ike: Don't immediately DPD after deferred DELETEs following IKE_SA rekeying
authorMartin Willi <martin@revosec.ch>
Fri, 1 Nov 2013 10:28:53 +0000 (11:28 +0100)
committerMartin Willi <martin@revosec.ch>
Fri, 1 Nov 2013 10:33:29 +0000 (11:33 +0100)
commitb76e96e2ef4d56c863b36c8d3c39e3c2efcf4a7c
treecbb8af0fc109080ee8796a30dda8f8e6ea691279
parent7b8fbd7402ffa10cc54fb79f1b0fbe13b5d3f6a6
ike: Don't immediately DPD after deferred DELETEs following IKE_SA rekeying

Some peers seem to defer DELETEs a few seconds after rekeying the IKE_SA, which
is perfectly valid. For short(er) DPD delays, this leads to the situation where
we send a DPD request during set_state(), but the IKE_SA has no hosts set yet.
Avoid that DPD by resetting the INBOUND timestamp during set_state().
src/libcharon/sa/ike_sa.c