[Openswan dev] address mangling with KH_IPHOSTNAME
Paul Wouters
paul at xelerance.com
Thu May 26 16:25:01 EDT 2011
On Wed, 25 May 2011, Avesh Agarwal wrote:
> 1. Broken AH support with NETKEY since ages (perhaps since 2.6.15/16) (rhbz#
> 704548): AH protocol does not work when setting as phase2=ah, leading to
> unsuccessful connection. This ends with error "unknown encryption algorithm".
I applied this one.
> 2. Protocol port issue when using hostnames instead of ipaddress in
> connection definitions (rhbz# 703473): leftprotoport/rightprotoport option
> does not work when using hostnames with ipv4.
This is odd. Looking at your patch I can see how in some cases the ipv6
case (which calls ttoaddr() which can call initaddr()) which causes
things to get wiped. I am not sure I can see this for the ipv4 case though.
Actually, It seems tryname() can cause this to happen as well. I guess
we really need to ha some ldns/libunbound code to properly do DNS instead
of using these ancient functions.
I'm applying your workaround to git now. thanks!
> With ipv6, this issue can be
> reproduced even with ipv6 addresses, if you dont specify
> "connaddrfamily=ipv6" in the connection definition. The reason is that the
> ipv6 address is considered as string and is tried for name resolution leading
> to wiping of ports from the connection. However, the ipv6 connection gets
> established. IOW that to make an ipv6 work, it is not really needed to
> specify "connaddrfamily=ipv6", however breaks protocol/port stuff.
>
> I have attached the patches for the above issue. I would appreciate any
> feedback on these patches.
>
> Thanks and Regards
> Avesh
More information about the Dev
mailing list