[strongSwan] SAD/SPD deletion order when SIGINT or shutdown is sent to strongswan ikev2 daemon
Deepak Khandelwal
dazz.87 at gmail.com
Thu Jan 22 17:33:57 CET 2015
Hi,
when SIGINT is sent to daemon or shutdown is called why active SAD entries
are deleted first then SPD entries ?
the problem with this approach is that if it happens with running traffic
(at heavy rate)
there could be a chance that before SPD's are flush, some traffic hit the
policy and trigger the new SA and try to establish that. Now it may also so
happen that it could be SA with SPI=0 (larval SA)
It would make the desired cleanup as improper and could block the tunnel
establishment again (until larval SA expires ) as in restart case.
is there any particular reason that this is done in the current fashion ?
Thanks,
BR's Deepak
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150122/6fe1e1e1/attachment.html>
More information about the Users
mailing list