|
Hi, There is a scenario during child SA rekeying collision where both peers decide they have lost the collision. No new SA gets established, and when the old SA hits the hard expiration and is deleted, the application is not notified because the old SA is in REKEYING state. This happens when peer A rejects the Diffie-Hellman offered by peer B, yet it decides a collision winner based on nonces including from the failed rekey request. Meanwhile peer B decides the collision winner based on nonces including its re-request rather than the failed first request. There seems to be a fairly simple way to address this. When peer A rejected the rekey request with INVAL_KE, it reset the old SA state to INSTALLED in child_rekey.c build_r(). Later child_reky.c collide() is used to determine whether the apparent collision between two child_rekey tasks is really a collision. Adding a check here to detect the INSTALLED state, and deleting the "other" rekey task in that case so no collision arbitration is done, allows the rekey to complete successfully. Are there other scenarios where this check for INSTALLED would create a problem? Regards, Nancy |
_______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
