Ah ok. That makes sense, thanks Martin. /Ryan
On Fri, Mar 6, 2015 at 8:22 AM, Martin Willi <[email protected]> wrote: > Hi Ryan, > > > The 3rd to last argument to "add_sa" is the "update" flag, but the kernel > > interface specifies this as the "inbound" flag. > > The logic is actually correct, because "inbound" SAs must be installed > as "update" operation in most backends. For inbound SAs, an SPI has been > previously allocated, and the Netlink and PF_KEY interfaces expect an > "update" instead of an "add" operation for that SA. > > I agree that it makes sense to just pass the inbound flag and let the > kernel backend decide what is required to do. This has been changed some > time ago in the master branch with [1]. > > Regards > Martin > > [1]http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=698ed656 > >
_______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
