ikev1: Only delete redundant CHILD_SAs if configured

If we find a redundant CHILD_SA (the peer probably rekeyed the SA before us) we might not want to delete the old SA because the peer might still use it (same applies to old CHILD_SAs after rekeyings). So only delete them if configured to do so. Fixes #2358.
author: Tobias Brunner <tobias@strongswan.org> 2017-06-20 12:50:36 +0200
committer: Tobias Brunner <tobias@strongswan.org> 2017-06-26 10:33:16 +0200
commit: 083208e805e67aad2ff58bb0d297b46dfff4573c (patch)
tree: 66c78e9ba481be5d6ee24be07d09d5ae48e10fce /src/libcharon
parent: 56ffcdb166013b3cd51ba90c2c382314896717aa (diff)
download: strongswan-083208e805e67aad2ff58bb0d297b46dfff4573c.tar.bz2
strongswan-083208e805e67aad2ff58bb0d297b46dfff4573c.tar.xz
1 files changed, 5 insertions, 1 deletions
diff --git a/src/libcharon/sa/ikev1/task_manager_v1.c b/src/libcharon/sa/ikev1/task_manager_v1.c
index 48ec3e7f5..3472d2c35 100644
--- a/src/libcharon/sa/ikev1/task_manager_v1.c
+++ b/src/libcharon/sa/ikev1/task_manager_v1.c
@@ -1805,8 +1805,12 @@ METHOD(task_manager_t, queue_child_rekey, void,
 		if (is_redundant(this, child_sa))
 		{
 			child_sa->set_state(child_sa, CHILD_REKEYED);
-			queue_task(this, (task_t*)quick_delete_create(this->ike_sa,
+			if (lib->settings->get_bool(lib->settings, "%s.delete_rekeyed",
+										FALSE, lib->ns))
+			{
+				queue_task(this, (task_t*)quick_delete_create(this->ike_sa,
 												protocol, spi, FALSE, FALSE));
+			}
 		}
 		else
 		{
author	Tobias Brunner <tobias@strongswan.org>	2017-06-20 12:50:36 +0200
committer	Tobias Brunner <tobias@strongswan.org>	2017-06-26 10:33:16 +0200
commit	083208e805e67aad2ff58bb0d297b46dfff4573c (patch)
tree	66c78e9ba481be5d6ee24be07d09d5ae48e10fce /src/libcharon
parent	56ffcdb166013b3cd51ba90c2c382314896717aa (diff)
download	strongswan-083208e805e67aad2ff58bb0d297b46dfff4573c.tar.bz2 strongswan-083208e805e67aad2ff58bb0d297b46dfff4573c.tar.xz