Close SA immediately after sending an INFORMATIONAL error
authorMartin Willi <martin@revosec.ch>
Tue, 13 Dec 2011 08:55:37 +0000 (09:55 +0100)
committerMartin Willi <martin@revosec.ch>
Tue, 20 Mar 2012 16:31:18 +0000 (17:31 +0100)
src/libcharon/sa/task_manager_v1.c

index 48218a8..89c664c 100755 (executable)
@@ -432,6 +432,13 @@ METHOD(task_manager_t, initiate, status_t,
                                this->initiating.packet->clone(this->initiating.packet));
        this->initiating.packet->destroy(this->initiating.packet);
        this->initiating.packet = NULL;
+
+       /* close after sending an INFORMATIONAL error but not yet established */
+       if (this->initiating.type == INFORMATIONAL_V1 &&
+               this->ike_sa->get_state(this->ike_sa) == IKE_CONNECTING)
+       {
+               return FAILED;
+       }
        return SUCCESS;
 }