From: tobhe <tobhe@openbsd.org>
Date: Wed, 10 Feb 2021 22:25:54 +0000 (+0000)
Subject: Delay deletion of IKE SAs on rekey when stickyaddress is enabled to make
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=5b02816e6cbd4031e6ad66e3caccaaee460f054d;p=openbsd

Delay deletion of IKE SAs on rekey when stickyaddress is enabled to make
sure peers can keep their previously assigned addresses.

ok patrick@
---

diff --git a/sbin/iked/ikev2.c b/sbin/iked/ikev2.c
index 2f37cd8edf3..49bbf7ffb9a 100644
--- a/sbin/iked/ikev2.c
+++ b/sbin/iked/ikev2.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ikev2.c,v 1.304 2021/02/09 21:35:48 tobhe Exp $	*/
+/*	$OpenBSD: ikev2.c,v 1.305 2021/02/10 22:25:54 tobhe Exp $	*/
 
 /*
  * Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de>
@@ -4566,7 +4566,15 @@ ikev2_ikesa_recv_delete(struct iked *env, struct iked_sa *sa)
 		sa->sa_nexti = NULL;	/* reset by sa_free */
 	}
 	ikev2_ike_sa_setreason(sa, "received delete");
-	sa_state(env, sa, IKEV2_STATE_CLOSED);
+	if (env->sc_stickyaddress) {
+		/* delay deletion if client reconnects soon */
+		sa_state(env, sa, IKEV2_STATE_CLOSING);
+		timer_del(env, &sa->sa_timer);
+		timer_set(env, &sa->sa_timer, ikev2_ike_sa_timeout, sa);
+		timer_add(env, &sa->sa_timer, 3 * IKED_RETRANSMIT_TIMEOUT);
+	} else {
+		sa_state(env, sa, IKEV2_STATE_CLOSED);
+	}
 }
 
 int