aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/charon/config/child_cfg.c31
-rw-r--r--src/charon/config/child_cfg.h18
-rw-r--r--src/charon/plugins/sql/sql_config.c3
-rw-r--r--src/charon/plugins/stroke/stroke_config.c10
-rw-r--r--src/charon/sa/ike_sa.c29
-rw-r--r--src/charon/sa/tasks/child_delete.c2
-rw-r--r--src/charon/sa/tasks/ike_delete.c11
7 files changed, 72 insertions, 32 deletions
diff --git a/src/charon/config/child_cfg.c b/src/charon/config/child_cfg.c
index 510d9a67f..e85814237 100644
--- a/src/charon/config/child_cfg.c
+++ b/src/charon/config/child_cfg.c
@@ -87,9 +87,14 @@ struct private_child_cfg_t {
mode_t mode;
/**
- * action to take on DPD/passive close
+ * action to take on DPD
*/
- action_t action;
+ action_t dpd_action;
+
+ /**
+ * action to take on CHILD_SA close
+ */
+ action_t close_action;
/**
* Time before an SA gets invalid
@@ -357,11 +362,19 @@ static mode_t get_mode(private_child_cfg_t *this)
}
/**
- * Implementation of child_cfg_t.get_action
+ * Implementation of child_cfg_t.get_dpd_action
+ */
+static action_t get_dpd_action(private_child_cfg_t *this)
+{
+ return this->dpd_action;
+}
+
+/**
+ * Implementation of child_cfg_t.get_close_action
*/
-static action_t get_action(private_child_cfg_t *this)
+static action_t get_close_action(private_child_cfg_t *this)
{
- return this->action;
+ return this->close_action;
}
/**
@@ -418,7 +431,7 @@ static void destroy(private_child_cfg_t *this)
child_cfg_t *child_cfg_create(char *name, u_int32_t lifetime,
u_int32_t rekeytime, u_int32_t jitter,
char *updown, bool hostaccess, mode_t mode,
- action_t action)
+ action_t dpd_action, action_t close_action)
{
private_child_cfg_t *this = malloc_thing(private_child_cfg_t);
@@ -431,7 +444,8 @@ child_cfg_t *child_cfg_create(char *name, u_int32_t lifetime,
this->public.get_updown = (char* (*) (child_cfg_t*))get_updown;
this->public.get_hostaccess = (bool (*) (child_cfg_t*))get_hostaccess;
this->public.get_mode = (mode_t (*) (child_cfg_t *))get_mode;
- this->public.get_action = (action_t (*) (child_cfg_t *))get_action;
+ this->public.get_dpd_action = (action_t (*) (child_cfg_t *))get_dpd_action;
+ this->public.get_close_action = (action_t (*) (child_cfg_t *))get_close_action;
this->public.get_lifetime = (u_int32_t (*) (child_cfg_t *,bool))get_lifetime;
this->public.get_dh_group = (diffie_hellman_group_t(*)(child_cfg_t*)) get_dh_group;
this->public.get_ref = (void (*) (child_cfg_t*))get_ref;
@@ -444,7 +458,8 @@ child_cfg_t *child_cfg_create(char *name, u_int32_t lifetime,
this->updown = updown ? strdup(updown) : NULL;
this->hostaccess = hostaccess;
this->mode = mode;
- this->action = action;
+ this->dpd_action = dpd_action;
+ this->close_action = close_action;
this->refcount = 1;
this->proposals = linked_list_create();
this->my_ts = linked_list_create();
diff --git a/src/charon/config/child_cfg.h b/src/charon/config/child_cfg.h
index 7c65e0a95..688eac720 100644
--- a/src/charon/config/child_cfg.h
+++ b/src/charon/config/child_cfg.h
@@ -193,11 +193,18 @@ struct child_cfg_t {
mode_t (*get_mode) (child_cfg_t *this);
/**
- * Action to take on DPD/passive close
+ * Action to take on DPD.
