New commits:
commit be8dffb371cbb80ed0a686ef92c2589a6b5b47b5
Author: Andrew Cagney <[email protected]>
Date: Tue Jul 6 20:06:01 2021 -0400
ikev2: unpend/delete Child SA when rejected by IKE_AUTH response
In process_v2_IKE_AUTH_response_child_sa_payloads(), when the response
contains a failure notification, unpend() and delete the larval
Child SA, and then return v2N_NOTHING_WRONG.
The problem is with unpend(). Like for the Child SA case it should
be doing some sort of expotential backoff.
Notes:
- returning v2N_NOTHING_WRONG is correct: there was a problem, it
was handled; so from the POV of the IKE SA, there isn't a problem
- the code that follows and returns v2N_TS_UN... is also correct;
the initiator is trying to reject the response; just need to
find a way to tell the responder
_______________________________________________
Swan-commit mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-commit
