As it is you can never have more than one RW connection under kernel_netlink because they all share the same reqid copied over from the template. Since the reqid is used by kernel_netlink to identify SAs for the same connection, this means that the second RW connection will always kick the first one off.
This patch fixes this by allocating a new reqid for each instance. Signed-off-by: Herbert Xu <[email protected]> diff --git a/programs/pluto/connections.c b/programs/pluto/connections.c index 9140673..258458f 100644 --- a/programs/pluto/connections.c +++ b/programs/pluto/connections.c @@ -1582,11 +1582,7 @@ char *add_group_instance(struct connection *group, const ip_subnet *target) t->log_file = NULL; t->log_file_err = FALSE; - if (group->spd.reqid) { - t->spd.reqid = group->spd.reqid; - } else { - t->spd.reqid = gen_reqid(); - } + t->spd.reqid = gen_reqid(); if (t->spd.that.virt) { DBG_log("virtual_ip not supported in group instance"); @@ -1668,11 +1664,7 @@ struct connection *instantiate(struct connection *c, const ip_address *him, default_end(&d->spd.this, &d->spd.that.host_addr); d->spd.next = NULL; - if (c->spd.reqid) { - d->spd.reqid = c->spd.reqid; - } else { - d->spd.reqid = gen_reqid(); - } + d->spd.reqid = gen_reqid(); /* set internal fields */ d->ac_next = connections; -- Email: Herbert Xu <[email protected]> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
