[Swan-dev] [PATCH libreswan v2 1/3] kernel_netlink: Detect netlink SA failures

Paul Wouters paul at nohats.ca
Thu Aug 3 19:06:11 UTC 2017

On Wed, 2 Aug 2017, ilant at mellanox.com wrote:

> If the kernel responds with an error to NEWSA or DELSA,
> current code disregards this.
> Detect failures and return a proper value to the caller.
> This is required for nic-offload-fallback to work.

So I talked to Hugh. While he cleaned up the code, the original
asumptions were already in the code, and he just left them there.

So we'll go ahead and remove the check by applying this patch, as no
one seems to understand why it was there to begin with. Possibly very
early XFRM code required this for a reason since lost in history.


More information about the Swan-dev mailing list