From: Tobias Brunner Date: Tue, 20 Mar 2018 11:43:13 +0000 (+0100) Subject: child-sa: Add new state to track deleted but not yet destroyed CHILD_SAs X-Git-Tag: 5.6.3dr1~11^2~1 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=16898026a5d14e42532988bbe98d3d834b58d29f;p=thirdparty%2Fstrongswan.git child-sa: Add new state to track deleted but not yet destroyed CHILD_SAs This allows us to easily identify SAs we keep around after a rekeying to process delayed packets. --- diff --git a/src/libcharon/control/controller.c b/src/libcharon/control/controller.c index 44a4d0aa8a..fb95b44361 100644 --- a/src/libcharon/control/controller.c +++ b/src/libcharon/control/controller.c @@ -363,7 +363,7 @@ METHOD(listener_t, child_state_change_terminate, bool, case CHILD_DESTROYING: switch (child_sa->get_state(child_sa)) { - case CHILD_DELETING: + case CHILD_DELETED: /* proper delete */ this->status = SUCCESS; break; diff --git a/src/libcharon/plugins/vici/vici_config.c b/src/libcharon/plugins/vici/vici_config.c index 5668b92092..2faa66e91f 100644 --- a/src/libcharon/plugins/vici/vici_config.c +++ b/src/libcharon/plugins/vici/vici_config.c @@ -2029,7 +2029,8 @@ static void clear_start_action(private_vici_config_t *this, char *peer_name, children = ike_sa->create_child_sa_enumerator(ike_sa); while (children->enumerate(children, &child_sa)) { - if (child_sa->get_state(child_sa) != CHILD_DELETING) + if (child_sa->get_state(child_sa) != CHILD_DELETING && + child_sa->get_state(child_sa) != CHILD_DELETED) { if (streq(name, child_sa->get_name(child_sa))) { diff --git a/src/libcharon/sa/child_sa.c b/src/libcharon/sa/child_sa.c index 52903563ca..7eeb578f32 100644 --- a/src/libcharon/sa/child_sa.c +++ b/src/libcharon/sa/child_sa.c @@ -37,6 +37,7 @@ ENUM(child_sa_state_names, CHILD_CREATED, CHILD_DESTROYING, "REKEYED", "RETRYING", "DELETING", + "DELETED", "DESTROYING", ); diff --git a/src/libcharon/sa/child_sa.h b/src/libcharon/sa/child_sa.h index 49175ca010..183033f462 100644 --- a/src/libcharon/sa/child_sa.h +++ b/src/libcharon/sa/child_sa.h @@ -83,6 +83,11 @@ enum child_sa_state_t { */ CHILD_DELETING, + /** + * CHILD_SA has been deleted, but not yet destroyed + */ + CHILD_DELETED, + /** * CHILD_SA object gets destroyed */ diff --git a/src/libcharon/sa/ikev1/tasks/quick_delete.c b/src/libcharon/sa/ikev1/tasks/quick_delete.c index 6b3bb9c47d..0191a45a8d 100644 --- a/src/libcharon/sa/ikev1/tasks/quick_delete.c +++ b/src/libcharon/sa/ikev1/tasks/quick_delete.c @@ -135,6 +135,7 @@ static bool delete_child(private_quick_delete_t *this, protocol_id_t protocol, my_ts->destroy(my_ts); other_ts->destroy(other_ts); + child_sa->set_state(child_sa, CHILD_DELETED); if (!rekeyed) { charon->bus->child_updown(charon->bus, child_sa, FALSE); diff --git a/src/libcharon/sa/ikev2/tasks/child_delete.c b/src/libcharon/sa/ikev2/tasks/child_delete.c index 8fec6494ea..6c8b290183 100644 --- a/src/libcharon/sa/ikev2/tasks/child_delete.c +++ b/src/libcharon/sa/ikev2/tasks/child_delete.c @@ -265,6 +265,8 @@ static void process_payloads(private_child_delete_t *this, message_t *message) case CHILD_REKEYED: entry->rekeyed = TRUE; break; + case CHILD_DELETED: + /* already deleted but not yet destroyed, ignore */ case CHILD_DELETING: /* we don't send back a delete if we already initiated * a delete ourself */ @@ -324,6 +326,7 @@ static status_t destroy_and_reestablish(private_child_delete_t *this) while (enumerator->enumerate(enumerator, (void**)&entry)) { child_sa = entry->child_sa; + child_sa->set_state(child_sa, CHILD_DELETED); /* signal