[Swan-commit] Changes to ref refs/heads/master
Andrew Cagney
cagney at vault.libreswan.fi
Sat Nov 24 15:30:13 UTC 2018
New commits:
commit 08c7024d378fd94c043d927277cad5222174c22e
Author: Andrew Cagney <cagney at gnu.org>
Date: Fri Nov 23 15:22:58 2018 -0500
ikev2: when re-keying an IKE SA, install the new SPIs during emancipation
Not when the new state is created.
Installing them early meant that the new state was hashed to a
different slot to the old IKE SA and this in turn meant that
deleting the old IKE SA while the re-key is in play would
miss the new IKE SA leaving it parentless.
Note that ikev2-32-nat-rw-rekey needs further investigation. The
description has:
4. initiator ike expires and rekey/reauthenticate, brings up the
tunnel.
what was happening is the rekey would go into the weeds, but then the
IKE SA expire decided it should completely re-negotiate, and that did
come up.
With this change pushed, that doesn't happen.
More information about the Swan-commit
mailing list