On Fri, 24 Jan 2020 06:14:51 -0500 (EST) Paul Wouters <p...@nohats.ca> wrote:
> On Fri, 24 Jan 2020, Antony Antony wrote: > > > while testing xfrmi Tuomo noticed reggression in connswitch code. > > It is not a regression. It is a fix. It does show we have another > problem with connswitching. This issue, and the OE shunt issue > and the two release blockers for 3.30 While it might be a fix it is a regression. It causes first matching connection to fail instead of trying to find out a proper match. If it is a fix, it is a wrong fix. You tried exactly same fix before and we ended up reverting it because it broke responder. This fix won't work and breaks all connection switching on responder. Failure happens at wrong place in code. This works for initiator because initiator knows which conn it is using and it won't switch. But the case where I see regression is static tunnel. At responder end, static tunnel hits RW connection. And then sits there failing without trying to switch to correct connection. On responder this place can't fail the connection. -- Tuomo Soini <t...@foobar.fi> Foobar Linux services +358 40 5240030 Foobar Oy <https://foobar.fi/> _______________________________________________ Swan-dev mailing list Swan-dev@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-dev
