Bug 3708

Summary:

неправильная работа с интерфейсами ipsec_tunnel

Product:

Sisyphus

Reporter:

Denis Ovsienko <pilot>

Component:

iproute2

Assignee:

placeholder <placeholder>

Status:

CLOSED FIXED

QA Contact:

qa-sisyphus

Severity:

minor

Priority:

CC:

glebfm, ldv, placeholder, vt

Version:

unstable

Hardware:

all

OS:

Linux

Attachments:

Description	Flags
нормальная обработка ipsec_tunnel	none

Description Denis Ovsienko 2004-02-17 16:37:16 MSK

Вот, к примеру, интерфейс:

3: ipsec0@NONE: <NOARP> mtu 1480 qdisc noop
    link/[31] 00:00:00:00 brd 00:00:00:00
8: ipsectun0@NONE: <POINTOPOINT,NOARP,UP> mtu 1418 qdisc noqueue
    link/[31] d4:2a:40:13 peer d4:5a:7c:2a
    inet 10.0.0.1 peer 10.0.0.2/32 scope global ipsectun0

Link-level address такой странный, потому что ip неизвестен ARP hardware type
31. Код 31 закреплён за IPSec tunnel mode, но ни в заголовках ядра, ни в коде
iproute2 он не встречается, хотя есть определения для протоколов ESP и AH. Если
приложить патч, то неудобство исчезает:

3: ipsec0@NONE: <NOARP> mtu 1480 qdisc noop
    link/ipsectun 0.0.0.0 brd 0.0.0.0
8: ipsectun0@NONE: <POINTOPOINT,NOARP,UP> mtu 1418 qdisc noqueue
    link/ipsectun 212.42.64.19 peer 212.90.124.42
    inet 10.0.0.1 peer 10.0.0.2/32 scope global ipsectun0

Патч идёт прицепом.

Comment 1 Denis Ovsienko 2004-02-17 16:37:57 MSK

diff -urN iproute2.altpatches/include/utils.h
iproute2.altpatches.ipsec/include/utils.h
--- iproute2.altpatches/include/utils.h	2002-01-08 21:41:16 +0200
+++ iproute2.altpatches.ipsec/include/utils.h	2004-02-17 15:12:47 +0200
@@ -22,6 +22,9 @@
 #ifndef IPPROTO_AH
 #define IPPROTO_AH	51
 #endif
+#ifndef ARPHRD_IPSECTUN
+#define ARPHRD_IPSECTUN 31 /* IPSec tunneled mode */
+#endif
 
 #define SPRINT_BSIZE 64
 #define SPRINT_BUF(x)	char x[SPRINT_BSIZE]
diff -urN iproute2.altpatches/lib/ll_addr.c iproute2.altpatches.ipsec/lib/ll_addr.c
--- iproute2.altpatches/lib/ll_addr.c	2004-02-17 15:06:50 +0200
+++ iproute2.altpatches.ipsec/lib/ll_addr.c	2004-02-17 15:09:33 +0200
@@ -33,7 +33,7 @@
 	int l;
 
 	if (alen == 4 &&
-	    (type == ARPHRD_TUNNEL || type == ARPHRD_SIT || type == ARPHRD_IPGRE)) {
+	    (type == ARPHRD_TUNNEL || type == ARPHRD_SIT || type == ARPHRD_IPGRE ||
type == ARPHRD_IPSECTUN)) {
 		return inet_ntop(AF_INET, addr, buf, blen);
 	}
 	l = 0;
diff -urN iproute2.altpatches/lib/ll_types.c
iproute2.altpatches.ipsec/lib/ll_types.c
--- iproute2.altpatches/lib/ll_types.c	2004-02-17 15:06:50 +0200
+++ iproute2.altpatches.ipsec/lib/ll_types.c	2004-02-17 15:08:56 +0200
@@ -52,6 +52,8 @@
 #ifdef ARPHRD_IEEE1394
 __PF(IEEE1394,ieee1394)
 #endif
+#define ARPHRD_IPSECTUN 31 /* IPSec tunneled mode */
+__PF(IPSECTUN,ipsectun)
 
 __PF(SLIP,slip)
 __PF(CSLIP,cslip)

Comment 2 Denis Ovsienko 2004-02-17 16:41:34 MSK

Так, это не тот файл...

Comment 3 Denis Ovsienko 2004-02-17 16:43:54 MSK

diff -urN iproute2.altpatches/include/utils.h
iproute2.altpatches.ipsec/include/utils.h
--- iproute2.altpatches/include/utils.h	2002-01-08 21:41:16 +0200
+++ iproute2.altpatches.ipsec/include/utils.h	2004-02-17 15:12:47 +0200
@@ -22,6 +22,9 @@
 #ifndef IPPROTO_AH
 #define IPPROTO_AH	51
 #endif
+#ifndef ARPHRD_IPSECTUN
+#define ARPHRD_IPSECTUN 31 /* IPSec tunneled mode */
+#endif
 
 #define SPRINT_BSIZE 64
 #define SPRINT_BUF(x)	char x[SPRINT_BSIZE]
diff -urN iproute2.altpatches/lib/ll_addr.c iproute2.altpatches.ipsec/lib/ll_addr.c
--- iproute2.altpatches/lib/ll_addr.c	2004-02-17 15:06:50 +0200
+++ iproute2.altpatches.ipsec/lib/ll_addr.c	2004-02-17 15:09:33 +0200
@@ -33,7 +33,7 @@
 	int l;
 
 	if (alen == 4 &&
-	    (type == ARPHRD_TUNNEL || type == ARPHRD_SIT || type == ARPHRD_IPGRE)) {
+	    (type == ARPHRD_TUNNEL || type == ARPHRD_SIT || type == ARPHRD_IPGRE ||
type == ARPHRD_IPSECTUN)) {
 		return inet_ntop(AF_INET, addr, buf, blen);
 	}
 	l = 0;
diff -urN iproute2.altpatches/lib/ll_types.c
iproute2.altpatches.ipsec/lib/ll_types.c
--- iproute2.altpatches/lib/ll_types.c	2004-02-17 15:06:50 +0200
+++ iproute2.altpatches.ipsec/lib/ll_types.c	2004-02-17 15:41:55 +0200
@@ -23,6 +23,7 @@
 #include <linux/netdevice.h>
 #include <linux/if_arp.h>
 #include <linux/sockios.h>
+#include "utils.h"
 
 char * ll_type_n2a(int type, char *buf, int len)
 {
@@ -52,6 +53,7 @@
 #ifdef ARPHRD_IEEE1394
 __PF(IEEE1394,ieee1394)
 #endif
+__PF(IPSECTUN,ipsectun)
 
 __PF(SLIP,slip)
 __PF(CSLIP,cslip)

Comment 4 Denis Ovsienko 2004-02-17 16:46:24 MSK

Created attachment 349 [details]
нормальная обработка ipsec_tunnel

Comment 5 Denis Ovsienko 2004-02-17 16:47:28 MSK

наконец-то нашёл ссылку для аттачей :)

Comment 6 Dmitry V. Levin 2004-05-02 00:31:04 MSD

Thanks, applied in -alt5.