[Swan-commit] Changes to ref refs/heads/master
Paul Wouters
paul at vault.libreswan.fi
Thu Sep 20 19:25:55 UTC 2018
New commits:
commit d3ea4fe9ec94f2ff511d16080a9b87744ccafc46
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Sep 20 15:25:42 2018 -0400
documentation: updated CHANGES
commit 930e8b24016dee770a118eaa5e299e72c6cdfd5a
Author: Tijs Van Buggenhout <tijs.van.buggenhout at vasco.com>
Date: Thu Sep 20 15:20:39 2018 -0400
XFRM: Ensure IPsec SA marks are included in netlink delete operations
The ERO_DELETE message is requested with esa type ET_INT, but the new
(shunt) spi has value of 0. Therefore the policy changes from
IPSEC_POLICY_IPSEC to IPSEC_POLICY_DISCARD, for which the SA MARKS were
not included. This resulted in following log error messages:
15:14:22 pluto[22043] "rsa_test-rsa": ERROR: netlink XFRM_MSG_DELPOLICY
response for flow eroute_connection delete included errno 2: No such
file or directory
$ ip xfrm policy li
src 172.16.0.2/32 dst 172.16.0.1/32
dir out priority 1040351
mark 0x1/0xffffffff
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 0 mode transport
...
When including the SA marks in the delete operation, the job succeeds
without errors.
Signed-off-by: Paul Wouters <pwouters at redhat.com>
commit 77051e46afb90e548afc227f6a87bd16465b22ec
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Sep 20 15:19:08 2018 -0400
testing: netkey-pluto-01 test that deleting marked tunnels works properly
More information about the Swan-commit
mailing list