summaryrefslogtreecommitdiff
path: root/sbin/iked
diff options
context:
space:
mode:
authorPatrick Wildt <patrick@cvs.openbsd.org>2019-05-10 15:18:05 +0000
committerPatrick Wildt <patrick@cvs.openbsd.org>2019-05-10 15:18:05 +0000
commit49569d9b5af82c5242ce9a92a84b81e4bf1710cf (patch)
tree0c958f6937cd2f0b97923135c74b776104a8f6a1 /sbin/iked
parentc4cbc9e619ed18d7b368c60ef69db97ce03628fb (diff)
Set the IKED_REQ_INFORMATIONAL flag when sending a delete request
during rekeying to make sure that the response is not rejected. From Tobias Heider "much more stable" dhill@
Diffstat (limited to 'sbin/iked')
-rw-r--r--sbin/iked/ikev2.c6
1 files changed, 5 insertions, 1 deletions
diff --git a/sbin/iked/ikev2.c b/sbin/iked/ikev2.c
index f1573417be1..bc05262ed06 100644
--- a/sbin/iked/ikev2.c
+++ b/sbin/iked/ikev2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ikev2.c,v 1.169 2019/05/10 15:02:17 patrick Exp $ */
+/* $OpenBSD: ikev2.c,v 1.170 2019/05/10 15:18:04 patrick Exp $ */
/*
* Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org>
@@ -3549,6 +3549,9 @@ ikev2_ikesa_delete(struct iked *env, struct iked_sa *sa, int initiator)
struct ikev2_delete *del;
if (initiator) {
+ /* XXX: Can not have simultaneous INFORMATIONAL exchanges */
+ if (sa->sa_stateflags & IKED_REQ_INF)
+ goto done;
/* Send PAYLOAD_DELETE */
if ((buf = ibuf_static()) == NULL)
goto done;
@@ -3560,6 +3563,7 @@ ikev2_ikesa_delete(struct iked *env, struct iked_sa *sa, int initiator)
if (ikev2_send_ike_e(env, sa, buf, IKEV2_PAYLOAD_DELETE,
IKEV2_EXCHANGE_INFORMATIONAL, 0) == -1)
goto done;
+ sa->sa_stateflags |= IKED_REQ_INF;
log_debug("%s: sent delete, closing SA", __func__);
done:
ibuf_release(buf);
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-26 16:19:47 +0000