[Swan-dev] The curious case of expire_ike_because_child_not_used()

Andrew Cagney andrew.cagney at gmail.com
Fri Feb 15 19:05:47 UTC 2019

On Sun, 10 Feb 2019 at 23:18, Paul Wouters <paul at nohats.ca> wrote:

> It is called from v2_event_sa_rekey() and v2_event_sa_replace()
> The calls pass a child st state.


> Then it checks:
>          if (IS_IKE_SA(st)) {
>                  ike = pexpect_ike_sa(st);
>                  cst = state_with_serialno(c->newest_ipsec_sa);
> This seems questionable, as we only ever pass in child states.....

Are you sure?  Greping the test results for 'rekeying stale IKE SA'
and 'replacing stale IKE SA' both get matches.

More information about the Swan-dev mailing list