aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAnsis Atteka <aatteka@nicira.com>2013-09-09 15:42:55 -0700
committerMartin Willi <martin@revosec.ch>2013-09-10 09:34:09 +0200
commitec331a7dd633da57e46bd6e31edaf172104e3197 (patch)
tree4ccd4923894fc4475e470c956fd6016ea0685b88
parentc1ebc7b1cc742bdac3e02d18187d2d2714413f47 (diff)
downloadstrongswan-ec331a7dd633da57e46bd6e31edaf172104e3197.tar.bz2
strongswan-ec331a7dd633da57e46bd6e31edaf172104e3197.tar.xz
kernel-netlink: increase buffer size for RT netlink messages
Commit 940e1b0f66dc04b0853414c1f4c45fa3f6e33bdd "Filter ignored interfaces in kernel interfaces (for events, address enumeration, etc.)" made charon to ignore routes with unusable interfaces. Unusable interface is one where charon has not seen RTM_NEWLINK message from the kernel. Sometime RTM_NEWLINK message can be 1048 bytes large. This is 24 bytes more than currently allocated buffer of 1024 bytes. If kernel sends such a large message, then it would be silently ignored by charon and corresponding interface would never become usable. Hence strongSwan might resolve invalid source IP address in get_route() function. This would prevent IPsec tunnel to be established. To reproduce create a VLAN interface with following command: vconfig add eth1 12
-rw-r--r--src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c
index 43bcb677b..1b9e0f031 100644
--- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c
+++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c
@@ -1092,7 +1092,7 @@ static void process_route(private_kernel_netlink_net_t *this, struct nlmsghdr *h
static bool receive_events(private_kernel_netlink_net_t *this, int fd,
watcher_event_t event)
{
- char response[1024];
+ char response[1536];
struct nlmsghdr *hdr = (struct nlmsghdr*)response;
struct sockaddr_nl addr;
socklen_t addr_len = sizeof(addr);