case HA_REMOTE_ID:
ike_sa->set_other_id(ike_sa, value.id->clone(value.id));
break;
- case HA_EAP_ID:
- ike_sa->set_eap_identity(ike_sa, value.id->clone(value.id));
- break;
case HA_LOCAL_ADDR:
ike_sa->set_my_host(ike_sa, value.host->clone(value.host));
break;
ha_message_value_t value;
enumerator_t *enumerator;
ike_sa_t *ike_sa = NULL;
- char *config_name;
+ char *config_name = "";
child_cfg_t *config = NULL;
child_sa_t *child_sa;
proposal_t *proposal;
keymat_t *keymat;
- bool initiator, failed = FALSE;
+ bool initiator = FALSE, failed = FALSE;
u_int32_t inbound_spi = 0, outbound_spi = 0;
u_int16_t inbound_cpi = 0, outbound_cpi = 0;
u_int8_t mode = MODE_TUNNEL, ipcomp = 0;
child_sa->set_state(child_sa, CHILD_INSTALLING);
proposal->destroy(proposal);
+ /* TODO: Change CHILD_SA API to avoid cloning twice */
+ local_ts = linked_list_create();
+ remote_ts = linked_list_create();
+ enumerator = message->create_attribute_enumerator(message);
+ while (enumerator->enumerate(enumerator, &attribute, &value))
+ {
+ switch (attribute)
+ {
+ case HA_LOCAL_TS:
+ local_ts->insert_last(local_ts, value.ts->clone(value.ts));
+ break;
+ case HA_REMOTE_TS:
+ remote_ts->insert_last(remote_ts, value.ts->clone(value.ts));
+ break;
+ default:
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+
if (initiator)
{
- if (child_sa->install(child_sa, encr_r, integ_r,
- inbound_spi, inbound_cpi, TRUE) != SUCCESS ||
- child_sa->install(child_sa, encr_i, integ_i,
- outbound_spi, outbound_cpi, FALSE) != SUCCESS)
+ if (child_sa->install(child_sa, encr_r, integ_r, inbound_spi,
+ inbound_cpi, TRUE, local_ts, remote_ts) != SUCCESS ||
+ child_sa->install(child_sa, encr_i, integ_i, outbound_spi,
+ outbound_cpi, FALSE, local_ts, remote_ts) != SUCCESS)
{
failed = TRUE;
}
}
else
{
- if (child_sa->install(child_sa, encr_i, integ_i,
- inbound_spi, inbound_cpi, TRUE) != SUCCESS ||
- child_sa->install(child_sa, encr_r, integ_r,
- outbound_spi, outbound_cpi, FALSE) != SUCCESS)
+ if (child_sa->install(child_sa, encr_i, integ_i, inbound_spi,
+ inbound_cpi, TRUE, local_ts, remote_ts) != SUCCESS ||
+ child_sa->install(child_sa, encr_r, integ_r, outbound_spi,
+ outbound_cpi, FALSE, local_ts, remote_ts) != SUCCESS)
{
failed = TRUE;
}
{
DBG1(DBG_CHD, "HA CHILD_SA installation failed");
child_sa->destroy(child_sa);
+ local_ts->destroy_offset(local_ts, offsetof(traffic_selector_t, destroy));
+ remote_ts->destroy_offset(remote_ts, offsetof(traffic_selector_t, destroy));
charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
return;
}
- /* TODO: Change CHILD_SA API to avoid cloning twice */
- local_ts = linked_list_create();
- remote_ts = linked_list_create();
- enumerator = message->create_attribute_enumerator(message);
- while (enumerator->enumerate(enumerator, &attribute, &value))
- {
- switch (attribute)
- {
- case HA_LOCAL_TS:
- local_ts->insert_last(local_ts, value.ts->clone(value.ts));
- break;
- case HA_REMOTE_TS:
- remote_ts->insert_last(remote_ts, value.ts->clone(value.ts));
- break;
- default:
- break;
- }
- }
- enumerator->destroy(enumerator);
child_sa->add_policies(child_sa, local_ts, remote_ts);
local_ts->destroy_offset(local_ts, offsetof(traffic_selector_t, destroy));
remote_ts->destroy_offset(remote_ts, offsetof(traffic_selector_t, destroy));
peer_cfg_t *peer_cfg;
u_int32_t extension, condition;
host_t *addr;
- identification_t *eap_id;
ike_sa_id_t *id;
peer_cfg = ike_sa->get_peer_cfg(ike_sa);
| copy_extension(ike_sa, EXT_MOBIKE)
| copy_extension(ike_sa, EXT_HASH_AND_URL);
- eap_id = ike_sa->get_eap_identity(ike_sa);
id = ike_sa->get_id(ike_sa);
m = ha_message_create(HA_IKE_UPDATE);
m->add_attribute(m, HA_CONDITIONS, condition);
m->add_attribute(m, HA_EXTENSIONS, extension);
m->add_attribute(m, HA_CONFIG_NAME, peer_cfg->get_name(peer_cfg));
- if (eap_id)
- {
- m->add_attribute(m, HA_EAP_ID, eap_id);
- }
iterator = ike_sa->create_additional_address_iterator(ike_sa);
while (iterator->iterate(iterator, (void**)&addr))
{
charon->credentials->add_set(charon->credentials, &this->creds.public);
/* create config and backend */
- ike_cfg = ike_cfg_create(FALSE, FALSE, local, remote);
+ ike_cfg = ike_cfg_create(FALSE, FALSE, local, IKEV2_UDP_PORT,
+ remote, IKEV2_UDP_PORT);
ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
peer_cfg = peer_cfg_create("ha", 2, ike_cfg, CERT_NEVER_SEND,
UNIQUE_KEEP, 0, 86400, 0, 7200, 3600, FALSE, 30,
peer_cfg->add_auth_cfg(peer_cfg, auth_cfg, FALSE);
child_cfg = child_cfg_create("ha", &lifetime, NULL, TRUE,
- MODE_TRANSPORT, ACTION_NONE, ACTION_NONE, FALSE);
+ MODE_TRANSPORT, ACTION_NONE, ACTION_NONE, FALSE, 0);
ts = traffic_selector_create_dynamic(IPPROTO_UDP, HA_PORT, HA_PORT);
child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
ts = traffic_selector_create_dynamic(IPPROTO_ICMP, 0, 65535);