From 7f2a20a4f45dc1a1806aa4fd2ef39ce21d586ba4 Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Tue, 15 Dec 2015 17:15:32 +0100 Subject: [PATCH] child-rekey: Suppress updown event when deleting redundant CHILD_SAs When handling a rekey collision we might have to delete an already installed redundant CHILD_SA (or expect the other peer to do so). We don't want to trigger updown events for these as neither do we do so for successfully rekeyed CHILD_SAs. Fixes #853. --- src/libcharon/sa/ikev2/tasks/child_rekey.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/src/libcharon/sa/ikev2/tasks/child_rekey.c b/src/libcharon/sa/ikev2/tasks/child_rekey.c index c7a8a13..6f0c2b2 100644 --- a/src/libcharon/sa/ikev2/tasks/child_rekey.c +++ b/src/libcharon/sa/ikev2/tasks/child_rekey.c @@ -279,11 +279,15 @@ static child_sa_t *handle_collision(private_child_rekey_t *this) /* don't touch child other created, it has already been deleted */ if (!this->other_child_destroyed) { - /* disable close action for the redundand child */ + /* disable close action and updown event for redundant child */ child_sa = other->child_create->get_child(other->child_create); if (child_sa) { child_sa->set_close_action(child_sa, ACTION_NONE); + if (child_sa->get_state(child_sa) != CHILD_REKEYING) + { + child_sa->set_state(child_sa, CHILD_REKEYING); + } } } } @@ -372,6 +376,11 @@ METHOD(task_t, process_i, status_t, { return SUCCESS; } + /* disable updown event for redundant CHILD_SA */ + if (to_delete->get_state(to_delete) != CHILD_REKEYING) + { + to_delete->set_state(to_delete, CHILD_REKEYING); + } spi = to_delete->get_spi(to_delete, TRUE); protocol = to_delete->get_protocol(to_delete); -- 2.7.4