[Swan-commit] Changes to ref refs/heads/main
Andrew Cagney
cagney at vault.libreswan.fi
Sat Mar 2 02:27:17 EET 2024
New commits:
commit 8e9b0b4ee9612bb6b1eb8515e5d1e30e8d22cd28
Author: Andrew Cagney <cagney at gnu.org>
Date: Fri Mar 1 19:14:48 2024 -0500
routing: drop .negotiating_child_sa check skipping IPsec policy
The code was trying to stop a second SA taking over a connection
owned by the first SA. But instead caused kernel policy to be
skipped this is a consequence of the v4-v5 change:
v4: the connection is switched to the Child SA while processing
the IKE_AUTH response
v5: the connection is switched to the Child SA before sending
the IKE_AUTH request
this is so that, when things fail, it is clear which
state should trigger the connection's revival
More information about the Swan-commit
mailing list