[Swan] puzzled by ikev2_delete_out
Matt Rogers
mrogers at redhat.com
Mon Oct 28 19:14:27 EET 2013
The hash chain should only have the Parent SA and any of its associated Child SA's - it looks like the STATE_CHILDSA_DEL/STATE_IKE_DEL state change is just for later use in delete_state()
But with this, I think I spot a bug in delete_state(). If we set a parent SA to STATE_IKESA_DEL and delete_state() processes it,
if (IS_IPSEC_SA_ESTABLISHED(st->st_state) ||
IS_CHILD_SA_ESTABLISHED(st))
delete_ipsec_sa(st, FALSE);
STATE_IKESA_DEL is not included in either of these macros, only STATE_CHILDSA_DEL. I'm not sure how likely we would be to reach this condition, though.
----- Original Message -----
> From: "D. Hugh Redelmeier" <hugh at mimosa.com>
> To: swan at lists.libreswan.org
> Sent: Monday, October 28, 2013 12:40:59 AM
> Subject: [Swan] puzzled by ikev2_delete_out
>
> At the end of ikev2_delete_out, after the label "end", there is code to
> delete states. It is only used if something has gone wrong with sending a
> delete to the other side.
>
> There is a while loop that seems to change the state of every state object
> on the same hash chain as the victim. What's the reason for that?
> Is there any meaningful relationship between state objects on a hash
> chain?
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan
>
More information about the Swan
mailing list