Thread: [Ipsec-tools-devel] strange behavior with listen directive in racoon 0.7 beta3
Brought to you by:
mit_warlord,
netbsd
From: Lockenvitz, J. \(EXT\) <jan...@ns...> - 2007-05-08 12:03:14
|
Hi List, I'm just testing around with racoon 0.7 beta3 and found two strange behaviors when using the listen {} directive in racoon.conf. -------------- the first one: normaly racoon gets notified when new interfaces are set up and puts this to it's listening interfaces list - very good but this does only work if there is no listen{} block in racoon.conf ;-( even if the newly created interface is included in the listen{} block. The notify is recognized but completely ignored. This is a log example for a notify: DEBUG: netlink signals update interface address list Is there any technical or security reason for this, or might this be a bug? --------------- the second one: this is my listen block: listen { isakmp 10.8.15.77; isakmp 127.0.0.1; } I have several other interfaces where racoon should not listen. When i now start racoon the config is read correct and racoon listens only on the specified interfaces. But when the config gets reloaded via a "kill -HUP <racoon pid>" or "racoonctl reload-config" command , it seems to ignore the listen{} block and listens on all interfaces ;-( Is this a known behavior? ------------ I did not tested this with any other version, so I don't know whether this is normal or special 0.7 beta problems. And of course it is not a major bug (if it is a bug), but i wanted to let you know about it so you can decide to fix it or not. regards, Jan |