From: Tobias Brunner <tobias@strongswan.org>
Date: Tue, 25 Feb 2025 11:15:20 +0000 (+0100)
Subject: android: Disable make-before-break reauthentication
X-Git-Tag: android-2.5.4^2~1
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=40a37b6ffc2c9f6f5bfa231d584d56363f2d6adb;p=thirdparty%2Fstrongswan.git

android: Disable make-before-break reauthentication

The service implementation with its handling of reauth callbacks and
no-DNS TUN device etc. can't handle make-before-break reauthentication
at the moment.
---

diff --git a/src/frontends/android/app/src/main/jni/libandroidbridge/charonservice.c b/src/frontends/android/app/src/main/jni/libandroidbridge/charonservice.c
index 12ac017278..bec15a3218 100644
--- a/src/frontends/android/app/src/main/jni/libandroidbridge/charonservice.c
+++ b/src/frontends/android/app/src/main/jni/libandroidbridge/charonservice.c
@@ -504,6 +504,11 @@ static void set_options(char *logfile, jboolean ipv6)
 					"charon.retransmit_base", ANDROID_RETRANSMIT_BASE);
 	lib->settings->set_bool(lib->settings,
 					"charon.initiator_only", TRUE);
+	/* the service currently can't handle make-before-break reauth and assumes
+	 * the old SA is deleted before the replacement and intalls a special
+	 * replacement TUN device in-between */
+	lib->settings->set_bool(lib->settings,
+					"charon.make_before_break", FALSE);
 	lib->settings->set_bool(lib->settings,
 					"charon.close_ike_on_child_failure", TRUE);
 	lib->settings->set_bool(lib->settings,