]>
Commit | Line | Data |
---|---|---|
3ebebc5e | 1 | /* |
9f166d9a | 2 | * Copyright (C) 2006-2010 Tobias Brunner |
a985db3f | 3 | * Copyright (C) 2005-2008 Martin Willi |
d4aad554 | 4 | * Copyright (C) 2006 Daniel Roethlisberger |
c71d53ba | 5 | * Copyright (C) 2005 Jan Hutter |
3ebebc5e MW |
6 | * Hochschule fuer Technik Rapperswil |
7 | * | |
8 | * This program is free software; you can redistribute it and/or modify it | |
9 | * under the terms of the GNU General Public License as published by the | |
10 | * Free Software Foundation; either version 2 of the License, or (at your | |
11 | * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
12 | * | |
13 | * This program is distributed in the hope that it will be useful, but | |
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
15 | * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
16 | * for more details. | |
17 | */ | |
18 | ||
60356f33 | 19 | #define _GNU_SOURCE |
b92eef28 | 20 | #include "child_sa.h" |
3ebebc5e | 21 | |
a095243f | 22 | #include <stdio.h> |
4c23a8c9 | 23 | #include <string.h> |
e13389a7 | 24 | #include <time.h> |
4c23a8c9 | 25 | |
aeda79ff MW |
26 | #include <daemon.h> |
27 | ||
a985db3f | 28 | ENUM(child_sa_state_names, CHILD_CREATED, CHILD_DESTROYING, |
60356f33 MW |
29 | "CREATED", |
30 | "ROUTED", | |
ea625fab | 31 | "INSTALLING", |
60356f33 | 32 | "INSTALLED", |
ad3af574 | 33 | "UPDATING", |
60356f33 MW |
34 | "REKEYING", |
35 | "DELETING", | |
a985db3f | 36 | "DESTROYING", |
60356f33 | 37 | ); |
bcb95ced | 38 | |
3ebebc5e MW |
39 | typedef struct private_child_sa_t private_child_sa_t; |
40 | ||
41 | /** | |
7b8bae99 | 42 | * Private data of a child_sa_t object. |
3ebebc5e MW |
43 | */ |
44 | struct private_child_sa_t { | |
45 | /** | |
144f676c | 46 | * Public interface of child_sa_t. |
3ebebc5e MW |
47 | */ |
48 | child_sa_t public; | |
7daf5226 | 49 | |
80853d84 MW |
50 | /** |
51 | * address of us | |
52 | */ | |
53 | host_t *my_addr; | |
7daf5226 | 54 | |
3efbf983 | 55 | /** |
80853d84 | 56 | * address of remote |
3efbf983 | 57 | */ |
80853d84 | 58 | host_t *other_addr; |
7daf5226 | 59 | |
3efbf983 | 60 | /** |
80853d84 | 61 | * our actually used SPI, 0 if unused |
3efbf983 | 62 | */ |
80853d84 | 63 | u_int32_t my_spi; |
7daf5226 | 64 | |
aeda79ff | 65 | /** |
80853d84 | 66 | * others used SPI, 0 if unused |
aeda79ff | 67 | */ |
80853d84 | 68 | u_int32_t other_spi; |
7daf5226 | 69 | |
8dfbe71b | 70 | /** |
80853d84 | 71 | * our Compression Parameter Index (CPI) used, 0 if unused |
8dfbe71b | 72 | */ |
80853d84 | 73 | u_int16_t my_cpi; |
7daf5226 | 74 | |
8dfbe71b | 75 | /** |
80853d84 | 76 | * others Compression Parameter Index (CPI) used, 0 if unused |
8dfbe71b | 77 | */ |
80853d84 | 78 | u_int16_t other_cpi; |
7daf5226 | 79 | |
5d187bd2 | 80 | /** |
80853d84 | 81 | * List for local traffic selectors |
5d187bd2 | 82 | */ |
80853d84 | 83 | linked_list_t *my_ts; |
7daf5226 | 84 | |
80853d84 MW |
85 | /** |
86 | * List for remote traffic selectors | |
87 | */ | |
88 | linked_list_t *other_ts; | |
7daf5226 | 89 | |
c0593835 | 90 | /** |
80853d84 | 91 | * Protocol used to protect this SA, ESP|AH |
c0593835 | 92 | */ |
80853d84 | 93 | protocol_id_t protocol; |
7daf5226 | 94 | |
3c7e72f5 | 95 | /** |
80853d84 | 96 | * reqid used for this child_sa |
3c7e72f5 | 97 | */ |
80853d84 | 98 | u_int32_t reqid; |
7daf5226 | 99 | |
ee26c537 AS |
100 | /** |
101 | * inbound mark used for this child_sa | |
102 | */ | |
103 | mark_t mark_in; | |
104 | ||
105 | /** | |
106 | * outbound mark used for this child_sa | |
107 | */ | |
108 | mark_t mark_out; | |
109 | ||
a2a3fb3e | 110 | /** |
6e10aead | 111 | * absolute time when rekeying is scheduled |
a2a3fb3e | 112 | */ |
6e10aead | 113 | time_t rekey_time; |
7daf5226 | 114 | |
e70d5576 | 115 | /** |
6e10aead | 116 | * absolute time when the SA expires |
e70d5576 | 117 | */ |
6e10aead | 118 | time_t expire_time; |
7daf5226 | 119 | |
bcb95ced MW |
120 | /** |
121 | * state of the CHILD_SA | |
122 | */ | |
123 | child_sa_state_t state; | |
fff4ee8a | 124 | |
1239c6f4 | 125 | /** |
fc2d1c42 | 126 | * Specifies if UDP encapsulation is enabled (NAT traversal) |
1239c6f4 | 127 | */ |
fc2d1c42 | 128 | bool encap; |
7daf5226 | 129 | |
d4aad554 TB |
130 | /** |
131 | * Specifies the IPComp transform used (IPCOMP_NONE if disabled) | |
132 | */ | |
133 | ipcomp_transform_t ipcomp; | |
7daf5226 | 134 | |
7652be89 MW |
135 | /** |
136 | * mode this SA uses, tunnel/transport | |
137 | */ | |
a341a68f | 138 | ipsec_mode_t mode; |
7daf5226 | 139 | |
4c401ea2 MW |
140 | /** |
141 | * Action to enforce if peer closes the CHILD_SA | |
142 | */ | |
143 | action_t close_action; | |
144 | ||
145 | /** | |
146 | * Action to enforce if peer is considered dead | |
147 | */ | |
148 | action_t dpd_action; | |
149 | ||
80853d84 | 150 | /** |
7b3814f7 MW |
151 | * selected proposal |
