Issue #2242: Packets get dropped due to no no_sa_found during rekeying - strongSwan

Issue #2242

Packets get dropped due to no no_sa_found during rekeying

Added by c c over 8 years ago. Updated over 8 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Category:

libcharon

Affected version:

5.5.0

Resolution:

Duplicate

Description

Hi,
When rekeying IPsec SA, new SA is created and then old one id deleted.

It is possible that after old SA is deleted, there are still packets secured with old SA being transmitted.
In such case when the packets are processed by the receiver, it will complain no_sa_found.

A possible fix is to initiate the deletion of the old SA after a few seconds delay, when the outstanding packets are processed completely.

Related issues

History

#1 Updated by Tobias Brunner over 8 years ago

Category set to libcharon
Status changed from New to Closed
Resolution set to Duplicate

#2 Updated by Tobias Brunner over 8 years ago

Is duplicate of Feature #1291: Avoid packet loss during IKEv2 CHILD_SA rekeying added

Project

General

Profile

strongSwan

Issues

Issue #2242

Packets get dropped due to no no_sa_found during rekeying

History

#1 Updated by Tobias Brunner over 8 years ago

#2 Updated by Tobias Brunner over 8 years ago