ike-sa: Reauthenticate to the same addresses we currently use

If the SA got redirected this would otherwise cause a reauthentication with the original gateway. Reestablishing the SA to the original gateway, if e.g. the new gateway is not reachable makes sense though.
2015-04-30 12:26:41 +02:00 · 2015-04-30 12:26:41 +02:00 · 7505fb8d45
parent c13eb73719
commit 7505fb8d45
1 changed files with 5 additions and 2 deletions
--- a/src/libcharon/sa/ike_sa.c
+++ b/src/libcharon/sa/ike_sa.c
@ -1950,8 +1950,11 @@ METHOD(ike_sa_t, reestablish, status_t,
 	host = this->my_host;
 	new->set_my_host(new, host->clone(host));
 	charon->bus->ike_reestablish_pre(charon->bus, &this->public, new);
-	/* resolve hosts but use the old addresses above as fallback */
-	resolve_hosts((private_ike_sa_t*)new);
+	if (!has_condition(this, COND_REAUTHENTICATING))
+	{	/* reauthenticate to the same addresses, but resolve hosts if
+		 * reestablishing (old addresses serve as fallback) */
+		resolve_hosts((private_ike_sa_t*)new);
+	}
 	/* if we already have a virtual IP, we reuse it */
 	enumerator = array_create_enumerator(this->my_vips);
 	while (enumerator->enumerate(enumerator, &host))