I'm developing support for UDP encapsulated ESP packets for freeswan, for
an easier NAT traversal. Check the drafts at ietf.org.
I've changed sock->data_ready() on the 'interesting' sockets to avoid
touching my code on most cases. Then I check the skb, dequeueing it and
adjusting it to pass it on to freeswan as a normal ESP packet.
But then ipsec_rcv needs skb->dev, to find the incoming device
and the matching ipsecXXX interface. If it doesnt find a skb->dev it still
passes it on, which seems to heavily kill my uml 'machine' (gdb is
running, but the kernel just dies with some trap) upon calling netif_rx
on the dev'less skb (so the decrypted skb seems to be received on the
ipsecXXX interfaces and you can account it, etc.).
I commented out the skb->dev = NULL; line and it seems to work but I'm
not comfortable at all with this. First because I dont know what if
anything I've just broken and because it means a kernel recompile and
reboot is needed, which is against one of my goals, support for compiling
modular freeswan with just the kernel sources, no need to reboot.
Can someone enlighten me on the need to NULL'ify skb->dev upon sock
And can the kernel run with that line commented out? It does now, but
that means nothing.