[Swan-dev] WIP: supporting xfrm SA expire
Paul Wouters
paul at nohats.ca
Mon Nov 29 00:21:36 EET 2021
On Nov 27, 2021, at 14:03, Antony Antony <antony at phenome.org> wrote:
>
> Hi,
> I rebased this branch and improved expire handling.
>
> #sa-expire or #sa-expire-20211127
> https://github.com/antonyantony/libreswan/tree/sa-expire
Awesome. I will have a look.
> I renamed keywords to salifebytes= salifepackets=
You had those names before. I wrote at the time:
I noticed you used salifebytes= and salifepackets=. I think it would be
more intuitive to call these maxbytes= and maxpackets. Or limit-bytes=
or bytelimit= and packet-limit= ?
Similarly, where strongswan has inactivity= I think idletimeout= or
idle-timeout= would be more clear? I wouldn't call in inactive because
the tunnel is "active" (or "up") - there is just no traffic happening.
I do understand why you added the "sa" prefix, because we in theory also
have these options on the IKE SA (for FIPS compliance), but I think
those maximums could just be hardcoded to a much lower count and might
never need to be user configurable? Like wouldn't 1Gbyte of IKE
traffic be a good time to re-auth or rekey-with-pfs ? In which case it
might make sense to omit the "sa" prefix for the regular admin?
I still think using an “sa” prefix is less intuitive, especially because an IKE SA is also an SA anyway. Which is why we have lifetime= and ikelifetime= (but we also have salifetime= being the same as lifetime=)
> added few basic checks to avoid corner cases those netlink calls will return error:
> - do not send delete request to kernel for a "hard" expired SA (one directional). xfrm already deleted it.
> - do not query traffic, get_sa_info() in delete_state() on hard expired SA
These are good although I hope our code never hits hard expire ever. It should only hit when there is a bug that prevented the soft timer to not rekey in time.
> When there is expire store the last known traffic.
> Also added fuzzing to soft bytes, and packet limits using c->sa_rekey_fuzz.
That’s a good point !
> At the moment I am leaving the responder with hard expire == soft expire
Do you really mean hard and soft here and not fuzzing the soft bytes ? If so I think that is wrong. A responder can also have rekey=yes and shouldn’t end up with a traffic leak during its rekey.
> I want give preference to initiator. I will change the responder soft limit
> calculation. I am still trying to come up with a simple calculation.
> Ideally the inititiator should trigger the rekey first. If both sides have
> the same softlimit, both sides will trigger rekey on the same packet.
> It would lead to extra SA. That is why it is important to have initiator
> value entirely less than the responder values.
Yes this part I totally agree with.
> One thing decide as group is how to represent big number (2^64) bytes and
> packets, especially the default 2^64 will appear in "ipsec status:
> output.
> 18446744073709551615 look ugly:)
make it display 0 or <unset> ?
Paul
More information about the Swan-dev
mailing list