[Swan-commit] Changes to ref refs/heads/master
Andrew Cagney
cagney at vault.libreswan.fi
Mon Apr 27 15:23:56 UTC 2020
New commits:
commit bf69fc368b9e376fc9201b615aab97ead57d4b4b
Author: Andrew Cagney <cagney at gnu.org>
Date: Thu Apr 23 21:25:47 2020 -0400
ikev2: let retransmit code deal with failed liveness requests
Implement liveness exchanges using the Message ID queue and retransmit
code (the old code would by-pass the Message ID request queue and sent
out requests directly).
As a first take for what to do when retransmits timeout (this is the
first non-initial exchange to use retransmits):
- when IS_IKE_SA_ESTABLISHED() the liveness_action() code is executed
- when the IKE SA isn't established take the 'retry' code path
As more exchanges are added this will likely need to evolve.
Known (long standing) issues:
- because we've still not merged the established _I vs _R states two
state transitions are needed; grrr
- IKEv2 doesn't use separate initiator and responder buffers
- tests such as ikev2-allow-narrow-02, where the initial CHILD SA
fails, change behaviour - the real problem is that the CHILD SA
needs to start a new exchange and delete itself (which would cancel
the retransmit timer for the IKE_AUTH exchange)
- revival code path needs work; for instance: liveness_action()
doesn't seem to handle IKE SAs with multiple children; and
flush_incomplete_child() is scheduling events to delete children
that fire after the IKE SA has gone
- delete_state() gets bored and sends delete notifications for a dead
IKE SA
commit 338ff4cd2c6052ada19e9dccd6fe9724ce9c21b9
Author: Andrew Cagney <cagney at gnu.org>
Date: Thu Apr 23 21:15:08 2020 -0400
ikev2: pass planned future state transition into v2_msgid_queue_initiator()
More information about the Swan-commit
mailing list