[Swan-dev] fixing Windows rekeying
paul at nohats.ca
Fri Sep 11 13:49:59 UTC 2020
On Wed, 29 Apr 2020, Antony Antony wrote:
This issue had been living in a stale mate and neither solution had been
merged in yet. I refound it based on a failing test case.
I've merged in Antony's version now as people prefered it.
> Date: Wed, 29 Apr 2020 01:53:08
> From: Antony Antony <antony at phenome.org>
> To: Libreswan Development List <swan-dev at lists.libreswan.org>,
> Tuomo Soini <tis at foobar.fi>
> Subject: [Swan-dev] fixing Windows rekeying
> Here is my attempt to fix it. I guess there more attempts Paul and Andrew
> has their own? I didnt commit because there more happening around. May be
> combine and take the best.
> During rekey on the responder this patch validate TS before the crypto
> starts. Which I think is way better. I have been thinking of the same for
> initiator; when get the response to. May be that should be later fix, first
> commmit the responder side clean up.
> I used 4 test cases and Windows 10 Tuomo runs to validate.
> ikev2-child-rekey-09-windows this should emulate what Windows 10 is doing
> with rekey. It seems DH downgrade is fixed. This is based on logs provided
> by Tuomo. Next 3 tests are more impairments to TS during rekey, emulating
> other possible scenarios
> Also regarding:
> Andrew is right the initiator does not call the new functions added in
> 7be41582a340. That is why it is removed. Initiator already call the score
> fuction follow the last two test cases.
> Also Tuomo has been testing this? any issues?
More information about the Swan-dev