ike: Ignore rekeyed and deleted CHILD_SAs when reestablishing IKE_SAs
authorTobias Brunner <tobias@strongswan.org>
Tue, 10 Apr 2018 09:48:26 +0000 (11:48 +0200)
committerTobias Brunner <tobias@strongswan.org>
Thu, 12 Apr 2018 14:32:47 +0000 (16:32 +0200)
src/libcharon/sa/ike_sa.c
src/libcharon/sa/ikev2/task_manager_v2.c

index 6005b89..349e222 100644 (file)
@@ -1928,6 +1928,15 @@ static status_t reestablish_children(private_ike_sa_t *this, ike_sa_t *new,
        enumerator = create_child_sa_enumerator(this);
        while (enumerator->enumerate(enumerator, (void**)&child_sa))
        {
+               switch (child_sa->get_state(child_sa))
+               {
+                       case CHILD_REKEYED:
+                       case CHILD_DELETED:
+                               /* ignore CHILD_SAs in these states */
+                               continue;
+                       default:
+                               break;
+               }
                if (force)
                {
                        action = ACTION_RESTART;
@@ -2008,6 +2017,15 @@ METHOD(ike_sa_t, reestablish, status_t,
                enumerator = array_create_enumerator(this->child_sas);
                while (enumerator->enumerate(enumerator, (void**)&child_sa))
                {
+                       switch (child_sa->get_state(child_sa))
+                       {
+                               case CHILD_REKEYED:
+                               case CHILD_DELETED:
+                                       /* ignore CHILD_SAs in these states */
+                                       continue;
+                               default:
+                                       break;
+                       }
                        if (this->state == IKE_DELETING)
                        {
                                action = child_sa->get_close_action(child_sa);
index 789e738..fff5672 100644 (file)
@@ -1796,6 +1796,15 @@ static void trigger_mbb_reauth(private_task_manager_t *this)
        {
                child_create_t *child_create;
 
+               switch (child_sa->get_state(child_sa))
+               {
+                       case CHILD_REKEYED:
+                       case CHILD_DELETED:
+                               /* ignore CHILD_SAs in these states */
+                               continue;
+                       default:
+                               break;
+               }
                cfg = child_sa->get_config(child_sa);
                child_create = child_create_create(new, cfg->get_ref(cfg),
                                                                                   FALSE, NULL, NULL);