]> git.ipfire.org Git - thirdparty/strongswan.git/commit - src/libcharon/attributes/mem_pool.c
projects / thirdparty / strongswan.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c5d2d86) | patch
mem-pool: add option for reusing online leases, and disable it by default
authorMartin Willi <martin@revosec.ch>
Wed, 24 Jul 2013 14:20:46 +0000 (16:20 +0200)
committerMartin Willi <martin@revosec.ch>
Mon, 29 Jul 2013 06:56:09 +0000 (08:56 +0200)
commit7612a6e42fa4779adbeab74ec044bd554d00c3b3
tree71219d19f3d698b3123ce8e285255f70bd28c2f9tree | snapshot
parentc5d2d867f120926c3946faa583c86c6cce15f895commit | diff
mem-pool: add option for reusing online leases, and disable it by default

Mainly for reauthentication with third party implementations, we allowed to
reuse an online lease, but only for the same peer identity and when it
explicitly requested the same address.

This has always been problematic, because it changes the reqid of the CHILD_SA
with the same traffic selectors, breaking the old tunnel. As we now reject
such policy overwrites, this usually lets the installation of the new policies
fail. We therefore disable reassignment of online leases by default.
src/libhydra/attributes/mem_pool.c diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.