[Swan-dev] labeled TS don't search for a connection ?
Paul Wouters
paul at nohats.ca
Wed Feb 21 04:16:24 EET 2024
I see this commit:
commit f198add4b08640d1b67aef19168998070b65b725
Author: Andrew Cagney <cagney at gnu.org>
Date: Tue Feb 20 20:25:33 2024 -0500
ikev2: when responding to labeled TS don't search for a connection
only possible match is the IKE SAs (note that at this point
the Child SA is sharing the IKE SAs connection).
I am confused by this? There could me multiple connections with different
labels that end up sharing an IKE SA ? eg:
conn labeled-1
also=west-east
type=transport
policy-label=system_u:object_r:ipsec_spd_t:s0
conn labeled-2
also=west-east
type=transport
policy-label=system_u:object_r:TOP_SECRET:s0
Paul
More information about the Swan-dev
mailing list