[Swan-dev] auto=start + receiving Delete in IKEv1
Paul Wouters
paul at nohats.ca
Tue Sep 13 17:24:56 UTC 2016
To fix an end that runs --up and receives a delete, so that it will
immediately try again to re-establish, I need this fix:
diff -Naur libreswan-3.15-orig/programs/pluto/ikev1_main.c
libreswan-3.15/programs/pluto/ikev1_main.c
--- libreswan-3.15-orig/programs/pluto/ikev1_main.c 2016-09-06
21:58:51.054000000 -0400
+++ libreswan-3.15/programs/pluto/ikev1_main.c 2016-09-06
21:59:44.171000000 -0400
@@ -3052,9 +3052,9 @@
dst->st_margin = deltatime(
DELETE_SA_DELAY);
delete_event(dst);
- event_schedule(
+ event_schedule_ms(
EVENT_SA_REPLACE,
- DELETE_SA_DELAY,
dst);
+ 25, dst);
}
} else {
loglog(RC_LOG_SERIOUS,
Basically, we were waiting 60 seconds to get the new IPsec SA going and
hanging on to the old one. And since the other end has the IPsec SA
deleted, traffic flow is broken for 60s.
It seems that scheduleing for event_schedule() with 0 seconds causes
strange interaction - possibly confusing states. But I dont want to
wait 1 second, so I use event_schedule_ms() to do 25ms. This causes
me to not be able to use DELETE_SA_DELAY which is in seconds, not ms.
There are only 4 occurances od DELETE_SA_DELAY, and they are all in this
chunk of code, but they all deal with adding some margin/delay and use
timediff functions, so the change from seconds to ms is not trivial (to
me). I don't think that is still very useful, when we retry in 25ms
anyway? So perhaps we can just remove those margin scribblings?
And note that this code is IKEv1 specific - IKEv2 uses a different
mechanism I still need to investigate.
Paul
More information about the Swan-dev
mailing list