On Tue, 21 Apr 2015, Herbert Xu wrote:
Subject: Re: [Swan-dev] pluto: Always delete outbound SA with inbound SA
On Mon, Apr 20, 2015 at 09:45:01AM -0400, Paul Wouters wrote:
It's on my todo list. I am puzzled by your "Ever since
the outbound SA before the inbound SA", and wanted to track that
change down first to get more context. I'm thinking the most likely
candidate of this is the removal of the loopback code that did
horrible things like only install part of an SA to itself.
It was added by
commit f77d044ab9506498d71b266e4495717f677da4d6
Thanks for finding that commit for me. I've updated ipsec_delete_sa() to not
have the bool inbound_only parameter anymore.
Paul
Author: Michael Richardson <[email protected]>
Date: Wed Feb 22 12:49:49 2006 -0500
this include much refactoring of kernel_pfkey.c code into mast vs klips
functions. The kernel.c add_sa code now looks at the ref/refhim arguments
to the kernel_sa, making sure to install outgoing SA before incoming SA
so that we can refer to outgoing SA as the refhim.
kernel_mast.c now locates a useful mastXXX device, creating only one
if we need it
_______________________________________________
Swan-dev mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-dev
