[Swan-dev] ikev1-hostpair-01 and c->prio

Andrew Cagney andrew.cagney at gmail.com
Fri Sep 25 00:36:02 UTC 2020


This:

https://testing.libreswan.org/v3.30-1791-gd106052012-main/ikev1-hostpair-01/OUTPUT/east.console.diff
Comes from: connections: don't update an end when .host_addr is 0.0.0.0

https://github.com/libreswan/libreswan/commit/a739eaff972135b268a139c54b37e0f366a6ad02

In case the cause isn't obvious:

-> the config file has right[host]=%any
-> update_ends_from_this_host_addr() (nee default_end()) sees this and does
nothing (right.end.client.maskbits==0)
(before it would think %any was valid and set .end.client to %any/32 ->
right.end.client.maskbits==32; oops)
- set_policy_prio() computes c->prio using right.end.client.maskbits, hence
32,32(old) or 32,0(new)

So:

-> when that.host_addr=%any, I think the new priority is correct
for instance, the narrower 1.2.0.0/16 now has higher priority than %any

-> however, I suspect, when .host_addr is changed (ex, ddns), c->prio
should be re-computed

The other possibility is that the change is too aggressive and
update_ends_from_this_host_addr() should selectively update fields (for
instance, when %any, skip .host_port and skip that.host_nexthop)

Andrew
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan-dev/attachments/20200924/ce02370f/attachment.html>


More information about the Swan-dev mailing list