[Swan-commit] Changes to ref refs/heads/master
Andrew Cagney
cagney at vault.libreswan.fi
Sat Apr 25 13:01:22 UTC 2020
New commits:
commit 5a38bdf028fc0da3b2c57fc0e8950645af7132d2
Author: Andrew Cagney <cagney at gnu.org>
Date: Sat Apr 25 08:13:22 2020 -0400
ikev2: (mostly) schedule retransmits from success_v2_state_transition()
This helps sets things up for liveness (assuming it goes through the
proper record+STF_OK path) using retransmits.
Mostly (things to eventually fix):
- the INVALID_KE and COOKIE custom 'success' code paths needed
explicit clear_retransmits(IKE) calls
- scheduling DH crypto clears the retransmit timer; this will cause
problems when the initiator computes DH in the background
- the IKE_SA_INIT response processor, when it switches the initiator
from the IKE SA to the CHILD SA and fudges IKE 'success', needed an
explicit clear_retransmits(IKE) call
switching the retransmit from IKE to CHILD shouldn't be needed,
however ...
- when an IKE SA times out, flush_incomplete_child(), replaces any
larval children using replace events; except the events fire _after_
the IKE SA has been deleted
this seems very IKEv1esk
- delete_state() continues to send useless delete messages using the
next Message ID
More information about the Swan-commit
mailing list