Don't compare initiator flag in IKE_SA manager, pass initiator parameter to IKE_SA...

author Martin Willi <martin@revosec.ch>

Mon, 21 Nov 2011 16:18:43 +0000 (17:18 +0100)

committer Martin Willi <martin@revosec.ch>

Tue, 20 Mar 2012 16:30:47 +0000 (17:30 +0100)
author Martin Willi <martin@revosec.ch>
Mon, 21 Nov 2011 16:18:43 +0000 (17:18 +0100)
committer Martin Willi <martin@revosec.ch>
Tue, 20 Mar 2012 16:30:47 +0000 (17:30 +0100)
diff --git a/src/libcharon/plugins/ha/ha_dispatcher.c b/src/libcharon/plugins/ha/ha_dispatcher.c

index f430fee941858da32f897a03353499f1e365d961..71c458a89f3177aaf14293eefd2c8a62cfa65da4 100644 (file)
--- a/src/libcharon/plugins/ha/ha_dispatcher.c
+++ b/src/libcharon/plugins/ha/ha_dispatcher.c
@@ -89,7 +89,8 @@ static void process_ike_add(private_ha_dispatcher_t *this, ha_message_t *message
                 switch (attribute)
                 {
                         case HA_IKE_ID:
-                               ike_sa = ike_sa_create(value.ike_sa_id, IKEV2);
+                               ike_sa = ike_sa_create(value.ike_sa_id,
+                                               value.ike_sa_id->is_initiator(value.ike_sa_id), IKEV2);
                                 break;
                         case HA_IKE_REKEY_ID:
                                 old_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager,
diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c

index b9b2bb82ecc172dc35c10176b442f86e9a1c98db..d2dffea8bc90007bff2fd6b7e5f71616bddbd2f7 100644 (file)
--- a/src/libcharon/sa/ike_sa.c
+++ b/src/libcharon/sa/ike_sa.c
@@ -2131,7 +2131,8 @@ METHOD(ike_sa_t, destroy, void,
  /*
   * Described in header.
   */
-ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id, ike_version_t version)
+ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id, bool initiator,
+                                                ike_version_t version)
  {
         private_ike_sa_t *this;
         static u_int32_t unique_id = 0;
@@ -2224,7 +2225,7 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id, ike_version_t version)
                 .other_host = host_create_any(AF_INET),
                 .my_id = identification_create_from_encoding(ID_ANY, chunk_empty),
                 .other_id = identification_create_from_encoding(ID_ANY, chunk_empty),
-               .keymat = keymat_create(version, ike_sa_id->is_initiator(ike_sa_id)),
+               .keymat = keymat_create(version, initiator),
                 .state = IKE_CREATED,
                 .stats[STAT_INBOUND] = time_monotonic(NULL),
                 .stats[STAT_OUTBOUND] = time_monotonic(NULL),
diff --git a/src/libcharon/sa/ike_sa.h b/src/libcharon/sa/ike_sa.h

index 21f7c7452c5ce0c2b29084f852d8adb3119e32c2..2708b0be63e0bd0db15e05c74d2edabeda3242bc 100644 (file)
--- a/src/libcharon/sa/ike_sa.h
+++ b/src/libcharon/sa/ike_sa.h
@@ -959,9 +959,11 @@ struct ike_sa_t {
   * Creates an ike_sa_t object with a specific ID and IKE version.
   *
   * @param ike_sa_id            ike_sa_id_t to associate with new IKE_SA/ISAKMP_SA
+ * @param initiator            TRUE to create this IKE_SA as initiator
   * @param version              IKE version of this SA
   * @return                             ike_sa_t object
   */
-ike_sa_t *ike_sa_create(ike_sa_id_t *ike_sa_id, ike_version_t version);
+ike_sa_t *ike_sa_create(ike_sa_id_t *ike_sa_id, bool initiator,
+                                               ike_version_t version);
  
