[Swan-commit] Changes to ref refs/heads/master
Andrew Cagney
cagney at vault.libreswan.fi
Mon May 7 21:56:09 UTC 2018
New commits:
commit 648051a96ea8f2c506741e575c5054337b34cd52
Author: Andrew Cagney <cagney at gnu.org>
Date: Mon May 7 16:12:12 2018 -0400
packets: work around delete_state() scribbling a delete message all over an IKEv2 AUTH reply
During an IKEv2 AUTH reply, any old IKE SA will be replaced (switching
interfaces? fragmentation related?) and that can lead to the old IKE
SA scribbling its delete message all over the unsent AUTH reply the
the global reply_buffer[].
What next for the workaround?
- move the save/restore to where the problematic delete is being
called
this patch does it across every delete
- suppress sending a delete when replacing and old IKE SA
no reason for sending the delete message, but it didn't seem to work
using .st_ikev2_no_del though?
- schedule the cleanup for after the current event has finished
- eliminate the nasty evil global reply_buffer[]
More information about the Swan-commit
mailing list