diff options
| author | Martin Willi <martin@strongswan.org> | 2006-07-20 10:09:32 +0000 |
|---|---|---|
| committer | Martin Willi <martin@strongswan.org> | 2006-07-20 10:09:32 +0000 |
| commit | 8dfbe71b34badd4a277b46e4bfd9a70cfa9db06b (patch) | |
| tree | c85c7059d723cb76a0db9dd51f9cb984c3ad7f8f /src/charon/threads/stroke_interface.c | |
| parent | 92ee45a0eedfa4b58d5814d7ffad0671165f3f06 (diff) | |
| download | strongswan-8dfbe71b34badd4a277b46e4bfd9a70cfa9db06b.tar.bz2 strongswan-8dfbe71b34badd4a277b46e4bfd9a70cfa9db06b.tar.xz | |
introduced refcounting on policy and connections
aren't stored in the IKE_SA anymore, they are queried on the fly
are immutable now, allows it to share them
policy selection based on traffic selectors, leads to valid lookup results
rekeying queries the policy based on its traffic selectors
Diffstat (limited to 'src/charon/threads/stroke_interface.c')
| -rwxr-xr-x | src/charon/threads/stroke_interface.c | 57 |
1 files changed, 41 insertions, 16 deletions
diff --git a/src/charon/threads/stroke_interface.c b/src/charon/threads/stroke_interface.c index f4d7accfb..2242ea24a 100755 --- a/src/charon/threads/stroke_interface.c +++ b/src/charon/threads/stroke_interface.c @@ -260,12 +260,12 @@ static void stroke_add_conn(private_stroke_t *this, stroke_msg_t *msg) } my_ts = traffic_selector_create_from_subnet(my_subnet, - msg->add_conn.me.subnet ? msg->add_conn.me.subnet_mask : 32, + msg->add_conn.me.subnet ? msg->add_conn.me.subnet_mask : 0, msg->add_conn.me.protocol, msg->add_conn.me.port); my_subnet->destroy(my_subnet); other_ts = traffic_selector_create_from_subnet(other_subnet, - msg->add_conn.other.subnet ? msg->add_conn.other.subnet_mask : 32, + msg->add_conn.other.subnet ? msg->add_conn.other.subnet_mask : 0, msg->add_conn.other.protocol, msg->add_conn.other.port); other_subnet->destroy(other_subnet); @@ -383,11 +383,11 @@ static void stroke_add_conn(private_stroke_t *this, stroke_msg_t *msg) policy = policy_create(msg->add_conn.name, my_id, other_id, msg->add_conn.rekey.ipsec_lifetime, msg->add_conn.rekey.ipsec_lifetime - msg->add_conn.rekey.margin, - msg->add_conn.rekey.margin * msg->add_conn.rekey.fuzz / 100); + msg->add_conn.rekey.margin * msg->add_conn.rekey.fuzz / 100, + msg->add_conn.me.updown); policy->add_my_traffic_selector(policy, my_ts); policy->add_other_traffic_selector(policy, other_ts); policy->add_authorities(policy, my_ca, other_ca); - policy->add_updown(policy, msg->add_conn.me.updown); if (msg->add_conn.algorithms.esp) { @@ -479,40 +479,65 @@ static void stroke_initiate(private_stroke_t *this, stroke_msg_t *msg) { initiate_ike_sa_job_t *job; connection_t *connection; + policy_t *policy; linked_list_t *ike_sas; ike_sa_id_t *ike_sa_id; pop_string(msg, &(msg->initiate.name)); - this->logger->log(this->logger, CONTROL, "received stroke: initiate \"%s\"", msg->initiate.name); - connection = charon->connections->get_connection_by_name(charon->connections, msg->initiate.name); + this->logger->log(this->logger, CONTROL, + "received stroke: initiate \"%s\"", + msg->initiate.name); + + connection = charon->connections->get_connection_by_name(charon->connections, + msg->initiate.name); if (connection == NULL) { - this->stroke_logger->log(this->stroke_logger, ERROR, "no connection named \"%s\"", msg->initiate.name); + this->stroke_logger->log(this->stroke_logger, ERROR, + "no connection named \"%s\"", + msg->initiate.name); } /* only initiate if it is an IKEv2 connection, ignore IKEv1 */ else if (connection->is_ikev2(connection)) { - /* check for already set up IKE_SAs befor initiating */ - ike_sas = charon->ike_sa_manager->get_ike_sa_list_by_name(charon->ike_sa_manager, msg->initiate.name); - if (ike_sas->get_count(ike_sas) == 0) + + policy = charon->policies->get_policy_by_name(charon->policies, + msg->initiate.name); + if (policy == NULL) { - this->stroke_logger->log(this->stroke_logger, CONTROL, - "initiating connection \"%s\" (see log)...", msg->initiate.name); - job = initiate_ike_sa_job_create(connection); - charon->job_queue->add(charon->job_queue, (job_t*)job); + this->stroke_logger->log(this->stroke_logger, ERROR, + "no policy named \"%s\"", + msg->initiate.name); + connection->destroy(connection); + return; } - else + /* check for already set up IKE_SAs befor initiating */ + ike_sas = charon->ike_sa_manager->get_ike_sa_list_by_name(charon->ike_sa_manager, + msg->initiate.name); + if (ike_sas->get_count(ike_sas) > 0) { this->stroke_logger->log(this->stroke_logger, CONTROL, - "connection \"%s\" already up", msg->initiate.name); + "connection \"%s\" already up", + msg->initiate.name); + /* TODO: setup CHILD_SA with policy */ connection->destroy(connection); + ike_sas->destroy(ike_sas); + return; } + this->stroke_logger->log(this->stroke_logger, CONTROL, + "initiating connection \"%s\" (see log)...", + msg->initiate.name); + job = initiate_ike_sa_job_create(connection, policy); + charon->job_queue->add(charon->job_queue, (job_t*)job); while (ike_sas->remove_last(ike_sas, (void**)&ike_sa_id) == SUCCESS) { ike_sa_id->destroy(ike_sa_id); } ike_sas->destroy(ike_sas); } + else + { + connection->destroy(connection); + } } /** |