From: Andreas Steffen (andreas.steffen_at_strongsec.net)
Date: Fri Dec 27 2002 - 22:25:33 CET
The full protocol and port selector support integrated into the X.509
patch is maturing. Extensive testing of this feature has revealed
two additional bugs which got fixed with version 0.9.18. The new
release can be downloaded from
http://www.strongsec.com/freeswan
Bug Fixes
---------
- fixed a bug in the function route_owner() in connections.c. Protocol
selectors were not considered when finding existing eroutes. This
deficiency made it impossible to set up simultaneous IPsec SAs for
multiple protocols (e.g. tcp, udp and icmp).
- fixed a bug in the function find_client_connection() in connections.c.
When refining the connection during quick mode, protocol and port
selectors set to zero could be used as wild cards. This feature caused
IPsec SAs with active protocol and/or port selectors to be bound to
a connection definition having no selectors at all. With the fix in
place an exact protocol/port match is now required.
- added protocol/port debugging output during quick mode in ipsec_doi.c.
Kind regards
Andreas
======================================================================
Andreas Steffen e-mail: andreas.steffen_at_strongsec.com
strongSec GmbH phone: +41 76 340 25 56
Alter Zürichweg 20 home: http://www.strongsec.com
CH-8952 Schlieren (Switzerland)
==========================================[strong internet security]==
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Sat Dec 28 2002 - 05:21:10 CET