kern/81095: IPsec connection stops working if associated network interface goes down and then up again.

[Ari Suutari]

The following reply was made to PR kern/81095; it has been noted by GNATS.

From: Ari Suutari <ari at suutari.iki.fi>
To: Gleb Smirnoff <glebius at FreeBSD.org>
Cc: FreeBSD-gnats-submit at FreeBSD.org, andre at FreeBSD.org
Subject: Re: kern/81095: IPsec connection stops working if associated network
 interface goes down and then up again.
Date: Tue, 24 May 2005 08:39:09 +0300

 Hi,
 
 Gleb Smirnoff wrote:
  > can you please polish your patch and submit it as follow-up to PR?
  > There plans to remove route caching.
 
 Here it is. I would consider it only a workaround, since it just
 frees any cached route causing new lookup done every time.
 It covers only IPv4 case as I don't have IPv6 in my vpn box
 right now.
 
 I'm keeping my test environment in VmWare so I can easily
 test things if someone is going to work on this.
 
 
 *** ipsec.c.orig	Tue May 24 08:31:09 2005
 --- ipsec.c	Tue May 24 08:31:47 2005
 ***************
 *** 2713,2721 ****
    			state->ro = &isr->sav->sah->sa_route;
    			state->dst = (struct sockaddr *)&state->ro->ro_dst;
    			dst4 = (struct sockaddr_in *)state->dst;
 ! 			if (state->ro->ro_rt
 ! 			 && ((state->ro->ro_rt->rt_flags & RTF_UP) == 0
 ! 			  || dst4->sin_addr.s_addr != ip->ip_dst.s_addr)) {
    				RTFREE(state->ro->ro_rt);
    				state->ro->ro_rt = NULL;
    			}
 --- 2713,2719 ----
    			state->ro = &isr->sav->sah->sa_route;
    			state->dst = (struct sockaddr *)&state->ro->ro_dst;
    			dst4 = (struct sockaddr_in *)state->dst;
 ! 			if (state->ro->ro_rt) {
    				RTFREE(state->ro->ro_rt);
    				state->ro->ro_rt = NULL;
    			}
 
 
 	Ari S.