diff options
author | Tobias Brunner <tobias@strongswan.org> | 2016-05-31 12:22:32 +0200 |
---|---|---|
committer | Tobias Brunner <tobias@strongswan.org> | 2016-06-17 18:48:06 +0200 |
commit | 1b989dd4c54735ff6dd4b96a58d8302b4787367a (patch) | |
tree | 24b79698aec368c63d18d2df43f4f8bad943f12d /src | |
parent | 6270bbde6a24bdc31def5ba08ae068968fbaa662 (diff) | |
download | strongswan-1b989dd4c54735ff6dd4b96a58d8302b4787367a.tar.bz2 strongswan-1b989dd4c54735ff6dd4b96a58d8302b4787367a.tar.xz |
ike-rekey: Properly handle situation if the peer did not notice the rekey collision
We conclude the rekeying before deleting the IKE_SA. Waiting for the
potential TEMPORARY_FAILURE notify is no good because if that response
does not reach us the peer will not retransmit it upon our retransmits
of the rekey request if it already deleted the IKE_SA after receiving
our response to the delete.
Diffstat (limited to 'src')
-rw-r--r-- | src/libcharon/sa/ikev2/tasks/ike_rekey.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/src/libcharon/sa/ikev2/tasks/ike_rekey.c b/src/libcharon/sa/ikev2/tasks/ike_rekey.c index 2d0b8f294..e99536e2d 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_rekey.c +++ b/src/libcharon/sa/ikev2/tasks/ike_rekey.c @@ -392,6 +392,17 @@ METHOD(ike_rekey_t, collide, void, { DBG1(DBG_IKE, "detected %N collision with %N", task_type_names, TASK_IKE_REKEY, task_type_names, other->get_type(other)); + if (other->get_type(other) == TASK_IKE_DELETE) + { + if (this->collision && + this->collision->get_type(this->collision) == TASK_IKE_REKEY) + { + DBG1(DBG_IKE, "peer did not notice IKE_SA rekey collision"); + other->destroy(other); + establish_new((private_ike_rekey_t*)this->collision); + return; + } + } DESTROY_IF(this->collision); this->collision = other; } |