ike-rekey: Respond with TEMPORARY_FAILURE if we are deleting the SA
authorTobias Brunner <tobias@strongswan.org>
Mon, 30 May 2016 14:53:37 +0000 (16:53 +0200)
committerTobias Brunner <tobias@strongswan.org>
Fri, 17 Jun 2016 16:48:05 +0000 (18:48 +0200)
src/libcharon/sa/ikev2/tasks/ike_rekey.c

index 334749a..9373e96 100644 (file)
@@ -208,6 +208,11 @@ METHOD(task_t, process_r, status_t,
 METHOD(task_t, build_r, status_t,
        private_ike_rekey_t *this, message_t *message)
 {
+       if (this->ike_sa->get_state(this->ike_sa) == IKE_DELETING)
+       {
+               message->add_notify(message, TRUE, TEMPORARY_FAILURE, chunk_empty);
+               return SUCCESS;
+       }
        if (this->new_sa == NULL)
        {
                /* IKE_SA/a CHILD_SA is in an inacceptable state, deny rekeying */