[strongSwan] Pluto is adding a second ip rule
Tobias Brunner
tobias at strongswan.org
Fri Nov 4 18:12:13 CET 2011
Hi Elmar,
> I thought, this happens in the _updown-Script
It did but this is now done by the kernel-netlink plugin (see [1]).
Pluto still installs the source routes with the _updown script, though.
Now, the kernel-netlink plugin doesn't check if the rule already exists
and just installs it anyway. In 4.6.0 it actually gets installed up to
three times since the kernel-netlink plugin is now loaded by starter,
pluto and charon. If none of these crashes they also get removed
afterwards. I'm not sure if that's a problem, the kernel at least does
not seem to care about the duplicate rules.
> Strongswan was compiled with “--with-routing-table=254
> --with-routing-table-prio=100" (254 is “main”).
Actually, you should set --with-routing-table=0 to install routes into
the main routing table. This way no rule is installed at all and the
source route is simply added to the main table.
Regards,
Tobias
[1]
http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c;hb=HEAD#l1411
More information about the Users
mailing list