git.ipfire.org Git - thirdparty/strongswan.git/commit

author	Tobias Brunner <tobias@strongswan.org>
	Thu, 20 May 2021 16:11:58 +0000 (18:11 +0200)
committer	Tobias Brunner <tobias@strongswan.org>
	Mon, 23 Aug 2021 16:10:15 +0000 (18:10 +0200)
commit	2c412dfecb6f7e4124a16ad3539a7dc2b52b7bec
tree	b1ebb99e31cc984a9105a0992f3da8f5b4beebfd	tree
parent	e23b326a21b5da06d387108c2ec3a3b0143e58a6	commit \| diff

child-create: Abort initiating a duplicate CHILD_SA

This could happen if an acquire is triggered while we respond to a
CREATE_CHILD_SA request from the peer, or if an acquire is triggered
while an IKE_SA (with its existing CHILD_SAs) is reestablished (also
with break-before-make reauthentication). Also catches multiple
manual initiations.

Note that this ignores the traffic selectors from acquires (narrowing to
them seems rare in practice anyway).

Duplicates can still get created if e.g. both peers initiate them
concurrently.

src/libcharon/sa/ikev2/tasks/child_create.c		diff \| blob \| blame \| history
src/libcharon/tests/suites/test_child_create.c		diff \| blob \| blame \| history