New commits:
commit 79adff7e33da67c75f481b4c4a5d11d630cdc49c
Author: Andrew Cagney <[email protected]>
Date: Mon May 2 15:19:13 2022 -0400
ikev2: when logging a CREATE_CHILD_SA transition, don't assume there's a
child
The transition is tied to the IKE SA and that succeeds even when
the actual child fails.
strange but true
fix #704 part 2
commit 732622cecfbafabda4c6f9d3ba62063031795166
Author: Andrew Cagney <[email protected]>
Date: Mon May 2 13:07:31 2022 -0400
ikev2: don't clear .st_viable_parent until the IKE SA rekey exchange is
initiated
Was being cleared as part of submitting the crypto job. This would lead to
the race:
- rekeying Child SA submits crypto
- rekeying IKE SA submits crypto; .st_viable_parent cleared
- rekeying Child SA tries to initiate exchange; can't as viable parent isn't
i.e., don't block
Fix #704 part 1
commit 72a572275c43120c0391a4348da418190fdf0be3
Author: Andrew Cagney <[email protected]>
Date: Mon May 2 13:26:00 2022 -0400
ikev2: only pass the IKE SA to the state transition success logger
i.e., drop second "st" parameter
Now that all state transitions are tied to the IKE SA.
_______________________________________________
Swan-commit mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-commit
