ignore AUTH_LIFETIME value if reauthentication has already been scheduled earlier
authorAndreas Steffen <andreas.steffen@strongswan.org>
Mon, 28 Jul 2008 13:53:04 +0000 (13:53 -0000)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Mon, 28 Jul 2008 13:53:04 +0000 (13:53 -0000)
src/charon/sa/ike_sa.c

index 57cbd28..c4f708e 100644 (file)
@@ -2114,24 +2114,29 @@ static status_t retransmit(private_ike_sa_t *this, u_int32_t message_id)
  */
 static void set_auth_lifetime(private_ike_sa_t *this, u_int32_t lifetime)
 {
-       job_t *job;
        u_int32_t reduction = this->peer_cfg->get_over_time(this->peer_cfg);
+       u_int32_t reauth_time = time(NULL) + lifetime - reduction;
 
-       this->time.reauth = time(NULL) + lifetime - reduction;
-       job = (job_t*)rekey_ike_sa_job_create(this->ike_sa_id, TRUE);
-       
        if (lifetime < reduction)
        {
                DBG1(DBG_IKE, "received AUTH_LIFETIME of %ds, starting reauthentication",
                         lifetime);
-               charon->processor->queue_job(charon->processor, job);
+               charon->processor->queue_job(charon->processor,
+                                       (job_t*)rekey_ike_sa_job_create(this->ike_sa_id, TRUE));
        }
-       else
+       else if (this->time.reauth == 0 || this->time.reauth > reauth_time) 
        {
+               this->time.reauth = reauth_time;
                DBG1(DBG_IKE, "received AUTH_LIFETIME of %ds, scheduling reauthentication"
                         " in %ds", lifetime, lifetime - reduction);
-               charon->scheduler->schedule_job(charon->scheduler, job,
-                                                               (lifetime - reduction) * 1000);
+               charon->scheduler->schedule_job(charon->scheduler,
+                                       (job_t*)rekey_ike_sa_job_create(this->ike_sa_id, TRUE),
+                                       (lifetime - reduction) * 1000);
+       }
+       else
+       {
+               DBG1(DBG_IKE, "received AUTH_LIFETIME of %ds, reauthentication already "
+                        "scheduled in %ds", lifetime, this->time.reauth - time(NULL));
        }
 }