ike-sa: Properly set timing info for delete after rekeying
authorStefan Berghofer <stefan.berghofer@secunet.com>
Thu, 18 Feb 2021 08:43:10 +0000 (09:43 +0100)
committerTobias Brunner <tobias@strongswan.org>
Thu, 18 Feb 2021 09:02:55 +0000 (10:02 +0100)
The job is queued properly, yet the timing information is wrong.

Signed-off-by: Stefan Berghofer <stefan.berghofer@secunet.com>
Fixes: ee61471113c2 ("implemented RFC4478 (repeated authentication)...")

src/libcharon/sa/ike_sa.c

index 0f6f433..bf9966b 100644 (file)
@@ -2984,7 +2984,7 @@ METHOD(ike_sa_t, inherit_post, void,
                this->stats[STAT_REAUTH] = other->stats[STAT_REAUTH];
                reauth = max(0, this->stats[STAT_REAUTH] - now);
                delete = reauth + this->peer_cfg->get_over_time(this->peer_cfg);
                this->stats[STAT_REAUTH] = other->stats[STAT_REAUTH];
                reauth = max(0, this->stats[STAT_REAUTH] - now);
                delete = reauth + this->peer_cfg->get_over_time(this->peer_cfg);
-               this->stats[STAT_DELETE] = this->stats[STAT_REAUTH] + delete;
+               this->stats[STAT_DELETE] = now + delete;
                DBG1(DBG_IKE, "rescheduling reauthentication in %ds after rekeying, "
                         "lifetime reduced to %ds", reauth, delete);
                lib->scheduler->schedule_job(lib->scheduler,
                DBG1(DBG_IKE, "rescheduling reauthentication in %ds after rekeying, "
                         "lifetime reduced to %ds", reauth, delete);
                lib->scheduler->schedule_job(lib->scheduler,