CVSROOT: /cvs
Module name: src
Changes by: to...@cvs.openbsd.org 2020/07/21 02:03:39
Modified files:
sbin/iked : iked.h ikev2.c ikev2_pld.c pfkey.c policy.c
Log message:
Handle TEMPORARY_FAILURE notification on IKESA rekeying.
If we rekey both the IKESA and an CHILDSA in a small time
window a strongswan peer might reposend with a TEMPORARY_FAILURE
notification.
In this case we retry the rekey of the IKESA after a short
timeout and queue PFKEY expire messages (by returning -1 in
ikev2_rekey_sa()), so the CHILDSA rekeying gets delayed.
ok markus@
