Ack on styling comment will fix with v3.
----
> + spin_lock_irqsave(&ha->sadb_lock, flags);
> + for (slot = 0; slot < 2; slot++) {
2 ? Why '2' ?
This 'sa_pair' thingie is awkward.
What is the 'sa_index' indicating?
Some sort of index within a list/array?
And why has each of the pairs a distinct 'sa_index' field?
I would have expected that the 'pair' really _is_ a pair (and hence
would take only one index). But the way it's written it looks as if the
pair can have two distinct indices ...
Please clarify.
QT: each session can have up to 2 set of keys. 1 set/pair is for tx + rx in flight traffic (2 keys). The 2nd set/pair comes into play at rekey time (2 more keys). 4keys per session or 2 pairs per session. 2keys per direction.
Each key is tracked via an sa_index/handle between driver + hardware. 1 sa_index = 1 key.
At rekey/reauthentication time, the 2nd slot/pair comes into play. When traffic in each direction has transitioned to the new key, the new key becomes the current key. The old key will be deleted. sa_pair [ 0 | 1 ] will alternate in holding the current key, while the other slot is cleared and use to stage the next key at next rekey event.
Regards,
Quinn Tran
