ike-mobike: Use ike_sa_t::update_hosts() to trigger events
We should trigger the ike_update() event for MOBIKE updates and since update_hosts() updates the children we can reuse that code too.
This commit is contained in:
parent
51c7cf9a04
commit
2b255f01af
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (C) 2010-2018 Tobias Brunner
|
* Copyright (C) 2010-2020 Tobias Brunner
|
||||||
* Copyright (C) 2007 Martin Willi
|
* Copyright (C) 2007 Martin Willi
|
||||||
* HSR Hochschule fuer Technik Rapperswil
|
* HSR Hochschule fuer Technik Rapperswil
|
||||||
*
|
*
|
||||||
|
@ -269,55 +269,6 @@ static bool build_cookie(private_ike_mobike_t *this, message_t *message)
|
||||||
return TRUE;
|
return TRUE;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* update addresses of associated CHILD_SAs
|
|
||||||
*/
|
|
||||||
static void update_children(private_ike_mobike_t *this)
|
|
||||||
{
|
|
||||||
enumerator_t *enumerator;
|
|
||||||
child_sa_t *child_sa;
|
|
||||||
linked_list_t *vips;
|
|
||||||
status_t status;
|
|
||||||
host_t *host;
|
|
||||||
|
|
||||||
vips = linked_list_create();
|
|
||||||
|
|
||||||
enumerator = this->ike_sa->create_virtual_ip_enumerator(this->ike_sa, TRUE);
|
|
||||||
while (enumerator->enumerate(enumerator, &host))
|
|
||||||
{
|
|
||||||
vips->insert_last(vips, host);
|
|
||||||
}
|
|
||||||
enumerator->destroy(enumerator);
|
|
||||||
|
|
||||||
enumerator = this->ike_sa->create_child_sa_enumerator(this->ike_sa);
|
|
||||||
while (enumerator->enumerate(enumerator, (void**)&child_sa))
|
|
||||||
{
|
|
||||||
status = child_sa->update(child_sa,
|
|
||||||
this->ike_sa->get_my_host(this->ike_sa),
|
|
||||||
this->ike_sa->get_other_host(this->ike_sa), vips,
|
|
||||||
this->ike_sa->has_condition(this->ike_sa, COND_NAT_ANY));
|
|
||||||
switch (status)
|
|
||||||
{
|
|
||||||
case NOT_SUPPORTED:
|
|
||||||
this->ike_sa->rekey_child_sa(this->ike_sa,
|
|
||||||
child_sa->get_protocol(child_sa),
|
|
||||||
child_sa->get_spi(child_sa, TRUE));
|
|
||||||
break;
|
|
||||||
case SUCCESS:
|
|
||||||
charon->child_sa_manager->remove(charon->child_sa_manager,
|
|
||||||
child_sa);
|
|
||||||
charon->child_sa_manager->add(charon->child_sa_manager,
|
|
||||||
child_sa, this->ike_sa);
|
|
||||||
break;
|
|
||||||
default:
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
enumerator->destroy(enumerator);
|
|
||||||
|
|
||||||
vips->destroy(vips);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Apply the port of the old host, if its ip equals the new, use port otherwise.
|
* Apply the port of the old host, if its ip equals the new, use port otherwise.
|
||||||
*/
|
*/
|
||||||
|
@ -448,7 +399,6 @@ METHOD(task_t, build_i, status_t,
|
||||||
{
|
{
|
||||||
return FAILED;
|
return FAILED;
|
||||||
}
|
}
|
||||||
update_children(this);
|
|
||||||
}
|
}
|
||||||
if (this->address && !this->check)
|
if (this->address && !this->check)
|
||||||
{
|
{
|
||||||
|
@ -472,34 +422,41 @@ METHOD(task_t, process_r, status_t,
|
||||||
}
|
}
|
||||||
else if (message->get_exchange_type(message) == INFORMATIONAL)
|
else if (message->get_exchange_type(message) == INFORMATIONAL)
|
||||||
{
|
{
|
||||||
process_payloads(this, message);
|
host_t *me_new = NULL, *other, *other_old, *other_new = NULL;
|
||||||
if (this->update)
|
|
||||||
{
|
|
||||||
host_t *me, *other;
|
|
||||||
|
|
||||||
me = message->get_destination(message);
|
process_payloads(this, message);
|
||||||
other = message->get_source(message);
|
|
||||||
this->ike_sa->set_my_host(this->ike_sa, me->clone(me));
|
|
||||||
this->ike_sa->set_other_host(this->ike_sa, other->clone(other));
|
|
||||||
}
|
|
||||||
|
|
||||||
if (this->natd)
|
if (this->natd)
|
||||||
{
|
{
|
||||||
this->natd->task.process(&this->natd->task, message);
|
this->natd->task.process(&this->natd->task, message);
|
||||||
}
|
}
|
||||||
if (this->addresses_updated && this->ike_sa->has_condition(this->ike_sa,
|
|
||||||
COND_ORIGINAL_INITIATOR))
|
if (this->update)
|
||||||
{
|
{
|
||||||
host_t *other = message->get_source(message);
|
me_new = message->get_destination(message);
|
||||||
host_t *other_old = this->ike_sa->get_other_host(this->ike_sa);
|
other_new = message->get_source(message);
|
||||||
|
}
|
||||||
|
else if (this->addresses_updated &&
|
||||||
|
this->ike_sa->has_condition(this->ike_sa, COND_ORIGINAL_INITIATOR))
|
||||||
|
{
|
||||||
|
other = message->get_source(message);
|
||||||
|
other_old = this->ike_sa->get_other_host(this->ike_sa);
|
||||||
if (!other->equals(other, other_old))
|
