Disable close action for a redundant CHILD_SA resulting from a rekey collision

If a rekey collision is detected, the winning peer of the nonce compare
will delete the redundant CHILD_SA. The other peer should not enforce the
close action on this CHILD, as it would reestablish the redundat CHILD_SA.
Thanks to Thomas Egerer from secunet for pointing this out and the initial
patchset.

diff --git a/src/libcharon/sa/tasks/child_rekey.c b/src/libcharon/sa/tasks/child_rekey.c
index 533141907be77a4728e996fdb7e198e346b57d72..fb3452efd1409af8e4d92b9867961a9a9000c5ca 100644 (file)
--- a/src/libcharon/sa/tasks/child_rekey.c
+++ b/src/libcharon/sa/tasks/child_rekey.c
@@ -234,9 +234,14 @@ static child_sa_t *handle_collision(private_child_rekey_t *this)
                if (memcmp(this_nonce.ptr, other_nonce.ptr,
                                   min(this_nonce.len, other_nonce.len)) < 0)
                {
+                       child_sa_t *child_sa;
+
                        DBG1(DBG_IKE, "CHILD_SA rekey collision won, "
                                 "deleting rekeyed child");
                        to_delete = this->child_sa;
+                       /* disable close action for the redundand child */
+                       child_sa = other->child_create->get_child(other->child_create);
+                       child_sa->set_close_action(child_sa, ACTION_NONE);
                }
                else
                {