[prev in list] [next in list] [prev in thread] [next in thread] 

List:       libreswan-commit
Subject:    [Swan-commit] Changes to ref refs/heads/master
From:       Paul Wouters <paul () vault ! libreswan ! fi>
Date:       2019-03-18 15:12:14
Message-ID: 44NKRL4fhfz7WymV () vault ! libreswan ! fi
[Download RAW message or body]

New commits:
commit c2173bbfc95f2d8782787ec87c4dd0c5a51fd9c1
Author: Paul Wouters <pwouters@redhat.com>
Date:   Mon Mar 18 16:07:17 2019 +0100

    pluto: deleting a connection should bring it down first
    
    ipsec auto --down ends up calling terminate_connection()
    ipsec auto --delete ends up calling delete_connection()
    
    However, one would expect delete_connection() to do everything
    of terminate_connection() plus the actual delete. But it does not.
    
    terminate_connection() does:
    - clears POLICY_UP which explains the above bug later in delete_state()
    - calls flush_pending_by_connection();
    - if IKE SA is shared, delete_state with serial from c->newest_ipsec_sa
    - if IKE SA not shared, call delete_states_by_connection()
    
    delete_connection() does:
    - if connection is an instance,
      - free lease
    - call release_connection()
    - if a CK_GROUP, delete group
    - remove connection from connections list
    - cleanup hostpair
    - free up memory of connection
    - handle c->spd routing stuff
    
    --delete would trigger the "revive connection" code bcause only --down would
    remove the POLICY_UP from the connection.

commit 885e89288103058ea01f0d67786c88a61e7dcef2
Author: Paul Wouters <pwouters@redhat.com>
Date:   Mon Mar 18 14:53:39 2019 +0100

    pluto: abort earlier during whack when option name is missing

_______________________________________________
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit
[prev in list] [next in list] [prev in thread] [next in thread]