From eb3e339a3c58b6b1a35907c1d9023beaf7f25aaa Mon Sep 17 00:00:00 2001
From: Martin Willi <martin@revosec.ch>
Date: Tue, 10 Mar 2015 13:59:49 +0100
Subject: [PATCH] ikev1: Don't handle DPD timeout job if IKE_SA got passive

While a passively installed IKE_SA does not queue a DPD timeout job, one that
switches from active to passive might execute it. Ignore such a queued job if
the IKE_SA is in passive state.
---
 src/libcharon/processing/jobs/dpd_timeout_job.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/libcharon/processing/jobs/dpd_timeout_job.c b/src/libcharon/processing/jobs/dpd_timeout_job.c
index 9cdce5cab0..4c88c13e2b 100644
--- a/src/libcharon/processing/jobs/dpd_timeout_job.c
+++ b/src/libcharon/processing/jobs/dpd_timeout_job.c
@@ -63,6 +63,12 @@ METHOD(job_t, execute, job_requeue_t,
 											  this->ike_sa_id);
 	if (ike_sa)
 	{
+		if (ike_sa->get_state(ike_sa) == IKE_PASSIVE)
+		{
+			charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
+			return JOB_REQUEUE_NONE;
+		}
+
 		use_time = ike_sa->get_statistic(ike_sa, STAT_INBOUND);
 
 		enumerator = ike_sa->create_child_sa_enumerator(ike_sa);
-- 
2.47.2