[Swan-dev] fixing Windows rekeying
andrew.cagney at gmail.com
Wed Apr 29 13:45:56 UTC 2020
On Wed, 29 Apr 2020 at 01:54, Antony Antony <antony at phenome.org> wrote:
> Here is my attempt to fix it. I guess there more attempts Paul and Andrew
> has their own? I didnt commit because there more happening around. May be
> combine and take the best.
> During rekey on the responder this patch validate TS before the crypto
> starts. Which I think is way better. I have been thinking of the same for
> initiator; when get the response to. May be that should be later fix,
> commmit the responder side clean up.
Yea, good idea. And using record means that the IKE SA can respond to
retransmits (ignoring bugs such as needing i&r buffers).
BTW. Unlike loglog(), log_state() works when cur_state is snafued. And
for liveness I added 338ff4cd2c6052ada19e9dccd6fe9724ce9c21b9 which might
be a better fit for the initiator.
> I used 4 test cases and Windows 10 Tuomo runs to validate.
> ikev2-child-rekey-09-windows this should emulate what Windows 10 is doing
> with rekey. It seems DH downgrade is fixed. This is based on logs provided
> by Tuomo. Next 3 tests are more impairments to TS during rekey, emulating
> other possible scenarios
> Also regarding:
> Andrew is right the initiator does not call the new functions added in
> 7be41582a340. That is why it is removed. Initiator already call the score
> fuction follow the last two test cases.
> Also Tuomo has been testing this? any issues?
> Swan-dev mailing list
> Swan-dev at lists.libreswan.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Swan-dev