While I hunt for the reason child SAs expiring results in ESRCH during pfkey_sa_last_used, this more detailed log message on error is much more helpful than the default pretty print of "pfkey_sa_last_used: No such process".
I suspect it's useful to others. Thank you, all. matthew weaver --- Index: pfkey.c =================================================================== RCS file: /cvs/src/sbin/iked/pfkey.c,v retrieving revision 1.64 diff -u -p -u -r1.64 pfkey.c --- pfkey.c 23 Apr 2020 20:17:48 -0000 1.64 +++ pfkey.c 24 May 2020 15:34:39 -0000 @@ -939,7 +939,11 @@ pfkey_sa_last_used(int sd, struct iked_c if (msg->sadb_msg_errno != 0) { errno = msg->sadb_msg_errno; ret = -1; - log_warn("%s: message", __func__); + log_warn( + "%s: pfkey_write error on spi 0x%08x from %s to %s", + __func__, ntohl(sadb.sadb_sa_spi), + print_host((struct sockaddr *)&ssrc, NULL, 0), + print_host((struct sockaddr *)&sdst, NULL, 0)); goto done; } if ((sa_life = pfkey_find_ext(data, n, SADB_X_EXT_LIFETIME_LASTUSE))