ike-rekey: Properly handle situation if the peer did not notice the rekey collision
We conclude the rekeying before deleting the IKE_SA. Waiting for the potential TEMPORARY_FAILURE notify is no good because if that response does not reach us the peer will not retransmit it upon our retransmits of the rekey request if it already deleted the IKE_SA after receiving our response to the delete.
This commit is contained in:
parent
6270bbde6a
commit
1b989dd4c5
|
@ -392,6 +392,17 @@ METHOD(ike_rekey_t, collide, void,
|
|||
{
|
||||
DBG1(DBG_IKE, "detected %N collision with %N", task_type_names,
|
||||
TASK_IKE_REKEY, task_type_names, other->get_type(other));
|
||||
if (other->get_type(other) == TASK_IKE_DELETE)
|
||||
{
|
||||
if (this->collision &&
|
||||
this->collision->get_type(this->collision) == TASK_IKE_REKEY)
|
||||
{
|
||||
DBG1(DBG_IKE, "peer did not notice IKE_SA rekey collision");
|
||||
other->destroy(other);
|
||||
establish_new((private_ike_rekey_t*)this->collision);
|
||||
return;
|
||||
}
|
||||
}
|
||||
DESTROY_IF(this->collision);
|
||||
this->collision = other;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue