ttoaddr() contains: - if (err && af != AF_INET) - err = tryname(src, srclen, nultermd, AF_INET6, af, dst); - if (err && af != AF_INET6) - err = tryname(src, srclen, nultermd, AF_INET, af, dst); so, for AF==AF_UNSPEC, it will try an IPv6 DNS lookup and, should that fail, try an IPv4 DNS lookup. The code's always done this; perhaps: - just because - this way the IPv4 error is prefered over the IPv6 error - at the time it was the thing to do (it also quickly became the thing to not do as waiting for IPv6 to fail before trying IPv4 made everything slower; code switched to trying both in parallel)
meanwhile, whack contains: - msg.addr_family = AF_INET; which forces lookups to IPv4 only (unless the config file / option explicitly says otherwise). So to put it simply: whack prefers IPv4; ttoaddr() prefers IPv6. This means that, if the whack default is removed, a configuration with valid IPv4 and IPv6 DNS records would suddenly switch from IPv4 to IPv6 for the IKE SA. thoughts? Andrew _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
