child-sa: Add new state to track deleted but not yet destroyed CHILD_SAs
authorTobias Brunner <tobias@strongswan.org>
Tue, 20 Mar 2018 11:43:13 +0000 (12:43 +0100)
committerTobias Brunner <tobias@strongswan.org>
Mon, 9 Apr 2018 15:13:41 +0000 (17:13 +0200)
This allows us to easily identify SAs we keep around after a rekeying to
process delayed packets.

src/libcharon/control/controller.c
src/libcharon/plugins/vici/vici_config.c
src/libcharon/sa/child_sa.c
src/libcharon/sa/child_sa.h
src/libcharon/sa/ikev1/tasks/quick_delete.c
src/libcharon/sa/ikev2/tasks/child_delete.c
src/libcharon/sa/ikev2/tasks/child_rekey.c
src/libcharon/tests/suites/test_child_rekey.c

index 44a4d0a..fb95b44 100644 (file)
@@ -363,7 +363,7 @@ METHOD(listener_t, child_state_change_terminate, bool,
                        case CHILD_DESTROYING:
                                switch (child_sa->get_state(child_sa))
                                {
-                                       case CHILD_DELETING:
+                                       case CHILD_DELETED:
                                                /* proper delete */
                                                this->status = SUCCESS;
                                                break;
index 5668b92..2faa66e 100644 (file)
@@ -2029,7 +2029,8 @@ static void clear_start_action(private_vici_config_t *this, char *peer_name,
                                children = ike_sa->create_child_sa_enumerator(ike_sa);
                                while (children->enumerate(children, &child_sa))
                                {
-                                       if (child_sa->get_state(child_sa) != CHILD_DELETING)
+                                       if (child_sa->get_state(child_sa) != CHILD_DELETING &&
+                                               child_sa->get_state(child_sa) != CHILD_DELETED)
                                        {
                                                if (streq(name, child_sa->get_name(child_sa)))
                                                {
index 5290356..7eeb578 100644 (file)
@@ -37,6 +37,7 @@ ENUM(child_sa_state_names, CHILD_CREATED, CHILD_DESTROYING,
        "REKEYED",
        "RETRYING",
        "DELETING",
+       "DELETED",
        "DESTROYING",
 );
 
index 49175ca..183033f 100644 (file)
@@ -84,6 +84,11 @@ enum child_sa_state_t {
        CHILD_DELETING,
 
        /**
+        * CHILD_SA has been deleted, but not yet destroyed
+        */
+       CHILD_DELETED,
+
+       /**
         * CHILD_SA object gets destroyed
         */
        CHILD_DESTROYING,
index 6b3bb9c..0191a45 100644 (file)
@@ -135,6 +135,7 @@ static bool delete_child(private_quick_delete_t *this, protocol_id_t protocol,
        my_ts->destroy(my_ts);
        other_ts->destroy(other_ts);
 
+       child_sa->set_state(child_sa, CHILD_DELETED);
        if (!rekeyed)
        {
                charon->bus->child_updown(charon->bus, child_sa, FALSE);
index 8fec649..6c8b290 100644 (file)
@@ -265,6 +265,8 @@ static void process_payloads(private_child_delete_t *this, message_t *message)
                                        case CHILD_REKEYED:
                                                entry->rekeyed = TRUE;
                                                break;
+                                       case CHILD_DELETED:
+                                               /* already deleted but not yet destroyed, ignore */
                                        case CHILD_DELETING:
                                                /* we don't send back a delete if we already initiated
                                                 * a delete ourself */
@@ -324,6 +326,7 @@ static status_t destroy_and_reestablish(private_child_delete_t *this)
        while (enumerator->enumerate(enumerator, (void**)&entry))
        {
                child_sa = entry->child_sa;
+               child_sa->set_state(child_sa, CHILD_DELETED);
                /* signal child down event if we weren't rekeying */
                protocol = child_sa->get_protocol(child_sa);
                if (!entry->rekeyed)
@@ -456,7 +459,7 @@ METHOD(task_t, build_i, status_t,
                this->spi = child_sa->get_spi(child_sa, TRUE);
        }
 
-       if (child_sa->get_state(child_sa) == CHILD_DELETING)
+       if (child_sa->get_state(child_sa) == CHILD_DELETED)
