ikev2: Don't recreate IKE_SA if deletion fails after make-before-break reauth

tobiasbrunner · tobiasbrunner · commit 10f8834bf927 · 2018-12-07T10:28:21.000+01:00
Fixes: 7457143 ("During reauthentication reestablish IKE_SA even if deleting the old one fails.") Fixes #2847.
diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c
@@ -2404,7 +2404,9 @@ METHOD(ike_sa_t, retransmit, status_t,
 			}
 			case IKE_DELETING:
 				DBG1(DBG_IKE, "proper IKE_SA delete failed, peer not responding");
-				if (has_condition(this, COND_REAUTHENTICATING))
+				if (has_condition(this, COND_REAUTHENTICATING) &&
+					!lib->settings->get_bool(lib->settings,
+										"%s.make_before_break", FALSE, lib->ns))
 				{
 					DBG1(DBG_IKE, "delete during reauthentication failed, "
 						 "trying to reestablish IKE_SA anyway");

Original file line number	Diff line number	Diff line change
`@@ -2404,7 +2404,9 @@ METHOD(ike_sa_t, retransmit, status_t,`
`2404`	`2404`	`}`
`2405`	`2405`	`case IKE_DELETING:`
`2406`	`2406`	`DBG1(DBG_IKE, "proper IKE_SA delete failed, peer not responding");`
`2407`		`- if (has_condition(this, COND_REAUTHENTICATING))`
	`2407`	`+ if (has_condition(this, COND_REAUTHENTICATING) &&`
	`2408`	`+ !lib->settings->get_bool(lib->settings,`
	`2409`	`+ "%s.make_before_break", FALSE, lib->ns))`
`2408`	`2410`	`{`
`2409`	`2411`	`DBG1(DBG_IKE, "delete during reauthentication failed, "`
`2410`	`2412`	`"trying to reestablish IKE_SA anyway");`