Re: [Users] Selectors patch (partially) broken?

From: Andreas Steffen (andreas.steffen_at_strongsec.net)
Date: Fri Dec 13 2002 - 19:41:22 CET

• Next message: Chris Malott: "[Users] GRE over IPSEC"
• Previous message: Matthias Gorjup: "Re: [Users] Question from Confused user who has read the docs"
• In reply to: Stephen J. Bevan: "Re: [Users] Selectors patch (partially) broken?"
• Next in thread: Andreas Steffen: "Re: [Users] Selectors patch (partially) broken?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Stephen J. Bevan wrote:

> That would still leave the question of exactly how the 500 is getting
> into the address. Since the protocol isn't set to UDP my guess is the
> 500 is lingering around from when the this/that host_addr was used to
> send/receive an ISKAMP message. That is the culprit might be the
> setportof call in pluto/demux.c:send_packet and a quick workaround
> might be to to store the port in a local variable, call setportof and
> then reset the port in the address after the sendto.

I followed your suggestion an restored the port after the sendto:

bool
send_packet(struct state *st, const char *where)
{
     struct connection *c = st->st_connection;
     int port_buf;
     bool err;

     DBG(DBG_RAW,
         {
             DBG_log("sending %lu bytes for %s through %s to %s:%u:"
                 , (unsigned long) st->st_tpacket.len
                 , where
                 , c->interface->rname
                 , ip_str(&c->that.host_addr)
                 , (unsigned)c->that.host_port);
             DBG_dump_chunk(NULL, st->st_tpacket);
         });

     /* XXX: Not very clean. We manipulate the port of the ip_address to
      * have a port in the sockaddr*, but we retain the original port
      * and restore it afterwards.
      */

     port_buf = portof(&c->that.host_addr);
     setportof(htons(c->that.host_port), &c->that.host_addr);

#if defined(IP_RECVERR) && defined(MSG_ERRQUEUE)
     (void) check_msg_errqueue(c->interface, POLLOUT);
#endif /* defined(IP_RECVERR) && defined(MSG_ERRQUEUE) */

     err = sendto(c->interface->fd
         , st->st_tpacket.ptr, st->st_tpacket.len, 0
         , sockaddrof(&c->that.host_addr)
         , sockaddrlenof(&c->that.host_addr)) != (ssize_t)st->st_tpacket.len;

     /* restore port */
       setportof(port_buf, &c->that.host_addr);

     if (err)
     {
         log_errno((e, "sendto on %s to %s:%u failed in %s"
             , c->interface->rname
             , ip_str(&c->that.host_addr)
             , (unsigned)c->that.host_port
             , where));
         return FALSE;
     }
     else
     {
         return TRUE;
     }
}

Bad case 1 works now, i.e. I can ping the SG2 from SG1. I must check
bad case 2 next.

Thanks

Andreas

======================================================================
Andreas Steffen e-mail: andreas.steffen_at_strongsec.com
strongSec GmbH phone: +41 76 340 25 56
Alter Zürichweg 20 home: http://www.strongsec.com
CH-8952 Schlieren (Switzerland)
==========================================[strong internet security]==

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• Next message: Chris Malott: "[Users] GRE over IPSEC"
• Previous message: Matthias Gorjup: "Re: [Users] Question from Confused user who has read the docs"
• In reply to: Stephen J. Bevan: "Re: [Users] Selectors patch (partially) broken?"
• Next in thread: Andreas Steffen: "Re: [Users] Selectors patch (partially) broken?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.5 : Sat Dec 14 2002 - 05:21:06 CET