On Sat, 2 May 2020, Andrew Cagney wrote:
Tuomo and I spent a bit of Friday debugging a regression where the liveness probe was stomping on a DISCARD event (forcing it to REPLACE) set according to the connection.
I think there are two reasons why a state can get a DISCARD event. One is for when there is no rekeying scheduled and it reaches its end of life. The other is when it has been replaced by another IPsec SA, and we let it linger for a while. Unfortunately, "a while" is just the original end of life timeout. The revive code I guess tries to determine if this state is the c->newest_ipsec_sa and then is supposed to act differently (let it die or try to spin up new one)
Anyway, I think this points to the next change. When retransmits fail, force what ever event is in .st_event (and I'm tempted to rename .st_event to .st_kill_event or .st_death_event).
Maybe st_afterlife ? :) Paul _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
