Hi, > In process_r, you check if the informational message is a DELETE > message. Is this necessary? I am concerned that if this message is not > a delete, but another informational message that the FW sends for > whatever reason, we return SUCCESS, which would delete this task and > could lead to the same problem.
This is the original behavior we had, and I'd like to avoid changing that if there is no specific reason to do so. Unfortunately IKEv1 is not that well standardized that we can predict the peer behavior. It is actually possible that it indicates Quick mode failure with such an INFORMATIONAL (where returning SUCCESS is the correct behavior). It will most likely include a notify payload then, but not sure if we can rely on that. The only non-delete INFORMATIONALs that I can think of at this stage are DPD checks. These are caught in the task manager and never hit the task, so should be no problem. Regards Martin _______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
