child-rekey: Only rekey installed CHILD_SAs
authorTobias Brunner <tobias@strongswan.org>
Fri, 10 Jun 2016 14:00:25 +0000 (16:00 +0200)
committerTobias Brunner <tobias@strongswan.org>
Fri, 17 Jun 2016 16:48:08 +0000 (18:48 +0200)
commit15cea08adc6a2700c401a23ce1838d33f31e26f5
tree7518844565fe78a727d32c8b7263650a5d3c0a51
parentde4e4687ff8357c30483c5cba39c7cc2a24bbb6c
child-rekey: Only rekey installed CHILD_SAs

Depending on the lifetimes a CHILD_SA we rekeyed as responder might
expire shortly afterwards.  We don't want to rekey it again.

When retrying due to an INVALID_KE_PAYLOAD notify the expected state
is CHILD_REKEYING if it is anything else (e.g. due to a collision) we
ignore it.

We also abort the exchange properly if we don't find the CHILD_SA, no
need for an empty INFORMATIONAL exchange anymore.
src/libcharon/sa/ikev2/tasks/child_rekey.c