        {       /* DELETEs for this CHILD_SA were already exchanged, but it was not yet
                 * destroyed to allow delayed packets to get processed */
                this->ike_sa->destroy_child_sa(this->ike_sa, this->protocol, this->spi);
index 3ca29bc..d5188c0 100644 (file)
@@ -145,8 +145,7 @@ static void find_child(private_child_rekey_t *this, message_t *message)
                        child_sa = this->ike_sa->get_child_sa(this->ike_sa, protocol,
                                                                                                  spi, FALSE);
                        if (child_sa &&
-                               child_sa->get_state(child_sa) == CHILD_DELETING &&
-                               child_sa->get_outbound_state(child_sa) == CHILD_OUTBOUND_NONE)
+                               child_sa->get_state(child_sa) == CHILD_DELETED)
                        {       /* ignore rekeyed CHILD_SAs we keep around */
                                return;
                        }
index 44d004a..6bf3588 100644 (file)
@@ -41,7 +41,7 @@
        assert_hook_not_called(child_updown); \
        assert_hook_not_called(child_rekey); \
        assert_no_jobs_scheduled(); \
-       assert_child_sa_state(sa, spi, CHILD_DELETING, CHILD_OUTBOUND_NONE); \
+       assert_child_sa_state(sa, spi, CHILD_DELETED, CHILD_OUTBOUND_NONE); \
        call_ikesa(sa, delete_child_sa, PROTO_ESP, spi, FALSE); \
        assert_child_sa_not_exists(sa, spi); \
        assert_scheduler(); \
@@ -97,7 +97,7 @@ START_TEST(test_regular)
        assert_jobs_scheduled(1);
        assert_single_payload(IN, PLV2_DELETE);
        exchange_test_helper->process_message(exchange_test_helper, b, NULL);
-       assert_child_sa_state(b, spi_b, CHILD_DELETING, CHILD_OUTBOUND_NONE);
+       assert_child_sa_state(b, spi_b, CHILD_DELETED, CHILD_OUTBOUND_NONE);
        assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
        assert_child_sa_count(b, 2);
        assert_ipsec_sas_installed(b, spi_b, 3, 4);
@@ -108,7 +108,7 @@ START_TEST(test_regular)
        assert_jobs_scheduled(1);
        assert_single_payload(IN, PLV2_DELETE);
        exchange_test_helper->process_message(exchange_test_helper, a, NULL);
-       assert_child_sa_state(a, spi_a, CHILD_DELETING, CHILD_OUTBOUND_NONE);
+       assert_child_sa_state(a, spi_a, CHILD_DELETED, CHILD_OUTBOUND_NONE);
        assert_child_sa_state(a, 3, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
        assert_child_sa_count(a, 2);
        assert_ipsec_sas_installed(a, spi_a, 3, 4);
@@ -205,7 +205,7 @@ START_TEST(test_regular_ke_invalid)
        assert_hook_not_called(child_rekey);
        assert_single_payload(IN, PLV2_DELETE);
        exchange_test_helper->process_message(exchange_test_helper, b, NULL);
-       assert_child_sa_state(b, spi_b, CHILD_DELETING, CHILD_OUTBOUND_NONE);
+       assert_child_sa_state(b, spi_b, CHILD_DELETED, CHILD_OUTBOUND_NONE);
        assert_child_sa_state(b, 6, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
        assert_child_sa_count(b, 2);
        assert_ipsec_sas_installed(b, spi_b, 5, 6);
@@ -214,7 +214,7 @@ START_TEST(test_regular_ke_invalid)
        assert_hook_not_called(child_rekey);
        assert_single_payload(IN, PLV2_DELETE);
        exchange_test_helper->process_message(exchange_test_helper, a, NULL);
-       assert_child_sa_state(a, spi_a, CHILD_DELETING, CHILD_OUTBOUND_NONE);
+       assert_child_sa_state(a, spi_a, CHILD_DELETED, CHILD_OUTBOUND_NONE);
        assert_child_sa_state(a, 5, CHILD_INSTALLED);
        assert_child_sa_count(a, 2);
        assert_ipsec_sas_installed(a, spi_a, 5, 6);
@@ -259,7 +259,7 @@ START_TEST(test_regular_ke_invalid)
        assert_hook_not_called(child_rekey);
        assert_single_payload(IN, PLV2_DELETE);
        exchange_test_helper->process_message(exchange_test_helper, b, NULL);
-       assert_child_sa_state(b, 6, CHILD_DELETING, CHILD_OUTBOUND_NONE);
+       assert_child_sa_state(b, 6, CHILD_DELETED, CHILD_OUTBOUND_NONE);
        assert_child_sa_state(b, 8, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
        assert_child_sa_count(b, 2);
        assert_ipsec_sas_installed(b, 6, 7, 8);
@@ -269,7 +269,7 @@ START_TEST(test_regular_ke_invalid)
        assert_hook_not_called(child_rekey);
        assert_single_payload(IN, PLV2_DELETE);
