diff options
Diffstat (limited to 'src/libcharon/processing')
4 files changed, 19 insertions, 6 deletions
diff --git a/src/libcharon/processing/jobs/initiate_mediation_job.c b/src/libcharon/processing/jobs/initiate_mediation_job.c index 17ab83053..5b5fb9d98 100644 --- a/src/libcharon/processing/jobs/initiate_mediation_job.c +++ b/src/libcharon/processing/jobs/initiate_mediation_job.c @@ -119,8 +119,8 @@ METHOD(job_t, initiate, job_requeue_t, /* we need an additional reference because initiate consumes one */ mediation_cfg->get_ref(mediation_cfg); - if (charon->controller->initiate(charon->controller, mediation_cfg, - NULL, (controller_cb_t)initiate_callback, this, 0) != SUCCESS) + if (charon->controller->initiate(charon->controller, mediation_cfg, NULL, + (controller_cb_t)initiate_callback, this, 0, FALSE) != SUCCESS) { mediation_cfg->destroy(mediation_cfg); mediated_cfg->destroy(mediated_cfg); diff --git a/src/libcharon/processing/jobs/process_message_job.c b/src/libcharon/processing/jobs/process_message_job.c index a6795e766..31f048db6 100644 --- a/src/libcharon/processing/jobs/process_message_job.c +++ b/src/libcharon/processing/jobs/process_message_job.c @@ -91,16 +91,26 @@ METHOD(job_t, get_priority, job_priority_t, { case IKE_AUTH: /* IKE auth is rather expensive and often blocking, low priority */ + case AGGRESSIVE: + case ID_PROT: + /* AM is basically IKE_SA_INIT/IKE_AUTH combined (without EAP/XAuth) + * MM is similar, but stretched out more */ return JOB_PRIO_LOW; case INFORMATIONAL: + case INFORMATIONAL_V1: /* INFORMATIONALs are inexpensive, for DPD we should have low * reaction times */ return JOB_PRIO_HIGH; case IKE_SA_INIT: - case CREATE_CHILD_SA: - default: /* IKE_SA_INIT is expensive, but we will drop them in the receiver * if we are overloaded */ + case CREATE_CHILD_SA: + case QUICK_MODE: + /* these may require DH, but if not they are relatively cheap */ + case TRANSACTION: + /* these are mostly cheap, however, if XAuth via RADIUS is used + * they may block */ + default: return JOB_PRIO_MEDIUM; } } diff --git a/src/libcharon/processing/jobs/rekey_child_sa_job.c b/src/libcharon/processing/jobs/rekey_child_sa_job.c index 8f17d39ab..057876b33 100644 --- a/src/libcharon/processing/jobs/rekey_child_sa_job.c +++ b/src/libcharon/processing/jobs/rekey_child_sa_job.c @@ -67,7 +67,10 @@ METHOD(job_t, execute, job_requeue_t, } else { - ike_sa->rekey_child_sa(ike_sa, this->protocol, this->spi); + if (ike_sa->get_state(ike_sa) != IKE_PASSIVE) + { + ike_sa->rekey_child_sa(ike_sa, this->protocol, this->spi); + } charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa); } return JOB_REQUEUE_NONE; diff --git a/src/libcharon/processing/jobs/start_action_job.c b/src/libcharon/processing/jobs/start_action_job.c index 981473b5c..5e88ac230 100644 --- a/src/libcharon/processing/jobs/start_action_job.c +++ b/src/libcharon/processing/jobs/start_action_job.c @@ -61,7 +61,7 @@ METHOD(job_t, execute, job_requeue_t, charon->controller->initiate(charon->controller, peer_cfg->get_ref(peer_cfg), child_cfg->get_ref(child_cfg), - NULL, NULL, 0); + NULL, NULL, 0, FALSE); break; case ACTION_ROUTE: DBG1(DBG_JOB, "start action: route '%s'", name); |