Use get_notify() to look up single notifies
authorMartin Willi <martin@strongswan.org>
Thu, 3 Sep 2009 15:32:01 +0000 (17:32 +0200)
committerMartin Willi <martin@strongswan.org>
Thu, 3 Sep 2009 15:32:01 +0000 (17:32 +0200)
src/charon/sa/tasks/child_rekey.c
src/charon/sa/tasks/ike_auth_lifetime.c
src/charon/sa/tasks/ike_cert_pre.c
src/charon/sa/tasks/ike_rekey.c

index cbf45b4..b08e1a3 100644 (file)
@@ -101,35 +101,22 @@ static status_t process_i_delete(private_child_rekey_t *this, message_t *message
  */
 static void find_child(private_child_rekey_t *this, message_t *message)
 {
-       enumerator_t *enumerator;
-       payload_t *payload;
+       notify_payload_t *notify;
+       protocol_id_t protocol;
+       u_int32_t spi;
        
-       enumerator = message->create_payload_enumerator(message);
-       while (enumerator->enumerate(enumerator, &payload))
+       notify = message->get_notify(message, REKEY_SA);
+       if (notify)
        {
-               notify_payload_t *notify;
-               u_int32_t spi;
-               protocol_id_t protocol;
-               
-               if (payload->get_type(payload) != NOTIFY)
-               {
-                       continue;
-               }
-               
-               notify = (notify_payload_t*)payload;
                protocol = notify->get_protocol_id(notify);
                spi = notify->get_spi(notify);
                
-               if (protocol != PROTO_ESP && protocol != PROTO_AH)
+               if (protocol == PROTO_ESP || protocol == PROTO_AH)
                {
-                       continue;
+                       this->child_sa = this->ike_sa->get_child_sa(this->ike_sa, protocol,
+                                                                                                               spi, FALSE);
                }
-               this->child_sa = this->ike_sa->get_child_sa(this->ike_sa, protocol,
-                                                                                                       spi, FALSE);
-               break;
-                       
        }
-       enumerator->destroy(enumerator);
 }
 
 /**
@@ -230,33 +217,20 @@ static status_t process_i(private_child_rekey_t *this, message_t *message)
        protocol_id_t protocol;
        u_int32_t spi;
        child_sa_t *to_delete;
-       enumerator_t *enumerator;
-       payload_t *payload;
        
-       /* handle NO_ADDITIONAL_SAS notify */
-       enumerator = message->create_payload_enumerator(message);
-       while (enumerator->enumerate(enumerator, &payload))
+       if (message->get_notify(message, NO_ADDITIONAL_SAS))
        {
-               if (payload->get_type(payload) == NOTIFY)
-               {
-                       notify_payload_t *notify = (notify_payload_t*)payload;
-                       
-                       if (notify->get_notify_type(notify) == NO_ADDITIONAL_SAS)
-                       {
-                               DBG1(DBG_IKE, "peer seems to not support CHILD_SA rekeying, "
-                                        "starting reauthentication");
-                               this->child_sa->set_state(this->child_sa, CHILD_INSTALLED);
-                               charon->processor->queue_job(charon->processor,
-                                               (job_t*)rekey_ike_sa_job_create(
-                                                                       this->ike_sa->get_id(this->ike_sa), TRUE));
-                               enumerator->destroy(enumerator);
-                               return SUCCESS;
-                       }
-               }
+               DBG1(DBG_IKE, "peer seems to not support CHILD_SA rekeying, "
+                        "starting reauthentication");
+               this->child_sa->set_state(this->child_sa, CHILD_INSTALLED);
+               charon->processor->queue_job(charon->processor,
+                               (job_t*)rekey_ike_sa_job_create(
+                                                       this->ike_sa->get_id(this->ike_sa), TRUE));
+               return SUCCESS;
        }
-       enumerator->destroy(enumerator);
        
-       if (this->child_create->task.process(&this->child_create->task, message) == NEED_MORE)
+       if (this->child_create->task.process(&this->child_create->task,
+                                                                                message) == NEED_MORE)
        {
                /* bad DH group while rekeying, try again */
                this->child_create->task.migrate(&this->child_create->task, this->ike_sa);
index 4b926a9..819ac47 100644 (file)
@@ -62,31 +62,17 @@ static void add_auth_lifetime(private_ike_auth_lifetime_t *this, message_t *mess
  */
 static void process_payloads(private_ike_auth_lifetime_t *this, message_t *message)
 {
-       enumerator_t *enumerator;
-       payload_t *payload;
        notify_payload_t *notify;
+       chunk_t data;
+       u_int32_t lifetime;
        
