[Openswan dev] address mangling with KH_IPHOSTNAME

Paul Wouters paul at xelerance.com
Thu May 26 16:25:01 EDT 2011


On Wed, 25 May 2011, Avesh Agarwal wrote:

> 1. Broken AH support with NETKEY since ages (perhaps since 2.6.15/16) (rhbz# 
> 704548): AH protocol does not work when setting as phase2=ah, leading to 
> unsuccessful connection. This ends with error "unknown encryption algorithm".

I applied this one.

> 2. Protocol port issue when using hostnames instead of ipaddress in 
> connection definitions (rhbz# 703473): leftprotoport/rightprotoport option 
> does not work when using hostnames with ipv4.

This is odd. Looking at your patch I can see how in some cases the ipv6
case (which calls ttoaddr() which can call initaddr()) which causes
things to get wiped. I am not sure I can see this for the ipv4 case though.

Actually, It seems tryname() can cause this to happen as well. I guess
we really need to ha some ldns/libunbound code to properly do DNS instead
of using these ancient functions.

I'm applying your workaround to git now. thanks!

> With ipv6, this issue can be 
> reproduced even with ipv6 addresses, if you dont specify 
> "connaddrfamily=ipv6" in the connection definition.  The reason is that the 
> ipv6 address is considered as string and is tried for name resolution leading 
> to wiping of ports from the connection. However, the ipv6 connection gets 
> established. IOW that to make an ipv6 work, it is not really needed to 
> specify "connaddrfamily=ipv6", however breaks protocol/port stuff.
>
> I have attached the patches for the above issue. I would appreciate any 
> feedback on these patches.
>
> Thanks and Regards
> Avesh



More information about the Dev mailing list