[strongSwan-dev] Race during IKE_SA negotiation?
Noam Lampert
lampert at google.com
Tue Feb 10 16:31:04 CET 2015
Hey,
I suspect there is a bug here:
https://github.com/strongswan/strongswan/blob/master/src/libcharon/sa/ike_sa_manager.c#L1849
If UNIQUE_REPLACE is set, and strongswan is initiating an IKE_SA, and in
parallel a peer-initiated IKE_SA gets established, then the code pointed at
will not abort the in-progress negotiation (because its state is not
ESTABLISHED).
Combine this with the behavior that when an initiate times out (after
enough retransmits) it automatically starts retransmitting, and you get an
infinite loop of initiation attempts.
What is the logic in placing only some of the states here?
Noam
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20150210/7328a772/attachment.html>
More information about the Dev
mailing list