---
src/libcharon/sa/tasks/child_delete.c | 4 +++-
src/libcharon/sa/tasks/child_rekey.c | 3 +++
2 files changed, 6 insertions(+), 1 deletions(-)
diff --git a/src/libcharon/sa/tasks/child_delete.c
b/src/libcharon/sa/tasks/child_delete.c
index d7c6b05..3a5d1f3 100644
--- a/src/libcharon/sa/tasks/child_delete.c
+++ b/src/libcharon/sa/tasks/child_delete.c
@@ -192,6 +192,7 @@ static status_t
destroy_and_reestablish(private_child_delete_t *this)
protocol_id_t protocol;
u_int32_t spi;
status_t status = SUCCESS;
+ bool ignore_delete_action;
iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
while (iterator->iterate(iterator, (void**)&child_sa))
@@ -205,8 +206,9 @@ static status_t
destroy_and_reestablish(private_child_delete_t *this)
protocol = child_sa->get_protocol(child_sa);
child_cfg = child_sa->get_config(child_sa);
child_cfg->get_ref(child_cfg);
+ ignore_delete_action =
child_sa->get_ignore_delete_action(child_sa);
this->ike_sa->destroy_child_sa(this->ike_sa, protocol, spi);
- if (this->check_delete_action)
+ if (this->check_delete_action && !ignore_delete_action)
{ /* enforce child_cfg policy if deleted passively */
switch (child_cfg->get_close_action(child_cfg))
{
diff --git a/src/libcharon/sa/tasks/child_rekey.c
b/src/libcharon/sa/tasks/child_rekey.c
index 5331419..07d3ba6 100644
--- a/src/libcharon/sa/tasks/child_rekey.c
+++ b/src/libcharon/sa/tasks/child_rekey.c
@@ -234,9 +234,12 @@ static child_sa_t *handle_collision(private_child_rekey_t
*this)
if (memcmp(this_nonce.ptr, other_nonce.ptr,
min(this_nonce.len, other_nonce.len)) < 0)
{
+ child_sa_t *child =
other->child_create->get_child(other->child_create);
DBG1(DBG_IKE, "CHILD_SA rekey collision won, "
"deleting rekeyed child");
to_delete = this->child_sa;
+ /* ignore delete action for child deleted by peer */
+ child->set_ignore_delete_action(child, TRUE);
}
else
{
--
1.7.0.2
_______________________________________________
Dev mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/dev
