mirror of
https://github.com/strongswan/strongswan.git
synced 2025-10-04 00:00:14 -04:00
5ce1c91b58
This makes sure the event is only triggered after the IKE_SA is fully established and e.g. virtual IPs, additional peer addresses or a modified reauth time (on the initiator) are assigned to it. This was e.g. a problem for the selinux plugin if virtual IPs are used. We use a separate task to trigger the event that's queued before the child-create task so the event is triggered before the child_updown() event. Same goes for the state change to IKE_ESTABLISHED. A new condition is used to indicate the successful completion of all authentication rounds, so we don't have to set the IKE_ESTABLISHED state in the ike-auth task (it was used as condition in other tasks). Since set_state() also sets the rekey and reauth times, this required some minor changes in regards to how AUTH_LIFETIME notifies are handled.