[ipfire-2.x.git] / src / patches / strongswan-child-rekey-Suppress-updown-event-when-deleting-redundant-CHILD_SAs.patch

From 0e32cbc0bc8fce3319491db360fb23b16561ec58 Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Tue, 15 Dec 2015 17:15:32 +0100
Subject: [PATCH] child-rekey: Suppress updown event when deleting redundant
 CHILD_SAs

When handling a rekey collision we might have to delete an already
installed redundant CHILD_SA (or expect the other peer to do so).  We don't
want to trigger updown events for these as we don't during rekeying.

Instead of setting the state to CHILD_REKEYING we could maybe use
CHILD_REKEYED, which we currently only use for IKEv1, and set it for
all CHILD_SAs we delete or expect the other peer to delete.  Would need
a small change in child-delete too.  Or we could introduce a new state.

 #853.
---
 src/libcharon/sa/ikev2/tasks/child_rekey.c |   11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/libcharon/sa/ikev2/tasks/child_rekey.c b/src/libcharon/sa/ikev2/tasks/child_rekey.c
index c7a8a13..6f0c2b2 100644
--- a/src/libcharon/sa/ikev2/tasks/child_rekey.c
+++ b/src/libcharon/sa/ikev2/tasks/child_rekey.c
@@ -279,11 +279,15 @@ static child_sa_t *handle_collision(private_child_rekey_t *this)
 			/* don't touch child other created, it has already been deleted */
 			if (!this->other_child_destroyed)
 			{
-				/* disable close action for the redundand child */
+				/* disable close action and updown event for redundant child */
 				child_sa = other->child_create->get_child(other->child_create);
 				if (child_sa)
 				{
 					child_sa->set_close_action(child_sa, ACTION_NONE);
+					if (child_sa->get_state(child_sa) != CHILD_REKEYING)
+					{
+						child_sa->set_state(child_sa, CHILD_REKEYING);
+					}
 				}
 			}
 		}
@@ -372,6 +376,11 @@ METHOD(task_t, process_i, status_t,
 	{
 		return SUCCESS;
 	}
+	/* disable updown event for redundant CHILD_SA */
+	if (to_delete->get_state(to_delete) != CHILD_REKEYING)
+	{
+		to_delete->set_state(to_delete, CHILD_REKEYING);
+	}
 	spi = to_delete->get_spi(to_delete, TRUE);
 	protocol = to_delete->get_protocol(to_delete);
 
-- 
1.7.9.5
Commit	Line	Data
4d7f9a81 MT	1	From 0e32cbc0bc8fce3319491db360fb23b16561ec58 Mon Sep 17 00:00:00 2001
	2	From: Tobias Brunner <tobias@strongswan.org>
	3	Date: Tue, 15 Dec 2015 17:15:32 +0100
	4	Subject: [PATCH] child-rekey: Suppress updown event when deleting redundant
	5	CHILD_SAs
	6
	7	When handling a rekey collision we might have to delete an already
	8	installed redundant CHILD_SA (or expect the other peer to do so). We don't
	9	want to trigger updown events for these as we don't during rekeying.
	10
	11	Instead of setting the state to CHILD_REKEYING we could maybe use
	12	CHILD_REKEYED, which we currently only use for IKEv1, and set it for
	13	all CHILD_SAs we delete or expect the other peer to delete. Would need
	14	a small change in child-delete too. Or we could introduce a new state.
	15
	16	#853.
	17	---
	18	src/libcharon/sa/ikev2/tasks/child_rekey.c \| 11 ++++++++++-
	19	1 file changed, 10 insertions(+), 1 deletion(-)
	20
	21	diff --git a/src/libcharon/sa/ikev2/tasks/child_rekey.c b/src/libcharon/sa/ikev2/tasks/child_rekey.c
	22	index c7a8a13..6f0c2b2 100644
	23	--- a/src/libcharon/sa/ikev2/tasks/child_rekey.c
	24	+++ b/src/libcharon/sa/ikev2/tasks/child_rekey.c
	25	@@ -279,11 +279,15 @@ static child_sa_t handle_collision(private_child_rekey_t this)
	26	/* don't touch child other created, it has already been deleted */
	27	if (!this->other_child_destroyed)
	28	{
	29	- /* disable close action for the redundand child */
	30	+ /* disable close action and updown event for redundant child */
	31	child_sa = other->child_create->get_child(other->child_create);
	32	if (child_sa)
	33	{
	34	child_sa->set_close_action(child_sa, ACTION_NONE);
	35	+ if (child_sa->get_state(child_sa) != CHILD_REKEYING)
	36	+ {
	37	+ child_sa->set_state(child_sa, CHILD_REKEYING);
	38	+ }
	39	}
	40	}
	41	}
	42	@@ -372,6 +376,11 @@ METHOD(task_t, process_i, status_t,
	43	{
	44	return SUCCESS;
	45	}
	46	+ /* disable updown event for redundant CHILD_SA */
	47	+ if (to_delete->get_state(to_delete) != CHILD_REKEYING)
	48	+ {
	49	+ to_delete->set_state(to_delete, CHILD_REKEYING);
	50	+ }
	51	spi = to_delete->get_spi(to_delete, TRUE);
	52	protocol = to_delete->get_protocol(to_delete);
	53
	54	--
	55	1.7.9.5
	56