ikev2: Recreate a CHILD_SA that got a hard lifetime expire without rekeying

Works around issues related to system time changes and kernel backends using that system time, such as Linux XFRM.
author: Martin Willi <martin@revosec.ch> 2014-02-27 09:36:46 +0100
committer: Martin Willi <martin@revosec.ch> 2014-03-31 15:08:22 +0200
commit: e12eec10089a4a18a15ccb511aa1200ad59e8044 (patch)
tree: 63e4c9e1d905bbc8d3af40708a9738abc1829de1 /src
parent: 94fb33bb8856973748d4377e0f3cdf3a8c2f27c3 (diff)
download: strongswan-e12eec10089a4a18a15ccb511aa1200ad59e8044.tar.bz2
strongswan-e12eec10089a4a18a15ccb511aa1200ad59e8044.tar.xz
1 files changed, 12 insertions, 0 deletions
diff --git a/src/libcharon/sa/ikev2/tasks/child_delete.c b/src/libcharon/sa/ikev2/tasks/child_delete.c
index e898efc88..88b032c8b 100644
--- a/src/libcharon/sa/ikev2/tasks/child_delete.c
+++ b/src/libcharon/sa/ikev2/tasks/child_delete.c
@@ -17,6 +17,7 @@
 
 #include <daemon.h>
 #include <encoding/payloads/delete_payload.h>
+#include <sa/ikev2/tasks/child_create.h>
 
 
 typedef struct private_child_delete_t private_child_delete_t;
@@ -313,6 +314,17 @@ METHOD(task_t, build_i, status_t,
 	}
 	log_children(this);
 	build_payloads(this, message);
+
+	if (!this->rekeyed && this->expired)
+	{
+		child_cfg_t *child_cfg;
+
+		DBG1(DBG_IKE, "scheduling CHILD_SA recreate after hard expire");
+		child_cfg = child_sa->get_config(child_sa);
+		this->ike_sa->queue_task(this->ike_sa, (task_t*)
+				child_create_create(this->ike_sa, child_cfg->get_ref(child_cfg),
+									FALSE, NULL, NULL));
+	}
 	return NEED_MORE;
 }
author	Martin Willi <martin@revosec.ch>	2014-02-27 09:36:46 +0100
committer	Martin Willi <martin@revosec.ch>	2014-03-31 15:08:22 +0200
commit	e12eec10089a4a18a15ccb511aa1200ad59e8044 (patch)
tree	63e4c9e1d905bbc8d3af40708a9738abc1829de1 /src
parent	94fb33bb8856973748d4377e0f3cdf3a8c2f27c3 (diff)
download	strongswan-e12eec10089a4a18a15ccb511aa1200ad59e8044.tar.bz2 strongswan-e12eec10089a4a18a15ccb511aa1200ad59e8044.tar.xz