Martin Willi <martin@...> writes: > > > > I tried a manual entry and it looks good. So is there a strongswan config > > option perhaps I am missing? > > No, looks more like a bug. Unfortunately it is very difficult for me to > debug this without having such a board. If you want to debug this > yourself, have a look at [1] how the Netlink messages gets constructed > in userland. Debugging the kernel at [2] might give you some insight > what is wrong. > > Regards > Martin > > [1]http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c;hb=HEAD#l1153 > [2]http://git.strongswan.org/?p=linux-dumm.git;a=blob;f=net/xfrm/xfrm_user.c;hb=HEAD#l570 > >
Hi Martin, It looks like I gave you some wrong information, so let me correct myself. I am actually using the coldfire cpu which is a sub arch of m68k (not mips, sorry). Also, I missed some key output which I now believe is identifying the problem. When I run the command manually it completes with no console ouput other than my prints. And the ip -s xfrm state command shows the correct info. However, when strongswan builds the netlink header and sends it, I am getting console output (although no errors) like the following: netlink: 62 bytes leftover after parsing attributes. netlink: 62 bytes leftover after parsing attributes. netlink: 62 bytes leftover after parsing attributes. So, I am going to go investigate this, but it looks like iproute2 is building the header correctly and strongswan is not?? Is the netlink structure arch dependent? Let me know what you think, thanks, Chad _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
