ikev2: Reject CHILD_SA creation/rekeying while deleting an IKE_SA
authorMartin Willi <martin@revosec.ch>
Thu, 10 Apr 2014 09:25:32 +0000 (11:25 +0200)
committerMartin Willi <martin@revosec.ch>
Thu, 17 Apr 2014 07:59:06 +0000 (09:59 +0200)
commitf02cabbe358cc2f5636de0f7de7be114884302c3
tree4c494c15a71b193e436953f1b81b00c759c2175f
parent094963d1b16024c56adc624cc97729ce424e2814
ikev2: Reject CHILD_SA creation/rekeying while deleting an IKE_SA

If one peer starts reauthentication by deleting the IKE_SA, while the other
starts CHILD_SA rekeying, we run in a race condition. To avoid it, temporarily
reject the rekey attempt while we are in the IKE_SA deleting state.

RFC 4306/5996 is not exactly clear about this collision, but it should be safe
to reject CHILD_SA rekeying during this stage, as the reauth will re-trigger the
CHILD_SA. For non-rekeying CHILD_SA creations, it's up to the peer to retry
establishing the CHILD_SA on the reauthenticated IKE_SA.
src/libcharon/sa/ikev2/tasks/child_create.c