Re: system/1618: isakmpd and disconnect notices

["Angelos D. Keromytis" <angelos_(_at_)_cis_(_dot_)_upenn_(_dot_)_edu>]

The following reply was made to PR system/1618; it has been noted by GNATS.

From: "Angelos D. Keromytis" <angelos_(_at_)_cis_(_dot_)_upenn_(_dot_)_edu>
To: ingham_(_at_)_i-pi_(_dot_)_com
Cc: gnats_(_at_)_openbsd_(_dot_)_org
Subject: Re: system/1618: isakmpd and disconnect notices 
Date: Wed, 10 Jan 2001 23:14:51 -0500

 What's a disconnect notice ?
 -Angelos
 
 In message <200101110400_(_dot_)_f0B40GK15738_(_at_)_tesla_(_dot_)_i-pi_(_dot_)_com>, Kenneth Ingham writes:
 >
 >>Number:         1618
 >>Category:       system
 >>Synopsis:       isakmpd ignores disconnect notices
 >>Confidential:   no
 >>Severity:       serious
 >>Priority:       medium
 >>Responsible:    bugs
 >>State:          open
 >>Class:          sw-bug
 >>Submitter-Id:   net
 >>Arrival-Date:   Wed Jan 10 21:00:01 MST 2001
 >>Last-Modified:
 >>Originator:     Kenneth Ingham
 >>Organization:
 >Kenneth Ingham
 >ingham_(_at_)_i-pi_(_dot_)_com
 >>Release:        2.8-Stable
 >>Environment:
 >	System      : OpenBSD 2.8
 >	Architecture: OpenBSD.i386
 >	Machine     : i386
 >>Description:
 >	If you are running PGPnet and cause it to send a disconnect
 >	notice to isakmpd, the notice is ignored.  
 >>How-To-Repeat:
 >	Pick a non-OpenBSD IPsec implementation.  Establish an SA.
 >	Cause a disconnect notice to be sent.  OpenBSD ignores it.
 >	Future connection attempts fail because the SAs get confused.
 >	In 2.7, while the disconnect was ignored, trying to connect
 >	again would eventually succeed.  Now, it looks like SAs just
 >	keep getting added.
 >
 >	Disconnect notices are important for mobile users and users of
 >	PCs which have to reboot regularly.
 >>Fix:
 >	Not known.
 >
 >>Audit-Trail:
 >>Unformatted:
 >