diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2015-05-26 15:43:46 +0200 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2015-05-26 15:43:46 +0200 |
| commit | 06a5b0e2e83277c38c7d6405f826e407248fb6e6 (patch) | |
| tree | 6d012dbead0377b0d73041dafa1701864f287636 /src/libcharon/plugins/ha | |
| parent | 0de116cadcd17abbe6aa8cffe140fbfb0356e04f (diff) | |
| download | strongswan-06a5b0e2e83277c38c7d6405f826e407248fb6e6.tar.bz2 strongswan-06a5b0e2e83277c38c7d6405f826e407248fb6e6.tar.xz | |
ha: Skip SA for sync messages when resyncing HA segments
Diffstat (limited to 'src/libcharon/plugins/ha')
| -rw-r--r-- | src/libcharon/plugins/ha/ha_cache.c | 12 | ||||
| -rw-r--r-- | src/libcharon/plugins/ha/ha_cache.h | 2 | ||||
| -rw-r--r-- | src/libcharon/plugins/ha/ha_plugin.c | 3 |
3 files changed, 14 insertions, 3 deletions
diff --git a/src/libcharon/plugins/ha/ha_cache.c b/src/libcharon/plugins/ha/ha_cache.c index 6c1b3471d..0650f7fd9 100644 --- a/src/libcharon/plugins/ha/ha_cache.c +++ b/src/libcharon/plugins/ha/ha_cache.c @@ -43,6 +43,11 @@ struct private_ha_cache_t { ha_socket_t *socket; /** + * Tunnel securing sync messages + */ + ha_tunnel_t *tunnel; + + /** * Total number of segments */ u_int count; @@ -259,6 +264,10 @@ static void rekey_segment(private_ha_cache_t *this, u_int segment) charon->ike_sa_manager, TRUE); while (enumerator->enumerate(enumerator, &ike_sa)) { + if (this->tunnel && this->tunnel->is_sa(this->tunnel, ike_sa)) + { + continue; + } if (ike_sa->get_state(ike_sa) == IKE_ESTABLISHED && this->kernel->get_segment(this->kernel, ike_sa->get_other_host(ike_sa)) == segment) @@ -365,7 +374,7 @@ METHOD(ha_cache_t, destroy, void, * See header */ ha_cache_t *ha_cache_create(ha_kernel_t *kernel, ha_socket_t *socket, - bool sync, u_int count) + ha_tunnel_t *tunnel, bool sync, u_int count) { private_ha_cache_t *this; @@ -379,6 +388,7 @@ ha_cache_t *ha_cache_create(ha_kernel_t *kernel, ha_socket_t *socket, .count = count, .kernel = kernel, .socket = socket, + .tunnel = tunnel, .cache = hashtable_create(hashtable_hash_ptr, hashtable_equals_ptr, 8), .mutex = mutex_create(MUTEX_TYPE_DEFAULT), ); diff --git a/src/libcharon/plugins/ha/ha_cache.h b/src/libcharon/plugins/ha/ha_cache.h index 5e3936a20..9fabbaca2 100644 --- a/src/libcharon/plugins/ha/ha_cache.h +++ b/src/libcharon/plugins/ha/ha_cache.h @@ -73,6 +73,6 @@ struct ha_cache_t { * @param count total number of segments */ ha_cache_t *ha_cache_create(ha_kernel_t *kernel, ha_socket_t *socket, - bool resync, u_int count); + ha_tunnel_t *tunnel, bool resync, u_int count); #endif /** HA_CACHE_H_ @}*/ diff --git a/src/libcharon/plugins/ha/ha_plugin.c b/src/libcharon/plugins/ha/ha_plugin.c index 9d25b0188..037b69bac 100644 --- a/src/libcharon/plugins/ha/ha_plugin.c +++ b/src/libcharon/plugins/ha/ha_plugin.c @@ -137,7 +137,8 @@ static bool initialize_plugin(private_ha_plugin_t *this) this->kernel = ha_kernel_create(count); this->segments = ha_segments_create(this->socket, this->kernel, this->tunnel, count, strcmp(local, remote) > 0, monitor); - this->cache = ha_cache_create(this->kernel, this->socket, resync, count); + this->cache = ha_cache_create(this->kernel, this->socket, this->tunnel, + resync, count); if (fifo) { this->ctl = ha_ctl_create(this->segments, this->cache); |