152 | */ | |
153 | proposal_t *proposal; | |
7daf5226 | 154 | |
c60c7694 | 155 | /** |
e0fe7651 | 156 | * config used to create this child |
c60c7694 | 157 | */ |
e0fe7651 | 158 | child_cfg_t *config; |
3f720dc7 AS |
159 | |
160 | /** | |
161 | * time of last use in seconds (inbound) | |
162 | */ | |
163 | u_int32_t my_usetime; | |
164 | ||
165 | /** | |
166 | * time of last use in seconds (outbound) | |
167 | */ | |
168 | u_int32_t other_usetime; | |
169 | ||
170 | /** | |
171 | * last number of inbound bytes | |
172 | */ | |
173 | u_int64_t my_usebytes; | |
174 | ||
175 | /** | |
176 | * last number of outbound bytes | |
177 | */ | |
178 | u_int64_t other_usebytes; | |
3ebebc5e MW |
179 | }; |
180 | ||
9f166d9a TB |
181 | /** |
182 | * convert an IKEv2 specific protocol identifier to the IP protocol identifier. | |
183 | */ | |
184 | static inline u_int8_t proto_ike2ip(protocol_id_t protocol) | |
185 | { | |
186 | switch (protocol) | |
187 | { | |
188 | case PROTO_ESP: | |
189 | return IPPROTO_ESP; | |
190 | case PROTO_AH: | |
191 | return IPPROTO_AH; | |
192 | default: | |
193 | return protocol; | |
194 | } | |
195 | } | |
196 | ||
9d941742 TB |
197 | METHOD(child_sa_t, get_name, char*, |
198 | private_child_sa_t *this) | |
9be547c0 | 199 | { |
e0fe7651 | 200 | return this->config->get_name(this->config); |
9be547c0 MW |
201 | } |
202 | ||
9d941742 TB |
203 | METHOD(child_sa_t, get_reqid, u_int32_t, |
204 | private_child_sa_t *this) | |
32b6500f MW |
205 | { |
206 | return this->reqid; | |
207 | } | |
3aaf7908 | 208 | |
9d941742 TB |
209 | METHOD(child_sa_t, get_config, child_cfg_t*, |
210 | private_child_sa_t *this) | |
3aaf7908 MW |
211 | { |
212 | return this->config; | |
213 | } | |
214 | ||
9d941742 TB |
215 | METHOD(child_sa_t, set_state, void, |
216 | private_child_sa_t *this, child_sa_state_t state) | |
3aaf7908 MW |
217 | { |
218 | charon->bus->child_state_change(charon->bus, &this->public, state); | |
219 | this->state = state; | |
220 | } | |
221 | ||
9d941742 TB |
222 | METHOD(child_sa_t, get_state, child_sa_state_t, |
223 | private_child_sa_t *this) | |
3aaf7908 MW |
224 | { |
225 | return this->state; | |
226 | } | |
227 | ||
9d941742 TB |
228 | METHOD(child_sa_t, get_spi, u_int32_t, |
229 | private_child_sa_t *this, bool inbound) | |
8d77edde | 230 | { |
80853d84 | 231 | return inbound ? this->my_spi : this->other_spi; |
8d77edde MW |
232 | } |
233 | ||
9d941742 TB |
234 | METHOD(child_sa_t, get_cpi, u_int16_t, |
235 | private_child_sa_t *this, bool inbound) | |
66da78b4 | 236 | { |
80853d84 | 237 | return inbound ? this->my_cpi : this->other_cpi; |
66da78b4 AS |
238 | } |
239 | ||
9d941742 TB |
240 | METHOD(child_sa_t, get_protocol, protocol_id_t, |
241 | private_child_sa_t *this) | |
8d77edde MW |
242 | { |
243 | return this->protocol; | |
244 | } | |
32b6500f | 245 | |
9d941742 TB |
246 | METHOD(child_sa_t, set_protocol, void, |
247 | private_child_sa_t *this, protocol_id_t protocol) | |
3aaf7908 MW |
248 | { |
249 | this->protocol = protocol; | |
250 | } | |
251 | ||
9d941742 TB |
252 | METHOD(child_sa_t, get_mode, ipsec_mode_t, |
253 | private_child_sa_t *this) | |
80853d84 MW |
254 | { |
255 | return this->mode; | |
256 | } | |
257 | ||
9d941742 TB |
258 | METHOD(child_sa_t, set_mode, void, |
259 | private_child_sa_t *this, ipsec_mode_t mode) | |
3aaf7908 MW |
260 | { |
261 | this->mode = mode; | |
262 | } | |
263 | ||
9d941742 TB |
264 | METHOD(child_sa_t, has_encap, bool, |
265 | private_child_sa_t *this) | |
82d20c05 MW |
266 | { |
267 | return this->encap; | |
268 | } | |
269 | ||
9d941742 TB |
270 | METHOD(child_sa_t, get_ipcomp, ipcomp_transform_t, |
271 | private_child_sa_t *this) | |
82d20c05 MW |
272 | { |
273 | return this->ipcomp; | |
274 | } | |
275 | ||
9d941742 TB |
276 | METHOD(child_sa_t, set_ipcomp, void, |
277 | private_child_sa_t *this, ipcomp_transform_t ipcomp) | |
bcb95ced | 278 | { |
3aaf7908 | 279 | this->ipcomp = ipcomp; |
bcb95ced MW |
280 | } |
281 | ||
9d941742 TB |
282 | METHOD(child_sa_t, set_close_action, void, |
283 | private_child_sa_t *this, action_t action) | |
4c401ea2 MW |
284 | { |
285 | this->close_action = action; | |
286 | } | |
287 | ||
9d941742 TB |
288 | METHOD(child_sa_t, get_close_action, action_t, |
289 | private_child_sa_t *this) | |
4c401ea2 MW |
290 | { |
291 | return this->close_action; | |
292 | } | |
293 | ||
9d941742 TB |
294 | METHOD(child_sa_t, set_dpd_action, void, |
295 | private_child_sa_t *this, action_t action) | |
4c401ea2 MW |
296 | { |
297 | this->dpd_action = action; | |
298 | } | |
299 | ||
9d941742 TB |
300 | METHOD(child_sa_t, get_dpd_action, action_t, |
301 | private_child_sa_t *this) | |
4c401ea2 MW |
302 | { |
303 | return this->dpd_action; | |
304 | } | |
305 | ||
9d941742 TB |
306 | METHOD(child_sa_t, get_proposal, proposal_t*, |
307 | private_child_sa_t *this) | |
c60c7694 | 308 | { |
