diff options
author | Martin Willi <martin@revosec.ch> | 2012-01-10 13:32:06 +0100 |
---|---|---|
committer | Martin Willi <martin@revosec.ch> | 2012-02-02 10:34:04 +0100 |
commit | 916cdca851c7b47111bc705a29ddcec8dd15cd34 (patch) | |
tree | 0b488dd9a934ab2e26feeeb8f29ce9c7f7e65f69 /src | |
parent | dcefa26787549546467206da7818738cb5a7e8af (diff) | |
download | strongswan-916cdca851c7b47111bc705a29ddcec8dd15cd34.tar.bz2 strongswan-916cdca851c7b47111bc705a29ddcec8dd15cd34.tar.xz |
Don't retransmit, rekey, reauth or DPD check SAs when in PASSIVE state
Diffstat (limited to 'src')
-rw-r--r-- | src/libcharon/sa/ike_sa.c | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c index 75868ab2c..34b81a99b 100644 --- a/src/libcharon/sa/ike_sa.c +++ b/src/libcharon/sa/ike_sa.c @@ -559,6 +559,10 @@ METHOD(ike_sa_t, send_dpd, status_t, job_t *job; time_t diff, delay; + if (this->state == IKE_PASSIVE) + { + return INVALID_STATE; + } delay = this->peer_cfg->get_dpd(this->peer_cfg); if (this->task_manager->busy(this->task_manager)) { @@ -1431,6 +1435,11 @@ METHOD(ike_sa_t, rekey_child_sa, status_t, { child_rekey_t *child_rekey; + if (this->state == IKE_PASSIVE) + { + return INVALID_STATE; + } + child_rekey = child_rekey_create(&this->public, protocol, spi); this->task_manager->queue_task(this->task_manager, &child_rekey->task); return this->task_manager->initiate(this->task_manager); @@ -1441,6 +1450,11 @@ METHOD(ike_sa_t, delete_child_sa, status_t, { child_delete_t *child_delete; + if (this->state == IKE_PASSIVE) + { + return INVALID_STATE; + } + child_delete = child_delete_create(&this->public, protocol, spi); this->task_manager->queue_task(this->task_manager, &child_delete->task); return this->task_manager->initiate(this->task_manager); @@ -1500,6 +1514,10 @@ METHOD(ike_sa_t, rekey, status_t, { ike_rekey_t *ike_rekey; + if (this->state == IKE_PASSIVE) + { + return INVALID_STATE; + } ike_rekey = ike_rekey_create(&this->public, TRUE); this->task_manager->queue_task(this->task_manager, &ike_rekey->task); @@ -1511,6 +1529,10 @@ METHOD(ike_sa_t, reauth, status_t, { task_t *task; + if (this->state == IKE_PASSIVE) + { + return INVALID_STATE; + } /* we can't reauthenticate as responder when we use EAP or virtual IPs. * If the peer does not support RFC4478, there is no way to keep the * IKE_SA up. */ @@ -1708,6 +1730,10 @@ static void requeue_init_tasks(private_ike_sa_t *this) METHOD(ike_sa_t, retransmit, status_t, private_ike_sa_t *this, u_int32_t message_id) { + if (this->state == IKE_PASSIVE) + { + return INVALID_STATE; + } this->stats[STAT_OUTBOUND] = time_monotonic(NULL); if (this->task_manager->retransmit(this->task_manager, message_id) != SUCCESS) { |