[Swan-commit] Changes to ref refs/heads/main
Paul Wouters
paul at vault.libreswan.fi
Wed Apr 21 19:36:52 UTC 2021
New commits:
commit db604e4663f8d854636d6828ec1d1d115a9c3a4c
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Apr 21 15:36:03 2021 -0400
testing: update to labeled ipsec tests
Hopefully, this is the last update in a while :)
commit c2a7b61dcef08445750ed39f3de0c689bf67ab64
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Apr 21 15:34:31 2021 -0400
pluto: if policy label is not set, check neither end has one
It was checking both ends did not have one, so would not catch if
only one end did not have one.
commit 5b78266e737d7a8654aa32b3d97053ce4d436a0a
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Apr 21 15:30:54 2021 -0400
pluto: re-instate sending IPsec labeled on non-acquired initiate
If a connection is started using --up, without a packet trigger,
we have no ACQUIREd policy label to use. Use the configured
"catch all" label in that case. This is required so both ends know
labeled IPsec is required for the connection. If not sent, this
connection cannot be distinguished from a true labeled IPsec
connection (and refused if needed)
The actual policy label on the IPsec SA is never used. The installed
policy will cause ACQUIRES which will trigger another IPsec SA for
the specific subset of policy label (which is matched with polmatch)
More information about the Swan-commit
mailing list