[Swan-dev] the problems with Record 'n' Send and delete_state()

[Andrew Cagney]

Off list I was asked what happens given the scenario:

- IKE SA #1 with three CHILD SA's - #2 #3 #4
- user enters --down #2 --down #2

Below is my attempt at illustrating how it works.  Yes it ends up very granular:

--down #2
- records a delete notification; and routes the reply to #2
- schedules an expire (I wonder if this is needed as retransmit logic
will handle this)
- success_v2() transitions ESTABLISHED->DEL, updates send/recv
counters, schedule_next_send() sends the first message in the queue
(here delete#2)

--down #3
- records a delete notification; and routes the reply to #3
- schedules an expire
- success_v2() transitions ESTABLISHED->DEL, updates send/recv
counters, schedule_next_send() see's there's a backlog so nothing is
immediately sent

time passes

#2 (lets assume deletes are only allowed in the expire event handler
and not mid state transition)
- receives the delete#2 response
- re-schedules an expire to happen _now_
- success_v2() transitions DEL->DEL, updates send/recv counters, and
schedule_next_send()  sees there's space and sends delete#3 request
- expire triggers and safeuly deletes the state, possibly triggers
parent cleanup

time passes

#3 does the same thing