child down event if we weren't rekeying */ protocol = child_sa->get_protocol(child_sa); if (!entry->rekeyed) @@ -456,7 +459,7 @@ METHOD(task_t, build_i, status_t, this->spi = child_sa->get_spi(child_sa, TRUE); } - if (child_sa->get_state(child_sa) == CHILD_DELETING) + if (child_sa->get_state(child_sa) == CHILD_DELETED) { /* DELETEs for this CHILD_SA were already exchanged, but it was not yet * destroyed to allow delayed packets to get processed */ this->ike_sa->destroy_child_sa(this->ike_sa, this->protocol, this->spi); diff --git a/src/libcharon/sa/ikev2/tasks/child_rekey.c b/src/libcharon/sa/ikev2/tasks/child_rekey.c index 3ca29bca48..d5188c0bc9 100644 --- a/src/libcharon/sa/ikev2/tasks/child_rekey.c +++ b/src/libcharon/sa/ikev2/tasks/child_rekey.c @@ -145,8 +145,7 @@ static void find_child(private_child_rekey_t *this, message_t *message) child_sa = this->ike_sa->get_child_sa(this->ike_sa, protocol, spi, FALSE); if (child_sa && - child_sa->get_state(child_sa) == CHILD_DELETING && - child_sa->get_outbound_state(child_sa) == CHILD_OUTBOUND_NONE) + child_sa->get_state(child_sa) == CHILD_DELETED) { /* ignore rekeyed CHILD_SAs we keep around */ return; } diff --git a/src/libcharon/tests/suites/test_child_rekey.c b/src/libcharon/tests/suites/test_child_rekey.c index 44d004ab7e..6bf3588a18 100644 --- a/src/libcharon/tests/suites/test_child_rekey.c +++ b/src/libcharon/tests/suites/test_child_rekey.c @@ -41,7 +41,7 @@ assert_hook_not_called(child_updown); \ assert_hook_not_called(child_rekey); \ assert_no_jobs_scheduled(); \ - assert_child_sa_state(sa, spi, CHILD_DELETING, CHILD_OUTBOUND_NONE); \ + assert_child_sa_state(sa, spi, CHILD_DELETED, CHILD_OUTBOUND_NONE); \ call_ikesa(sa, delete_child_sa, PROTO_ESP, spi, FALSE); \ assert_child_sa_not_exists(sa, spi); \ assert_scheduler(); \ @@ -97,7 +97,7 @@ START_TEST(test_regular) assert_jobs_scheduled(1); assert_single_payload(IN, PLV2_DELETE); exchange_test_helper->process_message(exchange_test_helper, b, NULL); - assert_child_sa_state(b, spi_b, CHILD_DELETING, CHILD_OUTBOUND_NONE); + assert_child_sa_state(b, spi_b, CHILD_DELETED, CHILD_OUTBOUND_NONE); assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); assert_child_sa_count(b, 2); assert_ipsec_sas_installed(b, spi_b, 3, 4); @@ -108,7 +108,7 @@ START_TEST(test_regular) assert_jobs_scheduled(1); assert_single_payload(IN, PLV2_DELETE); exchange_test_helper->process_message(exchange_test_helper, a, NULL); - assert_child_sa_state(a, spi_a, CHILD_DELETING, CHILD_OUTBOUND_NONE); + assert_child_sa_state(a, spi_a, CHILD_DELETED, CHILD_OUTBOUND_NONE); assert_child_sa_state(a, 3, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); assert_child_sa_count(a, 2); assert_ipsec_sas_installed(a, spi_a, 3, 4); @@ -205,7 +205,7 @@ START_TEST(test_regular_ke_invalid) assert_hook_not_called(child_rekey); assert_single_payload(IN, PLV2_DELETE); exchange_test_helper->process_message(exchange_test_helper, b, NULL); - assert_child_sa_state(b, spi_b, CHILD_DELETING, CHILD_OUTBOUND_NONE); + assert_child_sa_state(b, spi_b, CHILD_DELETED, CHILD_OUTBOUND_NONE); assert_child_sa_state(b, 6, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); assert_child_sa_count(b, 2); assert_ipsec_sas_installed(b, spi_b, 5, 6); @@ -214,7 +214,7 @@ START_TEST(test_regular_ke_invalid) assert_hook_not_called(child_rekey); assert_single_payload(IN, PLV2_DELETE); exchange_test_helper->process_message(exchange_test_helper, a, NULL); - assert_child_sa_state(a, spi_a, CHILD_DELETING, CHILD_OUTBOUND_NONE); + assert_child_sa_state(a, spi_a, CHILD_DELETED, CHILD_OUTBOUND_NONE); assert_child_sa_state(a, 