ha: Delete passive IKE_SA on other node after half-open timeout
authorTobias Brunner <tobias@strongswan.org>
Tue, 30 Aug 2016 12:30:19 +0000 (14:30 +0200)
committerTobias Brunner <tobias@strongswan.org>
Wed, 25 Jan 2017 11:27:21 +0000 (12:27 +0100)
Fixes #1192.

src/libcharon/plugins/ha/ha_ike.c

index 992ccb0..0e83b16 100644 (file)
@@ -237,6 +237,20 @@ METHOD(listener_t, ike_rekey, bool,
        return TRUE;
 }
 
+METHOD(listener_t, alert, bool,
+       private_ha_ike_t *this, ike_sa_t *ike_sa, alert_t alert, va_list args)
+{
+       switch (alert)
+       {
+               case ALERT_HALF_OPEN_TIMEOUT:
+                       ike_updown(this, ike_sa, FALSE);
+                       break;
+               default:
+                       break;
+       }
+       return TRUE;
+}
+
 METHOD(listener_t, ike_state_change, bool,
        private_ha_ike_t *this, ike_sa_t *ike_sa, ike_sa_state_t new)
 {
@@ -393,6 +407,7 @@ ha_ike_t *ha_ike_create(ha_socket_t *socket, ha_tunnel_t *tunnel,
        INIT(this,
                .public = {
                        .listener = {
+                               .alert = _alert,
                                .ike_keys = _ike_keys,
                                .ike_updown = _ike_updown,
                                .ike_rekey = _ike_rekey,