ikev1: Delay a potential delete for a duplicate IKE_SA having a replace policy
authorMartin Willi <martin@revosec.ch>
Wed, 18 Sep 2013 11:56:45 +0000 (13:56 +0200)
committerMartin Willi <martin@revosec.ch>
Mon, 30 Sep 2013 11:51:11 +0000 (13:51 +0200)
Sending a DELETE for the replaced SA immediately is problematic during
reauthentication, as the peer might have associated the Quick Modes to the
old SA, and also delete them.

With this change the delete for the old ISAKMP SA is usually omitted, as it
is gets implicitly deleted by the reauth.


No differences found