use the new updown()/rekey() hooks to track the state of NetworkManager connections
This commit is contained in:
parent
356cdc2d72
commit
bad99d5aff
|
@ -140,21 +140,10 @@ static bool ike_state_change(listener_t *listener, ike_sa_t *ike_sa,
|
||||||
{
|
{
|
||||||
NMStrongswanPluginPrivate *private = (NMStrongswanPluginPrivate*)listener;
|
NMStrongswanPluginPrivate *private = (NMStrongswanPluginPrivate*)listener;
|
||||||
|
|
||||||
if (private->ike_sa == ike_sa)
|
if (private->ike_sa == ike_sa && state == IKE_DESTROYING)
|
||||||
{
|
{
|
||||||
switch (state)
|
signal_failure(private->plugin, NM_VPN_PLUGIN_FAILURE_LOGIN_FAILED);
|
||||||
{
|
return FALSE;
|
||||||
case IKE_DESTROYING:
|
|
||||||
signal_failure(private->plugin,
|
|
||||||
NM_VPN_PLUGIN_FAILURE_LOGIN_FAILED);
|
|
||||||
return FALSE;
|
|
||||||
case IKE_DELETING:
|
|
||||||
signal_failure(private->plugin,
|
|
||||||
NM_VPN_PLUGIN_FAILURE_CONNECT_FAILED);
|
|
||||||
return FALSE;
|
|
||||||
default:
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
return TRUE;
|
return TRUE;
|
||||||
}
|
}
|
||||||
|
@ -166,37 +155,50 @@ static bool child_state_change(listener_t *listener, ike_sa_t *ike_sa,
|
||||||
child_sa_t *child_sa, child_sa_state_t state)
|
child_sa_t *child_sa, child_sa_state_t state)
|
||||||
{
|
{
|
||||||
NMStrongswanPluginPrivate *private = (NMStrongswanPluginPrivate*)listener;
|
NMStrongswanPluginPrivate *private = (NMStrongswanPluginPrivate*)listener;
|
||||||
|
|
||||||
|
if (private->ike_sa == ike_sa && state == IKE_DESTROYING)
|
||||||
|
{
|
||||||
|
signal_failure(private->plugin, NM_VPN_PLUGIN_FAILURE_CONNECT_FAILED);
|
||||||
|
return FALSE;
|
||||||
|
}
|
||||||
|
return TRUE;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Implementation of listener_t.child_updown
|
||||||
|
*/
|
||||||
|
static bool child_updown(listener_t *listener, ike_sa_t *ike_sa,
|
||||||
|
child_sa_t *child_sa, bool up)
|
||||||
|
{
|
||||||
|
NMStrongswanPluginPrivate *private = (NMStrongswanPluginPrivate*)listener;
|
||||||
|
|
||||||
if (private->ike_sa == ike_sa)
|
if (private->ike_sa == ike_sa)
|
||||||
{
|
{
|
||||||
switch (state)
|
if (up)
|
||||||
|
{ /* disable initiate-failure-detection hooks */
|
||||||
|
private->listener.ike_state_change = NULL;
|
||||||
|
private->listener.child_state_change = NULL;
|
||||||
|
signal_ipv4_config(private->plugin, ike_sa, child_sa);
|
||||||
|
}
|
||||||
|
else
|
||||||
{
|
{
|
||||||
case CHILD_INSTALLED:
|
signal_failure(private->plugin, NM_VPN_PLUGIN_FAILURE_CONNECT_FAILED);
|
||||||
signal_ipv4_config(private->plugin, ike_sa, child_sa);
|
return FALSE;
|
||||||
listener->child_state_change = NULL;
|
|
||||||
break;
|
|
||||||
case CHILD_DESTROYING:
|
|
||||||
signal_failure(private->plugin,
|
|
||||||
NM_VPN_PLUGIN_FAILURE_CONNECT_FAILED);
|
|
||||||
return FALSE;
|
|
||||||
default:
|
|
||||||
break;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return TRUE;
|
return TRUE;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Implementation of listener_t.ike_keys
|
* Implementation of listener_t.ike_rekey
|
||||||
*/
|
*/
|
||||||
static bool ike_keys(listener_t *listener, ike_sa_t *ike_sa, diffie_hellman_t *dh,
|
static bool ike_rekey(listener_t *listener, ike_sa_t *old, ike_sa_t *new)
|
||||||
chunk_t nonce_i, chunk_t nonce_r, ike_sa_t *rekey)
|
|
||||||
{
|
{
|
||||||
NMStrongswanPluginPrivate *private = (NMStrongswanPluginPrivate*)listener;
|
