[Swan-commit] Changes to ref refs/heads/master

Andrew Cagney cagney at vault.libreswan.fi
Sat Nov 24 15:30:13 UTC 2018


New commits:
commit 08c7024d378fd94c043d927277cad5222174c22e
Author: Andrew Cagney <cagney at gnu.org>
Date:   Fri Nov 23 15:22:58 2018 -0500

    ikev2: when re-keying an IKE SA, install the new SPIs during emancipation
    
    Not when the new state is created.
    
    Installing them early meant that the new state was hashed to a
    different slot to the old IKE SA and this in turn meant that
    deleting the old IKE SA while the re-key is in play would
    miss the new IKE SA leaving it parentless.
    
    Note that ikev2-32-nat-rw-rekey needs further investigation.  The
    description has:
    
      4. initiator ike expires and rekey/reauthenticate, brings up the
         tunnel.
    
    what was happening is the rekey would go into the weeds, but then the
    IKE SA expire decided it should completely re-negotiate, and that did
    come up.
    
    With this change pushed, that doesn't happen.



More information about the Swan-commit mailing list