[Swan-commit] Changes to ref refs/heads/master
Paul Wouters
paul at vault.libreswan.fi
Wed Mar 13 01:40:56 UTC 2019
New commits:
commit 9eca502c26eaec48836232876f7c1d6afe0bd989
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Mar 12 21:40:36 2019 -0400
testing: updated ikev2-delete-sa-04 for new revive code
commit 72c303659692dd82dfbd2e1b40cf13cb239787fa
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Mar 12 21:13:02 2019 -0400
pluto: Improve the revive connection code [with D. Hugh Redelmeier]
The previous code used a global variable, and a timer event with 0
delay. However, it turns out could still compete and lose from other
timed events, causing unexpected behaviour if those other events also
touched the global revive connection name.
Instead, use a linked list and ensure no double entries are ever allowed on
the list.
Additionally, assume that if any IPsec SA comes up, the peer is no longer
trying to keep their connection down, and reset the delay timer. If the
peer deletes the connection, then while an IKE SA can come up, the IPsec
SA should no longer come up. And we can keep trying but with increasing
delays. Timing changed to adding 5s per attempt up to 5 minutes.
More information about the Swan-commit
mailing list