ha: Delete passive IKE_SA on other node after half-open timeout

Fixes #1192.
author: Tobias Brunner <tobias@strongswan.org> 2016-08-30 14:30:19 +0200
committer: Tobias Brunner <tobias@strongswan.org> 2017-01-25 12:27:21 +0100
commit: 0e3c8cc4a27bd0010a671c6f2f985bdc91f8381b (patch)
tree: f365ca44e8a537ea49a19076bef726f7f01997e9 /src/libcharon
parent: 7085ca68d69ffaba84ec9452e2c2d9aadedd68b8 (diff)
download: strongswan-0e3c8cc4a27bd0010a671c6f2f985bdc91f8381b.tar.bz2
strongswan-0e3c8cc4a27bd0010a671c6f2f985bdc91f8381b.tar.xz
1 files changed, 15 insertions, 0 deletions
diff --git a/src/libcharon/plugins/ha/ha_ike.c b/src/libcharon/plugins/ha/ha_ike.c
index 992ccb06c..0e83b1642 100644
--- a/src/libcharon/plugins/ha/ha_ike.c
+++ b/src/libcharon/plugins/ha/ha_ike.c
@@ -237,6 +237,20 @@ METHOD(listener_t, ike_rekey, bool,
 	return TRUE;
 }
 
+METHOD(listener_t, alert, bool,
+	private_ha_ike_t *this, ike_sa_t *ike_sa, alert_t alert, va_list args)
+{
+	switch (alert)
+	{
+		case ALERT_HALF_OPEN_TIMEOUT:
+			ike_updown(this, ike_sa, FALSE);
+			break;
+		default:
+			break;
+	}
+	return TRUE;
+}
+
 METHOD(listener_t, ike_state_change, bool,
 	private_ha_ike_t *this, ike_sa_t *ike_sa, ike_sa_state_t new)
 {
@@ -393,6 +407,7 @@ ha_ike_t *ha_ike_create(ha_socket_t *socket, ha_tunnel_t *tunnel,
 	INIT(this,
 		.public = {
 			.listener = {
+				.alert = _alert,
 				.ike_keys = _ike_keys,
 				.ike_updown = _ike_updown,
 				.ike_rekey = _ike_rekey,
author	Tobias Brunner <tobias@strongswan.org>	2016-08-30 14:30:19 +0200
committer	Tobias Brunner <tobias@strongswan.org>	2017-01-25 12:27:21 +0100
commit	0e3c8cc4a27bd0010a671c6f2f985bdc91f8381b (patch)
tree	f365ca44e8a537ea49a19076bef726f7f01997e9 /src/libcharon
parent	7085ca68d69ffaba84ec9452e2c2d9aadedd68b8 (diff)
download	strongswan-0e3c8cc4a27bd0010a671c6f2f985bdc91f8381b.tar.bz2 strongswan-0e3c8cc4a27bd0010a671c6f2f985bdc91f8381b.tar.xz