summaryrefslogtreecommitdiff
path: root/src/charon/sa/tasks/ike_rekey.c
diff options
context:
space:
mode:
authorRene Mayrhofer <rene@mayrhofer.eu.org>2010-02-23 10:34:14 +0000
committerRene Mayrhofer <rene@mayrhofer.eu.org>2010-02-23 10:34:14 +0000
commited7d79f96177044949744da10f4431c1d6242241 (patch)
tree3aabaa55ed3b5291daef891cfee9befb5235e2b8 /src/charon/sa/tasks/ike_rekey.c
parent7410d3c6d6a9a1cd7aa55083c938946af6ff9498 (diff)
downloadvyos-strongswan-ed7d79f96177044949744da10f4431c1d6242241.tar.gz
vyos-strongswan-ed7d79f96177044949744da10f4431c1d6242241.zip
[svn-upgrade] Integrating new upstream version, strongswan (4.3.6)
Diffstat (limited to 'src/charon/sa/tasks/ike_rekey.c')
-rw-r--r--src/charon/sa/tasks/ike_rekey.c89
1 files changed, 37 insertions, 52 deletions
diff --git a/src/charon/sa/tasks/ike_rekey.c b/src/charon/sa/tasks/ike_rekey.c
index 3a049b566..a2275e796 100644
--- a/src/charon/sa/tasks/ike_rekey.c
+++ b/src/charon/sa/tasks/ike_rekey.c
@@ -30,37 +30,37 @@ typedef struct private_ike_rekey_t private_ike_rekey_t;
* Private members of a ike_rekey_t task.
*/
struct private_ike_rekey_t {
-
+
/**
* Public methods and task_t interface.
*/
ike_rekey_t public;
-
+
/**
* Assigned IKE_SA.
*/
ike_sa_t *ike_sa;
-
+
/**
* New IKE_SA which replaces the current one
*/
ike_sa_t *new_sa;
-
+
/**
* Are we the initiator?
*/
bool initiator;
-
+
/**
* the IKE_INIT task which is reused to simplify rekeying
*/
ike_init_t *ike_init;
-
+
/**
* IKE_DELETE task to delete the old IKE_SA after rekeying was successful
*/
ike_delete_t *ike_delete;
-
+
/**
* colliding task detected by the task manager
*/
@@ -74,7 +74,7 @@ static status_t build_i_delete(private_ike_rekey_t *this, message_t *message)
{
/* update exchange type to INFORMATIONAL for the delete */
message->set_exchange_type(message, INFORMATIONAL);
-
+
return this->ike_delete->task.build(&this->ike_delete->task, message);
}
@@ -93,13 +93,13 @@ static status_t build_i(private_ike_rekey_t *this, message_t *message)
{
peer_cfg_t *peer_cfg;
host_t *other_host;
-
+
/* create new SA only on first try */
if (this->new_sa == NULL)
{
this->new_sa = charon->ike_sa_manager->checkout_new(charon->ike_sa_manager,
TRUE);
-
+
peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
other_host = this->ike_sa->get_other_host(this->ike_sa);
this->new_sa->set_peer_cfg(this->new_sa, peer_cfg);
@@ -120,7 +120,7 @@ static status_t process_r(private_ike_rekey_t *this, message_t *message)
peer_cfg_t *peer_cfg;
iterator_t *iterator;
child_sa_t *child_sa;
-
+
if (this->ike_sa->get_state(this->ike_sa) == IKE_DELETING)
{
DBG1(DBG_IKE, "peer initiated rekeying, but we are deleting");
@@ -144,15 +144,15 @@ static status_t process_r(private_ike_rekey_t *this, message_t *message)
}
}
iterator->destroy(iterator);
-
+
this->new_sa = charon->ike_sa_manager->checkout_new(charon->ike_sa_manager,
FALSE);
-
+
peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
this->new_sa->set_peer_cfg(this->new_sa, peer_cfg);
this->ike_init = ike_init_create(this->new_sa, FALSE, this->ike_sa);
this->ike_init->task.process(&this->ike_init->task, message);
-
+
return NEED_MORE;
}
@@ -167,12 +167,12 @@ static status_t build_r(private_ike_rekey_t *this, message_t *message)
message->add_notify(message, TRUE, NO_PROPOSAL_CHOSEN, chunk_empty);
return SUCCESS;
}
-
+
if (this->ike_init->task.build(&this->ike_init->task, message) == FAILED)
{
return SUCCESS;
}
-
+
this->ike_sa->set_state(this->ike_sa, IKE_REKEYING);
this->new_sa->set_state(this->new_sa, IKE_ESTABLISHED);
DBG0(DBG_IKE, "IKE_SA %s[%d] established between %H[%Y]...%H[%Y]",
@@ -182,7 +182,7 @@ static status_t build_r(private_ike_rekey_t *this, message_t *message)
this->ike_sa->get_my_id(this->ike_sa),
this->ike_sa->get_other_host(this->ike_sa),
this->ike_sa->get_other_id(this->ike_sa));
-
+
return SUCCESS;
}
@@ -191,32 +191,17 @@ static status_t build_r(private_ike_rekey_t *this, message_t *message)
*/
static status_t process_i(private_ike_rekey_t *this, message_t *message)
