#3708 – неправильная работа с интерфейсами ipsec_tunnel

Bug 3708 - неправильная работа с интерфейсами ipsec_tunnel

Summary: неправильная работа с интерфейсами ipsec_tunnel

Status:	CLOSED FIXED

Alias:	None

Product:	Sisyphus
Classification:	Development
Component:	iproute2 (show other bugs)
Version:	unstable
Hardware:	all Linux

Importance:	P2 minor
Assignee:	placeholder@altlinux.org
QA Contact:	qa-sisyphus

URL:
Keywords:

Depends on:
Blocks:

Reported:	2004-02-17 16:37 MSK by Denis Ovsienko
Modified:	2009-05-10 09:32 MSD (History)
CC List:	5 users (show)

See Also:

Attachments
нормальная обработка ipsec_tunnel (1.47 KB, patch) 2004-02-17 16:46 MSK, Denis Ovsienko	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Denis Ovsienko 2004-02-17 16:37:16 MSK

Вот, к примеру, интерфейс:

3: ipsec0@NONE: <NOARP> mtu 1480 qdisc noop
    link/[31] 00:00:00:00 brd 00:00:00:00
8: ipsectun0@NONE: <POINTOPOINT,NOARP,UP> mtu 1418 qdisc noqueue
    link/[31] d4:2a:40:13 peer d4:5a:7c:2a
    inet 10.0.0.1 peer 10.0.0.2/32 scope global ipsectun0

Link-level address такой странный, потому что ip неизвестен ARP hardware type
31. Код 31 закреплён за IPSec tunnel mode, но ни в заголовках ядра, ни в коде
iproute2 он не встречается, хотя есть определения для протоколов ESP и AH. Если
приложить патч, то неудобство исчезает:

3: ipsec0@NONE: <NOARP> mtu 1480 qdisc noop
    link/ipsectun 0.0.0.0 brd 0.0.0.0
8: ipsectun0@NONE: <POINTOPOINT,NOARP,UP> mtu 1418 qdisc noqueue
    link/ipsectun 212.42.64.19 peer 212.90.124.42
    inet 10.0.0.1 peer 10.0.0.2/32 scope global ipsectun0

Патч идёт прицепом.

Comment 1 Denis Ovsienko 2004-02-17 16:37:57 MSK

diff -urN iproute2.altpatches/include/utils.h
iproute2.altpatches.ipsec/include/utils.h
--- iproute2.altpatches/include/utils.h	2002-01-08 21:41:16 +0200
+++ iproute2.altpatches.ipsec/include/utils.h	2004-02-17 15:12:47 +0200
@@ -22,6 +22,9 @@
 #ifndef IPPROTO_AH
 #define IPPROTO_AH	51
 #endif
+#ifndef ARPHRD_IPSECTUN
+#define ARPHRD_IPSECTUN 31 /* IPSec tunneled mode */
+#endif
 
 #define SPRINT_BSIZE 64
 #define SPRINT_BUF(x)	char x[SPRINT_BSIZE]
diff -urN iproute2.altpatches/lib/ll_addr.c iproute2.altpatches.ipsec/lib/ll_addr.c
--- iproute2.altpatches/lib/ll_addr.c	2004-02-17 15:06:50 +0200
+++ iproute2.altpatches.ipsec/lib/ll_addr.c	2004-02-17 15:09:33 +0200
@@ -33,7 +33,7 @@
 	int l;
 
 	if (alen == 4 &&
-	    (type == ARPHRD_TUNNEL || type == ARPHRD_SIT || type == ARPHRD_IPGRE)) {
+	    (type == ARPHRD_TUNNEL || type == ARPHRD_SIT || type == ARPHRD_IPGRE ||
type == ARPHRD_IPSECTUN)) {
 		return inet_ntop(AF_INET, addr, buf, blen);
 	}
 	l = 0;
diff -urN iproute2.altpatches/lib/ll_types.c
iproute2.altpatches.ipsec/lib/ll_types.c
--- iproute2.altpatches/lib/ll_types.c	2004-02-17 15:06:50 +0200
+++ iproute2.altpatches.ipsec/lib/ll_types.c	2004-02-17 15:08:56 +0200
@@ -52,6 +52,8 @@
 #ifdef ARPHRD_IEEE1394
 __PF(IEEE1394,ieee1394)
 #endif
+#define ARPHRD_IPSECTUN 31 /* IPSec tunneled mode */
+__PF(IPSECTUN,ipsectun)
 
 __PF(SLIP,slip)
 __PF(CSLIP,cslip)

Comment 2 Denis Ovsienko 2004-02-17 16:41:34 MSK

Так, это не тот файл...

Comment 3 Denis Ovsienko 2004-02-17 16:43:54 MSK

diff -urN iproute2.altpatches/include/utils.h
iproute2.altpatches.ipsec/include/utils.h
--- iproute2.altpatches/include/utils.h	2002-01-08 21:41:16 +0200
+++ iproute2.altpatches.ipsec/include/utils.h	2004-02-17 15:12:47 +0200
@@ -22,6 +22,9 @@
 #ifndef IPPROTO_AH
 #define IPPROTO_AH	51
 #endif
+#ifndef ARPHRD_IPSECTUN
+#define ARPHRD_IPSECTUN 31 /* IPSec tunneled mode */
+#endif
 
 #define SPRINT_BSIZE 64
 #define SPRINT_BUF(x)	char x[SPRINT_BSIZE]
diff -urN iproute2.altpatches/lib/ll_addr.c iproute2.altpatches.ipsec/lib/ll_addr.c
--- iproute2.altpatches/lib/ll_addr.c	2004-02-17 15:06:50 +0200
+++ iproute2.altpatches.ipsec/lib/ll_addr.c	2004-02-17 15:09:33 +0200
@@ -33,7 +33,7 @@
 	int l;
 
 	if (alen == 4 &&
-	    (type == ARPHRD_TUNNEL || type == ARPHRD_SIT || type == ARPHRD_IPGRE)) {
+	    (type == ARPHRD_TUNNEL || type == ARPHRD_SIT || type == ARPHRD_IPGRE ||
type == ARPHRD_IPSECTUN)) {
 		return inet_ntop(AF_INET, addr, buf, blen);
 	}
 	l = 0;
diff -urN iproute2.altpatches/lib/ll_types.c
iproute2.altpatches.ipsec/lib/ll_types.c
--- iproute2.altpatches/lib/ll_types.c	2004-02-17 15:06:50 +0200
+++ iproute2.altpatches.ipsec/lib/ll_types.c	2004-02-17 15:41:55 +0200
@@ -23,6 +23,7 @@
 #include <linux/netdevice.h>
 #include <linux/if_arp.h>
 #include <linux/sockios.h>
+#include "utils.h"
 
 char * ll_type_n2a(int type, char *buf, int len)
 {
@@ -52,6 +53,7 @@
 #ifdef ARPHRD_IEEE1394
 __PF(IEEE1394,ieee1394)
 #endif
+__PF(IPSECTUN,ipsectun)
 
 __PF(SLIP,slip)
 __PF(CSLIP,cslip)

Comment 4 Denis Ovsienko 2004-02-17 16:46:24 MSK

Created attachment 349 [details]
нормальная обработка ipsec_tunnel

Comment 5 Denis Ovsienko 2004-02-17 16:47:28 MSK

наконец-то нашёл ссылку для аттачей :)

Comment 6 Dmitry V. Levin 2004-05-02 00:31:04 MSD

Thanks, applied in -alt5.