ike: Disable NAT keepalives in state PASSIVE
authorThomas Egerer <thomas.egerer@secunet.com>
Fri, 24 Apr 2015 11:43:11 +0000 (13:43 +0200)
committerTobias Brunner <tobias@strongswan.org>
Tue, 4 Aug 2015 09:16:13 +0000 (11:16 +0200)
Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
src/libcharon/sa/ike_sa.c

index 6ffbd55..3bfd149 100644 (file)
@@ -487,8 +487,9 @@ METHOD(ike_sa_t, send_keepalive, void,
        send_keepalive_job_t *job;
        time_t last_out, now, diff;
 
-       if (!(this->conditions & COND_NAT_HERE) || this->keepalive_interval == 0)
-       {       /* disable keep alives if we are not NATed anymore */
+       if (!(this->conditions & COND_NAT_HERE) || this->keepalive_interval == 0 ||
+               this->state == IKE_PASSIVE)
+       {       /* disable keep alives if we are not NATed anymore, or we are passive */
                return;
        }
 
@@ -651,7 +652,7 @@ METHOD(ike_sa_t, get_state, ike_sa_state_t,
 METHOD(ike_sa_t, set_state, void,
        private_ike_sa_t *this, ike_sa_state_t state)
 {
-       bool trigger_dpd = FALSE;
+       bool trigger_dpd = FALSE, keepalives = FALSE;
 
        DBG2(DBG_IKE, "IKE_SA %s[%d] state change: %N => %N",
                 get_name(this), this->unique_id,
@@ -722,6 +723,10 @@ METHOD(ike_sa_t, set_state, void,
                                         * so yet, so prevent that. */
                                        this->stats[STAT_INBOUND] = this->stats[STAT_ESTABLISHED];
                                }
+                               if (this->state == IKE_PASSIVE)
+                               {
+                                       keepalives = TRUE;
+                               }
                        }
                        break;
                }
@@ -742,6 +747,10 @@ METHOD(ike_sa_t, set_state, void,
                        DBG1(DBG_IKE, "DPD not supported by peer, disabled");
                }
        }
+       if (keepalives)
+       {
+               send_keepalive(this);
+       }
 }
 
 METHOD(ike_sa_t, reset, void,