[Swan-commit] Changes to ref refs/heads/main
Andrew Cagney
cagney at vault.libreswan.fi
Mon Mar 1 21:49:32 UTC 2021
New commits:
commit 1285bb28dbc479da976a49a90faa02afb0b75e34
Author: Andrew Cagney <cagney at gnu.org>
Date: Mon Mar 1 13:24:41 2021 -0500
sec-label: skip traffic selectors with unexpected sec-labels
To reject a TS containing a sec_label when is_seclabel_required=false,
the condition:
is_seclabel_required != (selected_sec_label != NULL)
needs score_ends_seclabel() to return a non-NULL. But that relies on
se_label_match(sec_label, empty_chunk) returning true. Hmm:
- add .contains_sec_label to struct traffic selectors
- change score_ends_seclabel() to return a tri-value:
- NULL: there is no sec-label and no sec-label was expected
(the alternative is to deal with this case at the call sites)
- &empty_chunk: something is wrong
- &ts.sec_label: the label was found and accepted
More information about the Swan-commit
mailing list