On Tue, 18 Jun 2019, Andrew Cagney wrote:
Would it be better to call this from complete_v2_state_transition() - it knows the state that is failing, it just needs to know what the audit log is.
Yes it would be if we could do it there. Unfortunately, it is not clear whether a child or parent SA failed when we return stf_status != STF_OK. And since some of these state transitions involve two states changing. Eg child SA failing but parent SA succeeding returns STF_OK in complete_v2_state_transition()
I don't think littering the code with audit calls will work long term.
I totally agree. Initially I also logged the reason for the error, so it couldn't go there for that reason either. I'll look again to see if I can put it in complete_v2_state_transition() with more minimal exceptions. Paul _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
