Raise alerts when enforcing IKE_SA unique policy
authorMartin Willi <martin@revosec.ch>
Tue, 6 Nov 2012 10:19:52 +0000 (11:19 +0100)
committerMartin Willi <martin@revosec.ch>
Wed, 19 Dec 2012 09:40:32 +0000 (10:40 +0100)
src/libcharon/bus/bus.h
src/libcharon/plugins/duplicheck/duplicheck_listener.c
src/libcharon/sa/ike_sa_manager.c
src/libcharon/sa/ikev2/tasks/ike_auth.c

index 4cb4ba3..4b6d3ec 100644 (file)
@@ -111,6 +111,10 @@ enum alert_t {
        ALERT_PROPOSAL_MISMATCH_IKE,
        /** CHILD proposals do not match, argument is linked_list_t of proposal_t */
        ALERT_PROPOSAL_MISMATCH_CHILD,
+       /** IKE_SA deleted because of "replace" unique policy, no argument */
+       ALERT_UNIQUE_REPLACE,
+       /** IKE_SA deleted because of "keep" unique policy, no arguement */
+       ALERT_UNIQUE_KEEP,
 };
 
 /**
index 7c6c137..1b0df1e 100644 (file)
@@ -191,6 +191,7 @@ METHOD(listener_t, message_hook, bool,
                {
                        DBG1(DBG_CFG, "got a response on a duplicate IKE_SA for '%Y', "
                                 "deleting new IKE_SA", id);
+                       charon->bus->alert(charon->bus, ALERT_UNIQUE_KEEP);
                        entry_destroy(entry);
                        this->mutex->lock(this->mutex);
                        entry = this->active->remove(this->active, id);
index 5c12636..031c632 100644 (file)
@@ -1769,6 +1769,7 @@ METHOD(ike_sa_manager_t, check_uniqueness, bool,
                                        switch (policy)
                                        {
                                                case UNIQUE_REPLACE:
+                                                       charon->bus->alert(charon->bus, ALERT_UNIQUE_REPLACE);
                                                        DBG1(DBG_IKE, "deleting duplicate IKE_SA for peer "
                                                                        "'%Y' due to uniqueness policy", other);
                                                        status = duplicate->delete(duplicate);
index 432edc3..70efcd7 100644 (file)
@@ -807,6 +807,7 @@ METHOD(task_t, build_r, status_t,
                                                                                                         this->ike_sa, FALSE))
                {
                        DBG1(DBG_IKE, "cancelling IKE_SA setup due to uniqueness policy");
+                       charon->bus->alert(charon->bus, ALERT_UNIQUE_KEEP);
                        message->add_notify(message, TRUE, AUTHENTICATION_FAILED,
                                                                chunk_empty);
                        return FAILED;