1 From 0e32cbc0bc8fce3319491db360fb23b16561ec58 Mon Sep 17 00:00:00 2001
2 From: Tobias Brunner <tobias@strongswan.org>
3 Date: Tue, 15 Dec 2015 17:15:32 +0100
4 Subject: [PATCH] child-rekey: Suppress updown event when deleting redundant
7 When handling a rekey collision we might have to delete an already
8 installed redundant CHILD_SA (or expect the other peer to do so). We don't
9 want to trigger updown events for these as we don't during rekeying.
11 Instead of setting the state to CHILD_REKEYING we could maybe use
12 CHILD_REKEYED, which we currently only use for IKEv1, and set it for
13 all CHILD_SAs we delete or expect the other peer to delete. Would need
14 a small change in child-delete too. Or we could introduce a new state.
18 src/libcharon/sa/ikev2/tasks/child_rekey.c | 11 ++++++++++-
19 1 file changed, 10 insertions(+), 1 deletion(-)
21 diff --git a/src/libcharon/sa/ikev2/tasks/child_rekey.c b/src/libcharon/sa/ikev2/tasks/child_rekey.c
22 index c7a8a13..6f0c2b2 100644
23 --- a/src/libcharon/sa/ikev2/tasks/child_rekey.c
24 +++ b/src/libcharon/sa/ikev2/tasks/child_rekey.c
25 @@ -279,11 +279,15 @@ static child_sa_t *handle_collision(private_child_rekey_t *this)
26 /* don't touch child other created, it has already been deleted */
27 if (!this->other_child_destroyed)
29 - /* disable close action for the redundand child */
30 + /* disable close action and updown event for redundant child */
31 child_sa = other->child_create->get_child(other->child_create);
34 child_sa->set_close_action(child_sa, ACTION_NONE);
35 + if (child_sa->get_state(child_sa) != CHILD_REKEYING)
37 + child_sa->set_state(child_sa, CHILD_REKEYING);
42 @@ -372,6 +376,11 @@ METHOD(task_t, process_i, status_t,
46 + /* disable updown event for redundant CHILD_SA */
47 + if (to_delete->get_state(to_delete) != CHILD_REKEYING)
49 + to_delete->set_state(to_delete, CHILD_REKEYING);
51 spi = to_delete->get_spi(to_delete, TRUE);
52 protocol = to_delete->get_protocol(to_delete);
projects / ipfire-2.x.git / blob