On Fri, 1 Nov 2019, Andrew Cagney wrote:
As in the dpd entry in the struct, not things like the underlying shunt.
my recollect is no. To minimze clear traffic leak during mobike attempt.
However, new IKE packet(s) must leave. Let me check.
Right. But here there is no interface - any attempt to send goes no where.
It might only be momentarilly lost. Also if the original conn has
auto=route (auto=ondemand) or auto=start, we are expected to never
leak the packets. For KLIPS that mean routing so erouting. It is a
little unclear what that means for XFRM now using our eroute code.
I suggest we re-visit that once we have removed KLIPS.
Paul
_______________________________________________
Swan-dev mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-dev
