diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2012-05-25 15:30:32 +0200 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2012-05-30 15:32:52 +0200 |
| commit | 60c82591c528ef89d0479f2678e95dfadfa0c3eb (patch) | |
| tree | c82f6d95229d81ae3b13437db108905455b86fe4 /src | |
| parent | eac9d77059cc7e515ff57ad492dc12b4bfd945be (diff) | |
| download | strongswan-60c82591c528ef89d0479f2678e95dfadfa0c3eb.tar.bz2 strongswan-60c82591c528ef89d0479f2678e95dfadfa0c3eb.tar.xz | |
Retry IKE_SA initiation if DNS resolution failed.
This is disabled by default and can be enabled with the
charon.retry_initiate_interval option in strongswan.conf.
Diffstat (limited to 'src')
| -rw-r--r-- | src/libcharon/sa/ike_sa.c | 43 |
1 files changed, 39 insertions, 4 deletions
diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c index 3c0bff254..93a8ad850 100644 --- a/src/libcharon/sa/ike_sa.c +++ b/src/libcharon/sa/ike_sa.c @@ -33,6 +33,7 @@ #include <processing/jobs/send_dpd_job.h> #include <processing/jobs/send_keepalive_job.h> #include <processing/jobs/rekey_ike_sa_job.h> +#include <processing/jobs/retry_initiate_job.h> #include <sa/ikev2/tasks/ike_auth_lifetime.h> #ifdef ME @@ -216,6 +217,12 @@ struct private_ike_sa_t { u_int32_t keepalive_interval; /** + * interval for retries during initiation (e.g. if DNS resolution failed), + * 0 to disable (default) + */ + u_int32_t retry_initiate_interval; + + /** * Timestamps for this IKE_SA */ u_int32_t stats[STAT_MAX]; @@ -1080,6 +1087,8 @@ METHOD(ike_sa_t, initiate, status_t, private_ike_sa_t *this, child_cfg_t *child_cfg, u_int32_t reqid, traffic_selector_t *tsi, traffic_selector_t *tsr) { + bool defer_initiate = FALSE; + if (this->state == IKE_CREATED) { if (this->my_host->is_anyaddr(this->my_host) || @@ -1094,10 +1103,27 @@ METHOD(ike_sa_t, initiate, status_t, #endif /* ME */ ) { - DESTROY_IF(child_cfg); - DBG1(DBG_IKE, "unable to initiate to %%any"); - charon->bus->alert(charon->bus, ALERT_PEER_ADDR_FAILED); - return DESTROY_ME; + char *addr = this->ike_cfg->get_other_addr(this->ike_cfg); + bool is_anyaddr = streq(addr, "%any") || streq(addr, "%any6"); + + if (is_anyaddr || !this->retry_initiate_interval) + { + if (is_anyaddr) + { + DBG1(DBG_IKE, "unable to initiate to %s", addr); + } + else + { + DBG1(DBG_IKE, "unable to resolve %s, initiate aborted", + addr); + } + DESTROY_IF(child_cfg); + charon->bus->alert(charon->bus, ALERT_PEER_ADDR_FAILED); + return DESTROY_ME; + } + DBG1(DBG_IKE, "unable to resolve %s, retrying in %ds", + addr, this->retry_initiate_interval); + defer_initiate = TRUE; } set_condition(this, COND_ORIGINAL_INITIATOR, TRUE); @@ -1134,6 +1160,13 @@ METHOD(ike_sa_t, initiate, status_t, #endif /* ME */ } + if (defer_initiate) + { + job_t *job = (job_t*)retry_initiate_job_create(this->ike_sa_id); + lib->scheduler->schedule_job(lib->scheduler, (job_t*)job, + this->retry_initiate_interval); + return SUCCESS; + } return this->task_manager->initiate(this->task_manager); } @@ -2150,6 +2183,8 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id, bool initiator, .attributes = linked_list_create(), .keepalive_interval = lib->settings->get_time(lib->settings, "%s.keep_alive", KEEPALIVE_INTERVAL, charon->name), + .retry_initiate_interval = lib->settings->get_time(lib->settings, + "%s.retry_initiate_interval", 0, charon->name), .flush_auth_cfg = lib->settings->get_bool(lib->settings, "%s.flush_auth_cfg", FALSE, charon->name), ); |