child-create: Don't create CHILD_SA if the IKE_SA got redirected in IKE_AUTH
authorTobias Brunner <tobias@strongswan.org>
Thu, 23 Apr 2015 14:36:49 +0000 (16:36 +0200)
committerTobias Brunner <tobias@strongswan.org>
Fri, 4 Mar 2016 15:02:59 +0000 (16:02 +0100)
src/libcharon/sa/ikev2/tasks/child_create.c

index 740d097..3d4ded9 100644 (file)
@@ -1220,6 +1220,10 @@ METHOD(task_t, build_r, status_t,
                        {       /* wait until all authentication round completed */
                                return NEED_MORE;
                        }
+                       if (this->ike_sa->has_condition(this->ike_sa, COND_REDIRECTED))
+                       {       /* no CHILD_SA is created for redirected SAs */
+                               return SUCCESS;
+                       }
                        ike_auth = TRUE;
                default:
                        break;