diff options
| author | Martin Willi <martin@strongswan.org> | 2008-11-14 14:05:47 +0000 |
|---|---|---|
| committer | Martin Willi <martin@strongswan.org> | 2008-11-14 14:05:47 +0000 |
| commit | 32ec3c1a8b073ae0e3ccf3f4ff9fb6c3c41c9646 (patch) | |
| tree | 6dda5235e7af85cb62b26ba7de12d6514cc78389 | |
| parent | dad8eceea31b9ee3a7e5a415525f7d679c125e9e (diff) | |
| download | strongswan-32ec3c1a8b073ae0e3ccf3f4ff9fb6c3c41c9646.tar.bz2 strongswan-32ec3c1a8b073ae0e3ccf3f4ff9fb6c3c41c9646.tar.xz | |
fallback to reauthentication if peer does not support CHILD_SA rekeying
| -rw-r--r-- | src/charon/sa/tasks/child_rekey.c | 26 | ||||
| -rw-r--r-- | src/charon/sa/tasks/ike_rekey.c | 3 |
2 files changed, 27 insertions, 2 deletions
diff --git a/src/charon/sa/tasks/child_rekey.c b/src/charon/sa/tasks/child_rekey.c index 6d741b760..3a22d5040 100644 --- a/src/charon/sa/tasks/child_rekey.c +++ b/src/charon/sa/tasks/child_rekey.c @@ -23,6 +23,7 @@ #include <sa/tasks/child_create.h> #include <sa/tasks/child_delete.h> #include <processing/jobs/rekey_child_sa_job.h> +#include <processing/jobs/rekey_ike_sa_job.h> typedef struct private_child_rekey_t private_child_rekey_t; @@ -177,6 +178,31 @@ static status_t process_i(private_child_rekey_t *this, message_t *message) protocol_id_t protocol; u_int32_t spi; child_sa_t *to_delete; + iterator_t *iterator; + payload_t *payload; + + /* handle NO_ADDITIONAL_SAS notify */ + iterator = message->get_payload_iterator(message); + while (iterator->iterate(iterator, (void**)&payload)) + { + if (payload->get_type(payload) == NOTIFY) + { + notify_payload_t *notify = (notify_payload_t*)payload; + + if (notify->get_notify_type(notify) == NO_ADDITIONAL_SAS) + { + DBG1(DBG_IKE, "peer seems to not support CHILD_SA rekeying, " + "starting reauthentication"); + this->child_sa->set_state(this->child_sa, CHILD_INSTALLED); + charon->processor->queue_job(charon->processor, + (job_t*)rekey_ike_sa_job_create( + this->ike_sa->get_id(this->ike_sa), TRUE)); + iterator->destroy(iterator); + return SUCCESS; + } + } + } + iterator->destroy(iterator); if (this->child_create->task.process(&this->child_create->task, message) == NEED_MORE) { diff --git a/src/charon/sa/tasks/ike_rekey.c b/src/charon/sa/tasks/ike_rekey.c index 60410dbd1..d094a0481 100644 --- a/src/charon/sa/tasks/ike_rekey.c +++ b/src/charon/sa/tasks/ike_rekey.c @@ -180,9 +180,8 @@ static status_t process_i(private_ike_rekey_t *this, message_t *message) if (payload->get_type(payload) == NOTIFY) { notify_payload_t *notify = (notify_payload_t*)payload; - notify_type_t type = notify->get_notify_type(notify); - if (type == NO_ADDITIONAL_SAS) + if (notify->get_notify_type(notify) == NO_ADDITIONAL_SAS) { DBG1(DBG_IKE, "peer seems to not support IKE rekeying, " "starting reauthentication"); |