[Swan-commit] Changes to ref refs/heads/main

Tue, 05 Nov 2024 15:33:51 -0800 

New commits:
commit 2cfc44729fb603a8c172a143f1e126f87cdf6eab
Merge: 1de179bfa9 7f66076c78
Author: Andrew Cagney <[email protected]>
Date:   Tue Nov 5 18:15:15 2024 -0500

    ikev1: in process_v1_packet() update other cases in message switch
    
    - use md / md->logger and not SEND_NOTIFICATION()
    
    - use functions that strictly return struct ike_sa / struct child_sa
    
    - especially note the elimination of process_v1_packet() which could,
      in theory, return Child SAs (it relied on other code DTRT)
    
    Merge commit '7f66076c7880c6ded22df075c3c29c70ac99f124'

commit 7f66076c7880c6ded22df075c3c29c70ac99f124
Author: Andrew Cagney <[email protected]>
Date:   Mon Nov 4 11:17:54 2024 -0500

    ikev1: in default msg case, use MD, not SEND_NOTIFICATION()
    
    i.e.,:
        case ISAKMP_XCHG_NONE:
        case ISAKMP_XCHG_BASE:
        case ISAKMP_XCHG_AO:
        case ISAKMP_XCHG_NGRP:

commit 6c249130c54944367e0d7b0bd65386bf3c337c8e
Author: Andrew Cagney <[email protected]>
Date:   Sun Nov 3 20:30:45 2024 -0500

    ikev1: update ISAKMP_XCHG_MODE_CFG code path
    
    - add find_v1_phase15_isakmp_sa() that finds a state:
      - with MSGID==0 (i.e., Main or Quick)
      - with clonedfrom==0 (i.e, a parent)
      - with phase15_msgid==MSGID (.i.e, doing xauth/modecfg)
      return struct ike_sa
    
      replaces find_v1_info_state(MSGID) which could, in theory,
      return a Child SA with matching non-zero MSGID!?!
    
      (it shouldn't happen as other code should stop the Child SA
      being created)
    
      replace the find_v1_info_state(MSGID) call with above
      replace the find_v1_info_state(0) call with find_v1_isakmp_sa()

commit 7957457bb4bb7a1460524b68f4e2f2744534f772
Author: Andrew Cagney <[email protected]>
Date:   Sun Nov 3 20:14:05 2024 -0500

    ikev1: update ISAKMP_XCHG_INFO code path
    
    - use find_v1_isakmp_sa()
      replace find_v1_info_state(SPIs,0)
    
    - use find_v1_isakmp_from_initiator_spi()
      replace find_state_ikev1_init(SPIi,0)
    
    - use md->logger

commit 08afa21c2ea847470d95598ead78521aec05d832
Author: Andrew Cagney <[email protected]>
Date:   Sun Nov 3 19:58:47 2024 -0500

    ikev1: update ISAKMP_XCHG_AGGR+ISAKMP_XCHG_IDPROT code paths
    
    - add find_v1_isakmp_by_initiator_spi() to find an ISAKMP with
      - matching initiator SPI (iCOOKIE) (ignore responder SPI)
      - msgid==0 (i.e, Main or Quick)
      - clonedfrom==0 (i.e., parent)
      and return struct ike_sa
    
      replace find_state_ikev1_init(SPIi,MSGID) where MSGID
      was always 0.
    
    - replace SEND_NOTIFICATION with send_v1_notification_from_md()
    
    - use md->logger
    
    - replace find_state_ikev1(0) with find_v1_isakmp_sa(SPIs)

_______________________________________________
Swan-commit mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to