[Openswan dev] odd behaviour in new test, deleted conn to OE?

[Michael Richardson]

-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "Paul" == Paul Wouters <paul at xelerance.com> writes:
    Paul> But this successful IPsec SA on instance 3 is odd. Where did bofh
    Paul> get the key from? It can only have gotten it from within pluto,
    Paul> from the "deleted" connection. Is there still some "deleting"
    Paul> happening after the log message?  Is this is race condition? Or am
    Paul> I losing it?

  You delete'd the conn, not the keys.

  Keys are loaded as a seperate operation, and given a name, which is used to
reference them in the conn. Some might argue that this is wrong - the keys
should at least be purposed.

    Paul> Another thing I noticed, which might be related, is that a
    Paul> connection which is only --added on both ends, and then --up'ed on
    Paul> one end, will never terminate again. Doing a --down on one end will
    Paul> immediately cause a new negotiation to trigger the conn to come up
    Paul> again.

  That's interesting. Can you reproduce this with UMLs on hulk?

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] mcr at xelerance.com      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [

  
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBQCkNc4qHRg3pndX9AQHyEQQAkBFL/qjKDPB8I514l51BF9opFgqlJsIq
3a2Az99QojETJLUAqh3LLJ5UO9c7ix3A0J7gJvp4/H4CfRgJ7MEUzTN/6l82mNUO
nEh5YeVIjbcc1+YuD0UEE2RdF3Xo5mKCjc04JHmZ8pjT8hPVm9DYYBkc3cbh6odY
o5Oay4bMJQc=
=3m5u
-----END PGP SIGNATURE-----