[Openswan dev] [PATCH] Safety check in aggr_outI1 for no interface from orient()

Michael H. Warfield mhw at WittsEnd.com
Sat Mar 13 12:05:25 EST 2010


Working my way back up the stack.  This patch adds a check to aggr_outI1
right after set_state_ike_endpoints() to make sure we've got a valid
interface before proceeding.  Now it catches this one earlier and we
don't get the retries but "ipsec auto --up CONN" seems to just hang
right after"

003 "CONN" #3: aggr_outI1 failed, no interface sending to ...

But that's the first place where the orient problem can be detected.
Sigh...  Have to detect the STF_FAIL and handle it back in the caller,

Patch attached.  (And I used the right logging function this
time.  :-) )

Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openswan-2.6.24-aggr_outI1-safety.diff
Type: text/x-patch
Size: 671 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/dev/attachments/20100313/979cc20d/attachment.bin 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
Url : http://lists.openswan.org/pipermail/dev/attachments/20100313/979cc20d/attachment-0001.bin 

More information about the Dev mailing list