android: Reestablish IKE_SA if CHILD_SA rekeying failed
authorTobias Brunner <tobias@strongswan.org>
Mon, 11 Aug 2014 14:34:28 +0000 (16:34 +0200)
committerTobias Brunner <tobias@strongswan.org>
Fri, 12 Sep 2014 08:18:13 +0000 (10:18 +0200)
src/frontends/android/jni/libandroidbridge/backend/android_service.c

index b2852e5..1a6a920 100644 (file)
@@ -418,6 +418,31 @@ CALLBACK(terminate, job_requeue_t,
        return JOB_REQUEUE_NONE;
 }
 
+/**
+ * Reestablish the IKE_SA with the given unique ID
+ */
+CALLBACK(reestablish, job_requeue_t,
+       u_int32_t *id)
+{
+       ike_sa_t *ike_sa;
+
+       ike_sa = charon->ike_sa_manager->checkout_by_id(charon->ike_sa_manager,
+                                                                                                       *id, FALSE);
+       if (ike_sa)
+       {
+               if (ike_sa->reauth(ike_sa) == DESTROY_ME)
+               {
+                       charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager,
+                                                                                                               ike_sa);
+               }
+               else
+               {
+                       charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
+               }
+       }
+       return JOB_REQUEUE_NONE;
+}
+
 METHOD(listener_t, child_updown, bool,
        private_android_service_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa,
        bool up)
@@ -485,11 +510,19 @@ METHOD(listener_t, alert, bool,
                                                                                         CHARONSERVICE_PEER_AUTH_ERROR);
                                break;
                        case ALERT_KEEP_ON_CHILD_SA_FAILURE:
+                       {
+                               u_int32_t *id = malloc_thing(u_int32_t);
+
                                /* because close_ike_on_child_failure is set this is only
-                                * triggered when CHILD_SA rekeying failed */
-                               charonservice->update_status(charonservice,
-                                                                                        CHARONSERVICE_GENERIC_ERROR);
+                                * triggered when CHILD_SA rekeying failed. reestablish it in
+                                * the hope that the initial setup works again. */
+                               *id = ike_sa->get_unique_id(ike_sa);
+                               lib->processor->queue_job(lib->processor,
+                                       (job_t*)callback_job_create_with_prio(
+                                               (callback_job_cb_t)reestablish, id, free,
+                                               (callback_job_cancel_t)return_false, JOB_PRIO_HIGH));
                                break;
+                       }
                        case ALERT_PEER_INIT_UNREACHABLE:
                                this->lock->read_lock(this->lock);
                                if (this->tunfd < 0)