diff options
| author | Yves-Alexis Perez <corsac@debian.org> | 2013-04-26 14:57:47 +0200 |
|---|---|---|
| committer | Yves-Alexis Perez <corsac@debian.org> | 2013-04-26 14:57:47 +0200 |
| commit | 10e5fb2b9b2f27c83b3e5a1d048b158d5cf42a43 (patch) | |
| tree | bf1d05a2e37dbd1911b86fcc026fbe49b0239c71 /src/libcharon/processing/jobs | |
| parent | 7585facf05d927eb6df3929ce09ed5e60d905437 (diff) | |
| download | vyos-strongswan-10e5fb2b9b2f27c83b3e5a1d048b158d5cf42a43.tar.gz vyos-strongswan-10e5fb2b9b2f27c83b3e5a1d048b158d5cf42a43.zip | |
Imported Upstream version 5.0.3
Diffstat (limited to 'src/libcharon/processing/jobs')
| -rw-r--r-- | src/libcharon/processing/jobs/delete_ike_sa_job.c | 12 | ||||
| -rw-r--r-- | src/libcharon/processing/jobs/dpd_timeout_job.c | 3 | ||||
| -rw-r--r-- | src/libcharon/processing/jobs/inactivity_job.c | 5 |
3 files changed, 15 insertions, 5 deletions
diff --git a/src/libcharon/processing/jobs/delete_ike_sa_job.c b/src/libcharon/processing/jobs/delete_ike_sa_job.c index 3a8c2e1cd..a394e9df9 100644 --- a/src/libcharon/processing/jobs/delete_ike_sa_job.c +++ b/src/libcharon/processing/jobs/delete_ike_sa_job.c @@ -76,11 +76,21 @@ METHOD(job_t, execute, job_requeue_t, } else { - /* destroy IKE_SA did not complete connecting phase */ + /* destroy IKE_SA only if it did not complete connecting phase */ if (ike_sa->get_state(ike_sa) != IKE_CONNECTING) { charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa); } + else if (ike_sa->get_version(ike_sa) == IKEV1 && + ike_sa->has_condition(ike_sa, COND_ORIGINAL_INITIATOR)) + { /* as initiator we waited for the peer to initiate e.g. an + * XAuth exchange, reauth the SA to eventually trigger DPD */ + DBG1(DBG_JOB, "peer did not initiate expected exchange, " + "reestablishing IKE_SA"); + ike_sa->reauth(ike_sa); + charon->ike_sa_manager->checkin_and_destroy( + charon->ike_sa_manager, ike_sa); + } else { DBG1(DBG_JOB, "deleting half open IKE_SA after timeout"); diff --git a/src/libcharon/processing/jobs/dpd_timeout_job.c b/src/libcharon/processing/jobs/dpd_timeout_job.c index 64a9785a6..9cdce5cab 100644 --- a/src/libcharon/processing/jobs/dpd_timeout_job.c +++ b/src/libcharon/processing/jobs/dpd_timeout_job.c @@ -68,7 +68,7 @@ METHOD(job_t, execute, job_requeue_t, enumerator = ike_sa->create_child_sa_enumerator(ike_sa); while (enumerator->enumerate(enumerator, &child_sa)) { - child_sa->get_usestats(child_sa, TRUE, ¤t, NULL); + child_sa->get_usestats(child_sa, TRUE, ¤t, NULL, NULL); use_time = max(use_time, current); } enumerator->destroy(enumerator); @@ -77,6 +77,7 @@ METHOD(job_t, execute, job_requeue_t, if (use_time < this->check) { DBG1(DBG_JOB, "DPD check timed out, enforcing DPD action"); + charon->bus->alert(charon->bus, ALERT_RETRANSMIT_SEND_TIMEOUT, NULL); charon->bus->ike_updown(charon->bus, ike_sa, FALSE); ike_sa->reestablish(ike_sa); charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, diff --git a/src/libcharon/processing/jobs/inactivity_job.c b/src/libcharon/processing/jobs/inactivity_job.c index 3c56b0cd7..9ab69b417 100644 --- a/src/libcharon/processing/jobs/inactivity_job.c +++ b/src/libcharon/processing/jobs/inactivity_job.c @@ -75,8 +75,8 @@ METHOD(job_t, execute, job_requeue_t, { time_t in, out, diff; - child_sa->get_usestats(child_sa, TRUE, &in, NULL); - child_sa->get_usestats(child_sa, FALSE, &out, NULL); + child_sa->get_usestats(child_sa, TRUE, &in, NULL, NULL); + child_sa->get_usestats(child_sa, FALSE, &out, NULL, NULL); diff = time_monotonic(NULL) - max(in, out); @@ -155,4 +155,3 @@ inactivity_job_t *inactivity_job_create(u_int32_t reqid, u_int32_t timeout, return &this->public; } - |