[Swan-commit] Changes to ref refs/heads/master
Paul Wouters
paul at vault.libreswan.fi
Fri Jun 16 18:51:11 UTC 2017
New commits:
commit 835d41d139bd4fc87212597752ca9161750127be
Author: Oleg Rosowiecki <orosowiecki at gmail.com>
Date: Fri Jun 16 14:48:56 2017 -0400
pluto: receiving multiple CISCO_SPLIT_INC payloads cause duplicate spd_routes
Before adding a new spd_route with a subnet received with CISCO_SPLIT_INC,
make sure we don't have an spd_route for the same subnet already. If we
do, ignore the subnet we've just received.
Some peers can send us CISCO_SPLIT_INC each time we rekey and generate
a new IKE SA. In this scenario, the new IKE SA undergoes the same
XAUTH challenge/response process and pulls ModeCfg parameters from the
server. Each remote subnet received with CISCO_SPLIT_INC results in
creation of a new spd_route.
Such spd_route's accumulate throughout the lifetime of the connection and
eventually cause their processing to slow down, in which case pluto fails
on an assertion in kernel.c. Also, spd_route's for identical subnets
result in redundant calls to route_and_eroute() when installing a new
IPSec SA. When we bring the connection down, the kernel reports errors
on multiple attempts to delete spd_route's for the same subnet.
Signed-off-by: Paul Wouters <pwouters at redhat.com>
commit 253565e6de8547447c7121cd3babfe6aef9704ec
Merge: 1b50973 0c7c611
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Jun 15 15:53:51 2017 -0400
Merge branch 'master' of vault.libreswan.fi:/srv/src/libreswan
commit 1b509738a4bccbfa146c8b0a51a8ecb7f3eabb1a
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Jun 14 14:43:42 2017 -0400
eroute: cleanup on break statements, remove old inline RCS logs
More information about the Swan-commit
mailing list