[Swan-dev] pluto: When Child state fails, don't tear down IKE SA
Paul Wouters
paul at nohats.ca
Mon Jul 5 18:55:32 UTC 2021
On Jul 5, 2021, at 14:46, Andrew Cagney <andrew.cagney at gmail.com> wrote:
>
>
> Again, three possible outcomes requiring three clear status codes:
> > - exchange succeeds; child succeeds STF_OK
> > - exchange succeeds; child fails (ike survives) STF_FAIL
> > - exchange fails, implying that the ike family dies STF_FATAL
> we need a way to differentiate between them, and return accordingly.
I agree for ikev2. Is it possible that we rename these to STFv2_XXX ?
Because re-assigning meaning here might make sense but will really be confusing when looking at the IKEv1 code where this is not true.
We are really changing the meaning here.
Paul
More information about the Swan-dev
mailing list