[Swan-dev] IKEv2 revival
Paul Wouters
paul at nohats.ca
Mon May 4 01:18:49 UTC 2020
On Sat, 2 May 2020, Andrew Cagney wrote:
> Tuomo and I spent a bit of Friday debugging a regression where the
> liveness probe was stomping on a DISCARD event (forcing it to REPLACE)
> set according to the connection.
I think there are two reasons why a state can get a DISCARD event. One
is for when there is no rekeying scheduled and it reaches its end of
life. The other is when it has been replaced by another IPsec SA, and
we let it linger for a while. Unfortunately, "a while" is just the
original end of life timeout. The revive code I guess tries to determine
if this state is the c->newest_ipsec_sa and then is supposed to act
differently (let it die or try to spin up new one)
> Anyway, I think this points to the next change. When retransmits
> fail, force what ever event is in .st_event (and I'm tempted to rename
> .st_event to .st_kill_event or .st_death_event).
Maybe st_afterlife ? :)
Paul
More information about the Swan-dev
mailing list