[Swan-commit] Changes to ref refs/heads/main
Andrew Cagney
cagney at vault.libreswan.fi
Tue Nov 14 18:06:28 EET 2023
New commits:
commit 7e22ac55b67f4b6f7ac921e058b0e231b2eab47a
Author: Andrew Cagney <cagney at gnu.org>
Date: Tue Nov 14 07:59:17 2023 -0500
testing: update redirect tests
commit 60c4ce15bee4b97fff615f7b3ca78065b964a35d
Author: Andrew Cagney <cagney at gnu.org>
Date: Mon Nov 13 20:56:36 2023 -0500
redirect: use revival and routing code to initiate redirects
This way the revival and redirect code can't get into a fight,
fixing #1396 and #1319.
- when a redirect arrives, save the redirect details in connection
.redirect and then trigger an ike family delete (return
STF_OK_INITIATOR_DELETE_IKE for IKE_SA_INIT and IKE_AUTH, schedule
DISCARD event for established).
- the routing code sees the +UP connection going down and schedules an
immediate revival (while also updating kernel state and policy as
required)
- the revival code sees that it is for a redirect, and acts
accordingly
When the redirect limit is exceeded, the step saving the redirect
details is skipped and instead revival is forced to 300s per RFC
(#1401). Consequently a normal, if much delayed, revival is
scheduled. A failing redirect is the same, but with a more sensible
delay.
More information about the Swan-commit
mailing list