From: Martin Willi <martin@revosec.ch>
Date: Wed, 20 Feb 2013 07:57:17 +0000 (+0100)
Subject: When detecting a duplicate IKEv1 SA, adopt children, as it might be a rekeying
X-Git-Tag: 5.0.3dr3~39^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f836d433a9f8a641d1064fd4fe8f19b49675bfe1;p=thirdparty%2Fstrongswan.git

When detecting a duplicate IKEv1 SA, adopt children, as it might be a rekeying
---

diff --git a/src/libcharon/sa/ike_sa_manager.c b/src/libcharon/sa/ike_sa_manager.c
index 2ac8c31233..a195ff9f20 100644
--- a/src/libcharon/sa/ike_sa_manager.c
+++ b/src/libcharon/sa/ike_sa_manager.c
@@ -1745,6 +1745,23 @@ METHOD(ike_sa_manager_t, create_id_enumerator, enumerator_t*,
 									 (void*)id_enumerator_cleanup, ids);
 }
 
+/**
+ * Move all CHILD_SAs from old to new
+ */
+static void adopt_children(ike_sa_t *old, ike_sa_t *new)
+{
+	enumerator_t *enumerator;
+	child_sa_t *child_sa;
+
+	enumerator = old->create_child_sa_enumerator(old);
+	while (enumerator->enumerate(enumerator, &child_sa))
+	{
+		old->remove_child_sa(old, enumerator);
+		new->add_child_sa(new, child_sa);
+	}
+	enumerator->destroy(enumerator);
+}
+
 METHOD(ike_sa_manager_t, check_uniqueness, bool,
 	private_ike_sa_manager_t *this, ike_sa_t *ike_sa, bool force_replace)
 {
@@ -1796,6 +1813,10 @@ METHOD(ike_sa_manager_t, check_uniqueness, bool,
 					{
 						case UNIQUE_REPLACE:
 							charon->bus->alert(charon->bus, ALERT_UNIQUE_REPLACE);
+							if (duplicate->get_version(duplicate) == IKEV1)
+							{
+								adopt_children(duplicate, ike_sa);
+							}
 							DBG1(DBG_IKE, "deleting duplicate IKE_SA for peer "
 									"'%Y' due to uniqueness policy", other);
 							status = duplicate->delete(duplicate);