[Swan-dev] "already determined local IKE proposals" ??

[Paul Wouters]

I noticed in a log:

 	already determined local IKE proposals for XXXXX

This happens when we received an IKE proposal we liked but where we did
not like the first DH, so there is a mismatched KE, and we send INVALID_KE.

When the remote comes back with (we presume) the same proposal but an
updated KE payload, we call this code:

void ikev2_need_ike_proposals(struct connection *c, const char *why) {
         if (c->ike_proposals != NULL) {
                 DBGF(DBG_CONTROL, "already determined local IKE proposals for %s (%s)",
                      c->name, why);
                 return;
         }

However, there is no guarantee that the new proposal indeed contains the
transforms we saw before. So is this safe?

I'm also confused about c->ike_proposals being set. It is on the
connection, not on the state. What if this was a road warrior where
we instantiate the connection?  What if we got two road warriors from
different IPs and we ended up receiving their packets interleaved?

I assume it might be stored on the connection because we likely didn't
create a state for a packet that required us sending INVALID_KE.

I think the code would be more secure if iwe remove this "optimalization".

Thoughts?

Paul