Some devices always use the oldest IKE_SA to send DPDs and will delete
all IKE_SAs when there is no response. If uniqueness is not enforced
rekeyed IKE_SAs might not get deleted until they expire so we should
respond to DPDs.
References #2090.
{
return INVALID_STATE;
}
+ if (this->version == IKEV1 && this->state == IKE_REKEYING)
+ { /* don't send DPDs for rekeyed IKEv1 SAs */
+ return SUCCESS;
+ }
delay = this->peer_cfg->get_dpd(this->peer_cfg);
if (this->task_manager->busy(this->task_manager))
{
new_mid = TRUE;
break;
}
+ if (activate_task(this, TASK_ISAKMP_DPD))
+ {
+ exchange = INFORMATIONAL_V1;
+ new_mid = TRUE;
+ break;
+ }
break;
default:
break;