[Swan-commit] Changes to ref refs/heads/main

Andrew Cagney cagney at vault.libreswan.fi
Mon Mar 1 21:49:32 UTC 2021

New commits:
commit 1285bb28dbc479da976a49a90faa02afb0b75e34
Author: Andrew Cagney <cagney at gnu.org>
Date:   Mon Mar 1 13:24:41 2021 -0500

    sec-label: skip traffic selectors with unexpected sec-labels
    To reject a TS containing a sec_label when is_seclabel_required=false,
    the condition:
    	is_seclabel_required != (selected_sec_label != NULL)
    needs score_ends_seclabel() to return a non-NULL.  But that relies on
    se_label_match(sec_label, empty_chunk) returning true.  Hmm:
    - add .contains_sec_label to struct traffic selectors
    - change score_ends_seclabel() to return a tri-value:
      - NULL: there is no sec-label and no sec-label was expected
        (the alternative is to deal with this case at the call sites)
      - &empty_chunk: something is wrong
      - &ts.sec_label: the label was found and accepted

More information about the Swan-commit mailing list