From: Tobias Brunner <tobias@strongswan.org>
Date: Tue, 15 Nov 2016 14:42:33 +0000 (+0100)
Subject: ikev2: Ignore roam events without MOBIKE but static local address
X-Git-Tag: 5.5.2dr5~7
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=be27e76869fe58d17ade1cf6d5a84926ce994ef1;p=thirdparty%2Fstrongswan.git

ikev2: Ignore roam events without MOBIKE but static local address

Disabling MOBIKE and statically configuring a local address should be
enough indication that the user doesn't want to roam to a different
address.  There might not be any routes that indicate we can use the
current address but it might still work (e.g. if the address is on an
interface that is not referenced in any routes and the address itself
is neither).  This way we avoid switching to another address for routes
that might be available on the system.

We currently don't make much use of COND_STALE anyway when MOBIKE is not
enabled, e.g. to avoid sending DPDs if the connection is seemingly down.
With MOBIKE enabled we don't exactly check that state but we do don't
send DPDs if there is no route/source address available.
---

diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c
index f180bfb017..589784c85f 100644
--- a/src/libcharon/sa/ike_sa.c
+++ b/src/libcharon/sa/ike_sa.c
@@ -2517,6 +2517,16 @@ METHOD(ike_sa_t, roam, status_t,
 			break;
 	}
 
+	/* ignore roam events if MOBIKE is not supported/enabled and the local
+	 * address is statically configured */
+	if (this->version == IKEV2 && !supports_extension(this, EXT_MOBIKE) &&
+		ike_cfg_has_address(this->ike_cfg, this->my_host, TRUE))
+	{
+		DBG2(DBG_IKE, "keeping statically configured path %H - %H",
+			 this->my_host, this->other_host);
+		return SUCCESS;
+	}
+
 	/* keep existing path if possible */
 	if (is_current_path_valid(this))
 	{