[Swan-commit] Changes to ref refs/heads/main
Andrew Cagney
cagney at vault.libreswan.fi
Wed Sep 22 20:32:50 UTC 2021
New commits:
commit 696f01c8870a3d6668680082aa3d487c37ebf15a
Merge: 977a2bb 943ce9c
Author: Andrew Cagney <cagney at gnu.org>
Date: Wed Sep 22 16:32:22 2021 -0400
ikev2: fix fragmented retransmits
... per RFC, also check the fragment total
Merge commit '943ce9c529a79f76ecd4fdb1ccc030b31d8c9952'
commit 943ce9c529a79f76ecd4fdb1ccc030b31d8c9952
Author: Andrew Cagney <cagney at gnu.org>
Date: Wed Sep 22 16:29:20 2021 -0400
ikev2: update retransmit tests
commit b01c48b088d6cbca83866ec547a5bdd7b93b6ce5
Author: Andrew Cagney <cagney at gnu.org>
Date: Wed Sep 22 13:41:49 2021 -0400
ikev2: save the fragment total, use when checking duplicates
Fix the below (from RFC 7383):
2.6.1. Replay Detection and Retransmissions
If an incoming message contains an Encrypted Fragment payload, the
values of the Fragment Number and Total Fragments fields MUST be used
along with the Message ID to detect retransmissions and replays.
If the responder receives a retransmitted fragment of a request when
it has already processed that request and has sent back a response,
that event MUST only trigger a retransmission of the response message
(fragmented or not) if the Fragment Number field in the received
fragment is set to 1; otherwise, it MUST be ignored.
commit ae3c772c7d8ab938a14fd6a563253f7bc970628c
Author: Andrew Cagney <cagney at gnu.org>
Date: Wed Sep 22 07:35:52 2021 -0400
ikev2: clarify responder's duplicate code
- add RFC quotes to comments
- point out why a full packet compare doesn't really help
- include more details when dropping messages
- drop any duplicate message that doesn't start with SK/SKF
commit ecdcccdfca363e2396ff4879be76f7e662ba398a
Author: Andrew Cagney <cagney at gnu.org>
Date: Wed Sep 22 10:01:38 2021 -0400
ikev2: move .st_msgid_wip.responder to .st_msgid_windows.responder.recv_wip
The separate .st_msgid_wip is used to find the Child SA initator.
More information about the Swan-commit
mailing list