Herbert Xu wrote:
On Thu, Jan 12, 2006 at 07:06:45AM +0100, Patrick McHardy wrote:
When moving around with my notebook I got annoyed by having
to change the IPsec policies whenever I get a new address.
This patch handles a tunnel source of 0.0.0.0 as special case
and using routing to get the real source address for the
acquire message. I've tested with racoon and it works fine.
The idea is good. My only question is can the same thing be
done in user space (racoon) with a similar level of effort?
Its even simpler, see the attached patch. I'm going to submit
this to the racoon guys instead.
--- a/src/racoon/pfkey.c 2005-10-03 16:52:19.000000000 +0200
+++ b/src/racoon/pfkey.c 2006-01-12 09:36:23.000000000 +0100
@@ -1686,7 +1691,23 @@
return 0;
}
}
-
+
+ if ((src->sa_family == AF_INET &&
+ ((struct sockaddr_in *)src)->sin_addr.s_addr == INADDR_ANY)
+#ifdef INET6
+ || (src->sa_family == AF_INET6 &&
+ IN6_IS_ADDR_UNSPECIFIED(&((struct sockaddr_in6 *)src)->sin6_addr))
+#endif
+ ) {
+ struct sockaddr *local = getlocaladdr(dst);
+
+ if (local) {
+ set_port(local, extract_port(src));
+ memcpy(src, local, sizeof(*src));
+ racoon_free(local);
+ }
+ }
+
/* ignore, if we do not listen on source address */
{
/* reasons behind:
