/*
- * Copyright (C) 2011-2016 Tobias Brunner
+ * Copyright (C) 2011-2020 Tobias Brunner
* Copyright (C) 2006 Martin Willi
* HSR Hochschule fuer Technik Rapperswil
*
}
METHOD(bus_t, ike_update, void,
- private_bus_t *this, ike_sa_t *ike_sa, bool local, host_t *new)
+ private_bus_t *this, ike_sa_t *ike_sa, host_t *local, host_t *remote)
{
enumerator_t *enumerator;
entry_t *entry;
continue;
}
entry->calling++;
- keep = entry->listener->ike_update(entry->listener, ike_sa, local, new);
+ keep = entry->listener->ike_update(entry->listener, ike_sa, local,
+ remote);
entry->calling--;
if (!keep)
{
/*
- * Copyright (C) 2012-2016 Tobias Brunner
+ * Copyright (C) 2012-2020 Tobias Brunner
* Copyright (C) 2006-2009 Martin Willi
* HSR Hochschule fuer Technik Rapperswil
*
* IKE_SA peer endpoint update hook.
*
* @param ike_sa updated IKE_SA, having old endpoints set
- * @param local TRUE if local endpoint gets updated, FALSE for remote
- * @param new new endpoint address and port
+ * @param local new/current local endpoint address and port
+ * @param remote new/current remote endpoint address and port
*/
- void (*ike_update)(bus_t *this, ike_sa_t *ike_sa, bool local, host_t *new);
+ void (*ike_update)(bus_t *this, ike_sa_t *ike_sa, host_t *local,
+ host_t *remote);
/**
* IKE_SA reestablishing hook (before resolving hosts).
/*
- * Copyright (C) 2011-2016 Tobias Brunner
+ * Copyright (C) 2011-2020 Tobias Brunner
* Copyright (C) 2009 Martin Willi
* HSR Hochschule fuer Technik Rapperswil
*
/**
* Hook called for IKE_SA peer endpoint updates.
*
+ * At least one endpoint has changed when this is invoked.
+ *
* @param ike_sa updated IKE_SA, having old endpoints set
- * @param local TRUE if local endpoint gets updated, FALSE for remote
- * @param new new endpoint address and port
+ * @param local new/current local endpoint address and port
+ * @param remote new/current remote endpoint address and port
* @return TRUE to stay registered, FALSE to unregister
*/
bool (*ike_update)(listener_t *this, ike_sa_t *ike_sa,
- bool local, host_t *new);
+ host_t *local, host_t *remote);
/**
* Hook called when an initiator reestablishes an IKE_SA.
METHOD(listener_t, ike_update, bool,
private_connmark_listener_t *this, ike_sa_t *ike_sa,
- bool local, host_t *new)
+ host_t *local, host_t *remote)
{
struct iptc_handle *ipth;
enumerator_t *enumerator;
child_sa_t *child_sa;
- host_t *dst, *src;
bool oldencap, newencap;
- if (local)
- {
- dst = new;
- src = ike_sa->get_other_host(ike_sa);
- }
- else
- {
- dst = ike_sa->get_my_host(ike_sa);
- src = new;
- }
/* during ike_update(), has_encap() on the CHILD_SA has not yet been
* updated, but shows the old state. */
newencap = ike_sa->has_condition(ike_sa, COND_NAT_ANY);
ipth = init_handle();
if (ipth)
{
- if (manage_policies(this, ipth, dst, src, oldencap,
+ if (manage_policies(this, ipth, local, remote, oldencap,
child_sa, FALSE) &&
- manage_policies(this, ipth, dst, src, newencap,
+ manage_policies(this, ipth, local, remote, newencap,
child_sa, TRUE))
{
commit_handle(ipth);
METHOD(listener_t, ike_update, bool,
private_forecast_listener_t *this, ike_sa_t *ike_sa,
- bool local, host_t *new)
+ host_t *local, host_t *remote)
{
struct iptc_handle *ipth;
enumerator_t *enumerator;
child_sa_t *child_sa;
- host_t *lhost, *rhost;
bool encap;
- if (local)
- {
- lhost = new;
- rhost = ike_sa->get_other_host(ike_sa);
- }
- else
- {
- lhost = ike_sa->get_my_host(ike_sa);
- rhost = new;
- }
/* during ike_update(), has_encap() on the CHILD_SA has not yet been
* updated, but shows the old state. */
encap = ike_sa->has_condition(ike_sa, COND_NAT_ANY);
if (ipth)
{
if (remove_entry(this, ipth, child_sa) &&
- add_entry(this, ipth, lhost, rhost, child_sa, encap))
+ add_entry(this, ipth, local, remote, child_sa, encap))
{
commit_handle(ipth);
}
METHOD(ike_sa_t, update_hosts, void,
private_ike_sa_t *this, host_t *me, host_t *other, bool force)
{
- bool update = FALSE;
+ host_t *new_me = NULL, *new_other = NULL;
+ bool silent = FALSE;
if (me == NULL)
{
if (this->my_host->is_anyaddr(this->my_host) ||
this->other_host->is_anyaddr(this->other_host))
{
- set_my_host(this, me->clone(me));
- set_other_host(this, other->clone(other));
- update = TRUE;
+ new_me = me;
+ new_other = other;
+ silent = TRUE;
}
else
{
/* update our address in any case */
if (force && !me->equals(me, this->my_host))
{
- charon->bus->ike_update(charon->bus, &this->public, TRUE, me);
- set_my_host(this, me->clone(me));
- update = TRUE;
+ new_me = me;
}
if (!other->equals(other, this->other_host) &&
(!has_condition(this, COND_NAT_HERE) ||
!has_condition(this, COND_ORIGINAL_INITIATOR)))
{
- charon->bus->ike_update(charon->bus, &this->public, FALSE, other);
- set_other_host(this, other->clone(other));
- update = TRUE;
+ new_other = other;
}
}
}
- /* update all associated CHILD_SAs, if required */
- if (update)
+ if (new_me || new_other)
{
enumerator_t *enumerator;
child_sa_t *child_sa;
linked_list_t *vips;
+ if (!silent)
+ {
+ charon->bus->ike_update(charon->bus, &this->public,
+ new_me ?: this->my_host,
+ new_other ?: this->other_host);
+ }
+ if (new_me)
+ {
+ set_my_host(this, new_me->clone(new_me));
+ }
+ if (new_other)
+ {
+ set_other_host(this, new_other->clone(new_other));
+ }
+
vips = linked_list_create_from_enumerator(
array_create_enumerator(this->my_vips));
projects / thirdparty / strongswan.git / commitdiff
