[Swan-dev] binstats - connection_state() using IKEv1 only defines
Paul Wouters
paul at nohats.ca
Thu Oct 22 23:51:19 UTC 2020
connection_state() is used to go over all connections, whether IKEv1 or IKEv2.
It contains:
if (IS_ISAKMP_ENCRYPTED(st->st_state->kind) &&
lc->phase1 < p1_encrypt)
lc->phase1 = p1_encrypt;
if (IS_ISAKMP_AUTHENTICATED(st->st_state) &&
lc->phase1 < p1_auth)
lc->phase1 = p1_auth;
However, these two IS_ISAMP_ defines only operate on IKEv1 states. This
is most certainly not what is intended.
The p1_encrypt and p1_auth states don't really make sense for IKEv2
anyway.
Note this code is for the "binstats" statistics, which is really
obsoleted for "ipsec whack --globalstatus".
Should we just remove binstats support completely? I feel we should have
done this for libreswan 4.0 anyway.
Paul
More information about the Swan-dev
mailing list