1383846 – dpdaction=restart causing a delay during which packets leak plaintext

Bug 1383846 - dpdaction=restart causing a delay during which packets leak plaintext

Summary: dpdaction=restart causing a delay during which packets leak plaintext

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	libreswan
Sub Component:
Version:	6.9
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Paul Wouters
QA Contact:	BaseOS QE Security Team
Docs Contact:
URL:
Whiteboard:
Depends On:	1383845
Blocks:
TreeView+	depends on / blocked

Reported:	2016-10-12 00:12 UTC by Paul Wouters
Modified:	2017-09-06 03:49 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:	1383845
Environment:
Last Closed:	2017-09-06 03:49:06 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Paul Wouters 2016-10-12 00:12:18 UTC

+++ This bug was initially created as a clone of Bug #1383845 +++

This action causes a delete + add + initiate, the leak happens between delete and initiate. Apparently this can be 30s

A workaround is to use dpdaction=hold instead of dpdaction=restart

the hold action prevents the delete + add and puts the existing connection/state into initiating mode.

Comment 5 Paul Wouters 2017-09-06 03:49:06 UTC

This bug won't be fixed for rhel6.

As a workaround, please use dpdaction=hold

Note You need to log in before you can comment on or make changes to this bug.