[Swan-commit] Changes to ref refs/heads/main

Andrew Cagney cagney at vault.libreswan.fi
Wed Jan 24 04:11:58 EET 2024

New commits:
commit 4737f02161a0b65a4be945f6e2ba4c833e259092
Author: Andrew Cagney <cagney at gnu.org>
Date:   Tue Jan 23 17:34:49 2024 -0500

    replace: document how code uses POLICY=LEMPTY to skip child
    I can only hope this is deliberate.
    When an IKE (ISAKMP) SA is being replaced it passes POLICY=LEMPTY
    into the initiate code.  The initiate code then, since LEMPTY has
    no IPSEC Policy skips putting the connection on the Child SA
    pending queue.
    For IKEv2, the revival code kicks in and puts the Child SA
    onto pending (see ikev2-child-ipsec-replace-ike).
    BTW, the code originally used st->st_policy&~IPSEC_POLICY_MASK
    but that can be reduced to LEMPTY.

commit 5d2f4271b7e1da15c49d3000d2b8b2a0dbac8f1a
Author: Andrew Cagney <cagney at gnu.org>
Date:   Tue Jan 23 20:43:18 2024 -0500

    includes: replace HAS_IPSEC_POLICY() with != LEMPTY

More information about the Swan-commit mailing list