[Swan-dev] crash after pluto: Fix addresspool reference count
Antony Antony
antony at phenome.org
Sat Oct 7 11:35:18 UTC 2017
On Sat, Oct 07, 2017 at 12:02:59PM +0200, wolfgang at linogate.de wrote:
> I also couldn't stay away and found some time today to look into it. I
> have added a solution and two test cases to lsw299, which I think worked
>now properly.
Wow It is great to receive patches with tests, thanks.
Are you running the full KVM test suite? because you patched
testing/baseconfigs/east/etc/ipsec.d/passwd
I had quick look. I will push the testcases. I will not apply the fix yet.
There are some red flags here. May be some of the issues I am noticing now
are not new.
> We use this feature for years without problems. Sure it is not optimal,
> but it
> works. The static address pool is only temporary installed to assign the user
> defined static ip to the client and deleted once the instance is gone.
why you specify range per user?
+use6:xOzlFlqtwJIu2:east-any:192.0.2.101-192.0.2.200
If you do that things will likely get messy.
> Having multiple address pools on one connection would be a nice thing, but
> I think it is not easy to implement.
yes. multiple connections sharing exact pools is supported.
I don't see a need for multiple pools per connection yet.
If the address from the xauth file is made into an addresspool, used only by
this specific instance. I would add a variable in "struct ip_pool" to
indicate "do not share this pool".
> Overlapping ip addresses in global and static pools are configuration problems
> and the log clearly show the user that he need to configure to separate pools.
I don't think it will work as you imagine. Currently if an addrsspool is
added in via xauth password file. That pool could be shared.
regards,
-antony
More information about the Swan-dev
mailing list