[Swan-commit] Changes to ref refs/heads/master

Paul Wouters paul at vault.libreswan.fi
Fri Oct 16 03:26:03 UTC 2015

New commits:
commit 093382a4da5f175bbb8a84e81368aa035c9edc83
Author: Paul Wouters <pwouters at redhat.com>
Date:   Thu Oct 15 23:23:27 2015 -0400

    pluto: retransmit_v2_msg() should delete parent and child sa's on failure
    When retransmit_v2_msg() hits failure for EVENT_v2_RETRANSMIT, it only
    deleted the larvae child sa, and not the parent sa. It would be left
    to die on the EVENT_SA_TIMEOUT. This caused dozens of lingering states
    for OE.

commit d105132f773257e359b04b0140d73ab9193f56ef
Author: Paul Wouters <pwouters at redhat.com>
Date:   Thu Oct 15 23:20:17 2015 -0400

    pluto: A mixup in parent vs child SA caused the keyingtries number to be lost
    This resulted in unlimited keyingtries. OE connections would never stop trying.
    This is due to the child sa being created prematurely in ikev2_parent_inR1outI2_tail()
    It should really be created only after IKE_AUTH was received with confirmation?
    As a bandaid, we copy the parent's st_try to the child's st_try when duplicating
    the state.

commit c8ae77fae976db831b49f327a69d51eff71f19db
Author: Paul Wouters <pwouters at redhat.com>
Date:   Thu Oct 15 23:19:26 2015 -0400

    ikev2_parent.c: Add comments that a child SA is created prematurely

commit 22b0b78daf7fc1151da16536f33c340b08bbc86c
Author: Paul Wouters <pwouters at redhat.com>
Date:   Thu Oct 15 23:16:08 2015 -0400

    pluto: remove two bogus state machine entries
    "I2: process INFORMATIONAL"
    "R1: process INFORMATIONAL"
    These states have no authenticated parent sa and so should never even
    process an informational. Only R2 and I3 states are allowed to do so.
    These were added by mistake because the SEND_V2_NOTIFICATION() related
    code could cause an IKE_AUTH or IKE_INIT request to be answered with
    and INFORMATIONAL reply, which is incorrect. The code that did so was
    fixed a few commits before this commit.

More information about the Swan-commit mailing list