[Swan-dev] pluto: Fix nat_traversal assertion failure in main_inI1_outR1

Paul Wouters paul at nohats.ca
Mon May 11 19:19:56 EEST 2015


On Sat, 9 May 2015, Herbert Xu wrote:

> On Fri, May 08, 2015 at 04:47:28PM -0400, Paul Wouters wrote:
>>
>> It was actually using the same condition. At the start of the function
>> it calls set_nat_traversal() with the md, which checks for
>> nat_traversal_enabled and md->quirks.qnat_traversal_vid != VID_none
>> before setting st->hidden_variables.st_nat_traversal, so it is the
>> same condition, but it is not very obvious. As your patch makes that
>> more obvious, I applied it.
>
> Well I was getting a completely reproducible crash on the passert
> that went away with this patch.  The other side was running openswan.

which side did not support NAT-T? I assume netkey was used with
libreswan. Was the kernel >= 2.6.22 ? I'll do a test with openswan
with nat_traversal=no (libreswan no longer supports 'no' and only
disables nat-t when the kernel does not support it)

Paul


More information about the Swan-dev mailing list