child-delete: Delay the removal of the inbound SA of rekeyed CHILD_SAs
authorTobias Brunner <tobias@strongswan.org>
Tue, 21 Mar 2017 15:03:54 +0000 (16:03 +0100)
committerTobias Brunner <tobias@strongswan.org>
Tue, 23 May 2017 16:46:49 +0000 (18:46 +0200)
commit44107cb7b75551e02afd56061534495c10b94de3
tree4e3bfad83d2ca7059dea2d84fbf481f519262a2e
parentba0796fe75b1a8b6e23ff8543058baa909beae8f
child-delete: Delay the removal of the inbound SA of rekeyed CHILD_SAs

After deleting a rekeyed CHILD_SA we uninstall the outbound SA but don't
destroy the CHILD_SA (and the inbound SA) immediately.  We delay it
a few seconds or until the SA expires to allow delayed packets to get
processed. The CHILD_SA remains in state CHILD_DELETING until it finally
gets destroyed.
conf/options/charon.opt
src/libcharon/sa/ikev2/tasks/child_delete.c
src/libcharon/sa/ikev2/tasks/child_rekey.c
src/libcharon/tests/suites/test_child_rekey.c