aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorMartin Willi <martin@revosec.ch>2012-01-10 13:32:06 +0100
committerMartin Willi <martin@revosec.ch>2012-02-02 10:34:04 +0100
commit916cdca851c7b47111bc705a29ddcec8dd15cd34 (patch)
tree0b488dd9a934ab2e26feeeb8f29ce9c7f7e65f69 /src
parentdcefa26787549546467206da7818738cb5a7e8af (diff)
downloadstrongswan-916cdca851c7b47111bc705a29ddcec8dd15cd34.tar.bz2
strongswan-916cdca851c7b47111bc705a29ddcec8dd15cd34.tar.xz
Don't retransmit, rekey, reauth or DPD check SAs when in PASSIVE state
Diffstat (limited to 'src')
-rw-r--r--src/libcharon/sa/ike_sa.c26
1 files changed, 26 insertions, 0 deletions
diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c
index 75868ab2c..34b81a99b 100644
--- a/src/libcharon/sa/ike_sa.c
+++ b/src/libcharon/sa/ike_sa.c
@@ -559,6 +559,10 @@ METHOD(ike_sa_t, send_dpd, status_t,
job_t *job;
time_t diff, delay;
+ if (this->state == IKE_PASSIVE)
+ {
+ return INVALID_STATE;
+ }
delay = this->peer_cfg->get_dpd(this->peer_cfg);
if (this->task_manager->busy(this->task_manager))
{
@@ -1431,6 +1435,11 @@ METHOD(ike_sa_t, rekey_child_sa, status_t,
{
child_rekey_t *child_rekey;
+ if (this->state == IKE_PASSIVE)
+ {
+ return INVALID_STATE;
+ }
+
child_rekey = child_rekey_create(&this->public, protocol, spi);
this->task_manager->queue_task(this->task_manager, &child_rekey->task);
return this->task_manager->initiate(this->task_manager);
@@ -1441,6 +1450,11 @@ METHOD(ike_sa_t, delete_child_sa, status_t,
{
child_delete_t *child_delete;
+ if (this->state == IKE_PASSIVE)
+ {
+ return INVALID_STATE;
+ }
+
child_delete = child_delete_create(&this->public, protocol, spi);
this->task_manager->queue_task(this->task_manager, &child_delete->task);
return this->task_manager->initiate(this->task_manager);
@@ -1500,6 +1514,10 @@ METHOD(ike_sa_t, rekey, status_t,
{
ike_rekey_t *ike_rekey;
+ if (this->state == IKE_PASSIVE)
+ {
+ return INVALID_STATE;
+ }
ike_rekey = ike_rekey_create(&this->public, TRUE);
this->task_manager->queue_task(this->task_manager, &ike_rekey->task);
@@ -1511,6 +1529,10 @@ METHOD(ike_sa_t, reauth, status_t,
{
task_t *task;
+ if (this->state == IKE_PASSIVE)
+ {
+ return INVALID_STATE;
+ }
/* we can't reauthenticate as responder when we use EAP or virtual IPs.
* If the peer does not support RFC4478, there is no way to keep the
* IKE_SA up. */
@@ -1708,6 +1730,10 @@ static void requeue_init_tasks(private_ike_sa_t *this)
METHOD(ike_sa_t, retransmit, status_t,
private_ike_sa_t *this, u_int32_t message_id)
{
+ if (this->state == IKE_PASSIVE)
+ {
+ return INVALID_STATE;
+ }
this->stats[STAT_OUTBOUND] = time_monotonic(NULL);
if (this->task_manager->retransmit(this->task_manager, message_id) != SUCCESS)
{