Hi Mirko, Thanks for the detailed report.
> It looks like charon does not use the updated IP address for path checking, > nor does it resolve the peer's name again, which would also have provided the > updated address. > > What's happening here, and what could be done about it? This is an unfortunate side-effect of my attempts to store all the known addresses of a peer in a single list. The peer's current address (as known to the IKE_SA) is stored in that list when it is updated. But when this happens during a MOBIKE exchange caused by an address change of the responder the address cached on the IKE_SA is still the old one (it is updated only a few lines later). Please try the attached patch (should apply to 4.6.3) which uses the source address of the current message instead of the cached address on the IKE_SA. Regards, Tobias
>From 82fc59cc314e6f622c797777407af567c91896cd Mon Sep 17 00:00:00 2001 From: Tobias Brunner <[email protected]> Date: Wed, 9 May 2012 17:53:34 +0200 Subject: [PATCH] Fix MOBIKE address update if responder address changed. Use the source address of the current MOBIKE message as peer address instead of assuming the address cached on the IKE_SA is still valid. --- src/libcharon/sa/tasks/ike_mobike.c | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/libcharon/sa/tasks/ike_mobike.c b/src/libcharon/sa/tasks/ike_mobike.c index 1402b2e..fb11000 100644 --- a/src/libcharon/sa/tasks/ike_mobike.c +++ b/src/libcharon/sa/tasks/ike_mobike.c @@ -138,7 +138,7 @@ static void process_payloads(private_ike_mobike_t *this, message_t *message) this->ike_sa->clear_peer_addresses(this->ike_sa); first = FALSE; /* add the peer's current address to the list */ - host = this->ike_sa->get_other_host(this->ike_sa); + host = message->get_source(message); this->ike_sa->add_peer_address(this->ike_sa, host->clone(host)); } @@ -158,7 +158,7 @@ static void process_payloads(private_ike_mobike_t *this, message_t *message) { this->ike_sa->clear_peer_addresses(this->ike_sa); /* add the peer's current address to the list */ - host = this->ike_sa->get_other_host(this->ike_sa); + host = message->get_source(message); this->ike_sa->add_peer_address(this->ike_sa, host->clone(host)); this->addresses_updated = TRUE; break; -- 1.7.4.1
_______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
