ha: Skip SA for sync messages when resyncing HA segments
authorTobias Brunner <tobias@strongswan.org>
Tue, 26 May 2015 13:43:46 +0000 (15:43 +0200)
committerTobias Brunner <tobias@strongswan.org>
Tue, 26 May 2015 13:43:46 +0000 (15:43 +0200)
src/libcharon/plugins/ha/ha_cache.c
src/libcharon/plugins/ha/ha_cache.h
src/libcharon/plugins/ha/ha_plugin.c

index 6c1b347..0650f7f 100644 (file)
@@ -43,6 +43,11 @@ struct private_ha_cache_t {
        ha_socket_t *socket;
 
        /**
+        * Tunnel securing sync messages
+        */
+       ha_tunnel_t *tunnel;
+
+       /**
         * Total number of segments
         */
        u_int count;
@@ -259,6 +264,10 @@ static void rekey_segment(private_ha_cache_t *this, u_int segment)
                                                                                                charon->ike_sa_manager, TRUE);
        while (enumerator->enumerate(enumerator, &ike_sa))
        {
+               if (this->tunnel && this->tunnel->is_sa(this->tunnel, ike_sa))
+               {
+                       continue;
+               }
                if (ike_sa->get_state(ike_sa) == IKE_ESTABLISHED &&
                        this->kernel->get_segment(this->kernel,
                                                ike_sa->get_other_host(ike_sa)) == segment)
@@ -365,7 +374,7 @@ METHOD(ha_cache_t, destroy, void,
  * See header
  */
 ha_cache_t *ha_cache_create(ha_kernel_t *kernel, ha_socket_t *socket,
-                                                       bool sync, u_int count)
+                                                       ha_tunnel_t *tunnel, bool sync, u_int count)
 {
        private_ha_cache_t *this;
 
@@ -379,6 +388,7 @@ ha_cache_t *ha_cache_create(ha_kernel_t *kernel, ha_socket_t *socket,
                .count = count,
                .kernel = kernel,
                .socket = socket,
+               .tunnel = tunnel,
                .cache = hashtable_create(hashtable_hash_ptr, hashtable_equals_ptr, 8),
                .mutex = mutex_create(MUTEX_TYPE_DEFAULT),
        );
index 5e3936a..9fabbac 100644 (file)
@@ -73,6 +73,6 @@ struct ha_cache_t {
  * @param count                        total number of segments
  */
 ha_cache_t *ha_cache_create(ha_kernel_t *kernel, ha_socket_t *socket,
-                                                       bool resync, u_int count);
+                                                       ha_tunnel_t *tunnel, bool resync, u_int count);
 
 #endif /** HA_CACHE_H_ @}*/
index 9d25b01..037b69b 100644 (file)
@@ -137,7 +137,8 @@ static bool initialize_plugin(private_ha_plugin_t *this)
        this->kernel = ha_kernel_create(count);
        this->segments = ha_segments_create(this->socket, this->kernel, this->tunnel,
                                                        count, strcmp(local, remote) > 0, monitor);
-       this->cache = ha_cache_create(this->kernel, this->socket, resync, count);
+       this->cache = ha_cache_create(this->kernel, this->socket, this->tunnel,
+                                                                 resync, count);
        if (fifo)
        {
                this->ctl = ha_ctl_create(this->segments, this->cache);