]> git.ipfire.org Git - thirdparty/strongswan.git/commitdiff
projects / thirdparty / strongswan.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 5dd9c30)
Raise alerts when enforcing IKE_SA unique policy
authorMartin Willi <martin@revosec.ch>
Tue, 6 Nov 2012 10:19:52 +0000 (11:19 +0100)
committerMartin Willi <martin@revosec.ch>
Wed, 19 Dec 2012 09:40:32 +0000 (10:40 +0100)
src/libcharon/bus/bus.h patch | blob | blame | history
src/libcharon/plugins/duplicheck/duplicheck_listener.c patch | blob | blame | history
src/libcharon/sa/ike_sa_manager.c patch | blob | blame | history
src/libcharon/sa/ikev2/tasks/ike_auth.c patch | blob | blame | history

diff --git a/src/libcharon/bus/bus.h b/src/libcharon/bus/bus.h
index 4cb4ba343c690ea8ffe2cbe35abe4bc06ac68036..4b6d3ec8bfcc4931af31254740be554eb789bea3 100644 (file)
--- a/src/libcharon/bus/bus.h
+++ b/src/libcharon/bus/bus.h
@@ -111,6 +111,10 @@ enum alert_t {
        ALERT_PROPOSAL_MISMATCH_IKE,
        /** CHILD proposals do not match, argument is linked_list_t of proposal_t */
        ALERT_PROPOSAL_MISMATCH_CHILD,
+       /** IKE_SA deleted because of "replace" unique policy, no argument */
+       ALERT_UNIQUE_REPLACE,
+       /** IKE_SA deleted because of "keep" unique policy, no arguement */
+       ALERT_UNIQUE_KEEP,
 };
 
 /**
diff --git a/src/libcharon/plugins/duplicheck/duplicheck_listener.c b/src/libcharon/plugins/duplicheck/duplicheck_listener.c
index 7c6c13786c6d1e05c44e6ceb64ebfa1a15e122a5..1b0df1e8b3bd87e133f86a26d9e07fd702f49349 100644 (file)
--- a/src/libcharon/plugins/duplicheck/duplicheck_listener.c
+++ b/src/libcharon/plugins/duplicheck/duplicheck_listener.c
@@ -191,6 +191,7 @@ METHOD(listener_t, message_hook, bool,
                {
                        DBG1(DBG_CFG, "got a response on a duplicate IKE_SA for '%Y', "
                                 "deleting new IKE_SA", id);
+                       charon->bus->alert(charon->bus, ALERT_UNIQUE_KEEP);
                        entry_destroy(entry);
                        this->mutex->lock(this->mutex);
                        entry = this->active->remove(this->active, id);
diff --git a/src/libcharon/sa/ike_sa_manager.c b/src/libcharon/sa/ike_sa_manager.c
index 5c126362b37ebe1b4a11578ba758e6b5232a74af..031c632eb6886922ffabb7940927bf3a9e58a143 100644 (file)
--- a/src/libcharon/sa/ike_sa_manager.c
+++ b/src/libcharon/sa/ike_sa_manager.c
@@ -1769,6 +1769,7 @@ METHOD(ike_sa_manager_t, check_uniqueness, bool,
                                        switch (policy)
                                        {
                                                case UNIQUE_REPLACE:
+                                                       charon->bus->alert(charon->bus, ALERT_UNIQUE_REPLACE);
                                                        DBG1(DBG_IKE, "deleting duplicate IKE_SA for peer "
                                                                        "'%Y' due to uniqueness policy", other);
                                                        status = duplicate->delete(duplicate);
diff --git a/src/libcharon/sa/ikev2/tasks/ike_auth.c b/src/libcharon/sa/ikev2/tasks/ike_auth.c
index 432edc3bcd9c2b48e904a151630784a01581cab9..70efcd7af30d64ab674628906209ffc27291d727 100644 (file)
--- a/src/libcharon/sa/ikev2/tasks/ike_auth.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_auth.c
@@ -807,6 +807,7 @@ METHOD(task_t, build_r, status_t,
                                                                                                         this->ike_sa, FALSE))
                {
                        DBG1(DBG_IKE, "cancelling IKE_SA setup due to uniqueness policy");
+                       charon->bus->alert(charon->bus, ALERT_UNIQUE_KEEP);
                        message->add_notify(message, TRUE, AUTHENTICATION_FAILED,
                                                                chunk_empty);
                        return FAILED;
Unnamed repository; edit this file 'description' to name the repository.