[Openswan dev] [Commits] [OPENSWAN.git] Changes to ref refs/heads/master

David McCullough david_mccullough at mcafee.com
Tue May 4 02:37:48 EDT 2010 

Jivin Thomas Geulig lays it down ...
> On Tue, 04 May 2010 David McCullough wrote:
> > Jivin Paul Wouters lays it down ...
> >
> > > On Fri, 30 Apr 2010, davidm at vault.xelerance.com wrote:
> > > >    Fix assertion failure when removing routes
> > > >
> > > >    In delete_states_by_connection:
> > > >
> > > >    ASSERTION FAILED at .../programs/pluto/state.c:691: sr->eroute_owner
> > > > == SOS_NOBODY
> > > >
> > > >    kernel_interface was left set to AUTO_PICK even though USE_KLIPS had
> > > > been selected by the code.  Note sure if this actually affected netkey
> > > > or others but it may.
> > > >
> > > >    This change makes sure that, once an interface is selected,
> > > > everything points to that interface being the one.
> > > >
> > > >    This was a subtle side affect of
> > > > fdfb59b413eec432969014762ceb847ef7e5e9a4 :-)
> > >
> > > I don't understand. The code reads (with + for your added lines)
> > >
> > > switch(kern_interface) {
> > >      case AUTO_PICK:
> > >  	[...]
> > >
> > >      case USE_KLIPS:
> > > +        kern_interface = USE_KLIPS;
> > >  	[...]
> > >
> > >   #if defined(BSD_KAME)
> > >       case USE_BSDKAME:
> > > +       kern_interface = USE_BSDKAME;
> > >  	[...]
> > >
> > > Aren't you just setting it to the value it must have because otherwise it
> > > would never end up in the switch statement to begin with? I mean, it
> > > won't hurt, but I don't think this can be fixing any assertion failed
> > > that you saw.
> >
> > A small change at the top this funciton meant that on an openswan userland
> > compiled for both netkey and klips,  but using klips,  it would drop
> >  through to the switch statement with kern_interface = AUTO_PICK,  so it
> >  would then go an setup the klips interface by falling through the switch
> >  statement, but kern_interface was left set to AUTO_PICK, later I would see
> >  the assertion failure.
> 
> Ok, my setup is klips-only, so I didn't see that.

I am klips only too,  but I think NETKEY support is enabled in openswan.
I don't have netkey in my kernel.

Not sure when/how the netkey support is enabled.

> > This was running on the head of git master completely unmodified.
> >
> > Obviously somewhere else in pluto is using kern_interface to make decisions
> > and getting it wrong when kern_interface==AUTO_PICK.  I didn't go looking
> > for the offender.  I actually found this use 'git bisect',  decided that
> > there was no way that fdfb59b413eec432969014762ceb847ef7e5e9a4 could be the
> > cause and then went through it all by hand again,  and still didn't believe
> > it ;-)
> 
> At least one case (I had problems with) is the function delete_ipsec_sa()
> in kernel.c.

What problem are you seeing there ?

Cheers,
Davidm

-- 
David McCullough,      david_mccullough at mcafee.com,  Ph:+61 734352815
McAfee - SnapGear      http://www.mcafee.com         http://www.uCdot.org

More information about the Dev mailing list