Raise alerts when enforcing IKE_SA unique policy
This commit is contained in:
parent
5dd9c3087f
commit
c794455666
|
@ -111,6 +111,10 @@ enum alert_t {
|
|||
ALERT_PROPOSAL_MISMATCH_IKE,
|
||||
/** CHILD proposals do not match, argument is linked_list_t of proposal_t */
|
||||
ALERT_PROPOSAL_MISMATCH_CHILD,
|
||||
/** IKE_SA deleted because of "replace" unique policy, no argument */
|
||||
ALERT_UNIQUE_REPLACE,
|
||||
/** IKE_SA deleted because of "keep" unique policy, no arguement */
|
||||
ALERT_UNIQUE_KEEP,
|
||||
};
|
||||
|
||||
/**
|
||||
|
|
|
@ -191,6 +191,7 @@ METHOD(listener_t, message_hook, bool,
|
|||
{
|
||||
DBG1(DBG_CFG, "got a response on a duplicate IKE_SA for '%Y', "
|
||||
"deleting new IKE_SA", id);
|
||||
charon->bus->alert(charon->bus, ALERT_UNIQUE_KEEP);
|
||||
entry_destroy(entry);
|
||||
this->mutex->lock(this->mutex);
|
||||
entry = this->active->remove(this->active, id);
|
||||
|
|
|
@ -1769,6 +1769,7 @@ METHOD(ike_sa_manager_t, check_uniqueness, bool,
|
|||
switch (policy)
|
||||
{
|
||||
case UNIQUE_REPLACE:
|
||||
charon->bus->alert(charon->bus, ALERT_UNIQUE_REPLACE);
|
||||
DBG1(DBG_IKE, "deleting duplicate IKE_SA for peer "
|
||||
"'%Y' due to uniqueness policy", other);
|
||||
status = duplicate->delete(duplicate);
|
||||
|
|
|
@ -807,6 +807,7 @@ METHOD(task_t, build_r, status_t,
|
|||
this->ike_sa, FALSE))
|
||||
{
|
||||
DBG1(DBG_IKE, "cancelling IKE_SA setup due to uniqueness policy");
|
||||
charon->bus->alert(charon->bus, ALERT_UNIQUE_KEEP);
|
||||
message->add_notify(message, TRUE, AUTHENTICATION_FAILED,
|
||||
chunk_empty);
|
||||
return FAILED;
|
||||
|
|
Loading…
Reference in New Issue