/*
+ * Copyright (C) 2010-2012 Tobias Brunner
* Copyright (C) 2007 Martin Willi
* Hochschule fuer Technik Rapperswil
*
{
if (first)
{ /* an ADDITIONAL_*_ADDRESS means replace, so flush once */
- this->ike_sa->remove_additional_addresses(this->ike_sa);
+ this->ike_sa->clear_peer_addresses(this->ike_sa);
first = FALSE;
+ /* add the peer's current address to the list */
+ host = message->get_source(message);
+ this->ike_sa->add_peer_address(this->ike_sa,
+ host->clone(host));
}
data = notify->get_notification_data(notify);
host = host_create_from_chunk(family, data, 0);
DBG2(DBG_IKE, "got additional MOBIKE peer address: %H", host);
- this->ike_sa->add_additional_address(this->ike_sa, host);
+ this->ike_sa->add_peer_address(this->ike_sa, host);
this->addresses_updated = TRUE;
break;
}
}
case NO_ADDITIONAL_ADDRESSES:
{
- this->ike_sa->remove_additional_addresses(this->ike_sa);
+ this->ike_sa->clear_peer_addresses(this->ike_sa);
+ /* add the peer's current address to the list */
+ host = message->get_source(message);
+ this->ike_sa->add_peer_address(this->ike_sa, host->clone(host));
this->addresses_updated = TRUE;
break;
}
/**
* build a cookie and add it to the message
*/
-static void build_cookie(private_ike_mobike_t *this, message_t *message)
+static bool build_cookie(private_ike_mobike_t *this, message_t *message)
{
rng_t *rng;
chunk_free(&this->cookie2);
rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG);
- if (rng)
+ if (!rng || !rng->allocate_bytes(rng, COOKIE2_SIZE, &this->cookie2))
{
- rng->allocate_bytes(rng, COOKIE2_SIZE, &this->cookie2);
- rng->destroy(rng);
- message->add_notify(message, FALSE, COOKIE2, this->cookie2);
+ DESTROY_IF(rng);
+ return FALSE;
}
+ message->add_notify(message, FALSE, COOKIE2, this->cookie2);
+ rng->destroy(rng);
+ return TRUE;
}
/**
/**
* Apply the port of the old host, if its ip equals the new, use port otherwise.
*/
-static void apply_port(host_t *host, host_t *old, u_int16_t port)
+static void apply_port(host_t *host, host_t *old, u_int16_t port, bool local)
{
if (host->ip_equals(host, old))
{
port = old->get_port(old);
}
- else if (port == IKEV2_UDP_PORT)
+ else if (port == (local ? CHARON_UDP_PORT : IKEV2_UDP_PORT))
{
- port = IKEV2_NATT_PORT;
+ port = (local ? CHARON_NATT_PORT : IKEV2_NATT_PORT);
}
host->set_port(host, port);
}
other_old = this->ike_sa->get_other_host(this->ike_sa);
ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa);
- me = hydra->kernel_interface->get_source_addr(
- hydra->kernel_interface, other_old, NULL);
- if (me)
- {
- apply_port(me, me_old, ike_cfg->get_my_port(ike_cfg));
- DBG1(DBG_IKE, "checking original path %#H - %#H", me, other_old);
- copy = packet->clone(packet);
- copy->set_source(copy, me);
- charon->sender->send(charon->sender, copy);
- }
-
- enumerator = this->ike_sa->create_additional_address_enumerator(this->ike_sa);
+ enumerator = this->ike_sa->create_peer_address_enumerator(this->ike_sa);
while (enumerator->enumerate(enumerator, (void**)&other))
{
me = hydra->kernel_interface->get_source_addr(
continue;
}
/* reuse port for an active address, 4500 otherwise */
- apply_port(me, me_old, ike_cfg->get_my_port(ike_cfg));
+ apply_port(me, me_old, ike_cfg->get_my_port(ike_cfg), TRUE);
other = other->clone(other);
- apply_port(other, other_old, ike_cfg->get_other_port(ike_cfg));
+ apply_port(other, other_old, ike_cfg->get_other_port(ike_cfg), FALSE);
DBG1(DBG_IKE, "checking path %#H - %#H", me, other);
copy = packet->clone(packet);
copy->set_source(copy, me);
{
message->add_notify(message, FALSE, UPDATE_SA_ADDRESSES,
chunk_empty);
- build_cookie(this, message);
+ if (!build_cookie(this, message))
+ {
+ return FAILED;
+ }
update_children(this);
}
if (this->address && !this->check)
projects / strongswan.git / blobdiff