[Swan-commit] Changes to ref refs/heads/main
Andrew Cagney
cagney at vault.libreswan.fi
Mon Feb 13 19:14:22 EET 2023
New commits:
commit e14d773e7dda9ddc32e8fcaf91c90452e1d33430
Author: Andrew Cagney <cagney at gnu.org>
Date: Mon Feb 13 11:54:04 2023 -0500
groups: drop optimization(?) when remote.host_addr is known
Normally a CK_GROUP is instantiated to CK_TEMPLATE (which is routed)
and then, on demand or on incoming, instantiated to a CK_INSTANCE.
However, when the peer address is known, the CK_GROUP is (or was)
instantiated to CK_INSTANCE. Presumably to avoid the second
instantiation above(?).
This code drops the special case:
- CK_INSTANCE doesn't expect to go UNROUTED -> ROUTED_PROSPECTIVE (it
assumes that is handled by the CK_TEMPLATE it was instantiated from)
where as CK_TEMPLATE and CK_PERMANENT do expect that transition
(group code currently bypasses that, sigh)
- arguably a better fit is CK_PERMENANT (it does expect to be routed
and does not want to be further instantiated) but I suspect that
would create confusion
- this matches sec-label which always start life as a template
commit 66c8231fde282ef0af1e3f038a8d15fbc85851b1
Author: Andrew Cagney <cagney at gnu.org>
Date: Mon Feb 13 11:01:37 2023 -0500
constants: move POLICY_IPSEC_MASK to where its params are defined
commit 166a7a6406e54cec77a29723bfa733f6ac8c4fc3
Author: Andrew Cagney <cagney at gnu.org>
Date: Mon Feb 13 11:00:47 2023 -0500
ikev2: delete IKEv1 specific passert() in ikev2_replace()
More information about the Swan-commit
mailing list