I'm trying to understand shared leases - while the code gives the impression that arbitrary connections can share leases I suspect that isn't true. Instead, I suspect there are two scenarios:
- where an SA shuts down (cleanly), so that the same lease might be assigned when the SA later re-establishes, the id:lease pair this doesn't involve sharing, but is only useful when leases can be uniquely identified using the ID - where a new CHILD SA is trying to steal an existing lease . SAs establish with a lease assigned . something goes wrong, an end starts bringing up a new SA and wants to re-use the old lease (but it is still reserved by the old SA) . since the IDs match the lease is shared . when the new SA hits the kernel things get updated . when the old SA gets zapped, the sharing stops - is there anything else? More generally, the second problem seems to have a lot in common with connection instances - trying to pair up a new SA with an existing but failing instance using the ID. Can (shared) leases only be assigned to connection instances and vice versa? Andrew _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
