Allow IKEV2 pf_key(7P) key management cookies to be updated after set

Review Request #820 - Created Jan. 25, 2018 and updated

Information
Jason King
illumos-gate
8989
Reviewers
general

Upstream of Joyent OS-6480. This defines a new pf_key(7P) key management cookie type and allows it's value to be updated via an SADB_UPDATE or SADB_UPDATE_PAIR message to support the rekey of an IKEv2 SA (the full background and rationale for this are present both in the SmartOS bug and the illumos issue).

The change includes updated kmc tests in usr/src/test that test the operation of the current KMC types (which can only be set once) as well test that IKEv2 KMCs can be set and updated to new values.

Issues

  • 0
  • 2
  • 0
  • 2
Description From Last Updated
Rich Lowe
Rich Lowe
Ship It!
Loading...