[Openswan dev] nearing in on bug #1004

Paul Wouters paul at xelerance.com
Thu Jul 23 00:56:46 EDT 2009

Bug 1004 consists of 2 problems. The dropped port with left/rightprotpoport
and the inside vs outside IP in building the policy with netkey. This
code trace is about tracking the dropped port section.

This can be seen with loading any conn with a left and rigtprotoport=17/1701
and running ipsec auto --status

good output contains:

000 "testme":[@bleve]:17/1701...[@paul]:17/1701; unrouted; eroute owner: #0

bad output contains:

000 "testme":[@paul,S?C]...[@bleve,S?C]; unrouted; eroute owner: #0

After a few very long nights of "git bisect", I've managed to cut down the
codebase where the bug was introduced to about 41 commits, ranging from:

f04f82042f4c3a1499dfef533e8fb033af6dc59a (last known good)


233ced946dc9a3f4684a79608a4c94f83ebb331e (first confirmed bad).

I've created a diff between those two commits, stripped it from sections
we know the problem is not in (testing files, man pages, klips code). the
resulting diff is still fairly big, but that's due to a lot of
refactoring. The specific code here is where the "starter" code was
integrated into libstarter and the libipsecconf code was created.

This diff is at ftp://ftp.openswan.org/openswan/development/1004bug.diff

Hopefully I can find some time to work on this bug over the next few days.


More information about the Dev mailing list