[Swan-commit] Changes to ref refs/heads/main

Paul Wouters paul at vault.libreswan.fi
Mon Jan 4 04:00:34 UTC 2021

New commits:
commit adcbb7bcba5db257c43cf1185e0b98a54c0554b5
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sun Jan 3 23:00:11 2021 -0500

    testing: update for status output change policy_label: -> sec_label:

commit 693029b689f1bf4d9223f42a1479bcf38a019620
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sun Jan 3 22:54:34 2021 -0500

    pluto: Labeled IPsec re-implementation for IKEv1
    This commit removes passing struct xfrm_user_sec_ctx_ike *uctx everywhere
    and keeps the IPsec Security Label a NULL terminated string until
    the very end when the kernel.c / kernel_xfrm.c routines translate
    it to a struct xfrm_user_sec_ctx to pass into XFRM via NETLINK.
    This is the first part of migrating the IPsec Security Label into
    struct end so it can be passed around like all other traffic selector
    Note that it seems newer kernels add a NUL to the policy label, so
    the label is mismatched between ip xfrm state and ip xfrm policy,
    causing acquires to fire upon using the IPsec SA. But this was already
    happening before this change and needs to be investigated separately.

More information about the Swan-commit mailing list