On Sun, 19 Dec 2021 at 21:42, Andrew Cagney <andrew.cag...@gmail.com> wrote: > > > > ================ > > > > > > if (peer_id != NULL && !same_id(peer_id, &c->spd.that.id) && > > > (c->spd.that.id.kind != ID_FROMCERT && !id_is_any(&c->spd.that.id))) { > > > continue; /* incompatible ID */ > > > } > > More coffee. I think this and the peer_id parameter should be deleted. > - the IKE_SA_INIT passes peer_id==NULL > - IKE_AUTH already does too much ID magic in too many places, above is > a distraction > - Child SA, is same
Too much coffee (is this like too cold to go to the mall?). I tossed a heap of the host-pair code including what was a problem here. For instance, it turns out that IKEv2 was trying to match an ID that wasn't there (which, fortunately, ment it was NULL). The recursion has also gone. _______________________________________________ Swan-dev mailing list Swan-dev@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-dev