On Wed, 8 Apr 2020, Antony Antony wrote:
I noticed sometimes a several rekeys would get queued up. And delete would
stay in the queue for longer. I think it is best to prioritize v2D ahead
CREATE_CHILD_SA. Also can't think of any side effect of pritorizing v2D.
Why do you think that is best to prioritize ?
Deletes are kind of optional. SA's die by themselves, and lingering an
SA is not very harmful.
On the other hand, a CREATE_CHILD_SA could be triggered by an on-demand
new tunnel, and in that case it would be nice to do these as soon as
possible since a packet is waiting on the tunnel to establish.
There might be different reasons depending on whether there is a
relationship between the delete and the create_child_sa. If they are
connected it might make sense to do it differently from the case I
mentioned above.
AprĀ 6 13:58:50.367487: | ikev2_child_sa_respond returned
STF_INTERNAL_ERROR
Any ideas on what triggered the internal error?
I know one step further. the line shown bellow "EVENT_SA_EXPIRE, timeout in
0 seconds" is the cause. However, I don't why pluto schedule this
EVENT_SA_EXPIRE.
Did you look a the log?
I will look into STF_INTERNAL_ERROR's. All of them should have a
loglog() error line. It should never be returned without an erorr
message.
Thanks for looking into this,
Paul
_______________________________________________
Swan-dev mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-dev
