[strongSwan-dev] About multiple child sa, with same host & destination ip addr pair
Sriram Raghunathan
sriram.r at nsn.com
Thu Mar 26 12:36:36 CET 2015
Hi,
Could you let me know about the problem that I've explained below:
This is a log, I've captured from one of the setups, running
strongswan-4.5.3.
There seems to be a duplicate entry for the same destination & source
addr child sa pair.
conn12[262]: ESTABLISHED 8 minutes ago,
172.16.11.7[172.16.11.7]...172.16.11.61[172.16.11.61]
conn12[262]: IKE SPIs: 61eebfcfbde117bf_i 6939a8f12fc12e91_r*,
rekeying in 95 minutes
conn12[262]: IKE proposal:
3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
* conn12{245}: INSTALLED, TUNNEL, ESP SPIs: cfdad3fe_i cfc7aea7_o*
conn12{245}: 3DES_CBC/HMAC_SHA1_96, 0 bytes_i, 0 bytes_o,
rekeying in 38 minutes
*conn12{245}: 172.16.11.7/32 === 172.100.7.0/24 *
*conn12{250}: INSTALLED, TUNNEL, ESP SPIs: ca3fc3e2_i c4be685b_o*
conn12{250}: 3DES_CBC/HMAC_SHA1_96, 0 bytes_i, 0 bytes_o,
rekeying in 42 minutes
*c**onn12{250}: 172.16.11.7/32 === 172.100.7.0/24 *
I tried to solve this by writing a small api, which checks if the entry
already exists with the ike_sa -> child_sas linked_list_t. But as I was
developing it, found out that the linked_list_t is not a pair i.e
{ dst_addr, host_addr } pair.
From, child_sa_t {};, i see them as two separate linked lists, which of
course makes it difficult to derive a pair of {dst_addr, host_addr } for
which I could compare an incoming child_cfg_t { }; . Could you please
let me know how to go about this bug?
Thanks for the time.
Sriram
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20150326/01ec9bd3/attachment.html>
More information about the Dev
mailing list