charon-tkm: Don't select new outbound SA until the policy is installed
authorTobias Brunner <tobias@strongswan.org>
Tue, 11 Jul 2017 12:05:01 +0000 (14:05 +0200)
committerTobias Brunner <tobias@strongswan.org>
Mon, 7 Aug 2017 08:44:05 +0000 (10:44 +0200)
commitd24b831fe7def230cc604a2a2bf3f1a05a523c23
tree76ce73b0f7ad3945121accc7a4386940d1bdf9e4
parent0d42a762759c80748a003da46a99970b860535f9
charon-tkm: Don't select new outbound SA until the policy is installed

This tries to avoid packet loss during rekeying by delaying the usage of
the new outbound IKE_SA until the old one is deleted.

Note that esa_select() is a no-op in the current TKM implementation. And
the implementation also doesn't benefit from the delayed deletion of the
inbound SA as it calls esa_reset() when the outbound SA is deleted.
src/charon-tkm/src/tkm/tkm_kernel_ipsec.c