From: Martin Willi <martin@revosec.ch>
Date: Tue, 3 Jan 2012 12:33:18 +0000 (+0100)
Subject: Include peer config overtime in negotiated ISAKMP SA lifetime
X-Git-Tag: 5.0.0~338^2~9^2~96
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=c9d68d17f0a004e36b57fcf46f87d8254263deb5;p=thirdparty%2Fstrongswan.git

Include peer config overtime in negotiated ISAKMP SA lifetime
---

diff --git a/src/libcharon/sa/ikev1/tasks/main_mode.c b/src/libcharon/sa/ikev1/tasks/main_mode.c
index a9486e8399..75f167b1d0 100644
--- a/src/libcharon/sa/ikev1/tasks/main_mode.c
+++ b/src/libcharon/sa/ikev1/tasks/main_mode.c
@@ -548,6 +548,7 @@ METHOD(task_t, build_i, status_t,
 				this->lifetime = this->peer_cfg->get_rekey_time(this->peer_cfg,
 																 FALSE);
 			}
+			this->lifetime += this->peer_cfg->get_over_time(this->peer_cfg);
 			proposals = this->ike_cfg->get_proposals(this->ike_cfg);
 			sa_payload = sa_payload_create_from_proposals_v1(proposals,
 						this->lifetime, 0, this->auth_method, MODE_NONE, FALSE);
@@ -1006,9 +1007,9 @@ METHOD(task_t, process_i, status_t,
 			if (lifetime != this->lifetime)
 			{
 				DBG1(DBG_IKE, "received lifetime %us does not match configured "
-					 "%us, using lower value", lifetime, this->lifetime);
+					 "lifetime %us", lifetime, this->lifetime);
 			}
-			this->lifetime = min(this->lifetime, lifetime);
+			this->lifetime = lifetime;
 			auth_method = sa_payload->get_auth_method(sa_payload);
 			if (auth_method != this->auth_method)
 			{