diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2012-09-21 12:14:29 +0200 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2013-03-19 12:00:00 +0100 |
| commit | 8a0a1ae8578c000c51f45ebca0fd75f763c6365e (patch) | |
| tree | 97bb1067edf7927139b6d83986216b9ae0e9dc6d /src/libcharon/processing | |
| parent | 7a87381840484531f8ddeeb581e4280e0e93902e (diff) | |
| download | strongswan-8a0a1ae8578c000c51f45ebca0fd75f763c6365e.tar.bz2 strongswan-8a0a1ae8578c000c51f45ebca0fd75f763c6365e.tar.xz | |
Delete IKE_SAs if responder does not initiate XAuth exchange within a certain time frame
Diffstat (limited to 'src/libcharon/processing')
| -rw-r--r-- | src/libcharon/processing/jobs/delete_ike_sa_job.c | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/src/libcharon/processing/jobs/delete_ike_sa_job.c b/src/libcharon/processing/jobs/delete_ike_sa_job.c index 3a8c2e1cd..a394e9df9 100644 --- a/src/libcharon/processing/jobs/delete_ike_sa_job.c +++ b/src/libcharon/processing/jobs/delete_ike_sa_job.c @@ -76,11 +76,21 @@ METHOD(job_t, execute, job_requeue_t, } else { - /* destroy IKE_SA did not complete connecting phase */ + /* destroy IKE_SA only if it did not complete connecting phase */ if (ike_sa->get_state(ike_sa) != IKE_CONNECTING) { charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa); } + else if (ike_sa->get_version(ike_sa) == IKEV1 && + ike_sa->has_condition(ike_sa, COND_ORIGINAL_INITIATOR)) + { /* as initiator we waited for the peer to initiate e.g. an + * XAuth exchange, reauth the SA to eventually trigger DPD */ + DBG1(DBG_JOB, "peer did not initiate expected exchange, " + "reestablishing IKE_SA"); + ike_sa->reauth(ike_sa); + charon->ike_sa_manager->checkin_and_destroy( + charon->ike_sa_manager, ike_sa); + } else { DBG1(DBG_JOB, "deleting half open IKE_SA after timeout"); |