child-rekey: Suppress updown event when deleting redundant CHILD_SAs
authorTobias Brunner <tobias@strongswan.org>
Tue, 15 Dec 2015 16:15:32 +0000 (17:15 +0100)
committerTobias Brunner <tobias@strongswan.org>
Mon, 1 Feb 2016 10:04:16 +0000 (11:04 +0100)
When handling a rekey collision we might have to delete an already
installed redundant CHILD_SA (or expect the other peer to do so).
We don't want to trigger updown events for these as neither do we do
so for successfully rekeyed CHILD_SAs.

Fixes #853.

src/libcharon/sa/ikev2/tasks/child_rekey.c

index c7a8a13..6f0c2b2 100644 (file)
@@ -279,11 +279,15 @@ static child_sa_t *handle_collision(private_child_rekey_t *this)
                        /* don't touch child other created, it has already been deleted */
                        if (!this->other_child_destroyed)
                        {
-                               /* disable close action for the redundand child */
+                               /* disable close action and updown event for redundant child */
                                child_sa = other->child_create->get_child(other->child_create);
                                if (child_sa)
                                {
                                        child_sa->set_close_action(child_sa, ACTION_NONE);
+                                       if (child_sa->get_state(child_sa) != CHILD_REKEYING)
+                                       {
+                                               child_sa->set_state(child_sa, CHILD_REKEYING);
+                                       }
                                }
                        }
                }
@@ -372,6 +376,11 @@ METHOD(task_t, process_i, status_t,
        {
                return SUCCESS;
        }
+       /* disable updown event for redundant CHILD_SA */
+       if (to_delete->get_state(to_delete) != CHILD_REKEYING)
+       {
+               to_delete->set_state(to_delete, CHILD_REKEYING);
+       }
        spi = to_delete->get_spi(to_delete, TRUE);
        protocol = to_delete->get_protocol(to_delete);