New commits:
commit 8e9b0b4ee9612bb6b1eb8515e5d1e30e8d22cd28
Author: Andrew Cagney <[email protected]>
Date: Fri Mar 1 19:14:48 2024 -0500
routing: drop .negotiating_child_sa check skipping IPsec policy
The code was trying to stop a second SA taking over a connection
owned by the first SA. But instead caused kernel policy to be
skipped this is a consequence of the v4-v5 change:
v4: the connection is switched to the Child SA while processing
the IKE_AUTH response
v5: the connection is switched to the Child SA before sending
the IKE_AUTH request
this is so that, when things fail, it is clear which
state should trigger the connection's revival
_______________________________________________
Swan-commit mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-commit
