Migrating from isakmpd to iked: interface name not recognized

Previous thread: Re: easy snapshot updates by Ahlsen-Girard, Edward F CTR USAF AFSOC AFSOC/A6OK on Monday, December 13, 2010 - 7:51 am. (1 message)

Next thread: C++ CGI script by Jean-Francois on Monday, December 13, 2010 - 2:18 pm. (8 messages)

[view original message]

From: Axel Rau

Subject: Migrating from isakmpd to iked: interface name not recognized

Date: Monday, December 13, 2010 - 10:50 am

Hi all,

in the man page for iked.conf, I read:
&quot;Addresses can be specified in CIDR notation (matching netblocks), as
symbolic host names, interface names, or interface group names.&quot;

In my iked.conf, I have
        local pppoe0
but iked -vn complains:
	no IP address found for pppoe0
	/etc/iked.conf: 26: could not parse host specification
.
	ifconfig pppoe0 | grep inet
shows:
	inet 79.243.41.99 --&gt; 87.186.224.28 netmask 0xffffffff

Clueless: Axel
---
axel.rau@chaos1.de  PGP-Key:29E99DD6  +49 151 2300 9283  computing @
chaos claudius

[ message continues ]

[view original message]

From: Axel Rau

Subject: Re: Migrating from isakmpd to iked: interface name not recognized

Date: Tuesday, December 14, 2010 - 5:26 am

This happens with all devices, I have tried.
Anybody succeeded in using an interface name as argument of option
local?

This is 4.8 stable on i386 generic.

Axel
---
axel.rau@chaos1.de  PGP-Key:29E99DD6  +49 151 2300 9283  computing @
chaos claudius

[ message continues ]

[view original message]

From: Mike Belopuhov

Subject: Re: Migrating from isakmpd to iked: interface name not recognized

Date: Tuesday, December 14, 2010 - 9:23 am

iked is still in the works.  you shouldn't try to migrate to it unless
you can come up with fixes for such problems yourself.

mask2prefixlen functions are taken from bgpd.  OK?

Index: parse.y
===================================================================
RCS file: /home/cvs/src/sbin/iked/parse.y,v
retrieving revision 1.14
diff -u -p -u -p -r1.14 parse.y
--- parse.y	17 Nov 2010 16:43:45 -0000	1.14
+++ parse.y	14 Dec 2010 15:57:27 -0000
@@ -266,6 +266,8 @@ struct ipsec_addr_wrap	*host_v4(const ch
 struct ipsec_addr_wrap	*host_dns(const char *, int);
 struct ipsec_addr_wrap	*host_if(const char *, int);
 struct ipsec_addr_wrap	*host_any(void);
+u_int8_t		 mask2prefixlen(struct sockaddr_in *);
+u_int8_t		 mask2prefixlen6(struct sockaddr_in6 *);
 void			 ifa_load(void);
 int			 ifa_exists(const char *);
 struct ipsec_addr_wrap	*ifa_lookup(const char *ifa_name);
@@ -1712,6 +1714,65 @@ host_any(void)
 	return (ipa);
 }
 
+u_int8_t
+mask2prefixlen(struct sockaddr_in *sa_in)
+{
+	in_addr_t ina = sa_in-&gt;sin_addr.s_addr;
+
+	if (ina == 0)
+		return (0);
+	else
+		return (33 - ffs(ntohl(ina)));
+}
+
+u_int8_t
+mask2prefixlen6(struct sockaddr_in6 *sa_in6)
+{
+	u_int8_t	 l = 0, *ap, *ep;
+
+	/*
+	 * sin6_len is the size of the sockaddr so substract the offset of
+	 * the possibly truncated sin6_addr struct.
+	 */
+	ap = (u_int8_t *)&amp;sa_in6-&gt;sin6_addr;
+	ep = (u_int8_t *)sa_in6 + sa_in6-&gt;sin6_len;
+	for (; ap &lt; ep; ap++) {
+		/* this &quot;beauty&quot; is adopted from sbin/route/show.c ... */
+		switch (*ap) {
+		case 0xff:
+			l += 8;
+			break;
+		case 0xfe:
+			l += 7;
+			return (l);
+		case 0xfc:
+			l += 6;
+			return (l);
+		case 0xf8:
+			l += 5;
+			return (l);
+		case 0xf0:
+			l += 4;
+			return (l);
+		case 0xe0:
+			l += 3;
+			return (l);
+		case 0xc0:
+			l += 2;
+			return (l);
+		case 0x80:
+			l += 1;
+			return (l);
+		case 0x00:
+			return (l);
+		default:
+			fatalx(&quot;non continguous inet6 netmask&quot;);
+		}
+	}
+
+	return ...[ message continues ]

[view original message]

From: Axel Rau

Subject: Re: Migrating from isakmpd to iked: interface name not recognized

Date: Tuesday, December 14, 2010 - 10:58 am

Thanks, Axel
---
axel.rau@chaos1.de  PGP-Key:29E99DD6  +49 151 2300 9283  computing @
chaos claudius

[ message continues ]


linux-kernel:
FUJITA Tomonori	Re: [Scst-devel] Integration of SCST in the mainstream Linux kernel
Benjamin Herrenschmidt	[git pull] Please pull powerpc.git merge branch
Ingo Molnar	Re: [RFC/RFT PATCH] sched: automated per tty task groups
Vivek Goyal	Re: [PATCH v4] sched: automated per session task groups
Thomas Renninger	Re: cpufreq doesn't seem to work in Intel Q9300
git:
Mike Miller	git message
Junio C Hamano	Re: [PATCH] Detached HEAD (experimental)
Stefan Richter	Re: [kernel.org users] [RFD] On deprecating "git-foo" for builtins
Jeff King	Re: [PATCH] t7004: test that "git-tag -u" implies "-s"
A Large Angry SCM	Re: [RFC] origin link for cherry-pick and revert
linux-netdev:
Arnaldo Carvalho de Melo	Re: [PATCH 06/37] dccp: Limit feature negotiation to connection setup phase
Gerrit Renker	[PATCH 1/5] dccp: Initialisation framework for feature negotiation
David Miller	Re: 2.6.27.18: bnx2/tg3: BUG: "scheduling while atomic" trying to ifenslave a seco...
David Miller	Re: [patch 01/13] KS8851: Fix ks8851 snl transmit problem
Jeff Garzik	Re: [PATCH] drivers/net: remove network drivers' last few uses of IRQF_SAMPLE_RANDOM
git-commits-head:
Linux Kernel Mailing List	libata: disable ATAPI AN by default
Linux Kernel Mailing List	i915: Don't whine when pci_enable_msi() fails.
Linux Kernel Mailing List	Documentation/timers/hpet_example.c: only build on X86
Linux Kernel Mailing List	ALSA: hda - Enable beep on Realtek codecs with PCI SSID override
Linux Kernel Mailing List	i2c: Fix probing of FSC hardware monitoring chips
openbsd-misc:
Stuart Henderson	Re: Kuro5hin: OpenBSD Founder Theo deRaadt Has Conflict of Interest With AMD
Christian Weisgerber	Re: CARP with a single public IP address
Marco Peereboom	Re: OpenBSD culture?
"RALOVICH, Kristóf"	Re: thinkpad windows refund
Kevin	Re: uvm_mapent_alloc: out of static map entries on 4.3 i386