[Swan-commit] Changes to ref refs/heads/main
Paul Wouters
paul at vault.libreswan.fi
Mon Jan 4 04:00:34 UTC 2021
New commits:
commit adcbb7bcba5db257c43cf1185e0b98a54c0554b5
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Jan 3 23:00:11 2021 -0500
testing: update for status output change policy_label: -> sec_label:
commit 693029b689f1bf4d9223f42a1479bcf38a019620
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Jan 3 22:54:34 2021 -0500
pluto: Labeled IPsec re-implementation for IKEv1
This commit removes passing struct xfrm_user_sec_ctx_ike *uctx everywhere
and keeps the IPsec Security Label a NULL terminated string until
the very end when the kernel.c / kernel_xfrm.c routines translate
it to a struct xfrm_user_sec_ctx to pass into XFRM via NETLINK.
This is the first part of migrating the IPsec Security Label into
struct end so it can be passed around like all other traffic selector
parts.
Note that it seems newer kernels add a NUL to the policy label, so
the label is mismatched between ip xfrm state and ip xfrm policy,
causing acquires to fire upon using the IPsec SA. But this was already
happening before this change and needs to be investigated separately.
More information about the Swan-commit
mailing list