Imported Upstream version 5.3.3

4 files changed, 19 insertions, 6 deletions

diff --git a/src/libcharon/processing/jobs/initiate_mediation_job.c b/src/libcharon/processing/jobs/initiate_mediation_job.c
index 17ab83053..5b5fb9d98 100644
--- a/src/libcharon/processing/jobs/initiate_mediation_job.c
+++ b/src/libcharon/processing/jobs/initiate_mediation_job.c
@@ -119,8 +119,8 @@ METHOD(job_t, initiate, job_requeue_t,
 		/* we need an additional reference because initiate consumes one */
 		mediation_cfg->get_ref(mediation_cfg);
 
-		if (charon->controller->initiate(charon->controller, mediation_cfg,
-				NULL, (controller_cb_t)initiate_callback, this, 0) != SUCCESS)
+		if (charon->controller->initiate(charon->controller, mediation_cfg, NULL,
+				(controller_cb_t)initiate_callback, this, 0, FALSE) != SUCCESS)
 		{
 			mediation_cfg->destroy(mediation_cfg);
 			mediated_cfg->destroy(mediated_cfg);
diff --git a/src/libcharon/processing/jobs/process_message_job.c b/src/libcharon/processing/jobs/process_message_job.c
index a6795e766..31f048db6 100644
--- a/src/libcharon/processing/jobs/process_message_job.c
+++ b/src/libcharon/processing/jobs/process_message_job.c
@@ -91,16 +91,26 @@ METHOD(job_t, get_priority, job_priority_t,
 	{
 		case IKE_AUTH:
 			/* IKE auth is rather expensive and often blocking, low priority */
+		case AGGRESSIVE:
+		case ID_PROT:
+			/* AM is basically IKE_SA_INIT/IKE_AUTH combined (without EAP/XAuth)
+			 * MM is similar, but stretched out more */
 			return JOB_PRIO_LOW;
 		case INFORMATIONAL:
+		case INFORMATIONAL_V1:
 			/* INFORMATIONALs are inexpensive, for DPD we should have low
 			 * reaction times */
 			return JOB_PRIO_HIGH;
 		case IKE_SA_INIT:
-		case CREATE_CHILD_SA:
-		default:
 			/* IKE_SA_INIT is expensive, but we will drop them in the receiver
 			 * if we are overloaded */
+		case CREATE_CHILD_SA:
+		case QUICK_MODE:
+			/* these may require DH, but if not they are relatively cheap */
+		case TRANSACTION:
+			/* these are mostly cheap, however, if XAuth via RADIUS is used
+			 * they may block */
+		default:
 			return JOB_PRIO_MEDIUM;
 	}
 }
diff --git a/src/libcharon/processing/jobs/rekey_child_sa_job.c b/src/libcharon/processing/jobs/rekey_child_sa_job.c
index 8f17d39ab..057876b33 100644
--- a/src/libcharon/processing/jobs/rekey_child_sa_job.c
+++ b/src/libcharon/processing/jobs/rekey_child_sa_job.c
@@ -67,7 +67,10 @@ METHOD(job_t, execute, job_requeue_t,
 	}
 	else
 	{
-		ike_sa->rekey_child_sa(ike_sa, this->protocol, this->spi);
+		if (ike_sa->get_state(ike_sa) != IKE_PASSIVE)
+		{
+			ike_sa->rekey_child_sa(ike_sa, this->protocol, this->spi);
+		}
 		charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
 	}
 	return JOB_REQUEUE_NONE;
diff --git a/src/libcharon/processing/jobs/start_action_job.c b/src/libcharon/processing/jobs/start_action_job.c
index 981473b5c..5e88ac230 100644
--- a/src/libcharon/processing/jobs/start_action_job.c
+++ b/src/libcharon/processing/jobs/start_action_job.c
@@ -61,7 +61,7 @@ METHOD(job_t, execute, job_requeue_t,
 					charon->controller->initiate(charon->controller,
 												 peer_cfg->get_ref(peer_cfg),
 												 child_cfg->get_ref(child_cfg),
-												 NULL, NULL, 0);
+												 NULL, NULL, 0, FALSE);
 					break;
 				case ACTION_ROUTE:
 					DBG1(DBG_JOB, "start action: route '%s'", name);