New commits:
commit 0ebad99bd10871134e205c260fe045484a52eb94
Author: Andrew Cagney <[email protected]>
Date: Fri Dec 6 16:22:57 2024 -0500
iptfs: in add_sec_label_kernel_policy() don't go fishing for a Child SA
Officially bunkem.
With Labeled IPsec, the IKE SA is the one installing kernel
policy and is doing so _before_ there are children. Hence
it can only use parameters from the config file.
This points to a second problem. The kernel should be told
what to install - TUNNEL, TRANSPORT, IPTFS - using the mode
and not using a bonus iptfs bit. See:
pass KERNEL_MODE_IPTFS into kernel, not iptfs=true+tunnel #1964
commit 64be3ec393f449f9c9e64042bba82fac5abc3fd5
Author: Andrew Cagney <[email protected]>
Date: Fri Dec 6 15:55:57 2024 -0500
ip-tfs: pass parameters to kernel by reference
change the iptfs* fields in struct kernel_state to a
reference to struct config_iptfs
qry_xfrm_iptfs_support() updated to match
commit ad10903de48642a83c79ce3cddb26d4ec89bfd99
Author: Andrew Cagney <[email protected]>
Date: Fri Dec 6 14:33:27 2024 -0500
ikev2: don't triple set .st_seen_no_tfc and .st_seen_and_use_iptfs
already handled by:
process_v2_child_{request,response}_payloads()
for .st_seen_and_use_iptfs was setting it based only on
presence of payload, instead use:
accept_v2_notification()
also remove unnecessary check of config .child_sa .iptfs .enabled
in kernel.c (presuably covering above).
commit 5584f6db477854568c2b1f885194247dea185c8d
Author: Andrew Cagney <[email protected]>
Date: Fri Dec 6 16:34:29 2024 -0500
ip-tfs: make enum and field names all consistent with ipsec.conf
For instance
iptfs_pkt_size -> iptfs_packet_size
iptfs_max_qsize -> iptfs_max_queue_size
iptfs_reord_win -> iptfs_reorder_window
_______________________________________________
Swan-commit mailing list -- [email protected]
To unsubscribe send an email to [email protected]
