ike-rekey: Properly handle situation if the peer did not notice the rekey collision
authorTobias Brunner <tobias@strongswan.org>
Tue, 31 May 2016 10:22:32 +0000 (12:22 +0200)
committerTobias Brunner <tobias@strongswan.org>
Fri, 17 Jun 2016 16:48:06 +0000 (18:48 +0200)
commit1b989dd4c54735ff6dd4b96a58d8302b4787367a
tree24b79698aec368c63d18d2df43f4f8bad943f12d
parent6270bbde6a24bdc31def5ba08ae068968fbaa662
ike-rekey: Properly handle situation if the peer did not notice the rekey collision

We conclude the rekeying before deleting the IKE_SA.  Waiting for the
potential TEMPORARY_FAILURE notify is no good because if that response
does not reach us the peer will not retransmit it upon our retransmits
of the rekey request if it already deleted the IKE_SA after receiving
our response to the delete.
src/libcharon/sa/ikev2/tasks/ike_rekey.c