vici: With start_action=start, terminate IKE_SA without children on unload
This includes IKE_SAs in CONNECTING state, which not yet have any CHILD_SAs. Closes strongswan/strongswan#175.
This commit is contained in:
parent
6870a9b590
commit
feda4a3d37
|
@ -2202,9 +2202,9 @@ static void clear_start_action(private_vici_config_t *this, char *peer_name,
|
||||||
}
|
}
|
||||||
children->destroy(children);
|
children->destroy(children);
|
||||||
|
|
||||||
if (id && !others)
|
if (!ike_sa->get_child_count(ike_sa) || (id && !others))
|
||||||
{
|
{
|
||||||
/* found matching children only, delete full IKE_SA */
|
/* found no children or only matching, delete IKE_SA */
|
||||||
id = ike_sa->get_unique_id(ike_sa);
|
id = ike_sa->get_unique_id(ike_sa);
|
||||||
array_insert_create_value(&ikeids, sizeof(id),
|
array_insert_create_value(&ikeids, sizeof(id),
|
||||||
ARRAY_TAIL, &id);
|
ARRAY_TAIL, &id);
|
||||||
|
|
Loading…
Reference in New Issue