New commits:
commit e9895349ac2c985930e59ab8c10dab148fe824ae
Author: Paul Wouters <[email protected]>
Date: Sat Apr 11 19:43:14 2015 -0400
pluto: don't use an expired reserved kernel SPI as fallback [Herbert Xu]
When IKE negotiation from kernel SA SPI reservation would
exceeded the default /proc/sys/net/core/xfrm_acq_expires timer of
30 seconds, the kernel would return an error when we update the SA.
A workaround was added to change the "update SA" into an "add SA",
but this is wrong, as it will use a SPI that is no longer guaranteed
to be unique by the kernel. This workaround was in commit 70566d650
Instead, return the failure, but log a message indicated what happened
with a hint that the system could increase the timer in
/proc/sys/net/core/xfrm_acq_expires
_______________________________________________
Swan-commit mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-commit
