[Swan-dev] Fwd: pluto: Fix multiple RW connections with kernel_netlink
Paul Wouters
paul at nohats.ca
Mon May 4 03:32:40 EEST 2015
On Sat, 2 May 2015, Herbert Xu wrote:
> As it is you can never have more than one RW connection under
> kernel_netlink because they all share the same reqid copied over
> from the template. Since the reqid is used by kernel_netlink to
> identify SAs for the same connection, this means that the second
> RW connection will always kick the first one off.
>
> This patch fixes this by allocating a new reqid for each instance.
ahh, but the idea of the reqid= option is that it could remain static,
so you can write static iptables rules for it. When not set in the conn,
we request one via gen_reqid().
I guess what we should do is not allow reqid= to be specified in
template connections.
Paul
More information about the Swan-dev
mailing list