[Openswan dev] Patches for Openswan reserved fields and traffic selectors in transport issues
Avesh Agarwal
avagarwa at redhat.com
Tue Jun 26 17:36:52 EDT 2012
Hello,
I have prepared patches for following issues in Openswan:
1. IKEv2 reserved fields issues (redhat bz#831669): As per RFC 5996,
reserved fields must be ignored on receipt irrespective of their value.
In the current openswan implementation, some payloads such as tranform,
proposal, id, ke, vendor id, auth, suffer from the issue that the
contents of the reserved fields are not being ignored on receipt, and
infact Openswan outputs errors and negotiation fails. The attached patch
(openswan-831669.patch) addresses this issue and now Openswan ignores
the reserved fields and IKE negotiation succeeds even if reserved fields
are not zero.
2. Traffic selectors in transport mode (both ikev1/ikev2) (redhat
bz#831669): Openswan does not pass traffic selectors information to
kernel during setup of SAs when a connection is configured in transport
mode. This might lead to situation where esp packets not matching to
existing traffic selectors can pass through kernel when the SA is in
transport mode. The attached patch (openswan-831676.patch) addresses
this issue and now Openswan passes traffic selectors information to
kernel when SAs are setup in transport mode.
Any feedback on the patches is appreciated.
--
Thanks and Regards
Avesh
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openswan-831669.patch
Type: text/x-diff
Size: 3852 bytes
Desc: not available
URL: <https://lists.openswan.org/pipermail/dev/attachments/20120626/0b1736b7/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openswan-831676.patch
Type: text/x-diff
Size: 4325 bytes
Desc: not available
URL: <https://lists.openswan.org/pipermail/dev/attachments/20120626/0b1736b7/attachment-0001.bin>
More information about the Dev
mailing list