Don't compare initiator flag in IKE_SA manager, pass initiator parameter to IKE_SA...
authorMartin Willi <martin@revosec.ch>
Mon, 21 Nov 2011 16:18:43 +0000 (17:18 +0100)
committerMartin Willi <martin@revosec.ch>
Tue, 20 Mar 2012 16:30:47 +0000 (17:30 +0100)
src/libcharon/plugins/ha/ha_dispatcher.c
src/libcharon/sa/ike_sa.c
src/libcharon/sa/ike_sa.h
src/libcharon/sa/ike_sa_id.c
src/libcharon/sa/ike_sa_manager.c

index f430fee..71c458a 100644 (file)
@@ -89,7 +89,8 @@ static void process_ike_add(private_ha_dispatcher_t *this, ha_message_t *message
                switch (attribute)
                {
                        case HA_IKE_ID:
-                               ike_sa = ike_sa_create(value.ike_sa_id, IKEV2);
+                               ike_sa = ike_sa_create(value.ike_sa_id,
+                                               value.ike_sa_id->is_initiator(value.ike_sa_id), IKEV2);
                                break;
                        case HA_IKE_REKEY_ID:
                                old_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager,
index b9b2bb8..d2dffea 100644 (file)
@@ -2131,7 +2131,8 @@ METHOD(ike_sa_t, destroy, void,
 /*
  * Described in header.
  */
-ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id, ike_version_t version)
+ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id, bool initiator,
+                                                ike_version_t version)
 {
        private_ike_sa_t *this;
        static u_int32_t unique_id = 0;
@@ -2224,7 +2225,7 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id, ike_version_t version)
                .other_host = host_create_any(AF_INET),
                .my_id = identification_create_from_encoding(ID_ANY, chunk_empty),
                .other_id = identification_create_from_encoding(ID_ANY, chunk_empty),
-               .keymat = keymat_create(version, ike_sa_id->is_initiator(ike_sa_id)),
+               .keymat = keymat_create(version, initiator),
                .state = IKE_CREATED,
                .stats[STAT_INBOUND] = time_monotonic(NULL),
                .stats[STAT_OUTBOUND] = time_monotonic(NULL),
index 21f7c74..2708b0b 100644 (file)
@@ -959,9 +959,11 @@ struct ike_sa_t {
  * Creates an ike_sa_t object with a specific ID and IKE version.
  *
  * @param ike_sa_id            ike_sa_id_t to associate with new IKE_SA/ISAKMP_SA
+ * @param initiator            TRUE to create this IKE_SA as initiator
  * @param version              IKE version of this SA
  * @return                             ike_sa_t object
  */
-ike_sa_t *ike_sa_create(ike_sa_id_t *ike_sa_id, ike_version_t version);
+ike_sa_t *ike_sa_create(ike_sa_id_t *ike_sa_id, bool initiator,
+                                               ike_version_t version);
 
 #endif /** IKE_SA_H_ @}*/
index bea4c21..fb73bdd 100644 (file)
@@ -77,18 +77,8 @@ METHOD(ike_sa_id_t, equals, bool,
        {
                return FALSE;
        }
-       if ((this->is_initiator_flag == other->is_initiator_flag) &&
-               (this->initiator_spi == other->initiator_spi) &&
-               (this->responder_spi == other->responder_spi))
-       {
-               /* private_ike_sa_id's are equal */
-               return TRUE;
-       }
-       else
-       {
-               /* private_ike_sa_id's are not equal */
-               return FALSE;
-       }
+       return this->initiator_spi == other->initiator_spi &&
+                  this->responder_spi == other->responder_spi;
 }
 
 METHOD(ike_sa_id_t, replace_values, void,
index 5564590..ffbc2ec 100644 (file)
@@ -163,7 +163,6 @@ static entry_t *entry_create()
 static bool entry_match_by_hash(entry_t *entry, ike_sa_id_t *id, chunk_t *hash)
 {
        return id->get_responder_spi(id) == 0 &&
-               id->is_initiator(id) == entry->ike_sa_id->is_initiator(entry->ike_sa_id) &&
                id->get_initiator_spi(id) == entry->ike_sa_id->get_initiator_spi(entry->ike_sa_id) &&
                chunk_equals(*hash, entry->init_hash);
 }
@@ -179,7 +178,6 @@ static bool entry_match_by_id(entry_t *entry, ike_sa_id_t *id)
        }
        if ((id->get_responder_spi(id) == 0 ||
                 entry->ike_sa_id->get_responder_spi(entry->ike_sa_id) == 0) &&
-               id->is_initiator(id) == entry->ike_sa_id->is_initiator(entry->ike_sa_id) &&
                id->get_initiator_spi(id) == entry->ike_sa_id->get_initiator_spi(entry->ike_sa_id))
        {
                /* this is TRUE for IKE_SAs that we initiated but have not yet received a response */
@@ -954,7 +952,7 @@ METHOD(ike_sa_manager_t, checkout_new, ike_sa_t*,
        {
                ike_sa_id = ike_sa_id_create(0, get_spi(this), FALSE);
        }
-       ike_sa = ike_sa_create(ike_sa_id, version);
+       ike_sa = ike_sa_create(ike_sa_id, initiator, version);
        ike_sa_id->destroy(ike_sa_id);
 
        DBG2(DBG_MGR, "created IKE_SA %s[%u]", ike_sa->get_name(ike_sa),
@@ -1036,7 +1034,8 @@ METHOD(ike_sa_manager_t, checkout_by_message, ike_sa_t*,
                        /* no IKE_SA found, create a new one */
                        id->set_responder_spi(id, get_spi(this));
                        entry = entry_create();
-                       entry->ike_sa = ike_sa_create(id, ike_version);
+                       /* a new SA checked out by message is a responder SA */
+                       entry->ike_sa = ike_sa_create(id, FALSE, ike_version);
                        entry->ike_sa_id = id->clone(id);
 
                        segment = put_entry(this, entry);