3aaf7908 MW |
309 | return this->proposal; |
310 | } | |
311 | ||
9d941742 TB |
312 | METHOD(child_sa_t, set_proposal, void, |
313 | private_child_sa_t *this, proposal_t *proposal) | |
3aaf7908 MW |
314 | { |
315 | this->proposal = proposal->clone(proposal); | |
316 | } | |
317 | ||
9d941742 TB |
318 | METHOD(child_sa_t, get_traffic_selectors, linked_list_t*, |
319 | private_child_sa_t *this, bool local) | |
3aaf7908 MW |
320 | { |
321 | return local ? this->my_ts : this->other_ts; | |
c60c7694 MW |
322 | } |
323 | ||
1df106bf MW |
324 | typedef struct policy_enumerator_t policy_enumerator_t; |
325 | ||
326 | /** | |
327 | * Private policy enumerator | |
328 | */ | |
329 | struct policy_enumerator_t { | |
330 | /** implements enumerator_t */ | |
331 | enumerator_t public; | |
332 | /** enumerator over own TS */ | |
333 | enumerator_t *mine; | |
334 | /** enumerator over others TS */ | |
335 | enumerator_t *other; | |
336 | /** list of others TS, to recreate enumerator */ | |
337 | linked_list_t *list; | |
6df2837a MW |
338 | /** currently enumerating TS for "me" side */ |
339 | traffic_selector_t *ts; | |
1df106bf MW |
340 | }; |
341 | ||
9d941742 TB |
342 | METHOD(enumerator_t, policy_enumerate, bool, |
343 | policy_enumerator_t *this, traffic_selector_t **my_out, | |
344 | traffic_selector_t **other_out) | |
1df106bf | 345 | { |
6df2837a | 346 | traffic_selector_t *other_ts; |
7daf5226 | 347 | |
6df2837a | 348 | while (this->ts || this->mine->enumerate(this->mine, &this->ts)) |
1df106bf | 349 | { |
6df2837a MW |
350 | if (!this->other->enumerate(this->other, &other_ts)) |
351 | { /* end of others list, restart with new of mine */ | |
352 | this->other->destroy(this->other); | |
353 | this->other = this->list->create_enumerator(this->list); | |
354 | this->ts = NULL; | |
355 | continue; | |
356 | } | |
357 | if (this->ts->get_type(this->ts) != other_ts->get_type(other_ts)) | |
358 | { /* family mismatch */ | |
359 | continue; | |
360 | } | |
361 | if (this->ts->get_protocol(this->ts) && | |
362 | other_ts->get_protocol(other_ts) && | |
363 | this->ts->get_protocol(this->ts) != other_ts->get_protocol(other_ts)) | |
364 | { /* protocol mismatch */ | |
365 | continue; | |
1df106bf | 366 | } |
6df2837a MW |
367 | *my_out = this->ts; |
368 | *other_out = other_ts; | |
369 | return TRUE; | |
1df106bf MW |
370 | } |
371 | return FALSE; | |
372 | } | |
373 | ||
9d941742 TB |
374 | METHOD(enumerator_t, policy_destroy, void, |
375 | policy_enumerator_t *this) | |
1df106bf MW |
376 | { |
377 | this->mine->destroy(this->mine); | |
378 | this->other->destroy(this->other); | |
379 | free(this); | |
380 | } | |
381 | ||
9d941742 TB |
382 | METHOD(child_sa_t, create_policy_enumerator, enumerator_t*, |
383 | private_child_sa_t *this) | |
1df106bf | 384 | { |
9d941742 | 385 | policy_enumerator_t *e; |
7daf5226 | 386 | |
9d941742 TB |
387 | INIT(e, |
388 | .public = { | |
389 | .enumerate = (void*)_policy_enumerate, | |
390 | .destroy = _policy_destroy, | |
391 | }, | |
392 | .mine = this->my_ts->create_enumerator(this->my_ts), | |
393 | .other = this->other_ts->create_enumerator(this->other_ts), | |
394 | .list = this->other_ts, | |
395 | .ts = NULL, | |
396 | ); | |
7daf5226 | 397 | |
1df106bf MW |
398 | return &e->public; |
399 | } | |
400 | ||
dd83c6d4 TB |
401 | /** |
402 | * update the cached usebytes | |
403 | * returns SUCCESS if the usebytes have changed, FAILED if not or no SPIs | |
404 | * are available, and NOT_SUPPORTED if the kernel interface does not support | |
99dd4291 | 405 | * querying the usebytes. |
dd83c6d4 | 406 | */ |
c3a78360 | 407 | static status_t update_usebytes(private_child_sa_t *this, bool inbound) |
dd83c6d4 TB |
408 | { |
409 | status_t status = FAILED; | |
410 | u_int64_t bytes; | |
7daf5226 | 411 | |
dd83c6d4 TB |
412 | if (inbound) |
413 | { | |
414 | if (this->my_spi) | |
415 | { | |
ee26c537 | 416 | status = charon->kernel_interface->query_sa(charon->kernel_interface, |
9f166d9a TB |
417 | this->other_addr, this->my_addr, this->my_spi, |
418 | proto_ike2ip(this->protocol), this->mark_in, | |
419 | &bytes); | |
dd83c6d4 TB |
420 | if (status == SUCCESS) |
421 | { | |
422 | if (bytes > this->my_usebytes) | |
423 | { | |
424 | this->my_usebytes = bytes; | |
425 | return SUCCESS; | |
426 | } | |
427 | return FAILED; | |
428 | } | |
429 | } | |
430 | } | |
431 | else | |
432 | { | |
433 | if (this->other_spi) | |
434 | { | |
ee26c537 | 435 | status = charon->kernel_interface->query_sa(charon->kernel_interface, |
9f166d9a TB |
436 | this->my_addr, this->other_addr, this->other_spi, |
437 | proto_ike2ip(this->protocol), this->mark_out, | |
438 | &bytes); | |
dd83c6d4 TB |
439 | if (status == SUCCESS) |
440 | { | |
441 | if (bytes > this->other_usebytes) | |
442 | { | |
443 | this->other_usebytes = bytes; | |
444 | return SUCCESS; | |
445 | } | |
