From: henning <henning@openbsd.org>
Date: Wed, 26 Apr 2017 10:42:38 +0000 (+0000)
Subject: cope with IP address changes. before, we were trying to resend the msg
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=a6fc7f598493fc8d40355544645125904276fb23;p=openbsd

cope with IP address changes. before, we were trying to resend the msg
with the no-longer-available address over and over and over, requiring
iked to be restarted eventually. instead, on EADDRNOTAVAIL, schedule
SA deletion so a new one is set up shortly thereafter. ok reyk mikeb
---

diff --git a/sbin/iked/iked.h b/sbin/iked/iked.h
index 7e77d206f77..b536d58e157 100644
--- a/sbin/iked/iked.h
+++ b/sbin/iked/iked.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: iked.h,v 1.114 2017/04/13 07:04:09 patrick Exp $	*/
+/*	$OpenBSD: iked.h,v 1.115 2017/04/26 10:42:38 henning Exp $	*/
 
 /*
  * Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org>
@@ -778,6 +778,7 @@ int	 ikev2_childsa_enable(struct iked *, struct iked_sa *);
 int	 ikev2_childsa_delete(struct iked *, struct iked_sa *,
 	    uint8_t, uint64_t, uint64_t *, int);
 void	 ikev2_ikesa_recv_delete(struct iked *, struct iked_sa *);
+void	 ikev2_ike_sa_timeout(struct iked *env, void *);
 
 struct ibuf *
 	 ikev2_prfplus(struct iked_hash *, struct ibuf *, struct ibuf *,
diff --git a/sbin/iked/ikev2.c b/sbin/iked/ikev2.c
index 078886ce604..7c4904b4cbd 100644
--- a/sbin/iked/ikev2.c
+++ b/sbin/iked/ikev2.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ikev2.c,v 1.153 2017/04/13 07:04:09 patrick Exp $	*/
+/*	$OpenBSD: ikev2.c,v 1.154 2017/04/26 10:42:38 henning Exp $	*/
 
 /*
  * Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org>
@@ -87,7 +87,6 @@ int	 ikev2_resp_create_child_sa(struct iked *, struct iked_message *);
 void	 ikev2_ike_sa_rekey(struct iked *, void *);
 void	 ikev2_ike_sa_rekey_timeout(struct iked *, void *);
 void	 ikev2_ike_sa_rekey_schedule(struct iked *, struct iked_sa *);
-void	 ikev2_ike_sa_timeout(struct iked *env, void *);
 void	 ikev2_ike_sa_alive(struct iked *, void *);
 void	 ikev2_ike_sa_keepalive(struct iked *, void *);
 
diff --git a/sbin/iked/ikev2_msg.c b/sbin/iked/ikev2_msg.c
index 6658414e57b..79c96316946 100644
--- a/sbin/iked/ikev2_msg.c
+++ b/sbin/iked/ikev2_msg.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ikev2_msg.c,v 1.51 2017/03/27 10:21:19 reyk Exp $	*/
+/*	$OpenBSD: ikev2_msg.c,v 1.52 2017/04/26 10:42:38 henning Exp $	*/
 
 /*
  * Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org>
@@ -331,6 +331,14 @@ ikev2_msg_send(struct iked *env, struct iked_message *msg)
 	if (sendtofrom(msg->msg_fd, ibuf_data(buf), ibuf_size(buf), 0,
 	    (struct sockaddr *)&msg->msg_peer, msg->msg_peerlen,
 	    (struct sockaddr *)&msg->msg_local, msg->msg_locallen) == -1) {
+		if (errno == EADDRNOTAVAIL) {
+			sa_state(env, msg->msg_sa, IKEV2_STATE_CLOSING);
+			timer_del(env, &msg->msg_sa->sa_timer);
+			timer_set(env, &msg->msg_sa->sa_timer,
+			    ikev2_ike_sa_timeout, msg->msg_sa);
+			timer_add(env, &msg->msg_sa->sa_timer,
+			    IKED_IKE_SA_DELETE_TIMEOUT);
+		}
 		log_warn("%s: sendtofrom", __func__);
 		return (-1);
 	}