dco: swapping keys back and forth #944
Description
should I see this in a log?
2025-12-25 11:24:03 us=232717 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bits RSA, signature: RSA-SHA1, peer temporary key: 253 bits X25519, peer signing digest/type: SHA256 RSASSA-PSS, key agreement: x25519
2025-12-25 11:24:03 us=232745 dco_install_key: peer_id=1 keyid=2 epoch=1, currently 0 keys installed
2025-12-25 11:24:03 us=232755 dco_new_key: slot 1, key-id 2, peer-id 1, cipher AES-256-GCM, epoch 0
2025-12-25 11:24:03 us=232826 Swapping primary and secondary keys to primary-id=2 secondary-id=1
2025-12-25 11:24:03 us=232835 dco_swap_keys: peer-id 1
2025-12-25 11:24:03 us=232844 UDPv6 WRITE [82] to [AF_INET6]2001:608:1:995a:250:56ff:febb:2084:51194: P_ACK_V1 kid=2 [ ] DATA len=72
2025-12-25 11:24:09 us=331982 Swapping primary and secondary keys to primary-id=1 secondary-id=2
2025-12-25 11:24:09 us=332006 dco_swap_keys: peer-id 1
2025-12-25 11:25:03 us=881954 Swapping primary and secondary keys to primary-id=2 secondary-id=1
2025-12-25 11:25:03 us=881988 dco_swap_keys: peer-id 1
2025-12-25 11:25:16 us=823218 UDPv6 READ [0] from [AF_INET6][undef]:51194: DATA UNDEF len=-1
2025-12-25 11:25:16 us=823403 dco_read_and_process: received NOTIF_DEL_PEER for peer-id=1, reason=0
2025-12-25 11:25:16 us=823423 process_incoming_dco: received peer expired notification of for peer-id 1
2025-12-25 11:25:16 us=823430 [server] Inactivity timeout (--ping-restart), restarting
2025-12-25 11:25:16 us=823436 register signal: SIGUSR1 (ping-restart)
2025-12-25 11:25:16 us=823727 TCP/UDP: Closing socket
swaping 1->2, and then back 2->1?
This is a setup with reneg-sec 60 on the server, so it might exhibit something weird, and the server was killed hard between the swaps - but it still looks unexpected.
Master client (927b45d) on FreeBSD, with DCO, talking to a somewhat older master server.