446 | return FAILED; | |
447 | } | |
448 | } | |
449 | } | |
450 | return status; | |
451 | } | |
452 | ||
a3ce4bc2 | 453 | /** |
c3a78360 | 454 | * updates the cached usetime |
a3ce4bc2 | 455 | */ |
c3a78360 | 456 | static void update_usetime(private_child_sa_t *this, bool inbound) |
a3ce4bc2 | 457 | { |
1df106bf | 458 | enumerator_t *enumerator; |
6e10aead MW |
459 | traffic_selector_t *my_ts, *other_ts; |
460 | u_int32_t last_use = 0; | |
7daf5226 | 461 | |
1df106bf MW |
462 | enumerator = create_policy_enumerator(this); |
463 | while (enumerator->enumerate(enumerator, &my_ts, &other_ts)) | |
a3ce4bc2 | 464 | { |
6e10aead | 465 | u_int32_t in, out, fwd; |
7daf5226 | 466 | |
dd83c6d4 | 467 | if (inbound) |
a3ce4bc2 | 468 | { |
6e10aead | 469 | if (charon->kernel_interface->query_policy(charon->kernel_interface, |
ee26c537 | 470 | other_ts, my_ts, POLICY_IN, this->mark_in, &in) == SUCCESS) |
6e10aead MW |
471 | { |
472 | last_use = max(last_use, in); | |
473 | } | |
ce42db09 | 474 | if (this->mode != MODE_TRANSPORT) |
6e10aead | 475 | { |
d487b4b7 | 476 | if (charon->kernel_interface->query_policy(charon->kernel_interface, |
ee26c537 | 477 | other_ts, my_ts, POLICY_FWD, this->mark_in, &fwd) == SUCCESS) |
d487b4b7 AS |
478 | { |
479 | last_use = max(last_use, fwd); | |
480 | } | |
6e10aead | 481 | } |
a3ce4bc2 | 482 | } |
6e10aead | 483 | else |
a3ce4bc2 | 484 | { |
6e10aead | 485 | if (charon->kernel_interface->query_policy(charon->kernel_interface, |
ee26c537 | 486 | my_ts, other_ts, POLICY_OUT, this->mark_out, &out) == SUCCESS) |
6e10aead MW |
487 | { |
488 | last_use = max(last_use, out); | |
489 | } | |
a3ce4bc2 MW |
490 | } |
491 | } | |
1df106bf | 492 | enumerator->destroy(enumerator); |
99dd4291 AS |
493 | |
494 | if (last_use == 0) | |
495 | { | |
496 | return; | |
497 | } | |
3f720dc7 AS |
498 | if (inbound) |
499 | { | |
500 | this->my_usetime = last_use; | |
501 | } | |
502 | else | |
503 | { | |
504 | this->other_usetime = last_use; | |
505 | } | |
6e10aead MW |
506 | } |
507 | ||
9d941742 TB |
508 | METHOD(child_sa_t, get_usestats, void, |
509 | private_child_sa_t *this, bool inbound, time_t *time, u_int64_t *bytes) | |
2ad51539 | 510 | { |
c3a78360 | 511 | if (update_usebytes(this, inbound) != FAILED) |
99dd4291 AS |
512 | { |
513 | /* there was traffic since last update or the kernel interface | |
514 | * does not support querying the number of usebytes. | |
515 | */ | |
c3a78360 TB |
516 | update_usetime(this, inbound); |
517 | } | |
518 | if (time) | |
519 | { | |
520 | *time = inbound ? this->my_usetime : this->other_usetime; | |
521 | } | |
522 | if (bytes) | |
523 | { | |
524 | *bytes = inbound ? this->my_usebytes : this->other_usebytes; | |
525 | } | |
2ad51539 AS |
526 | } |
527 | ||
9d941742 TB |
528 | METHOD(child_sa_t, get_lifetime, time_t, |
529 | private_child_sa_t *this, bool hard) | |
6e10aead | 530 | { |
80853d84 | 531 | return hard ? this->expire_time : this->rekey_time; |
a3ce4bc2 MW |
532 | } |
533 | ||
9d941742 TB |
534 | METHOD(child_sa_t, alloc_spi, u_int32_t, |
535 | private_child_sa_t *this, protocol_id_t protocol) | |
1396815a | 536 | { |
64e8ca28 | 537 | if (charon->kernel_interface->get_spi(charon->kernel_interface, |
9f166d9a TB |
538 | this->other_addr, this->my_addr, |
539 | proto_ike2ip(protocol), this->reqid, | |
540 | &this->my_spi) == SUCCESS) | |
64e8ca28 MW |
541 | { |
542 | return this->my_spi; | |
1396815a | 543 | } |
3aaf7908 | 544 | return 0; |
1396815a MW |
545 | } |
546 | ||
9d941742 TB |
547 | METHOD(child_sa_t, alloc_cpi, u_int16_t, |
548 | private_child_sa_t *this) | |
3ebebc5e | 549 | { |
3aaf7908 | 550 | if (charon->kernel_interface->get_cpi(charon->kernel_interface, |
9f166d9a TB |
551 | this->other_addr, this->my_addr, |
552 | this->reqid, &this->my_cpi) == SUCCESS) | |
30b5b412 | 553 | { |
3aaf7908 | 554 | return this->my_cpi; |
30b5b412 | 555 | } |
3aaf7908 | 556 | return 0; |
3ebebc5e MW |
557 | } |
558 | ||
9d941742 TB |
559 | METHOD(child_sa_t, install, status_t, |
560 | private_child_sa_t *this, chunk_t encr, chunk_t integ, u_int32_t spi, | |
561 | u_int16_t cpi, bool inbound, linked_list_t *my_ts, | |
562 | linked_list_t *other_ts) | |
3ebebc5e | 563 | { |
80853d84 | 564 | u_int16_t enc_alg = ENCR_UNDEFINED, int_alg = AUTH_UNDEFINED, size; |
6ec949e0 | 565 | traffic_selector_t *src_ts = NULL, *dst_ts = NULL; |
cb123493 TB |
566 | time_t now; |
567 | lifetime_cfg_t *lifetime; | |
e517b4b1 | 568 | host_t *src, *dst; |
30b5b412 | 569 | status_t status; |
3aaf7908 | 570 | bool update = FALSE; |
7daf5226 | 571 | |
80853d84 MW |
572 | /* now we have to decide which spi to use. Use self allocated, if "in", |
573 | * or the one in the proposal, if not "in" (others). Additionally, | |
3efbf983 | 574 | * source and dest host switch depending on the role */ |
3aaf7908 | 575 | if (inbound) |
aeda79ff | 576 | { |
80853d84 MW |
