diff options
Diffstat (limited to 'Source/charon/sa/states')
| -rw-r--r-- | Source/charon/sa/states/ike_auth_requested.c | 18 | ||||
| -rw-r--r-- | Source/charon/sa/states/ike_sa_init_requested.c | 46 | ||||
| -rw-r--r-- | Source/charon/sa/states/ike_sa_init_responded.c | 42 | ||||
| -rw-r--r-- | Source/charon/sa/states/initiator_init.c | 57 | ||||
| -rw-r--r-- | Source/charon/sa/states/initiator_init.h | 8 | ||||
| -rw-r--r-- | Source/charon/sa/states/responder_init.c | 21 | ||||
| -rw-r--r-- | Source/charon/sa/states/responder_init.h | 2 |
7 files changed, 99 insertions, 95 deletions
diff --git a/Source/charon/sa/states/ike_auth_requested.c b/Source/charon/sa/states/ike_auth_requested.c index ed5360dfe..c80b7f72a 100644 --- a/Source/charon/sa/states/ike_auth_requested.c +++ b/Source/charon/sa/states/ike_auth_requested.c @@ -55,7 +55,7 @@ struct private_ike_auth_requested_t { /** * SA config, just a copy of the one stored in the ike_sa. */ - sa_config_t *sa_config; + policy_t *policy; /** * Received nonce from responder. @@ -185,6 +185,7 @@ static status_t process_message(private_ike_auth_requested_t *this, message_t *i host_t *my_host, *other_host; chunk_t seed; prf_plus_t *prf_plus; + connection_t *connection; if (ike_auth_reply->get_exchange_type(ike_auth_reply) != IKE_AUTH) { @@ -211,7 +212,7 @@ static status_t process_message(private_ike_auth_requested_t *this, message_t *i return status; } - this->sa_config = this->ike_sa->get_sa_config(this->ike_sa); + this->policy = this->ike_sa->get_policy(this->ike_sa); /* we collect all payloads, which are processed later. Notify's are processed * in place, since we don't know how may are there. @@ -352,8 +353,9 @@ static status_t process_message(private_ike_auth_requested_t *this, message_t *i this->ike_sa->set_last_replied_message_id(this->ike_sa,ike_auth_reply->get_message_id(ike_auth_reply)); /* create new state */ - my_host = this->ike_sa->get_my_host(this->ike_sa); - other_host = this->ike_sa->get_other_host(this->ike_sa); + connection = this->ike_sa->get_connection(this->ike_sa); + my_host = connection->get_my_host(connection); + other_host = connection->get_other_host(connection); this->logger->log(this->logger, AUDIT, "IKE_SA established between %s - %s, authenticated peer with %s", my_host->get_address(my_host), other_host->get_address(other_host), mapping_find(auth_method_m, auth_payload->get_auth_method(auth_payload))); @@ -372,7 +374,7 @@ static status_t process_idr_payload(private_ike_auth_requested_t *this, id_paylo other_id = idr_payload->get_identification(idr_payload); - configured_other_id = this->sa_config->get_other_id(this->sa_config); + configured_other_id = this->policy->get_other_id(this->policy); if (configured_other_id) { this->logger->log(this->logger, CONTROL|LEVEL1, "configured ID: %s, ID of responder: %s", @@ -424,7 +426,7 @@ static status_t process_sa_payload(private_ike_auth_requested_t *this, sa_payloa } /* we have to re-check here if other's selection is valid */ - proposal = this->sa_config->select_proposal(this->sa_config, proposal_list); + proposal = this->policy->select_proposal(this->policy, proposal_list); /* list not needed anymore */ while (proposal_list->remove_last(proposal_list, (void**)&proposal_tmp) == SUCCESS) { @@ -478,12 +480,12 @@ static status_t process_ts_payload(private_ike_auth_requested_t *this, bool ts_i /* select ts depending on payload type */ if (ts_initiator) { - ts_selected = this->sa_config->select_my_traffic_selectors(this->sa_config, ts_received); + ts_selected = this->policy->select_my_traffic_selectors(this->policy, ts_received); this->my_ts = ts_selected; } else { - ts_selected = this->sa_config->select_other_traffic_selectors(this->sa_config, ts_received); + ts_selected = this->policy->select_other_traffic_selectors(this->policy, ts_received); this->other_ts = ts_selected; } /* check if the responder selected valid proposals */ diff --git a/Source/charon/sa/states/ike_sa_init_requested.c b/Source/charon/sa/states/ike_sa_init_requested.c