5, CHILD_INSTALLED); assert_child_sa_count(a, 2); assert_ipsec_sas_installed(a, spi_a, 5, 6); @@ -259,7 +259,7 @@ START_TEST(test_regular_ke_invalid) assert_hook_not_called(child_rekey); assert_single_payload(IN, PLV2_DELETE); exchange_test_helper->process_message(exchange_test_helper, b, NULL); - assert_child_sa_state(b, 6, CHILD_DELETING, CHILD_OUTBOUND_NONE); + assert_child_sa_state(b, 6, CHILD_DELETED, CHILD_OUTBOUND_NONE); assert_child_sa_state(b, 8, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); assert_child_sa_count(b, 2); assert_ipsec_sas_installed(b, 6, 7, 8); @@ -269,7 +269,7 @@ START_TEST(test_regular_ke_invalid) assert_hook_not_called(child_rekey); assert_single_payload(IN, PLV2_DELETE); exchange_test_helper->process_message(exchange_test_helper, a, NULL); - assert_child_sa_state(a, 5, CHILD_DELETING, CHILD_OUTBOUND_NONE); + assert_child_sa_state(a, 5, CHILD_DELETED, CHILD_OUTBOUND_NONE); assert_child_sa_state(a, 7, CHILD_INSTALLED); assert_child_sa_count(a, 2); assert_ipsec_sas_installed(a, 5, 7, 8); @@ -336,7 +336,7 @@ START_TEST(test_regular_responder_ignore_soft_expire) assert_jobs_scheduled(1); assert_single_payload(IN, PLV2_DELETE); exchange_test_helper->process_message(exchange_test_helper, b, NULL); - assert_child_sa_state(b, 2, CHILD_DELETING, CHILD_OUTBOUND_NONE); + assert_child_sa_state(b, 2, CHILD_DELETED, CHILD_OUTBOUND_NONE); assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); assert_child_sa_count(b, 2); assert_ipsec_sas_installed(b, 2, 3, 4); @@ -345,7 +345,7 @@ START_TEST(test_regular_responder_ignore_soft_expire) assert_jobs_scheduled(1); assert_single_payload(IN, PLV2_DELETE); exchange_test_helper->process_message(exchange_test_helper, a, NULL); - assert_child_sa_state(a, 1, CHILD_DELETING, CHILD_OUTBOUND_NONE); + assert_child_sa_state(a, 1, CHILD_DELETED, CHILD_OUTBOUND_NONE); assert_child_sa_state(a, 3, CHILD_INSTALLED); assert_child_sa_count(a, 2); assert_ipsec_sas_installed(a, 1, 3, 4); @@ -431,7 +431,7 @@ START_TEST(test_regular_responder_handle_hard_expire) assert_jobs_scheduled(1); assert_message_empty(IN); exchange_test_helper->process_message(exchange_test_helper, a, NULL); - assert_child_sa_state(a, 1, CHILD_DELETING, CHILD_OUTBOUND_NONE); + assert_child_sa_state(a, 1, CHILD_DELETED, CHILD_OUTBOUND_NONE); assert_child_sa_state(a, 3, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); assert_child_sa_count(a, 2); assert_ipsec_sas_installed(a, 1, 3, 4); @@ -440,7 +440,7 @@ START_TEST(test_regular_responder_handle_hard_expire) assert_jobs_scheduled(1); assert_message_empty(IN); exchange_test_helper->process_message(exchange_test_helper, b, NULL); - assert_child_sa_state(b, 2, CHILD_DELETING, CHILD_OUTBOUND_NONE); + assert_child_sa_state(b, 2, CHILD_DELETED, CHILD_OUTBOUND_NONE); assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); assert_child_sa_count(b, 2); assert_ipsec_sas_installed(b, 2, 3, 4); @@ -591,7 +591,7 @@ START_TEST(test_collision) assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING, data[_i].spi_del_b == 2 ? CHILD_OUTBOUND_INSTALLED : CHILD_OUTBOUND_REGISTERED); - assert_child_sa_state(b, data[_i].spi_del_a, CHILD_DELETING, + assert_child_sa_state(b, data[_i].spi_del_a, CHILD_DELETED, CHILD_OUTBOUND_NONE); assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); @@ -611,7 +611,7 @@ START_TEST(test_collision) assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING, data[_i].spi_del_a == 1 ? CHILD_OUTBOUND_INSTALLED : CHILD_OUTBOUND_REGISTERED); - assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETING, + assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETED, CHILD_OUTBOUND_NONE); assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); @@ -628,9 +628,9 @@ START_TEST(test_collision) /* <-- INFORMATIONAL { D } */ assert_jobs_scheduled(1); exchange_test_helper->process_message(exchange_test_helper, a, NULL); - assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING, + assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETED, CHILD_OUTBOUND_NONE); - assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETING, + assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETED, CHILD_OUTBOUND_NONE); assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); @@ -641,9 +641,9 @@ START_TEST(test_collision) /* INFORMATIONAL { D } --> */ assert_jobs_scheduled(1); exchange_test_helper->process_message(exchange_test_helper, b, NULL); - assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING, + assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETED, CHILD_OUTBOUND_NONE); - assert_child_sa_state(b, data[_i].spi_del_a, CHILD_DELETING, + assert_child_sa_state(b, data[_i].spi_del_a, CHILD_DELETED, CHILD_OUTBOUND_NONE); assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); @@ -781,7 +781,7 @@ START_TEST(test_collision_delayed_response) exchange_test_helper->process_message(exchange_test_helper, a, NULL); if (data[_i].spi_del_b == 2) { - assert_child_sa_state(a, 1, CHILD_DELETING, CHILD_OUTBOUND_NONE); + assert_child_sa_state(a, 1, CHILD_DELETED, CHILD_OUTBOUND_NONE); assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); assert_ipsec_sas_installed(a, 1, 4, 6); @@ -789,7 +789,7 @@ START_TEST(test_collision_delayed_response) else { assert_child_sa_state(a, 1, CHILD_REKEYED, CHILD_OUTBOUND_INSTALLED); - assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETING, + assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETED, CHILD_OUTBOUND_NONE); assert_ipsec_sas_installed(a, 1, 2, 6); } @@ -814,7 +814,7 @@ START_TEST(test_collision_delayed_response) CHILD_OUTBOUND_REGISTERED); assert_ipsec_sas_installed(b, 1, 2, 4, 5); } - assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING, + assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETED, CHILD_OUTBOUND_NONE); assert_child_sa_count(b, 3); assert_scheduler(); @@ -839,7 +839,7 @@ START_TEST(test_collision_delayed_response) CHILD_OUTBOUND_REGISTERED); assert_ipsec_sas_installed(a, 1, 3, 4, 6); } - assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETING, + assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETED, CHILD_OUTBOUND_NONE); assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); @@ -850,9 +850,9 @@ START_TEST(test_collision_delayed_response) /* INFORMATIONAL { D } --> */ assert_jobs_scheduled(1); exchange_test_helper->process_message(exchange_test_helper, b, NULL); - assert_child_sa_state(b, data[_i].spi_del_a, CHILD_DELETING, + assert_child_sa_state(b, data[_i].spi_del_a, CHILD_DELETED, CHILD_OUTBOUND_NONE); - assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING, + assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETED, CHILD_OUTBOUND_NONE); assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); @@ -863,9 +863,9 @@ START_TEST(test_collision_delayed_response) /* <-- INFORMATIONAL { D } */ assert_jobs_scheduled(1); exchange_test_helper->process_message(exchange_test_helper, a, NULL); - assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING, + assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETED, CHILD_OUTBOUND_NONE); - assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETING, + assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETED, CHILD_OUTBOUND_NONE); assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); @@ -972,7 +972,7 @@ START_TEST(test_collision_delayed_request) /* <-- INFORMATIONAL { D } */ assert_jobs_scheduled(1); exchange_test_helper->process_message(exchange_test_helper, a, NULL); - assert_child_sa_state(a, 1, CHILD_DELETING, CHILD_OUTBOUND_NONE); + assert_child_sa_state(a, 1, CHILD_DELETED, CHILD_OUTBOUND_NONE); assert_child_sa_state(a, 5, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); assert_child_sa_count(a, 2); assert_ipsec_sas_installed(a, 1, 4, 5); @@ -981,7 +981,7 @@ START_TEST(test_collision_delayed_request) /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */ assert_no_jobs_scheduled(); exchange_test_helper->process_message(exchange_test_helper, a, NULL); - assert_child_sa_state(a, 1, CHILD_DELETING, CHILD_OUTBOUND_NONE); + assert_child_sa_state(a, 1, CHILD_DELETED, CHILD_OUTBOUND_NONE); assert_child_sa_state(a, 5, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); assert_child_sa_count(a, 2); assert_ipsec_sas_installed(a, 1, 4, 5); @@ -990,7 +990,7 @@ START_TEST(test_collision_delayed_request) /* INFORMATIONAL { D } --> */ assert_jobs_scheduled(1); exchange_test_helper->process_message(exchange_test_helper, b, NULL); - assert_child_sa_state(b, 2, CHILD_DELETING, CHILD_OUTBOUND_NONE); + assert_child_sa_state(b, 2, CHILD_DELETED, CHILD_OUTBOUND_NONE); assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); assert_child_sa_count(b, 2); assert_ipsec_sas_installed(b, 2, 4, 5); @@ -1089,7 +1089,7 @@ START_TEST(test_collision_delayed_request_more) /* <-- INFORMATIONAL { D } */ assert_jobs_scheduled(1); exchange_test_helper->process_message(exchange_test_helper, a, NULL); - assert_child_sa_state(a, 1, CHILD_DELETING, CHILD_OUTBOUND_NONE); + assert_child_sa_state(a, 1, CHILD_DELETED, CHILD_OUTBOUND_NONE); assert_child_sa_state(a, 5, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); assert_child_sa_count(a, 2); assert_ipsec_sas_installed(a, 1, 4, 5); @@ -1097,7 +1097,7 @@ START_TEST(test_collision_delayed_request_more) /* INFORMATIONAL { D } --> */ assert_jobs_scheduled(1); exchange_test_helper->process_message(exchange_test_helper, b, NULL); - assert_child_sa_state(b, 2, CHILD_DELETING, CHILD_OUTBOUND_NONE); + assert_child_sa_state(b, 2, CHILD_DELETED, CHILD_OUTBOUND_NONE); assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); assert_child_sa_count(b, 2); assert_ipsec_sas_installed(b, 2, 4, 5); @@ -1106,14 +1106,14 @@ START_TEST(test_collision_delayed_request_more) /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */ assert_single_notify(OUT, CHILD_SA_NOT_FOUND); exchange_test_helper->process_message(exchange_test_helper, b, msg); - assert_child_sa_state(b, 2, CHILD_DELETING, CHILD_OUTBOUND_NONE); + assert_child_sa_state(b, 2, CHILD_DELETED, CHILD_OUTBOUND_NONE); assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); assert_child_sa_count(b, 2); assert_ipsec_sas_installed(b, 2, 4, 5); /* <-- CREATE_CHILD_SA { N(NO_CHILD_SA) } */ assert_no_jobs_scheduled(); exchange_test_helper->process_message(exchange_test_helper, a, NULL); - assert_child_sa_state(a, 1, CHILD_DELETING, CHILD_OUTBOUND_NONE); + assert_child_sa_state(a, 