Project

General

Profile

Issue #2242

Packets get dropped due to no no_sa_found during rekeying

Added by c c over 3 years ago. Updated over 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
libcharon
Affected version:
5.5.0
Resolution:
Duplicate

Description

Hi,
When rekeying IPsec SA, new SA is created and then old one id deleted.

It is possible that after old SA is deleted, there are still packets secured with old SA being transmitted.
In such case when the packets are processed by the receiver, it will complain no_sa_found.

A possible fix is to initiate the deletion of the old SA after a few seconds delay, when the outstanding packets are processed completely.


Related issues

Is duplicate of Feature #1291: Avoid packet loss during IKEv2 CHILD_SA rekeyingClosed

History

#1 Updated by Tobias Brunner over 3 years ago

  • Category set to libcharon
  • Status changed from New to Closed
  • Resolution set to Duplicate

#2 Updated by Tobias Brunner over 3 years ago

  • Is duplicate of Feature #1291: Avoid packet loss during IKEv2 CHILD_SA rekeying added

Also available in: Atom PDF