[Swan-dev] pluto: When Child state fails, don't tear down IKE SA
Andrew Cagney
andrew.cagney at gmail.com
Mon Jul 5 12:56:57 UTC 2021
>
>
> commit 68fb298d059854253e8267680aeee1ee1f3158a3
> Author: Paul Wouters <paul.wouters at aiven.io>
> Date: Sun Jul 4 22:15:51 2021 -0400
>
> pluto: When Child state fails, don't tear down IKE SA
>
> In complete_v2_state_transition() for a child SA state STF_FATAL
> error, don't call delete_ike_family()
>
>
A create child sa transaction can finish in one of three ways:
- ok ...
- fail, the specific sa needs to be deleted but the ike sa remains
- fatal, something bad happened the entire family is dead; thing
INVALID_SYNTAX
https://github.com/libreswan/libreswan/commit/1f72ba5ce87a34bc3140e2e8fcaf843011f6a959
went through and eliminated remaining cases where fail+v2n was returned; it
sounds like we've still got cases where FATAL is being returned.
so this is going in the wrong direction
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan-dev/attachments/20210705/9867135d/attachment.html>
More information about the Swan-dev
mailing list