After testing 5.0.1rc1 on FreeBSD a bit, I've run into a few problems.
The first was some simple compile errors which I think I fixed in the
attached patch. But there's clearly a deeper problem that I haven't
found yet. On startup I get the following messages:
00[DMN] Starting IKE charon daemon (strongSwan 5.0.1rc1, FreeBSD
9.0-RELEASE-p4, amd64)
00[KNL] unable to set UDP_ENCAP: Invalid argument
00[NET] enabling UDP decapsulation failed
When I try to bring up a tunnel with "knl 4, net 4" debugging enabled I
get the following:
03[NET] received packet => 832 bytes @ 0x7fffff7f93b0
03[NET] 0: 75 74 B5 37 1A 61 79 52 00 00 00 00 00 00 00 00
ut.7.ayR........
...
03[NET] 816: 3D A7 76 23 27 9F C4 C4 21 2F 7E B7 A1 F7 5A 19
=.v#'...!/~...Z
03[NET] received packet: from 192.168.1.201[500] to 192.168.1.1[500]
03[KNL] 192.168.1.1 is not a local address or the interface is down
03[NET] received packet from 192.168.1.201[500] to 192.168.1.1[500] on
ignored interface
03[NET] waiting for data on sockets
So I'm thinking there's a bug in the pfkey/pfroute changes lately
related to interfaces and addresses. I'll continue to try to work my
way through the code but hopefully someone who's more familiar with it
might spot exactly where the problem is quicker than it would take me to
learn the code. Below is my config which doesn't exhibit these problems
with 5.0.0.
ipsec.conf
---
config setup
conn %default
ikelifetime=60m
keyingtries=1
keylife=20m
rekeymargin=3m
conn myconn
auto=add
keyexchange=ikev2
left=%any
leftauth=pubkey-sha1-sha256
leftcert=mycert.pem
leftsubnet=192.168.1.0/24
right=%any
rightauth=pubkey-sha1-sha256
rightid=%any
rightsourceip=192.168.2.0/24
type=tunnel
---
I still get the same error as above when I set 'left=192.168.1.1'.
diff --git a/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c
b/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c
index 9b75632..e88d7b2 100644
--- src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c
+++ src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c
@@ -29,6 +29,7 @@
#include <threading/thread.h>
#include <threading/mutex.h>
#include <threading/rwlock.h>
+#include <utils/hashtable.h>
#include <utils/linked_list.h>
#include <processing/jobs/callback_job.h>
@@ -224,7 +225,7 @@ struct private_kernel_pfroute_net_t
/**
* Add an address map entry
*/
-static void addr_map_entry_add(private_kernel_netlink_net_t *this,
+static void addr_map_entry_add(private_kernel_pfroute_net_t *this,
addr_entry_t *addr,
iface_entry_t *iface)
{
addr_map_entry_t *entry;
@@ -247,7 +248,7 @@ static void addr_map_entry_add(private_kernel_netlink_net_t
*this,
* it is also used with linked_list_t.invoke_function)
*/
static void addr_map_entry_remove(addr_entry_t *addr, iface_entry_t *iface,
-
private_kernel_netlink_net_t *this)
+
private_kernel_pfroute_net_t *this)
{
addr_map_entry_t *entry, lookup = {
.ip = addr->ip,
@@ -511,7 +512,7 @@ static job_requeue_t
receive_events(private_kernel_pfroute_net_t *this)
typedef struct {
private_kernel_pfroute_net_t* this;
/** which addresses to enumerate */
- address_type_t which;
+ kernel_address_type_t which;
} address_enumerator_t;
/**
@@ -580,7 +581,7 @@ static bool filter_interfaces(address_enumerator_t *data,
iface_entry_t** in,
}
METHOD(kernel_net_t, create_address_enumerator, enumerator_t*,
- private_kernel_pfroute_net_t *this, address_type_t which)
+ private_kernel_pfroute_net_t *this, kernel_address_type_t which)
{
address_enumerator_t *data = malloc_thing(address_enumerator_t);
data->this = this;
@@ -758,6 +759,7 @@ static status_t
init_address_list(private_kernel_pfroute_net_t *this)
METHOD(kernel_net_t, destroy, void,
private_kernel_pfroute_net_t *this)
{
+ addr_entry_t *addr;
enumerator_t *enumerator;
if (this->socket > 0)
_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
