[Swan-dev] ikev2: use struct child_sa in ikev2_rekey_child_copy_ts(); failure isn't a real option
Andrew Cagney
andrew.cagney at gmail.com
Tue Jun 4 16:21:39 UTC 2019
On Mon, 3 Jun 2019 at 20:50, D. Hugh Redelmeier <hugh at mimosa.com> wrote:
>
> | commit 1078374fd4fba79bb0ba5e9aa1751b2f021a1be8
> | Author: Andrew Cagney <cagney at gnu.org>
> | Date: Mon Jun 3 10:04:03 2019 -0400
> |
> | ikev2: use struct child_sa in ikev2_rekey_child_copy_ts(); failure isn't a real option
> |
> | Only call when rekeying. Replace MD parameter with CHILD. Return
> | bool. Use (new) child_sa_by_serialno() to find the old CHILD.
> | pexpect(old CHILD) since there not being one is a screw up
> | (resolves ???).
>
> The ??? resolved was on code where we generated a broken notify:
>
> - /* ??? RFC 7296 3.10: this notify requires protocol and SPI! */
>
> Does that mean that we can re-install the pexpects in the notify emitting
> code that ensured protocol and SPI were present in exactly those
> notifications that require it?
I have my doubts - the code is still littered with STF_FAIL+v2N+... returns.
> The pexpect was introduced in b858f9398aa5e9552b345ecea11f970774e7a8b6
> and replaced in 1897df99170a99f1d4ddef4d47689cb67488d4b4
> _______________________________________________
> Swan-dev mailing list
> Swan-dev at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan-dev
More information about the Swan-dev
mailing list