ikev1: Respond to DPDs for rekeyed IKE_SAs
Some devices always use the oldest IKE_SA to send DPDs and will delete all IKE_SAs when there is no response. If uniqueness is not enforced rekeyed IKE_SAs might not get deleted until they expire so we should respond to DPDs. References #2090.
This commit is contained in:
parent
597e8c9e00
commit
f15c85a487
|
@ -762,6 +762,10 @@ METHOD(ike_sa_t, send_dpd, status_t,
|
||||||
{
|
{
|
||||||
return INVALID_STATE;
|
return INVALID_STATE;
|
||||||
}
|
}
|
||||||
|
if (this->version == IKEV1 && this->state == IKE_REKEYING)
|
||||||
|
{ /* don't send DPDs for rekeyed IKEv1 SAs */
|
||||||
|
return SUCCESS;
|
||||||
|
}
|
||||||
delay = this->peer_cfg->get_dpd(this->peer_cfg);
|
delay = this->peer_cfg->get_dpd(this->peer_cfg);
|
||||||
if (this->task_manager->busy(this->task_manager))
|
if (this->task_manager->busy(this->task_manager))
|
||||||
{
|
{
|
||||||
|
|
|
@ -552,6 +552,12 @@ METHOD(task_manager_t, initiate, status_t,
|
||||||
new_mid = TRUE;
|
new_mid = TRUE;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
if (activate_task(this, TASK_ISAKMP_DPD))
|
||||||
|
{
|
||||||
|
exchange = INFORMATIONAL_V1;
|
||||||
|
new_mid = TRUE;
|
||||||
|
break;
|
||||||
|
}
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
break;
|
break;
|
||||||
|
|
Loading…
Reference in New Issue