kern/81095: IPsec connection stops working if associated network
interface goes down and then up again.
Ari Suutari
ari at suutari.iki.fi
Tue May 24 05:40:08 GMT 2005
The following reply was made to PR kern/81095; it has been noted by GNATS.
From: Ari Suutari <ari at suutari.iki.fi>
To: Gleb Smirnoff <glebius at FreeBSD.org>
Cc: FreeBSD-gnats-submit at FreeBSD.org, andre at FreeBSD.org
Subject: Re: kern/81095: IPsec connection stops working if associated network
interface goes down and then up again.
Date: Tue, 24 May 2005 08:39:09 +0300
Hi,
Gleb Smirnoff wrote:
> can you please polish your patch and submit it as follow-up to PR?
> There plans to remove route caching.
Here it is. I would consider it only a workaround, since it just
frees any cached route causing new lookup done every time.
It covers only IPv4 case as I don't have IPv6 in my vpn box
right now.
I'm keeping my test environment in VmWare so I can easily
test things if someone is going to work on this.
*** ipsec.c.orig Tue May 24 08:31:09 2005
--- ipsec.c Tue May 24 08:31:47 2005
***************
*** 2713,2721 ****
state->ro = &isr->sav->sah->sa_route;
state->dst = (struct sockaddr *)&state->ro->ro_dst;
dst4 = (struct sockaddr_in *)state->dst;
! if (state->ro->ro_rt
! && ((state->ro->ro_rt->rt_flags & RTF_UP) == 0
! || dst4->sin_addr.s_addr != ip->ip_dst.s_addr)) {
RTFREE(state->ro->ro_rt);
state->ro->ro_rt = NULL;
}
--- 2713,2719 ----
state->ro = &isr->sav->sah->sa_route;
state->dst = (struct sockaddr *)&state->ro->ro_dst;
dst4 = (struct sockaddr_in *)state->dst;
! if (state->ro->ro_rt) {
RTFREE(state->ro->ro_rt);
state->ro->ro_rt = NULL;
}
Ari S.
More information about the freebsd-bugs
mailing list