diff options
| -rw-r--r-- | src/libcharon/plugins/ha/ha_dispatcher.c | 10 | ||||
| -rw-r--r-- | src/libcharon/sa/ike_sa.c | 16 | ||||
| -rw-r--r-- | src/libcharon/sa/ike_sa.h | 12 | ||||
| -rw-r--r-- | src/libcharon/sa/ikev2/tasks/ike_rekey.c | 14 |
4 files changed, 30 insertions, 22 deletions
diff --git a/src/libcharon/plugins/ha/ha_dispatcher.c b/src/libcharon/plugins/ha/ha_dispatcher.c index 1ce9d3a16..6ff24c334 100644 --- a/src/libcharon/plugins/ha/ha_dispatcher.c +++ b/src/libcharon/plugins/ha/ha_dispatcher.c @@ -245,13 +245,8 @@ static void process_ike_add(private_ha_dispatcher_t *this, ha_message_t *message { if (old_sa) { - peer_cfg_t *peer_cfg = old_sa->get_peer_cfg(old_sa); - - if (peer_cfg) - { - ike_sa->set_peer_cfg(ike_sa, peer_cfg); - ike_sa->inherit(ike_sa, old_sa); - } + ike_sa->inherit_pre(ike_sa, old_sa); + ike_sa->inherit_post(ike_sa, old_sa); charon->ike_sa_manager->checkin_and_destroy( charon->ike_sa_manager, old_sa); old_sa = NULL; @@ -1077,4 +1072,3 @@ ha_dispatcher_t *ha_dispatcher_create(ha_socket_t *socket, return &this->public; } - diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c index 2c15dc5eb..4b4c1ceb9 100644 --- a/src/libcharon/sa/ike_sa.c +++ b/src/libcharon/sa/ike_sa.c @@ -2019,7 +2019,18 @@ METHOD(ike_sa_t, queue_task, void, this->task_manager->queue_task(this->task_manager, task); } -METHOD(ike_sa_t, inherit, void, +METHOD(ike_sa_t, inherit_pre, void, + private_ike_sa_t *this, ike_sa_t *other_public) +{ + private_ike_sa_t *other = (private_ike_sa_t*)other_public; + + /* apply config and hosts */ + set_peer_cfg(this, other->peer_cfg); + set_my_host(this, other->my_host->clone(other->my_host)); + set_other_host(this, other->other_host->clone(other->other_host)); +} + +METHOD(ike_sa_t, inherit_post, void, private_ike_sa_t *this, ike_sa_t *other_public) { private_ike_sa_t *other = (private_ike_sa_t*)other_public; @@ -2288,7 +2299,8 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id, bool initiator, .reestablish = _reestablish, .set_auth_lifetime = _set_auth_lifetime, .roam = _roam, - .inherit = _inherit, + .inherit_pre = _inherit_pre, + .inherit_post = _inherit_post, .generate_message = _generate_message, .reset = _reset, .get_unique_id = _get_unique_id, diff --git a/src/libcharon/sa/ike_sa.h b/src/libcharon/sa/ike_sa.h index 00c16c05e..d162539db 100644 --- a/src/libcharon/sa/ike_sa.h +++ b/src/libcharon/sa/ike_sa.h @@ -1020,6 +1020,16 @@ struct ike_sa_t { void (*queue_task)(ike_sa_t *this, task_t *task); /** + * Inherit required attributes to new SA before rekeying. + * + * Some properties of the SA must be applied before starting IKE_SA + * rekeying, such as the configuration or support extensions. + * + * @param other other IKE_SA to inherit from + */ + void (*inherit_pre)(ike_sa_t *this, ike_sa_t *other); + + /** * Inherit all attributes of other to this after rekeying. * * When rekeying is completed, all CHILD_SAs, the virtual IP and all @@ -1027,7 +1037,7 @@ struct ike_sa_t { * * @param other other IKE SA to inherit from */ - void (*inherit) (ike_sa_t *this, ike_sa_t *other); + void (*inherit_post) (ike_sa_t *this, ike_sa_t *other); /** * Reset the IKE_SA, useable when initiating fails diff --git a/src/libcharon/sa/ikev2/tasks/ike_rekey.c b/src/libcharon/sa/ikev2/tasks/ike_rekey.c index c3c6cf00e..444ac6ade 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_rekey.c +++ b/src/libcharon/sa/ikev2/tasks/ike_rekey.c @@ -83,7 +83,7 @@ static void establish_new(private_ike_rekey_t *this) this->ike_sa->get_other_host(this->ike_sa), this->ike_sa->get_other_id(this->ike_sa)); - this->new_sa->inherit(this->new_sa, this->ike_sa); + this->new_sa->inherit_post(this->new_sa, this->ike_sa); charon->bus->ike_rekey(charon->bus, this->ike_sa, this->new_sa); charon->ike_sa_manager->checkin(charon->ike_sa_manager, this->new_sa); this->new_sa = NULL; @@ -124,8 +124,6 @@ METHOD(task_t, build_i, status_t, private_ike_rekey_t *this, message_t *message) { ike_version_t version; - peer_cfg_t *peer_cfg; - host_t *other_host; /* create new SA only on first try */ if (this->new_sa == NULL) @@ -137,10 +135,7 @@ METHOD(task_t, build_i, status_t, { /* shouldn't happen */ return FAILED; } - peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa); - other_host = this->ike_sa->get_other_host(this->ike_sa); - this->new_sa->set_peer_cfg(this->new_sa, peer_cfg); - this->new_sa->set_other_host(this->new_sa, other_host->clone(other_host)); + this->new_sa->inherit_pre(this->new_sa, this->ike_sa); this->ike_init = ike_init_create(this->new_sa, TRUE, this->ike_sa); this->ike_sa->set_state(this->ike_sa, IKE_REKEYING); } @@ -153,7 +148,6 @@ METHOD(task_t, process_r, status_t, private_ike_rekey_t *this, message_t *message) { enumerator_t *enumerator; - peer_cfg_t *peer_cfg; child_sa_t *child_sa; if (this->ike_sa->get_state(this->ike_sa) == IKE_DELETING) @@ -186,9 +180,7 @@ METHOD(task_t, process_r, status_t, { /* shouldn't happen */ return FAILED; } - - peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa); - this->new_sa->set_peer_cfg(this->new_sa, peer_cfg); + this->new_sa->inherit_pre(this->new_sa, this->ike_sa); this->ike_init = ike_init_create(this->new_sa, FALSE, this->ike_sa); this->ike_init->task.process(&this->ike_init->task, message); |