diff options
author | Yves-Alexis Perez <corsac@debian.org> | 2013-11-01 13:32:07 +0100 |
---|---|---|
committer | Yves-Alexis Perez <corsac@debian.org> | 2013-11-01 13:32:07 +0100 |
commit | 5313d2d78ca150515f7f5eb39801c100690b6b29 (patch) | |
tree | c78e420367283bb1b16f14210b12687cdfbd26eb /src/libcharon/sa/ikev1/tasks/aggressive_mode.c | |
parent | 6b99c8d9cff7b3e8ae8f3204b99e7ea40f791349 (diff) | |
download | vyos-strongswan-5313d2d78ca150515f7f5eb39801c100690b6b29.tar.gz vyos-strongswan-5313d2d78ca150515f7f5eb39801c100690b6b29.zip |
Imported Upstream version 5.1.1
Diffstat (limited to 'src/libcharon/sa/ikev1/tasks/aggressive_mode.c')
-rw-r--r-- | src/libcharon/sa/ikev1/tasks/aggressive_mode.c | 67 |
1 files changed, 52 insertions, 15 deletions
diff --git a/src/libcharon/sa/ikev1/tasks/aggressive_mode.c b/src/libcharon/sa/ikev1/tasks/aggressive_mode.c index 6b00706bf..46cbb879b 100644 --- a/src/libcharon/sa/ikev1/tasks/aggressive_mode.c +++ b/src/libcharon/sa/ikev1/tasks/aggressive_mode.c @@ -196,6 +196,17 @@ static status_t send_delete(private_aggressive_mode_t *this) return ALREADY_DONE; } +/** + * Schedule a timeout for the IKE_SA should it not establish + */ +static void schedule_timeout(ike_sa_t *ike_sa) +{ + job_t *job; + + job = (job_t*)delete_ike_sa_job_create(ike_sa->get_id(ike_sa), FALSE); + lib->scheduler->schedule_job(lib->scheduler, job, HALF_OPEN_IKE_SA_TIMEOUT); +} + METHOD(task_t, build_i, status_t, private_aggressive_mode_t *this, message_t *message) { @@ -300,20 +311,15 @@ METHOD(task_t, build_i, status_t, case AUTH_XAUTH_INIT_PSK: case AUTH_XAUTH_INIT_RSA: case AUTH_HYBRID_INIT_RSA: - { /* wait for XAUTH request, since this may never come, - * we queue a timeout */ - job_t *job = (job_t*)delete_ike_sa_job_create( - this->ike_sa->get_id(this->ike_sa), FALSE); - lib->scheduler->schedule_job(lib->scheduler, job, - HALF_OPEN_IKE_SA_TIMEOUT); + /* wait for XAUTH request */ + schedule_timeout(this->ike_sa); break; - } case AUTH_XAUTH_RESP_PSK: case AUTH_XAUTH_RESP_RSA: case AUTH_HYBRID_RESP_RSA: this->ike_sa->queue_task(this->ike_sa, (task_t*)xauth_create(this->ike_sa, TRUE)); - return SUCCESS; + break; default: if (charon->ike_sa_manager->check_uniqueness( charon->ike_sa_manager, this->ike_sa, FALSE)) @@ -328,10 +334,30 @@ METHOD(task_t, build_i, status_t, } break; } + /* check for and prepare mode config push/pull */ if (this->ph1->has_virtual_ip(this->ph1, this->peer_cfg)) { - this->ike_sa->queue_task(this->ike_sa, - (task_t*)mode_config_create(this->ike_sa, TRUE)); + if (this->peer_cfg->use_pull_mode(this->peer_cfg)) + { + this->ike_sa->queue_task(this->ike_sa, + (task_t*)mode_config_create(this->ike_sa, TRUE, TRUE)); + } + else + { + schedule_timeout(this->ike_sa); + } + } + else if (this->ph1->has_pool(this->ph1, this->peer_cfg)) + { + if (this->peer_cfg->use_pull_mode(this->peer_cfg)) + { + schedule_timeout(this->ike_sa); + } + else + { + this->ike_sa->queue_task(this->ike_sa, + (task_t*)mode_config_create(this->ike_sa, TRUE, FALSE)); + } } return SUCCESS; } @@ -482,7 +508,7 @@ METHOD(task_t, process_r, status_t, case AUTH_HYBRID_INIT_RSA: this->ike_sa->queue_task(this->ike_sa, (task_t*)xauth_create(this->ike_sa, TRUE)); - return SUCCESS; + break; case AUTH_XAUTH_RESP_PSK: case AUTH_XAUTH_RESP_RSA: case AUTH_HYBRID_RESP_RSA: @@ -505,11 +531,22 @@ METHOD(task_t, process_r, status_t, this->ike_sa->get_id(this->ike_sa))); break; } - if (!this->ph1->has_pool(this->ph1, this->peer_cfg) && - this->ph1->has_virtual_ip(this->ph1, this->peer_cfg)) + /* check for and prepare mode config push/pull */ + if (this->ph1->has_virtual_ip(this->ph1, this->peer_cfg)) { - this->ike_sa->queue_task(this->ike_sa, - (task_t*)mode_config_create(this->ike_sa, TRUE)); + if (this->peer_cfg->use_pull_mode(this->peer_cfg)) + { + this->ike_sa->queue_task(this->ike_sa, + (task_t*)mode_config_create(this->ike_sa, TRUE, TRUE)); + } + } + else if (this->ph1->has_pool(this->ph1, this->peer_cfg)) + { + if (!this->peer_cfg->use_pull_mode(this->peer_cfg)) + { + this->ike_sa->queue_task(this->ike_sa, + (task_t*)mode_config_create(this->ike_sa, TRUE, FALSE)); + } } return SUCCESS; } |