[Swan-commit] Changes to ref refs/heads/master
Paul Wouters
paul at vault.libreswan.fi
Wed Dec 18 04:43:42 UTC 2019
New commits:
commit 785d1f2317f26574023f4648e4eccf78b4970b59
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Dec 17 23:38:26 2019 -0500
testing: massive fixup for new IPsec SA priorities in ip xfrm output
See previous commit for details.
commit 854e64f92c672786819ecb806ce5929bb8bdf37e
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Dec 17 23:39:36 2019 -0500
pluto: Fix up IPsec SA priority calculation for longest prefix matching
- Transport mode template and instance got the same number, causing
conflicts.
- a /32 template and /32 instance would get the same number, potentially
causing conflicts (but we handle that situation seperately already)
This fixes Opportunistic Encryption using transport mode ipsec, such
as tested in newoe-09-mutual-transport. The actual failure might be
kernel version specific but surely was failing on 5.x kernels.
More information about the Swan-commit
mailing list