| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
I still think ipsec/l2tp with fragmentation support is a useful
fallback option in case the Windows IKEv2 connection fails because
of fragmentation problems.
Tested with Windows XP, 7 and 8.1.
|
| |
|
|
|
|
|
| |
For instance, if a DPD exchange is initiated by the gateway when a
mobile client is roaming and it then gets a new IP address and sends
an address update via MOBIKE, the DPD retransmits would still be sent
to the old address and the SA would eventually get closed.
|
| |
|
|
|
| |
If a fragmented message is retransmitted only the first packet is passed
to the alert() hook.
|
| | |
|
| |
|
|
|
| |
This fails if there are unencrypted payloads before an encrypted
fragment payload in the first fragment.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
The message() hook on bus_t is now called exactly once before (plain) and
once after fragmenting (!plain), not twice for the complete message and again
for each individual fragment, as was the case in earlier iterations.
For inbound messages the hook is called once for each fragment (!plain)
and twice for the reassembled message.
|
| | |
|
| | |
|
| |
|
|
|
| |
The re-authentication is now handled within the original IKE_SA if it has not
yet been established, so we don't want to destroy it.
|
| |
|
|
|
|
|
|
| |
At the time we reset an IKE_SA (e.g. when re-authenticating a not yet
established SA due to a roaming event) such tasks might already be queued
by one of the phase 1 tasks. If the SA is initiated again another task will
get queued by the phase 1 task. This results in e.g. multiple mode config
requests, which most gateways will have problems with.
|
| | |
|
| |
|
|
| |
We now prefer MOBIKE tasks over delete tasks then the rest.
|
| |
|
|
|
|
|
|
| |
This reverts commit 3293d146289d7c05e6c6089ae1f7cdbcea378e63.
The position of tasks in the queue does not actually determine the order
in which they are activated. Instead this is determined by the
statements in task_manager_v2_t.initiate().
|
| |
|
|
|
| |
The MOBIKE task is active during the initial exchanges but we don't want
to treat them as actual MOBIKE exchanges (i.e. there is no path probing).
|
| | |
|
| | |
|
| |
|
|
| |
Path probing is enabled if the current path is not available anymore.
|
| |
|
|
|
| |
We do the same before initiating the task, so we should probably do it
too when we already initiated it, not just time out and destroy the SA.
|
| | |
|
| |
|
|
|
|
|
| |
This might not be the case if e.g. an address appeared but the old one
is still available but not actually usable. Without this the MOBIKE
task would eventually time out even though we might be able to switch
to a working address.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
In case we have no usable path to the other peer there is no point in
initiating any other tasks (like rekeying).
|
| |
|
|
|
| |
This will probably never be more than 1 since we only have one task queued
at a time and we don't migrate running tasks.
|
| |
|
|
|
|
|
|
| |
Because we only queue one MOBIKE task at a time, but destroy superfluous
ones only after we already increased the counter for pending MOBIKE updates,
we have to reduce the counter when such tasks are destroyed. Otherwise, the
queued task would assume another task is queued when it is running and
ignore any successful response.
|
| |
|
|
| |
References #557.
|
| |
|
|
|
|
|
|
| |
Due to how reauthentication works for IKEv1 we could get a second
IKE_SA, which might cause problems, when connectivity problems arise
when the connection is initially established.
Fixes #670.
|
| | |
|
| |
|
|
|
|
|
|
| |
When an initiator starts reauthentication on a connection that uses push
mode to assign a virtual IP, we can't execute the Mode Config before releasing
the virtual IP. Otherwise we would request a new and different lease, which
the client probably can't handle. Defer Mode Config execution, so the same IP
gets first released then reassigned during reauthentication.
|
| |
|
|
|
|
|
|
|
|
| |
If a peer immediately sends DELETE messages when completing Quick Mode rekeying,
the third Quick Mode message and the DELETE are sent simultaneously. This
implies that DELETE messages may arrive before the completing third Quick Mode
message.
Handle this case by ignoring the DELETE INFORMATIONAL in Quick Mode and let
the delete task handle it.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To check if a received IKE_SA_INIT request is a new request or a
retransmit, charon maintains hashes of the pending IKE_SA_INIT
exchanges.
However, the hash calculation is not reentrant because a single hasher
is used for the whole IKE SA manager. It leads to bogus calculations
under high load and hence dropped messages on responder
(IkeInInvalidSpi incremented).
Don't share a single hasher in the IKE SA manager, create a transient
one whenever a message must be hashed.
Signed-off-by: Christophe Gouault <christophe.gouault@6wind.com>
|
| |
|
|
|
| |
The old hook is renamed to ike_reestablish_post and is now also called
when the initiation of the new IKE_SA failed.
|
| |
|
|
|
|
| |
This avoids conflicts with regular IPsec policies.
Similarly, use the lowest priority for drop policies.
|
| |
|
|
|
|
|
|
| |
While the outbound SA actually does not need a replay window, the kernel rejects
zero replay windows on SAs using ESN. The ESN flag is required to use the full
sequence number in ICV calculation, hence we set the replay window.
This restores the behavior we had before 30c009c2.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Similar to assign_vips() used by a peer assigning virtual IPs to the other peer,
the handle_vips() hook gets invoked on a peers after receiving attributes. On
release of the same attributes the hook gets invoked again.
This is useful to inspect handled attributes, as the ike_updown() hook is
invoked after authentication, when attributes have not been handled yet.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
This will be useful if the kernel backend has to know how many policies
follow an SA install, for example if it must install all policies concurrently.
|
| | |
|
| |
|
|
|
| |
The old identifiers did not use a proper namespace and often clashed with
other defines.
|
| | |
|
| |
|
|
|
| |
If the state stays at UPDATING, the fallback using IKEv1 rekeying fails as
the task manager refuses to rekey a CHILD_SA in non-INSTALLED state.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch is based on one by Christoph Gouault.
Currently, to count the total number of half_open IKE_SAs,
get_half_open_count sums up the count of each segment in the SA hash
table (acquiring a lock for each segment). This procedure does not scale
well when the number of segments increases, as the method is called for
each new negotiation.
Instead, lets maintain a global atomic counter.
This optimization allows the use of big values for charon.ikesa_table_size
and charon.ikesa_table_segments.
|
| |
|
|
|
|
|
|
|
|
|
| |
If one peer starts reauthentication by deleting the IKE_SA, while the other
starts CHILD_SA rekeying, we run in a race condition. To avoid it, temporarily
reject the rekey attempt while we are in the IKE_SA deleting state.
RFC 4306/5996 is not exactly clear about this collision, but it should be safe
to reject CHILD_SA rekeying during this stage, as the reauth will re-trigger the
CHILD_SA. For non-rekeying CHILD_SA creations, it's up to the peer to retry
establishing the CHILD_SA on the reauthenticated IKE_SA.
|
