From: Tobias Brunner <tobias@strongswan.org>
Date: Mon, 13 Feb 2017 10:54:53 +0000 (+0100)
Subject: ikev1: Respond to DPDs for rekeyed IKE_SAs
X-Git-Tag: 5.5.2dr5~5
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f15c85a487cd6bdfbd3af8e6b034e8ee86201c0f;p=thirdparty%2Fstrongswan.git

ikev1: Respond to DPDs for rekeyed IKE_SAs

Some devices always use the oldest IKE_SA to send DPDs and will delete
all IKE_SAs when there is no response. If uniqueness is not enforced
rekeyed IKE_SAs might not get deleted until they expire so we should
respond to DPDs.

References #2090.
---

diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c
index 76294ce39b..76e10691fd 100644
--- a/src/libcharon/sa/ike_sa.c
+++ b/src/libcharon/sa/ike_sa.c
@@ -762,6 +762,10 @@ METHOD(ike_sa_t, send_dpd, status_t,
 	{
 		return INVALID_STATE;
 	}
+	if (this->version == IKEV1 && this->state == IKE_REKEYING)
+	{	/* don't send DPDs for rekeyed IKEv1 SAs */
+		return SUCCESS;
+	}
 	delay = this->peer_cfg->get_dpd(this->peer_cfg);
 	if (this->task_manager->busy(this->task_manager))
 	{
diff --git a/src/libcharon/sa/ikev1/task_manager_v1.c b/src/libcharon/sa/ikev1/task_manager_v1.c
index 7c8eebabab..1da17ee50c 100644
--- a/src/libcharon/sa/ikev1/task_manager_v1.c
+++ b/src/libcharon/sa/ikev1/task_manager_v1.c
@@ -552,6 +552,12 @@ METHOD(task_manager_t, initiate, status_t,
 					new_mid = TRUE;
 					break;
 				}
+				if (activate_task(this, TASK_ISAKMP_DPD))
+				{
+					exchange = INFORMATIONAL_V1;
+					new_mid = TRUE;
+					break;
+				}
 				break;
 			default:
 				break;