[Swan-commit] Changes to ref refs/heads/main
Andrew Cagney
cagney at vault.libreswan.fi
Wed Jan 24 04:11:58 EET 2024
New commits:
commit 4737f02161a0b65a4be945f6e2ba4c833e259092
Author: Andrew Cagney <cagney at gnu.org>
Date: Tue Jan 23 17:34:49 2024 -0500
replace: document how code uses POLICY=LEMPTY to skip child
I can only hope this is deliberate.
When an IKE (ISAKMP) SA is being replaced it passes POLICY=LEMPTY
into the initiate code. The initiate code then, since LEMPTY has
no IPSEC Policy skips putting the connection on the Child SA
pending queue.
For IKEv2, the revival code kicks in and puts the Child SA
onto pending (see ikev2-child-ipsec-replace-ike).
BTW, the code originally used st->st_policy&~IPSEC_POLICY_MASK
but that can be reduced to LEMPTY.
commit 5d2f4271b7e1da15c49d3000d2b8b2a0dbac8f1a
Author: Andrew Cagney <cagney at gnu.org>
Date: Tue Jan 23 20:43:18 2024 -0500
includes: replace HAS_IPSEC_POLICY() with != LEMPTY
More information about the Swan-commit
mailing list