577 | dst = this->my_addr; |
578 | src = this->other_addr; | |
3aaf7908 MW |
579 | if (this->my_spi == spi) |
580 | { /* alloc_spi has been called, do an SA update */ | |
581 | update = TRUE; | |
582 | } | |
583 | this->my_spi = spi; | |
584 | this->my_cpi = cpi; | |
aeda79ff | 585 | } |
8d77edde MW |
586 | else |
587 | { | |
80853d84 MW |
588 | src = this->my_addr; |
589 | dst = this->other_addr; | |
3aaf7908 MW |
590 | this->other_spi = spi; |
591 | this->other_cpi = cpi; | |
8d77edde | 592 | } |
7daf5226 | 593 | |
3aaf7908 | 594 | DBG2(DBG_CHD, "adding %s %N SA", inbound ? "inbound" : "outbound", |
60356f33 | 595 | protocol_id_names, this->protocol); |
7daf5226 | 596 | |
5c131a01 | 597 | /* send SA down to the kernel */ |
b83806d8 | 598 | DBG2(DBG_CHD, " SPI 0x%.8x, src %H dst %H", ntohl(spi), src, dst); |
7daf5226 | 599 | |
3aaf7908 MW |
600 | this->proposal->get_algorithm(this->proposal, ENCRYPTION_ALGORITHM, |
601 | &enc_alg, &size); | |
602 | this->proposal->get_algorithm(this->proposal, INTEGRITY_ALGORITHM, | |
603 | &int_alg, &size); | |
7daf5226 | 604 | |
cb123493 | 605 | lifetime = this->config->get_lifetime(this->config); |
7daf5226 | 606 | |
6180a558 | 607 | now = time_monotonic(NULL); |
e75f4237 | 608 | if (lifetime->time.rekey) |
37974979 | 609 | { |
e75f4237 | 610 | this->rekey_time = now + lifetime->time.rekey; |
37974979 | 611 | } |
e75f4237 | 612 | if (lifetime->time.life) |
37974979 | 613 | { |
e75f4237 | 614 | this->expire_time = now + lifetime->time.life; |
cb123493 | 615 | } |
7daf5226 | 616 | |
e75f4237 | 617 | if (!lifetime->time.jitter && !inbound) |
cb123493 | 618 | { /* avoid triggering multiple rekey events */ |
e75f4237 | 619 | lifetime->time.rekey = 0; |
37974979 | 620 | } |
7daf5226 | 621 | |
6ec949e0 MW |
622 | if (this->mode == MODE_BEET) |
623 | { | |
624 | /* BEET requires the bound address from the traffic selectors. | |
625 | * TODO: We add just the first traffic selector for now, as the | |
626 | * kernel accepts a single TS per SA only */ | |
627 | if (inbound) | |
628 | { | |
629 | my_ts->get_first(my_ts, (void**)&dst_ts); | |
630 | other_ts->get_first(other_ts, (void**)&src_ts); | |
631 | } | |
632 | else | |
633 | { | |
634 | my_ts->get_first(my_ts, (void**)&src_ts); | |
635 | other_ts->get_first(other_ts, (void**)&dst_ts); | |
636 | } | |
637 | } | |
638 | ||
cb123493 | 639 | status = charon->kernel_interface->add_sa(charon->kernel_interface, |
9f166d9a | 640 | src, dst, spi, proto_ike2ip(this->protocol), this->reqid, |
ee26c537 AS |
641 | inbound ? this->mark_in : this->mark_out, |
642 | lifetime, enc_alg, encr, int_alg, integ, this->mode, | |
643 | this->ipcomp, cpi, this->encap, update, src_ts, dst_ts); | |
7daf5226 | 644 | |
cb123493 | 645 | free(lifetime); |
7daf5226 | 646 | |
8d77edde | 647 | return status; |
30b5b412 MW |
648 | } |
649 | ||
9d941742 TB |
650 | METHOD(child_sa_t, add_policies, status_t, |
651 | private_child_sa_t *this, linked_list_t *my_ts_list, | |
652 | linked_list_t *other_ts_list) | |
a527a426 | 653 | { |
1df106bf | 654 | enumerator_t *enumerator; |
5d187bd2 | 655 | traffic_selector_t *my_ts, *other_ts; |
1df106bf | 656 | status_t status = SUCCESS; |
ea625fab | 657 | bool routed = (this->state == CHILD_CREATED); |
7daf5226 | 658 | |
1df106bf MW |
659 | /* apply traffic selectors */ |
660 | enumerator = my_ts_list->create_enumerator(my_ts_list); | |
661 | while (enumerator->enumerate(enumerator, &my_ts)) | |
a527a426 | 662 | { |
1df106bf MW |
663 | this->my_ts->insert_last(this->my_ts, my_ts->clone(my_ts)); |
664 | } | |
665 | enumerator->destroy(enumerator); | |
666 | enumerator = other_ts_list->create_enumerator(other_ts_list); | |
667 | while (enumerator->enumerate(enumerator, &other_ts)) | |
668 | { | |
669 | this->other_ts->insert_last(this->other_ts, other_ts->clone(other_ts)); | |
670 | } | |
671 | enumerator->destroy(enumerator); | |
7daf5226 | 672 | |
d487b4b7 | 673 | if (this->config->install_policy(this->config)) |
1df106bf | 674 | { |
d487b4b7 AS |
675 | /* enumerate pairs of traffic selectors */ |
676 | enumerator = create_policy_enumerator(this); | |
677 | while (enumerator->enumerate(enumerator, &my_ts, &other_ts)) | |
678 | { | |
679 | /* install 3 policies: out, in and forward */ | |
680 | status |= charon->kernel_interface->add_policy(charon->kernel_interface, | |
9f166d9a TB |
681 | this->my_addr, this->other_addr, my_ts, other_ts, |
682 | POLICY_OUT, this->other_spi, | |
683 | proto_ike2ip(this->protocol), this->reqid, | |
684 | this->mark_out, this->mode, this->ipcomp, | |
685 | this->other_cpi, routed); | |
7daf5226 | 686 | |
d487b4b7 | 687 | status |= charon->kernel_interface->add_policy(charon->kernel_interface, |
9f166d9a TB |
688 | this->other_addr, this->my_addr, other_ts, my_ts, |
689 | POLICY_IN, this->my_spi, | |
690 | proto_ike2ip(this->protocol), this->reqid, | |