index 06ff238b9..5e641f9b3 100644 --- a/Source/charon/sa/states/ike_sa_init_requested.c +++ b/Source/charon/sa/states/ike_sa_init_requested.c @@ -214,6 +214,7 @@ static status_t process_message(private_ike_sa_init_requested_t *this, message_t ike_sa_id_t *ike_sa_id; iterator_t *payloads; host_t *me; + connection_t *connection; message_t *request; status_t status; @@ -340,8 +341,9 @@ static status_t process_message(private_ike_sa_init_requested_t *this, message_t } /* apply the address on wich we really received the packet */ + connection = this->ike_sa->get_connection(this->ike_sa); me = ike_sa_init_reply->get_destination(ike_sa_init_reply); - this->ike_sa->set_my_host(this->ike_sa, me->clone(me)); + connection->update_my_host(connection, me->clone(me)); /* build empty message */ this->ike_sa->build_message(this->ike_sa, IKE_AUTH, TRUE, &request); @@ -418,9 +420,9 @@ status_t process_sa_payload (private_ike_sa_init_requested_t *this, sa_payload_t { proposal_t *proposal; linked_list_t *proposal_list; - init_config_t *init_config; + connection_t *connection; - init_config = this->ike_sa->get_init_config(this->ike_sa); + connection = this->ike_sa->get_connection(this->ike_sa); /* get the list of selected proposals, the peer has to select only one proposal */ proposal_list = sa_payload->get_proposals (sa_payload); @@ -436,7 +438,7 @@ status_t process_sa_payload (private_ike_sa_init_requested_t *this, sa_payload_t } /* we have to re-check if the others selection is valid */ - this->proposal = init_config->select_proposal(init_config, proposal_list); + this->proposal = connection->select_proposal(connection, proposal_list); while (proposal_list->remove_last(proposal_list, (void**)&proposal) == SUCCESS) { proposal->destroy(proposal); @@ -467,13 +469,13 @@ status_t process_ke_payload (private_ike_sa_init_requested_t *this, ke_payload_t */ static status_t build_id_payload (private_ike_sa_init_requested_t *this,id_payload_t **id_payload, message_t *request) { - sa_config_t *sa_config; + policy_t *policy; id_payload_t *new_id_payload; identification_t *identification; - sa_config = this->ike_sa->get_sa_config(this->ike_sa); + policy = this->ike_sa->get_policy(this->ike_sa); /* identification_t object gets NOT cloned here */ - identification = sa_config->get_my_id(sa_config); + identification = policy->get_my_id(policy); new_id_payload = id_payload_create_from_identification(TRUE,identification); this->logger->log(this->logger, CONTROL|LEVEL2, "Add ID payload to message"); @@ -516,14 +518,16 @@ static status_t build_sa_payload (private_ike_sa_init_requested_t *this, message { linked_list_t *proposal_list; sa_payload_t *sa_payload; - sa_config_t *sa_config; + policy_t *policy; + connection_t *connection; /* get proposals form config, add to payload */ - sa_config = this->ike_sa->get_sa_config(this->ike_sa); - proposal_list = sa_config->get_proposals(sa_config); + policy = this->ike_sa->get_policy(this->ike_sa); + proposal_list = policy->get_proposals(policy); /* build child sa */ - this->child_sa = child_sa_create(this->ike_sa->get_my_host(this->ike_sa), - this->ike_sa->get_other_host(this->ike_sa)); + connection = this->ike_sa->get_connection(this->ike_sa); + this->child_sa = child_sa_create(connection->get_my_host(connection), + connection->get_other_host(connection)); if (this->child_sa->alloc(this->child_sa, proposal_list) != SUCCESS) { this->logger->log(this->logger, AUDIT, "Could not install CHILD_SA! Deleting IKE_SA"); @@ -550,10 +554,10 @@ static status_t build_tsi_payload (private_ike_sa_init_requested_t *this, messag { linked_list_t *ts_list; ts_payload_t *ts_payload; - sa_config_t *sa_config; + policy_t *policy; - sa_config = this->ike_sa->get_sa_config(this->ike_sa); - ts_list = sa_config->get_my_traffic_selectors(sa_config); + policy = this->ike_sa->get_policy(this->ike_sa); + ts_list = policy->get_my_traffic_selectors(policy); ts_payload = ts_payload_create_from_traffic_selectors(TRUE, ts_list); this->logger->log(this->logger, CONTROL|LEVEL2, "Add