Вот, к примеру, интерфейс: 3: ipsec0@NONE: <NOARP> mtu 1480 qdisc noop link/[31] 00:00:00:00 brd 00:00:00:00 8: ipsectun0@NONE: <POINTOPOINT,NOARP,UP> mtu 1418 qdisc noqueue link/[31] d4:2a:40:13 peer d4:5a:7c:2a inet 10.0.0.1 peer 10.0.0.2/32 scope global ipsectun0 Link-level address такой странный, потому что ip неизвестен ARP hardware type 31. Код 31 закреплён за IPSec tunnel mode, но ни в заголовках ядра, ни в коде iproute2 он не встречается, хотя есть определения для протоколов ESP и AH. Если приложить патч, то неудобство исчезает: 3: ipsec0@NONE: <NOARP> mtu 1480 qdisc noop link/ipsectun 0.0.0.0 brd 0.0.0.0 8: ipsectun0@NONE: <POINTOPOINT,NOARP,UP> mtu 1418 qdisc noqueue link/ipsectun 212.42.64.19 peer 212.90.124.42 inet 10.0.0.1 peer 10.0.0.2/32 scope global ipsectun0 Патч идёт прицепом.
diff -urN iproute2.altpatches/include/utils.h iproute2.altpatches.ipsec/include/utils.h --- iproute2.altpatches/include/utils.h 2002-01-08 21:41:16 +0200 +++ iproute2.altpatches.ipsec/include/utils.h 2004-02-17 15:12:47 +0200 @@ -22,6 +22,9 @@ #ifndef IPPROTO_AH #define IPPROTO_AH 51 #endif +#ifndef ARPHRD_IPSECTUN +#define ARPHRD_IPSECTUN 31 /* IPSec tunneled mode */ +#endif #define SPRINT_BSIZE 64 #define SPRINT_BUF(x) char x[SPRINT_BSIZE] diff -urN iproute2.altpatches/lib/ll_addr.c iproute2.altpatches.ipsec/lib/ll_addr.c --- iproute2.altpatches/lib/ll_addr.c 2004-02-17 15:06:50 +0200 +++ iproute2.altpatches.ipsec/lib/ll_addr.c 2004-02-17 15:09:33 +0200 @@ -33,7 +33,7 @@ int l; if (alen == 4 && - (type == ARPHRD_TUNNEL || type == ARPHRD_SIT || type == ARPHRD_IPGRE)) { + (type == ARPHRD_TUNNEL || type == ARPHRD_SIT || type == ARPHRD_IPGRE || type == ARPHRD_IPSECTUN)) { return inet_ntop(AF_INET, addr, buf, blen); } l = 0; diff -urN iproute2.altpatches/lib/ll_types.c iproute2.altpatches.ipsec/lib/ll_types.c --- iproute2.altpatches/lib/ll_types.c 2004-02-17 15:06:50 +0200 +++ iproute2.altpatches.ipsec/lib/ll_types.c 2004-02-17 15:08:56 +0200 @@ -52,6 +52,8 @@ #ifdef ARPHRD_IEEE1394 __PF(IEEE1394,ieee1394) #endif +#define ARPHRD_IPSECTUN 31 /* IPSec tunneled mode */ +__PF(IPSECTUN,ipsectun) __PF(SLIP,slip) __PF(CSLIP,cslip)
Так, это не тот файл...
diff -urN iproute2.altpatches/include/utils.h iproute2.altpatches.ipsec/include/utils.h --- iproute2.altpatches/include/utils.h 2002-01-08 21:41:16 +0200 +++ iproute2.altpatches.ipsec/include/utils.h 2004-02-17 15:12:47 +0200 @@ -22,6 +22,9 @@ #ifndef IPPROTO_AH #define IPPROTO_AH 51 #endif +#ifndef ARPHRD_IPSECTUN +#define ARPHRD_IPSECTUN 31 /* IPSec tunneled mode */ +#endif #define SPRINT_BSIZE 64 #define SPRINT_BUF(x) char x[SPRINT_BSIZE] diff -urN iproute2.altpatches/lib/ll_addr.c iproute2.altpatches.ipsec/lib/ll_addr.c --- iproute2.altpatches/lib/ll_addr.c 2004-02-17 15:06:50 +0200 +++ iproute2.altpatches.ipsec/lib/ll_addr.c 2004-02-17 15:09:33 +0200 @@ -33,7 +33,7 @@ int l; if (alen == 4 && - (type == ARPHRD_TUNNEL || type == ARPHRD_SIT || type == ARPHRD_IPGRE)) { + (type == ARPHRD_TUNNEL || type == ARPHRD_SIT || type == ARPHRD_IPGRE || type == ARPHRD_IPSECTUN)) { return inet_ntop(AF_INET, addr, buf, blen); } l = 0; diff -urN iproute2.altpatches/lib/ll_types.c iproute2.altpatches.ipsec/lib/ll_types.c --- iproute2.altpatches/lib/ll_types.c 2004-02-17 15:06:50 +0200 +++ iproute2.altpatches.ipsec/lib/ll_types.c 2004-02-17 15:41:55 +0200 @@ -23,6 +23,7 @@ #include <linux/netdevice.h> #include <linux/if_arp.h> #include <linux/sockios.h> +#include "utils.h" char * ll_type_n2a(int type, char *buf, int len) { @@ -52,6 +53,7 @@ #ifdef ARPHRD_IEEE1394 __PF(IEEE1394,ieee1394) #endif +__PF(IPSECTUN,ipsectun) __PF(SLIP,slip) __PF(CSLIP,cslip)
Created attachment 349 [details] нормальная обработка ipsec_tunnel
наконец-то нашёл ссылку для аттачей :)
Thanks, applied in -alt5.