[Swan-commit] Changes to ref refs/heads/main

Andrew Cagney cagney at vault.libreswan.fi
Thu Apr 7 15:45:36 EEST 2022 

New commits:
commit 6981c796a99cca03f8f12ade5ffe42e98204d0f0
Merge: d9574f54de 57de4ec98e
Author: Andrew Cagney <cagney at gnu.org>
Date:   Thu Apr 7 08:28:18 2022 -0400

    kernel: eliminate double raw_policy() calls in teardown_ipsec_sa()
    
    teardown_ipsec_sa() could end up calling raw_policy() to update/delete
    inbound and outbound kernel policies via one or more of:
      - unroute_connection() calling bare_policy_op()
      - directly calling bare_policy_op()
      - teardown_half_ipsec_sa()
    For instance, when tearing down an instance, unroute_connection()
    would delete inbound and outbound, followed by teardown_half_ipsec_sa()
    re-deleting inbound.
    
    The code's been changed so that teardown_ipsec_sa() calls
    teardown_kernel_policy() and that update or deletes outbound,
    and always deletes inbound.
    
    (technical nit, raw_policy() still changes behavour - deleting instead
    replacing a kernel policy based on shunt; it shouldn't).
    
    Should fix problems such as #612.
    
    Merge commit '57de4ec98ec052e9fa14a18200a857261325116b'

commit 57de4ec98ec052e9fa14a18200a857261325116b
Author: Andrew Cagney <cagney at gnu.org>
Date:   Thu Apr 7 08:25:46 2022 -0400

    kernel: factor out teardown_kernel_policies()
    
    unlike bare_policy_op() this doesn't try to be smart

commit 66e218dfacc687a04532dd404fd560029dbb8e92
Author: Andrew Cagney <cagney at gnu.org>
Date:   Wed Apr 6 19:19:21 2022 -0400

    kernel: in teardown_ipsec_sa(), set policy.host.{src,dst} to client.unspec
    
    The updated kernel policy, which is transport mode, needs the
    host/client to have the same family, so use client's family's unspec
    address.

commit 4c0900ca142917cd0513c63326a064cab2b30231
Author: Andrew Cagney <cagney at gnu.org>
Date:   Wed Apr 6 13:04:20 2022 -0400

    kernel: cleanup teardown_ipsec_sa()
    
    - drop the redundant .routing update
    - use sr, rather than st->st_connection->spd

commit c3f00dd95990e5e3b9037590b1decd51a17abc73
Author: Andrew Cagney <cagney at gnu.org>
Date:   Tue Apr 5 17:52:39 2022 -0400

    kernel: in teardown_ipsec_sa() drop redundant raw_policy() call

commit d2ef5bd7cdaacd5e799ed951d984183195a57254
Author: Andrew Cagney <cagney at gnu.org>
Date:   Tue Apr 5 14:53:02 2022 -0400

    kernel: in teardown_ipsec_sa() move "unconditional" delete incoming policy to earlier
    
    Put a copy of the call on all three (uneclipse, instance, other)
    code paths.  Makes it obvious that the instance codepath is
    "deleting" incoming policy twice (the first delete gets
    turned into an add by raw_policy, ulgh).

commit 1a584a976864eb33f7906ac052573b9f686fee25
Author: Andrew Cagney <cagney at gnu.org>
Date:   Tue Apr 5 12:16:19 2022 -0400

    kernel: in teardown_ipsec_sa() simplify replace code path
    
    The replace code path never deletes incoming kernel policy
    (it happens later).

commit e03ff8e0b1610aee36f8527405c7c798cc124e16
Author: Andrew Cagney <cagney at gnu.org>
Date:   Tue Apr 5 11:25:49 2022 -0400

    kernel: in teardown_ipsec_sa(), and a trap connection, call raw_policy() directly
    
    Just note the pexpect()s sprinkled across this code showing
    that this specific code path never deletes.

commit b8836dac1333b8a88a3d326dec8add96ec0db1f1
Author: Andrew Cagney <cagney at gnu.org>
Date:   Tue Apr 5 09:57:30 2022 -0400

    kernel: in teardown_ipsec_sa(), when connection instance, call raw_policy() directly
    
    notice how there are two calls + a third later in the function

commit 446f5ac36bc9685dd680cd79a98254da3a7d0905
Author: Andrew Cagney <cagney at gnu.org>
Date:   Tue Apr 5 09:38:53 2022 -0400

    kernel: in teardown_ipsec_sa(), for eclipsed connection, call raw_policy() directly

commit fb6b34045c94262a45e415240a57324d30e6641b
Author: Andrew Cagney <cagney at gnu.org>
Date:   Mon Apr 4 17:12:39 2022 -0400

    kernel: inline unroute_connection() calls in teardown_ipsec_sa()

commit d0651bafaf5743117ffb607cd757f9f751cadaf2
Author: Andrew Cagney <cagney at gnu.org>
Date:   Sun Apr 3 11:14:43 2022 -0400

    kernel: dump changes to .routing and .eroute_owner

commit 3ad1cdecefbb14b912c39aa8b5390f13a3e43b1d
Author: Andrew Cagney <cagney at gnu.org>
Date:   Thu Mar 31 16:01:51 2022 -0400

    kernel: dump more details when tearing down an SA

More information about the Swan-commit mailing list