{
- enumerator_t *enumerator;
- payload_t *payload;
-
- /* handle NO_ADDITIONAL_SAS notify */
- enumerator = message->create_payload_enumerator(message);
- while (enumerator->enumerate(enumerator, &payload))
+ if (message->get_notify(message, NO_ADDITIONAL_SAS))
{
- if (payload->get_type(payload) == NOTIFY)
- {
- notify_payload_t *notify = (notify_payload_t*)payload;
-
- if (notify->get_notify_type(notify) == NO_ADDITIONAL_SAS)
- {
- DBG1(DBG_IKE, "peer seems to not support IKE rekeying, "
- "starting reauthentication");
- this->ike_sa->set_state(this->ike_sa, IKE_ESTABLISHED);
- charon->processor->queue_job(charon->processor,
- (job_t*)rekey_ike_sa_job_create(
- this->ike_sa->get_id(this->ike_sa), TRUE));
- enumerator->destroy(enumerator);
- return SUCCESS;
- }
- }
+ DBG1(DBG_IKE, "peer seems to not support IKE rekeying, "
+ "starting reauthentication");
+ this->ike_sa->set_state(this->ike_sa, IKE_ESTABLISHED);
+ charon->processor->queue_job(charon->processor,
+ (job_t*)rekey_ike_sa_job_create(
+ this->ike_sa->get_id(this->ike_sa), TRUE));
+ return SUCCESS;
}
- enumerator->destroy(enumerator);
-
+
switch (this->ike_init->task.process(&this->ike_init->task, message))
{
case FAILED:
@@ -230,7 +215,7 @@ static status_t process_i(private_ike_rekey_t *this, message_t *message)
job = (job_t*)rekey_ike_sa_job_create(
this->ike_sa->get_id(this->ike_sa), FALSE);
DBG1(DBG_IKE, "IKE_SA rekeying failed, "
- "trying again in %d seconds", retry);
+ "trying again in %d seconds", retry);
this->ike_sa->set_state(this->ike_sa, IKE_ESTABLISHED);
charon->scheduler->schedule_job(charon->scheduler, job, retry);
}
@@ -242,7 +227,7 @@ static status_t process_i(private_ike_rekey_t *this, message_t *message)
default:
break;
}
-
+
this->new_sa->set_state(this->new_sa, IKE_ESTABLISHED);
DBG0(DBG_IKE, "IKE_SA %s[%d] established between %H[%Y]...%H[%Y]",
this->new_sa->get_name(this->new_sa),
@@ -251,7 +236,7 @@ static status_t process_i(private_ike_rekey_t *this, message_t *message)
this->ike_sa->get_my_id(this->ike_sa),
this->ike_sa->get_other_host(this->ike_sa),
this->ike_sa->get_other_id(this->ike_sa));
-
+
/* check for collisions */
if (this->collision &&
this->collision->get_type(this->collision) == IKE_REKEY)
@@ -259,13 +244,13 @@ static status_t process_i(private_ike_rekey_t *this, message_t *message)
chunk_t this_nonce, other_nonce;
host_t *host;
private_ike_rekey_t *other = (private_ike_rekey_t*)this->collision;
-
+
this_nonce = this->ike_init->get_lower_nonce(this->ike_init);
other_nonce = other->ike_init->get_lower_nonce(other->ike_init);
-
+
/* if we have the lower nonce, delete rekeyed SA. If not, delete
* the redundant. */
- if (memcmp(this_nonce.ptr, other_nonce.ptr,
+ if (memcmp(this_nonce.ptr, other_nonce.ptr,
min(this_nonce.len, other_nonce.len)) < 0)
{
/* peer should delete this SA. Add a timeout just in case. */
@@ -305,12 +290,12 @@ static status_t process_i(private_ike_rekey_t *this, message_t *message)
/* set threads active IKE_SA after checkin */
charon->bus->set_sa(charon->bus, this->ike_sa);
}
-
+
/* rekeying successful, delete the IKE_SA using a subtask */
this->ike_delete = ike_delete_create(this->ike_sa, TRUE);
this->public.task.build = (status_t(*)(task_t*,message_t*))build_i_delete;
this->public.task.process = (status_t(*)(task_t*,message_t*))process_i_delete;
-
+
return NEED_MORE;
}
@@ -349,7 +334,7 @@ static void migrate(private_ike_rekey_t *this, ike_sa_t *ike_sa)
charon->bus->set_sa(charon->bus, this->ike_sa);
}
DESTROY_IF(this->collision);
-
+
this->collision = NULL;
this->ike_sa = ike_sa;
this->new_sa = NULL;
@@ -412,13 +397,13 @@ ike_rekey_t *ike_rekey_create(ike_sa_t *ike_sa, bool initiator)
this->public.task.build = (status_t(*)(task_t*,message_t*))build_r;
this->public.task.process = (status_t(*)(task_t*,message_t*))process_r;
}
-
+
this->ike_sa = ike_sa;
this->new_sa = NULL;
this->ike_init = NULL;
this->ike_delete = NULL;
this->initiator = initiator;
this->collision = NULL;
-
+
return &this->public;
}