New commits:
commit 08c7024d378fd94c043d927277cad5222174c22e
Author: Andrew Cagney <[email protected]>
Date: Fri Nov 23 15:22:58 2018 -0500
ikev2: when re-keying an IKE SA, install the new SPIs during emancipation
Not when the new state is created.
Installing them early meant that the new state was hashed to a
different slot to the old IKE SA and this in turn meant that
deleting the old IKE SA while the re-key is in play would
miss the new IKE SA leaving it parentless.
Note that ikev2-32-nat-rw-rekey needs further investigation. The
description has:
4. initiator ike expires and rekey/reauthenticate, brings up the
tunnel.
what was happening is the rekey would go into the weeds, but then the
IKE SA expire decided it should completely re-negotiate, and that did
come up.
With this change pushed, that doesn't happen.
_______________________________________________
Swan-commit mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-commit
