Hi, > Quick Mode (1) --> > <-- Quick Mode (2) > Informational Msg (D-1) --> > Informational Msg (D-2) --> > Quick Mode (3) -->
> The two informational messages D-1 and D-2 are delete messages for the two > SAs the FW is expiring. > > This sequence of messages causes the quick mode task to get into a weird > state. This is how it happens. Thanks for your detailed analysis. I could reproduce the issue here when delaying the third Quick Mode message. > The fix was to return NOT_SUPPORTED in quick_mode_t::process_r when a > INFORMATIONAL_V1 message is received in QM_NEGOTIATED state. In > process_request in src/libcharon/sa/ikev1/task_manager_v1.c, when a > task returns NOT_SUPPORTED, i continue to the next task in the > enumeration (without sending a response). I think that could work. To avoid introducing another return value for tasks, we alternatively could just ignore DELETE messages in the Quick Mode task. I've pushed a patch to [1] doing so, it works well in my tests. Let me know if it fixes the issue with that Juniper box, I'll then merge the change to mainline. Regards Martin [1]http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=1fdc715e _______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
