Don't compare initiator flag in IKE_SA manager, pass initiator parameter to IKE_SA constructor

author: Martin Willi <martin@revosec.ch> 2011-11-21 17:18:43 +0100
committer: Martin Willi <martin@revosec.ch> 2012-03-20 17:30:47 +0100
commit: 17ec1c74de4c1ceb642e47d4767bd5b323908cfe (patch)
tree: 8e5195a27dc77679d0327128544dacbda9c0c9b2 /src
parent: 1b99befac3103fe3b9f66a63883a1ca9d2dfc840 (diff)
download: strongswan-17ec1c74de.tar.bz2
strongswan-17ec1c74de.tar.xz
5 files changed, 13 insertions, 20 deletions
diff --git a/src/libcharon/plugins/ha/ha_dispatcher.c b/src/libcharon/plugins/ha/ha_dispatcher.c
index f430fee94..71c458a89 100644
--- a/src/libcharon/plugins/ha/ha_dispatcher.c
+++ b/src/libcharon/plugins/ha/ha_dispatcher.c
@@ -89,7 +89,8 @@ static void process_ike_add(private_ha_dispatcher_t *this, ha_message_t *message
 		switch (attribute)
 		{
 			case HA_IKE_ID:
-				ike_sa = ike_sa_create(value.ike_sa_id, IKEV2);
+				ike_sa = ike_sa_create(value.ike_sa_id,
+						value.ike_sa_id->is_initiator(value.ike_sa_id), IKEV2);
 				break;
 			case HA_IKE_REKEY_ID:
 				old_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager,
diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c
index b9b2bb82e..d2dffea8b 100644
--- a/src/libcharon/sa/ike_sa.c
+++ b/src/libcharon/sa/ike_sa.c
@@ -2131,7 +2131,8 @@ METHOD(ike_sa_t, destroy, void,
 /*
  * Described in header.
  */
-ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id, ike_version_t version)
+ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id, bool initiator,
+						 ike_version_t version)
 {
 	private_ike_sa_t *this;
 	static u_int32_t unique_id = 0;
@@ -2224,7 +2225,7 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id, ike_version_t version)
 		.other_host = host_create_any(AF_INET),
 		.my_id = identification_create_from_encoding(ID_ANY, chunk_empty),
 		.other_id = identification_create_from_encoding(ID_ANY, chunk_empty),
-		.keymat = keymat_create(version, ike_sa_id->is_initiator(ike_sa_id)),
+		.keymat = keymat_create(version, initiator),
 		.state = IKE_CREATED,
 		.stats[STAT_INBOUND] = time_monotonic(NULL),
 		.stats[STAT_OUTBOUND] = time_monotonic(NULL),
diff --git a/src/libcharon/sa/ike_sa.h b/src/libcharon/sa/ike_sa.h
index 21f7c7452..2708b0be6 100644
--- a/src/libcharon/sa/ike_sa.h
+++ b/src/libcharon/sa/ike_sa.h
@@ -959,9 +959,11 @@ struct ike_sa_t {
  * Creates an ike_sa_t object with a specific ID and IKE version.
  *
  * @param ike_sa_id		ike_sa_id_t to associate with new IKE_SA/ISAKMP_SA
+ * @param initiator		TRUE to create this IKE_SA as initiator
  * @param version		IKE version of this SA
  * @return				ike_sa_t object
  */
-ike_sa_t *ike_sa_create(ike_sa_id_t *ike_sa_id, ike_version_t version);
+ike_sa_t *ike_sa_create(ike_sa_id_t *ike_sa_id, bool initiator,
+						ike_version_t version);
 
