connection_state() is used to go over all connections, whether IKEv1 or IKEv2.
It contains:
if (IS_ISAKMP_ENCRYPTED(st->st_state->kind) &&
lc->phase1 < p1_encrypt)
lc->phase1 = p1_encrypt;
if (IS_ISAKMP_AUTHENTICATED(st->st_state) &&
lc->phase1 < p1_auth)
lc->phase1 = p1_auth;
However, these two IS_ISAMP_ defines only operate on IKEv1 states. This
is most certainly not what is intended.
The p1_encrypt and p1_auth states don't really make sense for IKEv2
anyway.
Note this code is for the "binstats" statistics, which is really
obsoleted for "ipsec whack --globalstatus".
Should we just remove binstats support completely? I feel we should have
done this for libreswan 4.0 anyway.
Paul
_______________________________________________
Swan-dev mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-dev
