ikev1: Don't handle DPD timeout job if IKE_SA got passive
authorMartin Willi <martin@revosec.ch>
Tue, 10 Mar 2015 12:59:49 +0000 (13:59 +0100)
committerMartin Willi <martin@revosec.ch>
Tue, 10 Mar 2015 13:02:22 +0000 (14:02 +0100)
While a passively installed IKE_SA does not queue a DPD timeout job, one that
switches from active to passive might execute it. Ignore such a queued job if
the IKE_SA is in passive state.

src/libcharon/processing/jobs/dpd_timeout_job.c

index 9cdce5c..4c88c13 100644 (file)
@@ -63,6 +63,12 @@ METHOD(job_t, execute, job_requeue_t,
                                                                                          this->ike_sa_id);
        if (ike_sa)
        {
                                                                                          this->ike_sa_id);
        if (ike_sa)
        {
+               if (ike_sa->get_state(ike_sa) == IKE_PASSIVE)
+               {
+                       charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
+                       return JOB_REQUEUE_NONE;
+               }
+
                use_time = ike_sa->get_statistic(ike_sa, STAT_INBOUND);
 
                enumerator = ike_sa->create_child_sa_enumerator(ike_sa);
                use_time = ike_sa->get_statistic(ike_sa, STAT_INBOUND);
 
                enumerator = ike_sa->create_child_sa_enumerator(ike_sa);