From faf9569fdbe981aee18ae350ab9df26725b8a14a Mon Sep 17 00:00:00 2001
From: Martin Willi <martin@strongswan.org>
Date: Wed, 12 Nov 2008 16:07:17 +0000
Subject: [PATCH] moved ike_initiator flag to IKE_SAs condition bitfield

---
 src/charon/sa/ike_sa.c       | 24 ++++--------------------
 src/charon/sa/ike_sa.h       | 16 +++++++---------
 src/charon/sa/tasks/ike_me.c |  2 +-
 3 files changed, 12 insertions(+), 30 deletions(-)

diff --git a/src/charon/sa/ike_sa.c b/src/charon/sa/ike_sa.c
index 37691fbf7..0e23ae214 100644
--- a/src/charon/sa/ike_sa.c
+++ b/src/charon/sa/ike_sa.c
@@ -245,11 +245,6 @@ struct private_ike_sa_t {
 	 * how many times we have retried so far (keyingtries)
 	 */
 	u_int32_t keyingtry;
-	
-	/**
-	 * are we the initiator of this IKE_SA (rekeying does not affect this flag)
-	 */
-	bool ike_initiator;
 
 	/**
 	 * local host address to be used for IKE, set via MIGRATE kernel message
@@ -481,14 +476,6 @@ static void set_ike_cfg(private_ike_sa_t *this, ike_cfg_t *ike_cfg)
 	this->ike_cfg = ike_cfg;
 }
 
-/**
- * Implementation of ike_sa_t.is_ike_initiator
- */
-static bool is_ike_initiator(private_ike_sa_t *this)
-{
-	return this->ike_initiator;
-}
-
 /**
  * Implementation of ike_sa_t.enable_extension.
  */
@@ -1140,7 +1127,7 @@ static status_t initiate_with_reqid(private_ike_sa_t *this, child_cfg_t *child_c
 			return DESTROY_ME;
 		}
 		
-		this->ike_initiator = TRUE;
+		set_condition(this, COND_ORIGINAL_INITIATOR, TRUE);
 		
 		task = (task_t*)ike_init_create(&this->public, TRUE, NULL);
 		this->task_manager->queue_task(this->task_manager, task);
@@ -1725,7 +1712,7 @@ static status_t reauth(private_ike_sa_t *this)
 	/* we can't reauthenticate as responder when we use EAP or virtual IPs.
 	 * If the peer does not support RFC4478, there is no way to keep the
 	 * IKE_SA up. */
-	if (!this->ike_initiator)
+	if (!has_condition(this, COND_ORIGINAL_INITIATOR))
 	{
 		DBG1(DBG_IKE, "initiator did not reauthenticate as requested");
 		if (this->other_virtual_ip != NULL ||
@@ -1803,7 +1790,7 @@ static status_t reestablish(private_ike_sa_t *this)
 	}
 	
 	/* check if we are able to reestablish this IKE_SA */
-	if (!this->ike_initiator &&
+	if (!has_condition(this, COND_ORIGINAL_INITIATOR) &&
 		(this->other_virtual_ip != NULL ||
 		 has_condition(this, COND_EAP_AUTHENTICATED)
 #ifdef ME
@@ -2030,7 +2017,6 @@ static status_t inherit(private_ike_sa_t *this, private_ike_sa_t *other)
 	this->other_host = other->other_host->clone(other->other_host);
 	this->my_id = other->my_id->clone(other->my_id);
 	this->other_id = other->other_id->clone(other->other_id);
-	this->ike_initiator = other->ike_initiator;
 	
 	/* apply virtual assigned IPs... */
 	if (other->my_virtual_ip)
@@ -2051,7 +2037,7 @@ static status_t inherit(private_ike_sa_t *this, private_ike_sa_t *other)
 		this->dns_servers->insert_first(this->dns_servers, ip);
 	}
 
-	/* inherit NAT-T conditions */
+	/* inherit all conditions */
 	this->conditions = other->conditions;
 	if (this->conditions & COND_NAT_HERE)
 	{
@@ -2344,7 +2330,6 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id)
 	this->public.has_condition = (bool (*)(ike_sa_t*,ike_condition_t)) has_condition;
 	this->public.set_pending_updates = (void(*)(ike_sa_t*, u_int32_t updates))set_pending_updates;
 	this->public.get_pending_updates = (u_int32_t(*)(ike_sa_t*))get_pending_updates;
-	this->public.is_ike_initiator = (bool (*)(ike_sa_t*))is_ike_initiator;
 	this->public.create_additional_address_iterator = (iterator_t*(*)(ike_sa_t*))create_additional_address_iterator;
 	this->public.add_additional_address = (void(*)(ike_sa_t*, host_t *host))add_additional_address;
 	this->public.has_mapping_changed = (bool(*)(ike_sa_t*, chunk_t hash))has_mapping_changed;
@@ -2415,7 +2400,6 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id)
 	this->nat_detection_dest = chunk_empty;
 	this->pending_updates = 0;
 	this->keyingtry = 0;
-	this->ike_initiator = FALSE;
 	this->local_host = NULL;
 	this->remote_host = NULL;
 #ifdef ME
diff --git a/src/charon/sa/ike_sa.h b/src/charon/sa/ike_sa.h
index 23098f58e..f7672f2d8 100644
--- a/src/charon/sa/ike_sa.h
+++ b/src/charon/sa/ike_sa.h
@@ -108,16 +108,21 @@ enum ike_condition_t {
 	 * Faking NAT to enforce UDP encapsulation
 	 */
 	COND_NAT_FAKE = (1<<3),
-
+	
 	/**
 	 * peer has ben authenticated using EAP
 	 */
 	COND_EAP_AUTHENTICATED = (1<<4),
-
+	
 	/**
 	 * received a certificate request from the peer
 	 */
 	COND_CERTREQ_SEEN = (1<<5),
+	
+	/**
+	 * Local peer is the "original" IKE initiator. Unaffected from rekeying.
+	 */
+	COND_ORIGINAL_INITIATOR = (1<<6),
 };
 
 /**
@@ -483,13 +488,6 @@ struct ike_sa_t {
 	 */
 	void (*set_pending_updates)(ike_sa_t *this, u_int32_t updates);
 	
-	/**
-	 * Check if we are the original initiator of this IKE_SA (rekeying does not
-	 * change this flag).
-	 */
-	bool (*is_ike_initiator)(ike_sa_t *this);
-	
-
 #ifdef ME
 	/**
 	 * Activate mediation server functionality for this IKE_SA.
diff --git a/src/charon/sa/tasks/ike_me.c b/src/charon/sa/tasks/ike_me.c
index 1ffb4c799..32c264c43 100644
--- a/src/charon/sa/tasks/ike_me.c
+++ b/src/charon/sa/tasks/ike_me.c
@@ -785,7 +785,7 @@ ike_me_t *ike_me_create(ike_sa_t *ike_sa, bool initiator)
 	this->public.task.migrate = (void(*)(task_t*,ike_sa_t*))migrate;
 	this->public.task.destroy = (void(*)(task_t*))destroy;
 	
-	if (ike_sa->is_ike_initiator(ike_sa))
+	if (ike_sa->has_condition(ike_sa, COND_ORIGINAL_INITIATOR))
 	{
 		if (initiator)
 		{