ike-rekey: Establish new IKE_SA earlier as responder, but only if no collision

Moving to the new SA only after receiving the DELETE for the old SA was
not ideal as it rendered the new SA unusable (because it simply didn't
exist in the manager) if the DELETE was delayed/got dropped.

diff --git a/src/libcharon/sa/ikev2/tasks/ike_rekey.c b/src/libcharon/sa/ikev2/tasks/ike_rekey.c
index a85df114c380a31419731631a7303214b3247bd7..ef61a53f1c18ab2b372066bd94a87b2697cbd267 100644 (file)
--- a/src/libcharon/sa/ikev2/tasks/ike_rekey.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_rekey.c
@@ -1,7 +1,8 @@
 /*
+ * Copyright (C) 2015-2016 Tobias Brunner
  * Copyright (C) 2005-2008 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -123,7 +124,6 @@ static void establish_new(private_ike_rekey_t *this)
 METHOD(task_t, process_r_delete, status_t,
        private_ike_rekey_t *this, message_t *message)
 {
-       establish_new(this);
        return this->ike_delete->task.process(&this->ike_delete->task, message);
 }
 
@@ -232,7 +232,12 @@ METHOD(task_t, build_r, status_t,
                return SUCCESS;
        }
        charon->bus->set_sa(charon->bus, this->ike_sa);
-       this->ike_sa->set_state(this->ike_sa, IKE_REKEYING);
+
+       if (this->ike_sa->get_state(this->ike_sa) != IKE_REKEYING)
+       {       /* in case of a collision we let the initiating task handle this */
+               establish_new(this);
+               this->ike_sa->set_state(this->ike_sa, IKE_REKEYING);
+       }
 
        /* rekeying successful, delete the IKE_SA using a subtask */
        this->ike_delete = ike_delete_create(this->ike_sa, FALSE);