fallback to reauthentication if peer does not support CHILD_SA rekeying
authorMartin Willi <martin@strongswan.org>
Fri, 14 Nov 2008 14:05:47 +0000 (14:05 -0000)
committerMartin Willi <martin@strongswan.org>
Fri, 14 Nov 2008 14:05:47 +0000 (14:05 -0000)
src/charon/sa/tasks/child_rekey.c
src/charon/sa/tasks/ike_rekey.c

index 6d741b7..3a22d50 100644 (file)
@@ -23,6 +23,7 @@
 #include <sa/tasks/child_create.h>
 #include <sa/tasks/child_delete.h>
 #include <processing/jobs/rekey_child_sa_job.h>
+#include <processing/jobs/rekey_ike_sa_job.h>
 
 
 typedef struct private_child_rekey_t private_child_rekey_t;
@@ -177,6 +178,31 @@ static status_t process_i(private_child_rekey_t *this, message_t *message)
        protocol_id_t protocol;
        u_int32_t spi;
        child_sa_t *to_delete;
+       iterator_t *iterator;
+       payload_t *payload;
+       
+       /* handle NO_ADDITIONAL_SAS notify */
+       iterator = message->get_payload_iterator(message);
+       while (iterator->iterate(iterator, (void**)&payload))
+       {
+               if (payload->get_type(payload) == NOTIFY)
+               {
+                       notify_payload_t *notify = (notify_payload_t*)payload;
+                       
+                       if (notify->get_notify_type(notify) == NO_ADDITIONAL_SAS)
+                       {
+                               DBG1(DBG_IKE, "peer seems to not support CHILD_SA rekeying, "
+                                        "starting reauthentication");
+                               this->child_sa->set_state(this->child_sa, CHILD_INSTALLED);
+                               charon->processor->queue_job(charon->processor,
+                                               (job_t*)rekey_ike_sa_job_create(
+                                                                       this->ike_sa->get_id(this->ike_sa), TRUE));
+                               iterator->destroy(iterator);
+                               return SUCCESS;
+                       }
+               }
+       }
+       iterator->destroy(iterator);
        
        if (this->child_create->task.process(&this->child_create->task, message) == NEED_MORE)
        {
index 60410db..d094a04 100644 (file)
@@ -180,9 +180,8 @@ static status_t process_i(private_ike_rekey_t *this, message_t *message)
                if (payload->get_type(payload) == NOTIFY)
                {
                        notify_payload_t *notify = (notify_payload_t*)payload;
-                       notify_type_t type = notify->get_notify_type(notify);
                        
-                       if (type == NO_ADDITIONAL_SAS)
+                       if (notify->get_notify_type(notify) == NO_ADDITIONAL_SAS)
                        {
                                DBG1(DBG_IKE, "peer seems to not support IKE rekeying, "
                                         "starting reauthentication");