diff options
| author | Martin Willi <martin@revosec.ch> | 2012-01-10 13:32:06 +0100 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2012-03-20 17:31:35 +0100 |
| commit | 1e624ce876fa4fd631b5e52b9a2d6966b2b2fae6 (patch) | |
| tree | aef70c6e9937095fc378f221b84a19fef37e0525 /src | |
| parent | c9a160953e09bd3edfb09d9a11f19b61ff33d550 (diff) | |
| download | strongswan-1e624ce876fa4fd631b5e52b9a2d6966b2b2fae6.tar.bz2 strongswan-1e624ce876fa4fd631b5e52b9a2d6966b2b2fae6.tar.xz | |
Don't retransmit, rekey, reauth or DPD check SAs when in PASSIVE state
Diffstat (limited to 'src')
| -rw-r--r-- | src/libcharon/sa/ike_sa.c | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c index 1992a6017..fbe125987 100644 --- a/src/libcharon/sa/ike_sa.c +++ b/src/libcharon/sa/ike_sa.c @@ -563,6 +563,10 @@ METHOD(ike_sa_t, send_dpd, status_t, job_t *job; time_t diff, delay; + if (this->state == IKE_PASSIVE) + { + return INVALID_STATE; + } delay = this->peer_cfg->get_dpd(this->peer_cfg); if (this->task_manager->busy(this->task_manager)) { @@ -1256,6 +1260,10 @@ METHOD(ike_sa_t, remove_child_sa, void, METHOD(ike_sa_t, rekey_child_sa, status_t, private_ike_sa_t *this, protocol_id_t protocol, u_int32_t spi) { + if (this->state == IKE_PASSIVE) + { + return INVALID_STATE; + } this->task_manager->queue_child_rekey(this->task_manager, protocol, spi); return this->task_manager->initiate(this->task_manager); } @@ -1263,6 +1271,10 @@ METHOD(ike_sa_t, rekey_child_sa, status_t, METHOD(ike_sa_t, delete_child_sa, status_t, private_ike_sa_t *this, protocol_id_t protocol, u_int32_t spi, bool expired) { + if (this->state == IKE_PASSIVE) + { + return INVALID_STATE; + } this->task_manager->queue_child_delete(this->task_manager, protocol, spi, expired); return this->task_manager->initiate(this->task_manager); @@ -1322,6 +1334,10 @@ METHOD(ike_sa_t, delete_, status_t, METHOD(ike_sa_t, rekey, status_t, private_ike_sa_t *this) { + if (this->state == IKE_PASSIVE) + { + return INVALID_STATE; + } this->task_manager->queue_ike_rekey(this->task_manager); return this->task_manager->initiate(this->task_manager); } @@ -1329,6 +1345,10 @@ METHOD(ike_sa_t, rekey, status_t, METHOD(ike_sa_t, reauth, status_t, private_ike_sa_t *this) { + if (this->state == IKE_PASSIVE) + { + return INVALID_STATE; + } /* we can't reauthenticate as responder when we use EAP or virtual IPs. * If the peer does not support RFC4478, there is no way to keep the * IKE_SA up. */ @@ -1496,6 +1516,10 @@ METHOD(ike_sa_t, reestablish, status_t, METHOD(ike_sa_t, retransmit, status_t, private_ike_sa_t *this, u_int32_t message_id) { + if (this->state == IKE_PASSIVE) + { + return INVALID_STATE; + } this->stats[STAT_OUTBOUND] = time_monotonic(NULL); if (this->task_manager->retransmit(this->task_manager, message_id) != SUCCESS) { |