|
 |
5a966d |
commit bfb1f15c0f2d22987f67dd4dd41316eac28bdc26
|
|
|
5a966d |
Author: Wolfgang Nothdurft <Wolfgang.Nothdurft@linogate.de>
|
|
|
5a966d |
Date: Fri Oct 2 13:20:14 2015 -0400
|
|
|
5a966d |
|
|
|
5a966d |
pluto: Resolves lbz#233
|
|
|
5a966d |
|
|
|
5a966d |
pluto sends delete SAs in wrong order and reconnection issues
|
|
|
5a966d |
|
|
|
5a966d |
Signed-off-by: Paul Wouters <pwouters@redhat.com>
|
|
|
5a966d |
|
|
|
5a966d |
diff --git a/programs/pluto/state.c b/programs/pluto/state.c
|
|
|
5a966d |
index 7d0821f..b45c1ae 100644
|
|
|
5a966d |
--- a/programs/pluto/state.c
|
|
|
5a966d |
+++ b/programs/pluto/state.c
|
|
|
5a966d |
@@ -789,7 +789,7 @@ void delete_state(struct state *st)
|
|
|
5a966d |
/* tell the other side of any IPSEC SAs that are going down */
|
|
|
5a966d |
if (IS_IPSEC_SA_ESTABLISHED(st->st_state) ||
|
|
|
5a966d |
IS_ISAKMP_SA_ESTABLISHED(st->st_state)) {
|
|
|
5a966d |
- if (IS_CHILD_SA(st) &&
|
|
|
5a966d |
+ if (st->st_ikev2 && IS_CHILD_SA(st) &&
|
|
|
5a966d |
state_with_serialno(st->st_clonedfrom) == NULL) {
|
|
|
5a966d |
/* ??? in v2, there must be a parent */
|
|
|
5a966d |
DBG(DBG_CONTROL, DBG_log("deleting state but IKE SA does not exist for this child SA so Informational Exchange cannot be sent"));
|
|
|
5a966d |
@@ -971,8 +971,8 @@ static void foreach_states_by_connection_func_delete(struct connection *c,
|
|
|
5a966d |
DBG_log("index %d state #%lu", i,
|
|
|
5a966d |
this->st_serialno));
|
|
|
5a966d |
|
|
|
5a966d |
- /* on pass 2, ignore phase2 states */
|
|
|
5a966d |
- if (pass == 1 &&
|
|
|
5a966d |
+ /* on pass 1, ignore established ISAKMP SA's */
|
|
|
5a966d |
+ if (pass == 0 &&
|
|
|
5a966d |
IS_ISAKMP_SA_ESTABLISHED(this->st_state))
|
|
|
5a966d |
continue;
|
|
|
5a966d |
|