Hi Ryan, > The 3rd to last argument to "add_sa" is the "update" flag, but the kernel > interface specifies this as the "inbound" flag.
The logic is actually correct, because "inbound" SAs must be installed as "update" operation in most backends. For inbound SAs, an SPI has been previously allocated, and the Netlink and PF_KEY interfaces expect an "update" instead of an "add" operation for that SA. I agree that it makes sense to just pass the inbound flag and let the kernel backend decide what is required to do. This has been changed some time ago in the master branch with [1]. Regards Martin [1]http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=698ed656 _______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
