On Fri, 02 Jun 2000, bsdinet wrote:
>
>
>Nice to meet you. ^^
>I've tried to implement IPsec(AH) in the Linux Kernel.
>
>To achieve this, I think that there must be the area for AH.
>
>So I modified the header file 'include/linux/skbuff.h'
>to insert AH structure in 'sk_buff'.
>
>here's that header file modified
>
>include/linux/skbuff.h:
>
>...omitted...
>
>/* Transport layer header */
> union
> {
> struct tcphdr *th;
> struct udphdr *uh;
> struct icmphdr *icmph;
> struct igmphdr *igmph;
> struct iphdr *ipiph;
> struct spxhdr *spxh;
> unsigned char *raw;
> } h;
>
> /* IPsec header */
> union
> {
> struct ipsec_ah *ah; /* AH only now, ESP will be here later... */
> } ipsec_h;
1. I believe both AH and ESP can be present at the same time, so I am not sure
that a union is the right thing here. Both structures may be present, but
neither may be present. That depends on the header length ...
2. Since the IPsec header is to be present in all packets I think it must made
part of every existing IP header (not sure on this, since the IPsec header
may not be present - It may need to be located from the *raw in the network
layer header below.)
> /* Network layer header */
> union
> {
> struct iphdr *iph;
> struct ipv6hdr *ipv6h;
> struct arphdr *arph;
> struct ipxhdr *ipxh;
> unsigned char *raw;
> } nh;
>
> /* Link layer header */
> union
> {
> struct ethhdr *ethernet;
> unsigned char *raw;
> } mac;
>
> struct dst_entry *dst;
>
> char cb[48];
>
>...omitted...
>
>
>
>And include some code in 'net/ipv4/ip_output.c, net/ipv4/ip_input.c'
>to process the IPsec AH header.
>And then compile the kernel with no warning, no error.
>
>After that works, I reboot the computer and using that new kernel image...
>But...
>After some system boot-up scripts...
>There's critical message from kernel as the following.
>
>RPC: impossible RPC reply size -8!
This may be caused by confusing a packet without the IPsec header for a packet
with the IPSec header. After consuming the IPsec header, you may have modified
information that followed the actual packet end causing the panic below.
>Kernel panic: skput:over: c8028ab0:0 put:114 dev:eth0
>In swapper task - not syncing
>
>
>What should I do for solving this problem?
>Would you mind telling me the solutions?
I don't have solid answers -- what I have provided is a possible explaination of
what happend. I'm not a TCP/IP stack expert (but I am in favor of having IPSec
>
>Thank you for reading this... ^^;;;
>
>
>
>--
>Everything is inspiration!
>bsdinet@yahoo.com
>
----------------------------------------
Content-Type: text/html; name="unnamed"
Content-Transfer-Encoding: base64
Content-Description:
----------------------------------------
-- ------------------------------------------------------------------------- Jesse I Pollard, II Email: pollard@cats-chateau.netAny opinions expressed are solely my own.
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Jun 07 2000 - 21:00:16 EST