[Swan-commit] Changes to ref refs/heads/main
Andrew Cagney
cagney at vault.libreswan.fi
Wed Jul 7 00:14:44 UTC 2021
New commits:
commit be8dffb371cbb80ed0a686ef92c2589a6b5b47b5
Author: Andrew Cagney <cagney at gnu.org>
Date: Tue Jul 6 20:06:01 2021 -0400
ikev2: unpend/delete Child SA when rejected by IKE_AUTH response
In process_v2_IKE_AUTH_response_child_sa_payloads(), when the response
contains a failure notification, unpend() and delete the larval
Child SA, and then return v2N_NOTHING_WRONG.
The problem is with unpend(). Like for the Child SA case it should
be doing some sort of expotential backoff.
Notes:
- returning v2N_NOTHING_WRONG is correct: there was a problem, it
was handled; so from the POV of the IKE SA, there isn't a problem
- the code that follows and returns v2N_TS_UN... is also correct;
the initiator is trying to reject the response; just need to
find a way to tell the responder
More information about the Swan-commit
mailing list