[Openswan dev] address mangling with KH_IPHOSTNAME
avagarwa at redhat.com
Thu May 26 16:44:44 EDT 2011
On 05/26/2011 04:25 PM, Paul Wouters wrote:
> On Wed, 25 May 2011, Avesh Agarwal wrote:
>> 1. Broken AH support with NETKEY since ages (perhaps since 2.6.15/16)
>> (rhbz# 704548): AH protocol does not work when setting as phase2=ah,
>> leading to unsuccessful connection. This ends with error "unknown
>> encryption algorithm".
> I applied this one.
>> 2. Protocol port issue when using hostnames instead of ipaddress in
>> connection definitions (rhbz# 703473): leftprotoport/rightprotoport
>> option does not work when using hostnames with ipv4.
> This is odd. Looking at your patch I can see how in some cases the ipv6
> case (which calls ttoaddr() which can call initaddr()) which causes
> things to get wiped. I am not sure I can see this for the ipv4 case
With ipv4, if you specify:
left=hostname #so that the name needs to be resolved.
Then, it should be possible to reproduce it.
> Actually, It seems tryname() can cause this to happen as well.
> I guess
> we really need to ha some ldns/libunbound code to properly do DNS instead
> of using these ancient functions.
> I'm applying your workaround to git now. thanks!
Thanks a lot.
>> With ipv6, this issue can be reproduced even with ipv6 addresses, if
>> you dont specify "connaddrfamily=ipv6" in the connection definition.
>> The reason is that the ipv6 address is considered as string and is
>> tried for name resolution leading to wiping of ports from the
>> connection. However, the ipv6 connection gets established. IOW that
>> to make an ipv6 work, it is not really needed to specify
>> "connaddrfamily=ipv6", however breaks protocol/port stuff.
>> I have attached the patches for the above issue. I would appreciate
>> any feedback on these patches.
>> Thanks and Regards
Thanks and Regards
More information about the Dev