[Openswan dev] CK_INSTANCE for clear
mcr at xelerance.com
Sun Apr 16 00:47:27 CEST 2006
-----BEGIN PGP SIGNED MESSAGE-----
At line 4613 of connecitons.c, in:
t->kind = isanyaddr(&t->spd.that.host_addr) && !NEVER_NEGOTIATE(t->policy)
? CK_TEMPLATE : CK_INSTANCE;
I can't understand why "CK_INSTANCE" is the right value for when
it can be negotiated, but it isn't the any address.
Specifically the "clear-or-private" type conn has it's policy members
set to CK_INSTANCE, which confuses things later on in decode_peer_id(),
when we find a more suitable conn from refine_host_connection().
The bug I was investigating is that we fail to create an instance
properly of the clear-or-private#0.0.0.0/0 conn, and use the "group"
itself, and it therefore isn't instantiated, and the remote id is
"(none)", which screwed up the DNS lookup.
Somehow this leads to an unhash_state() eventually acting on a state
that has been modified since it was hashed, and it no longer is in the
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr at xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Finger me for keys
-----END PGP SIGNATURE-----
More information about the Dev