*/ - ahhlen);
 
 	(*aa->final)(irs->hash, (void *)&tctx);
 
@@ -209,7 +209,7 @@
 		return IPSEC_RCV_DECAPFAIL;
 	}
 	skb_pull(skb, ahhlen);
-
+	skb->nh.raw = skb->nh.raw + ahhlen;
 	irs->ipp = skb->nh.iph;
 
 	ipsec_rcv_dmp("ah postpull", (void *)skb->nh.iph, skb->len);


_______________________________________________
Dev mailing list
Dev@openswan.org
http://lists.openswan.org/mailman/listinfo/dev


[prev in list] [next in list] [prev in thread] [next in thread]