[Swan-commit] Changes to ref refs/heads/master
Paul Wouters
paul at vault.libreswan.fi
Fri Jun 6 08:23:34 EEST 2014
New commits:
commit f5916aebe1d167eb27d5402758de33b56814d03d
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Jun 6 01:15:03 2014 -0400
IKEv2: Fix process_informational_ikev2() for Delete payloads [Paul/Hugh]
An incomplete Child SA has the same SPIs as its Parent SA and could
accidentally be matched by the state machine to process the Informational
Exchange. If such informational message contained an IKE SA Delete
payload, it would trigger a passert in v2_delete_my_family() which
insisted to be given a Parent SA. We now switch to the parent if detected.
The RFC forbids mixing IKE and IPsec Deletes. IKE SA delete payload
SPI numbers and SPI size MUST be zero. This was not enforced.
Syntax errors in Delete payloads were ignored instead of failed.
Convoluted SPI logging simplified.
commit a5a70ff1d7b1bd372af4598e394b4ab5e2b00255
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Jun 6 01:14:35 2014 -0400
updated comments in state.h
commit a9f2b106fa90deef61c9eec6f4fedadf9e708afe
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Jun 6 01:13:50 2014 -0400
minor cleanup in state.c
commit 91d37c9d0a310a2a93338aab039055791ba63a13
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Jun 6 01:13:12 2014 -0400
update a comment
commit d36225e7a3b29067b415843b82576f873121e4e4
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Jun 6 01:12:27 2014 -0400
Add comment to process_v2_packet() got lsb#185
commit cc6b565dfdc084e2a5f501b120b440b4bad20cd8
Merge: ede0f7c f0067c9
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Jun 5 22:08:15 2014 -0400
Merge branch 'master' of ssh://vault.foobar.fi/srv/src/libreswan
commit ede0f7c58831c2d643256cd45b2db02aa72bcc28
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Jun 5 13:22:21 2014 -0400
testing: ikev2-algo-sha2-06 needs different esp= line to trigger the bug
More information about the Swan-commit
mailing list