[Openswan dev] Multiple RW in Aggressive Mode with different PSK
paul at xelerance.com
Sun Jul 5 22:56:29 EDT 2009
On Sun, 5 Jul 2009, D. Hugh Redelmeier wrote:
> | First hunk of this patch is to take care of an entirely different issue.
> | As bitnamesbuf (lib/libopenswan/constants.c::1228) is shared,
> | bitnamesof(sa_policy_bit_names, policy) and
> | bitnamesof(sa_policy_bit_names, c->policy) prints the same thing.
> It is true that you should not have two uses of bitnamesof in the same
> statement (roughly speaking). More accurately, only the latest result
> from bitnamesof is available at any one time so trying to use two at
> once won't work.
> The first two changes fix a misuse of bitnamesof, at the cost of
> another line of debugging output.
I commited this fix. Thanks. I did not find any other occurances
where this happens for bitnamesof().
> I don't know what the !aggrmode change does. I had nothing to do with
> adding Aggressive Mode to Pluto. It is a Bad Thing in my opinion (I
> seem to remember that there are effective attacks on Aggressive Mode).
Well, Aggr Mode is now called "ikev2" :)
Openswan does implement a 6 message fallback when the load is getting
too high, and places initial crypto respond packets (AGGR_R1 and IKEv2 R1)
in a lowest priority queue.
More information about the Dev