[Swan-dev] questions about find_next_v2_host_connection
Andrew Cagney
andrew.cagney at gmail.com
Wed Dec 22 21:32:46 EET 2021
On Sun, 19 Dec 2021 at 21:42, Andrew Cagney <andrew.cagney at gmail.com> wrote:
>
> > > ================
> > >
> > > if (peer_id != NULL && !same_id(peer_id, &c->spd.that.id) &&
> > > (c->spd.that.id.kind != ID_FROMCERT && !id_is_any(&c->spd.that.id))) {
> > > continue; /* incompatible ID */
> > > }
>
> More coffee. I think this and the peer_id parameter should be deleted.
> - the IKE_SA_INIT passes peer_id==NULL
> - IKE_AUTH already does too much ID magic in too many places, above is
> a distraction
> - Child SA, is same
Too much coffee (is this like too cold to go to the mall?).
I tossed a heap of the host-pair code including what was a problem
here. For instance, it turns out that IKEv2 was trying to match an ID
that wasn't there (which, fortunately, ment it was NULL). The
recursion has also gone.
More information about the Swan-dev
mailing list