From c65a4fff3f15b5a80e6a00296623e16733f339c3 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Mon, 19 Jun 2006 08:54:19 +0000 Subject: [PATCH] fixed SPI when rekeying and deleting CHILD_SAs --- src/charon/sa/child_sa.c | 12 ++++++------ src/charon/sa/child_sa.h | 3 +-- src/charon/sa/ike_sa.c | 6 +++--- src/charon/sa/states/create_child_sa_requested.c | 2 +- src/charon/sa/states/ike_sa_established.c | 10 ++++++++-- 5 files changed, 19 insertions(+), 14 deletions(-) diff --git a/src/charon/sa/child_sa.c b/src/charon/sa/child_sa.c index 5987f77..7db6ef7 100644 --- a/src/charon/sa/child_sa.c +++ b/src/charon/sa/child_sa.c @@ -108,9 +108,9 @@ struct private_child_sa_t { u_int32_t hard_lifetime; /** - * reqid of a CHILD_SA which rekeyed this one + * has this CHILD_SA been rekeyed? */ - u_int32_t rekeyed; + bool rekeyed; /** * CHILD_SAs own logger @@ -450,9 +450,9 @@ static status_t add_policies(private_child_sa_t *this, linked_list_t *my_ts_list /** * Implementation of child_sa_t.set_rekeyed. */ -static void set_rekeyed(private_child_sa_t *this, u_int32_t reqid) +static void set_rekeyed(private_child_sa_t *this) { - this->rekeyed = reqid; + this->rekeyed = TRUE; } /** @@ -592,7 +592,7 @@ child_sa_t * child_sa_create(u_int32_t rekey, host_t *me, host_t* other, this->public.add = (status_t(*)(child_sa_t*,proposal_t*,prf_plus_t*))add; this->public.update = (status_t(*)(child_sa_t*,proposal_t*,prf_plus_t*))update; this->public.add_policies = (status_t (*)(child_sa_t*, linked_list_t*,linked_list_t*))add_policies; - this->public.set_rekeyed = (void (*)(child_sa_t*,u_int32_t))set_rekeyed; + this->public.set_rekeyed = (void (*)(child_sa_t*))set_rekeyed; this->public.log_status = (void (*)(child_sa_t*, logger_t*, char*))log_status; this->public.destroy = (void(*)(child_sa_t*))destroy; @@ -610,7 +610,7 @@ child_sa_t * child_sa_create(u_int32_t rekey, host_t *me, host_t* other, this->reqid = rekey ? rekey : ++reqid; this->policies = linked_list_create(); this->protocol = PROTO_NONE; - this->rekeyed = 0; + this->rekeyed = FALSE; return (&this->public); } diff --git a/src/charon/sa/child_sa.h b/src/charon/sa/child_sa.h index 687a7d6..9778942 100644 --- a/src/charon/sa/child_sa.h +++ b/src/charon/sa/child_sa.h @@ -153,9 +153,8 @@ struct child_sa_t { * not remove its policy, as the new SA uses it. * * @param this calling object - * @param reqid reqid of the SA which replaces this one. */ - void (*set_rekeyed) (child_sa_t *this, u_int32_t reqid); + void (*set_rekeyed) (child_sa_t *this); /** * @brief Log the status of a child_sa to a logger. diff --git a/src/charon/sa/ike_sa.c b/src/charon/sa/ike_sa.c index 61dc7b6..fad6989 100644 --- a/src/charon/sa/ike_sa.c +++ b/src/charon/sa/ike_sa.c @@ -940,7 +940,7 @@ static u_int32_t destroy_child_sa(private_ike_sa_t *this, u_int32_t spi) while (iterator->has_next(iterator)) { iterator->current(iterator, (void**)&child_sa); - if (child_sa->get_spi(child_sa, TRUE) == spi) + if (child_sa->get_spi(child_sa, FALSE) == spi) { iterator->remove(iterator); break; @@ -958,7 +958,7 @@ static u_int32_t destroy_child_sa(private_ike_sa_t *this, u_int32_t spi) return 0; } - spi = child_sa->get_spi(child_sa, FALSE); + spi = child_sa->get_spi(child_sa, TRUE); child_sa->destroy(child_sa); return spi; } @@ -975,7 +975,7 @@ static child_sa_t* get_child_sa_by_spi(private_ike_sa_t *this, u_int32_t spi) while (iterator->has_next(iterator)) { iterator->current(iterator, (void**)¤t); - if (current->get_spi(current, TRUE) == spi) + if (current->get_spi(current, FALSE) == spi) { found = current; } diff --git a/src/charon/sa/states/create_child_sa_requested.c b/src/charon/sa/states/create_child_sa_requested.c index ebd9469..35e3db9 100644 --- a/src/charon/sa/states/create_child_sa_requested.c +++ b/src/charon/sa/states/create_child_sa_requested.c @@ -385,7 +385,7 @@ static status_t process_message(private_create_child_sa_requested_t *this, messa old_child_sa = this->ike_sa->public.get_child_sa(&this->ike_sa->public, this->reqid); if (old_child_sa) { - old_child_sa->set_rekeyed(old_child_sa, this->child_sa->get_reqid(this->child_sa)); + old_child_sa->set_rekeyed(old_child_sa); } this->ike_sa->public.delete_child_sa(&this->ike_sa->public, this->reqid); } diff --git a/src/charon/sa/states/ike_sa_established.c b/src/charon/sa/states/ike_sa_established.c index 51ac972..df31801 100644 --- a/src/charon/sa/states/ike_sa_established.c +++ b/src/charon/sa/states/ike_sa_established.c @@ -321,7 +321,13 @@ static status_t process_create_child_sa(private_ike_sa_established_t *this, mess if (notify && notify->get_notify_message_type(notify) == REKEY_SA) { - this->old_child_sa = this->ike_sa->get_child_sa(this->ike_sa, notify->get_spi(notify)); + u_int32_t spi = notify->get_spi(notify); + this->old_child_sa = this->ike_sa->get_child_sa(this->ike_sa, spi); + this->logger->log(this->logger, CONTROL, "Rekeying CHILD_SA with SPI 0x%x", spi); + } + else + { + this->logger->log(this->logger, CONTROL, "Create new CHILD_SA"); } /* build response */ @@ -382,7 +388,7 @@ static status_t process_create_child_sa(private_ike_sa_established_t *this, mess } if (this->old_child_sa) { /* mark old child sa as rekeyed */ - this->old_child_sa->set_rekeyed(this->old_child_sa, this->child_sa->get_reqid(this->child_sa)); + this->old_child_sa->set_rekeyed(this->old_child_sa); } this->ike_sa->add_child_sa(this->ike_sa, this->child_sa); } -- 2.7.4