*
- * @return DPD/passive close action
+ * @return DPD action
*/
- action_t (*get_action) (child_cfg_t *this);
+ action_t (*get_dpd_action) (child_cfg_t *this);
+
+ /**
+ * Action to take if CHILD_SA gets closed.
+ *
+ * @return close action
+ */
+ action_t (*get_close_action) (child_cfg_t *this);
/**
* Get the DH group to use for CHILD_SA setup.
@@ -243,12 +250,13 @@ struct child_cfg_t {
* @param updown updown script to execute on up/down event
* @param hostaccess TRUE to allow access to the local host
* @param mode mode to propose for CHILD_SA, transport, tunnel or BEET
- * @param action DPD/passive close action
+ * @param dpd_action DPD action
+ * @param close_action lose action
* @return child_cfg_t object
*/
child_cfg_t *child_cfg_create(char *name, u_int32_t lifetime,
u_int32_t rekeytime, u_int32_t jitter,
char *updown, bool hostaccess, mode_t mode,
- action_t action);
+ action_t dpd_action, action_t close_action);
#endif /* CHILD_CFG_H_ @} */
diff --git a/src/charon/plugins/sql/sql_config.c b/src/charon/plugins/sql/sql_config.c
index e13bc314d..920268a73 100644
--- a/src/charon/plugins/sql/sql_config.c
+++ b/src/charon/plugins/sql/sql_config.c
@@ -133,7 +133,8 @@ static child_cfg_t *build_child_cfg(private_sql_config_t *this, enumerator_t *e)
&updown, &hostaccess, &mode))
{
child_cfg = child_cfg_create(name, lifetime, rekeytime, jitter,
- updown, hostaccess, mode, ACTION_NONE);
+ updown, hostaccess, mode,
+ ACTION_NONE, ACTION_NONE);
/* TODO: read proposal from db */
child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
add_traffic_selectors(this, child_cfg, id);
diff --git a/src/charon/plugins/stroke/stroke_config.c b/src/charon/plugins/stroke/stroke_config.c
index 8834a7fc1..6b5c20d6e 100644
--- a/src/charon/plugins/stroke/stroke_config.c
+++ b/src/charon/plugins/stroke/stroke_config.c
@@ -626,18 +626,18 @@ static child_cfg_t *build_child_cfg(private_stroke_config_t *this,
{
child_cfg_t *child_cfg;
traffic_selector_t *ts;
- action_t action;
+ action_t dpd;
switch (msg->add_conn.dpd.action)
{ /* map startes magic values to our action type */
case 2: /* =hold */
- action = ACTION_ROUTE;
+ dpd = ACTION_ROUTE;
break;
case 3: /* =restart */
- action = ACTION_RESTART;
+ dpd = ACTION_RESTART;
break;
default:
- action = ACTION_NONE;
+ dpd = ACTION_NONE;
break;
}
child_cfg = child_cfg_create(
@@ -645,7 +645,7 @@ static child_cfg_t *build_child_cfg(private_stroke_config_t *this,
msg->add_conn.rekey.ipsec_lifetime - msg->add_conn.rekey.margin,
msg->add_conn.rekey.margin * msg->add_conn.rekey.fuzz / 100,
msg->add_conn.me.updown, msg->add_conn.me.hostaccess,
- msg->add_conn.mode, action);
+ msg->add_conn.mode, dpd, ACTION_NONE);
ts = build_ts(this, &msg->add_conn.me);
if (!ts)
diff --git a/src/charon/sa/ike_sa.c b/src/charon/sa/ike_sa.c
index b4787709f..1b2ce47ba 100644
--- a/src/charon/sa/ike_sa.c
+++ b/src/charon/sa/ike_sa.c
@@ -1880,6 +1880,7 @@ static status_t reestablish(private_ike_sa_t *this)
{
ike_sa_t *new;
host_t *host;
+ action_t action;
iterator_t *iterator;
