diff options
| author | Martin Willi <martin@strongswan.org> | 2008-06-30 08:45:11 +0000 |
|---|---|---|
| committer | Martin Willi <martin@strongswan.org> | 2008-06-30 08:45:11 +0000 |
| commit | aafe8ced3959e813c8a98bed6648fae51e81d18d (patch) | |
| tree | 0f1d29f297ce511eb5e56fd74658fc68a58af2ed /src | |
| parent | 9d1f86cf1abe8dc69fa9df8a954e2b9c5481893c (diff) | |
| download | strongswan-aafe8ced3959e813c8a98bed6648fae51e81d18d.tar.bz2 strongswan-aafe8ced3959e813c8a98bed6648fae51e81d18d.tar.xz | |
added strongswan.conf option charon.reuse_iksa=no to create each CHILD_SA in a new IKE_SA
Diffstat (limited to 'src')
| -rw-r--r-- | src/charon/control/controller.c | 50 |
1 files changed, 42 insertions, 8 deletions
diff --git a/src/charon/control/controller.c b/src/charon/control/controller.c index 3410384b4..7c0d6cace 100644 --- a/src/charon/control/controller.c +++ b/src/charon/control/controller.c @@ -38,6 +38,11 @@ struct private_controller_t { * Public part of stroke_t object. */ controller_t public; + + /** + * should we reuse established IKE_SAs when setting up CHILD_SAs? + */ + bool reuse_ikesa; }; @@ -103,6 +108,11 @@ struct interface_job_t { * associated listener */ interface_bus_listener_t listener; + + /** + * back reference to controller + */ + private_controller_t *controller; }; /** @@ -150,8 +160,16 @@ static status_t initiate_execute(interface_job_t *job) interface_bus_listener_t *listener = &job->listener; peer_cfg_t *peer_cfg = listener->peer_cfg; - ike_sa = charon->ike_sa_manager->checkout_by_config(charon->ike_sa_manager, - peer_cfg); + if (job->controller->reuse_ikesa) + { + ike_sa = charon->ike_sa_manager->checkout_by_config( + charon->ike_sa_manager, peer_cfg); + } + else + { + ike_sa = charon->ike_sa_manager->checkout_new( + charon->ike_sa_manager, TRUE); + } listener->ike_sa = ike_sa; if (ike_sa->get_peer_cfg(ike_sa) == NULL) @@ -184,6 +202,7 @@ static status_t initiate(private_controller_t *this, job.listener.status = FAILED; job.listener.child_cfg = child_cfg; job.listener.peer_cfg = peer_cfg; + job.controller = this; job.public.execute = (void*)initiate_execute; job.public.destroy = nop; @@ -251,7 +270,7 @@ static status_t terminate_ike_execute(interface_job_t *job) /** * Implementation of controller_t.terminate_ike. */ -static status_t terminate_ike(controller_t *this, u_int32_t unique_id, +static status_t terminate_ike(private_controller_t *this, u_int32_t unique_id, controller_cb_t callback, void *param) { interface_job_t job; @@ -262,6 +281,7 @@ static status_t terminate_ike(controller_t *this, u_int32_t unique_id, job.listener.param = param; job.listener.status = FAILED; job.listener.id = unique_id; + job.controller = this; job.public.execute = (void*)terminate_ike_execute; job.public.destroy = nop; @@ -353,7 +373,7 @@ static status_t terminate_child_execute(interface_job_t *job) /** * Implementation of controller_t.terminate_child. */ -static status_t terminate_child(controller_t *this, u_int32_t reqid, +static status_t terminate_child(private_controller_t *this, u_int32_t reqid, controller_cb_t callback, void *param) { interface_job_t job; @@ -364,6 +384,7 @@ static status_t terminate_child(controller_t *this, u_int32_t reqid, job.listener.param = param; job.listener.status = FAILED; job.listener.id = reqid; + job.controller = this; job.public.execute = (void*)terminate_child_execute; job.public.destroy = nop; @@ -410,8 +431,17 @@ static status_t route_execute(interface_job_t *job) ike_sa_t *ike_sa; interface_bus_listener_t *listener = &job->listener; peer_cfg_t *peer_cfg = listener->peer_cfg; - ike_sa = charon->ike_sa_manager->checkout_by_config(charon->ike_sa_manager, - peer_cfg); + + if (job->controller->reuse_ikesa) + { + ike_sa = charon->ike_sa_manager->checkout_by_config( + charon->ike_sa_manager, peer_cfg); + } + else + { + ike_sa = charon->ike_sa_manager->checkout_new( + charon->ike_sa_manager, TRUE); + } listener->ike_sa = ike_sa; if (ike_sa->get_peer_cfg(ike_sa) == NULL) @@ -429,7 +459,7 @@ static status_t route_execute(interface_job_t *job) /** * Implementation of controller_t.route. */ -static status_t route(controller_t *this, +static status_t route(private_controller_t *this, peer_cfg_t *peer_cfg, child_cfg_t *child_cfg, controller_cb_t callback, void *param) { @@ -442,6 +472,7 @@ static status_t route(controller_t *this, job.listener.status = FAILED; job.listener.peer_cfg = peer_cfg; job.listener.child_cfg = child_cfg; + job.controller = this; job.public.execute = (void*)route_execute; job.public.destroy = nop; @@ -507,7 +538,7 @@ static status_t unroute_execute(interface_job_t *job) /** * Implementation of controller_t.unroute. */ -static status_t unroute(controller_t *this, u_int32_t reqid, +static status_t unroute(private_controller_t *this, u_int32_t reqid, controller_cb_t callback, void *param) { interface_job_t job; @@ -518,6 +549,7 @@ static status_t unroute(controller_t *this, u_int32_t reqid, job.listener.param = param; job.listener.status = FAILED; job.listener.id = reqid; + job.controller = this; job.public.execute = (void*)unroute_execute; job.public.destroy = nop; @@ -561,6 +593,8 @@ controller_t *controller_create(void) this->public.unroute = (status_t(*)(controller_t*,u_int32_t,controller_cb_t,void*))unroute; this->public.destroy = (void (*)(controller_t*))destroy; + this->reuse_ikesa = lib->settings->get_bool(lib->settings, + "charon.reuse_ikesa", TRUE); return &this->public; } |