ha: Sync remote address in HA_IKE_ADD, too
authorThomas Egerer <thomas.egerer@secunet.com>
Fri, 24 Apr 2015 11:43:18 +0000 (13:43 +0200)
committerTobias Brunner <tobias@strongswan.org>
Tue, 4 Aug 2015 09:21:54 +0000 (11:21 +0200)
When the IKE_SA is synced without the remote address, after a
reauthentication charon is not able to find it in its connected_peers
table since the destination host will be %any (it's missing in the
message, hence the default from the newly created ike_sa_t -- %any --
will be used).
By adding the value to the HA_IKE_ADD message, we should be able to
solve this problem.

Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
src/libcharon/plugins/ha/ha_dispatcher.c
src/libcharon/plugins/ha/ha_ike.c

index 31eeb93..75d5030 100644 (file)
@@ -135,6 +135,7 @@ static void process_ike_add(private_ha_dispatcher_t *this, ha_message_t *message
        chunk_t nonce_i = chunk_empty, nonce_r = chunk_empty;
        chunk_t secret = chunk_empty, old_skd = chunk_empty;
        chunk_t dh_local = chunk_empty, dh_remote = chunk_empty, psk = chunk_empty;
+       host_t *other = NULL;
        bool ok = FALSE;
 
        enumerator = message->create_attribute_enumerator(message);
@@ -150,6 +151,9 @@ static void process_ike_add(private_ha_dispatcher_t *this, ha_message_t *message
                                old_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager,
                                                                                                                  value.ike_sa_id);
                                break;
+                       case HA_REMOTE_ADDR:
+                               other = value.host->clone(value.host);
+                               break;
                        case HA_IKE_VERSION:
                                version = value.u8;
                                break;
@@ -252,6 +256,11 @@ static void process_ike_add(private_ha_dispatcher_t *this, ha_message_t *message
                                                                                                charon->ike_sa_manager, old_sa);
                                old_sa = NULL;
                        }
+                       if (other)
+                       {
+                               ike_sa->set_other_host(ike_sa, other);
+                               other = NULL;
+                       }
                        ike_sa->set_state(ike_sa, IKE_CONNECTING);
                        ike_sa->set_proposal(ike_sa, proposal);
                        this->cache->cache(this->cache, ike_sa, message);
@@ -270,6 +279,7 @@ static void process_ike_add(private_ha_dispatcher_t *this, ha_message_t *message
        {
                charon->ike_sa_manager->checkin(charon->ike_sa_manager, old_sa);
        }
+       DESTROY_IF(other);
        DESTROY_IF(message);
 }
 
index 6b4b53c..7492dd0 100644 (file)
@@ -138,6 +138,7 @@ METHOD(listener_t, ike_keys, bool,
                        m->add_attribute(m, HA_PSK, shared->get_key(shared));
                }
        }
+       m->add_attribute(m, HA_REMOTE_ADDR, ike_sa->get_other_host(ike_sa));
 
        this->socket->push(this->socket, m);
        this->cache->cache(this->cache, ike_sa, m);