ipsec-258.100.1.tar.gz

author Apple <opensource@apple.com>

Tue, 12 Aug 2014 18:11:44 +0000 (18:11 +0000)

committer Apple <opensource@apple.com>

Tue, 12 Aug 2014 18:11:44 +0000 (18:11 +0000)
author Apple <opensource@apple.com>
Tue, 12 Aug 2014 18:11:44 +0000 (18:11 +0000)
committer Apple <opensource@apple.com>
Tue, 12 Aug 2014 18:11:44 +0000 (18:11 +0000)
diff --git a/ipsec-tools/racoon/ike_session.c b/ipsec-tools/racoon/ike_session.c

index a71aff8b14f14897ef3b4b85e44a94715164d2b0..c1e77189997237b15ba8af844ab0bf79dcec75b0 100644 (file)
--- a/ipsec-tools/racoon/ike_session.c
+++ b/ipsec-tools/racoon/ike_session.c
@@ -1824,7 +1824,7 @@ ike_session_drop_rekey (ike_session_t *session, ike_session_rekey_type_t rekey_t
                         }
                 } else if (!session->is_btmm_ipsec) {
                         if (rekey_type == IKE_SESSION_REKEY_TYPE_PH1 &&
-                               !ike_session_has_negoing_ph2(session)) {
+                               !ike_session_has_negoing_ph2(session) && !ike_session_has_established_ph2(session)) {
                                 // for vpn: only drop ph1 if there are no more ph2s.
                                 plog(ASL_LEVEL_DEBUG, "vpn session is idle: drop ph1 rekey.\n");
                                 return 1;
author	Apple <opensource@apple.com>
	Tue, 12 Aug 2014 18:11:44 +0000 (18:11 +0000)
committer	Apple <opensource@apple.com>
	Tue, 12 Aug 2014 18:11:44 +0000 (18:11 +0000)