include TSi/TSr of triggering packet in acquire
authorMartin Willi <martin@strongswan.org>
Wed, 20 May 2009 09:44:43 +0000 (11:44 +0200)
committerMartin Willi <martin@strongswan.org>
Wed, 20 May 2009 09:44:43 +0000 (11:44 +0200)
src/charon/control/controller.c
src/charon/plugins/nm/nm_service.c
src/charon/sa/ike_sa.c
src/charon/sa/ike_sa.h
src/charon/sa/task_manager.c
src/charon/sa/tasks/child_create.c
src/charon/sa/tasks/child_create.h
src/charon/sa/tasks/child_delete.c
src/charon/sa/tasks/child_rekey.c
src/charon/sa/tasks/ike_reauth.c
src/charon/sa/trap_manager.c

index 0db3677..021cb4f 100644 (file)
@@ -230,7 +230,7 @@ static status_t initiate_execute(interface_job_t *job)
        }
        peer_cfg->destroy(peer_cfg);
        
-       if (ike_sa->initiate(ike_sa, listener->child_cfg, 0) == SUCCESS)
+       if (ike_sa->initiate(ike_sa, listener->child_cfg, 0, NULL, NULL) == SUCCESS)
        {
                charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
                return SUCCESS;
index e9db6a9..bca4d9e 100644 (file)
@@ -425,7 +425,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
        {
                peer_cfg->destroy(peer_cfg);
        }
-       if (ike_sa->initiate(ike_sa, child_cfg, 0) != SUCCESS)
+       if (ike_sa->initiate(ike_sa, child_cfg, 0, NULL, NULL) != SUCCESS)
        {
                charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, ike_sa);
                
index d3b522b..8adf052 100644 (file)
@@ -1106,7 +1106,8 @@ static void resolve_hosts(private_ike_sa_t *this)
  * Implementation of ike_sa_t.initiate
  */
 static status_t initiate(private_ike_sa_t *this,
-                                                child_cfg_t *child_cfg, u_int32_t reqid)
+                                                child_cfg_t *child_cfg, u_int32_t reqid,
+                                                traffic_selector_t *tsi, traffic_selector_t *tsr)
 {
        task_t *task;
        
@@ -1168,7 +1169,7 @@ static status_t initiate(private_ike_sa_t *this,
 #endif /* ME */
        {
                /* normal IKE_SA with CHILD_SA */
-               task = (task_t*)child_create_create(&this->public, child_cfg);
+               task = (task_t*)child_create_create(&this->public, child_cfg, tsi, tsr);
                child_cfg->destroy(child_cfg);
                if (reqid)
                {
@@ -1607,7 +1608,7 @@ static status_t reestablish(private_ike_sa_t *this)
 #ifdef ME
        if (this->peer_cfg->is_mediation(this->peer_cfg))
        {
-               status = new->initiate(new, NULL, 0);
+               status = new->initiate(new, NULL, 0, NULL, NULL);
        }
        else
 #endif /* ME */
@@ -1630,7 +1631,7 @@ static status_t reestablish(private_ike_sa_t *this)
                                        DBG1(DBG_IKE, "restarting CHILD_SA %s",
                                                 child_cfg->get_name(child_cfg));
                                        child_cfg->get_ref(child_cfg);
-                                       status = new->initiate(new, child_cfg, 0);
+                                       status = new->initiate(new, child_cfg, 0, NULL, NULL);
                                        break;
                                case ACTION_ROUTE:
                                        charon->traps->install(charon->traps,
@@ -1989,7 +1990,7 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id)
        this->public.get_name = (char* (*)(ike_sa_t*))get_name;
        this->public.get_statistic = (u_int32_t(*)(ike_sa_t*, statistic_t kind))get_statistic;
        this->public.process_message = (status_t (*)(ike_sa_t*, message_t*)) process_message;
-       this->public.initiate = (status_t (*)(ike_sa_t*,child_cfg_t*,u_int32_t)) initiate;
+       this->public.initiate = (status_t (*)(ike_sa_t*,child_cfg_t*,u_int32_t,traffic_selector_t*,traffic_selector_t*)) initiate;
        this->public.get_ike_cfg = (ike_cfg_t* (*)(ike_sa_t*))get_ike_cfg;
        this->public.set_ike_cfg = (void (*)(ike_sa_t*,ike_cfg_t*))set_ike_cfg;
        this->public.get_peer_cfg = (peer_cfg_t* (*)(ike_sa_t*))get_peer_cfg;
index e9ab9d7..b751bda 100644 (file)
@@ -600,16 +600,21 @@ struct ike_sa_t {
        /**
         * Initiate a new connection.
         *
-        * The configs are owned by the IKE_SA after the call.
+        * The configs are owned by the IKE_SA after the call. If the initiate
+        * is triggered by a packet, traffic selectors of the packet can be added
+        * to the CHILD_SA.
         * 
         * @param child_cfg             child config to create CHILD from
         * @param reqid                 reqid to use for CHILD_SA, 0 assigne uniquely
+        * @param tsi                   source of triggering packet
+        * @param tsr                   destination of triggering packet.
         * @return                              
         *                                              - SUCCESS if initialization started
         *                                              - DESTROY_ME if initialization failed
         */
        status_t (*initiate) (ike_sa_t *this, child_cfg_t *child_cfg,
-                                                 u_int32_t reqid);
+                                                 u_int32_t reqid, traffic_selector_t *tsi,
+                                                 traffic_selector_t *tsr);
        