        exchange_test_helper->process_message(exchange_test_helper, a, NULL);
-       assert_child_sa_state(a, 5, CHILD_DELETING, CHILD_OUTBOUND_NONE);
+       assert_child_sa_state(a, 5, CHILD_DELETED, CHILD_OUTBOUND_NONE);
        assert_child_sa_state(a, 7, CHILD_INSTALLED);
        assert_child_sa_count(a, 2);
        assert_ipsec_sas_installed(a, 5, 7, 8);
@@ -336,7 +336,7 @@ START_TEST(test_regular_responder_ignore_soft_expire)
        assert_jobs_scheduled(1);
        assert_single_payload(IN, PLV2_DELETE);
        exchange_test_helper->process_message(exchange_test_helper, b, NULL);
-       assert_child_sa_state(b, 2, CHILD_DELETING, CHILD_OUTBOUND_NONE);
+       assert_child_sa_state(b, 2, CHILD_DELETED, CHILD_OUTBOUND_NONE);
        assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
        assert_child_sa_count(b, 2);
        assert_ipsec_sas_installed(b, 2, 3, 4);
@@ -345,7 +345,7 @@ START_TEST(test_regular_responder_ignore_soft_expire)
        assert_jobs_scheduled(1);
        assert_single_payload(IN, PLV2_DELETE);
        exchange_test_helper->process_message(exchange_test_helper, a, NULL);
-       assert_child_sa_state(a, 1, CHILD_DELETING, CHILD_OUTBOUND_NONE);
+       assert_child_sa_state(a, 1, CHILD_DELETED, CHILD_OUTBOUND_NONE);
        assert_child_sa_state(a, 3, CHILD_INSTALLED);
        assert_child_sa_count(a, 2);
        assert_ipsec_sas_installed(a, 1, 3, 4);
@@ -431,7 +431,7 @@ START_TEST(test_regular_responder_handle_hard_expire)
        assert_jobs_scheduled(1);
        assert_message_empty(IN);
        exchange_test_helper->process_message(exchange_test_helper, a, NULL);
-       assert_child_sa_state(a, 1, CHILD_DELETING, CHILD_OUTBOUND_NONE);
+       assert_child_sa_state(a, 1, CHILD_DELETED, CHILD_OUTBOUND_NONE);
        assert_child_sa_state(a, 3, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
        assert_child_sa_count(a, 2);
        assert_ipsec_sas_installed(a, 1, 3, 4);
@@ -440,7 +440,7 @@ START_TEST(test_regular_responder_handle_hard_expire)
        assert_jobs_scheduled(1);
        assert_message_empty(IN);
        exchange_test_helper->process_message(exchange_test_helper, b, NULL);
-       assert_child_sa_state(b, 2, CHILD_DELETING, CHILD_OUTBOUND_NONE);
+       assert_child_sa_state(b, 2, CHILD_DELETED, CHILD_OUTBOUND_NONE);
        assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
        assert_child_sa_count(b, 2);
        assert_ipsec_sas_installed(b, 2, 3, 4);
@@ -591,7 +591,7 @@ START_TEST(test_collision)
        assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING,
                                                  data[_i].spi_del_b == 2 ? CHILD_OUTBOUND_INSTALLED
                                                                                                  : CHILD_OUTBOUND_REGISTERED);
-       assert_child_sa_state(b, data[_i].spi_del_a, CHILD_DELETING,
+       assert_child_sa_state(b, data[_i].spi_del_a, CHILD_DELETED,
                                                  CHILD_OUTBOUND_NONE);
        assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED,
                                                  CHILD_OUTBOUND_INSTALLED);
@@ -611,7 +611,7 @@ START_TEST(test_collision)
        assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING,
                                                  data[_i].spi_del_a == 1 ? CHILD_OUTBOUND_INSTALLED
                                                                                                  : CHILD_OUTBOUND_REGISTERED);
-       assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETING,
+       assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETED,
                                                  CHILD_OUTBOUND_NONE);
        assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED,
                                                  CHILD_OUTBOUND_INSTALLED);
@@ -628,9 +628,9 @@ START_TEST(test_collision)
        /* <-- INFORMATIONAL { D } */
        assert_jobs_scheduled(1);
        exchange_test_helper->process_message(exchange_test_helper, a, NULL);
-       assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING,
+       assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETED,
                                                  CHILD_OUTBOUND_NONE);
-       assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETING,
