From: VANHULLEBUS Y. <va...@fr...> - 2007-02-21 16:15:23
|
Hi all. Looks like getsainfo() is broken (again, I already worked on such a problem when migrating to.... 0.6 or something like that) when having host endpoints. If my sainfo specification looks like: sainfo address 192.168.1.1 any address 192.168.2.0/24 any it won't be fond when trying to establish the tunnel (as initiator). I also tried with 192.168.1.1/32 with the same result. Racoon debug says: getsainfo params: loc='192.168.1.1/32', rmt='192.168.2.0/24', peer='NULL', id=1 [checking other sainfos] evaluating sainfo: loc='192.168.1.1', rmt='192.168.2.0/24', peer='ANY', id=1 check and compare ids : id type mismatch IPv4_address != IPv4_subnet My SPD entry does NOT have the /32 mask: 192.168.1.1[any] 192.168.2.0/24[any] any The same setup with the same kernel (FreeBSD, tried both 4.11 and 6.2) works. Guess this regression came with Matthew's patch I commited on 2006-10-19, when the logic moved from memcmp (which probably worked as size of the host's IP is used, so the memcmp does not check the netmask part) to ipsecdoi_chkcmpids(). I'm working on it, but if Matthew/someone else have already fixed it or have already done "some work" on that, any informations will be interesting ! Yvan. |