[Swan-commit] Changes to ref refs/heads/master
Antony Antony
antony at vault.libreswan.fi
Wed Jun 21 09:03:50 UTC 2017
New commits:
commit 59b1d0413025f04c0414095392ce7d852809ef83
Merge: 6d55303 ab5f55a
Author: Antony Antony <antony at phenome.org>
Date: Tue Jun 20 22:38:17 2017 +0200
Merge branch 'ikev2-retransmit-fixes'
Improve ikev2 retransmit handling, both sending and receiving.
The packet or fragment sent is stored on the parent state object.
When receiving CREATE_CHILD_SA request update the message ID once
the message is parsed. So if retransmit arrives while crypto work
is going on the responder can easly detect it.
Also when replied, the responder could easly re-send the last
response.
Once the excahange is complete clear the last tpacket/fragment from the
parent state object.
Thugh, in the future st might need two packet/fragment buffers one
for the request sent and another for reply sent.
Otherwise pluto could send wrong message during retransmit as initiator.
commit ab5f55a67385a06b90f212dd30444ab05df00c2b
Author: Antony Antony <antony at phenome.org>
Date: Sun Jun 11 20:15:41 2017 +0000
ikev2: ike rekey responder message id update is on parent sa
commit 02a3a9f1e65a819fa122600d1cb1fea4deb1c92c
Author: Antony Antony <antony at phenome.org>
Date: Sun Jun 11 15:20:04 2017 +0000
ikev2: fix st_msgid_lastrecv on IKE initiator
With CREATE_CHILD_SA the role of IKE parent state could flip
st_msgid_lastrecv should set to zero when the first message arrives
commit 21f3d4718b9a06119c4f77c904fcd00ed1e59ab9
Author: Antony Antony <antony at phenome.org>
Date: Sun Jun 11 13:09:23 2017 +0200
ikev2: fix deleting t_packets and fragments on pst squash to previous
commit fb657ba08ce3a749ed35e17273affed1477d0972
Author: Antony Antony <antony at phenome.org>
Date: Sat Jun 10 11:28:17 2017 +0000
pluto: cleanup of re-transmit logic
remove un-necessary function arguments and fix comments and types.
now the transmitted packet is stored on the parent state object.
commit c653c7068cfc2d3095e793c423d6c1111a81ac8a
Author: Antony Antony <antony at phenome.org>
Date: Fri Jun 9 20:59:52 2017 +0000
ikev2: in retransmit_v2 when it reach limit clear packet from pst
commit 6d55303bbbdbf0060ef03491ef8d810dadd6b446
Merge: e87c074 972ffa2
Author: Antony Antony <antony at phenome.org>
Date: Tue Jun 20 22:38:01 2017 +0200
Merge branch 'testing-fixes'
commit b3e27eb719c8fd82f5e3e5fb65a0c24300e9131e
Author: Antony Antony <antony at phenome.org>
Date: Thu Jun 1 19:55:17 2017 +0200
ikev2: clear fragments and original tpkt before recodrding new one
commit 972ffa2fb31c23a7977dc887de023c5e0d38dd57
Author: Antony Antony <antony at phenome.org>
Date: Tue Jun 20 08:45:04 2017 +0000
testing: change some tests with road to north.
north has northnet behind it. These tests were kludging net behind road
commit cad4327e39c8fe300c982336f191886c8b83315e
Author: Antony Antony <antony at phenome.org>
Date: Wed May 31 11:44:58 2017 +0200
ikev2: during CREATE_CHILD_SA update message ids before the crypto work
If the crypto takes too long and the other end re-transmit
CREATE_CHILD_SA request ignore it based on last received message id.
Also keep track of the last replied message id, st_msgid_lastreplied,
This avoids replying with wrong message.
commit edc1a4968da70b40f9322ef963de387cb63dfa0c
Author: Antony Antony <antony at phenome.org>
Date: Tue Jun 20 07:41:48 2017 +0000
testing: Dockerfiles add ike-scan
commit f5d1395d07a8879ff0b1f42f04ac58577d601650
Author: Antony Antony <antony at phenome.org>
Date: Mon Jun 19 16:33:03 2017 +0000
testing: update Dockerfiles
commit 400d0a0a3dd5858d45f7f77e76f8d981ab0564e7
Author: Antony Antony <antony at phenome.org>
Date: Thu Jun 15 12:00:26 2017 +0000
testing: update ipsec.conf.common with northenet and ipv6
commit 929973653e13758056aad48d50a6a417701b4a9d
Author: Antony Antony <antony at phenome.org>
Date: Thu Jun 15 10:27:33 2017 +0000
testing: swantest use virsh destroy if the shutdown fails
commit d0a523e1760592f789519697f6823e321c6c8c61
Author: Antony Antony <antony at phenome.org>
Date: Thu Jun 15 10:26:33 2017 +0000
testing: north fix IPv6 address on interfaces
More information about the Swan-commit
mailing list