[Swan-commit] Changes to ref refs/heads/master
Andrew Cagney
cagney at vault.libreswan.fi
Tue Jun 4 21:25:20 UTC 2019
New commits:
commit 4eea933c5012529ceaf12b4185777a637d60ba3f
Author: Andrew Cagney <cagney at gnu.org>
Date: Tue Jun 4 15:44:27 2019 -0400
ikev2: make pending initiator queue more generic
Remove hardwired assumption that the only initiator needing this is
CREATE_CHILD_SA.
Always queue "known" initiator requests forcing FIFO and ensuring that
the single code path is being executed (update tests to expect REPLACE
events for children in the pending request queue).
Implement using schedule_callback() to wake up the IKE SA which then
processes the queue (was using EVENT_v2_SEND_NEXT_IKE to wake up
individual children). This should should stop a race where:
- a "DH child" completes crypto and calls schedule_resume()
- the IKE state processes a response and, seeing an open window,
schedules a "pending child" using EVENT_v2_SEND_NEXT_IKE.
- the "DH child" grabs the open window
- the "pending child" also tries to grab the now closed window
While this this doesn't solve the problem of "unknown" initiator
requests, such as in delete_state() and liveness, where record 'n'
send bypass the pending queue, it does mean it is solveable.
More information about the Swan-commit
mailing list