]> git.ipfire.org Git - thirdparty/strongswan.git/commit
projects / thirdparty / strongswan.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 438318c) | patch
ikev2: Don't set old IKE_SA to REKEYING state during make-before-break reauth
authorMartin Willi <martin@revosec.ch>
Wed, 11 Mar 2015 13:41:37 +0000 (14:41 +0100)
committerMartin Willi <martin@revosec.ch>
Wed, 11 Mar 2015 13:48:08 +0000 (14:48 +0100)
commit799f4c5db942b6a1cc92e0f6cc0f01f591695309
tree98a4afa20755bbfd7a8c2603bd746baba6943a83tree
parent438318c6c3b15db75bf5e18294edf9375a1a97f2commit | diff
ikev2: Don't set old IKE_SA to REKEYING state during make-before-break reauth

We are actually not in rekeying state, but just trigger a separate, new IKE_SA
as a replacement for the current IKE_SA. Switching to the REKEYING state
disables the invocation of both IKE and CHILD_SA updown hooks as initiator,
preventing the removal of any firewall rules.

Fixes #885.
src/libcharon/sa/ikev2/task_manager_v2.c diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.