+       assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETED,
                                                  CHILD_OUTBOUND_NONE);
        assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED,
                                                  CHILD_OUTBOUND_INSTALLED);
@@ -641,9 +641,9 @@ START_TEST(test_collision)
        /* INFORMATIONAL { D } --> */
        assert_jobs_scheduled(1);
        exchange_test_helper->process_message(exchange_test_helper, b, NULL);
-       assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING,
+       assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETED,
                                                  CHILD_OUTBOUND_NONE);
-       assert_child_sa_state(b, data[_i].spi_del_a, CHILD_DELETING,
+       assert_child_sa_state(b, data[_i].spi_del_a, CHILD_DELETED,
                                                  CHILD_OUTBOUND_NONE);
        assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED,
                                                  CHILD_OUTBOUND_INSTALLED);
@@ -781,7 +781,7 @@ START_TEST(test_collision_delayed_response)
        exchange_test_helper->process_message(exchange_test_helper, a, NULL);
        if (data[_i].spi_del_b == 2)
        {
-               assert_child_sa_state(a, 1, CHILD_DELETING, CHILD_OUTBOUND_NONE);
+               assert_child_sa_state(a, 1, CHILD_DELETED, CHILD_OUTBOUND_NONE);
                assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED,
                                                          CHILD_OUTBOUND_INSTALLED);
                assert_ipsec_sas_installed(a, 1, 4, 6);
@@ -789,7 +789,7 @@ START_TEST(test_collision_delayed_response)
        else
        {
                assert_child_sa_state(a, 1, CHILD_REKEYED, CHILD_OUTBOUND_INSTALLED);
-               assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETING,
+               assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETED,
                                                          CHILD_OUTBOUND_NONE);
                assert_ipsec_sas_installed(a, 1, 2, 6);
        }
@@ -814,7 +814,7 @@ START_TEST(test_collision_delayed_response)
                                                          CHILD_OUTBOUND_REGISTERED);
                assert_ipsec_sas_installed(b, 1, 2, 4, 5);
        }
-       assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING,
+       assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETED,
                                                  CHILD_OUTBOUND_NONE);
        assert_child_sa_count(b, 3);
        assert_scheduler();
@@ -839,7 +839,7 @@ START_TEST(test_collision_delayed_response)
                                                          CHILD_OUTBOUND_REGISTERED);
                assert_ipsec_sas_installed(a, 1, 3, 4, 6);
        }
-       assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETING,
+       assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETED,
                                                  CHILD_OUTBOUND_NONE);
        assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED,
                                                  CHILD_OUTBOUND_INSTALLED);
@@ -850,9 +850,9 @@ START_TEST(test_collision_delayed_response)
        /* INFORMATIONAL { D } --> */
        assert_jobs_scheduled(1);
        exchange_test_helper->process_message(exchange_test_helper, b, NULL);
-       assert_child_sa_state(b, data[_i].spi_del_a, CHILD_DELETING,
+       assert_child_sa_state(b, data[_i].spi_del_a, CHILD_DELETED,
                                                  CHILD_OUTBOUND_NONE);
-       assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING,
+       assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETED,
                                                  CHILD_OUTBOUND_NONE);
        assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED,
                                                  CHILD_OUTBOUND_INSTALLED);
@@ -863,9 +863,9 @@ START_TEST(test_collision_delayed_response)
        /* <-- INFORMATIONAL { D } */
        assert_jobs_scheduled(1);
        exchange_test_helper->process_message(exchange_test_helper, a, NULL);
-       assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING,
+       assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETED,
                                                  CHILD_OUTBOUND_NONE);
