[Swan-dev] ikev2: only count empty informational messages as liveness probes
Paul Wouters
paul.wouters at aiven.io
Fri May 21 12:54:37 UTC 2021
commit b6e986fb7181fe6288dbba3fb98832b53aee1415
Author: Andrew Cagney <cagney at gnu.org>
Date: Thu May 20 11:21:33 2021 -0400
ikev2: only count empty informational messages as liveness probes
was including informational messages with notify payloads
This is not correct through. Any informational message can contain
notify payloads. In theory they should all include NAT detection
payloads in case a NAT appeared out of nowhere.
But also, every exchange message that proved it is a new sequence number
counts as "liveness probe". So if a REKEY happens, the "liveness" should
also be updated.
Paul
More information about the Swan-dev
mailing list