ikev2: Send deletes also for rekeyed SAs

This way we can use the IKE_REKEYED state for both redundant and old SAs
to suppress ike_updown().

In the ike-delete task we don't suppress events in state IKE_REKEYING as
that's the case when we delete an SA the peer is currently rekeying with
multiple key exchanges.

src/libcharon/sa/ike_sa.c

@@ -1884,6 +1884,7 @@ METHOD(ike_sa_t, delete_, status_t,
 	{
 		case IKE_ESTABLISHED:
 		case IKE_REKEYING:
+		case IKE_REKEYED:
 			if (time_monotonic(NULL) >= this->stats[STAT_DELETE] &&
 				!(this->version == IKEV1 && this->state == IKE_REKEYING))
 			{	/* IKE_SA hard lifetime hit, ignored for reauthenticated

src/libcharon/sa/ikev2/tasks/ike_delete.c

@@ -64,9 +64,8 @@ METHOD(task_t, build_i, status_t,
 	delete_payload = delete_payload_create(PLV2_DELETE, PROTO_IKE);
 	message->add_payload(message, (payload_t*)delete_payload);
 
-	if (this->ike_sa->get_state(this->ike_sa) == IKE_REKEYING ||
-		this->ike_sa->get_state(this->ike_sa) == IKE_REKEYED)
-	{
+	if (this->ike_sa->get_state(this->ike_sa) == IKE_REKEYED)
+	{	/* suppress events when deleting old or redundant SAs */
 		this->rekeyed = TRUE;
 	}
 	this->ike_sa->set_state(this->ike_sa, IKE_DELETING);

src/libcharon/sa/ikev2/tasks/ike_rekey.c

@@ -375,9 +375,7 @@ METHOD(task_t, process_i, status_t,
 			this->new_sa->set_my_host(this->new_sa, host->clone(host));
 			host = this->ike_sa->get_other_host(this->ike_sa);
 			this->new_sa->set_other_host(this->new_sa, host->clone(host));
-			/* IKE_SAs in state IKE_REKEYED are silently deleted, so we use
-			 * IKE_REKEYING */
-			this->new_sa->set_state(this->new_sa, IKE_REKEYING);
+			this->new_sa->set_state(this->new_sa, IKE_REKEYED);
 			if (this->new_sa->delete(this->new_sa, FALSE) == DESTROY_ME)
 			{
 				this->new_sa->destroy(this->new_sa);