TSi payload to message"); @@ -569,10 +573,10 @@ static status_t build_tsr_payload (private_ike_sa_init_requested_t *this, messag { linked_list_t *ts_list; ts_payload_t *ts_payload; - sa_config_t *sa_config; + policy_t *policy; - sa_config = this->ike_sa->get_sa_config(this->ike_sa); - ts_list = sa_config->get_other_traffic_selectors(sa_config); + policy = this->ike_sa->get_policy(this->ike_sa); + ts_list = policy->get_other_traffic_selectors(policy); ts_payload = ts_payload_create_from_traffic_selectors(FALSE, ts_list); this->logger->log(this->logger, CONTROL|LEVEL2, "Add TSr payload to message"); @@ -614,7 +618,7 @@ static status_t process_notify_payload(private_ike_sa_init_requested_t *this, no initiator_init_t *initiator_init_state; chunk_t notify_data; diffie_hellman_group_t dh_group; - init_config_t *init_config; + connection_t *connection; notify_data = notify_payload->get_notification_data(notify_payload); dh_group = ntohs(*((u_int16_t*)notify_data.ptr)); @@ -622,8 +626,8 @@ static status_t process_notify_payload(private_ike_sa_init_requested_t *this, no this->logger->log(this->logger, ERROR|LEVEL1, "Peer wouldn't accept DH group, it requested %s!", mapping_find(diffie_hellman_group_m, dh_group)); /* check if we can accept this dh group */ - init_config = this->ike_sa->get_init_config(this->ike_sa); - if (!init_config->check_dh_group(init_config, dh_group)) + connection = this->ike_sa->get_connection(this->ike_sa); + if (!connection->check_dh_group(connection, dh_group)) { this->logger->log(this->logger, AUDIT, "Peer does only accept DH group %s, which we do not accept! Aborting", diff --git a/Source/charon/sa/states/ike_sa_init_responded.c b/Source/charon/sa/states/ike_sa_init_responded.c index 54e70041a..8c93e3275 100644 --- a/Source/charon/sa/states/ike_sa_init_responded.c +++ b/Source/charon/sa/states/ike_sa_init_responded.c @@ -76,7 +76,7 @@ struct private_ike_sa_init_responded_t { /** * SA config to use. */ - sa_config_t *sa_config; + policy_t *policy; /** * CHILD_SA, if set up @@ -182,7 +182,7 @@ static status_t process_message(private_ike_sa_init_responded_t *this, message_t signer_t *signer; status_t status; host_t *my_host, *other_host; - + connection_t *connection; if (request->get_exchange_type(request) != IKE_AUTH) { @@ -361,8 +361,9 @@ static status_t process_message(private_ike_sa_init_responded_t *this, message_t } /* create new state */ - my_host = this->ike_sa->get_my_host(this->ike_sa); - other_host = this->ike_sa->get_other_host(this->ike_sa); + connection = this->ike_sa->get_connection(this->ike_sa); + my_host = connection->get_my_host(connection); + other_host = connection->get_other_host(connection); this->logger->log(this->logger, AUDIT, "IKE_SA established between %s - %s, authenticated peer with %s", my_host->get_address(my_host), other_host->get_address(other_host), mapping_find(auth_method_m, auth_request->get_auth_method(auth_request))); @@ -379,8 +380,7 @@ static status_t process_message(private_ike_sa_init_responded_t *this, message_t static status_t build_idr_payload(private_ike_sa_init_responded_t *this, id_payload_t *request_idi, id_payload_t *request_idr, message_t *response,id_payload_t **response_idr) { identification_t *other_id, *my_id = NULL; - init_config_t *init_config; - status_t status; + connection_t *connection; id_payload_t *idr_response; other_id = request_idi->get_identification(request_idi); @@ -390,19 +390,19 @@ static status_t build_idr_payload(private_ike_sa_init_responded_t *this, id_payl } /* build new sa config */ - init_config = this->ike_sa->get_init_config(this->ike_sa); - status = charon->configuration->get_sa_config_for_init_config_and_id(charon->configuration,init_config, other_id,my_id, &(this->sa_config)); - if (status != SUCCESS) + connection = this->ike_sa->get_connection(this->ike_sa); + this->policy = charon->policies->get_policy(charon->policies, my_id, other_id); + if (this->policy == NULL) { if (my_id) { - this->logger->log(this->logger, AUDIT, "IKE_AUTH