From: Martin Willi <martin@revosec.ch>
Date: Wed, 3 Apr 2013 10:16:27 +0000 (+0200)
Subject: Defer CHILD_SA rekeying if allocating an SPI fails
X-Git-Tag: 5.0.3~10
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bee6515a28c2aaa0a6e37a5eec0213be868492e0;p=thirdparty%2Fstrongswan.git

Defer CHILD_SA rekeying if allocating an SPI fails
---

diff --git a/src/libcharon/sa/ikev2/task_manager_v2.c b/src/libcharon/sa/ikev2/task_manager_v2.c
index a53c06bf7d..5298abf794 100644
--- a/src/libcharon/sa/ikev2/task_manager_v2.c
+++ b/src/libcharon/sa/ikev2/task_manager_v2.c
@@ -475,6 +475,7 @@ METHOD(task_manager_t, initiate, status_t,
 				break;
 			case FAILED:
 			default:
+				this->initiating.type = EXCHANGE_TYPE_UNDEFINED;
 				if (this->ike_sa->get_state(this->ike_sa) != IKE_CONNECTING)
 				{
 					charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
diff --git a/src/libcharon/sa/ikev2/tasks/child_rekey.c b/src/libcharon/sa/ikev2/tasks/child_rekey.c
index f8c2ed141e..262cb10e0a 100644
--- a/src/libcharon/sa/ikev2/tasks/child_rekey.c
+++ b/src/libcharon/sa/ikev2/tasks/child_rekey.c
@@ -86,6 +86,24 @@ struct private_child_rekey_t {
 	bool other_child_destroyed;
 };
 
+/**
+ * Schedule a retry if rekeying temporary failed
+ */
+static void schedule_delayed_rekey(private_child_rekey_t *this)
+{
+	u_int32_t retry;
+	job_t *job;
+
+	retry = RETRY_INTERVAL - (random() % RETRY_JITTER);
+	job = (job_t*)rekey_child_sa_job_create(
+						this->child_sa->get_reqid(this->child_sa),
+						this->child_sa->get_protocol(this->child_sa),
+						this->child_sa->get_spi(this->child_sa, TRUE));
+	DBG1(DBG_IKE, "CHILD_SA rekeying failed, trying again in %d seconds", retry);
+	this->child_sa->set_state(this->child_sa, CHILD_INSTALLED);
+	lib->scheduler->schedule_job(lib->scheduler, job, retry);
+}
+
 /**
  * Implementation of task_t.build for initiator, after rekeying
  */
@@ -166,8 +184,13 @@ METHOD(task_t, build_i, status_t,
 	}
 	reqid = this->child_sa->get_reqid(this->child_sa);
 	this->child_create->use_reqid(this->child_create, reqid);
-	this->child_create->task.build(&this->child_create->task, message);
 
+	if (this->child_create->task.build(&this->child_create->task,
+									   message) != NEED_MORE)
+	{
+		schedule_delayed_rekey(this);
+		return FAILED;
+	}
 	this->child_sa->set_state(this->child_sa, CHILD_REKEYING);
 
 	return NEED_MORE;
@@ -316,17 +339,7 @@ METHOD(task_t, process_i, status_t,
 		if (!(this->collision &&
 			  this->collision->get_type(this->collision) == TASK_CHILD_DELETE))
 		{
-			job_t *job;
-			u_int32_t retry = RETRY_INTERVAL - (random() % RETRY_JITTER);
-
-			job = (job_t*)rekey_child_sa_job_create(
-								this->child_sa->get_reqid(this->child_sa),
-								this->child_sa->get_protocol(this->child_sa),
-								this->child_sa->get_spi(this->child_sa, TRUE));
-			DBG1(DBG_IKE, "CHILD_SA rekeying failed, "
-								"trying again in %d seconds", retry);
-			this->child_sa->set_state(this->child_sa, CHILD_INSTALLED);
-			lib->scheduler->schedule_job(lib->scheduler, job, retry);
+			schedule_delayed_rekey(this);
 		}
 		return SUCCESS;
 	}