From: Tobias Brunner Date: Tue, 21 Mar 2023 14:02:28 +0000 (+0100) Subject: ikev2: Use REKEY_SA as sole trigger for CHILD_SA rekeying X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7e4aa518112b0167d1a0e21194cee1eba5a6ee08;p=thirdparty%2Fstrongswan.git ikev2: Use REKEY_SA as sole trigger for CHILD_SA rekeying There won't be any TS payloads when using optimized rekeying. --- diff --git a/src/libcharon/sa/ikev2/task_manager_v2.c b/src/libcharon/sa/ikev2/task_manager_v2.c index be41f84e09..340cfc0b1b 100644 --- a/src/libcharon/sa/ikev2/task_manager_v2.c +++ b/src/libcharon/sa/ikev2/task_manager_v2.c @@ -1230,7 +1230,7 @@ static status_t process_request(private_task_manager_t *this, switch (payload->get_type(payload)) { case PLV2_NOTIFY: - { /* if we find a rekey notify, its CHILD_SA rekeying */ + { notify = (notify_payload_t*)payload; if (notify->get_notify_type(notify) == REKEY_SA && (notify->get_protocol_id(notify) == PROTO_AH || @@ -1242,7 +1242,7 @@ static status_t process_request(private_task_manager_t *this, } case PLV2_TS_INITIATOR: case PLV2_TS_RESPONDER: - { /* if we don't find a TS, its IKE rekeying */ + { ts_found = TRUE; break; } @@ -1252,18 +1252,16 @@ static status_t process_request(private_task_manager_t *this, } enumerator->destroy(enumerator); - if (ts_found) + if (notify_found) { - if (notify_found) - { - task = (task_t*)child_rekey_create(this->ike_sa, - PROTO_NONE, 0); - } - else - { - task = (task_t*)child_create_create(this->ike_sa, NULL, - FALSE, NULL, NULL); - } + task = (task_t*)child_rekey_create(this->ike_sa, + PROTO_NONE, 0); + } + else if (ts_found) + { + + task = (task_t*)child_create_create(this->ike_sa, NULL, + FALSE, NULL, NULL); } else {