fixed dpd=hold when using virtual IPs
authorMartin Willi <martin@strongswan.org>
Fri, 29 Jun 2007 08:03:32 +0000 (08:03 -0000)
committerMartin Willi <martin@strongswan.org>
Fri, 29 Jun 2007 08:03:32 +0000 (08:03 -0000)
src/charon/sa/ike_sa.c
src/charon/sa/ike_sa_manager.c

index be76298..b422e01 100644 (file)
@@ -1026,6 +1026,7 @@ static status_t route(private_ike_sa_t *this, child_cfg_t *child_cfg)
        child_sa_t *child_sa;
        iterator_t *iterator;
        linked_list_t *my_ts, *other_ts;
+       host_t *me, *other;
        status_t status;
        
        SIG(CHILD_ROUTE_START, "routing CHILD_SA");
@@ -1061,11 +1062,19 @@ static status_t route(private_ike_sa_t *this, child_cfg_t *child_cfg)
        /* install kernel policies */
        child_sa = child_sa_create(this->my_host, this->other_host, this->my_id,
                                                           this->other_id, child_cfg, FALSE, 0);
+       me = this->my_host;
+       if (this->my_virtual_ip)
+       {
+               me = this->my_virtual_ip;
+       }
+       other = this->other_host;
+       if (this->other_virtual_ip)
+       {
+               other = this->other_virtual_ip;
+       }
        
-       my_ts = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL,
-                                                                                        this->my_host);
-       other_ts = child_cfg->get_traffic_selectors(child_cfg, FALSE, NULL,
-                                                                                               this->other_host);
+       my_ts = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, me);
+       other_ts = child_cfg->get_traffic_selectors(child_cfg, FALSE, NULL, other);
        status = child_sa->add_policies(child_sa, my_ts, other_ts,
                                                                        child_cfg->get_mode(child_cfg));
        my_ts->destroy_offset(my_ts, offsetof(traffic_selector_t, destroy));
@@ -1208,8 +1217,12 @@ static status_t retransmit(private_ike_sa_t *this, u_int32_t message_id)
                        /* use actual used host, not the wildcarded one in config */
                        new->other_host->destroy(new->other_host);
                        new->other_host = this->other_host->clone(this->other_host);
-                       new->other_host->set_port(new->other_host, IKEV2_UDP_PORT);
-                       
+                       /* reset port to 500, but only if peer is not NATed */
+                       if (!has_condition(this, COND_NAT_THERE))
+                       {
+                               new->other_host->set_port(new->other_host, IKEV2_UDP_PORT);
+                       }
+                       /* take over virtual ip, as we need it for a proper route */
                        if (this->my_virtual_ip)
                        {
                                set_virtual_ip(new, TRUE, this->my_virtual_ip);
index 0a0d5e5..56b8658 100644 (file)
@@ -525,19 +525,21 @@ static ike_sa_t* checkout_by_peer(private_ike_sa_manager_t *this,
                        /* IKE_SA has no IDs yet, so we can't use it */
                        continue;
                }
-               
+               DBG2(DBG_MGR, "candidate IKE_SA for \n\t%H[%D]...%H[%D]\n\t%H[%D]...%H[%D]",
+                        my_host, my_id, other_host, other_id,
+                        found_my_host, found_my_id, found_other_host, found_other_id);
                /* compare ID and hosts. Supplied ID may contain wildcards, and IP
                 * may be %any. */
-               if ((found_my_host->is_anyaddr(found_my_host) ||
+               if ((my_host->is_anyaddr(my_host) ||
                         my_host->ip_equals(my_host, found_my_host)) &&
-                       (found_other_host->is_anyaddr(found_other_host) ||
+                       (other_host->is_anyaddr(other_host) ||
                         other_host->ip_equals(other_host, found_other_host)) &&
                        found_my_id->matches(found_my_id, my_id, &wc) &&
                        found_other_id->matches(found_other_id, other_id, &wc))
                {
                        /* looks good, we take this one */
                        DBG2(DBG_MGR, "found an existing IKE_SA for %H[%D]...%H[%D]",
-                                my_host, other_host, my_id, other_id);
+                                my_host, my_id, other_host, other_id);
                        entry->checked_out = TRUE;
                        ike_sa = entry->ike_sa;
                }