ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

ike-rekey: Properly handle situation if the peer did not notice the rekey collision 

We conclude the rekeying before deleting the IKE_SA.  Waiting for the
potential TEMPORARY_FAILURE notify is no good because if that response
does not reach us the peer will not retransmit it upon our retransmits
of the rekey request if it already deleted the IKE_SA after receiving
our response to the delete.
This commit is contained in:
Tobias Brunner 2016-05-31 12:22:32 +02:00
parent 6270bbde6a
commit 1b989dd4c5
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/libcharon/sa/ikev2/tasks/ike_rekey.c
View File

@ -392,6 +392,17 @@ METHOD(ike_rekey_t, collide, void,
{
DBG1(DBG_IKE, "detected %N collision with %N", task_type_names,
TASK_IKE_REKEY, task_type_names, other->get_type(other));
if (other->get_type(other) == TASK_IKE_DELETE)
{
if (this->collision &&
this->collision->get_type(this->collision) == TASK_IKE_REKEY)
{
DBG1(DBG_IKE, "peer did not notice IKE_SA rekey collision");
other->destroy(other);
establish_new((private_ike_rekey_t*)this->collision);
return;
}
}
DESTROY_IF(this->collision);
this->collision = other;
}