-       assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETING,
+       assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETED,
                                                  CHILD_OUTBOUND_NONE);
        assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED,
                                                  CHILD_OUTBOUND_INSTALLED);
@@ -972,7 +972,7 @@ START_TEST(test_collision_delayed_request)
        /* <-- INFORMATIONAL { D } */
        assert_jobs_scheduled(1);
        exchange_test_helper->process_message(exchange_test_helper, a, NULL);
-       assert_child_sa_state(a, 1, CHILD_DELETING, CHILD_OUTBOUND_NONE);
+       assert_child_sa_state(a, 1, CHILD_DELETED, CHILD_OUTBOUND_NONE);
        assert_child_sa_state(a, 5, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
        assert_child_sa_count(a, 2);
        assert_ipsec_sas_installed(a, 1, 4, 5);
@@ -981,7 +981,7 @@ START_TEST(test_collision_delayed_request)
        /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */
        assert_no_jobs_scheduled();
        exchange_test_helper->process_message(exchange_test_helper, a, NULL);
-       assert_child_sa_state(a, 1, CHILD_DELETING, CHILD_OUTBOUND_NONE);
+       assert_child_sa_state(a, 1, CHILD_DELETED, CHILD_OUTBOUND_NONE);
        assert_child_sa_state(a, 5, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
        assert_child_sa_count(a, 2);
        assert_ipsec_sas_installed(a, 1, 4, 5);
@@ -990,7 +990,7 @@ START_TEST(test_collision_delayed_request)
        /* INFORMATIONAL { D } --> */
        assert_jobs_scheduled(1);
        exchange_test_helper->process_message(exchange_test_helper, b, NULL);
-       assert_child_sa_state(b, 2, CHILD_DELETING, CHILD_OUTBOUND_NONE);
+       assert_child_sa_state(b, 2, CHILD_DELETED, CHILD_OUTBOUND_NONE);
        assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
        assert_child_sa_count(b, 2);
        assert_ipsec_sas_installed(b, 2, 4, 5);
@@ -1089,7 +1089,7 @@ START_TEST(test_collision_delayed_request_more)
        /* <-- INFORMATIONAL { D } */
        assert_jobs_scheduled(1);
        exchange_test_helper->process_message(exchange_test_helper, a, NULL);
-       assert_child_sa_state(a, 1, CHILD_DELETING, CHILD_OUTBOUND_NONE);
+       assert_child_sa_state(a, 1, CHILD_DELETED, CHILD_OUTBOUND_NONE);
        assert_child_sa_state(a, 5, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
        assert_child_sa_count(a, 2);
        assert_ipsec_sas_installed(a, 1, 4, 5);
@@ -1097,7 +1097,7 @@ START_TEST(test_collision_delayed_request_more)
        /* INFORMATIONAL { D } --> */
        assert_jobs_scheduled(1);
        exchange_test_helper->process_message(exchange_test_helper, b, NULL);
-       assert_child_sa_state(b, 2, CHILD_DELETING, CHILD_OUTBOUND_NONE);
+       assert_child_sa_state(b, 2, CHILD_DELETED, CHILD_OUTBOUND_NONE);
        assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
        assert_child_sa_count(b, 2);
        assert_ipsec_sas_installed(b, 2, 4, 5);
@@ -1106,14 +1106,14 @@ START_TEST(test_collision_delayed_request_more)
        /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
        assert_single_notify(OUT, CHILD_SA_NOT_FOUND);
        exchange_test_helper->process_message(exchange_test_helper, b, msg);
-       assert_child_sa_state(b, 2, CHILD_DELETING, CHILD_OUTBOUND_NONE);
+       assert_child_sa_state(b, 2, CHILD_DELETED, CHILD_OUTBOUND_NONE);
        assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
        assert_child_sa_count(b, 2);
        assert_ipsec_sas_installed(b, 2, 4, 5);
        /* <-- CREATE_CHILD_SA { N(NO_CHILD_SA) } */
        assert_no_jobs_scheduled();
        exchange_test_helper->process_message(exchange_test_helper, a, NULL);
-       assert_child_sa_state(a, 1, CHILD_DELETING, CHILD_OUTBOUND_NONE);
+       assert_child_sa_state(a, 1, CHILD_DELETED, CHILD_OUTBOUND_NONE);
        assert_child_sa_state(a, 5, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
        assert_child_sa_count(a, 2);
        assert_ipsec_sas_installed(a, 1, 4, 5);
@@ -1299,7 +1299,7 @@ START_TEST(test_collision_ke_invalid)
        assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING,
                                                  data[_i].spi_del_b == 2 ? CHILD_OUTBOUND_INSTALLED
