[strongSwan-dev] Packets loss during rekey
Avinoam Meir
avinoam at google.com
Wed Jan 27 14:45:48 CET 2016
Hello StrongSwan devs,
I have question/proposal about CHILD SAs rekey:
If I understand correctly, today in rekey task, after creating the new
CHILD SA, immediately delete task is created and executed. (see here
<https://github.com/strongswan/strongswan/blob/08afc33e5259399a682bb62ef253b3155e68461e/src/libcharon/sa/ikev2/tasks/child_rekey.c#L379>
).
This can cause packets loss If the peer gateway sends ESP packets in
parallel to the rekey, so there are some old ESP packet on the network.
Maybe StrongSwan can defer the call to kerne_interface->del_sa() for the
inbound CHILD SA (only), so the kernel continue to process esp packets for
the old SAs for a while, and prevent the packet loss.
What do you think?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20160127/984544b6/attachment.html>
More information about the Dev
mailing list