Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: [Ipsec-tools-devel] racoon+NAT-T and racoon+debug+IPv6 not so happy?

S.P.Zeidler wrote:
> Hi,
> Thus wrote VANHULLEBUS Yvan (
>> On Sun, Oct 26, 2008 at 12:31:21PM +0100, S.P.Zeidler wrote:
> [...]
>>> And also that you may get 'racoon: stack overflow detected; terminated'
>>> when using racoon -F -d and IPv6 at the same time? The latter is
>>> restricted to the debug mode, just racoon -F doesn't go splat.
>> Definitely looks like a bug :-)
>> Can you provide us more informations about that (a backtrace, some
>> more logs, etc...) ?
> Opposition against committing the following?
>[patch snipped]

Looks pretty ok for me. Though while at it, instead of doing an explicit
cast for each access, I'd use typed pointers and do the cast only once.
It'd be more readable that way IMHO.
> This is in ipsecdoi_id2str() that only gets called in the debug case.
> struct sockaddr -> struct sockaddr_storage fixes the stack overflow.

Makes sense. Also explains why it happens with IPv6 only too.

> For non-linklocal addresses the value in 'scope' is garbage and should be
> set to zero.

Yes. There's some other patches related to ipv6 scope id too. My
opinion is to find all the places where it's set and set it to zero
when it's not valid. So this is definitely the right thing to do.


Home | Main Index | Thread Index | Old Index