New commits:
commit 5df03b332fa5742d5f86ecb8e7c9ce4545c56bb2
Merge: 3f2dc9e01c 114ce04076
Author: Andrew Cagney <[email protected]>
Date: Fri Jan 9 17:39:37 2026 -0500
Merge updown: disentangle updown loop from SPD(kernel policy) loop
For instance:
for each SPD
- install SPD
- run PREPARE on SPD
- run ROUTE on SPD
- run UP on SPD
becomes:
for each SPD
- install SPD
for each SPD
- run PREPARE on SPD
for each SPD
- run ROUTE on SPD
for each SPD
- run UP on SPD
this sets things up for:
- runing UPDOWN once per-conn and not once per SPD
- skipping UPDOWN steps
close #2563 invoke updown separate to installing kernel state/policy
also remove going nowhere UPDOWN_DISCONNECT_NM
close #2579 time to remove ipsec _updown disconnectNM from pluto
commit 114ce04076d9d6aea6063a9151f692b8baa6e589
Author: Andrew Cagney <[email protected]>
Date: Fri Jan 9 10:07:21 2026 -0500
updown: delete updown_child_spd(), all code uses updown_child_spds()
commit db99635f80745d46162aac851bbf4ab0a0e77a45
Author: Andrew Cagney <[email protected]>
Date: Fri Jan 9 10:05:33 2026 -0500
updown: drop UPDOWN_DISCONNECT_NM
support in updown script was removed in v3.16
see #2579 time to remove ipsec _updown disconnectNM from pluto
commit 93461a9634010deb578f8fcca770764d0476892f
Author: Andrew Cagney <[email protected]>
Date: Fri Jan 9 09:31:06 2026 -0500
updown: in install_outbound_ipsec_kernel_policies() call updown_child_spds()
and hack updown_child_spds() so it can skip non-UP
commit 924c62eb12fb40a43c54704643014df9750c8b92
Author: Andrew Cagney <[email protected]>
Date: Thu Jan 8 17:03:43 2026 -0500
updown: move updown_child_spd(DOWN) out of revert_kernel_policy()
... to install_outbound_ipsec_kernel_policies()'s failure path
since that's the code path running UPDOWN_UP and setting the
.wip.installed.up bit.
note: there's also a call to revert_kernel_policy()
in unrouted_to_routed() but that only runs UPDOWN_ROUTE
(it never runs UPDOWN_UP and/or sets the .wip.installed.up bit)
commit dcd28b0ff30a359be03154ead11d4bb370462616
Author: Andrew Cagney <[email protected]>
Date: Thu Jan 8 16:52:32 2026 -0500
updown: in install_outbound_ipsec_kernel_policies() use updown_child_spds()
for PREPARE, ROUTE, and UP. replaces loop of updown_child_spd() calls
commit 6c19fe8d11d27579ab1ee860a846208f7c68f29c
Author: Andrew Cagney <[email protected]>
Date: Wed Jan 7 16:02:43 2026 -0500
updown: pass struct updown_config into updown_child_spds()
.return_error when iterator should abort immediately
.skip_wip_conflicting_owner_bare_route when conflicts should skipped
existing calls all pass in false for both
commit 83cd1e298f944d689540fe22bad91b9c08c7befc
Author: Andrew Cagney <[email protected]>
Date: Wed Jan 7 15:09:48 2026 -0500
testing: expect prepare, then route, then up for all selector pairs
instead of prepare+route+up per selector pair
commit b386c79b957ab3c2dca20a758064f207cba2a551
Author: Andrew Cagney <[email protected]>
Date: Wed Jan 7 13:42:37 2026 -0500
routing: run updown prepare, route, up after installing all kernel policies
instead of doing it incrementally
commit deb8a96b544a108b846b21baaf312073b1b631d4
Author: Andrew Cagney <[email protected]>
Date: Tue Jan 6 10:20:35 2026 -0500
routing: compute SPD conflicts before installing policy
... as a separate pass
commit d4c34a7aaa21b9b65d61edd81f507d1ded93930d
Author: Andrew Cagney <[email protected]>
Date: Thu Jan 1 11:07:33 2026 -0500
routing: use updown_child_spds(DOWN)
perform operation before loop updating kernel
_______________________________________________
Swan-commit mailing list -- [email protected]
To unsubscribe send an email to [email protected]
