[Swan-commit] Changes to ref refs/heads/master
Paul Wouters
paul at vault.libreswan.fi
Fri Jun 28 16:33:47 UTC 2019
New commits:
commit 24bffe6702e8a3a9cfc230c9bacc43fef9da204b
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Jun 28 12:27:13 2019 -0400
IKEv2: OE connection timing out could accidentally overwrite tunnel policy
The failure scenario:
west OE initiates conn private #1 to east but east is not running pluto.
west keeps trying (keyingtries=%forver)
east is started, and triggers its own OE initiatialize to west
west creates a new IKE state #2 and an IPsec tunnel is installed.
west state #1 finds out it is no longer newest IKE SA and deletes itself
west will try to install an OE bare shunt on deleting, overwriting the
IPsec tunnel out policy.
This commit ensures west skips creating bare shunts when it is no
longer c->newest_isakmp_sa
commit fc5da93ad4dabf93197883103209c092bd4bc64c
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Jun 28 12:26:54 2019 -0400
KLIPS: latest kernels no longer have NETDEV_UNREGISTER_FINAL
commit 90eae09e713243ea3d359454b829fc206e417543
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Jun 28 11:37:11 2019 -0400
bump to 3.30dr1
More information about the Swan-commit
mailing list