On Sat, 30 Jun 2018, D. Hugh Redelmeier wrote:
(This is kernel code so my understanding of it is limited.)There are two copies of this code fragment: if (((struct sockaddr_in6*)(ipsp->ips_addr_s))->sin6_family == AF_INET6) psin6 = (struct sockaddr_in6*)(ipsp->ips_addr_s); else if (((struct sockaddr_in*)(ipsp->ips_addr_s))->sin_family == AF_INET6) psin = (struct sockaddr_in*)(ipsp->ips_addr_s); I'm guessing that the second AF_INET6 was intended to be AF_INET.
That seems to be the case.
If I'm not wrong, why have we not noticed this since it was introduced by c90c46be434cc0a68a8f5e1b0e88a9d019a9f733 in 2010?
I don't know, but I do see this code is within sysctl_ipsec_inbound_policy_check, and I do have some vague memory of people needing to change that setting?
If we fix these two bugs, subsequent code paths will change. So new problems might appear. In particular, the current code (quoted above) seems to think IPv6 is always being used. That's not likely. The following code some how survives this blunder.
Please commit the fix. I don't see any valid reason for leaving it as is. Paul _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
