Herbert Xu wrote:
Andrew Morton <[EMAIL PROTECTED]> wrote:
So far, i've looked into net/ipv4/esp4.c and i can confirm that the
correct spi has been selected and inserted into the packet in function
esp_output
esph->spi = x->id.spi; ( line 97 ).
It looks as if the corruption happens later down the stack .....
Could you test it without netfilter (just flush all your iptables
rules)?
Thanks,
Hello Herbert,
i just realized i had forgotten to flush my nat tables :( when i
reported it did not change.
I just tried again and i was able to pinpoint that nat is indeed the
problem.
I can have all my other netfilter rules and IPSEC works. When i set the
nat rule ( a simple iptables -A POSTROUTING -o eth1 -j MASQUERADE) ,
then the packets are corrupted .
So we now where to look ... I'll try to have a look at the changes
between 2.6.13.4 and 2.6.14.2 but since i'm far from an expert, i don't
expect much from my search ....
Hope this helps.
--
Charles-Edouard Ruault
PGP Key ID E4D2B80C
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
