[Swan-commit] Changes to ref refs/heads/master
Andrew Cagney
cagney at vault.libreswan.fi
Wed Dec 5 20:55:22 UTC 2018
New commits:
commit 48ab456071939535f9f915622162bbcc056fe2ea
Author: Andrew Cagney <cagney at gnu.org>
Date: Mon Dec 3 11:01:34 2018 -0500
ikev2: schedule "replace" as explicit "rekey" (new event), "replace", or "expire" events
The schedule replace code, depening on context will schedule an
explicit "rekey", "replace", or "expire".
The "rekey" handler starts a rekey of the SA (the IKE SA calls
ikev2_rekey_ike_start(), the CHILD uses magic and a call to
ipsecdoi_replace()). A replace is then scheduled.
The "replace" handler seeing a rekey in progress "cleans up" the mess:
for the IKE SA it forces a full replace and forced "expire"; for the
old CHILD SA, it is forced to "expire" (what happens to the new CHILD
SA remains a mystery; can CHILD SA even skip directly from "rekey" to
"expire"?).
This should restore a quirk in ikev2-32-nat-rw-rekey where the rekey
runs runs out of time.
(Note that there is a deliberate bug where EVENT_SA_REKEY is logged as
the old EVENT_SA_REPLACE. It avoids churning the output. Something
to fix later).
More information about the Swan-commit
mailing list