From: Tobias Brunner <tobias@strongswan.org>
Date: Mon, 20 Mar 2023 15:59:10 +0000 (+0100)
Subject: child-create: Disable optimized rekeying for CHILD_SA created during IKE_AUTH
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3c9305ae738e2d6918a5eaef74ce6b00b3ec28de;p=thirdparty%2Fstrongswan.git

child-create: Disable optimized rekeying for CHILD_SA created during IKE_AUTH
---

diff --git a/src/libcharon/sa/ikev2/tasks/child_create.c b/src/libcharon/sa/ikev2/tasks/child_create.c
index 9baa639f22..d8514c4463 100644
--- a/src/libcharon/sa/ikev2/tasks/child_create.c
+++ b/src/libcharon/sa/ikev2/tasks/child_create.c
@@ -1507,6 +1507,8 @@ METHOD(task_t, build_i, status_t,
 	this->child_sa = child_sa_create(this->ike_sa->get_my_host(this->ike_sa),
 									 this->ike_sa->get_other_host(this->ike_sa),
 									 this->config, &this->child);
+	/* disable optimized rekeying for the CHILD_SA created during IKE_AUTH */
+	this->child_sa->set_optimized_rekey(this->child_sa, !no_ke);
 
 	/* check this after creating the object so that its destruction is detected
 	 * by controller and trap manager */
@@ -2097,6 +2099,8 @@ METHOD(task_t, build_r, status_t,
 	this->child_sa = child_sa_create(this->ike_sa->get_my_host(this->ike_sa),
 									 this->ike_sa->get_other_host(this->ike_sa),
 									 this->config, &this->child);
+	/* disable optimized rekeying for the CHILD_SA created during IKE_AUTH */
+	this->child_sa->set_optimized_rekey(this->child_sa, !ike_auth);
 
 	this->other_spi = this->proposal->get_spi(this->proposal);
 	if (!allocate_spi(this))