diff options
| -rw-r--r-- | src/charon/queues/jobs/process_message_job.c | 6 | ||||
| -rw-r--r-- | src/charon/sa/ike_sa_manager.c | 49 |
2 files changed, 28 insertions, 27 deletions
diff --git a/src/charon/queues/jobs/process_message_job.c b/src/charon/queues/jobs/process_message_job.c index 6541a1e48..ee7484bbd 100644 --- a/src/charon/queues/jobs/process_message_job.c +++ b/src/charon/queues/jobs/process_message_job.c @@ -75,12 +75,6 @@ static status_t execute(private_process_message_job_t *this) charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa); } } - else - { - DBG1(DBG_NET, "unable to handle message from %#H for IKE_SA: %J", - this->message->get_source(this->message), - this->message->get_ike_sa_id(this->message)); - } return DESTROY_ME; } diff --git a/src/charon/sa/ike_sa_manager.c b/src/charon/sa/ike_sa_manager.c index bbd733565..791ef805e 100644 --- a/src/charon/sa/ike_sa_manager.c +++ b/src/charon/sa/ike_sa_manager.c @@ -387,7 +387,6 @@ static ike_sa_t* checkout_by_message(private_ike_sa_manager_t* this, /* IKE_SA_INIT request. Check for an IKE_SA with such a message hash. */ iterator_t *iterator; chunk_t data, hash; - bool occupied = FALSE; data = message->get_packet_data(message); this->hasher->allocate_hash(this->hasher, data, &hash); @@ -401,7 +400,12 @@ static ike_sa_t* checkout_by_message(private_ike_sa_manager_t* this, { if (entry->message_id == 0) { - occupied = TRUE; + iterator->destroy(iterator); + pthread_mutex_unlock(&this->mutex); + chunk_free(&hash); + id->destroy(id); + DBG1(DBG_MGR, "ignoring IKE_SA_INIT, already processing"); + return NULL; } else if (wait_for_entry(this, entry)) { @@ -415,26 +419,28 @@ static ike_sa_t* checkout_by_message(private_ike_sa_manager_t* this, } iterator->destroy(iterator); pthread_mutex_unlock(&this->mutex); - if (occupied) - { - /* already processing this message ID, discard */ - chunk_free(&hash); - id->destroy(id); - return NULL; - } + if (ike_sa == NULL) { - /* no IKE_SA found, create a new one */ - id->set_responder_spi(id, get_next_spi(this)); - entry = entry_create(id); - - pthread_mutex_lock(&this->mutex); - this->ike_sa_list->insert_last(this->ike_sa_list, entry); - entry->checked_out = TRUE; - entry->message_id = message->get_message_id(message); - pthread_mutex_unlock(&this->mutex); - entry->init_hash = hash; - ike_sa = entry->ike_sa; + if (id->get_responder_spi(id) == 0 && + message->get_exchange_type(message) == IKE_SA_INIT) + { + /* no IKE_SA found, create a new one */ + id->set_responder_spi(id, get_next_spi(this)); + entry = entry_create(id); + + pthread_mutex_lock(&this->mutex); + this->ike_sa_list->insert_last(this->ike_sa_list, entry); + entry->checked_out = TRUE; + entry->message_id = message->get_message_id(message); + pthread_mutex_unlock(&this->mutex); + entry->init_hash = hash; + ike_sa = entry->ike_sa; + } + else + { + DBG1(DBG_MGR, "ignoring message for %J, no such IKE_SA", id); + } } else { @@ -452,7 +458,8 @@ static ike_sa_t* checkout_by_message(private_ike_sa_manager_t* this, if (message->get_request(message) && message->get_message_id(message) == entry->message_id) { - DBG2(DBG_MGR, "not checking out, message already processing"); + DBG1(DBG_MGR, "ignoring request with ID %d, already processing", + entry->message_id); } else if (wait_for_entry(this, entry)) { |