[Swan-commit] Changes to ref refs/heads/master
Andrew Cagney
cagney at vault.libreswan.fi
Tue Jun 25 17:05:45 UTC 2019
New commits:
commit 270e039b5f5c0d30efffee44f1fa3c0add571ace
Author: Andrew Cagney <cagney at gnu.org>
Date: Tue Jun 25 13:02:41 2019 -0400
IKEv2 Message IDs: update / tone down more checks due to record'n'send
For instance, INITIATOR being unexpectedly non-NULL:
- west.#8 needs a rekey, so west.#11 is created and it sends a
CREATE_CHILD_SA with Message ID 3.
- west.#8 gives up on the re-key so it forces a delete request (aka
record'n'send), sending a second message with ID 4
West has two outstanding messages yet its window size of 1!
- east receives the rekey with ID 3, creates east.#11 and and sends it
off for further processing
- east receives the delete with ID 4, forces a message ID update and
sends an ID 4 response confirming the delete
- east.#11 finishes its crypto so east sends back its response with
Message ID 3 for a re-keyed SA it just deleted?!?!
East has responded with two out-of-order messages (if the window size
was 2 this would be ok but it isn't).
- west receives the ID 4 response, tries to delete the IKE SA but
can't because west.#11 is lurking; but regardless the ID window is
forced 2->4
- west receives the ID 3 response, which is clearly to-old so doesn't
expect there to be a matching initiator, arrg
More information about the Swan-commit
mailing list