From: Martin Willi <martin@revosec.ch>
Date: Thu, 27 Feb 2014 08:36:46 +0000 (+0100)
Subject: ikev2: Recreate a CHILD_SA that got a hard lifetime expire without rekeying
X-Git-Tag: 5.1.3rc1~12
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e12eec10089a4a18a15ccb511aa1200ad59e8044;p=thirdparty%2Fstrongswan.git

ikev2: Recreate a CHILD_SA that got a hard lifetime expire without rekeying

Works around issues related to system time changes and kernel backends using
that system time, such as Linux XFRM.
---

diff --git a/src/libcharon/sa/ikev2/tasks/child_delete.c b/src/libcharon/sa/ikev2/tasks/child_delete.c
index e898efc88e..88b032c8bd 100644
--- a/src/libcharon/sa/ikev2/tasks/child_delete.c
+++ b/src/libcharon/sa/ikev2/tasks/child_delete.c
@@ -17,6 +17,7 @@
 
 #include <daemon.h>
 #include <encoding/payloads/delete_payload.h>
+#include <sa/ikev2/tasks/child_create.h>
 
 
 typedef struct private_child_delete_t private_child_delete_t;
@@ -313,6 +314,17 @@ METHOD(task_t, build_i, status_t,
 	}
 	log_children(this);
 	build_payloads(this, message);
+
+	if (!this->rekeyed && this->expired)
+	{
+		child_cfg_t *child_cfg;
+
+		DBG1(DBG_IKE, "scheduling CHILD_SA recreate after hard expire");
+		child_cfg = child_sa->get_config(child_sa);
+		this->ike_sa->queue_task(this->ike_sa, (task_t*)
+				child_create_create(this->ike_sa, child_cfg->get_ref(child_cfg),
+									FALSE, NULL, NULL));
+	}
 	return NEED_MORE;
 }