[Swan-commit] Changes to ref refs/heads/master

Antony Antony antony at vault.libreswan.fi
Wed Jun 21 09:03:50 UTC 2017 

New commits:
commit 59b1d0413025f04c0414095392ce7d852809ef83
Merge: 6d55303 ab5f55a
Author: Antony Antony <antony at phenome.org>
Date:   Tue Jun 20 22:38:17 2017 +0200

    Merge branch 'ikev2-retransmit-fixes'
    
    Improve ikev2 retransmit handling, both sending and receiving.
    The packet or fragment sent is stored on the parent state object.
    
    When receiving CREATE_CHILD_SA request update the message ID once
    the message is parsed. So if retransmit arrives while crypto work
    is going on the responder can easly detect it.
    Also when replied, the responder could easly re-send the last
    response.
    
    Once the excahange is complete clear the last tpacket/fragment from the
    parent state object.
    
    Thugh, in the future st might need two packet/fragment buffers one
    for the request sent and another for reply sent.
    Otherwise pluto could send wrong message during retransmit as initiator.

commit ab5f55a67385a06b90f212dd30444ab05df00c2b
Author: Antony Antony <antony at phenome.org>
Date:   Sun Jun 11 20:15:41 2017 +0000

    ikev2: ike rekey responder message id update is on parent sa

commit 02a3a9f1e65a819fa122600d1cb1fea4deb1c92c
Author: Antony Antony <antony at phenome.org>
Date:   Sun Jun 11 15:20:04 2017 +0000

    ikev2: fix st_msgid_lastrecv on IKE initiator
    
    With CREATE_CHILD_SA the role of IKE parent state could flip
    st_msgid_lastrecv should set to zero when the first message arrives

commit 21f3d4718b9a06119c4f77c904fcd00ed1e59ab9
Author: Antony Antony <antony at phenome.org>
Date:   Sun Jun 11 13:09:23 2017 +0200

    ikev2: fix deleting t_packets and fragments on pst squash to previous

commit fb657ba08ce3a749ed35e17273affed1477d0972
Author: Antony Antony <antony at phenome.org>
Date:   Sat Jun 10 11:28:17 2017 +0000

    pluto: cleanup of re-transmit logic
    
    remove un-necessary function arguments and fix comments and types.
    now the transmitted packet is stored on the parent state object.

commit c653c7068cfc2d3095e793c423d6c1111a81ac8a
Author: Antony Antony <antony at phenome.org>
Date:   Fri Jun 9 20:59:52 2017 +0000

    ikev2: in retransmit_v2 when it reach limit clear packet from pst

commit 6d55303bbbdbf0060ef03491ef8d810dadd6b446
Merge: e87c074 972ffa2
Author: Antony Antony <antony at phenome.org>
Date:   Tue Jun 20 22:38:01 2017 +0200

    Merge branch 'testing-fixes'

commit b3e27eb719c8fd82f5e3e5fb65a0c24300e9131e
Author: Antony Antony <antony at phenome.org>
Date:   Thu Jun 1 19:55:17 2017 +0200

    ikev2: clear fragments and original tpkt before recodrding new one

commit 972ffa2fb31c23a7977dc887de023c5e0d38dd57
Author: Antony Antony <antony at phenome.org>
Date:   Tue Jun 20 08:45:04 2017 +0000

    testing: change some tests with road to north.
    
    north has northnet behind it. These tests were kludging net behind road

commit cad4327e39c8fe300c982336f191886c8b83315e
Author: Antony Antony <antony at phenome.org>
Date:   Wed May 31 11:44:58 2017 +0200

    ikev2: during CREATE_CHILD_SA update message ids before the crypto work
    
    If the crypto takes too long and the other end re-transmit
    CREATE_CHILD_SA request ignore it based on last received message id.
    
    Also keep track of the last replied message id, st_msgid_lastreplied,
    This avoids replying with wrong message.

commit edc1a4968da70b40f9322ef963de387cb63dfa0c
Author: Antony Antony <antony at phenome.org>
Date:   Tue Jun 20 07:41:48 2017 +0000

    testing: Dockerfiles add ike-scan

commit f5d1395d07a8879ff0b1f42f04ac58577d601650
Author: Antony Antony <antony at phenome.org>
Date:   Mon Jun 19 16:33:03 2017 +0000

    testing: update Dockerfiles

commit 400d0a0a3dd5858d45f7f77e76f8d981ab0564e7
Author: Antony Antony <antony at phenome.org>
Date:   Thu Jun 15 12:00:26 2017 +0000

    testing: update ipsec.conf.common with northenet and ipv6

commit 929973653e13758056aad48d50a6a417701b4a9d
Author: Antony Antony <antony at phenome.org>
Date:   Thu Jun 15 10:27:33 2017 +0000

    testing: swantest use virsh destroy if the shutdown fails

commit d0a523e1760592f789519697f6823e321c6c8c61
Author: Antony Antony <antony at phenome.org>
Date:   Thu Jun 15 10:26:33 2017 +0000

    testing: north fix IPv6 address on interfaces

More information about the Swan-commit mailing list