[Swan-commit] Changes to ref refs/heads/main
Paul Wouters
paul at vault.libreswan.fi
Wed Aug 18 21:32:47 UTC 2021
New commits:
commit 0c04c85a3fc6becfa65d6a70974b072489a100a6
Author: Paul Wouters <paul.wouters at aiven.io>
Date: Wed Aug 18 17:29:34 2021 -0400
IKEv2: discard, not expire, replaced child SA by Initial Contact
When we received initial contact message, we know there is no
point in sending an Informational Exvhange message. Sending it
causes us to retransmit/delay because the other end can no longer
respond. That causes a delay in Child SA deletion. Since both
Child SA's use the same reqid/policy but different state/key,
packet flow is interrupted while this is in progress.
By using EVENT_SA_DISCARD, this happens within 1s, instead of
taking 60s
Co-authored-by: Andrew Cagney <cagney at gnu.org>
More information about the Swan-commit
mailing list