Added support for responders to change their address via MOBIKE.
authorTobias Brunner <tobias@strongswan.org>
Tue, 5 Oct 2010 14:52:36 +0000 (16:52 +0200)
committerTobias Brunner <tobias@strongswan.org>
Tue, 12 Oct 2010 09:11:05 +0000 (11:11 +0200)
If the original responder updates its list of additional addresses we
check if the remote endpoint changed and update the IPsec SAs if it did,
as we assume the original address became unavailable and the responder
already updated the SAs on its side.

src/libcharon/sa/tasks/ike_mobike.c

index e63a421..3d7827c 100644 (file)
@@ -71,6 +71,11 @@ struct private_ike_mobike_t {
         * include address list update
         */
        bool address;
+
+       /**
+        * additional addresses got updated
+        */
+       bool addresses_updated;
 };
 
 /**
@@ -154,6 +159,7 @@ static void process_payloads(private_ike_mobike_t *this, message_t *message)
                                host = host_create_from_chunk(family, data, 0);
                                DBG2(DBG_IKE, "got additional MOBIKE peer address: %H", host);
                                this->ike_sa->add_additional_address(this->ike_sa, host);
+                               this->addresses_updated = TRUE;
                                break;
                        }
                        case UPDATE_SA_ADDRESSES:
@@ -164,6 +170,7 @@ static void process_payloads(private_ike_mobike_t *this, message_t *message)
                        case NO_ADDITIONAL_ADDRESSES:
                        {
                                flush_additional_addresses(this);
+                               this->addresses_updated = TRUE;
                                break;
                        }
                        case NAT_DETECTION_SOURCE_IP:
@@ -412,6 +419,19 @@ METHOD(task_t, process_r, status_t,
                {
                        this->natd->task.process(&this->natd->task, message);
                }
+               if (this->addresses_updated && this->ike_sa->has_condition(this->ike_sa,
+                                                                                               COND_ORIGINAL_INITIATOR))
+               {
+                       host_t *other = message->get_source(message);
+                       host_t *other_old = this->ike_sa->get_other_host(this->ike_sa);
+                       if (!other->equals(other, other_old))
+                       {
+                               DBG1(DBG_IKE, "remote address changed from %H to %H", other_old,
+                                        other);
+                               this->ike_sa->set_other_host(this->ike_sa, other->clone(other));
+                               this->update = TRUE;
+                       }
+               }
        }
        return NEED_MORE;
 }