diff options
| author | Martin Willi <martin@revosec.ch> | 2012-11-06 11:19:52 +0100 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2012-12-19 10:40:32 +0100 |
| commit | c794455666de13ee5bb679e23336f5ac7395a8eb (patch) | |
| tree | 9d4d239d1d83780714d894a60b0d188c92dedb60 /src | |
| parent | 5dd9c3087f3d1af5e05b372783e102daf04854d5 (diff) | |
| download | strongswan-c794455666de13ee5bb679e23336f5ac7395a8eb.tar.bz2 strongswan-c794455666de13ee5bb679e23336f5ac7395a8eb.tar.xz | |
Raise alerts when enforcing IKE_SA unique policy
Diffstat (limited to 'src')
| -rw-r--r-- | src/libcharon/bus/bus.h | 4 | ||||
| -rw-r--r-- | src/libcharon/plugins/duplicheck/duplicheck_listener.c | 1 | ||||
| -rw-r--r-- | src/libcharon/sa/ike_sa_manager.c | 1 | ||||
| -rw-r--r-- | src/libcharon/sa/ikev2/tasks/ike_auth.c | 1 |
4 files changed, 7 insertions, 0 deletions
diff --git a/src/libcharon/bus/bus.h b/src/libcharon/bus/bus.h index 4cb4ba343..4b6d3ec8b 100644 --- a/src/libcharon/bus/bus.h +++ b/src/libcharon/bus/bus.h @@ -111,6 +111,10 @@ enum alert_t { ALERT_PROPOSAL_MISMATCH_IKE, /** CHILD proposals do not match, argument is linked_list_t of proposal_t */ ALERT_PROPOSAL_MISMATCH_CHILD, + /** IKE_SA deleted because of "replace" unique policy, no argument */ + ALERT_UNIQUE_REPLACE, + /** IKE_SA deleted because of "keep" unique policy, no arguement */ + ALERT_UNIQUE_KEEP, }; /** diff --git a/src/libcharon/plugins/duplicheck/duplicheck_listener.c b/src/libcharon/plugins/duplicheck/duplicheck_listener.c index 7c6c13786..1b0df1e8b 100644 --- a/src/libcharon/plugins/duplicheck/duplicheck_listener.c +++ b/src/libcharon/plugins/duplicheck/duplicheck_listener.c @@ -191,6 +191,7 @@ METHOD(listener_t, message_hook, bool, { DBG1(DBG_CFG, "got a response on a duplicate IKE_SA for '%Y', " "deleting new IKE_SA", id); + charon->bus->alert(charon->bus, ALERT_UNIQUE_KEEP); entry_destroy(entry); this->mutex->lock(this->mutex); entry = this->active->remove(this->active, id); diff --git a/src/libcharon/sa/ike_sa_manager.c b/src/libcharon/sa/ike_sa_manager.c index 5c126362b..031c632eb 100644 --- a/src/libcharon/sa/ike_sa_manager.c +++ b/src/libcharon/sa/ike_sa_manager.c @@ -1769,6 +1769,7 @@ METHOD(ike_sa_manager_t, check_uniqueness, bool, switch (policy) { case UNIQUE_REPLACE: + charon->bus->alert(charon->bus, ALERT_UNIQUE_REPLACE); DBG1(DBG_IKE, "deleting duplicate IKE_SA for peer " "'%Y' due to uniqueness policy", other); status = duplicate->delete(duplicate); diff --git a/src/libcharon/sa/ikev2/tasks/ike_auth.c b/src/libcharon/sa/ikev2/tasks/ike_auth.c index 432edc3bc..70efcd7af 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_auth.c +++ b/src/libcharon/sa/ikev2/tasks/ike_auth.c @@ -807,6 +807,7 @@ METHOD(task_t, build_r, status_t, this->ike_sa, FALSE)) { DBG1(DBG_IKE, "cancelling IKE_SA setup due to uniqueness policy"); + charon->bus->alert(charon->bus, ALERT_UNIQUE_KEEP); message->add_notify(message, TRUE, AUTHENTICATION_FAILED, chunk_empty); return FAILED; |