[Openswan dev] problems with clear-or-private food group
mcr at sandelman.ottawa.on.ca
Wed Apr 18 23:42:22 EDT 2007
-----BEGIN PGP SIGNED MESSAGE-----
There is some problem in programs/pluto/connections.c where a connection
gets matched into a clear-or-private food group incorrectly.
This seems to affect 2.4.6, 2.4.7, 2.4.8 and 2.5.10.
It probably affects previous versions as well.
We will have to create some sensible unit testing for the
When the connection gets matched wrong, the DNS request fails for it,
and this does some memory damage to the state table, resulting in a
For the moment, the solution is to never put anything into the
clear-or-private food group. If you need that functionality, write
an explicit conn that is "auto=add".
] Bear: "Me, I'm just the shape of a bear." | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr at xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Finger me for keys
-----END PGP SIGNATURE-----
More information about the Dev