                                                                                                  : CHILD_OUTBOUND_REGISTERED);
-       assert_child_sa_state(b, data[_i].spi_del_a, CHILD_DELETING,
+       assert_child_sa_state(b, data[_i].spi_del_a, CHILD_DELETED,
                                                  CHILD_OUTBOUND_NONE);
        assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED,
                                                  CHILD_OUTBOUND_INSTALLED);
@@ -1311,7 +1311,7 @@ START_TEST(test_collision_ke_invalid)
        assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING,
                                                  data[_i].spi_del_a == 1 ? CHILD_OUTBOUND_INSTALLED
                                                                                                  : CHILD_OUTBOUND_REGISTERED);
-       assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETING,
+       assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETED,
                                                  CHILD_OUTBOUND_NONE);
        assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED,
                                                  CHILD_OUTBOUND_INSTALLED);
@@ -1320,9 +1320,9 @@ START_TEST(test_collision_ke_invalid)
        /* <-- INFORMATIONAL { D } */
        assert_jobs_scheduled(1);
        exchange_test_helper->process_message(exchange_test_helper, a, NULL);
-       assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING,
+       assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETED,
                                                  CHILD_OUTBOUND_NONE);
-       assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETING,
+       assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETED,
                                                  CHILD_OUTBOUND_NONE);
        assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED,
                                                  CHILD_OUTBOUND_INSTALLED);
@@ -1331,9 +1331,9 @@ START_TEST(test_collision_ke_invalid)
        /* INFORMATIONAL { D } --> */
        assert_jobs_scheduled(1);
        exchange_test_helper->process_message(exchange_test_helper, b, NULL);
-       assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING,
+       assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETED,
                                                  CHILD_OUTBOUND_NONE);
-       assert_child_sa_state(b, data[_i].spi_del_a, CHILD_DELETING,
+       assert_child_sa_state(b, data[_i].spi_del_a, CHILD_DELETED,
                                                  CHILD_OUTBOUND_NONE);
        assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED,
                                                  CHILD_OUTBOUND_INSTALLED);
@@ -1475,7 +1475,7 @@ START_TEST(test_collision_ke_invalid_delayed_retry)
        /* <-- INFORMATIONAL { D } */
        assert_jobs_scheduled(1);
        exchange_test_helper->process_message(exchange_test_helper, a, NULL);
-       assert_child_sa_state(a, 1, CHILD_DELETING, CHILD_OUTBOUND_NONE);
+       assert_child_sa_state(a, 1, CHILD_DELETED, CHILD_OUTBOUND_NONE);
        assert_child_sa_state(a, 9, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
        assert_child_sa_count(a, 2);
        assert_scheduler();
@@ -1483,7 +1483,7 @@ START_TEST(test_collision_ke_invalid_delayed_retry)
        /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */
        assert_no_jobs_scheduled();
        exchange_test_helper->process_message(exchange_test_helper, a, NULL);
-       assert_child_sa_state(a, 1, CHILD_DELETING, CHILD_OUTBOUND_NONE);
+       assert_child_sa_state(a, 1, CHILD_DELETED, CHILD_OUTBOUND_NONE);
        assert_child_sa_state(a, 9, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
        assert_child_sa_count(a, 2);
        assert_scheduler();
@@ -1491,7 +1491,7 @@ START_TEST(test_collision_ke_invalid_delayed_retry)
        /* INFORMATIONAL { D } --> */
        assert_jobs_scheduled(1);
        exchange_test_helper->process_message(exchange_test_helper, b, NULL);
-       assert_child_sa_state(b, 2, CHILD_DELETING, CHILD_OUTBOUND_NONE);
+       assert_child_sa_state(b, 2, CHILD_DELETED, CHILD_OUTBOUND_NONE);
        assert_child_sa_state(b, 8, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
        assert_child_sa_count(b, 2);
        assert_scheduler();