[Swan-commit] Changes to ref refs/heads/main
Andrew Cagney
cagney at vault.libreswan.fi
Fri Sep 10 15:16:41 UTC 2021
New commits:
commit 8d17f5ea489f3350708a3084c5be33acc109df93
Author: Andrew Cagney <cagney at gnu.org>
Date: Fri Sep 10 11:16:07 2021 -0400
testing: expect IKE SA to be handling CREATE_CHILD_SA retransmits
commit 6341e0d0257f26a7883bc5d1abff50ac362c625b
Author: Andrew Cagney <cagney at gnu.org>
Date: Tue Sep 7 14:18:47 2021 -0400
ikev2: on responder, process CREATE_CHILD_SA for a child using IKE SA
... instead of creating the Child SA and then switching to that.
Should the operation fail, the larval child is deleted and STF_OK
is returned (from the IKE SA's POV there isn't a problem).
The big complication here was the IKE SA trying to simultaneously
schedule both short term (exchange timeout) and long term (replace)
timeouts using the same event-slot (.sa_event).
This brings the IKE_AUTH and CREATE_CHILD_SA code paths for Child SA
closer to into line (and eliminates one of the remaining reasons
for scaning all states).
More information about the Swan-commit
mailing list