diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2012-03-02 19:17:13 +0100 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2012-03-20 17:31:40 +0100 |
| commit | 8254e7ecb8aff19b1b32fb34723be6c31e0b2f9f (patch) | |
| tree | e7716cb2fa48743851fe909298080691015442c0 /src | |
| parent | a7d3b0e098821fef21006bad9bb1321ada9aaef9 (diff) | |
| download | strongswan-8254e7ecb8aff19b1b32fb34723be6c31e0b2f9f.tar.bz2 strongswan-8254e7ecb8aff19b1b32fb34723be6c31e0b2f9f.tar.xz | |
Implemented handling of UNITY_LOAD_BALANCE as reauthentication.
Diffstat (limited to 'src')
| -rwxr-xr-x | src/libcharon/sa/ikev1/task_manager_v1.c | 17 | ||||
| -rwxr-xr-x | src/libcharon/sa/ikev1/tasks/informational.c | 14 |
2 files changed, 28 insertions, 3 deletions
diff --git a/src/libcharon/sa/ikev1/task_manager_v1.c b/src/libcharon/sa/ikev1/task_manager_v1.c index 1c9b43aee..b58e5015d 100755 --- a/src/libcharon/sa/ikev1/task_manager_v1.c +++ b/src/libcharon/sa/ikev1/task_manager_v1.c @@ -1255,6 +1255,23 @@ METHOD(task_manager_t, queue_ike_reauth, void, } enumerator->destroy(enumerator); + if (!new->get_child_count(new)) + { /* check if a Quick Mode task is queued (UNITY_LOAD_BALANCE case) */ + task_t *task; + + enumerator = this->queued_tasks->create_enumerator(this->queued_tasks); + while (enumerator->enumerate(enumerator, &task)) + { + if (task->get_type(task) == TASK_QUICK_MODE) + { + this->queued_tasks->remove_at(this->queued_tasks, enumerator); + task->migrate(task, new); + new->queue_task(new, task); + } + } + enumerator->destroy(enumerator); + } + if (new->initiate(new, NULL, 0, NULL, NULL) != DESTROY_ME) { charon->ike_sa_manager->checkin(charon->ike_sa_manager, new); diff --git a/src/libcharon/sa/ikev1/tasks/informational.c b/src/libcharon/sa/ikev1/tasks/informational.c index a521aeea6..266d47fa9 100755 --- a/src/libcharon/sa/ikev1/tasks/informational.c +++ b/src/libcharon/sa/ikev1/tasks/informational.c @@ -83,15 +83,23 @@ METHOD(task_t, process_r, status_t, } else if (type == UNITY_LOAD_BALANCE) { - host_t *redirect; + host_t *redirect, *me; chunk_t data; data = notify->get_notification_data(notify); - redirect = host_create_from_chunk(AF_INET, data, 0); + redirect = host_create_from_chunk(AF_INET, data, + IKEV2_UDP_PORT); if (redirect) - { + { /* treat the redirect as reauthentication */ DBG1(DBG_IKE, "received %N notify. redirected to %H", notify_type_names, type, redirect); + /* Cisco boxes reject the first message from 4500 */ + me = this->ike_sa->get_my_host(this->ike_sa); + me->set_port(me, IKEV2_UDP_PORT); + this->ike_sa->set_other_host(this->ike_sa, redirect); + this->ike_sa->reauth(this->ike_sa); + enumerator->destroy(enumerator); + return DESTROY_ME; } else { |