diff options
author | Tobias Brunner <tobias@strongswan.org> | 2017-02-13 11:54:53 +0100 |
---|---|---|
committer | Tobias Brunner <tobias@strongswan.org> | 2017-02-17 11:37:24 +0100 |
commit | f15c85a487cd6bdfbd3af8e6b034e8ee86201c0f (patch) | |
tree | 43c374bc4cead7c5cd89f8f329e6c0d06abd766e /src/libcharon | |
parent | 597e8c9e009946c994fcba525bacc647f46bae60 (diff) | |
download | strongswan-f15c85a487cd6bdfbd3af8e6b034e8ee86201c0f.tar.bz2 strongswan-f15c85a487cd6bdfbd3af8e6b034e8ee86201c0f.tar.xz |
ikev1: Respond to DPDs for rekeyed IKE_SAs
Some devices always use the oldest IKE_SA to send DPDs and will delete
all IKE_SAs when there is no response. If uniqueness is not enforced
rekeyed IKE_SAs might not get deleted until they expire so we should
respond to DPDs.
References #2090.
Diffstat (limited to 'src/libcharon')
-rw-r--r-- | src/libcharon/sa/ike_sa.c | 4 | ||||
-rw-r--r-- | src/libcharon/sa/ikev1/task_manager_v1.c | 6 |
2 files changed, 10 insertions, 0 deletions
diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c index 76294ce39..76e10691f 100644 --- a/src/libcharon/sa/ike_sa.c +++ b/src/libcharon/sa/ike_sa.c @@ -762,6 +762,10 @@ METHOD(ike_sa_t, send_dpd, status_t, { return INVALID_STATE; } + if (this->version == IKEV1 && this->state == IKE_REKEYING) + { /* don't send DPDs for rekeyed IKEv1 SAs */ + return SUCCESS; + } delay = this->peer_cfg->get_dpd(this->peer_cfg); if (this->task_manager->busy(this->task_manager)) { diff --git a/src/libcharon/sa/ikev1/task_manager_v1.c b/src/libcharon/sa/ikev1/task_manager_v1.c index 7c8eebaba..1da17ee50 100644 --- a/src/libcharon/sa/ikev1/task_manager_v1.c +++ b/src/libcharon/sa/ikev1/task_manager_v1.c @@ -552,6 +552,12 @@ METHOD(task_manager_t, initiate, status_t, new_mid = TRUE; break; } + if (activate_task(this, TASK_ISAKMP_DPD)) + { + exchange = INFORMATIONAL_V1; + new_mid = TRUE; + break; + } break; default: break; |