After IKEv1 reauthentication, reinstall VIP routes after migrating CHILD_SAs

During IKEv1 reauthentication, the virtual IP gets removed, then reinstalled. The CHILD_SAs get migrated, but any associated route gets removed from the kernel. Reinstall routes after adding the virtual IP again.
author: Martin Willi <martin@revosec.ch> 2013-02-20 09:16:00 +0100
committer: Martin Willi <martin@revosec.ch> 2013-02-20 09:16:00 +0100
commit: 3dc9d427c92ee3bece4bc1c3c575250156deeebc (patch)
tree: e0adf355f3b92ee3b4e245a874877ea64ce1719e /src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c
parent: f836d433a9f8a641d1064fd4fe8f19b49675bfe1 (diff)
download: strongswan-3dc9d427c92ee3bece4bc1c3c575250156deeebc.tar.bz2
strongswan-3dc9d427c92ee3bece4bc1c3c575250156deeebc.tar.xz
1 files changed, 4 insertions, 0 deletions
diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c
index e47887859..b6df9879c 100644
--- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c
+++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c
@@ -1757,6 +1757,10 @@ METHOD(kernel_net_t, add_ip, status_t,
 				DBG2(DBG_KNL, "virtual IP %H installed on %s", virtual_ip,
 					 entry->iface->ifname);
 				this->lock->unlock(this->lock);
+				/* during IKEv1 reauthentication, children get moved from
+				 * old the new SA before the virtual IP is available. This
+				 * kills the route for our virtual IP, reinstall. */
+				queue_route_reinstall(this, entry->iface->ifname);
 				return SUCCESS;
 			}
 		}
author	Martin Willi <martin@revosec.ch>	2013-02-20 09:16:00 +0100
committer	Martin Willi <martin@revosec.ch>	2013-02-20 09:16:00 +0100
commit	3dc9d427c92ee3bece4bc1c3c575250156deeebc (patch)
tree	e0adf355f3b92ee3b4e245a874877ea64ce1719e /src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c
parent	f836d433a9f8a641d1064fd4fe8f19b49675bfe1 (diff)
download	strongswan-3dc9d427c92ee3bece4bc1c3c575250156deeebc.tar.bz2 strongswan-3dc9d427c92ee3bece4bc1c3c575250156deeebc.tar.xz