[Swan-dev] [PATCH libreswan] Add support for IPSec HW-offload on the NIC
Paul Wouters
paul at nohats.ca
Sat Jul 8 11:44:57 UTC 2017
On Wed, 5 Jul 2017, Ilan Tayari wrote:
> I figured out why pluto doesn't complain about NEWSA failure...
>
> This line
> https://github.com/libreswan/libreswan/blob/master/programs/pluto/kernel_netlink.c#L474
>
> quiets it because the expected response is NLMSG_NOOP.
>
> Do you know why this condition is so? If I remove the NOOP condition then
> it complains properly about failure to add:
>
> "myconn" #2: ERROR: netlink response for Add SA esp.fc8faa72 at 192.168.7.1 included errno 22: Invalid argument
I checked and it seems Hugh made that change in commit id cff15f8d:
+ netlink_errno = -rsp.u.e.error;
+ if (rsp.n.nlmsg_type != expected_resp_type && rsp.n.nlmsg_type == NLMSG_ERROR) {
+ if (rsp.u.e.error != 0 && expected_resp_type != NLMSG_NOOP) {
Hugh: did you mean:
if (rsp.u.e.error != 0 || expected_resp_type != NLMSG_NOOP) {
Although it seems just leaving out the 2nd condition makes more sense to
me?
Paul
More information about the Swan-dev
mailing list