[Swan-commit] Changes to ref refs/heads/main
Andrew Cagney
cagney at vault.libreswan.fi
Mon May 2 22:24:56 EEST 2022
New commits:
commit 79adff7e33da67c75f481b4c4a5d11d630cdc49c
Author: Andrew Cagney <cagney at gnu.org>
Date: Mon May 2 15:19:13 2022 -0400
ikev2: when logging a CREATE_CHILD_SA transition, don't assume there's a child
The transition is tied to the IKE SA and that succeeds even when
the actual child fails.
strange but true
fix #704 part 2
commit 732622cecfbafabda4c6f9d3ba62063031795166
Author: Andrew Cagney <cagney at gnu.org>
Date: Mon May 2 13:07:31 2022 -0400
ikev2: don't clear .st_viable_parent until the IKE SA rekey exchange is initiated
Was being cleared as part of submitting the crypto job. This would lead to the race:
- rekeying Child SA submits crypto
- rekeying IKE SA submits crypto; .st_viable_parent cleared
- rekeying Child SA tries to initiate exchange; can't as viable parent isn't
i.e., don't block
Fix #704 part 1
commit 72a572275c43120c0391a4348da418190fdf0be3
Author: Andrew Cagney <cagney at gnu.org>
Date: Mon May 2 13:26:00 2022 -0400
ikev2: only pass the IKE SA to the state transition success logger
i.e., drop second "st" parameter
Now that all state transitions are tied to the IKE SA.
More information about the Swan-commit
mailing list