[Swan-dev] [Swan] Multiple clients behind the same NAT IP get dropped - IPSec / xauth
Antonio Silva
asilva at wirelessmundi.com
Thu Aug 25 08:25:24 UTC 2016
Hi Paul,
Can i apply this patch to version 3.18?
i notice that the code is a bit different... but i do see the line in
programs/pluto/connections.c:
d->spd.reqid = c->spd.reqid == 0 ? gen_reqid() : c->spd.reqid;
On 08/23/2016 11:10 PM, Paul Wouters wrote:
> On Tue, 23 Aug 2016, Lennart Sorensen wrote:
>
>>> @@ -1819,6 +1821,9 @@ char *add_group_instance(struct connection
>>> *group, const i p_subnet *target)
>>>
>>> t->spd.reqid = group->spd.reqid == 0 ?
>>> gen_reqid() : group->spd.reqid;
>>> + t->spd.reqid = gen_reqid(); + +
>>>
>>> /* add to connections list */
>>> t->ac_next = connections;
>>
>> That doesn't look like valid syntax with all those '+'
>>
>> And that line seems like it overrides the previous like, so what is the
>> point in doing that?
>
> Sorry, let me try explain and fixup the patch :)
>
> When we add_connection(), we check if the user supplied a reqid= option.
> If so, use that. Otherwise, generate a unique one:
>
> c->spd.reqid = wm->sa_reqid == 0 ? gen_reqid() :
> wm->sa_reqid;
>
> Then in instantiate() we again checked for reqid being 0 and if so,
> generate one. Since it was never 0 anymore, it would never generate
> one, meaning all instances received the same number generated on the
> original add_connection() call.
>
> So the proper patch would be:
>
> diff --git a/programs/pluto/connections.c b/programs/pluto/connections.c
> index 0e3c23e..634c12f 100644
> --- a/programs/pluto/connections.c
> +++ b/programs/pluto/connections.c
> @@ -1756,9 +1756,6 @@ char *add_group_instance(struct connection
> *group, const ip_subnet *target)
> t->log_file = NULL;
> t->log_file_err = FALSE;
>
> - t->spd.reqid = group->spd.reqid == 0 ?
> - gen_reqid() : group->spd.reqid;
> -
> /* add to connections list */
> t->ac_next = connections;
> connections = t;
> @@ -1834,7 +1831,7 @@ struct connection *instantiate(struct connection
> *c, const ip_address *him,
> default_end(&d->spd.this, &d->spd.that.host_addr);
> d->spd.spd_next = NULL;
>
> - d->spd.reqid = c->spd.reqid == 0 ? gen_reqid() : c->spd.reqid;
> + d->spd.reqid = gen_reqid();
>
> /* set internal fields */
> d->ac_next = connections;
> _______________________________________________
> Swan-dev mailing list
> Swan-dev at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan-dev
--
Saludos / Regards / Cumprimentos,
António silva
More information about the Swan-dev
mailing list