Viewing all changes in revision 12961.
- Committer: Tobias Brunner
- Date: 2019-05-22 16:28:31 UTC
- Revision ID: git-v1:71141cc8c9b4c3336b06774b814a56945b5938a9
ikev1: Do a rekey check before installing CHILD_SAs as responder
If CHILD_SAs are created while waiting for the third QM message we'd not
notice the redundancy and updown events would be triggered unevenly.
This is consistent with the behavior on the initiator, which already does
this check right before installation. Moving the existing check is not
possible due to the narrow hook and moving the installation changes which
peer installs the SAs first and could have other side-effects (e.g. in
error or conflict cases). Still, this might result in CHILD_SA state
discrepancies between the two peers.
Fixes #3060.
If CHILD_SAs are created while waiting for the third QM message we'd not
notice the redundancy and updown events would be triggered unevenly.
This is consistent with the behavior on the initiator, which already does
this check right before installation. Moving the existing check is not
possible due to the narrow hook and moving the installation changes which
peer installs the SAs first and could have other side-effects (e.g. in
error or conflict cases). Still, this might result in CHILD_SA state
discrepancies between the two peers.
Fixes #3060.
- files modified:
- src/libcharon/sa/ikev1/tasks/quick_mode.c
expand all
collapse all
added
removed
