[Swan-dev] crash after pluto: Fix addresspool reference count

[Antony Antony]

On Sat, Oct 07, 2017 at 12:02:59PM +0200, wolfgang at linogate.de wrote:
> I also couldn't stay away and found some time today to look into it. I 
> have added a solution and two test cases to lsw299, which I think worked 
>now properly. 

Wow It is great to receive patches with tests, thanks.

Are you running the full KVM test suite? because you patched 
testing/baseconfigs/east/etc/ipsec.d/passwd 

I had quick look. I will push the testcases. I will not apply the fix yet.
There are some red flags here. May be some of the issues I am noticing now 
are not new.

> We use this feature for years without problems. Sure it is not optimal, 
> but it
> works. The static address pool is only temporary installed to assign the user
> defined static ip to the client and deleted once the instance is gone.

why you specify range per user?

+use6:xOzlFlqtwJIu2:east-any:192.0.2.101-192.0.2.200

If you do that things will likely get messy.

> Having multiple address pools on one connection would be a nice thing, but 
> I think it is not easy to implement.

yes.  multiple connections sharing exact pools is supported.
I don't see a need for multiple pools per connection yet. 

If the address from the xauth file is made into an addresspool, used only by 
this specific instance. I would add a variable in "struct ip_pool" to 
indicate "do not share this pool".
 
> Overlapping ip addresses in global and static pools are configuration problems
> and the log clearly show the user that he need to configure to separate pools.

I don't think it will work as you imagine. Currently if an addrsspool is 
added in via xauth password file. That pool could be shared.

regards,
-antony