From: Martin Willi Date: Tue, 6 Nov 2012 10:19:52 +0000 (+0100) Subject: Raise alerts when enforcing IKE_SA unique policy X-Git-Tag: 5.0.2dr4~48 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c794455666de13ee5bb679e23336f5ac7395a8eb;p=thirdparty%2Fstrongswan.git Raise alerts when enforcing IKE_SA unique policy --- diff --git a/src/libcharon/bus/bus.h b/src/libcharon/bus/bus.h index 4cb4ba343c..4b6d3ec8bf 100644 --- a/src/libcharon/bus/bus.h +++ b/src/libcharon/bus/bus.h @@ -111,6 +111,10 @@ enum alert_t { ALERT_PROPOSAL_MISMATCH_IKE, /** CHILD proposals do not match, argument is linked_list_t of proposal_t */ ALERT_PROPOSAL_MISMATCH_CHILD, + /** IKE_SA deleted because of "replace" unique policy, no argument */ + ALERT_UNIQUE_REPLACE, + /** IKE_SA deleted because of "keep" unique policy, no arguement */ + ALERT_UNIQUE_KEEP, }; /** diff --git a/src/libcharon/plugins/duplicheck/duplicheck_listener.c b/src/libcharon/plugins/duplicheck/duplicheck_listener.c index 7c6c13786c..1b0df1e8b3 100644 --- a/src/libcharon/plugins/duplicheck/duplicheck_listener.c +++ b/src/libcharon/plugins/duplicheck/duplicheck_listener.c @@ -191,6 +191,7 @@ METHOD(listener_t, message_hook, bool, { DBG1(DBG_CFG, "got a response on a duplicate IKE_SA for '%Y', " "deleting new IKE_SA", id); + charon->bus->alert(charon->bus, ALERT_UNIQUE_KEEP); entry_destroy(entry); this->mutex->lock(this->mutex); entry = this->active->remove(this->active, id); diff --git a/src/libcharon/sa/ike_sa_manager.c b/src/libcharon/sa/ike_sa_manager.c index 5c126362b3..031c632eb6 100644 --- a/src/libcharon/sa/ike_sa_manager.c +++ b/src/libcharon/sa/ike_sa_manager.c @@ -1769,6 +1769,7 @@ METHOD(ike_sa_manager_t, check_uniqueness, bool, switch (policy) { case UNIQUE_REPLACE: + charon->bus->alert(charon->bus, ALERT_UNIQUE_REPLACE); DBG1(DBG_IKE, "deleting duplicate IKE_SA for peer " "'%Y' due to uniqueness policy", other); status = duplicate->delete(duplicate); diff --git a/src/libcharon/sa/ikev2/tasks/ike_auth.c b/src/libcharon/sa/ikev2/tasks/ike_auth.c index 432edc3bcd..70efcd7af3 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_auth.c +++ b/src/libcharon/sa/ikev2/tasks/ike_auth.c @@ -807,6 +807,7 @@ METHOD(task_t, build_r, status_t, this->ike_sa, FALSE)) { DBG1(DBG_IKE, "cancelling IKE_SA setup due to uniqueness policy"); + charon->bus->alert(charon->bus, ALERT_UNIQUE_KEEP); message->add_notify(message, TRUE, AUTHENTICATION_FAILED, chunk_empty); return FAILED;