New commits:
commit 648051a96ea8f2c506741e575c5054337b34cd52
Author: Andrew Cagney <[email protected]>
Date: Mon May 7 16:12:12 2018 -0400
packets: work around delete_state() scribbling a delete message all over an
IKEv2 AUTH reply
During an IKEv2 AUTH reply, any old IKE SA will be replaced (switching
interfaces? fragmentation related?) and that can lead to the old IKE
SA scribbling its delete message all over the unsent AUTH reply the
the global reply_buffer[].
What next for the workaround?
- move the save/restore to where the problematic delete is being
called
this patch does it across every delete
- suppress sending a delete when replacing and old IKE SA
no reason for sending the delete message, but it didn't seem to work
using .st_ikev2_no_del though?
- schedule the cleanup for after the current event has finished
- eliminate the nasty evil global reply_buffer[]
_______________________________________________
Swan-commit mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-commit
