[Swan-dev] pluto: Always delete outbound SA with inbound SA
Paul Wouters
paul at nohats.ca
Mon Apr 27 04:58:09 EEST 2015
On Tue, 21 Apr 2015, Herbert Xu wrote:
> Subject: Re: [Swan-dev] pluto: Always delete outbound SA with inbound SA
>
> On Mon, Apr 20, 2015 at 09:45:01AM -0400, Paul Wouters wrote:
>>
>> It's on my todo list. I am puzzled by your "Ever since
>> the outbound SA before the inbound SA", and wanted to track that
>> change down first to get more context. I'm thinking the most likely
>> candidate of this is the removal of the loopback code that did
>> horrible things like only install part of an SA to itself.
>
> It was added by
>
> commit f77d044ab9506498d71b266e4495717f677da4d6
Thanks for finding that commit for me. I've updated ipsec_delete_sa() to not
have the bool inbound_only parameter anymore.
Paul
> Author: Michael Richardson <mcr at xelerance.com>
> Date: Wed Feb 22 12:49:49 2006 -0500
>
> this include much refactoring of kernel_pfkey.c code into mast vs klips
> functions. The kernel.c add_sa code now looks at the ref/refhim arguments
> to the kernel_sa, making sure to install outgoing SA before incoming SA
> so that we can refer to outgoing SA as the refhim.
> kernel_mast.c now locates a useful mastXXX device, creating only one
> if we need it
More information about the Swan-dev
mailing list