[Swan-dev] does the address pool really share leases?

Andrew Cagney andrew.cagney at gmail.com
Thu Sep 26 20:58:43 UTC 2019

I'm trying to understand shared leases - while the code gives the
impression that arbitrary connections can share leases I suspect that
isn't true.  Instead, I suspect there are two scenarios:

- where an SA shuts down (cleanly), so that the same lease might be
assigned when the SA later re-establishes, the id:lease pair
this doesn't involve sharing, but is only useful when leases can be
uniquely identified using the ID

- where a new CHILD SA is trying to steal an existing lease
. SAs establish with a lease assigned
. something goes wrong, an end starts bringing up a new SA and wants
to re-use the old lease (but it is still reserved by the old SA)
. since the IDs match the lease is shared
. when the new SA hits the kernel things get updated
. when the old SA gets zapped, the sharing stops

- is there anything else?

More generally, the second problem seems to have a lot in common with
connection instances - trying to pair up a new SA with an existing but
failing instance using the ID.  Can (shared) leases only be assigned
to connection instances and vice versa?


More information about the Swan-dev mailing list