[Swan-commit] Changes to ref refs/heads/master
Paul Wouters
paul at vault.libreswan.fi
Mon Mar 18 15:12:14 UTC 2019
New commits:
commit c2173bbfc95f2d8782787ec87c4dd0c5a51fd9c1
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Mar 18 16:07:17 2019 +0100
pluto: deleting a connection should bring it down first
ipsec auto --down ends up calling terminate_connection()
ipsec auto --delete ends up calling delete_connection()
However, one would expect delete_connection() to do everything
of terminate_connection() plus the actual delete. But it does not.
terminate_connection() does:
- clears POLICY_UP which explains the above bug later in delete_state()
- calls flush_pending_by_connection();
- if IKE SA is shared, delete_state with serial from c->newest_ipsec_sa
- if IKE SA not shared, call delete_states_by_connection()
delete_connection() does:
- if connection is an instance,
- free lease
- call release_connection()
- if a CK_GROUP, delete group
- remove connection from connections list
- cleanup hostpair
- free up memory of connection
- handle c->spd routing stuff
--delete would trigger the "revive connection" code bcause only --down would
remove the POLICY_UP from the connection.
commit 885e89288103058ea01f0d67786c88a61e7dcef2
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Mar 18 14:53:39 2019 +0100
pluto: abort earlier during whack when option name is missing
More information about the Swan-commit
mailing list