New commits:
commit 714750f454f6a1b3050f4fdf0e2d6376feb52277
Merge: 9345589dbb c194e1a2db
Author: Andrew Cagney <[email protected]>
Date: Wed Jul 23 11:18:09 2025 -0400
Merge ikev2: delete on-demand IKE SA when Child SA fails
since there's no +UP reason to remain up; bug would go back to
4.x when Child SA exchanges were re-worked.
close #2358 delete IKE SA when responder rejects on-demand Child SA
close #2357 delete IKE SA when initiator rejects on-demand Child SA response
commit c194e1a2dbccd19657ad240a242e2454c38a2ac4
Author: Andrew Cagney <[email protected]>
Date: Wed Jul 23 11:14:15 2025 -0400
testing: expect on-demand IKE SA to be deleted
... in
ikev2-labeled-ipsec-04-no-label-on-responder-ike-ondemand
newoe-30-shunt-slash24
newoe-30-shunt-slash32
commit b61b3b8d188f81362ec34bd9a4e13eb57b038f1b
Author: Andrew Cagney <[email protected]>
Date: Mon Jul 21 19:53:13 2025 -0400
testing: add newoe-02-whack-wrong-mode-{initiator,responder}
.. where the whack initiated OE Child SA is rejected by the
initiator / responder. Since there's no +UP policy the IKE SA
is deleted.
commit 0dcaf7e40881fdbcb0b282d43c725645d936d854
Author: Andrew Cagney <[email protected]>
Date: Mon Jul 21 19:46:19 2025 -0400
ikev2: delete IKE SA when on-demand Child SA is rejected
Since for on-demand, the connection does not have policy +UP,
there's no point in keeping the IKE SA around.
see #2358 delete IKE SA when responder rejects on-demand Child SA
see #2357 delete IKE SA when initiator rejects on-demand Child SA response
commit 2b458e90778faaf3f60a2ab59dbbe46b21b38a68
Author: Andrew Cagney <[email protected]>
Date: Tue Jul 22 21:50:00 2025 -0400
testing: update rejected child messages
commit 06ad389a65f653ff0ac0f09ce097126f5298df3a
Author: Andrew Cagney <[email protected]>
Date: Tue Jul 22 21:48:09 2025 -0400
ikev2: always return notify from
process_v2_IKE_AUTH_response_child_payloads()
_______________________________________________
Swan-commit mailing list -- [email protected]
To unsubscribe send an email to [email protected]
