From: Tobias Brunner <tobias@strongswan.org>
Date: Thu, 23 Apr 2015 14:36:49 +0000 (+0200)
Subject: child-create: Don't create CHILD_SA if the IKE_SA got redirected in IKE_AUTH
X-Git-Tag: 5.4.0dr8~12^2~20
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b6fcb917626474885da4a07bd8ae98a5111dc3cf;p=thirdparty%2Fstrongswan.git

child-create: Don't create CHILD_SA if the IKE_SA got redirected in IKE_AUTH
---

diff --git a/src/libcharon/sa/ikev2/tasks/child_create.c b/src/libcharon/sa/ikev2/tasks/child_create.c
index 740d09778f..3d4ded9447 100644
--- a/src/libcharon/sa/ikev2/tasks/child_create.c
+++ b/src/libcharon/sa/ikev2/tasks/child_create.c
@@ -1220,6 +1220,10 @@ METHOD(task_t, build_r, status_t,
 			{	/* wait until all authentication round completed */
 				return NEED_MORE;
 			}
+			if (this->ike_sa->has_condition(this->ike_sa, COND_REDIRECTED))
+			{	/* no CHILD_SA is created for redirected SAs */
+				return SUCCESS;
+			}
 			ike_auth = TRUE;
 		default:
 			break;