1, CHILD_DELETED, CHILD_OUTBOUND_NONE); assert_child_sa_state(a, 5, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); assert_child_sa_count(a, 2); assert_ipsec_sas_installed(a, 1, 4, 5); @@ -1299,7 +1299,7 @@ START_TEST(test_collision_ke_invalid) assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING, data[_i].spi_del_b == 2 ? CHILD_OUTBOUND_INSTALLED : CHILD_OUTBOUND_REGISTERED); - assert_child_sa_state(b, data[_i].spi_del_a, CHILD_DELETING, + assert_child_sa_state(b, data[_i].spi_del_a, CHILD_DELETED, CHILD_OUTBOUND_NONE); assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); @@ -1311,7 +1311,7 @@ START_TEST(test_collision_ke_invalid) assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING, data[_i].spi_del_a == 1 ? CHILD_OUTBOUND_INSTALLED : CHILD_OUTBOUND_REGISTERED); - assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETING, + assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETED, CHILD_OUTBOUND_NONE); assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); @@ -1320,9 +1320,9 @@ START_TEST(test_collision_ke_invalid) /* <-- INFORMATIONAL { D } */ assert_jobs_scheduled(1); exchange_test_helper->process_message(exchange_test_helper, a, NULL); - assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING, + assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETED, CHILD_OUTBOUND_NONE); - assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETING, + assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETED, CHILD_OUTBOUND_NONE); assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); @@ -1331,9 +1331,9 @@ START_TEST(test_collision_ke_invalid) /* INFORMATIONAL { D } --> */ assert_jobs_scheduled(1); exchange_test_helper->process_message(exchange_test_helper, b, NULL); - assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING, + assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETED, CHILD_OUTBOUND_NONE); - assert_child_sa_state(b, data[_i].spi_del_a, CHILD_DELETING, + assert_child_sa_state(b, data[_i].spi_del_a, CHILD_DELETED, CHILD_OUTBOUND_NONE); assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); @@ -1475,7 +1475,7 @@ START_TEST(test_collision_ke_invalid_delayed_retry) /* <-- INFORMATIONAL { D } */ assert_jobs_scheduled(1); exchange_test_helper->process_message(exchange_test_helper, a, NULL); - assert_child_sa_state(a, 1, CHILD_DELETING, CHILD_OUTBOUND_NONE); + assert_child_sa_state(a, 1, CHILD_DELETED, CHILD_OUTBOUND_NONE); assert_child_sa_state(a, 9, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); assert_child_sa_count(a, 2); assert_scheduler(); @@ -1483,7 +1483,7 @@ START_TEST(test_collision_ke_invalid_delayed_retry) /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */ assert_no_jobs_scheduled(); exchange_test_helper->process_message(exchange_test_helper, a, NULL); - assert_child_sa_state(a, 1, CHILD_DELETING, CHILD_OUTBOUND_NONE); + assert_child_sa_state(a, 1, CHILD_DELETED, CHILD_OUTBOUND_NONE); assert_child_sa_state(a, 9, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); assert_child_sa_count(a, 2); assert_scheduler(); @@ -1491,7 +1491,7 @@ START_TEST(test_collision_ke_invalid_delayed_retry) /* INFORMATIONAL { D } --> */ assert_jobs_scheduled(1); exchange_test_helper->process_message(exchange_test_helper, b, NULL); - assert_child_sa_state(b, 2, CHILD_DELETING, CHILD_OUTBOUND_NONE); + assert_child_sa_state(b, 2, CHILD_DELETED, CHILD_OUTBOUND_NONE); assert_child_sa_state(b, 8, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); assert_child_sa_count(b, 2); assert_scheduler();