diff options
| author | Martin Willi <martin@strongswan.org> | 2009-09-23 14:04:32 +0200 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2010-04-07 13:55:14 +0200 |
| commit | b7f15be136eb0be15dc92d9a62d9fb930d41e761 (patch) | |
| tree | 6649af82098af27daab110a498b7d6403b9e1643 | |
| parent | 9fdf5f712e377ff751a2420f37f62adac6fc0d7a (diff) | |
| download | strongswan-b7f15be136eb0be15dc92d9a62d9fb930d41e761.tar.bz2 strongswan-b7f15be136eb0be15dc92d9a62d9fb930d41e761.tar.xz | |
Do not enable/disable our own sync tunnel
| -rw-r--r-- | src/charon/plugins/ha_sync/ha_sync_plugin.c | 6 | ||||
| -rw-r--r-- | src/charon/plugins/ha_sync/ha_sync_segments.c | 26 | ||||
| -rw-r--r-- | src/charon/plugins/ha_sync/ha_sync_segments.h | 2 |
3 files changed, 24 insertions, 10 deletions
diff --git a/src/charon/plugins/ha_sync/ha_sync_plugin.c b/src/charon/plugins/ha_sync/ha_sync_plugin.c index d6fa6be1f..ff4341e57 100644 --- a/src/charon/plugins/ha_sync/ha_sync_plugin.c +++ b/src/charon/plugins/ha_sync/ha_sync_plugin.c @@ -171,12 +171,12 @@ plugin_t *plugin_create() return NULL; } - this->segments = ha_sync_segments_create(this->socket, this->kernel, - count, active); if (secret) { - this->tunnel = ha_sync_tunnel_create(secret, local, remote); + this->tunnel = ha_sync_tunnel_create(local, remote, secret); } + this->segments = ha_sync_segments_create(this->socket, this->kernel, + this->tunnel, count, active); if (fifo) { this->ctl = ha_sync_ctl_create(this->segments); diff --git a/src/charon/plugins/ha_sync/ha_sync_segments.c b/src/charon/plugins/ha_sync/ha_sync_segments.c index 8929c62d4..4d458038c 100644 --- a/src/charon/plugins/ha_sync/ha_sync_segments.c +++ b/src/charon/plugins/ha_sync/ha_sync_segments.c @@ -36,6 +36,11 @@ struct private_ha_sync_segments_t { ha_sync_socket_t *socket; /** + * Sync tunnel, if any + */ + ha_sync_tunnel_t *tunnel; + + /** * Interface to control segments at kernel level */ ha_sync_kernel_t *kernel; @@ -110,15 +115,20 @@ static void enable_disable(private_ha_sync_segments_t *this, u_int segment, enumerator = charon->ike_sa_manager->create_enumerator(charon->ike_sa_manager); while (enumerator->enumerate(enumerator, &ike_sa)) { - if (ike_sa->get_state(ike_sa) == old) + if (ike_sa->get_state(ike_sa) != old) + { + continue; + } + if (this->tunnel && this->tunnel->is_sync_sa(this->tunnel, ike_sa)) + { + continue; + } + for (i = segment; i < limit; i++) { - for (i = segment; i < limit; i++) + if (this->kernel->in_segment(this->kernel, + ike_sa->get_other_host(ike_sa), i)) { - if (this->kernel->in_segment(this->kernel, - ike_sa->get_other_host(ike_sa), i)) - { - ike_sa->set_state(ike_sa, new); - } + ike_sa->set_state(ike_sa, new); } } } @@ -305,6 +315,7 @@ static void destroy(private_ha_sync_segments_t *this) */ ha_sync_segments_t *ha_sync_segments_create(ha_sync_socket_t *socket, ha_sync_kernel_t *kernel, + ha_sync_tunnel_t *tunnel, u_int count, segment_mask_t active) { private_ha_sync_segments_t *this = malloc_thing(private_ha_sync_segments_t); @@ -317,6 +328,7 @@ ha_sync_segments_t *ha_sync_segments_create(ha_sync_socket_t *socket, this->public.destroy = (void(*)(ha_sync_segments_t*))destroy; this->socket = socket; + this->tunnel = tunnel; this->kernel = kernel; this->lock = rwlock_create(RWLOCK_TYPE_DEFAULT); this->active = active; diff --git a/src/charon/plugins/ha_sync/ha_sync_segments.h b/src/charon/plugins/ha_sync/ha_sync_segments.h index 98332a5f2..cf119a8e0 100644 --- a/src/charon/plugins/ha_sync/ha_sync_segments.h +++ b/src/charon/plugins/ha_sync/ha_sync_segments.h @@ -38,6 +38,7 @@ typedef u_int16_t segment_mask_t; #define SEGMENTS_BIT(segment) (0x01 << (segment - 1)) #include "ha_sync_socket.h" +#include "ha_sync_tunnel.h" #include "ha_sync_kernel.h" /** @@ -95,6 +96,7 @@ struct ha_sync_segments_t { */ ha_sync_segments_t *ha_sync_segments_create(ha_sync_socket_t *socket, ha_sync_kernel_t *kernel, + ha_sync_tunnel_t *tunnel, u_int count, segment_mask_t active); #endif /* HA_SYNC_SEGMENTS_ @}*/ |