]> git.ipfire.org Git - thirdparty/strongswan.git/commit
projects / thirdparty / strongswan.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 639af09) | patch
ikev2: Use hashes to detect retransmits
authorTobias Brunner <tobias@strongswan.org>
Mon, 23 Jul 2018 15:49:15 +0000 (17:49 +0200)
committerTobias Brunner <tobias@strongswan.org>
Wed, 29 Jun 2022 08:28:50 +0000 (10:28 +0200)
commit2a9323a18a1d7f42a4f90672176e9184d55ca305
tree17b7ebf7098481a89812b8a423c8a831ce9e54bctree
parent639af09b2e3624217d3f3294e5c53aff2351c34acommit | diff
ikev2: Use hashes to detect retransmits

This way we avoid parsing messages with unexpected message IDs, which
might not even be possible if we don't have the keys anymore.  However,
the next commit should avoid the latter and this way we avoid deriving
keys for retransmits or unexpected messages.

This also changes how retransmits for fragmented messages are triggered.
Previously, we waited for all fragments and reconstructed the message
before retransmitting the response.  Now we only track the first
fragment and if we receive a retransmit of it respond immediately
without waiting for other fragments (which are now ignored).  This is in
compliance with RFC 7383, section 2.6.1, and can avoid issues if there
are lots of fragments.
src/libcharon/sa/ikev2/task_manager_v2.c diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.