[Swan-commit] Changes to ref refs/heads/main
Andrew Cagney
cagney at vault.libreswan.fi
Wed Sep 6 15:51:37 EEST 2023
New commits:
commit 37c0ed21f64540fb6f1d4048aad081f247c8c07e
Author: Andrew Cagney <cagney at gnu.org>
Date: Wed Sep 6 08:35:07 2023 -0400
routing: always dispatch ESTABLISH_{INBOUND,OUTBOUND}
- for Labeled IPsec this means that labeled-child connections
transition into/out-of unrouted-tunnel
- for rekeys this means that for {UN,}ROUTED_TUNNEL both
the inbound and outbound SAs are re-established
- also drop more IKEv1 Labeled IPsec transitions
Keep in mind that this code path is still inverted (and probably
will remain that way for some time). Instead of:
state code -> all kernel state/policy code -> dispatch()
it should be:
state code -> dispatch() -> just needed kernel state/policy
(since the dispatch code knows the current routing state it
knows just what needs to be done next).
It turned out that "labeled ipsec: route/unroute labeled children"
fixed more bugs than expected.
More information about the Swan-commit
mailing list