691 | this->mark_in, this->mode, this->ipcomp, | |
692 | this->my_cpi, routed); | |
3aaf7908 | 693 | if (this->mode != MODE_TRANSPORT) |
d487b4b7 AS |
694 | { |
695 | status |= charon->kernel_interface->add_policy(charon->kernel_interface, | |
9f166d9a TB |
696 | this->other_addr, this->my_addr, other_ts, my_ts, |
697 | POLICY_FWD, this->my_spi, | |
698 | proto_ike2ip(this->protocol), this->reqid, | |
699 | this->mark_in, this->mode, this->ipcomp, | |
700 | this->my_cpi, routed); | |
d487b4b7 | 701 | } |
7daf5226 | 702 | |
d487b4b7 AS |
703 | if (status != SUCCESS) |
704 | { | |
705 | break; | |
706 | } | |
5d187bd2 | 707 | } |
d487b4b7 | 708 | enumerator->destroy(enumerator); |
5d187bd2 | 709 | } |
7daf5226 | 710 | |
3aaf7908 MW |
711 | if (status == SUCCESS && this->state == CHILD_CREATED) |
712 | { /* switch to routed state if no SAD entry set up */ | |
713 | set_state(this, CHILD_ROUTED); | |
45f76a7d | 714 | } |
1df106bf | 715 | return status; |
30b5b412 MW |
716 | } |
717 | ||
9d941742 TB |
718 | METHOD(child_sa_t, update, status_t, |
719 | private_child_sa_t *this, host_t *me, host_t *other, host_t *vip, | |
720 | bool encap) | |
1396815a | 721 | { |
ad3af574 | 722 | child_sa_state_t old; |
08c6ed9f | 723 | bool transport_proxy_mode; |
7daf5226 | 724 | |
2b3100b5 | 725 | /* anything changed at all? */ |
dd83c6d4 | 726 | if (me->equals(me, this->my_addr) && |
80853d84 | 727 | other->equals(other, this->other_addr) && this->encap == encap) |
1396815a MW |
728 | { |
729 | return SUCCESS; | |
730 | } | |
7daf5226 | 731 | |
ad3af574 MW |
732 | old = this->state; |
733 | set_state(this, CHILD_UPDATING); | |
08c6ed9f AS |
734 | transport_proxy_mode = this->config->use_proxy_mode(this->config) && |
735 | this->mode == MODE_TRANSPORT; | |
7daf5226 | 736 | |
08c6ed9f | 737 | if (!transport_proxy_mode) |
ea625fab | 738 | { |
7a915d62 AS |
739 | /* update our (initator) SA */ |
740 | if (this->my_spi) | |
741 | { | |
742 | if (charon->kernel_interface->update_sa(charon->kernel_interface, | |
9f166d9a | 743 | this->my_spi, proto_ike2ip(this->protocol), |
7a915d62 AS |
744 | this->ipcomp != IPCOMP_NONE ? this->my_cpi : 0, |
745 | this->other_addr, this->my_addr, other, me, | |
ee26c537 | 746 | this->encap, encap, this->mark_in) == NOT_SUPPORTED) |
7a915d62 AS |
747 | { |
748 | return NOT_SUPPORTED; | |
749 | } | |
750 | } | |
7daf5226 | 751 | |
7a915d62 AS |
752 | /* update his (responder) SA */ |
753 | if (this->other_spi) | |
754 | { | |
755 | if (charon->kernel_interface->update_sa(charon->kernel_interface, | |
9f166d9a | 756 | this->other_spi, proto_ike2ip(this->protocol), |
b9b8a98f | 757 | this->ipcomp != IPCOMP_NONE ? this->other_cpi : 0, |
7a915d62 | 758 | this->my_addr, this->other_addr, me, other, |
ee26c537 | 759 | this->encap, encap, this->mark_out) == NOT_SUPPORTED) |
7a915d62 AS |
760 | { |
761 | return NOT_SUPPORTED; | |
762 | } | |
763 | } | |
ea625fab | 764 | } |
7daf5226 | 765 | |
d487b4b7 | 766 | if (this->config->install_policy(this->config)) |
1396815a | 767 | { |
d487b4b7 AS |
768 | /* update policies */ |
769 | if (!me->ip_equals(me, this->my_addr) || | |
770 | !other->ip_equals(other, this->other_addr)) | |
1396815a | 771 | { |
d487b4b7 AS |
772 | enumerator_t *enumerator; |
773 | traffic_selector_t *my_ts, *other_ts; | |
7daf5226 | 774 | |
d487b4b7 AS |
775 | /* always use high priorities, as hosts getting updated are INSTALLED */ |
776 | enumerator = create_policy_enumerator(this); | |
777 | while (enumerator->enumerate(enumerator, &my_ts, &other_ts)) | |
778 | { | |
779 | /* remove old policies first */ | |
780 | charon->kernel_interface->del_policy(charon->kernel_interface, | |
ee26c537 | 781 | my_ts, other_ts, POLICY_OUT, this->mark_out, FALSE); |
d487b4b7 | 782 | charon->kernel_interface->del_policy(charon->kernel_interface, |
ee26c537 | 783 | other_ts, my_ts, POLICY_IN, this->mark_in, FALSE); |
ce42db09 | 784 | if (this->mode != MODE_TRANSPORT) |
d487b4b7 AS |
785 | { |
786 | charon->kernel_interface->del_policy(charon->kernel_interface, | |
ee26c537 | 787 | other_ts, my_ts, POLICY_FWD, this->mark_in, FALSE); |
d487b4b7 | 788 | } |
7daf5226 | 789 | |
d487b4b7 AS |
790 | /* check whether we have to update a "dynamic" traffic selector */ |
791 | if (!me->ip_equals(me, this->my_addr) && | |
792 | my_ts->is_host(my_ts, this->my_addr)) | |
793 | { | |
794 | my_ts->set_address(my_ts, me); | |
795 | } | |
796 | if (!other->ip_equals(other, this->other_addr) && | |
797 | other_ts->is_host(other_ts, this->other_addr)) | |
798 | { | |
799 | other_ts->set_address(other_ts, other); | |
800 | } | |
7daf5226 | 801 | |
d487b4b7 AS |
802 | /* we reinstall the virtual IP to handle interface roaming |
803 | * correctly */ | |
804 | if (vip) | |
805 | { | |
806 | charon->kernel_interface->del_ip(charon->kernel_interface, vip); | |
807 | charon->kernel_interface->add_ip(charon->kernel_interface, vip, me); | |
