[Openswan dev] old bug hitting again.

Mon Jul 4 11:48:55 CEST 2005

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I just found out that with CVS HEAD

another conn with rightsubnetwithin=0.0.0.0/0

is eating all available vhost: addresses...

So we are again hit by same old bug which is fixed in 1.0.x series some
time ago.

And I couldn't find any test case using vhost: syntax which could have
found out this problem. Even when there is documented that
testing/pluto/nat-pluto-04 should check this case. Well. It doesn't have
vhost:%priv conn so it can't.

This patch should fix test case:


- --
Tuomo Soini <tis at foobar.fi>
Linux and network services
+358 40 5240030
Foobar Oy <http://foobar.fi/>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFCyOnnTlrZKzwul1ERAuAKAJ4p9o18Ryz3j5eWcmDLvf1fch17UgCeNXUi
9qfatP7ADPrLksngt1+hC4M=
=yaiZ
-----END PGP SIGNATURE-----
-------------- next part --------------

--- testing/pluto/nat-pluto-04/east.conf.vhost	2004-12-30 07:13:31.000000000 +0200
+++ testing/pluto/nat-pluto-04/east.conf	2005-07-04 10:48:03.000000000 +0300
@@ -17,7 +17,7 @@
 	left=%any
 	leftid=@road
         leftrsasigkey=0sAQNxbOBmDqiNrUmn5q4kzBQ6I6pW/g2c8iDh3Y/KDtELBC6G0dASaaa95lV0cZT2kla681hVLzRF4MUCmFkH5ih514Nrwc5aptte49/70WotqcbvAhXeBX0zbg78gUPaT7CcUEAYxHoqHubao4mmfWlSrOnpf4crE/q3J6zH+8Z3bfsTGnpThgfNCItHpH7jkHPUYDilHsk0Zfd5fxjVDbl8JbQoT3P1KrdmpK7M1sXQhug12ocq8HlrXa3smJIq5b4T0rF+MYrThrNytNIEn53phuj6S8qmONin4usCqpUw50i2VqaBNQSY++/B57AqThFZNqt7TjqqT0CQ7tPRELgXwRvWA04GDhqBHHWoOrLdsR0p
-	leftsubnet=192.0.2.219/32
+	leftsubnet=vhost:%priv
 	leftsourceip=192.0.2.219
 	# Right security gateway, subnet behind it, next hop toward left.
 	right=192.1.2.23
