rpms / libreswan

Clone
Source Code
GIT

Files

  1.   5a966d076278e3ecfc90ea066c1619ea87a978b5
  2.   SOURCES
  3.   libreswan-3.15-1361721-delete.patch
Blob Blame History Raw 
diff -Naur libreswan-3.15-orig/include/pluto_constants.h libreswan-3.15/include/pluto_constants.h
--- libreswan-3.15-orig/include/pluto_constants.h	2016-09-06 22:44:24.279780559 -0400
+++ libreswan-3.15/include/pluto_constants.h	2016-09-06 22:47:42.345765986 -0400
@@ -138,7 +138,7 @@
 
 #define RETRANSMIT_TIMEOUT_DEFAULT	60  /* seconds */
 #define RETRANSMIT_INTERVAL_DEFAULT	500 /* wait time doubled each retransmit - in milliseconds */
-#define DELETE_SA_DELAY			RETRANSMIT_TIMEOUT_DEFAULT /* wait until the other side giveup on us */
+#define DELETE_SA_DELAY			20 /* seconds */
 #define EVENT_CRYPTO_FAILED_DELAY	RETRANSMIT_TIMEOUT_DEFAULT /* wait till the other side give up on us */
 
 /*
diff -Naur libreswan-3.15-orig/programs/pluto/ikev1_main.c libreswan-3.15/programs/pluto/ikev1_main.c
--- libreswan-3.15-orig/programs/pluto/ikev1_main.c	2016-09-06 22:44:24.280780554 -0400
+++ libreswan-3.15/programs/pluto/ikev1_main.c	2016-09-06 22:47:09.165935946 -0400
@@ -3046,15 +3046,15 @@
 								mononow())));
 					} else {
 						loglog(RC_LOG_SERIOUS,
-							"received Delete SA payload: replace IPSEC State #%lu in %d seconds",
+							"received Delete SA payload: replace IPSEC State #%lu in 25ms, letting old IPsec SA linger for %d seconds",
 							dst->st_serialno,
 							DELETE_SA_DELAY);
 						dst->st_margin = deltatime(
 							DELETE_SA_DELAY);
 						delete_event(dst);
-						event_schedule(
+						event_schedule_ms(
 							EVENT_SA_REPLACE,
-							DELETE_SA_DELAY, dst);
+							25 , dst);
 					}
 				} else {
 					loglog(RC_LOG_SERIOUS,
diff -Naur libreswan-3.15-orig/programs/pluto/terminate.c libreswan-3.15/programs/pluto/terminate.c
--- libreswan-3.15-orig/programs/pluto/terminate.c	2016-09-06 22:44:24.304780431 -0400
+++ libreswan-3.15/programs/pluto/terminate.c	2016-09-06 22:45:40.095392201 -0400
@@ -77,7 +77,8 @@
 	flush_pending_by_connection(c);
 	if (shared_phase1_connection(c)) {
 		libreswan_log("IKE SA is shared - only terminating IPsec SA");
-		delete_state(state_with_serialno(c->newest_ipsec_sa));
+		if (c->newest_ipsec_sa != SOS_NOBODY)
+			delete_state(state_with_serialno(c->newest_ipsec_sa));
 	} else {
 		DBG(DBG_CONTROL, DBG_log("connection not shared pkilling phase1 and phase2"));
 		delete_states_by_connection(c, FALSE);

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation