CVSROOT: /cvs
Module name: src
Changes by: mi...@cvs.openbsd.org 2017/03/27 11:17:49
Modified files:
sbin/iked : dh.c dh.h iked.h ikev2.c ikev2_pld.c
Log message:
Don't cache the DH group in the policy
When tearing IKE SA down, the DH group referred by it is destroyed,
however it remains cached in the policy. With the introduction of
IKE SA rekeying we have extended the life of this dangling pointer
by reusing it on new SAs. So instead of caching the pointer in the
policy we can store the DH group ID and create a DH group on demand
using this parameter if it's specified.
With and OK reyk
