[Swan-commit] Changes to ref refs/heads/master

Andrew Cagney cagney at vault.libreswan.fi
Mon Apr 27 15:23:56 UTC 2020


New commits:
commit bf69fc368b9e376fc9201b615aab97ead57d4b4b
Author: Andrew Cagney <cagney at gnu.org>
Date:   Thu Apr 23 21:25:47 2020 -0400

    ikev2: let retransmit code deal with failed liveness requests
    
    Implement liveness exchanges using the Message ID queue and retransmit
    code (the old code would by-pass the Message ID request queue and sent
    out requests directly).
    
    As a first take for what to do when retransmits timeout (this is the
    first non-initial exchange to use retransmits):
    
    - when IS_IKE_SA_ESTABLISHED() the liveness_action() code is executed
    
    - when the IKE SA isn't established take the 'retry' code path
    
    As more exchanges are added this will likely need to evolve.
    
    Known (long standing) issues:
    
    - because we've still not merged the established _I vs _R states two
      state transitions are needed; grrr
    
    - IKEv2 doesn't use separate initiator and responder buffers
    
    - tests such as ikev2-allow-narrow-02, where the initial CHILD SA
      fails, change behaviour - the real problem is that the CHILD SA
      needs to start a new exchange and delete itself (which would cancel
      the retransmit timer for the IKE_AUTH exchange)
    
    - revival code path needs work; for instance: liveness_action()
      doesn't seem to handle IKE SAs with multiple children; and
      flush_incomplete_child() is scheduling events to delete children
      that fire after the IKE SA has gone
    
    - delete_state() gets bored and sends delete notifications for a dead
      IKE SA

commit 338ff4cd2c6052ada19e9dccd6fe9724ce9c21b9
Author: Andrew Cagney <cagney at gnu.org>
Date:   Thu Apr 23 21:15:08 2020 -0400

    ikev2: pass planned future state transition into v2_msgid_queue_initiator()



More information about the Swan-commit mailing list