ikev2: Add inherit_pre() to apply config and hosts before IKE_SA rekeying
authorMartin Willi <martin@revosec.ch>
Thu, 10 Apr 2014 08:21:32 +0000 (10:21 +0200)
committerMartin Willi <martin@revosec.ch>
Thu, 17 Apr 2014 07:24:51 +0000 (09:24 +0200)
src/libcharon/plugins/ha/ha_dispatcher.c
src/libcharon/sa/ike_sa.c
src/libcharon/sa/ike_sa.h
src/libcharon/sa/ikev2/tasks/ike_rekey.c

index 1ce9d3a..6ff24c3 100644 (file)
@@ -245,13 +245,8 @@ static void process_ike_add(private_ha_dispatcher_t *this, ha_message_t *message
                {
                        if (old_sa)
                        {
-                               peer_cfg_t *peer_cfg = old_sa->get_peer_cfg(old_sa);
-
-                               if (peer_cfg)
-                               {
-                                       ike_sa->set_peer_cfg(ike_sa, peer_cfg);
-                                       ike_sa->inherit(ike_sa, old_sa);
-                               }
+                               ike_sa->inherit_pre(ike_sa, old_sa);
+                               ike_sa->inherit_post(ike_sa, old_sa);
                                charon->ike_sa_manager->checkin_and_destroy(
                                                                                                charon->ike_sa_manager, old_sa);
                                old_sa = NULL;
@@ -1077,4 +1072,3 @@ ha_dispatcher_t *ha_dispatcher_create(ha_socket_t *socket,
 
        return &this->public;
 }
-
index 2c15dc5..4b4c1ce 100644 (file)
@@ -2019,7 +2019,18 @@ METHOD(ike_sa_t, queue_task, void,
        this->task_manager->queue_task(this->task_manager, task);
 }
 
-METHOD(ike_sa_t, inherit, void,
+METHOD(ike_sa_t, inherit_pre, void,
+       private_ike_sa_t *this, ike_sa_t *other_public)
+{
+       private_ike_sa_t *other = (private_ike_sa_t*)other_public;
+
+       /* apply config and hosts */
+       set_peer_cfg(this, other->peer_cfg);
+       set_my_host(this, other->my_host->clone(other->my_host));
+       set_other_host(this, other->other_host->clone(other->other_host));
+}
+
+METHOD(ike_sa_t, inherit_post, void,
        private_ike_sa_t *this, ike_sa_t *other_public)
 {
        private_ike_sa_t *other = (private_ike_sa_t*)other_public;
@@ -2288,7 +2299,8 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id, bool initiator,
                        .reestablish = _reestablish,
                        .set_auth_lifetime = _set_auth_lifetime,
                        .roam = _roam,
-                       .inherit = _inherit,
+                       .inherit_pre = _inherit_pre,
+                       .inherit_post = _inherit_post,
                        .generate_message = _generate_message,
                        .reset = _reset,
                        .get_unique_id = _get_unique_id,
index 00c16c0..d162539 100644 (file)
@@ -1020,6 +1020,16 @@ struct ike_sa_t {
        void (*queue_task)(ike_sa_t *this, task_t *task);
 
        /**
+        * Inherit required attributes to new SA before rekeying.
+        *
+        * Some properties of the SA must be applied before starting IKE_SA
+        * rekeying, such as the configuration or support extensions.
+        *
+        * @param other                 other IKE_SA to inherit from
+        */
+       void (*inherit_pre)(ike_sa_t *this, ike_sa_t *other);
+
+       /**
         * Inherit all attributes of other to this after rekeying.
         *
         * When rekeying is completed, all CHILD_SAs, the virtual IP and all
@@ -1027,7 +1037,7 @@ struct ike_sa_t {
         *
         * @param other                 other IKE SA to inherit from
         */
-       void (*inherit) (ike_sa_t *this, ike_sa_t *other);
+       void (*inherit_post) (ike_sa_t *this, ike_sa_t *other);
 
        /**
         * Reset the IKE_SA, useable when initiating fails
index c3c6cf0..444ac6a 100644 (file)
@@ -83,7 +83,7 @@ static void establish_new(private_ike_rekey_t *this)
                         this->ike_sa->get_other_host(this->ike_sa),
                         this->ike_sa->get_other_id(this->ike_sa));
 
-               this->new_sa->inherit(this->new_sa, this->ike_sa);
+               this->new_sa->inherit_post(this->new_sa, this->ike_sa);
                charon->bus->ike_rekey(charon->bus, this->ike_sa, this->new_sa);
                charon->ike_sa_manager->checkin(charon->ike_sa_manager, this->new_sa);
                this->new_sa = NULL;
@@ -124,8 +124,6 @@ METHOD(task_t, build_i, status_t,
        private_ike_rekey_t *this, message_t *message)
 {
        ike_version_t version;
-       peer_cfg_t *peer_cfg;
-       host_t *other_host;
 
        /* create new SA only on first try */
        if (this->new_sa == NULL)
@@ -137,10 +135,7 @@ METHOD(task_t, build_i, status_t,
                {       /* shouldn't happen */
                        return FAILED;
                }
-               peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
-               other_host = this->ike_sa->get_other_host(this->ike_sa);
-               this->new_sa->set_peer_cfg(this->new_sa, peer_cfg);
-               this->new_sa->set_other_host(this->new_sa, other_host->clone(other_host));
+               this->new_sa->inherit_pre(this->new_sa, this->ike_sa);
                this->ike_init = ike_init_create(this->new_sa, TRUE, this->ike_sa);
                this->ike_sa->set_state(this->ike_sa, IKE_REKEYING);
        }
@@ -153,7 +148,6 @@ METHOD(task_t, process_r, status_t,
        private_ike_rekey_t *this, message_t *message)
 {
        enumerator_t *enumerator;
-       peer_cfg_t *peer_cfg;
        child_sa_t *child_sa;
 
        if (this->ike_sa->get_state(this->ike_sa) == IKE_DELETING)
@@ -186,9 +180,7 @@ METHOD(task_t, process_r, status_t,
        {       /* shouldn't happen */
                return FAILED;
        }
-
-       peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
-       this->new_sa->set_peer_cfg(this->new_sa, peer_cfg);
+       this->new_sa->inherit_pre(this->new_sa, this->ike_sa);
        this->ike_init = ike_init_create(this->new_sa, FALSE, this->ike_sa);
        this->ike_init->task.process(&this->ike_init->task, message);