From: Tobias Brunner <tobias@strongswan.org>
Date: Thu, 30 Apr 2015 10:26:41 +0000 (+0200)
Subject: ike-sa: Reauthenticate to the same addresses we currently use
X-Git-Tag: 5.4.0dr8~12^2~7
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7505fb8d457983892b3cba049a4b6a8bae78b49d;p=thirdparty%2Fstrongswan.git

ike-sa: Reauthenticate to the same addresses we currently use

If the SA got redirected this would otherwise cause a reauthentication with
the original gateway.  Reestablishing the SA to the original gateway, if e.g.
the new gateway is not reachable makes sense though.
---

diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c
index 6884bf2499..f5245417ed 100644
--- a/src/libcharon/sa/ike_sa.c
+++ b/src/libcharon/sa/ike_sa.c
@@ -1950,8 +1950,11 @@ METHOD(ike_sa_t, reestablish, status_t,
 	host = this->my_host;
 	new->set_my_host(new, host->clone(host));
 	charon->bus->ike_reestablish_pre(charon->bus, &this->public, new);
-	/* resolve hosts but use the old addresses above as fallback */
-	resolve_hosts((private_ike_sa_t*)new);
+	if (!has_condition(this, COND_REAUTHENTICATING))
+	{	/* reauthenticate to the same addresses, but resolve hosts if
+		 * reestablishing (old addresses serve as fallback) */
+		resolve_hosts((private_ike_sa_t*)new);
+	}
 	/* if we already have a virtual IP, we reuse it */
 	enumerator = array_create_enumerator(this->my_vips);
 	while (enumerator->enumerate(enumerator, &host))