  #endif /** IKE_SA_H_ @}*/
diff --git a/src/libcharon/sa/ike_sa_id.c b/src/libcharon/sa/ike_sa_id.c

index bea4c21249b85960920a4c5e6a32398349362dad..fb73bdd81918e3d30b4922ba1f83e475c2404407 100644 (file)
--- a/src/libcharon/sa/ike_sa_id.c
+++ b/src/libcharon/sa/ike_sa_id.c
@@ -77,18 +77,8 @@ METHOD(ike_sa_id_t, equals, bool,
         {
                 return FALSE;
         }
-       if ((this->is_initiator_flag == other->is_initiator_flag) &&
-               (this->initiator_spi == other->initiator_spi) &&
-               (this->responder_spi == other->responder_spi))
-       {
-               /* private_ike_sa_id's are equal */
-               return TRUE;
-       }
-       else
-       {
-               /* private_ike_sa_id's are not equal */
-               return FALSE;
-       }
+       return this->initiator_spi == other->initiator_spi &&
+                  this->responder_spi == other->responder_spi;
  }
  
  METHOD(ike_sa_id_t, replace_values, void,
diff --git a/src/libcharon/sa/ike_sa_manager.c b/src/libcharon/sa/ike_sa_manager.c

index 556459064498ae593155173c60dd473b91e3db10..ffbc2ec3b3791557eef09929e8d2e6685c0915a8 100644 (file)
--- a/src/libcharon/sa/ike_sa_manager.c
+++ b/src/libcharon/sa/ike_sa_manager.c
@@ -163,7 +163,6 @@ static entry_t *entry_create()
  static bool entry_match_by_hash(entry_t *entry, ike_sa_id_t *id, chunk_t *hash)
  {
         return id->get_responder_spi(id) == 0 &&
-               id->is_initiator(id) == entry->ike_sa_id->is_initiator(entry->ike_sa_id) &&
                 id->get_initiator_spi(id) == entry->ike_sa_id->get_initiator_spi(entry->ike_sa_id) &&
                 chunk_equals(*hash, entry->init_hash);
  }
@@ -179,7 +178,6 @@ static bool entry_match_by_id(entry_t *entry, ike_sa_id_t *id)
         }
         if ((id->get_responder_spi(id) == 0 ||
                  entry->ike_sa_id->get_responder_spi(entry->ike_sa_id) == 0) &&
-               id->is_initiator(id) == entry->ike_sa_id->is_initiator(entry->ike_sa_id) &&
                 id->get_initiator_spi(id) == entry->ike_sa_id->get_initiator_spi(entry->ike_sa_id))
         {
                 /* this is TRUE for IKE_SAs that we initiated but have not yet received a response */
@@ -954,7 +952,7 @@ METHOD(ike_sa_manager_t, checkout_new, ike_sa_t*,
         {
                 ike_sa_id = ike_sa_id_create(0, get_spi(this), FALSE);
         }
-       ike_sa = ike_sa_create(ike_sa_id, version);
+       ike_sa = ike_sa_create(ike_sa_id, initiator, version);
         ike_sa_id->destroy(ike_sa_id);
  
         DBG2(DBG_MGR, "created IKE_SA %s[%u]", ike_sa->get_name(ike_sa),
@@ -1036,7 +1034,8 @@ METHOD(ike_sa_manager_t, checkout_by_message, ike_sa_t*,
                         /* no IKE_SA found, create a new one */
                         id->set_responder_spi(id, get_spi(this));
                         entry = entry_create();
-                       entry->ike_sa = ike_sa_create(id, ike_version);
+                       /* a new SA checked out by message is a responder SA */
+                       entry->ike_sa = ike_sa_create(id, FALSE, ike_version);
                         entry->ike_sa_id = id->clone(id);
  
                         segment = put_entry(this, entry);
author	Martin Willi <martin@revosec.ch>
	Mon, 21 Nov 2011 16:18:43 +0000 (17:18 +0100)
committer	Martin Willi <martin@revosec.ch>
	Tue, 20 Mar 2012 16:30:47 +0000 (17:30 +0100)
src/libcharon/plugins/ha/ha_dispatcher.c		patch \| blob \| blame \| history
src/libcharon/sa/ike_sa.c		patch \| blob \| blame \| history
src/libcharon/sa/ike_sa.h		patch \| blob \| blame \| history
src/libcharon/sa/ike_sa_id.c		patch \| blob \| blame \| history
src/libcharon/sa/ike_sa_manager.c		patch \| blob \| blame \| history