request uses IDs %s to %s, which we have no config for", + this->logger->log(this->logger, AUDIT, "IKE_AUTH request uses IDs %s to %s, which we have no policy for", other_id->get_string(other_id),my_id->get_string(my_id)); my_id->destroy(my_id); } else { - this->logger->log(this->logger, AUDIT, "IKE_AUTH request uses ID %s, which we have no config for", + this->logger->log(this->logger, AUDIT, "IKE_AUTH request uses ID %s, which we have no policy for", other_id->get_string(other_id)); } other_id->destroy(other_id); @@ -416,10 +416,10 @@ static status_t build_idr_payload(private_ike_sa_init_responded_t *this, id_payl other_id->destroy(other_id); /* get my id, if not requested */ - my_id = this->sa_config->get_my_id(this->sa_config); + my_id = this->policy->get_my_id(this->policy); - /* set sa_config in ike_sa for other states */ - this->ike_sa->set_sa_config(this->ike_sa, this->sa_config); + /* set policy in ike_sa for other states */ + this->ike_sa->set_policy(this->ike_sa, this->policy); /* build response */ idr_response = id_payload_create_from_identification(FALSE, my_id); @@ -440,6 +440,7 @@ static status_t build_sa_payload(private_ike_sa_init_responded_t *this, sa_paylo chunk_t seed; prf_plus_t *prf_plus; status_t status; + connection_t *connection; /* get proposals from request */ proposal_list = request->get_proposals(request); @@ -455,7 +456,7 @@ static status_t build_sa_payload(private_ike_sa_init_responded_t *this, sa_paylo /* now select a proposal */ this->logger->log(this->logger, CONTROL|LEVEL1, "Selecting proposals:"); - proposal = this->sa_config->select_proposal(this->sa_config, proposal_list); + proposal = this->policy->select_proposal(this->policy, proposal_list); /* list is not needed anymore */ while (proposal_list->remove_last(proposal_list, (void**)&proposal_tmp) == SUCCESS) { @@ -476,9 +477,10 @@ static status_t build_sa_payload(private_ike_sa_init_responded_t *this, sa_paylo memcpy(seed.ptr + this->received_nonce.len, this->sent_nonce.ptr, this->sent_nonce.len); prf_plus = prf_plus_create(this->ike_sa->get_child_prf(this->ike_sa), seed); allocator_free_chunk(&seed); - - this->child_sa = child_sa_create(this->ike_sa->get_my_host(this->ike_sa), - this->ike_sa->get_other_host(this->ike_sa)); + + connection = this->ike_sa->get_connection(this->ike_sa); + this->child_sa = child_sa_create(connection->get_my_host(connection), + connection->get_other_host(connection)); status = this->child_sa->add(this->child_sa, proposal, prf_plus); prf_plus->destroy(prf_plus); @@ -543,12 +545,12 @@ static status_t build_ts_payload(private_ike_sa_init_responded_t *this, bool ts_ /* select ts depending on payload type */ if (ts_initiator) { - ts_selected = this->sa_config->select_other_traffic_selectors(this->sa_config, ts_received); + ts_selected = this->policy->select_other_traffic_selectors(this->policy, ts_received); this->other_ts = ts_selected; } else { - ts_selected = this->sa_config->select_my_traffic_selectors(this->sa_config, ts_received); + ts_selected = this->policy->select_my_traffic_selectors(this->policy, ts_received); this->my_ts = ts_selected; } diff --git a/Source/charon/sa/states/initiator_init.c b/Source/charon/sa/states/initiator_init.c index 2e5843e5c..e23cd7a44 100644 --- a/Source/charon/sa/states/initiator_init.c +++ b/Source/charon/sa/states/initiator_init.c @@ -108,40 +108,39 @@ struct private_initiator_init_t { /** * Implementation of initiator_init_t.initiate_connection. */ -static status_t initiate_connection (private_initiator_init_t *this, char *name) +static status_t initiate_connection (private_initiator_init_t *this, connection_t *connection) { - init_config_t *init_config; - sa_config_t *sa_config; - status_t status; + policy_t *policy; diffie_hellman_group_t dh_group; + host_t *my_host, *other_host; + identification_t *my_id, *other_id; - this->logger->log(this->logger, CONTROL, "Initializing connection %s",name); + my_host = connection->get_my_host(connection); + other_host = connection->get_other_host(connection); + my_id = connection->get_my_id(connection); + other_id = connection->get_other_id(connection); - /* get configs */ - status = charon->configuration->get_init_config_for_name(charon->configuration,name,&init_config); - if (status != SUCCESS) - { - this->logger->log(this->logger, ERROR | LEVEL1, "Could not retrieve INIT configuration informations for %s",name); - return DELETE_ME; - } - this->ike_sa->set_init_config(this->ike_sa,init_config); - status = charon->configuration->get_sa_config_for_name(charon->configuration,name,&sa_config); - if (status != SUCCESS) + this->logger->log(this->logger, CONTROL, "Initiating connection between %s (%s) - %s (%s)", + my_id->get_string(my_id), my_host->get_address(my_host), + other_id->get_string(other_id), other_host->get_address(other_host)); + + this->ike_sa->set_connection(this->ike_sa, connection); + + /* get policy */ + policy = charon->policies->get_policy(charon->policies, my_id, other_id); + if (policy == NULL) { - this->logger->log(this->logger, ERROR | LEVEL1, "Could not retrieve SA configuration informations for %s",name); + this->logger->log(this->logger, ERROR | LEVEL1, "Could not get a policy for '%s - %s', aborting", + my_id->get_string(my_id), other_id->get_string(other_id)); return DELETE_ME; } - this->ike_sa->set_sa_config(this->ike_sa,sa_config); - - /* host informations are read from configuration */ - this->ike_sa->set_other_host(this->ike_sa,init_config->get_other_host_clone(init_config)); - this->ike_sa->set_my_host(this->ike_sa,init_config->get_my_host_clone(init_config)); + this->ike_sa->set_policy(this->ike_sa,policy); /* we must guess now a DH group. For that we choose our most preferred group */ - dh_group = init_config->get_dh_group(init_config); + dh_group = connection->get_dh_group(connection); /* next step is done in retry_initiate_connection */ - return this->public.retry_initiate_connection(&(this->public), dh_group); + return this->public.retry_initiate_connection(&this->public, dh_group); } /** @@ -151,7 +150,7 @@ status_t retry_initiate_connection (private_initiator_init_t *this, diffie_hellm { ike_sa_init_requested_t *next_state; chunk_t ike_sa_init_request_data; - init_config_t *init_config; + connection_t *connection; ike_sa_id_t *ike_sa_id; message_t *message; status_t status; @@ -162,7 +161,7 @@ status_t retry_initiate_connection (private_initiator_init_t *this, diffie_hellm return DELETE_ME; } - init_config = this->ike_sa->get_init_config(this->ike_sa); + connection = this->ike_sa->get_connection(this->ike_sa); this->diffie_hellman = diffie_hellman_create(dh_group); ike_sa_id = this->ike_sa->public.get_id(&(this->ike_sa->public)); ike_sa_id->set_responder_spi(ike_sa_id,0); @@ -211,13 +210,13 @@ static void build_sa_payload(private_initiator_init_t *this, message_t *request) { sa_payload_t* sa_payload; linked_list_t *proposal_list; - init_config_t *init_config; + connection_t *connection; this->logger->log(this->logger, CONTROL|LEVEL1, "Building SA payload"); - init_config = this->ike_sa->get_init_config(this->ike_sa); + connection = this->ike_sa->get_connection(this->ike_sa); - proposal_list = init_config->get_proposals(init_config); + proposal_list = connection->get_proposals(connection); sa_payload = sa_payload_create_from_proposal_list(proposal_list); @@ -332,7 +331,7 @@ initiator_init_t *initiator_init_create(protected_ike_sa_t *ike_sa) this->public.state_interface.destroy = (void (*) (state_t *)) destroy; /* public functions */ - this->public.initiate_connection = (status_t (*)(initiator_init_t *, char *)) initiate_connection; + this->public.initiate_connection = (status_t (*)(initiator_init_t *, connection_t*)) initiate_connection; this->public.retry_initiate_connection = (status_t (*)(initiator_init_t *, int )) retry_initiate_connection; /* private functions */ diff --git a/Source/charon/sa/states/initiator_init.h b/Source/charon/sa/states/initiator_init.h index 9ce499f92..6b4940a73 100644 --- a/Source/charon/sa/states/initiator_init.h +++ b/Source/charon/sa/states/initiator_init.h @@ -46,15 +46,15 @@ struct initiator_init_t { state_t state_interface; /** - * Initiate a new connection with given configuration name. + * Initiate a new connection with given connection_t object. * * @param this calling object - * @param name name of the configuration + * @param connection connection to initiate * @return * - SUCCESS - * - DELETE_ME if something failed (see log for error) + * - DELETE_ME if something failed */ - status_t (*initiate_connection) (initiator_init_t *this, char *name); + status_t (*initiate_connection) (initiator_init_t *this, connection_t *connection); /** * Retry to initiate a new connection with a specific dh_group_priority. diff --git a/Source/charon/sa/states/responder_init.c b/Source/charon/sa/states/responder_init.c index f67e2833c..6db0a662c 100644 --- a/Source/charon/sa/states/responder_init.c +++ b/Source/charon/sa/states/responder_init.c @@ -157,7 +157,7 @@ static status_t process_message(private_responder_init_t *this, message_t *messa ke_payload_t *ke_request = NULL; nonce_payload_t *nonce_request = NULL; host_t *source, *destination; - init_config_t *init_config; + connection_t *connection; iterator_t *payloads; message_t *response; status_t status; @@ -177,18 +177,15 @@ static status_t process_message(private_responder_init_t *this, message_t *messa source = message->get_source(message); destination = message->get_destination(message); - status = charon->configuration->get_init_config_for_host(charon->configuration,destination,source,&init_config); - if (status != SUCCESS) + connection = charon->connections->get_connection_by_hosts(charon->connections, destination, source); + if (connection == NULL) { - /* no configuration matches given host */ - this->logger->log(this->logger, AUDIT, "IKE_SA_INIT request does not match any available configuration. Deleting IKE_SA"); + /* no configuration matches given hosts */ + this->logger->log(this->logger, AUDIT, "IKE_SA_INIT request does not match any available connection. Deleting IKE_SA"); /* TODO: inform requestor */ return DELETE_ME; } - this->ike_sa->set_init_config(this->ike_sa,init_config); - - this->ike_sa->set_my_host(this->ike_sa, destination->clone(destination)); - this->ike_sa->set_other_host(this->ike_sa, source->clone(source)); + this->ike_sa->set_connection(this->ike_sa,connection); /* parse incoming message */ status = message->parse_body(message, NULL, NULL); @@ -322,11 +319,11 @@ static status_t build_sa_payload(private_responder_init_t *this,sa_payload_t *sa { proposal_t *proposal; linked_list_t *proposal_list; - init_config_t *init_config; + connection_t *connection; sa_payload_t* sa_payload; algorithm_t *algo; - init_config = this->ike_sa->get_init_config(this->ike_sa); + connection = this->ike_sa->get_connection(this->ike_sa); this->logger->log(this->logger, CONTROL | LEVEL2, "Process received SA payload"); @@ -334,7 +331,7 @@ static status_t build_sa_payload(private_responder_init_t *this,sa_payload_t *sa proposal_list = sa_request->get_proposals (sa_request); /* select proposal */ - this->proposal = init_config->select_proposal(init_config, proposal_list); + this->proposal = connection->select_proposal(connection, proposal_list); while(proposal_list->remove_last(proposal_list, (void**)&proposal) == SUCCESS) { proposal->destroy(proposal); diff --git a/Source/charon/sa/states/responder_init.h b/Source/charon/sa/states/responder_init.h index 5c7829b5e..c8ba73ea3 100644 --- a/Source/charon/sa/states/responder_init.h +++ b/Source/charon/sa/states/responder_init.h @@ -51,7 +51,7 @@ struct responder_init_t { * The following functions of the assigned protected_ike_sa_t object are being called with * valid values after successfully processing a received message and before changing * to next state IKE_SA_INIT_RESPONDED: - * - protected_ike_sa_t.set_init_config() + * - protected_ike_sa_t.set_connection() * - protected_ike_sa_t.set_my_host() * - protected_ike_sa_t.set_other_host() * - protected_ike_sa_t.compute_secrets() |