From: Tobias Brunner Date: Thu, 26 May 2016 13:08:09 +0000 (+0200) Subject: ike-rekey: Establish new IKE_SA earlier as responder, but only if no collision X-Git-Tag: 5.5.0dr1~4^2~48 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=851ee4eeb7c76de38d34fb34ccac77ae55806f2e;p=thirdparty%2Fstrongswan.git ike-rekey: Establish new IKE_SA earlier as responder, but only if no collision Moving to the new SA only after receiving the DELETE for the old SA was not ideal as it rendered the new SA unusable (because it simply didn't exist in the manager) if the DELETE was delayed/got dropped. --- diff --git a/src/libcharon/sa/ikev2/tasks/ike_rekey.c b/src/libcharon/sa/ikev2/tasks/ike_rekey.c index a85df114c3..ef61a53f1c 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_rekey.c +++ b/src/libcharon/sa/ikev2/tasks/ike_rekey.c @@ -1,7 +1,8 @@ /* + * Copyright (C) 2015-2016 Tobias Brunner * Copyright (C) 2005-2008 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -123,7 +124,6 @@ static void establish_new(private_ike_rekey_t *this) METHOD(task_t, process_r_delete, status_t, private_ike_rekey_t *this, message_t *message) { - establish_new(this); return this->ike_delete->task.process(&this->ike_delete->task, message); } @@ -232,7 +232,12 @@ METHOD(task_t, build_r, status_t, return SUCCESS; } charon->bus->set_sa(charon->bus, this->ike_sa); - this->ike_sa->set_state(this->ike_sa, IKE_REKEYING); + + if (this->ike_sa->get_state(this->ike_sa) != IKE_REKEYING) + { /* in case of a collision we let the initiating task handle this */ + establish_new(this); + this->ike_sa->set_state(this->ike_sa, IKE_REKEYING); + } /* rekeying successful, delete the IKE_SA using a subtask */ this->ike_delete = ike_delete_create(this->ike_sa, FALSE);