Disable close action for a redundant CHILD_SA resulting from a rekey collision
If a rekey collision is detected, the winning peer of the nonce compare will delete the redundant CHILD_SA. The other peer should not enforce the close action on this CHILD, as it would reestablish the redundat CHILD_SA. Thanks to Thomas Egerer from secunet for pointing this out and the initial patchset.
This commit is contained in:
parent
fe02d99b96
commit
2f57e6da0e
|
@ -234,9 +234,14 @@ static child_sa_t *handle_collision(private_child_rekey_t *this)
|
|||
if (memcmp(this_nonce.ptr, other_nonce.ptr,
|
||||
min(this_nonce.len, other_nonce.len)) < 0)
|
||||
{
|
||||
child_sa_t *child_sa;
|
||||
|
||||
DBG1(DBG_IKE, "CHILD_SA rekey collision won, "
|
||||
"deleting rekeyed child");
|
||||
to_delete = this->child_sa;
|
||||
/* disable close action for the redundand child */
|
||||
child_sa = other->child_create->get_child(other->child_create);
|
||||
child_sa->set_close_action(child_sa, ACTION_NONE);
|
||||
}
|
||||
else
|
||||
{
|
||||
|
|
Loading…
Reference in New Issue