[Openswan dev] address mangling with KH_IPHOSTNAME

Avesh Agarwal avagarwa at redhat.com
Thu May 26 16:44:44 EDT 2011

On 05/26/2011 04:25 PM, Paul Wouters wrote:
> On Wed, 25 May 2011, Avesh Agarwal wrote:
>> 1. Broken AH support with NETKEY since ages (perhaps since 2.6.15/16) 
>> (rhbz# 704548): AH protocol does not work when setting as phase2=ah, 
>> leading to unsuccessful connection. This ends with error "unknown 
>> encryption algorithm".
> I applied this one.
>> 2. Protocol port issue when using hostnames instead of ipaddress in 
>> connection definitions (rhbz# 703473): leftprotoport/rightprotoport 
>> option does not work when using hostnames with ipv4.
> This is odd. Looking at your patch I can see how in some cases the ipv6
> case (which calls ttoaddr() which can call initaddr()) which causes
> things to get wiped. I am not sure I can see this for the ipv4 case 
> though.
With ipv4, if you specify:

left=hostname #so that the name needs to be resolved.

Then, it should be possible to reproduce it.

> Actually, It seems tryname() can cause this to happen as well. 
> I guess
> we really need to ha some ldns/libunbound code to properly do DNS instead
> of using these ancient functions.
> I'm applying your workaround to git now. thanks!
Thanks a lot.
>> With ipv6, this issue can be reproduced even with ipv6 addresses, if 
>> you dont specify "connaddrfamily=ipv6" in the connection definition.  
>> The reason is that the ipv6 address is considered as string and is 
>> tried for name resolution leading to wiping of ports from the 
>> connection. However, the ipv6 connection gets established. IOW that 
>> to make an ipv6 work, it is not really needed to specify 
>> "connaddrfamily=ipv6", however breaks protocol/port stuff.
>> I have attached the patches for the above issue. I would appreciate 
>> any feedback on these patches.
>> Thanks and Regards
>> Avesh

Thanks and Regards

More information about the Dev mailing list