[Swan-commit] Changes to ref refs/heads/main
Andrew Cagney
cagney at vault.libreswan.fi
Thu May 27 14:35:26 UTC 2021
New commits:
commit db83e16a2c2ff9fa273db717ef992ab9510614d3
Author: Andrew Cagney <cagney at gnu.org>
Date: Thu May 27 10:32:37 2021 -0400
ikev2: add no-child IKE_AUTH responder state transition
Unless --impair omit-first-child is specified it rejects the
childless request. Long term this code path can be dropped.
commit f573bee5b1061a44597b56fcc453b93559693074
Author: Andrew Cagney <cagney at gnu.org>
Date: Thu May 27 09:49:42 2021 -0400
ikev2: when --impair omit-first-child, don't add the connection to the pending queue
... and when there's no pending connection don't use the IKE's connection
and don't create a child. In theory !HAS_IPSEC_POLICY() can also trigger
this code path.
Also fixes a whack-hang because the pending connection had whack open
(no pending connection, no open whack).
Remove: no pending CHILD SAs found for ... Reauthentication so use the original policy
Re-authentication should be adding a pending child.
commit 560ef481bd5b148db7354682aec21cc0925f99d4
Author: Andrew Cagney <cagney at gnu.org>
Date: Thu May 27 09:30:35 2021 -0400
logging: add log_sa(FLAGS, {ike,child}, ...); short of log_state(FLAGS, &{ike,child}->sa, ...)
More information about the Swan-commit
mailing list