[Swan-commit] Changes to ref refs/heads/master

Paul Wouters paul at vault.libreswan.fi
Tue Jan 22 05:16:25 EET 2013


New commits:
commit a38479b931dcf4b000a3ba7fe0ead353c9978e17
Author: Paul Wouters <pwouters at redhat.com>
Date:   Mon Jan 21 22:10:32 2013 -0500

    * libipsecconf: policy misuse due to type change from int to lset_t
    
    Some code is still using policy as if it was an int, but it is an lset_t.
    This would cause problems for every policy bit > 31, which up to now was
    only the SAref tracking policy bits:
    
      POLICY_SAREF_TRACK    = LELEM(32), /* Saref tracking via _updown */
      POLICY_SAREF_TRACK_CONNTRACK    = LELEM(33), /* use conntrack optimization */
    
    But I will be adding the IKE fragmentation policy flags, so this
    became an issue in confwrite.c.
    
    The assumption that c->policy is of type int is probably all over the
    code and needs a thorough review.



More information about the Swan-commit mailing list