[Swan-commit] Changes to ref refs/heads/master

Andrew Cagney cagney at vault.libreswan.fi
Thu Oct 25 17:39:12 UTC 2018


New commits:
commit 73cf70afaeff65aa6411239e6d66b8f0bd59a38d
Author: Andrew Cagney <cagney at gnu.org>
Date:   Tue Oct 23 17:01:23 2018 -0400

    ikev2: replace ikev2_need_*_proposals() with get_v2_*_proposals()
    
    Three different proposals are generated.  For the IKE SA:
    
      get_v2_ike_proposals()
    
    and for the CHILD SA, because the proposal used during IKE_AUTH and
    CREATE_CHILD_SA are invariably different (former never has DH, latter
    can have IKE SA's DH):
    
      get_v2_ike_auth_child_proposals()
      get_v2_create_child_proposals()
    
    The proposals are generated on-demand.  They are cached in, and logged
    against, the connection.  It's assumed for instance that: that a
    connection, once created, doesn't change; and when multiple CHILD SA
    connections share an IKE SA there's no good reason for generating IKE
    proposals.
    
    Because a CHILD SA's proposals, created for a CREATE_CHILD_SA
    exchange, can depend on both the connection and the IKE SA's DH
    algorithm, the DH algorithm used to generate the proposals is also
    saved in the connection.  The assumption is that, while technically
    dynamic, it doesn't change often.  The alternative is to save it in,
    and copy it between the child states.
    
    Remove comments troubled by IKEv1.



More information about the Swan-commit mailing list