If rekeying and reauthetication coincided, the reauth job could get
scheduled to run immediately i.e. before checkin() was called. So the
new IKE_SA would not get reauthenticated, however, the further delayed
delete job would later find the new IKE_SA and delete it.
this->ike_sa->get_other_host(this->ike_sa),
this->ike_sa->get_other_id(this->ike_sa));
this->ike_sa->get_other_host(this->ike_sa),
this->ike_sa->get_other_id(this->ike_sa));
+ /* register the new IKE_SA before calling inherit_post() as that may
+ * schedule jobs, as may listeners for ike_rekey() */
+ charon->ike_sa_manager->checkout_new(charon->ike_sa_manager,
+ this->new_sa);
this->new_sa->inherit_post(this->new_sa, this->ike_sa);
charon->bus->ike_rekey(charon->bus, this->ike_sa, this->new_sa);
job = check_queued_tasks(this->new_sa);
this->new_sa->inherit_post(this->new_sa, this->ike_sa);
charon->bus->ike_rekey(charon->bus, this->ike_sa, this->new_sa);
job = check_queued_tasks(this->new_sa);
- /* don't queue job before checkin(), as the IKE_SA is not yet
- * registered at the manager */
- charon->ike_sa_manager->checkin(charon->ike_sa_manager, this->new_sa);
if (job)
{
lib->processor->queue_job(lib->processor, job);
}
if (job)
{
lib->processor->queue_job(lib->processor, job);
}
+ charon->ike_sa_manager->checkin(charon->ike_sa_manager, this->new_sa);
this->new_sa = NULL;
charon->bus->set_sa(charon->bus, this->ike_sa);
this->new_sa = NULL;
charon->bus->set_sa(charon->bus, this->ike_sa);
projects / strongswan.git / commitdiff