[Swan-dev] The curious case of expire_ike_because_child_not_used()
Paul Wouters
paul at nohats.ca
Mon Feb 18 01:35:02 UTC 2019
On Fri, 15 Feb 2019, Antony Antony wrote:
>>> Then it checks:
>>>
>>> if (IS_IKE_SA(st)) {
>>> ike = pexpect_ike_sa(st);
>>> cst = state_with_serialno(c->newest_ipsec_sa);
>>>
>>>
>>> This seems questionable, as we only ever pass in child states.....
>>
>> Are you sure? Greping the test results for 'rekeying stale IKE SA'
>> and 'replacing stale IKE SA' both get matches.
>
> back in the days the event was EVENT_v2_SA_REPLACE_IF_USED.
> and I just greped an old test run from 2018-07-04
> It only show up oe tests.
>
> my recollection is from 2015 EVENT_v2_SA_REPLACE_IF_USED was for OE.
> And grep seems to support that idea.
Yeah. And the reason not to turn it back into OE specific again is that
we will soon also have idleness as a way to time out connections, once
we trigger netlink messages for that. So I don't think it needs to be
OEonly.
Paul
More information about the Swan-dev
mailing list