redesigned IKE_SA using a transaction mechanism:

  removed old state machine
  reimplemented IKE_SA setup and delete
  implemented dead peer detection
  implemented keep-alives
  a lot of fixes
  no rekeying yet
		

5 files changed, 18 insertions, 21 deletions

diff --git a/src/charon/config/configuration.c b/src/charon/config/configuration.c
index cd205867e..2dcf0bb72 100755
--- a/src/charon/config/configuration.c
+++ b/src/charon/config/configuration.c
@@ -29,6 +29,7 @@
 
 /**
  * Timeout in milliseconds after that a half open IKE_SA gets deleted.
+ * Set to zero to disable
  */
 #define HALF_OPEN_IKE_SA_TIMEOUT 30000
 
@@ -51,14 +52,14 @@
 #define MAX_RETRANSMIT_COUNT 6
 
 /**
- * Keepalive interval in milliseconds.
+ * Keepalive interval in seconds.
  */
-#define KEEPALIVE_INTERVAL 2000000
+#define KEEPALIVE_INTERVAL 20
 
 /**
- * DPD interval in milliseconds.
+ * DPD interval in seconds.
  */
-#define DPD_INTERVAL 6000000
+#define DPD_INTERVAL 60
 
 
 typedef struct private_configuration_t private_configuration_t;
@@ -78,16 +79,13 @@ struct private_configuration_t {
 /**
  * Implementation of configuration_t.get_retransmit_timeout.
  */
-static status_t get_retransmit_timeout (private_configuration_t *this, u_int32_t retransmit_count, u_int32_t *timeout)
+static u_int32_t get_retransmit_timeout (private_configuration_t *this, u_int32_t retransmit_count)
 {
 	if (retransmit_count > MAX_RETRANSMIT_COUNT && MAX_RETRANSMIT_COUNT != 0)
 	{
-		return FAILED;
+		return 0;
 	}
-	
-	*timeout = (u_int32_t)(RETRANSMIT_TIMEOUT * pow(RETRANSMIT_BASE, retransmit_count));
-
-	return SUCCESS;
+	return (u_int32_t)(RETRANSMIT_TIMEOUT * pow(RETRANSMIT_BASE, retransmit_count));
 }
 
 /**
@@ -131,7 +129,7 @@ configuration_t *configuration_create()
 	
 	/* public functions */
 	this->public.destroy = (void(*)(configuration_t*))destroy;
-	this->public.get_retransmit_timeout = (status_t (*) (configuration_t *, u_int32_t retransmit_count, u_int32_t *timeout))get_retransmit_timeout;
+	this->public.get_retransmit_timeout = (u_int32_t (*) (configuration_t *, u_int32_t retransmit_count))get_retransmit_timeout;
 	this->public.get_half_open_ike_sa_timeout = (u_int32_t (*) (configuration_t *)) get_half_open_ike_sa_timeout;
 	this->public.get_keepalive_interval = (u_int32_t (*) (configuration_t *)) get_keepalive_interval;
 	this->public.get_dpd_interval = (u_int32_t (*) (configuration_t *)) get_dpd_interval;
diff --git a/src/charon/config/configuration.h b/src/charon/config/configuration.h
index 813b95788..553a01edd 100755
--- a/src/charon/config/configuration.h
+++ b/src/charon/config/configuration.h
@@ -41,18 +41,15 @@ struct configuration_t {
 	/**
 	 * @brief Returns the retransmit timeout.
 	 *
+	 * A return value of zero means the request should not retransmitted again.
 	 * The timeout values are managed by the configuration, so 
 	 * another backoff algorithm may be implemented here.
 	 *
 	 * @param this				calling object
 	 * @param retransmit_count	number of times a message was retransmitted so far
-	 * @param[out] timeout		the new retransmit timeout in milliseconds
-	 * 
-	 * @return		
-	 * 							- FAILED, if the message should not be retransmitted
-	 * 							- SUCCESS
+	 * @return					time in milliseconds, when to schedule next retransmit
 	 */
-	status_t (*get_retransmit_timeout) (configuration_t *this, u_int32_t retransmit_count, u_int32_t *timeout);
+	u_int32_t (*get_retransmit_timeout) (configuration_t *this, u_int32_t retransmit_count);
 	
 	/**
 	 * @brief Returns the timeout for an half open IKE_SA in ms.
@@ -76,7 +73,7 @@ struct configuration_t {
 	 * NAT keepalive packet should be sent.
 	 * 
 	 * @param this				calling object
-	 * @return					interval in milliseconds (ms)
+	 * @return					interval in seconds
 	 */	
 	u_int32_t (*get_keepalive_interval) (configuration_t *this);
 
@@ -87,7 +84,7 @@ struct configuration_t {
 	 * DPD request packet should be sent.
 	 * 
 	 * @param this				calling object
-	 * @return					interval in milliseconds (ms)
+	 * @return					interval in seconds
 	 */	
 	u_int32_t (*get_dpd_interval) (configuration_t *this);
 
diff --git a/src/charon/config/connections/connection.c b/src/charon/config/connections/connection.c
index ce1f0f31a..e31466039 100644
--- a/src/charon/config/connections/connection.c
+++ b/src/charon/config/connections/connection.c
@@ -280,9 +280,9 @@ static bool check_dh_group(private_connection_t *this, diffie_hellman_group_t dh
 				return TRUE;
 			}
 		}
+		alg_iter->destroy(alg_iter);
 	}
 	prop_iter->destroy(prop_iter);
-	alg_iter->destroy(alg_iter);
 	return FALSE;
 }
 
diff --git a/src/charon/config/policies/policy.c b/src/charon/config/policies/policy.c
index 9e163f9de..0e2d148a4 100644
--- a/src/charon/config/policies/policy.c
+++ b/src/charon/config/policies/policy.c
@@ -503,7 +503,7 @@ policy_t *policy_create(char *name, identification_t *my_id, identification_t *o
 	this->public.add_other_traffic_selector = (void(*)(policy_t*,traffic_selector_t*))add_other_traffic_selector;
 	this->public.add_proposal = (void(*)(policy_t*,proposal_t*))add_proposal;
 	this->public.add_authorities = (void(*)(policy_t*,identification_t*, identification_t*))add_authorities;
-	this->public.add_updown = (void(*)(policy_t*,identification_t*,char*))add_updown;
+	this->public.add_updown = (void(*)(policy_t*,char*))add_updown;
 	this->public.get_soft_lifetime = (u_int32_t (*) (policy_t *))get_soft_lifetime;
 	this->public.get_hard_lifetime = (u_int32_t (*) (policy_t *))get_hard_lifetime;
 	this->public.clone = (policy_t*(*)(policy_t*))clone;
diff --git a/src/charon/config/proposal.c b/src/charon/config/proposal.c
index 3eb081544..503b4c1c6 100644
--- a/src/charon/config/proposal.c
+++ b/src/charon/config/proposal.c
@@ -572,6 +572,8 @@ proposal_t *proposal_create_default(protocol_id_t protocol)
 			add_algorithm(this, INTEGRITY_ALGORITHM,    AUTH_HMAC_SHA1_96, 0);
 			add_algorithm(this, INTEGRITY_ALGORITHM,    AUTH_HMAC_MD5_96,  0);
 			break;
+		default:
+			break;
 	}
 	
 	return &this->public;