summaryrefslogtreecommitdiff
path: root/src/libcharon/plugins/vici/vici_config.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/libcharon/plugins/vici/vici_config.c')
-rw-r--r--src/libcharon/plugins/vici/vici_config.c51
1 files changed, 37 insertions, 14 deletions
diff --git a/src/libcharon/plugins/vici/vici_config.c b/src/libcharon/plugins/vici/vici_config.c
index 113d48084..649161020 100644
--- a/src/libcharon/plugins/vici/vici_config.c
+++ b/src/libcharon/plugins/vici/vici_config.c
@@ -1551,8 +1551,8 @@ static void clear_start_action(private_vici_config_t *this,
enumerator_t *enumerator, *children;
child_sa_t *child_sa;
ike_sa_t *ike_sa;
- u_int32_t reqid = 0, *del;
- array_t *reqids = NULL;
+ u_int32_t id = 0, *del;
+ array_t *ids = NULL;
char *name;
name = child_cfg->get_name(child_cfg);
@@ -1568,23 +1568,23 @@ static void clear_start_action(private_vici_config_t *this,
{
if (streq(name, child_sa->get_name(child_sa)))
{
- reqid = child_sa->get_reqid(child_sa);
- array_insert_create(&reqids, ARRAY_TAIL, &reqid);
+ id = child_sa->get_unique_id(child_sa);
+ array_insert_create(&ids, ARRAY_TAIL, &id);
}
}
children->destroy(children);
}
enumerator->destroy(enumerator);
- if (array_count(reqids))
+ if (array_count(ids))
{
- while (array_remove(reqids, ARRAY_HEAD, &del))
+ while (array_remove(ids, ARRAY_HEAD, &del))
{
DBG1(DBG_CFG, "closing '%s' #%u", name, *del);
charon->controller->terminate_child(charon->controller,
*del, NULL, NULL, 0);
}
- array_destroy(reqids);
+ array_destroy(ids);
}
break;
case ACTION_ROUTE:
@@ -1601,14 +1601,14 @@ static void clear_start_action(private_vici_config_t *this,
{
if (streq(name, child_sa->get_name(child_sa)))
{
- reqid = child_sa->get_reqid(child_sa);
+ id = child_sa->get_reqid(child_sa);
break;
}
}
enumerator->destroy(enumerator);
- if (reqid)
+ if (id)
{
- charon->traps->uninstall(charon->traps, reqid);
+ charon->traps->uninstall(charon->traps, id);
}
break;
}
@@ -1751,7 +1751,8 @@ CALLBACK(config_sn, bool,
.fragmentation = FRAGMENTATION_NO,
.unique = UNIQUE_NO,
.keyingtries = 1,
- .rekey_time = LFT_DEFAULT_IKE_REKEY,
+ .rekey_time = LFT_UNDEFINED,
+ .reauth_time = LFT_UNDEFINED,
.over_time = LFT_UNDEFINED,
.rand_time = LFT_UNDEFINED,
};
@@ -1809,6 +1810,20 @@ CALLBACK(config_sn, bool,
peer.local_port = charon->socket->get_port(charon->socket, FALSE);
}
+ if (peer.rekey_time == LFT_UNDEFINED && peer.reauth_time == LFT_UNDEFINED)
+ {
+ /* apply a default rekey time if no rekey/reauth time set */
+ peer.rekey_time = LFT_DEFAULT_IKE_REKEY;
+ peer.reauth_time = 0;
+ }
+ if (peer.rekey_time == LFT_UNDEFINED)
+ {
+ peer.rekey_time = 0;
+ }
+ if (peer.reauth_time == LFT_UNDEFINED)
+ {
+ peer.reauth_time = 0;
+ }
if (peer.over_time == LFT_UNDEFINED)
{
/* default over_time to 10% of rekey/reauth time if not given */
@@ -1816,9 +1831,17 @@ CALLBACK(config_sn, bool,
}
if (peer.rand_time == LFT_UNDEFINED)
{
- /* default rand_time to over_time if not given */
- peer.rand_time = min(peer.over_time,
- max(peer.rekey_time, peer.reauth_time) / 2);
+ /* default rand_time to over_time if not given, but don't make it
+ * longer than half of rekey/rauth time */
+ if (peer.rekey_time && peer.reauth_time)
+ {
+ peer.rand_time = min(peer.rekey_time, peer.reauth_time);
+ }
+ else
+ {
+ peer.rand_time = max(peer.rekey_time, peer.reauth_time);
+ }
+ peer.rand_time = min(peer.over_time, peer.rand_time / 2);
}
log_peer_data(&peer);