diff options
author | tobhe <tobhe@cvs.openbsd.org> | 2021-02-10 22:25:55 +0000 |
---|---|---|
committer | tobhe <tobhe@cvs.openbsd.org> | 2021-02-10 22:25:55 +0000 |
commit | a8b772b7ad549686a673b2c0851fb80d9e2f9bdb (patch) | |
tree | ff8ddf95188e9d5cf2590e42f04445649455f738 /sbin | |
parent | f39bc1302a4693edca91e7e5ddce161966c6da41 (diff) |
Delay deletion of IKE SAs on rekey when stickyaddress is enabled to make
sure peers can keep their previously assigned addresses.
ok patrick@
Diffstat (limited to 'sbin')
-rw-r--r-- | sbin/iked/ikev2.c | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/sbin/iked/ikev2.c b/sbin/iked/ikev2.c index 2f37cd8edf3..49bbf7ffb9a 100644 --- a/sbin/iked/ikev2.c +++ b/sbin/iked/ikev2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ikev2.c,v 1.304 2021/02/09 21:35:48 tobhe Exp $ */ +/* $OpenBSD: ikev2.c,v 1.305 2021/02/10 22:25:54 tobhe Exp $ */ /* * Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de> @@ -4566,7 +4566,15 @@ ikev2_ikesa_recv_delete(struct iked *env, struct iked_sa *sa) sa->sa_nexti = NULL; /* reset by sa_free */ } ikev2_ike_sa_setreason(sa, "received delete"); - sa_state(env, sa, IKEV2_STATE_CLOSED); + if (env->sc_stickyaddress) { + /* delay deletion if client reconnects soon */ + sa_state(env, sa, IKEV2_STATE_CLOSING); + timer_del(env, &sa->sa_timer); + timer_set(env, &sa->sa_timer, ikev2_ike_sa_timeout, sa); + timer_add(env, &sa->sa_timer, 3 * IKED_RETRANSMIT_TIMEOUT); + } else { + sa_state(env, sa, IKEV2_STATE_CLOSED); + } } int |