[Swan-dev] 5b695243d ikev2-xfrmi-01 is bad idea
Paul Wouters
paul at nohats.ca
Fri Feb 28 16:10:27 UTC 2020
On Fri, 28 Feb 2020, Antony Antony wrote:
> 5b695243d is a bad idea.
the idea is good. The implementation was broken indeed.
> ipsec-interface=no is the default. We should not add default in the test
> case.
Yes we should put it in at least one test, because it was _broken_ when you
specified it. See:
commit 0172defc05069e1ab1129b7915b984ebd9a168ea
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Feb 26 23:31:35 2020 -0500
addconn: don't assert on ipsec-interface=no
This is due to this keyword being a strange mix of loose enum (yes/no)
and a number. This causes a config file with ipsec-interface=no to
produce:
addconn: /source/lib/libipsecconf/keywords.c:828: parser_loose_enum: Assertion `kev->value != 0' failed.
Skip the assertion when we are checking "ipsec-interface".
> Also in this specific case it cause error and test fails. Clearly after the
> commit this can't pass.
Yes. I did mention before I hate re-using ipsec.conf across different hosts :)
I fixed it differently.
Speaking of that test case, why is priority=3 there? It screws up with
our automated sa_priority calculations. The description.txt and the
ipsec.conf do not explain why it is there. I have no idea why it is
there. The test passes with and without priority=3.
Paul
More information about the Swan-dev
mailing list