child-create: Handle TEMPORARY_FAILURE notify as failure

We will later add code to retry creating the CHILD_SA if we are not
rekeying.  Rekeying is already rescheduled as with any other errors.

diff --git a/src/libcharon/sa/ikev2/tasks/child_create.c b/src/libcharon/sa/ikev2/tasks/child_create.c
index 3269938..ea56e16 100644 (file)
--- a/src/libcharon/sa/ikev2/tasks/child_create.c
+++ b/src/libcharon/sa/ikev2/tasks/child_create.c
@@ -1432,6 +1432,7 @@ METHOD(task_t, process_i, status_t,
                                case FAILED_CP_REQUIRED:
                                case TS_UNACCEPTABLE:
                                case INVALID_SELECTORS:
+                               case TEMPORARY_FAILURE:
                                {
                                        DBG1(DBG_IKE, "received %N notify, no CHILD_SA built",
                                                 notify_type_names, type);

diff --git a/src/libcharon/sa/ikev2/tasks/child_rekey.c b/src/libcharon/sa/ikev2/tasks/child_rekey.c
index 17b812e..66bd3b4 100644 (file)
--- a/src/libcharon/sa/ikev2/tasks/child_rekey.c
+++ b/src/libcharon/sa/ikev2/tasks/child_rekey.c
@@ -346,10 +346,10 @@ METHOD(task_t, process_i, status_t,
        }
        if (message->get_payload(message, PLV2_SECURITY_ASSOCIATION) == NULL)
        {
-               /* establishing new child failed, reuse old. but not when we
-                * received a delete in the meantime */
-               if (!(this->collision &&
-                         this->collision->get_type(this->collision) == TASK_CHILD_DELETE))
+               /* establishing new child failed, reuse old and try again. but not when
+                * we received a delete in the meantime */
+               if (!this->collision ||
+                        this->collision->get_type(this->collision) != TASK_CHILD_DELETE)
                {
                        schedule_delayed_rekey(this);
                }