]> git.ipfire.org Git - thirdparty/strongswan.git/commit
projects / thirdparty / strongswan.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: eb19699) | patch
wip: ike: Abort initiation if source IP can't be determined src-ip-abort
authorTobias Brunner <tobias@strongswan.org>
Tue, 24 Aug 2021 12:48:05 +0000 (14:48 +0200)
committerTobias Brunner <tobias@strongswan.org>
Thu, 4 Nov 2021 07:59:22 +0000 (08:59 +0100)
commitb9a96041afe3832fbe681d0f405cdee492dc859b
treeafaf3a888d90bbddecab62f4f52a51a40c1df96dtree
parenteb19699a7ad18235e2c6fe9de1700afe554e6ddecommit | diff
wip: ike: Abort initiation if source IP can't be determined

Without a source IP we'll have problems with NAT-D.

wip: Are there legitimate situations where we can't determine the source
address (limited kernel interfaces perhaps?). I also wonder if the
fallbacks in ike-natd are actually ever used nowadays (probably,
ike_sa_t::resolve_hosts() was way simpler in earlier versions so it was
more common that the source IP was not determined at that point).
So I guess we could just remove all that stuff there.
(actually, 4.1.4 added the source lookup in ike-natd and 4.2.5 added the
same in resolve_hosts - about a year between the two)
src/libcharon/bus/bus.h diff | blob | blame | history
src/libcharon/sa/ike_sa.c diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.