1 files changed, 57 insertions, 0 deletions

diff --git a/main/ipsec-tools/95-purge-on-delete-notify.patch b/main/ipsec-tools/95-purge-on-delete-notify.patch
new file mode 100644
index 0000000000..aa92135bc4
--- /dev/null
+++ b/main/ipsec-tools/95-purge-on-delete-notify.patch
@@ -0,0 +1,57 @@
+Index: src/racoon/isakmp.c
+===================================================================
+RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/isakmp.c,v
+retrieving revision 1.63
+diff -u -p -r1.63 isakmp.c
+--- a/src/racoon/isakmp.c	21 Oct 2010 06:15:28 -0000	1.63
++++ b/src/racoon/isakmp.c	4 Nov 2010 14:52:39 -0000
+@@ -766,6 +766,20 @@ isakmp_main(msg, remote, local)
+ 	return 0;
+ }
+ 
++static int
++ph1_rekey_enabled(iph1)
++	struct ph1handle *iph1;
++{
++	if (iph1->rmconf->rekey == REKEY_FORCE)
++		return 1;
++#ifdef ENABLE_DPD
++	if (iph1->rmconf->rekey == REKEY_ON && iph1->dpd_support &&
++	    iph1->rmconf->dpd_interval)
++		return 1;
++#endif
++	return 0;
++}
++
+ /*
+  * main function of phase 1.
+  */
+@@ -866,13 +880,7 @@ ph1_main(iph1, msg)
+ 		migrate_dying_ph12(iph1);
+ 
+ 		/* add to the schedule to expire, and seve back pointer. */
+-		if ((iph1->rmconf->rekey == REKEY_FORCE)
+-#ifdef ENABLE_DPD
+-			||
+-		    (iph1->rmconf->rekey == REKEY_ON && iph1->dpd_support &&
+-		     iph1->rmconf->dpd_interval)
+-#endif
+-			) {
++		if (ph1_rekey_enabled(iph1)) {
+ 			sched_schedule(&iph1->sce,
+ 				       iph1->approval->lifetime *
+ 				       PFKEY_SOFT_LIFETIME_RATE / 100,
+@@ -2071,7 +2079,13 @@ isakmp_ph1delete(iph1)
+ 	plog(LLV_INFO, LOCATION, NULL,
+ 		"ISAKMP-SA deleted %s-%s spi:%s\n",
+ 		src, dst, isakmp_pindex(&iph1->index, 0));
++
+ 	evt_phase1(iph1, EVT_PHASE1_DOWN, NULL);
++
++	if (new_iph1 == NULL && ph1_rekey_enabled(iph1)) {
++		purge_remote(iph1);
++		script_hook(iph1, SCRIPT_PHASE1_DEAD);
++	}
+ 	racoon_free(src);
+ 	racoon_free(dst);
+