Move establish/inherit of rekeyed IKE_SAs to delete messages

Having the inherit() function delayed to the IKE_SA establish procedure
was problematic. The task destroy function was never a good place and
results in locking/cleanup problems. After establishing the SA, it
should be really checked in ASAP to avoid any triggered DPD checks
to get lost.

1 files changed, 12 insertions, 5 deletions

diff --git a/src/libcharon/sa/task_manager.c b/src/libcharon/sa/task_manager.c
index 7b1fef2b7..f07d2e384 100644
--- a/src/libcharon/sa/task_manager.c
+++ b/src/libcharon/sa/task_manager.c
@@ -545,7 +545,7 @@ static status_t process_response(private_task_manager_t *this,
 /**
  * handle exchange collisions
  */
-static void handle_collisions(private_task_manager_t *this, task_t *task)
+static bool handle_collisions(private_task_manager_t *this, task_t *task)
 {
 	iterator_t *iterator;
 	task_t *active;
@@ -584,12 +584,11 @@ static void handle_collisions(private_task_manager_t *this, task_t *task)
 					continue;
 			}
 			iterator->destroy(iterator);
-			return;
+			return TRUE;
 		}
 		iterator->destroy(iterator);
 	}
-	/* destroy task if not registered in any active task */
-	task->destroy(task);
+	return FALSE;
 }
 
 /**
@@ -623,9 +622,17 @@ static status_t build_response(private_task_manager_t *this, message_t *request)
 			case SUCCESS:
 				/* task completed, remove it */
 				iterator->remove(iterator);
-				handle_collisions(this, task);
+				if (!handle_collisions(this, task))
+				{
+					task->destroy(task);
+				}
+				break;
 			case NEED_MORE:
 				/* processed, but task needs another exchange */
+				if (handle_collisions(this, task))
+				{
+					iterator->remove(iterator);
+				}
 				break;
 			case FAILED:
 			default: