[strongSwan-dev] [PATCH 2/2] Move reauthenticated IKE_SA to state IKE_REKEYING on delete
Jan Blunck
jblunck at infradead.org
Wed Apr 27 09:43:54 CEST 2016
This prevents the run of the updown scripts when the delete is executed.
---
src/libcharon/sa/ike_sa_manager.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/libcharon/sa/ike_sa_manager.c b/src/libcharon/sa/ike_sa_manager.c
index 9b9ad93..3cc0c45 100644
--- a/src/libcharon/sa/ike_sa_manager.c
+++ b/src/libcharon/sa/ike_sa_manager.c
@@ -1900,6 +1900,12 @@ static status_t enforce_replace(private_ike_sa_manager_t *this,
* explicitly. */
adopt_children_and_vips(duplicate, new);
}
+ DBG1(DBG_IKE, "deleting reauthenticated IKE_SA for peer '%Y' due to "
+ "uniqueness policy", other);
+
+ /* set rekeying state so we don't run updown */
+ duplicate->set_state(duplicate, IKE_REKEYING);
+
/* For IKEv1 we have to delay the delete for the old IKE_SA. Some
* peers need to complete the new SA first, otherwise the quick modes
* might get lost. For IKEv2 we do the same, as we want overlapping
--
2.5.5
More information about the Dev
mailing list