[Swan] Selection of address family with %any or %defaultroute

[Frank Schmirler]

Hi,

while trying out different combinations of IPv4/IPv6 tunnels, I ran into this
TODO in libipsecconf:

 * verify both ends are using the same inet family, if one end
 * is "%any" or "%defaultroute", then perhaps adjust it.
 * ensource this for left,leftnexthop,right,rightnexthop
 * Ideally, phase out connaddrfamily= which now wrongly assumes
 * left,leftnextop,leftsubnet are the same inet family
 * Currently, these tests are implicitely done, and wrongly
 * in case of 6in4 and 4in6 tunnels

The attached patch solves the problem with 6in4/4in6 tunnels by detecting the
address family of leftsubnet/rightsubnet. Now connaddrfamily= should no longer
refer to the addressfamily of the subnets as the man page suggests, but to the
addressfamily of left/right instead. The patch "works-for-me". I'm posting it
in the hope it will be useful for someone. I tested only with
leftsubnet/rightsubnet. Not sure if it works with all kinds of features (like
e.g. vhost).

IMHO it is not possible to get rid of connaddrfamily= completely. It will be
needed for the host=%defaultroute, peer=%any case where autodetection is
obviously not possible. It could als be handy if peer is a DNS name and you
want to force an address family (https://bugs.libreswan.org/show_bug.cgi?id=28).

Regards,
Frank

-------------- next part --------------
A non-text attachment was scrubbed...
Name: confread-tunnel_addr_family.diff
Type: text/x-patch
Size: 2521 bytes
Desc: not available
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20150624/9f8afbf6/attachment.bin>