[Openswan dev] DPD broken in 2.6.23?

[Paul Wouters]

On Mon, 19 Oct 2009, Frank Eberle wrote:

> Ping from 192.168.209.0/24 to 192.168.11.0/24: the tunnel was re-established
> Ping from 192.168.11.0/24 to 192.168.209.0/24: the tunnel was NOT
> re-established
>
> I've analysed the code and found in Pluto kernel_netlink.c, function
> netlink_acquire() the following lines
>
> -- snip ---------------------------------
> if (!(ugh = xfrm_to_ip_address(family, srcx, &src))
> 	&& !(ugh = xfrm_to_ip_address(family, dstx, &dst))
> 	&& (ugh = add_port (family, &src, acquire->sel.sport))
> 	&& (ugh = add_port (family, &dst, acquire->sel.dport))
> 	&& !(ugh = src_proto == dst_proto? NULL : "src and dst protocols differ")
> 	&& !(ugh = addrtosubnet(&src, &ours))
> 	&& !(ugh = addrtosubnet(&dst, &his)))
>      record_and_initiate_opportunistic(&ours, &his, transport_proto
> 					  , "%acquire-netlink");
> -- snip ---------------------------------
>
> record_and_initiate_opportunistic() was never called, so I've checked
> the if-statement. The return value of add_port() defined in initaddr.c
> ist equal NULL when no error has occurred.  So in normal situations when
> add_port() does not fail, the if-statement is always invalid. I've
> changed the code to
>
> -- snip ---------------------------------
> if (!(ugh = xfrm_to_ip_address(family, srcx, &src))
> 	&& !(ugh = xfrm_to_ip_address(family, dstx, &dst))
> 	&& !(ugh = add_port (family, &src, acquire->sel.sport))
> 	&& !(ugh = add_port (family, &dst, acquire->sel.dport))
> 	&& !(ugh = src_proto == dst_proto? NULL : "src and dst protocols differ")
> 	&& !(ugh = addrtosubnet(&src, &ours))
> 	&& !(ugh = addrtosubnet(&dst, &his)))
>      record_and_initiate_opportunistic(&ours, &his, transport_proto
> 					  , "%acquire-netlink");
> -- snip ---------------------------------
>
> and DPD is working again as expected.
>
> I'm missing something or is there really a bug in the code?

There seems to really be a bug. I've commited your fix. It will be in 2.6.24.

Thanks!

Paul