[Swan-commit] Changes to ref refs/heads/master

Andrew Cagney cagney at vault.libreswan.fi
Wed Dec 5 20:55:22 UTC 2018


New commits:
commit 48ab456071939535f9f915622162bbcc056fe2ea
Author: Andrew Cagney <cagney at gnu.org>
Date:   Mon Dec 3 11:01:34 2018 -0500

    ikev2: schedule "replace" as explicit "rekey" (new event), "replace", or "expire" events
    
    The schedule replace code, depening on context will schedule an
    explicit "rekey", "replace", or "expire".
    
    The "rekey" handler starts a rekey of the SA (the IKE SA calls
    ikev2_rekey_ike_start(), the CHILD uses magic and a call to
    ipsecdoi_replace()).  A replace is then scheduled.
    
    The "replace" handler seeing a rekey in progress "cleans up" the mess:
    for the IKE SA it forces a full replace and forced "expire"; for the
    old CHILD SA, it is forced to "expire" (what happens to the new CHILD
    SA remains a mystery; can CHILD SA even skip directly from "rekey" to
    "expire"?).
    
    This should restore a quirk in ikev2-32-nat-rw-rekey where the rekey
    runs runs out of time.
    
    (Note that there is a deliberate bug where EVENT_SA_REKEY is logged as
    the old EVENT_SA_REPLACE.  It avoids churning the output.  Something
    to fix later).



More information about the Swan-commit mailing list