ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

ikev2: Reuse marks and reqid of CHILD_SAs during MBB reauthentication 

Since these are installed overlapping (like during a rekeying) we have to use
the same (unique) marks (and possibly reqid) that were used previously,
otherwise, the policy installation will fail.

Fixes #2610.
This commit is contained in:
Tobias Brunner 2018-04-04 09:28:28 +02:00
parent 21553276a3
commit b2163409cc
1 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/libcharon/sa/ikev2/task_manager_v2.c
View File

@ -1794,9 +1794,16 @@ static void trigger_mbb_reauth(private_task_manager_t *this)
enumerator = this->ike_sa->create_child_sa_enumerator(this->ike_sa);
while (enumerator->enumerate(enumerator, &child_sa))
{
child_create_t *child_create;
cfg = child_sa->get_config(child_sa);
new->queue_task(new, &child_create_create(new, cfg->get_ref(cfg),
FALSE, NULL, NULL)->task);
child_create = child_create_create(new, cfg->get_ref(cfg),
FALSE, NULL, NULL);
child_create->use_reqid(child_create, child_sa->get_reqid(child_sa));
child_create->use_marks(child_create,
child_sa->get_mark(child_sa, TRUE).value,
child_sa->get_mark(child_sa, FALSE).value);
new->queue_task(new, &child_create->task);
children = TRUE;
}
enumerator->destroy(enumerator);