[Swan-dev] The curious case of expire_ike_because_child_not_used()

Paul Wouters paul at nohats.ca
Mon Feb 18 01:35:02 UTC 2019

On Fri, 15 Feb 2019, Antony Antony wrote:

>>> Then it checks:
>>>          if (IS_IKE_SA(st)) {
>>>                  ike = pexpect_ike_sa(st);
>>>                  cst = state_with_serialno(c->newest_ipsec_sa);
>>> This seems questionable, as we only ever pass in child states.....
>> Are you sure?  Greping the test results for 'rekeying stale IKE SA'
>> and 'replacing stale IKE SA' both get matches.
> back in the days the event was EVENT_v2_SA_REPLACE_IF_USED.
> and I just greped an old test run from 2018-07-04
> It only show up oe tests.
> my recollection is from 2015 EVENT_v2_SA_REPLACE_IF_USED was for OE.
> And grep seems to support that idea.

Yeah. And the reason not to turn it back into OE specific again is that
we will soon also have idleness as a way to time out connections, once
we trigger netlink messages for that. So I don't think it needs to be


More information about the Swan-dev mailing list