New commits: commit 8851acb5e69f5dab48563e9e845598e12b2a9198 Author: Wolfgang Nothdurft <wolfg...@linogate.de> Date: Wed Oct 11 10:41:35 2023 -0400
pluto: Fix IPCOMP with XFRMi Resolves: https://github.com/libreswan/libreswan/pull/1325 When using ipcomp with xfrmi the xfrm state for ipcomp is added without if_id and mark. The kernel sends XFRM_MSG_ACQUIRE when using the connection and the connection is retriggerd on every packet sending through the tunnel. | netlink_get() recvfrom() returned 448 bytes | netlink_xfrm_message_processor() got XFRM_MSG_ACQUIRE message with length 448 | xfrm netlink msg len 448 | xfrm_user_acquire id { daddr: xfrm_address_t spi: 0 proto: 6c saddr: struct xfrm_address_t sel: struct xfrm_selector} policy { lft { soft_add_expires_seconds=0 hard_add_expires_seconds=0 soft_use_expires_seconds=0 hard_use_expires_seconds=0} curlft { add_time=>0 use_time=0} } aalgos: 4294967295 ealgos: 4294967295 calgos: 4294967295 seq: 5 | xfrm acquire rtattribute type 5 ... | xfrm_user_tmpl { id: xfrm_id id family: 2 saddr: xfrm_address_t reqid: 16390 mode: 1 share: 0 optional: 0 aalgos: 4294967295 ealgos: 4294967295 calgos: 4294967295} | xfrm acquire rtattribute type 16 ... | xfrm_userpolicy_type { type: 0} | xfrm acquire rtattribute type 31 ... | netlink_acquire() ... ignoring unknown xfrm acquire payload type 31 | find_connection_for_packet() looking for an out-going connection that matches packet 192.0.3.254:8-ICMP->192.0.2.254:0 sec_label= | FOR_EACH_CONNECTION_.... in (find_connection_for_packet() +3824 programs/pluto/connections.c) | found "north" | choosing "north" priority 25214988; as first best | matches: 1 | concluding with "north" priority 25214988 kind=PERMANENT | "north": addref @0x560c00588e68(3->4) (initiate_ondemand() +135 programs/pluto/acquire.c) | "north": no whack to attach "north": initiate on-demand for packet 192.0.3.254:8-ICMP->192.0.2.254:0 Signed-off-by: Paul Wouters <paul.wout...@aiven.io> commit 9bdb8b20408d28ab27fa370e762173efdb812576 Author: Wolfgang Nothdurft <wolfg...@linogate.de> Date: Wed Oct 11 10:45:08 2023 -0400 testing: added ikev2-xfrmi-17-ipcomp Resolves: https://github.com/libreswan/libreswan/pull/1325 Signed-off-by: Paul Wouters <paul.wout...@aiven.io> _______________________________________________ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit