diff options
Diffstat (limited to 'src/libcharon')
| -rw-r--r-- | src/libcharon/config/peer_cfg.h | 8 | ||||
| -rw-r--r-- | src/libcharon/plugins/stroke/stroke_config.c | 3 | ||||
| -rw-r--r-- | src/libcharon/sa/ike_sa_manager.c | 2 | ||||
| -rw-r--r-- | src/libcharon/sa/ikev2/tasks/ike_auth.c | 3 |
4 files changed, 11 insertions, 5 deletions
diff --git a/src/libcharon/config/peer_cfg.h b/src/libcharon/config/peer_cfg.h index f65b91258..418e45532 100644 --- a/src/libcharon/config/peer_cfg.h +++ b/src/libcharon/config/peer_cfg.h @@ -81,11 +81,13 @@ extern enum_name_t *cert_policy_names; * Uniqueness of an IKE_SA, used to drop multiple connections with one peer. */ enum unique_policy_t { - /** do not check for client uniqueness */ + /** never check for client uniqueness */ + UNIQUE_NEVER, + /** only check for client uniqueness when receiving an INITIAL_CONTACT */ UNIQUE_NO, - /** replace unique IKE_SAs if new ones get established */ + /** replace existing IKE_SAs when new ones get established by a client */ UNIQUE_REPLACE, - /** keep existing IKE_SAs, close the new ones on connection attept */ + /** keep existing IKE_SAs, close the new ones on connection attempt */ UNIQUE_KEEP, }; diff --git a/src/libcharon/plugins/stroke/stroke_config.c b/src/libcharon/plugins/stroke/stroke_config.c index e3c78f750..fd1182619 100644 --- a/src/libcharon/plugins/stroke/stroke_config.c +++ b/src/libcharon/plugins/stroke/stroke_config.c @@ -690,6 +690,9 @@ static peer_cfg_t *build_peer_cfg(private_stroke_config_t *this, case 3: /* keep */ unique = UNIQUE_KEEP; break; + case 4: /* never */ + unique = UNIQUE_NEVER; + break; default: /* no */ unique = UNIQUE_NO; break; diff --git a/src/libcharon/sa/ike_sa_manager.c b/src/libcharon/sa/ike_sa_manager.c index b707b6a0b..a396235c2 100644 --- a/src/libcharon/sa/ike_sa_manager.c +++ b/src/libcharon/sa/ike_sa_manager.c @@ -1711,7 +1711,7 @@ METHOD(ike_sa_manager_t, check_uniqueness, bool, peer_cfg = ike_sa->get_peer_cfg(ike_sa); policy = peer_cfg->get_unique_policy(peer_cfg); - if (policy == UNIQUE_NO && !force_replace) + if (policy == UNIQUE_NEVER || (policy == UNIQUE_NO && !force_replace)) { return FALSE; } diff --git a/src/libcharon/sa/ikev2/tasks/ike_auth.c b/src/libcharon/sa/ikev2/tasks/ike_auth.c index 36f8acfd1..7d462f1a7 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_auth.c +++ b/src/libcharon/sa/ikev2/tasks/ike_auth.c @@ -435,7 +435,8 @@ METHOD(task_t, build_i, status_t, message->add_payload(message, (payload_t*)id_payload); if (idr && message->get_message_id(message) == 1 && - this->peer_cfg->get_unique_policy(this->peer_cfg) != UNIQUE_NO) + this->peer_cfg->get_unique_policy(this->peer_cfg) != UNIQUE_NO && + this->peer_cfg->get_unique_policy(this->peer_cfg) != UNIQUE_NEVER) { host_t *host; |