Do not enable/disable our own sync tunnel
authorMartin Willi <martin@strongswan.org>
Wed, 23 Sep 2009 12:04:32 +0000 (14:04 +0200)
committerMartin Willi <martin@revosec.ch>
Wed, 7 Apr 2010 11:55:14 +0000 (13:55 +0200)
src/charon/plugins/ha_sync/ha_sync_plugin.c
src/charon/plugins/ha_sync/ha_sync_segments.c
src/charon/plugins/ha_sync/ha_sync_segments.h

index d6fa6be..ff4341e 100644 (file)
@@ -171,12 +171,12 @@ plugin_t *plugin_create()
                return NULL;
        }
 
-       this->segments = ha_sync_segments_create(this->socket, this->kernel,
-                                                                                        count, active);
        if (secret)
        {
-               this->tunnel = ha_sync_tunnel_create(secret, local, remote);
+               this->tunnel = ha_sync_tunnel_create(local, remote, secret);
        }
+       this->segments = ha_sync_segments_create(this->socket, this->kernel,
+                                                                                        this->tunnel, count, active);
        if (fifo)
        {
                this->ctl = ha_sync_ctl_create(this->segments);
index 8929c62..4d45803 100644 (file)
@@ -36,6 +36,11 @@ struct private_ha_sync_segments_t {
        ha_sync_socket_t *socket;
 
        /**
+        * Sync tunnel, if any
+        */
+       ha_sync_tunnel_t *tunnel;
+
+       /**
         * Interface to control segments at kernel level
         */
        ha_sync_kernel_t *kernel;
@@ -110,15 +115,20 @@ static void enable_disable(private_ha_sync_segments_t *this, u_int segment,
                enumerator = charon->ike_sa_manager->create_enumerator(charon->ike_sa_manager);
                while (enumerator->enumerate(enumerator, &ike_sa))
                {
-                       if (ike_sa->get_state(ike_sa) == old)
+                       if (ike_sa->get_state(ike_sa) != old)
+                       {
+                               continue;
+                       }
+                       if (this->tunnel && this->tunnel->is_sync_sa(this->tunnel, ike_sa))
+                       {
+                               continue;
+                       }
+                       for (i = segment; i < limit; i++)
                        {
-                               for (i = segment; i < limit; i++)
+                               if (this->kernel->in_segment(this->kernel,
+                                                                               ike_sa->get_other_host(ike_sa), i))
                                {
-                                       if (this->kernel->in_segment(this->kernel,
-                                                                                       ike_sa->get_other_host(ike_sa), i))
-                                       {
-                                               ike_sa->set_state(ike_sa, new);
-                                       }
+                                       ike_sa->set_state(ike_sa, new);
                                }
                        }
                }
@@ -305,6 +315,7 @@ static void destroy(private_ha_sync_segments_t *this)
  */
 ha_sync_segments_t *ha_sync_segments_create(ha_sync_socket_t *socket,
                                                                                        ha_sync_kernel_t *kernel,
+                                                                                       ha_sync_tunnel_t *tunnel,
                                                                                        u_int count, segment_mask_t active)
 {
        private_ha_sync_segments_t *this = malloc_thing(private_ha_sync_segments_t);
@@ -317,6 +328,7 @@ ha_sync_segments_t *ha_sync_segments_create(ha_sync_socket_t *socket,
        this->public.destroy = (void(*)(ha_sync_segments_t*))destroy;
 
        this->socket = socket;
+       this->tunnel = tunnel;
        this->kernel = kernel;
        this->lock = rwlock_create(RWLOCK_TYPE_DEFAULT);
        this->active = active;
index 98332a5..cf119a8 100644 (file)
@@ -38,6 +38,7 @@ typedef u_int16_t segment_mask_t;
 #define SEGMENTS_BIT(segment) (0x01 << (segment - 1))
 
 #include "ha_sync_socket.h"
+#include "ha_sync_tunnel.h"
 #include "ha_sync_kernel.h"
 
 /**
@@ -95,6 +96,7 @@ struct ha_sync_segments_t {
  */
 ha_sync_segments_t *ha_sync_segments_create(ha_sync_socket_t *socket,
                                                                                        ha_sync_kernel_t *kernel,
+                                                                                       ha_sync_tunnel_t *tunnel,
                                                                                        u_int count, segment_mask_t active);
 
 #endif /* HA_SYNC_SEGMENTS_ @}*/