On Tue, 18 Jun 2019 at 00:47, Paul Wouters <[email protected]> wrote: > > New commits: > commit c43abee11ba2fa7be7f33a68fea5b91b2f7609de > Author: Paul Wouters <[email protected]> > Date: Tue Jun 18 00:47:15 2019 -0400 > > documentation: update CHANGES > > commit 4724862e437c972c64f1ca24677dfb8e5f8d6979 > Author: Paul Wouters <[email protected]> > Date: Tue Jun 18 00:44:58 2019 -0400 > > testing: update linux-audit-01 to include IKE SA and IPsec SA failure test > > Output also slightly changed due to selinux message log changes. > > commit 0e9380e8979e519ded6b17848a701d757b908295 > Author: Paul Wouters <[email protected]> > Date: Tue Jun 18 00:42:36 2019 -0400 > > pluto: audit log IKE SA and IPsec SA failures for Common Criteria (CC) > > - Change compiling linux_audit.c to reduce the numnber of #ifdef's > required. > - Add failure audit logs > - Remove non-exported but not-static linux_audit() call. Merge code > inline. > - Log remote address as raddr= and keep local address as addr= > (cannot use laddr, as this is how it is defined in libaudit, and if we > pass > laddr= ourselves we still need to pull in addr and get a duplicate)
Would it be better to call this from complete_v2_state_transition() - it knows the state that is failing, it just needs to know what the audit log is. I don't think littering the code with audit calls will work long term. Andrew PS: Are the 40 core dump yours or mine? > commit 1f0f57825bbabe61ceba07ffb1f82e9cb312185f > Author: Paul Wouters <[email protected]> > Date: Tue Jun 18 00:09:46 2019 -0400 > > testing: ikev1-cryptoload-01 should not use hardcoded /usr/local path > > _______________________________________________ > Swan-commit mailing list > [email protected] > https://lists.libreswan.org/mailman/listinfo/swan-commit _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
