thanks Paul. It should fix the common case. Now that you saw ike-rekey works - migrates child sa. I will bring up my concern again of handling uniqueids again.
uniqueid related logic (ISAKMP_SA_established) called during ike rekey seems wrong to me. pst->st_seen_initialc is from the previous INIT exchange. Wouldn't your fixes wrongly take action during an ike-rekey? The initial contact was sent in the init? I am also considering to set st_seen_initialc=false after duplicating state for IKE rekey. I wonder if why can carry over st_seen_initialc from to newely rekeyed IKE state. regards, -antony On Mon, Jun 18, 2018 at 11:07:27AM -0400, Paul Wouters wrote: > On Sat, 16 Jun 2018, Antony Antony wrote: > > > Subject: Re: analyses of regression in test ikev2-ike-rekey-03 > > I updated 9bd57bb654b501 to no longer delete obsoleted IPsec SA states. > > This addresses the interop issues with Windows that Izone was seeing, > and seems to fix ikev2-ike-rekey-03. I have to look through the full > testrun once it completes to see if there is any regression on having > multiple IPsec SA's, but seems the old one is getting unrouted > properly. > > Paul _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