        /**
         * Initiates the deletion of an IKE_SA.
index 354c968..2cd9532 100644 (file)
@@ -678,7 +678,7 @@ static status_t process_request(private_task_manager_t *this,
                                this->passive_tasks->insert_last(this->passive_tasks, task);
                                task = (task_t*)ike_config_create(this->ike_sa, FALSE);
                                this->passive_tasks->insert_last(this->passive_tasks, task);
-                               task = (task_t*)child_create_create(this->ike_sa, NULL);
+                               task = (task_t*)child_create_create(this->ike_sa, NULL, NULL, NULL);
                                this->passive_tasks->insert_last(this->passive_tasks, task);
                                task = (task_t*)ike_auth_lifetime_create(this->ike_sa, FALSE);
                                this->passive_tasks->insert_last(this->passive_tasks, task);
@@ -726,7 +726,8 @@ static status_t process_request(private_task_manager_t *this,
                                        }
                                        else
                                        {
-                                               task = (task_t*)child_create_create(this->ike_sa, NULL);
+                                               task = (task_t*)child_create_create(this->ike_sa,
+                                                                                                                       NULL, NULL, NULL);
                                        }
                                }
                                else
index 6bf9e9d..f514437 100644 (file)
@@ -85,6 +85,16 @@ struct private_child_create_t {
        linked_list_t *tsr;
        
        /**
+        * source of triggering packet
+        */
+       traffic_selector_t *packet_tsi;
+       
+       /**
+        * destination of triggering packet
+        */
+       traffic_selector_t *packet_tsr;
+       
+       /**
         * optional diffie hellman exchange
         */
        diffie_hellman_t *dh;
@@ -692,7 +702,17 @@ static status_t build_i(private_child_create_t *this, message_t *message)
        }
        this->tsr = this->config->get_traffic_selectors(this->config, FALSE, 
                                                                                                        NULL, other);
-
+       
+       if (this->packet_tsi)
+       {
+               this->tsi->insert_first(this->tsi,
+                                                               this->packet_tsi->clone(this->packet_tsi));
+       }
+       if (this->packet_tsr)
+       {
+               this->tsr->insert_first(this->tsr,
+                                                               this->packet_tsr->clone(this->packet_tsr));
+       }
        this->proposals = this->config->get_proposals(this->config,
                                                                                                  this->dh_group == MODP_NONE);
        this->mode = this->config->get_mode(this->config);
@@ -1138,6 +1158,8 @@ static void destroy(private_child_create_t *this)
        {
                DESTROY_IF(this->child_sa);
        }
+       DESTROY_IF(this->packet_tsi);
+       DESTROY_IF(this->packet_tsr);
        DESTROY_IF(this->proposal);
        DESTROY_IF(this->dh);
        if (this->proposals)
@@ -1152,7 +1174,8 @@ static void destroy(private_child_create_t *this)
 /*
  * Described in header.
  */
-child_create_t *child_create_create(ike_sa_t *ike_sa, child_cfg_t *config)
+child_create_t *child_create_create(ike_sa_t *ike_sa, child_cfg_t *config,
+                                                       traffic_selector_t *tsi, traffic_selector_t *tsr)
 {
        private_child_create_t *this = malloc_thing(private_child_create_t);
 
