[Swan-commit] Changes to ref refs/heads/master
Andrew Cagney
cagney at vault.libreswan.fi
Tue Dec 11 12:45:26 UTC 2018
New commits:
commit 40279ff8fec9225157e1b57010adb7bfaccfaf0e
Author: Andrew Cagney <cagney at gnu.org>
Date: Mon Dec 10 09:26:50 2018 -0500
lists: in FOR_EACH_LIST_ENTRY_(), merge HEAD declaration into ENTRY declaration
commit 3b715306968e882eb445bcfc893977af87b35907
Author: Andrew Cagney <cagney at gnu.org>
Date: Mon Dec 10 07:40:56 2018 -0500
ikev2: only look for a state matching an IKE_SA_INIT message using ike_spi_t SPIi
Replace ikev2_find_state_in_init(), which also checked for an
explicit state, with find_v2_ike_sa_by_initiator_spi().
In the IKE SA responder, let the duplicate packet code, which looks at
the Message ID, deal with duplicates. Both old duplicates (previously
they resulted in larval states) and supposedly unrelated IKE_SA_INIT
requests with an identical SPIi (odds of 1/2^64) will be discarded.
This means that those unrelated initiators always get to re-try with
a different SPI.
In the IKE SA initiator, use the Message ID (shouldn't be valid) as a
check for a duplicate response.
More information about the Swan-commit
mailing list