Gopalakrishnan Raman wrote:
> Hi
> I'm using 2.6.11.7 and debugging why my ESP tunnel mode does
> not work between two 2.6 machines one of which is behind a NAT.
> I'm using tcpdump to capture NAT-T packets on one of the hosts
> and using espdecrypt (http://www.cs.rpi.edu/~flemej/freebsd/espdecrypt/)
> to see it in the clear.
> 
> Turns out, tcpdump will display an incoming NAT-T packet after it
> has been mangled by udp_encap_rcv(). udp_encap_rcv() changes the
> protocol field in the IP hdr to ESP from UDP and also moves other
> bytes in the sk_buff data area.
> 
> The problem is that packet_rcv() calls skb_clone() which is the
> right thing to do in all cases except when the data portion of the
> incoming skb is being modified in place. I replaced it with a pskb_copy()
> in the case when the packet is likely to be NAT-T or ESP. The patch
> for this follows the end of this mail and seems to work quite well.
> 
> Note that af_packet.c is the right place for the ESP/NAT-T check.
> Can't do it in ESP or UDP code because we can't tell if these packets
> are also being captured by tcpdump/ethereal.

Herbert already fixed it with this patch.