[Swan-commit] Changes to ref refs/heads/master

[Andrew Cagney]

New commits:
commit 7fcbee18624f8b3b1f644f875a4e12dc06c86aad
Author: Andrew Cagney <cagney at gnu.org>
Date:   Mon Mar 11 13:30:58 2019 -0400

    v2 msgids: clarify some log messages, document problem with updateing responses
    
    For instance:
    
    - CHILD starts re-key, sends request
    - get CHILD rekey response:
      - special child specific code updates old MSGIDs, but not new
      - things suspended while DH processing is performed
    - IKE starts re-key, send request
    
    At this point, because the new code hasn't yet updated its MSGIDs,
    the old and new message counters are out-of-sync and a debug message
    is logged (since old MSGIDs are still used for this case there isn't
    yet a problem).
    
    - CHILD DH completes:
      - success_v2_state_transition() updates new MSGIDs
      - success_v2_state_transition() re-updates old MSGIDs
    
    The fix isn't as simple as updating the new MSGIDs early:
    
    - should the IKE be forced to wait until the child finishes?
    - th old code special caseing CHILD exchanges seems wrong
    - both old and new only updating on success also seems wrong
      (is INVALID_KE success here?)
    - OTOH, can't always update early as INIT/AUTH can't be trusted?