migrate-job: Do CHILD_SA reqid lookup locally
authorMartin Willi <martin@revosec.ch>
Mon, 27 Oct 2014 15:03:05 +0000 (16:03 +0100)
committerMartin Willi <martin@revosec.ch>
Fri, 20 Feb 2015 12:34:51 +0000 (13:34 +0100)
src/libcharon/processing/jobs/migrate_job.c
src/libcharon/processing/jobs/migrate_job.h

index 311c4ab..097dbdf 100644 (file)
@@ -70,30 +70,34 @@ METHOD(job_t, destroy, void,
 METHOD(job_t, execute, job_requeue_t,
        private_migrate_job_t *this)
 {
-       ike_sa_t *ike_sa = NULL;
+       enumerator_t *ike_sas, *children;
+       ike_sa_t *ike_sa;
 
-       if (this->reqid)
+       ike_sas = charon->ike_sa_manager->create_enumerator(charon->ike_sa_manager,
+                                                                                                               TRUE);
+       while (ike_sas->enumerate(ike_sas, &ike_sa))
        {
-               ike_sa = charon->ike_sa_manager->checkout_by_id(charon->ike_sa_manager,
-                                                                                                               this->reqid, TRUE);
-       }
-       if (ike_sa)
-       {
-               enumerator_t *children, *enumerator;
-               child_sa_t *child_sa;
-               host_t *host;
-               status_t status;
+               child_sa_t *current, *child_sa = NULL;
                linked_list_t *vips;
+               status_t status;
+               host_t *host;
 
                children = ike_sa->create_child_sa_enumerator(ike_sa);
-               while (children->enumerate(children, (void**)&child_sa))
+               while (children->enumerate(children, &current))
                {
-                       if (child_sa->get_reqid(child_sa) == this->reqid)
+                       if (current->get_reqid(current) == this->reqid)
                        {
+                               child_sa = current;
                                break;
                        }
                }
                children->destroy(children);
+
+               if (!child_sa)
+               {
+                       continue;
+               }
+
                DBG2(DBG_JOB, "found CHILD_SA with reqid {%d}", this->reqid);
 
                ike_sa->set_kmaddress(ike_sa, this->local, this->remote);
@@ -106,13 +110,8 @@ METHOD(job_t, execute, job_requeue_t,
                host->set_port(host, IKEV2_UDP_PORT);
                ike_sa->set_other_host(ike_sa, host);
 
-               vips = linked_list_create();
-               enumerator = ike_sa->create_virtual_ip_enumerator(ike_sa, TRUE);
-               while (enumerator->enumerate(enumerator, &host))
-               {
-                       vips->insert_last(vips, host);
-               }
-               enumerator->destroy(enumerator);
+               vips = linked_list_create_from_enumerator(
+                                                       ike_sa->create_virtual_ip_enumerator(ike_sa, TRUE));
 
                status = child_sa->update(child_sa, this->local, this->remote, vips,
                                                                  ike_sa->has_condition(ike_sa, COND_NAT_ANY));
@@ -130,13 +129,9 @@ METHOD(job_t, execute, job_requeue_t,
                        default:
                                break;
                }
-               charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
                vips->destroy(vips);
        }
-       else
-       {
-               DBG1(DBG_JOB, "no CHILD_SA found with reqid {%d}", this->reqid);
-       }
+       ike_sas->destroy(ike_sas);
        return JOB_REQUEUE_NONE;
 }
 
index 30c0ad0..0f2b9aa 100644 (file)
@@ -46,7 +46,7 @@ struct migrate_job_t {
  *
  * We use the reqid or the traffic selectors to find a matching CHILD_SA.
  *
- * @param reqid                reqid of the CHILD_SA to acquire
+ * @param reqid                reqid of the CHILD_SA to migrate
  * @param src_ts       source traffic selector to be used in the policy
  * @param dst_ts       destination traffic selector to be used in the policy
  * @param dir          direction of the policy (in|out)