[Swan-commit] Changes to ref refs/heads/main

Mon, 04 Nov 2024 15:14:46 -0800 

New commits:
commit 6a71f6e103708499314d3bab144ed8a4dc40d258
Merge: 71aa8a924b 116c1d1edc
Author: Andrew Cagney <[email protected]>
Date:   Mon Nov 4 17:07:38 2024 -0500

    ikev1: in process_v1_packet() update QUICK path
    
    - use more strict look-up functions
      check for correct clonedfrom in addition to MSGID
    
    - look for the IKE (ISAKMP) SA first
      since that is predicate on exchange progressing
    
    - use md->logger
      getting away from SEND_NOTIFICATION() magic
    
    Merge commit '116c1d1edce0d5a51555682732a11da6e28b272b'

commit 116c1d1edce0d5a51555682732a11da6e28b272b
Author: Andrew Cagney <[email protected]>
Date:   Mon Nov 4 09:36:22 2024 -0500

    ikev1: update ISAKMP_XCHG_QUICK, look for the IKE (ISAKMP) SA first
    
    and when there isn't one, drop the packet.
    
    Since part of deleting an IKE (ISAKMP) SA is to flush all larval
    children, having no IKE (ISAKMP) SA should mean no lingering
    larval child.
    
    This reverses the old lookup which checked for the Child SA
    before the IKE SA.

commit e9d189bc61fb240193de0d21180529cafd1e9313
Author: Andrew Cagney <[email protected]>
Date:   Mon Nov 4 10:30:01 2024 -0500

    ikev1: update ISAKMP_XCHG_QUICK path
    
    - add find_v1_isakmp_sa(SPIs) to find an ISAKMP with:
      - matching SPIs (COOKIES)
      - a zero MSGID (i.e., only Main or Aggr)
      - a zero clonedfrom (i.e., only a parent)
      returns struct ike_sa
    
      replace find_state_ikev1(SPIs,0) which didn't
      explicitly check for a zero clonedfrom
    
      (yes, MSGID==0 IFF clonedfrom==0 should hold)
    
    - add find_v1_ipsec_sa(SPIs,MSGID) to find a Child SA with:
      - matching SPIs (COOKIES)
      - matching non-zero MSGID (i.e., can't be Main or Aggr)
      - a non-zero clonedfrom (i.e., only a child)
      returns struct child_sa
    
      replace find_state_ikev1(SPIs,MSGID) which didn't
      explicitly check for a non-zero clonedfrom
    
      (yes, MSGID!=0 should imply non-zero clonedfrom)
    
    - replace the SEND_NOTIFICATION() magic (it uses either ST or MD)
    
      instead explictly use either of:
        send_v1_notification_from_md()
        send_v1_notification_from_isakmp() [new!]
      also use llog() and ldbg() with md, ike, or child logger

commit 48aa742c984c1c4eedef2490554945de414be16f
Author: Andrew Cagney <[email protected]>
Date:   Sun Nov 3 11:44:33 2024 -0500

    ikev1: move send_v1_notification_from_md() to ikev1_send.c
    
    (since declaration is in ikev1_send.h)
    
    Also ikev1_sent_notifies_e increment to inside function
    (which means that invalid versions are counted)

_______________________________________________
Swan-commit mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to