Bug 1383846 - dpdaction=restart causing a delay during which packets leak plaintext
Summary: dpdaction=restart causing a delay during which packets leak plaintext
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: libreswan
Version: 6.9
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Paul Wouters
QA Contact: BaseOS QE Security Team
URL:
Whiteboard:
Depends On: 1383845
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-10-12 00:12 UTC by Paul Wouters
Modified: 2017-09-06 03:49 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1383845
Environment:
Last Closed: 2017-09-06 03:49:06 UTC
Target Upstream Version:


Attachments (Terms of Use)

Description Paul Wouters 2016-10-12 00:12:18 UTC
+++ This bug was initially created as a clone of Bug #1383845 +++

This action causes a delete + add + initiate, the leak happens between delete and initiate. Apparently this can be 30s

A workaround is to use dpdaction=hold instead of dpdaction=restart

the hold action prevents the delete + add and puts the existing connection/state into initiating mode.

Comment 5 Paul Wouters 2017-09-06 03:49:06 UTC
This bug won't be fixed for rhel6.

As a workaround, please use dpdaction=hold


Note You need to log in before you can comment on or make changes to this bug.