From: Afschin Hormozdiary Date: Wed, 10 Oct 2018 08:01:05 +0000 (+0200) Subject: ikev1: Ensure DPD_ACK is sent in time X-Git-Tag: 5.7.2dr4~20 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=2e49bbcc49930c6fa6317415555f89fe31c19ef2;p=thirdparty%2Fstrongswan.git ikev1: Ensure DPD_ACK is sent in time If a lot of QUICK_MODE tasks are queued and the other side sends a DPD request, there is a good chance for timeouts. Observed this in cases where other side is quite slow in responding QUICK_MODE requests (e.g. Cisco ASA v8.x) and about 100 CHILD_SAs are to be spawned. Closes strongswan/strongswan#115. --- diff --git a/src/libcharon/sa/ikev1/task_manager_v1.c b/src/libcharon/sa/ikev1/task_manager_v1.c index 7a1e16bafb..b1a8702782 100644 --- a/src/libcharon/sa/ikev1/task_manager_v1.c +++ b/src/libcharon/sa/ikev1/task_manager_v1.c @@ -544,20 +544,20 @@ METHOD(task_manager_t, initiate, status_t, new_mid = TRUE; break; } - if (!mode_config_expected(this) && - activate_task(this, TASK_QUICK_MODE)) + if (activate_task(this, TASK_ISAKMP_DPD)) { - exchange = QUICK_MODE; + exchange = INFORMATIONAL_V1; new_mid = TRUE; break; } - if (activate_task(this, TASK_INFORMATIONAL)) + if (!mode_config_expected(this) && + activate_task(this, TASK_QUICK_MODE)) { - exchange = INFORMATIONAL_V1; + exchange = QUICK_MODE; new_mid = TRUE; break; } - if (activate_task(this, TASK_ISAKMP_DPD)) + if (activate_task(this, TASK_INFORMATIONAL)) { exchange = INFORMATIONAL_V1; new_mid = TRUE;