diff options
| author | Thomas Egerer <thomas.egerer@secunet.com> | 2014-10-09 11:15:07 +0200 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2014-10-30 11:53:56 +0100 |
| commit | 1201ddcbc5dda4849524f08a0923071d1b15b387 (patch) | |
| tree | 66061a2f442272f40ed2c82b747ab645e433c6ec | |
| parent | 11b42933bf3896acaa7fb2efef8689c04d9224b1 (diff) | |
| download | strongswan-1201ddcbc5dda4849524f08a0923071d1b15b387.tar.bz2 strongswan-1201ddcbc5dda4849524f08a0923071d1b15b387.tar.xz | |
ikev1: Don't inherit children if INITITAL_CONTACT was seen
Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
| -rw-r--r-- | src/libcharon/sa/ike_sa_manager.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/src/libcharon/sa/ike_sa_manager.c b/src/libcharon/sa/ike_sa_manager.c index bdabc59b5..144cd7d3f 100644 --- a/src/libcharon/sa/ike_sa_manager.c +++ b/src/libcharon/sa/ike_sa_manager.c @@ -1783,7 +1783,10 @@ static status_t enforce_replace(private_ike_sa_manager_t *this, if (is_ikev1_reauth(duplicate, host)) { /* looks like a reauthentication attempt */ - adopt_children(duplicate, new); + if (!new->has_condition(new, COND_INIT_CONTACT_SEEN)) + { + adopt_children(duplicate, new); + } /* For IKEv1 we have to delay the delete for the old IKE_SA. Some * peers need to complete the new SA first, otherwise the quick modes * might get lost. */ |