 #endif /** IKE_SA_H_ @}*/
diff --git a/src/libcharon/sa/ike_sa_id.c b/src/libcharon/sa/ike_sa_id.c
index bea4c2124..fb73bdd81 100644
--- a/src/libcharon/sa/ike_sa_id.c
+++ b/src/libcharon/sa/ike_sa_id.c
@@ -77,18 +77,8 @@ METHOD(ike_sa_id_t, equals, bool,
 	{
 		return FALSE;
 	}
-	if ((this->is_initiator_flag == other->is_initiator_flag) &&
-		(this->initiator_spi == other->initiator_spi) &&
-		(this->responder_spi == other->responder_spi))
-	{
-		/* private_ike_sa_id's are equal */
-		return TRUE;
-	}
-	else
-	{
-		/* private_ike_sa_id's are not equal */
-		return FALSE;
-	}
+	return this->initiator_spi == other->initiator_spi &&
+		   this->responder_spi == other->responder_spi;
 }
 
 METHOD(ike_sa_id_t, replace_values, void,
diff --git a/src/libcharon/sa/ike_sa_manager.c b/src/libcharon/sa/ike_sa_manager.c
index 556459064..ffbc2ec3b 100644
--- a/src/libcharon/sa/ike_sa_manager.c
+++ b/src/libcharon/sa/ike_sa_manager.c
@@ -163,7 +163,6 @@ static entry_t *entry_create()
 static bool entry_match_by_hash(entry_t *entry, ike_sa_id_t *id, chunk_t *hash)
 {
 	return id->get_responder_spi(id) == 0 &&
-		id->is_initiator(id) == entry->ike_sa_id->is_initiator(entry->ike_sa_id) &&
 		id->get_initiator_spi(id) == entry->ike_sa_id->get_initiator_spi(entry->ike_sa_id) &&
 		chunk_equals(*hash, entry->init_hash);
 }
@@ -179,7 +178,6 @@ static bool entry_match_by_id(entry_t *entry, ike_sa_id_t *id)
 	}
 	if ((id->get_responder_spi(id) == 0 ||
 		 entry->ike_sa_id->get_responder_spi(entry->ike_sa_id) == 0) &&
-		id->is_initiator(id) == entry->ike_sa_id->is_initiator(entry->ike_sa_id) &&
 		id->get_initiator_spi(id) == entry->ike_sa_id->get_initiator_spi(entry->ike_sa_id))
 	{
 		/* this is TRUE for IKE_SAs that we initiated but have not yet received a response */
@@ -954,7 +952,7 @@ METHOD(ike_sa_manager_t, checkout_new, ike_sa_t*,
 	{
 		ike_sa_id = ike_sa_id_create(0, get_spi(this), FALSE);
 	}
-	ike_sa = ike_sa_create(ike_sa_id, version);
+	ike_sa = ike_sa_create(ike_sa_id, initiator, version);
 	ike_sa_id->destroy(ike_sa_id);
 
 	DBG2(DBG_MGR, "created IKE_SA %s[%u]", ike_sa->get_name(ike_sa),
@@ -1036,7 +1034,8 @@ METHOD(ike_sa_manager_t, checkout_by_message, ike_sa_t*,
 			/* no IKE_SA found, create a new one */
 			id->set_responder_spi(id, get_spi(this));
 			entry = entry_create();
-			entry->ike_sa = ike_sa_create(id, ike_version);
+			/* a new SA checked out by message is a responder SA */
+			entry->ike_sa = ike_sa_create(id, FALSE, ike_version);
 			entry->ike_sa_id = id->clone(id);
 
 			segment = put_entry(this, entry);
author	Martin Willi <martin@revosec.ch>	2011-11-21 17:18:43 +0100
committer	Martin Willi <martin@revosec.ch>	2012-03-20 17:30:47 +0100
commit	17ec1c74de4c1ceb642e47d4767bd5b323908cfe (patch)
tree	8e5195a27dc77679d0327128544dacbda9c0c9b2 /src
parent	1b99befac3103fe3b9f66a63883a1ca9d2dfc840 (diff)
download	strongswan-17ec1c74de.tar.bz2 strongswan-17ec1c74de.tar.xz