[strongSwan-dev] [PATCH] kernel-netlink: increase buffer size for RT netlink messages

Ansis Atteka aatteka at nicira.com
Tue Sep 10 00:42:55 CEST 2013

Commit 940e1b0f66dc04b0853414c1f4c45fa3f6e33bdd "Filter ignored
interfaces in kernel interfaces (for events, address enumeration,
etc.)" made charon to ignore routes with unusable interfaces.
Unusable interface is one where charon has not seen RTM_NEWLINK
message from the kernel.

Sometime RTM_NEWLINK message can be 1048 bytes large. This is
24 bytes more than currently allocated buffer of 1024 bytes.
If kernel sends such a large message, then it would be silently
ignored by charon and corresponding interface would never become
usable. Hence strongSwan might resolve invalid source IP address
in get_route() function. This would prevent IPsec tunnel to be

To reproduce create a VLAN interface with following command:

vconfig add eth1 12
 src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c
index 43bcb67..1b9e0f0 100644
--- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c
+++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c
@@ -1092,7 +1092,7 @@ static void process_route(private_kernel_netlink_net_t *this, struct nlmsghdr *h
 static bool receive_events(private_kernel_netlink_net_t *this, int fd,
 						   watcher_event_t event)
-	char response[1024];
+	char response[1536];
 	struct nlmsghdr *hdr = (struct nlmsghdr*)response;
 	struct sockaddr_nl addr;
 	socklen_t addr_len = sizeof(addr);

More information about the Dev mailing list