[Swan-dev] 5b695243d ikev2-xfrmi-01 is bad idea

Paul Wouters paul at nohats.ca
Fri Feb 28 16:10:27 UTC 2020

On Fri, 28 Feb 2020, Antony Antony wrote:

> 5b695243d is a bad idea.

the idea is good. The implementation was broken indeed.

> ipsec-interface=no is the default.  We should not add default in the test
> case.

Yes we should put it in at least one test, because it was _broken_ when you
specified it. See:

commit 0172defc05069e1ab1129b7915b984ebd9a168ea
Author: Paul Wouters <pwouters at redhat.com>
Date:   Wed Feb 26 23:31:35 2020 -0500

     addconn: don't assert on ipsec-interface=no

     This is due to this keyword being a strange mix of loose enum (yes/no)
     and a number. This causes a config file with ipsec-interface=no to

             addconn: /source/lib/libipsecconf/keywords.c:828: parser_loose_enum: Assertion `kev->value != 0' failed.

     Skip the assertion when we are checking "ipsec-interface".

> Also in this specific case it cause error and test fails. Clearly after the
> commit this can't  pass.

Yes. I did mention before I hate re-using ipsec.conf across different hosts :)
I fixed it differently.

Speaking of that test case, why is priority=3 there? It screws up with
our automated sa_priority calculations. The description.txt and the
ipsec.conf do not explain why it is there. I have no idea why it is
there. The test passes with and without priority=3.


More information about the Swan-dev mailing list