On Tue, 31 Jan 2017, Xinwei Hong wrote:
Thanks. The only thing I did was "ipsec start/ipsec stop". It does not seem possible that administrator or something else could delete the interface or IP (and thus the SA). Is it possible that the code race condition and tries to delete the SA twice? I can probably just ignore it for now.
Yes, there are a few weird corner cases where the kernel auto-deletes things when there are network changes. It is usually safe to ignore, although in theory they could be some plaintext packet leaks if you don't have proper firewall rules. Paul _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
