[Swan-commit] Changes to ref refs/heads/master
Andrew Cagney
cagney at vault.libreswan.fi
Fri Apr 10 14:05:11 UTC 2020
New commits:
commit fc83b84d1f6e139e943290f3597821b69769cc39
Author: Andrew Cagney <cagney at gnu.org>
Date: Thu Apr 9 14:34:32 2020 -0400
ikev2: replace record_v2N_notification_from_state() with record_v2N_notification()
Add parameters: logger, so code can explicitly log errors against the
failed state which might be the child; security, so caller gets to
explicitly specify ENCRYPTED_PAYLOAD vs UNENCRYPTED_PAYLOAD.
The keep it simple dogma here is to - for STF_OK and STF_FAIL -
encrypted and unencrypted - always record the response in the IKE SA
and then let complete_v2*() send it.
Since the response is always recorded, the IKE SA (assuming it wasn't
deleted) is able to handle retransmits for that same message (any code
using send_v2N*_from_state() likely breaks retransmits).
(Once everything is being recorded, the likely next step is to to
change record_v2N*() so that it appends the notification in an already
open PBS in the IKE SA - IKE_AUTH responses can contain more than just
these error notifications).
More information about the Swan-commit
mailing list