[Swan-dev] labeled TS don't search for a connection ?

Paul Wouters via Swan-dev Tue, 20 Feb 2024 18:16:49 -0800


I see this commit:

commit f198add4b08640d1b67aef19168998070b65b725
Author: Andrew Cagney <[email protected]>
Date:   Tue Feb 20 20:25:33 2024 -0500

    ikev2: when responding to labeled TS don't search for a connection

    only possible match is the IKE SAs (note that at this point
    the Child SA is sharing the IKE SAs connection).


I am confused by this?  There could me multiple connections with different
labels that end up sharing an IKE SA ? eg:

conn labeled-1
        also=west-east
        type=transport
        policy-label=system_u:object_r:ipsec_spd_t:s0

conn labeled-2
        also=west-east
        type=transport
        policy-label=system_u:object_r:TOP_SECRET:s0

Paul
_______________________________________________
Swan-dev mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-dev

[Swan-dev] labeled TS don't search for a connection ?

Reply via email to