CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2011/01/26 09:59:24
Modified files:
sbin/iked : config.c iked.h ikev2.c ikev2_pld.c pfkey.c
policy.c
Log message:
get rid of acquire flows completely, as they tend to pass traffic
when there's no sa established (as pointed out by reyk). instead
use require mode feature to send acquires from the kernel. this
allows us to get rid of the code that changes flow mode to acquire
and keep all installed flows in the tree and save up on some code
that deals with renegotiation. also several entities were renamed
(iked_acqflows -> iked_activeflows, iked_ipsecsas -> iked_activesas,
ikev2_acquire -> ikev2_acquire_sa). ok reyk
