ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

ha: Sync remote address in HA_IKE_ADD, too 

When the IKE_SA is synced without the remote address, after a
reauthentication charon is not able to find it in its connected_peers
table since the destination host will be %any (it's missing in the
message, hence the default from the newly created ike_sa_t -- %any --
will be used).
By adding the value to the HA_IKE_ADD message, we should be able to
solve this problem.

Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
This commit is contained in:
Thomas Egerer 2015-04-24 13:43:18 +02:00 committed by Tobias Brunner
parent e095d87bb6
commit 3434709460
2 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/libcharon/plugins/ha/ha_dispatcher.c
View File

@ -135,6 +135,7 @@ static void process_ike_add(private_ha_dispatcher_t *this, ha_message_t *message
chunk_t nonce_i = chunk_empty, nonce_r = chunk_empty;
chunk_t secret = chunk_empty, old_skd = chunk_empty;
chunk_t dh_local = chunk_empty, dh_remote = chunk_empty, psk = chunk_empty;
host_t *other = NULL;
bool ok = FALSE;
enumerator = message->create_attribute_enumerator(message);
@ -150,6 +151,9 @@ static void process_ike_add(private_ha_dispatcher_t *this, ha_message_t *message
old_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager,
value.ike_sa_id);
break;
case HA_REMOTE_ADDR:
other = value.host->clone(value.host);
break;
case HA_IKE_VERSION:
version = value.u8;
break;
@ -252,6 +256,11 @@ static void process_ike_add(private_ha_dispatcher_t *this, ha_message_t *message
charon->ike_sa_manager, old_sa);
old_sa = NULL;
}
if (other)
{
ike_sa->set_other_host(ike_sa, other);
other = NULL;
}
ike_sa->set_state(ike_sa, IKE_CONNECTING);
ike_sa->set_proposal(ike_sa, proposal);
this->cache->cache(this->cache, ike_sa, message);
@ -270,6 +279,7 @@ static void process_ike_add(private_ha_dispatcher_t *this, ha_message_t *message
{
charon->ike_sa_manager->checkin(charon->ike_sa_manager, old_sa);
}
DESTROY_IF(other);
DESTROY_IF(message);
}

1
src/libcharon/plugins/ha/ha_ike.c
View File

@ -138,6 +138,7 @@ METHOD(listener_t, ike_keys, bool,
m->add_attribute(m, HA_PSK, shared->get_key(shared));
}
}
m->add_attribute(m, HA_REMOTE_ADDR, ike_sa->get_other_host(ike_sa));
this->socket->push(this->socket, m);
this->cache->cache(this->cache, ike_sa, m);