LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 05-28-2014, 05:31 AM   #1
samiran.linux
LQ Newbie
 
Registered: Jul 2013
Posts: 28

Rep: Reputation: Disabled
Question problem in forwarding packet when adding xfrm policy through C code


Hello All,
I am trying to add xfrm policy using C code. and have also succeed to add. But the problem is it is not doing the job what i want to. I am trying add following rule
src 192.168.200.1/32 dst 0.0.0.0/0
dir fwd priority 0 ptype main
tmpl src 192.168.211.1 dst 192.168.211.203
proto esp spi 0x1ac3b45d reqid 0 mode tunnel


when I am adding this rule using command line by "ip xfrm policy add src 192.168.200.1/32 dst 0.0.0.0/0 dir fwd tmpl src 192.168.211.1 dst 192.168.211.203 proto esp spi 0x1ac3b45d mode tunnel" . Then it is working correctly i.e. forwarding the packet through default gateway after decrypting ESP packet but when I am adding the rule in C code it is not forwarding the packet after decrypting. I am sure about that it decrypting correctly because I am seeing the decrypted packet by running tcpdump.
Is there any kind of flag or attribute in xfrm_userpolicy_info or xfrm_user_tmpl which I am not setting thats why it is not forwarding the packet through default gateway?? Please , I need a quick help...
 
Old 05-29-2014, 01:36 AM   #2
samiran.linux
LQ Newbie
 
Registered: Jul 2013
Posts: 28

Original Poster
Rep: Reputation: Disabled
Smile

I have found the solution. I need to initialize values of aalogs , ealgos and calgos to 0xFFFFFFF.
 
  


Reply

Tags
ipsec, linux


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] example for netwrok packet code for creating a module and access the packet data oracle89divi22 Linux - Newbie 13 01-13-2012 04:27 PM
packet fragmentation in packet forwarding code cranium2004 Linux - Networking 0 05-16-2005 04:05 AM
port forwarding and packet forwarding syrtsardo Linux - Newbie 2 07-03-2003 10:37 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 06:51 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration