[Openswan dev] DPD broken in 2.6.23?

Paul Wouters paul at xelerance.com
Mon Oct 19 16:25:48 EDT 2009


On Mon, 19 Oct 2009, D. Hugh Redelmeier wrote:

> | > if (!(ugh = xfrm_to_ip_address(family, srcx, &src))
> | > 	&& !(ugh = xfrm_to_ip_address(family, dstx, &dst))
> | > 	&& (ugh = add_port (family, &src, acquire->sel.sport))
> | > 	&& (ugh = add_port (family, &dst, acquire->sel.dport))
> | > 	&& !(ugh = src_proto == dst_proto? NULL : "src and dst protocols differ")
> | > 	&& !(ugh = addrtosubnet(&src, &ours))
> | > 	&& !(ugh = addrtosubnet(&dst, &his)))
> | >      record_and_initiate_opportunistic(&ours, &his, transport_proto
> | > 					  , "%acquire-netlink");
>
> | There seems to really be a bug. I've commited your fix. It will be in 2.6.24.
>
> How would that have ever worked?  It looks very obviously wrong!  Was
> it ever tested?

Apparently not?

> Why is this the first time anyone noticed?

Time? Money? Resources?

> Is this path rarely use or does it rarely matter?

Since both ends independantly do DPD, and the bug only affected one direction, the
other end would trigger DPD as well, with the working part.

> (I have no idea if I wrote that code so I don't even know if I'm the
> one to answer the questions.  No wait: I can tell by the formatting of
> the two bad lines that I didn't write them.)

No, you're not responsible for DPD :)

However, this brings brought to light a new problem that Tuomo just posted about.

Paul
>


More information about the Dev mailing list