[Swan-commit] Changes to ref refs/heads/master
cagney at vault.libreswan.fi
Mon May 7 21:56:09 UTC 2018
Author: Andrew Cagney <cagney at gnu.org>
Date: Mon May 7 16:12:12 2018 -0400
packets: work around delete_state() scribbling a delete message all over an IKEv2 AUTH reply
During an IKEv2 AUTH reply, any old IKE SA will be replaced (switching
interfaces? fragmentation related?) and that can lead to the old IKE
SA scribbling its delete message all over the unsent AUTH reply the
the global reply_buffer.
What next for the workaround?
- move the save/restore to where the problematic delete is being
this patch does it across every delete
- suppress sending a delete when replacing and old IKE SA
no reason for sending the delete message, but it didn't seem to work
using .st_ikev2_no_del though?
- schedule the cleanup for after the current event has finished
- eliminate the nasty evil global reply_buffer
More information about the Swan-commit