added a PASSIVE IKE_SA state to manage it externally

author: Martin Willi <martin@strongswan.org> 2008-11-28 10:49:14 +0000
committer: Martin Willi <martin@strongswan.org> 2008-11-28 10:49:14 +0000
commit: c610f424306ff261b6d5d438f8009f05c6cfa3d9 (patch)
tree: 2bc0c398954efbaeafa43872f7fe622430f33a1c /src
parent: ddef45521943034c9c43fe3c39fc3e3fa74e3bf0 (diff)
download: strongswan-c610f424306ff261b6d5d438f8009f05c6cfa3d9.tar.bz2
strongswan-c610f424306ff261b6d5d438f8009f05c6cfa3d9.tar.xz
2 files changed, 25 insertions, 4 deletions
diff --git a/src/charon/sa/ike_sa.c b/src/charon/sa/ike_sa.c
index cc74a953a..ea25dea99 100644
--- a/src/charon/sa/ike_sa.c
+++ b/src/charon/sa/ike_sa.c
@@ -66,6 +66,7 @@ ENUM(ike_sa_state_names, IKE_CREATED, IKE_DESTROYING,
 	"CREATED",
 	"CONNECTING",
 	"ESTABLISHED",
+	"PASSIVE",
 	"REKEYING",
 	"DELETING",
 	"DESTROYING",
@@ -1214,11 +1215,17 @@ static status_t acquire(private_ike_sa_t *this, u_int32_t reqid)
 	iterator_t *iterator;
 	child_sa_t *current, *child_sa = NULL;
 	
-	if (this->state == IKE_DELETING)
+	switch (this->state)
 	{
-		DBG1(DBG_IKE, "acquiring CHILD_SA {reqid %d} failed: "
-			 "IKE_SA is deleting", reqid);
-		return FAILED;
+		case IKE_DELETING:
+			DBG1(DBG_IKE, "acquiring CHILD_SA {reqid %d} failed: "
+				 "IKE_SA is deleting", reqid);
+			return FAILED;
+		case IKE_PASSIVE:
+			/* do not process acquires if passive */
+			return FAILED;
+		default:
+			break;
 	}
 	
 	/* find CHILD_SA */
@@ -1280,6 +1287,7 @@ static status_t route(private_ike_sa_t *this, child_cfg_t *child_cfg)
 		case IKE_CREATED:
 		case IKE_CONNECTING:
 		case IKE_ESTABLISHED:
+		case IKE_PASSIVE:
 		default:
 			break;
 	}
@@ -1368,6 +1376,11 @@ static status_t process_message(private_ike_sa_t *this, message_t *message)
 	status_t status;
 	bool is_request;
 	
+	if (this->state == IKE_PASSIVE)
+	{	/* do not handle messages in passive state */
+		return FAILED;
+	}
+	
 	is_request = message->get_request(message);
 	
 	status = message->parse_body(message,
@@ -1685,6 +1698,8 @@ static status_t delete_(private_ike_sa_t *this)
 		case IKE_CREATED:
 			DBG1(DBG_IKE, "deleting unestablished IKE_SA");
 			break;
+		case IKE_PASSIVE:
+			break;
 		default:
 			DBG1(DBG_IKE, "destroying IKE_SA in state %N "
 				"without notification", ike_sa_state_names, this->state);
@@ -1958,6 +1973,7 @@ static status_t roam(private_ike_sa_t *this, bool address)
 	{
 		case IKE_CREATED:
 		case IKE_DELETING:
+		case IKE_PASSIVE:
 			return SUCCESS;
 		default:
 			break;
diff --git a/src/charon/sa/ike_sa.h b/src/charon/sa/ike_sa.h
index 634e78a31..c792ed2e1 100644
--- a/src/charon/sa/ike_sa.h
+++ b/src/charon/sa/ike_sa.h
@@ -200,6 +200,11 @@ enum ike_sa_state_t {
 	IKE_ESTABLISHED,
 	
 	/**
+	 * IKE_SA is managed externally and does not process messages
+	 */
+	IKE_PASSIVE,
+	
+	/**
 	 * IKE_SA rekeying in progress
 	 */
 	IKE_REKEYING,
author	Martin Willi <martin@strongswan.org>	2008-11-28 10:49:14 +0000
committer	Martin Willi <martin@strongswan.org>	2008-11-28 10:49:14 +0000
commit	c610f424306ff261b6d5d438f8009f05c6cfa3d9 (patch)
tree	2bc0c398954efbaeafa43872f7fe622430f33a1c /src
parent	ddef45521943034c9c43fe3c39fc3e3fa74e3bf0 (diff)
download	strongswan-c610f424306ff261b6d5d438f8009f05c6cfa3d9.tar.bz2 strongswan-c610f424306ff261b6d5d438f8009f05c6cfa3d9.tar.xz