ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

Disable close action for a redundant CHILD_SA resulting from a rekey collision 

If a rekey collision is detected, the winning peer of the nonce compare
will delete the redundant CHILD_SA. The other peer should not enforce the
close action on this CHILD, as it would reestablish the redundat CHILD_SA.
Thanks to Thomas Egerer from secunet for pointing this out and the initial
patchset.
This commit is contained in:
Martin Willi 2010-06-02 11:43:39 +02:00
parent fe02d99b96
commit 2f57e6da0e
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/libcharon/sa/tasks/child_rekey.c
View File

@ -234,9 +234,14 @@ static child_sa_t *handle_collision(private_child_rekey_t *this)
if (memcmp(this_nonce.ptr, other_nonce.ptr,
min(this_nonce.len, other_nonce.len)) < 0)
{
child_sa_t *child_sa;
DBG1(DBG_IKE, "CHILD_SA rekey collision won, "
"deleting rekeyed child");
to_delete = this->child_sa;
/* disable close action for the redundand child */
child_sa = other->child_create->get_child(other->child_create);
child_sa->set_close_action(child_sa, ACTION_NONE);
}
else
{