Paul,
I just compile the version 3.18 with this changes you told and it fixes
the issue, i can connect two users behind the same nat with xauth and
the traffic is ok.
I guess that this is safe to put in production, no?
Thanks.
NOTE: you patch fail to apply on 3.18, here the updated patch that i used:
diff -rNu libreswan-3.18-orig/programs/pluto/connections.c
libreswan-3.18/programs/pluto/connections.c
--- libreswan-3.18-orig/programs/pluto/connections.c 2016-07-27
15:01:34.000000000 +0200
+++ libreswan-3.18/programs/pluto/connections.c 2016-08-25
10:28:48.214940448 +0200
@@ -1754,9 +1754,6 @@
t->log_file = NULL;
t->log_file_err = FALSE;
- t->spd.reqid = group->spd.reqid == 0 ?
- gen_reqid() : group->spd.reqid;
-
/* add to connections list */
t->ac_next = connections;
connections = t;
@@ -1832,7 +1829,7 @@
default_end(&d->spd.this, &d->spd.that.host_addr);
d->spd.spd_next = NULL;
- d->spd.reqid = c->spd.reqid == 0 ? gen_reqid() : c->spd.reqid;
+ d->spd.reqid = gen_reqid();
/* set internal fields */
d->ac_next = connections;
On 08/25/2016 10:25 AM, Antonio Silva wrote:
Hi Paul,
Can i apply this patch to version 3.18?
i notice that the code is a bit different... but i do see the line in
programs/pluto/connections.c:
d->spd.reqid = c->spd.reqid == 0 ? gen_reqid() : c->spd.reqid;
On 08/23/2016 11:10 PM, Paul Wouters wrote:
On Tue, 23 Aug 2016, Lennart Sorensen wrote:
@@ -1819,6 +1821,9 @@ char *add_group_instance(struct connection
*group, const i p_subnet *target)
t->spd.reqid = group->spd.reqid == 0 ?
gen_reqid() : group->spd.reqid;
+ t->spd.reqid = gen_reqid(); + +
/* add to connections list */
t->ac_next = connections;
That doesn't look like valid syntax with all those '+'
And that line seems like it overrides the previous like, so what is the
point in doing that?
Sorry, let me try explain and fixup the patch :)
When we add_connection(), we check if the user supplied a reqid= option.
If so, use that. Otherwise, generate a unique one:
c->spd.reqid = wm->sa_reqid == 0 ? gen_reqid() :
wm->sa_reqid;
Then in instantiate() we again checked for reqid being 0 and if so,
generate one. Since it was never 0 anymore, it would never generate
one, meaning all instances received the same number generated on the
original add_connection() call.
So the proper patch would be:
diff --git a/programs/pluto/connections.c b/programs/pluto/connections.c
index 0e3c23e..634c12f 100644
--- a/programs/pluto/connections.c
+++ b/programs/pluto/connections.c
@@ -1756,9 +1756,6 @@ char *add_group_instance(struct connection
*group, const ip_subnet *target)
t->log_file = NULL;
t->log_file_err = FALSE;
- t->spd.reqid = group->spd.reqid == 0 ?
- gen_reqid() : group->spd.reqid;
-
/* add to connections list */
t->ac_next = connections;
connections = t;
@@ -1834,7 +1831,7 @@ struct connection *instantiate(struct
connection *c, const ip_address *him,
default_end(&d->spd.this, &d->spd.that.host_addr);
d->spd.spd_next = NULL;
- d->spd.reqid = c->spd.reqid == 0 ? gen_reqid() : c->spd.reqid;
+ d->spd.reqid = gen_reqid();
/* set internal fields */
d->ac_next = connections;
_______________________________________________
Swan-dev mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-dev
--
Saludos / Regards / Cumprimentos,
António silva
_______________________________________________
Swan-dev mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-dev
