From 00b91c4325390b30b0f2c79761d1f022ccdf656b Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Wed, 5 Mar 2014 15:17:25 +0100
Subject: [PATCH] eap-radius: Add option to not close IKE_SAs on timeouts
 during interim accouting updates

Fixes #528.
---
 conf/plugins/eap-radius.opt                              | 4 ++++
 src/libcharon/plugins/eap_radius/eap_radius_accounting.c | 7 ++++++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/conf/plugins/eap-radius.opt b/conf/plugins/eap-radius.opt
index 0edd3458c..0df6a0d6f 100644
--- a/conf/plugins/eap-radius.opt
+++ b/conf/plugins/eap-radius.opt
@@ -1,6 +1,10 @@
 charon.plugins.eap-radius.accounting = no
 	Send RADIUS accounting information to RADIUS servers.
 
+charon.plugins.eap-radius.accounting_close_on_timeout = yes
+	Close the IKE_SA if there is a timeout during interim RADIUS accounting
+	updates.
+
 charon.plugins.eap-radius.accounting_requires_vip = no
 	If enabled, accounting is disabled unless an IKE_SA has at least one
 	virtual IP.
diff --git a/src/libcharon/plugins/eap_radius/eap_radius_accounting.c b/src/libcharon/plugins/eap_radius/eap_radius_accounting.c
index 8c780e78d..5fb1bbb75 100644
--- a/src/libcharon/plugins/eap_radius/eap_radius_accounting.c
+++ b/src/libcharon/plugins/eap_radius/eap_radius_accounting.c
@@ -410,7 +410,12 @@ static job_requeue_t send_interim(interim_data_t *data)
 	{
 		if (!send_message(this, message))
 		{
-			eap_radius_handle_timeout(data->id);
+			if (lib->settings->get_bool(lib->settings,
+							"%s.plugins.eap-radius.accounting_close_on_timeout",
+							TRUE, lib->ns))
+			{
+				eap_radius_handle_timeout(data->id);
+			}
 		}
 		message->destroy(message);
 	}