From 8262be3cdc7275015c59af0e341c5526e2472d99 Mon Sep 17 00:00:00 2001 From: Adrian-Ken Rueegsegger Date: Wed, 8 Apr 2015 18:06:51 +0200 Subject: [PATCH] Add bool param to ALERT_KEEP_ON_CHILD_SA_FAILURE alert The parameter indicates if the alert is raised upon failure to establish the first CHILD SA of an IKE SA. --- src/libcharon/bus/bus.h | 3 ++- src/libcharon/sa/ikev2/tasks/child_create.c | 8 ++++++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/src/libcharon/bus/bus.h b/src/libcharon/bus/bus.h index 051c429f95..47b8820d30 100644 --- a/src/libcharon/bus/bus.h +++ b/src/libcharon/bus/bus.h @@ -130,7 +130,8 @@ enum alert_t { ALERT_UNIQUE_REPLACE, /** IKE_SA deleted because of "keep" unique policy, no argument */ ALERT_UNIQUE_KEEP, - /** IKE_SA kept on failed child SA establishment, no argument */ + /** IKE_SA kept on failed child SA establishment, argument is an int (!=0 if + * first child SA) */ ALERT_KEEP_ON_CHILD_SA_FAILURE, /** allocating virtual IP failed, linked_list_t of host_t requested */ ALERT_VIP_FAILURE, diff --git a/src/libcharon/sa/ikev2/tasks/child_create.c b/src/libcharon/sa/ikev2/tasks/child_create.c index 6d9132a68c..6e00ebadaa 100644 --- a/src/libcharon/sa/ikev2/tasks/child_create.c +++ b/src/libcharon/sa/ikev2/tasks/child_create.c @@ -1092,7 +1092,10 @@ METHOD(task_t, process_r, status_t, static void handle_child_sa_failure(private_child_create_t *this, message_t *message) { - if (message->get_exchange_type(message) == IKE_AUTH && + bool is_first; + + is_first = message->get_exchange_type(message) == IKE_AUTH; + if (is_first && lib->settings->get_bool(lib->settings, "%s.close_ike_on_child_failure", FALSE, lib->ns)) { @@ -1106,7 +1109,8 @@ static void handle_child_sa_failure(private_child_create_t *this, else { DBG1(DBG_IKE, "failed to establish CHILD_SA, keeping IKE_SA"); - charon->bus->alert(charon->bus, ALERT_KEEP_ON_CHILD_SA_FAILURE); + charon->bus->alert(charon->bus, ALERT_KEEP_ON_CHILD_SA_FAILURE, + is_first); } } -- 2.47.2