808 | } | |
7daf5226 | 809 | |
d487b4b7 AS |
810 | /* reinstall updated policies */ |
811 | charon->kernel_interface->add_policy(charon->kernel_interface, | |
9f166d9a TB |
812 | me, other, my_ts, other_ts, POLICY_OUT, |
813 | this->other_spi, proto_ike2ip(this->protocol), | |
814 | this->reqid, this->mark_out, this->mode, | |
815 | this->ipcomp, this->other_cpi, FALSE); | |
dd83c6d4 | 816 | charon->kernel_interface->add_policy(charon->kernel_interface, |
9f166d9a TB |
817 | other, me, other_ts, my_ts, POLICY_IN, |
818 | this->my_spi, proto_ike2ip(this->protocol), | |
819 | this->reqid, this->mark_in, this->mode, | |
820 | this->ipcomp, this->my_cpi, FALSE); | |
ce42db09 | 821 | if (this->mode != MODE_TRANSPORT) |
d487b4b7 AS |
822 | { |
823 | charon->kernel_interface->add_policy(charon->kernel_interface, | |
9f166d9a TB |
824 | other, me, other_ts, my_ts, POLICY_FWD, |
825 | this->my_spi, proto_ike2ip(this->protocol), | |
826 | this->reqid, this->mark_in, this->mode, | |
827 | this->ipcomp, this->my_cpi, FALSE); | |
d487b4b7 AS |
828 | } |
829 | } | |
830 | enumerator->destroy(enumerator); | |
1396815a MW |
831 | } |
832 | } | |
7a915d62 | 833 | |
08c6ed9f AS |
834 | if (!transport_proxy_mode) |
835 | { | |
836 | /* apply hosts */ | |
837 | if (!me->equals(me, this->my_addr)) | |
838 | { | |
839 | this->my_addr->destroy(this->my_addr); | |
840 | this->my_addr = me->clone(me); | |
841 | } | |
842 | if (!other->equals(other, this->other_addr)) | |
843 | { | |
844 | this->other_addr->destroy(this->other_addr); | |
845 | this->other_addr = other->clone(other); | |
846 | } | |
847 | } | |
848 | ||
ea625fab | 849 | this->encap = encap; |
ad3af574 | 850 | set_state(this, old); |
7a915d62 | 851 | |
1396815a MW |
852 | return SUCCESS; |
853 | } | |
854 | ||
9d941742 TB |
855 | METHOD(child_sa_t, destroy, void, |
856 | private_child_sa_t *this) | |
30b5b412 | 857 | { |
1df106bf MW |
858 | enumerator_t *enumerator; |
859 | traffic_selector_t *my_ts, *other_ts; | |
ea625fab | 860 | bool unrouted = (this->state == CHILD_ROUTED); |
7daf5226 | 861 | |
a985db3f | 862 | set_state(this, CHILD_DESTROYING); |
7daf5226 | 863 | |
5d187bd2 | 864 | /* delete SAs in the kernel, if they are set up */ |
80853d84 | 865 | if (this->my_spi) |
5d187bd2 | 866 | { |
1bc0b4f7 MW |
867 | /* if CHILD was not established, use PROTO_ESP used during alloc_spi(). |
868 | * TODO: For AH support, we have to store protocol specific SPI.s */ | |
869 | if (this->protocol == PROTO_NONE) | |
870 | { | |
871 | this->protocol = PROTO_ESP; | |
872 | } | |
5d187bd2 | 873 | charon->kernel_interface->del_sa(charon->kernel_interface, |
d24a74c5 | 874 | this->other_addr, this->my_addr, this->my_spi, |
9f166d9a TB |
875 | proto_ike2ip(this->protocol), this->my_cpi, |
876 | this->mark_in); | |
3efbf983 | 877 | } |
80853d84 | 878 | if (this->other_spi) |
3efbf983 | 879 | { |
5d187bd2 | 880 | charon->kernel_interface->del_sa(charon->kernel_interface, |
d24a74c5 | 881 | this->my_addr, this->other_addr, this->other_spi, |
9f166d9a TB |
882 | proto_ike2ip(this->protocol), this->other_cpi, |
883 | this->mark_out); | |
d4aad554 | 884 | } |
7daf5226 | 885 | |
d487b4b7 | 886 | if (this->config->install_policy(this->config)) |
695723d4 | 887 | { |
d487b4b7 AS |
888 | /* delete all policies in the kernel */ |
889 | enumerator = create_policy_enumerator(this); | |
890 | while (enumerator->enumerate(enumerator, &my_ts, &other_ts)) | |
891 | { | |
892 | charon->kernel_interface->del_policy(charon->kernel_interface, | |
9f166d9a | 893 | my_ts, other_ts, POLICY_OUT, this->mark_out, unrouted); |
d487b4b7 | 894 | charon->kernel_interface->del_policy(charon->kernel_interface, |
9f166d9a | 895 | other_ts, my_ts, POLICY_IN, this->mark_in, unrouted); |
ce42db09 | 896 | if (this->mode != MODE_TRANSPORT) |
d487b4b7 AS |
897 | { |
898 | charon->kernel_interface->del_policy(charon->kernel_interface, | |
9f166d9a | 899 | other_ts, my_ts, POLICY_FWD, this->mark_in, unrouted); |
d487b4b7 AS |
900 | } |
901 | } | |
902 | enumerator->destroy(enumerator); | |
5d187bd2 | 903 | } |
7daf5226 | 904 | |
1df106bf MW |
905 | this->my_ts->destroy_offset(this->my_ts, offsetof(traffic_selector_t, destroy)); |
906 | this->other_ts->destroy_offset(this->other_ts, offsetof(traffic_selector_t, destroy)); | |
80853d84 MW |
907 | this->my_addr->destroy(this->my_addr); |
908 | this->other_addr->destroy(this->other_addr); | |
909 | DESTROY_IF(this->proposal); | |
e0fe7651 | 910 | this->config->destroy(this->config); |
5113680f | 911 | free(this); |
30b5b412 MW |
912 | } |
913 | ||
9d941742 | 914 | /** |
30b5b412 MW |
915 | * Described in header. |
916 | */ | |
c60c7694 | 917 | child_sa_t * child_sa_create(host_t *me, host_t* other, |
fc2d1c42 | 918 | child_cfg_t *config, u_int32_t rekey, bool encap) |
30b5b412 | 919 | { |
c60c7694 | 920 | static u_int32_t reqid = 0; |
