[Swan-commit] Changes to ref refs/heads/master
Paul Wouters
paul at vault.libreswan.fi
Sun Oct 8 23:49:58 UTC 2017
New commits:
commit bf4d8229ee5a89aaa69856abd844500686955182
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Oct 8 19:49:04 2017 -0400
testing: new xauth story output
awaiting CFG_set -> possibly awaiting CFG_set
commit b9d8541da8124ebea79e44ce7e6832f43a422a0a
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Oct 8 19:48:14 2017 -0400
pluto: slightly change story of MODE_XAUTH_I0 / MODE_XAUTH_I1
We now include the word "possibly" since these states are not
guaranteed to require or do ModeCFG.
commit 5da0aece3817881b72966e81bd73ffe1abffd2cb
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Oct 8 19:45:14 2017 -0400
testing: updated xauth-pluto-03 and xauth-pluto-04
fixed up to show the phase 1 state and the new output of the
new state changes for the case of xauth without modecfg
commit 9a6cf2394a9e9cc7dd4f18009b2efdd66c400c9c
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Oct 8 19:34:29 2017 -0400
XAUTH: Perform custom state change for XAUTH without ModeCFG
It is not possible to use different smc state machine changes based
on ModeCFG payloads, as the content of these payloads determine
which state change we should do, but in both cases with and without
modecfg, we get some modecfg payload.
What happened until this commit, was that the ISAKMP SA was left
dangling despite also moving on and doing quick mode successfully
in the case of NOT doing modecfg.
But since the dangling state ends up timing out and restarting new
keying attempts, it would delete the established IPsec and IKE SA's.
The test cases xauth-pluto-03 and xauth-pluto-04 suffered from this,
but it was not visible in the test case because it ended before the
dangling state caused damage. The test cases were updated to show
the STATEs so any future regression on this becomes visible.
History showed this was attempted to have been fixed before, but
was partially left in an #if 0 statement.
As most XAUTH also involves ModeCFG, this bad case was apparently
rarely hit.
commit 56dcc5a8bf81187f947f754e4d186286a334bc4e
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Oct 8 19:31:46 2017 -0400
pluto: clarify branch taken with xauth_inI1() in debug logging
More information about the Swan-commit
mailing list