summaryrefslogtreecommitdiff
path: root/sbin
diff options
context:
space:
mode:
authortobhe <tobhe@cvs.openbsd.org>2021-02-10 22:25:55 +0000
committertobhe <tobhe@cvs.openbsd.org>2021-02-10 22:25:55 +0000
commita8b772b7ad549686a673b2c0851fb80d9e2f9bdb (patch)
treeff8ddf95188e9d5cf2590e42f04445649455f738 /sbin
parentf39bc1302a4693edca91e7e5ddce161966c6da41 (diff)
Delay deletion of IKE SAs on rekey when stickyaddress is enabled to make
sure peers can keep their previously assigned addresses. ok patrick@
Diffstat (limited to 'sbin')
-rw-r--r--sbin/iked/ikev2.c12
1 files changed, 10 insertions, 2 deletions
diff --git a/sbin/iked/ikev2.c b/sbin/iked/ikev2.c
index 2f37cd8edf3..49bbf7ffb9a 100644
--- a/sbin/iked/ikev2.c
+++ b/sbin/iked/ikev2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ikev2.c,v 1.304 2021/02/09 21:35:48 tobhe Exp $ */
+/* $OpenBSD: ikev2.c,v 1.305 2021/02/10 22:25:54 tobhe Exp $ */
/*
* Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de>
@@ -4566,7 +4566,15 @@ ikev2_ikesa_recv_delete(struct iked *env, struct iked_sa *sa)
sa->sa_nexti = NULL; /* reset by sa_free */
}
ikev2_ike_sa_setreason(sa, "received delete");
- sa_state(env, sa, IKEV2_STATE_CLOSED);
+ if (env->sc_stickyaddress) {
+ /* delay deletion if client reconnects soon */
+ sa_state(env, sa, IKEV2_STATE_CLOSING);
+ timer_del(env, &sa->sa_timer);
+ timer_set(env, &sa->sa_timer, ikev2_ike_sa_timeout, sa);
+ timer_add(env, &sa->sa_timer, 3 * IKED_RETRANSMIT_TIMEOUT);
+ } else {
+ sa_state(env, sa, IKEV2_STATE_CLOSED);
+ }
}
int