On Wed, 29 Apr 2020, Antony Antony wrote: This issue had been living in a stale mate and neither solution had been merged in yet. I refound it based on a failing test case.
I've merged in Antony's version now as people prefered it. Paul
Date: Wed, 29 Apr 2020 01:53:08 From: Antony Antony <[email protected]> To: Libreswan Development List <[email protected]>, Tuomo Soini <[email protected]> Subject: [Swan-dev] fixing Windows rekeying Here is my attempt to fix it. I guess there more attempts Paul and Andrew has their own? I didnt commit because there more happening around. May be combine and take the best. During rekey on the responder this patch validate TS before the crypto starts. Which I think is way better. I have been thinking of the same for initiator; when get the response to. May be that should be later fix, first commmit the responder side clean up. I used 4 test cases and Windows 10 Tuomo runs to validate. ikev2-child-rekey-09-windows this should emulate what Windows 10 is doing with rekey. It seems DH downgrade is fixed. This is based on logs provided by Tuomo. Next 3 tests are more impairments to TS during rekey, emulating other possible scenarios ikev2-child-rekey-10-impair-rekey-initiate-subnet ikev2-child-rekey-10-impair-rekey-respond-subnet ikev2-child-rekey-10-impair-rekey-respond-supernet Also regarding: https://lists.libreswan.org/pipermail/swan-dev/2020-April/003754.html Andrew is right the initiator does not call the new functions added in 7be41582a340. That is why it is removed. Initiator already call the score fuction follow the last two test cases. Also Tuomo has been testing this? any issues? regards, -antony
_______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
