[Swan-dev] binstats - connection_state() using IKEv1 only defines

[Paul Wouters]

connection_state() is used to go over all connections, whether IKEv1 or IKEv2.

It contains:

                         if (IS_ISAKMP_ENCRYPTED(st->st_state->kind) &&
                             lc->phase1 < p1_encrypt)
                                 lc->phase1 = p1_encrypt;
                         if (IS_ISAKMP_AUTHENTICATED(st->st_state) &&
                             lc->phase1 < p1_auth)
                                 lc->phase1 = p1_auth;

However, these two IS_ISAMP_ defines only operate on IKEv1 states. This
is most certainly not what is intended.

The p1_encrypt and p1_auth states don't really make sense for IKEv2
anyway.

Note this code is for the "binstats" statistics, which is really
obsoleted for "ipsec whack --globalstatus".


Should we just remove binstats support completely? I feel we should have
done this for libreswan 4.0 anyway.

Paul