Bug #2261
controller->terminate_ike() synchronous call will also return when Child SAs are destroyed
Description
charon->controller->terminate_ike() called with any (logging) callback passed is supposed to block until the IKE SA is properly deleted,
whether it's by receiving an IKE DELETE confirmation from the peer or timing out when retransmitting the IKE DELETE request.
It currently also reacts to (unblocks when receiving) Child SA state changes, i. e. at the time the IKE SA is not properly deleted yet.
Attaching a patch as a suggested fix.
Please advise if this is the expected behavior though.
History
#1 Updated by Tobias Brunner over 8 years ago
- Subject changed from controller->terminate_ike() synchronous call will return once receiving a Child SA DELETE payload to controller->terminate_ike() synchronous call will also return when Child SAs are destroyed
- Category changed from charon to libcharon
- Status changed from New to Closed
- Assignee set to Tobias Brunner
- Target version set to 5.5.2
- Resolution set to Fixed
When terminating an IKE_SA no DELETE payloads are actually sent for individual CHILD_SAs in IKEv2, deleting the IKE_SA will implicitly delete all attached CHILD_SAs. But the state of all of these CHILD_SAs will obviously change when they are destroyed, so the child_state_change event is triggered with CHILD_DESTROYING for each. The time difference until the ike_state_change event would be triggered might not be that significant (depending on the number of CHILD_SAs) but then I don't really see a reason to listen for changes to the CHILD_SAs when terminating an IKE_SA. Applied the fix to master. Thanks!