3 files changed, 60 insertions, 4 deletions

diff --git a/src/libcharon/bus/bus.c b/src/libcharon/bus/bus.c
index 7938f46cc..53ded6be7 100644
--- a/src/libcharon/bus/bus.c
+++ b/src/libcharon/bus/bus.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2014 Tobias Brunner
+ * Copyright (C) 2011-2015 Tobias Brunner
  * Copyright (C) 2006 Martin Willi
  * Hochschule fuer Technik Rapperswil
  *
@@ -687,6 +687,37 @@ METHOD(bus_t, child_rekey, void,
 	this->mutex->unlock(this->mutex);
 }
 
+METHOD(bus_t, children_migrate, void,
+	private_bus_t *this, ike_sa_id_t *new, u_int32_t unique)
+{
+	enumerator_t *enumerator;
+	ike_sa_t *ike_sa;
+	entry_t *entry;
+	bool keep;
+
+	ike_sa = this->thread_sa->get(this->thread_sa);
+
+	this->mutex->lock(this->mutex);
+	enumerator = this->listeners->create_enumerator(this->listeners);
+	while (enumerator->enumerate(enumerator, &entry))
+	{
+		if (entry->calling || !entry->listener->children_migrate)
+		{
+			continue;
+		}
+		entry->calling++;
+		keep = entry->listener->children_migrate(entry->listener, ike_sa, new,
+												 unique);
+		entry->calling--;
+		if (!keep)
+		{
+			unregister_listener(this, entry, enumerator);
+		}
+	}
+	enumerator->destroy(enumerator);
+	this->mutex->unlock(this->mutex);
+}
+
 METHOD(bus_t, ike_updown, void,
 	private_bus_t *this, ike_sa_t *ike_sa, bool up)
 {
@@ -1038,6 +1069,7 @@ bus_t *bus_create()
 			.ike_reestablish_post = _ike_reestablish_post,
 			.child_updown = _child_updown,
 			.child_rekey = _child_rekey,
+			.children_migrate = _children_migrate,
 			.authorize = _authorize,
 			.narrow = _narrow,
 			.assign_vips = _assign_vips,
diff --git a/src/libcharon/bus/bus.h b/src/libcharon/bus/bus.h
index 051c429f9..b6757b140 100644
--- a/src/libcharon/bus/bus.h
+++ b/src/libcharon/bus/bus.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2012-2014 Tobias Brunner
+ * Copyright (C) 2012-2015 Tobias Brunner
  * Copyright (C) 2006-2009 Martin Willi
  * Hochschule fuer Technik Rapperswil
  *
@@ -130,7 +130,8 @@ enum alert_t {
 	ALERT_UNIQUE_REPLACE,
 	/** IKE_SA deleted because of "keep" unique policy, no argument */
 	ALERT_UNIQUE_KEEP,
-	/** IKE_SA kept on failed child SA establishment, no argument */
+	/** IKE_SA kept on failed child SA establishment, argument is an int (!=0 if
+	 * first child SA) */
 	ALERT_KEEP_ON_CHILD_SA_FAILURE,
 	/** allocating virtual IP failed, linked_list_t of host_t requested */
 	ALERT_VIP_FAILURE,
@@ -426,6 +427,14 @@ struct bus_t {
 	void (*child_rekey)(bus_t *this, child_sa_t *old, child_sa_t *new);
 
 	/**
+	 * CHILD_SA migration hook.
+	 *
+	 * @param new		ID of new SA when called for the old, NULL otherwise
+	 * @param uniue		unique ID of new SA when called for the old, 0 otherwise
+	 */
+	void (*children_migrate)(bus_t *this, ike_sa_id_t *new, u_int32_t unique);
+
+	/**
 	 * Virtual IP assignment hook.
 	 *
 	 * @param ike_sa	IKE_SA the VIPs are assigned to
diff --git a/src/libcharon/bus/listeners/listener.h b/src/libcharon/bus/listeners/listener.h
index 3447d8f99..c7a8d8d1e 100644
--- a/src/libcharon/bus/listeners/listener.h
+++ b/src/libcharon/bus/listeners/listener.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2014 Tobias Brunner
+ * Copyright (C) 2011-2015 Tobias Brunner
  * Copyright (C) 2009 Martin Willi
  * Hochschule fuer Technik Rapperswil
  *
@@ -188,6 +188,21 @@ struct listener_t {
 						child_sa_t *old, child_sa_t *new);
 
 	/**
+	 * Hook called when CHILD_SAs get migrated from one IKE_SA to another during
+	 * IKEv1 reauthentication.
+	 *
+	 * This is called twice, once for the old IKE_SA before the CHILD_SAs are
+	 * removed, and once for the new IKE_SA just after they got added.
+	 *
+	 * @param ike_sa	new or old IKE_SA
+	 * @param new		ID of new SA when called for the old, NULL otherwise
+	 * @param unique	unique ID of new SA when called for the old, 0 otherwise
+	 * @return			TRUE to stay registered, FALSE to unregister
+	 */
+	bool (*children_migrate)(listener_t *this, ike_sa_t *ike_sa,
+							 ike_sa_id_t *new, u_int32_t unique);
+
+	/**
 	 * Hook called to invoke additional authorization rules.
 	 *
 	 * An authorization hook gets invoked several times: After each