NMStrongswanPluginPrivate *private = (NMStrongswanPluginPrivate*)listener;
|
||||||
|
|
||||||
if (rekey && private->ike_sa == ike_sa)
|
if (private->ike_sa == old)
|
||||||
{ /* follow a rekeyed IKE_SA */
|
{ /* follow a rekeyed IKE_SA */
|
||||||
private->ike_sa = rekey;
|
private->ike_sa = new;
|
||||||
}
|
}
|
||||||
return TRUE;
|
return TRUE;
|
||||||
}
|
}
|
||||||
|
@ -436,7 +438,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
|
||||||
peer_cfg->add_child_cfg(peer_cfg, child_cfg);
|
peer_cfg->add_child_cfg(peer_cfg, child_cfg);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Start to initiate
|
* Prepare IKE_SA
|
||||||
*/
|
*/
|
||||||
ike_sa = charon->ike_sa_manager->checkout_by_config(charon->ike_sa_manager,
|
ike_sa = charon->ike_sa_manager->checkout_by_config(charon->ike_sa_manager,
|
||||||
peer_cfg);
|
peer_cfg);
|
||||||
|
@ -448,22 +450,28 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
|
||||||
{
|
{
|
||||||
peer_cfg->destroy(peer_cfg);
|
peer_cfg->destroy(peer_cfg);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Register listener, enable initiate-failure-detection hooks
|
||||||
|
*/
|
||||||
|
NM_STRONGSWAN_PLUGIN_GET_PRIVATE(plugin)->ike_sa = ike_sa;
|
||||||
|
listener = &NM_STRONGSWAN_PLUGIN_GET_PRIVATE(plugin)->listener;
|
||||||
|
listener->ike_state_change = ike_state_change;
|
||||||
|
listener->child_state_change = child_state_change;
|
||||||
|
charon->bus->add_listener(charon->bus, listener);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Initiate
|
||||||
|
*/
|
||||||
if (ike_sa->initiate(ike_sa, child_cfg, 0, NULL, NULL) != SUCCESS)
|
if (ike_sa->initiate(ike_sa, child_cfg, 0, NULL, NULL) != SUCCESS)
|
||||||
{
|
{
|
||||||
|
charon->bus->remove_listener(charon->bus, listener);
|
||||||
charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, ike_sa);
|
charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, ike_sa);
|
||||||
|
|
||||||
g_set_error(err, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_LAUNCH_FAILED,
|
g_set_error(err, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_LAUNCH_FAILED,
|
||||||
"Initiating failed.");
|
"Initiating failed.");
|
||||||
return FALSE;
|
return FALSE;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Register listener
|
|
||||||
*/
|
|
||||||
NM_STRONGSWAN_PLUGIN_GET_PRIVATE(plugin)->ike_sa = ike_sa;
|
|
||||||
listener = &NM_STRONGSWAN_PLUGIN_GET_PRIVATE(plugin)->listener;
|
|
||||||
listener->child_state_change = child_state_change;
|
|
||||||
charon->bus->add_listener(charon->bus, listener);
|
|
||||||
charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
|
charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
|
||||||
return TRUE;
|
return TRUE;
|
||||||
}
|
}
|
||||||
|
@ -558,8 +566,8 @@ static void nm_strongswan_plugin_init(NMStrongswanPlugin *plugin)
|
||||||
private = NM_STRONGSWAN_PLUGIN_GET_PRIVATE(plugin);
|
private = NM_STRONGSWAN_PLUGIN_GET_PRIVATE(plugin);
|
||||||
private->plugin = NM_VPN_PLUGIN(plugin);
|
private->plugin = NM_VPN_PLUGIN(plugin);
|
||||||
memset(&private->listener.log, 0, sizeof(listener_t));
|
memset(&private->listener.log, 0, sizeof(listener_t));
|
||||||
private->listener.ike_state_change = ike_state_change;
|
private->listener.child_updown = child_updown;
|
||||||
private->listener.ike_keys = ike_keys;
|
private->listener.ike_rekey = ike_rekey;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
Loading…
Reference in New Issue