@@ -1184,6 +1207,8 @@ child_create_t *child_create_create(ike_sa_t *ike_sa, child_cfg_t *config)
        this->proposal = NULL;
        this->tsi = NULL;
        this->tsr = NULL;
+       this->packet_tsi = tsi ? tsi->clone(tsi) : NULL;
+       this->packet_tsr = tsr ? tsr->clone(tsr) : NULL;
        this->dh = NULL;
        this->dh_group = MODP_NONE;
        this->keymat = ike_sa->get_keymat(ike_sa);
index 16c45f0..ce2829a 100644 (file)
@@ -71,8 +71,11 @@ struct child_create_t {
  *
  * @param ike_sa               IKE_SA this task works for
  * @param config               child_cfg if task initiator, NULL if responder
- * @return                             child_create task to handle by the task_manager
+ * @param tsi                  source of triggering packet, or NULL
+ * @param tsr                  destination of triggering packet, or NULL
+ * @return                             child_create task to handle by the task_manager
  */
-child_create_t *child_create_create(ike_sa_t *ike_sa, child_cfg_t *config);
+child_create_t *child_create_create(ike_sa_t *ike_sa, child_cfg_t *config,
+                                                       traffic_selector_t *tsi, traffic_selector_t *tsr);
 
 #endif /** CHILD_CREATE_H_ @}*/
index dd5945f..0d89c14 100644 (file)
@@ -201,7 +201,8 @@ static status_t destroy_and_reestablish(private_child_delete_t *this)
                        {
                                case ACTION_RESTART:
                                        child_cfg->get_ref(child_cfg);
-                                       status = this->ike_sa->initiate(this->ike_sa, child_cfg, 0);
+                                       status = this->ike_sa->initiate(this->ike_sa, child_cfg, 0,
+                                                                                                       NULL, NULL);
                                        break;
                                case ACTION_ROUTE:      
                                        charon->traps->install(charon->traps,
index 62b704e..6ab00dc 100644 (file)
@@ -157,7 +157,7 @@ static status_t build_i(private_child_rekey_t *this, message_t *message)
        
        /* ... our CHILD_CREATE task does the hard work for us. */
        reqid = this->child_sa->get_reqid(this->child_sa);
-       this->child_create = child_create_create(this->ike_sa, config);
+       this->child_create = child_create_create(this->ike_sa, config, NULL, NULL);
        this->child_create->use_reqid(this->child_create, reqid);
        this->child_create->task.build(&this->child_create->task, message);
        
@@ -416,7 +416,7 @@ child_rekey_t *child_rekey_create(ike_sa_t *ike_sa, protocol_id_t protocol,
                this->public.task.build = (status_t(*)(task_t*,message_t*))build_r;
                this->public.task.process = (status_t(*)(task_t*,message_t*))process_r;
                this->initiator = FALSE;
-               this->child_create = child_create_create(ike_sa, NULL);
+               this->child_create = child_create_create(ike_sa, NULL, NULL, NULL);
        }
        
        this->ike_sa = ike_sa;
index ff57abb..80f1b7b 100644 (file)
@@ -98,7 +98,7 @@ static status_t process_i(private_ike_reauth_t *this, message_t *message)
        /* we initiate the new IKE_SA of the mediation connection without CHILD_SA */
        if (peer_cfg->is_mediation(peer_cfg))
        {
-               if (new->initiate(new, NULL, 0) == DESTROY_ME)
+               if (new->initiate(new, NULL, 0, NULL, NULL) == DESTROY_ME)
                {
                        charon->ike_sa_manager->checkin_and_destroy(
                                                                charon->ike_sa_manager, new);
@@ -126,7 +126,7 @@ static status_t process_i(private_ike_reauth_t *this, message_t *message)
                                /* initiate/queue all child SAs */
                                child_cfg_t *child_cfg = child_sa->get_config(child_sa);
                                child_cfg->get_ref(child_cfg);
-                               if (new->initiate(new, child_cfg, 0) == DESTROY_ME)
+                               if (new->initiate(new, child_cfg, 0, NULL, NULL) == DESTROY_ME)
                                {
                                        iterator->destroy(iterator);
                                        charon->ike_sa_manager->checkin_and_destroy(
index ecc4c81..dc04e32 100644 (file)
@@ -284,7 +284,7 @@ static void acquire(private_trap_manager_t *this, u_int32_t reqid,
                }
                child->get_ref(child);
                reqid = found->child_sa->get_reqid(found->child_sa);
-               if (ike_sa->initiate(ike_sa, child, reqid) != DESTROY_ME)
+               if (ike_sa->initiate(ike_sa, child, reqid, src, dst) != DESTROY_ME)
                {
                        found->pending = ike_sa;
                        charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);