diff options
| author | Martin Willi <martin@revosec.ch> | 2011-12-15 11:01:06 +0100 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2012-03-20 17:31:23 +0100 |
| commit | b24b73b7f33483185a514fe1ebd049369e55e44b (patch) | |
| tree | 05d3bc24bc7ad1d5e156b2c242a8123a1386372e /src | |
| parent | 4ac137135a53b9b924a55a261886d28cb2577b05 (diff) | |
| download | strongswan-b24b73b7f33483185a514fe1ebd049369e55e44b.tar.bz2 strongswan-b24b73b7f33483185a514fe1ebd049369e55e44b.tar.xz | |
Flush auth configs, if enabled, for both IKEv1 and IKEv2
Diffstat (limited to 'src')
| -rw-r--r-- | src/libcharon/sa/ike_sa.c | 20 |
1 files changed, 15 insertions, 5 deletions
diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c index 7b4d16c70..223901cad 100644 --- a/src/libcharon/sa/ike_sa.c +++ b/src/libcharon/sa/ike_sa.c @@ -257,6 +257,11 @@ struct private_ike_sa_t { * remote host address to be used for IKE, set via MIGRATE kernel message */ host_t *remote_host; + + /** + * Flush auth configs once established? + */ + bool flush_auth_cfg; }; /** @@ -420,6 +425,9 @@ static void flush_auth_cfgs(private_ike_sa_t *this) { auth_cfg_t *cfg; + this->my_auth->purge(this->my_auth, FALSE); + this->other_auth->purge(this->other_auth, FALSE); + while (this->my_auths->remove_last(this->my_auths, (void**)&cfg) == SUCCESS) { @@ -1203,16 +1211,16 @@ METHOD(ike_sa_t, process_message, status_t, private_ike_sa_t *this, message_t *message) { status_t status; + if (this->state == IKE_PASSIVE) { /* do not handle messages in passive state */ return FAILED; } status = this->task_manager->process_message(this->task_manager, message); - if (message->get_exchange_type(message) == IKE_AUTH && - this->state == IKE_ESTABLISHED && - lib->settings->get_bool(lib->settings, - "charon.flush_auth_cfg", FALSE)) - { /* authentication completed */ + if (this->flush_auth_cfg && this->state == IKE_ESTABLISHED) + { + /* authentication completed */ + this->flush_auth_cfg = FALSE; flush_auth_cfgs(this); } return status; @@ -2137,6 +2145,8 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id, bool initiator, .attributes = linked_list_create(), .keepalive_interval = lib->settings->get_time(lib->settings, "charon.keep_alive", KEEPALIVE_INTERVAL), + .flush_auth_cfg = lib->settings->get_bool(lib->settings, + "charon.flush_auth_cfg", FALSE), ); this->task_manager = task_manager_create(&this->public); |