Martin Willi <martin@...> writes: > > > > I tried a manual entry and it looks good. So is there a strongswan config > > option perhaps I am missing? > > No, looks more like a bug. Unfortunately it is very difficult for me to > debug this without having such a board. If you want to debug this > yourself, have a look at [1] how the Netlink messages gets constructed > in userland. Debugging the kernel at [2] might give you some insight > what is wrong. > > Regards > Martin > > [1]http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c;hb=HEAD#l1153 > [2]http://git.strongswan.org/?p=linux-dumm.git;a=blob;f=net/xfrm/xfrm_user.c;hb=HEAD#l570 > >
Hi Martin, I traced the root issue to an alignment problem in the strongswan macro NLMSG_LEN. The len value passed in was never aligned and therefore the kernel is off by two bytes when it computes the attribute list length causing it to not complete all the commands. One question, why does strongswan redefine the netlink headers and why not use the libnetlink functions like addattr_l() such as iproute2 instead of rolling your own? thanks for your help, Chad _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
