<div dir="ltr"><div style="font-family:arial,sans-serif;font-size:13px">I have code that uses libcharon directly. It basically adds an ike_cfg, peer_cfg, and then calls charon->start().</div><div style="font-family:arial,sans-serif;font-size:13px">
<br></div><div style="font-family:arial,sans-serif;font-size:13px">When peering two instances of this code with each other, I have a race where one instance believes that it has a valid outgoing child_sa, and the other does not yet recognize this SPI.</div>
<div style="font-family:arial,sans-serif;font-size:13px">I believe the reason for this race is that both sides have initiator=false, and are installing the child-sa from build_r() - whereas the intention was that one side would have initiator=true and install the SA only in process_r().</div>
<div style="font-family:arial,sans-serif;font-size:13px"><br></div><div style="font-family:arial,sans-serif;font-size:13px">Does all this make sense?</div><div style="font-family:arial,sans-serif;font-size:13px">Do you see this as a bug?</div>
<div style="font-family:arial,sans-serif;font-size:13px">Is there a suggested workaround?</div><div style="font-family:arial,sans-serif;font-size:13px"><br></div><div style="font-family:arial,sans-serif;font-size:13px">Thanks,</div>
<div style="font-family:arial,sans-serif;font-size:13px"><br></div><div style="font-family:arial,sans-serif;font-size:13px">Noam</div></div>