Hi, when SIGINT is sent to daemon or shutdown is called why active SAD entries are deleted first then SPD entries ?
the problem with this approach is that if it happens with running traffic (at heavy rate) there could be a chance that before SPD's are flush, some traffic hit the policy and trigger the new SA and try to establish that. Now it may also so happen that it could be SA with SPI=0 (larval SA) It would make the desired cleanup as improper and could block the tunnel establishment again (until larval SA expires ) as in restart case. is there any particular reason that this is done in the current fashion ? Thanks, BR's Deepak
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