-       enumerator = message->create_payload_enumerator(message);
-       while (enumerator->enumerate(enumerator, &payload))
+       notify = message->get_notify(message, AUTH_LIFETIME);
+       if (notify)
        {
-               if (payload->get_type(payload) == NOTIFY)
-               {
-                       notify = (notify_payload_t*)payload;
-                       switch (notify->get_notify_type(notify))
-                       {
-                               case AUTH_LIFETIME:                                     
-                               {
-                                       chunk_t data = notify->get_notification_data(notify);
-                                       u_int32_t lifetime = ntohl(*(u_int32_t*)data.ptr);
-                                       this->ike_sa->set_auth_lifetime(this->ike_sa, lifetime);
-                                       break;
-                               }
-                               default:
-                                       break;
-                       }
-               }
+               data = notify->get_notification_data(notify);
+               lifetime = ntohl(*(u_int32_t*)data.ptr);
+               this->ike_sa->set_auth_lifetime(this->ike_sa, lifetime);
        }
-       enumerator->destroy(enumerator);
 }
 
 /**
index 8706b58..d7f5f55 100644 (file)
@@ -397,29 +397,15 @@ static void build_certreqs(private_ike_cert_pre_t *this, message_t *message)
  */
 static bool final_auth(message_t *message)
 {
-       enumerator_t *enumerator;
-       payload_t *payload;
-       notify_payload_t *notify;
-       
        /* we check for an AUTH payload without a ANOTHER_AUTH_FOLLOWS notify */
        if (message->get_payload(message, AUTHENTICATION) == NULL)
        {
                return FALSE;
        }
-       enumerator = message->create_payload_enumerator(message);
-       while (enumerator->enumerate(enumerator, &payload))
+       if (message->get_notify(message, ANOTHER_AUTH_FOLLOWS))
        {
-               if (payload->get_type(payload) == NOTIFY)
-               {
-                       notify = (notify_payload_t*)payload;
-                       if (notify->get_notify_type(notify) == ANOTHER_AUTH_FOLLOWS)
-                       {
-                               enumerator->destroy(enumerator);
-                               return FALSE;
-                       }
-               }
+               return FALSE;
        }
-       enumerator->destroy(enumerator);
        return TRUE;
 }
 
index 3a049b5..e9f5d5f 100644 (file)
@@ -191,31 +191,16 @@ static status_t build_r(private_ike_rekey_t *this, message_t *message)
  */
 static status_t process_i(private_ike_rekey_t *this, message_t *message)
 {
-       enumerator_t *enumerator;
-       payload_t *payload;
-       
-       /* handle NO_ADDITIONAL_SAS notify */
-       enumerator = message->create_payload_enumerator(message);
-       while (enumerator->enumerate(enumerator, &payload))
+       if (message->get_notify(message, NO_ADDITIONAL_SAS))
        {
-               if (payload->get_type(payload) == NOTIFY)
-               {
-                       notify_payload_t *notify = (notify_payload_t*)payload;
-                       
-                       if (notify->get_notify_type(notify) == NO_ADDITIONAL_SAS)
-                       {
-                               DBG1(DBG_IKE, "peer seems to not support IKE rekeying, "
-                                        "starting reauthentication");
-                               this->ike_sa->set_state(this->ike_sa, IKE_ESTABLISHED);
-                               charon->processor->queue_job(charon->processor,
-                                               (job_t*)rekey_ike_sa_job_create(
-                                                                       this->ike_sa->get_id(this->ike_sa), TRUE));
-                               enumerator->destroy(enumerator);
-                               return SUCCESS;
-                       }
-               }
+               DBG1(DBG_IKE, "peer seems to not support IKE rekeying, "
+                        "starting reauthentication");
+               this->ike_sa->set_state(this->ike_sa, IKE_ESTABLISHED);
+               charon->processor->queue_job(charon->processor,
+                               (job_t*)rekey_ike_sa_job_create(
+                                                       this->ike_sa->get_id(this->ike_sa), TRUE));
+               return SUCCESS;
        }
-       enumerator->destroy(enumerator);
        
        switch (this->ike_init->task.process(&this->ike_init->task, message))
        {