9d941742 TB |
921 | private_child_sa_t *this; |
922 | ||
923 | INIT(this, | |
924 | .public = { | |
925 | .get_name = _get_name, | |
926 | .get_reqid = _get_reqid, | |
927 | .get_config = _get_config, | |
928 | .get_state = _get_state, | |
929 | .set_state = _set_state, | |
930 | .get_spi = _get_spi, | |
931 | .get_cpi = _get_cpi, | |
932 | .get_protocol = _get_protocol, | |
933 | .set_protocol = _set_protocol, | |
934 | .get_mode = _get_mode, | |
935 | .set_mode = _set_mode, | |
936 | .get_proposal = _get_proposal, | |
937 | .set_proposal = _set_proposal, | |
938 | .get_lifetime = _get_lifetime, | |
939 | .get_usestats = _get_usestats, | |
940 | .has_encap = _has_encap, | |
941 | .get_ipcomp = _get_ipcomp, | |
942 | .set_ipcomp = _set_ipcomp, | |
943 | .get_close_action = _get_close_action, | |
944 | .set_close_action = _set_close_action, | |
945 | .get_dpd_action = _get_dpd_action, | |
946 | .set_dpd_action = _set_dpd_action, | |
947 | .alloc_spi = _alloc_spi, | |
948 | .alloc_cpi = _alloc_cpi, | |
949 | .install = _install, | |
950 | .update = _update, | |
951 | .add_policies = _add_policies, | |
952 | .get_traffic_selectors = _get_traffic_selectors, | |
953 | .create_policy_enumerator = _create_policy_enumerator, | |
954 | .destroy = _destroy, | |
955 | }, | |
956 | .my_addr = me->clone(me), | |
957 | .other_addr = other->clone(other), | |
958 | .encap = encap, | |
959 | .ipcomp = IPCOMP_NONE, | |
960 | .state = CHILD_CREATED, | |
961 | .my_ts = linked_list_create(), | |
962 | .other_ts = linked_list_create(), | |
963 | .protocol = PROTO_NONE, | |
964 | .mode = MODE_TUNNEL, | |
965 | .close_action = config->get_close_action(config), | |
966 | .dpd_action = config->get_dpd_action(config), | |
967 | .reqid = config->get_reqid(config), | |
968 | .mark_in = config->get_mark(config, TRUE), | |
969 | .mark_out = config->get_mark(config, FALSE), | |
970 | ); | |
971 | ||
e0fe7651 MW |
972 | this->config = config; |
973 | config->get_ref(config); | |
ee26c537 | 974 | |
71a66a62 RB |
975 | if (!this->reqid) |
976 | { | |
977 | /* reuse old reqid if we are rekeying an existing CHILD_SA */ | |
978 | this->reqid = rekey ? rekey : ++reqid; | |
979 | } | |
7daf5226 | 980 | |
dd83c6d4 | 981 | /* MIPv6 proxy transport mode sets SA endpoints to TS hosts */ |
d487b4b7 | 982 | if (config->get_mode(config) == MODE_TRANSPORT && |
323f9f99 | 983 | config->use_proxy_mode(config)) |
d487b4b7 AS |
984 | { |
985 | ts_type_t type; | |
986 | int family; | |
987 | chunk_t addr; | |
988 | host_t *host; | |
989 | enumerator_t *enumerator; | |
990 | linked_list_t *my_ts_list, *other_ts_list; | |
991 | traffic_selector_t *my_ts, *other_ts; | |
7daf5226 | 992 | |
d487b4b7 | 993 | this->mode = MODE_TRANSPORT; |
7daf5226 | 994 | |
d487b4b7 AS |
995 | my_ts_list = config->get_traffic_selectors(config, TRUE, NULL, me); |
996 | enumerator = my_ts_list->create_enumerator(my_ts_list); | |
997 | if (enumerator->enumerate(enumerator, &my_ts)) | |
998 | { | |
999 | if (my_ts->is_host(my_ts, NULL) && | |
1000 | !my_ts->is_host(my_ts, this->my_addr)) | |
1001 | { | |
1002 | type = my_ts->get_type(my_ts); | |
1003 | family = (type == TS_IPV4_ADDR_RANGE) ? AF_INET : AF_INET6; | |
1004 | addr = my_ts->get_from_address(my_ts); | |
1005 | host = host_create_from_chunk(family, addr, 0); | |
1006 | free(addr.ptr); | |
1007 | DBG1(DBG_CHD, "my address: %H is a transport mode proxy for %H", | |
dd83c6d4 | 1008 | this->my_addr, host); |
d487b4b7 AS |
1009 | this->my_addr->destroy(this->my_addr); |
1010 | this->my_addr = host; | |
1011 | } | |
1012 | } | |
1013 | enumerator->destroy(enumerator); | |
1014 | my_ts_list->destroy_offset(my_ts_list, offsetof(traffic_selector_t, destroy)); | |
7daf5226 | 1015 | |
d487b4b7 AS |
1016 | other_ts_list = config->get_traffic_selectors(config, FALSE, NULL, other); |
1017 | enumerator = other_ts_list->create_enumerator(other_ts_list); | |
1018 | if (enumerator->enumerate(enumerator, &other_ts)) | |
1019 | { | |
1020 | if (other_ts->is_host(other_ts, NULL) && | |
1021 | !other_ts->is_host(other_ts, this->other_addr)) | |
1022 | { | |
1023 | type = other_ts->get_type(other_ts); | |
1024 | family = (type == TS_IPV4_ADDR_RANGE) ? AF_INET : AF_INET6; | |
1025 | addr = other_ts->get_from_address(other_ts); | |
1026 | host = host_create_from_chunk(family, addr, 0); | |
1027 | free(addr.ptr); | |
1028 | DBG1(DBG_CHD, "other address: %H is a transport mode proxy for %H", | |
dd83c6d4 | 1029 | this->other_addr, host); |
d487b4b7 AS |
1030 | this->other_addr->destroy(this->other_addr); |
1031 | this->other_addr = host; | |
1032 | } | |
1033 | } | |
1034 | enumerator->destroy(enumerator); | |
1035 | other_ts_list->destroy_offset(other_ts_list, offsetof(traffic_selector_t, destroy)); | |
1036 | } | |
7daf5226 | 1037 | |
1396815a | 1038 | return &this->public; |
3ebebc5e | 1039 | } |