child_sa_t *child_sa;
child_cfg_t *child_cfg;
@@ -1891,7 +1892,15 @@ static status_t reestablish(private_ike_sa_t *this)
while (iterator->iterate(iterator, (void**)&child_sa))
{
child_cfg = child_sa->get_config(child_sa);
- switch (child_cfg->get_action(child_cfg))
+ if (this->state == IKE_DELETING)
+ {
+ action = child_cfg->get_close_action(child_cfg);
+ }
+ else
+ {
+ action = child_cfg->get_dpd_action(child_cfg);
+ }
+ switch (action)
{
case ACTION_RESTART:
case ACTION_ROUTE:
@@ -1951,7 +1960,15 @@ static status_t reestablish(private_ike_sa_t *this)
while (iterator->iterate(iterator, (void**)&child_sa))
{
child_cfg = child_sa->get_config(child_sa);
- switch (child_cfg->get_action(child_cfg))
+ if (this->state == IKE_DELETING)
+ {
+ action = child_cfg->get_close_action(child_cfg);
+ }
+ else
+ {
+ action = child_cfg->get_dpd_action(child_cfg);
+ }
+ switch (action)
{
case ACTION_RESTART:
DBG1(DBG_IKE, "restarting CHILD_SA %s",
@@ -2011,16 +2028,16 @@ static status_t retransmit(private_ike_sa_t *this, u_int32_t message_id)
SIG(IKE_UP_FAILED, "establishing IKE_SA failed, peer not responding");
break;
}
- case IKE_REKEYING:
- SIG(IKE_REKEY_FAILED, "rekeying IKE_SA failed, peer not responding");
- break;
case IKE_DELETING:
SIG(IKE_DOWN_FAILED, "proper IKE_SA delete failed, peer not responding");
break;
+ case IKE_REKEYING:
+ SIG(IKE_REKEY_FAILED, "rekeying IKE_SA failed, peer not responding");
+ /* FALL */
default:
+ reestablish(this);
break;
}
- reestablish(this);
return DESTROY_ME;
}
return SUCCESS;
diff --git a/src/charon/sa/tasks/child_delete.c b/src/charon/sa/tasks/child_delete.c
index 4de4113a5..e3022a3b0 100644
--- a/src/charon/sa/tasks/child_delete.c
+++ b/src/charon/sa/tasks/child_delete.c
@@ -173,7 +173,7 @@ static status_t destroy_and_reestablish(private_child_delete_t *this)
this->ike_sa->destroy_child_sa(this->ike_sa, protocol, spi);
if (!this->initiator)
{ /* enforce child_cfg policy if deleted passively */
- switch (child_cfg->get_action(child_cfg))
+ switch (child_cfg->get_close_action(child_cfg))
{
case ACTION_RESTART:
child_cfg->get_ref(child_cfg);
diff --git a/src/charon/sa/tasks/ike_delete.c b/src/charon/sa/tasks/ike_delete.c
index 02d8c168c..879b103ee 100644
--- a/src/charon/sa/tasks/ike_delete.c
+++ b/src/charon/sa/tasks/ike_delete.c
@@ -82,19 +82,18 @@ static status_t process_r(private_ike_delete_t *this, message_t *message)
* come so far without being correct */
switch (this->ike_sa->get_state(this->ike_sa))
{
- case IKE_DELETING:
- this->simultaneous = TRUE;
- break;
case IKE_ESTABLISHED:
DBG1(DBG_IKE, "deleting IKE_SA on request");
+ this->ike_sa->set_state(this->ike_sa, IKE_DELETING);
this->ike_sa->reestablish(this->ike_sa);
break;
- case IKE_REKEYING:
- break;
+ case IKE_DELETING:
+ this->simultaneous = TRUE;
+ /* FALL */
default:
+ this->ike_sa->set_state(this->ike_sa, IKE_DELETING);
break;
}
- this->ike_sa->set_state(this->ike_sa, IKE_DELETING);
return NEED_MORE;
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-13 13:51:15 +0000