if (!other->equals(other, other_old))
|
||||||
{
|
{
|
||||||
DBG1(DBG_IKE, "remote address changed from %H to %H", other_old,
|
DBG1(DBG_IKE, "remote address changed from %H to %H", other_old,
|
||||||
other);
|
other);
|
||||||
this->ike_sa->set_other_host(this->ike_sa, other->clone(other));
|
other_new = other;
|
||||||
this->update = TRUE;
|
/* our address might have changed too if the responder used
|
||||||
|
* a different address from our list to reach us */
|
||||||
|
me_new = message->get_destination(message);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (me_new || other_new)
|
||||||
|
{
|
||||||
|
this->ike_sa->update_hosts(this->ike_sa, me_new,
|
||||||
|
other_new, UPDATE_HOSTS_FORCE_ALL);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
return NEED_MORE;
|
return NEED_MORE;
|
||||||
}
|
}
|
||||||
|
@ -528,10 +485,6 @@ METHOD(task_t, build_r, status_t,
|
||||||
message->add_notify(message, FALSE, COOKIE2, this->cookie2);
|
message->add_notify(message, FALSE, COOKIE2, this->cookie2);
|
||||||
chunk_free(&this->cookie2);
|
chunk_free(&this->cookie2);
|
||||||
}
|
}
|
||||||
if (this->update)
|
|
||||||
{
|
|
||||||
update_children(this);
|
|
||||||
}
|
|
||||||
return SUCCESS;
|
return SUCCESS;
|
||||||
}
|
}
|
||||||
return NEED_MORE;
|
return NEED_MORE;
|
||||||
|
@ -574,49 +527,47 @@ METHOD(task_t, process_i, status_t,
|
||||||
if (this->natd)
|
if (this->natd)
|
||||||
{
|
{
|
||||||
this->natd->task.process(&this->natd->task, message);
|
this->natd->task.process(&this->natd->task, message);
|
||||||
if (!this->update && this->natd->has_mapping_changed(this->natd))
|
|
||||||
{
|
if (this->update)
|
||||||
/* force an update if mappings have changed */
|
{ /* update children again, as NAT state may have changed */
|
||||||
this->update = this->check = TRUE;
|
this->ike_sa->update_hosts(this->ike_sa, NULL, NULL,
|
||||||
|
UPDATE_HOSTS_FORCE_CHILDREN);
|
||||||
|
}
|
||||||
|
else if (this->natd->has_mapping_changed(this->natd))
|
||||||
|
{ /* force a check/update if mappings have changed during a DPD */
|
||||||
|
this->check = TRUE;
|
||||||
DBG1(DBG_IKE, "detected changes in NAT mappings, "
|
DBG1(DBG_IKE, "detected changes in NAT mappings, "
|
||||||
"initiating MOBIKE update");
|
"initiating MOBIKE update");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (this->update)
|
|
||||||
{
|
|
||||||
/* update again, as NAT state may have changed */
|
|
||||||
update_children(this);
|
|
||||||
}
|
|
||||||
if (this->check)
|
if (this->check)
|
||||||
{
|
{
|
||||||
host_t *me_new, *me_old, *other_new, *other_old;
|
host_t *me, *me_new = NULL, *other, *other_new = NULL;
|
||||||
|
|
||||||
me_new = message->get_destination(message);
|
me = message->get_destination(message);
|
||||||
other_new = message->get_source(message);
|
other = message->get_source(message);
|
||||||
me_old = this->ike_sa->get_my_host(this->ike_sa);
|
|
||||||
other_old = this->ike_sa->get_other_host(this->ike_sa);
|
|
||||||
|
|
||||||
if (!me_new->equals(me_new, me_old))
|
if (!me->equals(me, this->ike_sa->get_my_host(this->ike_sa)))
|
||||||
{
|
{
|
||||||
this->update = TRUE;
|
me_new = me;
|
||||||
this->ike_sa->set_my_host(this->ike_sa, me_new->clone(me_new));
|
|
||||||
}
|
}
|
||||||
if (!other_new->equals(other_new, other_old))
|
if (!other->equals(other, this->ike_sa->get_other_host(this->ike_sa)))
|
||||||
{
|
{
|
||||||
this->update = TRUE;
|
other_new = other;
|
||||||
this->ike_sa->set_other_host(this->ike_sa, other_new->clone(other_new));
|
|
||||||
}
|
}
|
||||||
if (this->update)
|
if (me_new || other_new)
|
||||||
{
|
{
|
||||||
|
this->ike_sa->update_hosts(this->ike_sa, me_new, other_new,
|
||||||
|
UPDATE_HOSTS_FORCE_ALL);
|
||||||
/* use the same task to ... */
|
/* use the same task to ... */
|
||||||
if (!this->ike_sa->has_condition(this->ike_sa,
|
if (!this->ike_sa->has_condition(this->ike_sa,
|
||||||
COND_ORIGINAL_INITIATOR))
|
COND_ORIGINAL_INITIATOR))
|
||||||
{ /*... send an updated list of addresses as responder */
|
{ /*... send an updated list of addresses as responder */
|
||||||
update_children(this);
|
this->address = TRUE;
|
||||||
this->update = FALSE;
|
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{ /* ... send the update as original initiator */
|
{ /* ... send the update as original initiator */
|
||||||
|
this->update = TRUE;
|
||||||
if (this->natd)
|
if (this->natd)
|
||||||
{
|
{
|
||||||
this->natd->task.destroy(&this->natd->task);
|
this->natd->task.destroy(&this->natd->task);
|
||||||
|
|
Loading…
Reference in New Issue