New commits:
commit db83e16a2c2ff9fa273db717ef992ab9510614d3
Author: Andrew Cagney <[email protected]>
Date: Thu May 27 10:32:37 2021 -0400
ikev2: add no-child IKE_AUTH responder state transition
Unless --impair omit-first-child is specified it rejects the
childless request. Long term this code path can be dropped.
commit f573bee5b1061a44597b56fcc453b93559693074
Author: Andrew Cagney <[email protected]>
Date: Thu May 27 09:49:42 2021 -0400
ikev2: when --impair omit-first-child, don't add the connection to the
pending queue
... and when there's no pending connection don't use the IKE's connection
and don't create a child. In theory !HAS_IPSEC_POLICY() can also trigger
this code path.
Also fixes a whack-hang because the pending connection had whack open
(no pending connection, no open whack).
Remove: no pending CHILD SAs found for ... Reauthentication so use the
original policy
Re-authentication should be adding a pending child.
commit 560ef481bd5b148db7354682aec21cc0925f99d4
Author: Andrew Cagney <[email protected]>
Date: Thu May 27 09:30:35 2021 -0400
logging: add log_sa(FLAGS, {ike,child}, ...); short of log_state(FLAGS,
&{ike,child}->sa, ...)
_______________________________________________
Swan-commit mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-commit
