From 83191e56b2673b421a396c5d1468a1c9133cbb44 Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Mon, 30 May 2016 17:59:42 +0200 Subject: [PATCH] ike-rekey: Respond with TEMPORARY_FAILURE if CHILD_SAs are currently rekeyed/deleted/established --- src/libcharon/sa/ikev2/tasks/ike_rekey.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/libcharon/sa/ikev2/tasks/ike_rekey.c b/src/libcharon/sa/ikev2/tasks/ike_rekey.c index 89503fa86f..828e7396d6 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_rekey.c +++ b/src/libcharon/sa/ikev2/tasks/ike_rekey.c @@ -67,6 +67,11 @@ struct private_ike_rekey_t { * colliding task detected by the task manager */ task_t *collision; + + /** + * TRUE if rekeying can't be handled temporarily + */ + bool failed_temporarily; }; /** @@ -186,6 +191,7 @@ METHOD(task_t, process_r, status_t, if (this->ike_sa->get_state(this->ike_sa) == IKE_DELETING) { DBG1(DBG_IKE, "peer initiated rekeying, but we are deleting"); + this->failed_temporarily = TRUE; return NEED_MORE; } @@ -201,6 +207,7 @@ METHOD(task_t, process_r, status_t, /* we do not allow rekeying while we have children in-progress */ DBG1(DBG_IKE, "peer initiated rekeying, but a child is half-open"); enumerator->destroy(enumerator); + this->failed_temporarily = TRUE; return NEED_MORE; default: break; @@ -224,7 +231,7 @@ METHOD(task_t, process_r, status_t, METHOD(task_t, build_r, status_t, private_ike_rekey_t *this, message_t *message) { - if (this->ike_sa->get_state(this->ike_sa) == IKE_DELETING) + if (this->failed_temporarily) { message->add_notify(message, TRUE, TEMPORARY_FAILURE, chunk_empty); return SUCCESS; -- 2.47.2