[Swan-commit] Changes to ref refs/heads/main

Paul Wouters paul at vault.libreswan.fi
Wed Oct 11 17:46:58 EEST 2023 

New commits:
commit 8851acb5e69f5dab48563e9e845598e12b2a9198
Author: Wolfgang Nothdurft <wolfgang at linogate.de>
Date:   Wed Oct 11 10:41:35 2023 -0400

    pluto: Fix IPCOMP with XFRMi
    
    Resolves: https://github.com/libreswan/libreswan/pull/1325
    
    When using ipcomp with xfrmi the xfrm state for ipcomp is added
    without if_id and mark. The kernel sends XFRM_MSG_ACQUIRE when using
    the connection and the connection is retriggerd on every packet sending
    through the tunnel.
    
    | netlink_get() recvfrom() returned 448 bytes
    | netlink_xfrm_message_processor() got XFRM_MSG_ACQUIRE message with length 448
    | xfrm netlink msg len 448
    | xfrm_user_acquire  id { daddr: xfrm_address_t spi: 0 proto: 6c saddr: struct xfrm_address_t sel: struct xfrm_selector} policy { lft { soft_add_expires_seconds=0 hard_add_expires_seconds=0 soft_use_expires_seconds=0 hard_use_expires_seconds=0} curlft { add_time=>0 use_time=0} } aalgos: 4294967295 ealgos: 4294967295 calgos: 4294967295 seq: 5
    | xfrm acquire rtattribute type 5 ...
    | xfrm_user_tmpl { id: xfrm_id id family: 2 saddr: xfrm_address_t reqid: 16390 mode: 1 share: 0 optional: 0 aalgos: 4294967295 ealgos: 4294967295 calgos: 4294967295}
    | xfrm acquire rtattribute type 16 ...
    | xfrm_userpolicy_type { type: 0}
    | xfrm acquire rtattribute type 31 ...
    | netlink_acquire() ... ignoring unknown xfrm acquire payload type 31
    | find_connection_for_packet() looking for an out-going connection that matches packet 192.0.3.254:8-ICMP->192.0.2.254:0 sec_label=
    | FOR_EACH_CONNECTION_.... in (find_connection_for_packet() +3824 programs/pluto/connections.c)
    |   found "north"
    |     choosing "north" priority 25214988; as first best
    |   matches: 1
    |   concluding with "north" priority 25214988 kind=PERMANENT
    | "north": addref @0x560c00588e68(3->4)  (initiate_ondemand() +135 programs/pluto/acquire.c)
    | "north": no whack to attach
    "north": initiate on-demand for packet 192.0.3.254:8-ICMP->192.0.2.254:0
    
    Signed-off-by: Paul Wouters <paul.wouters at aiven.io>

commit 9bdb8b20408d28ab27fa370e762173efdb812576
Author: Wolfgang Nothdurft <wolfgang at linogate.de>
Date:   Wed Oct 11 10:45:08 2023 -0400

    testing: added ikev2-xfrmi-17-ipcomp
    
    Resolves: https://github.com/libreswan/libreswan/pull/1325
    
    Signed-off-by: Paul Wouters <paul.wouters at aiven.io>

More information about the Swan-commit mailing list