Add ike_reestablish() event that is triggered when an IKE_SA is reestablished

This is particularly useful during reauthentication to get the new
IKE_SA.

diff --git a/src/libcharon/bus/bus.c b/src/libcharon/bus/bus.c
index e46559f9787642f11b22f990ab85382bbd107c9c..1f9592e6ecffa20d8ba3e8c1e807ac2a7849ab41 100644 (file)
--- a/src/libcharon/bus/bus.c
+++ b/src/libcharon/bus/bus.c
@@ -659,6 +659,33 @@ METHOD(bus_t, ike_rekey, void,
        this->mutex->unlock(this->mutex);
 }
 
+METHOD(bus_t, ike_reestablish, void,
+       private_bus_t *this, ike_sa_t *old, ike_sa_t *new)
+{
+       enumerator_t *enumerator;
+       entry_t *entry;
+       bool keep;
+
+       this->mutex->lock(this->mutex);
+       enumerator = this->listeners->create_enumerator(this->listeners);
+       while (enumerator->enumerate(enumerator, &entry))
+       {
+               if (entry->calling || !entry->listener->ike_reestablish)
+               {
+                       continue;
+               }
+               entry->calling++;
+               keep = entry->listener->ike_reestablish(entry->listener, old, new);
+               entry->calling--;
+               if (!keep)
+               {
+                       unregister_listener(this, entry, enumerator);
+               }
+       }
+       enumerator->destroy(enumerator);
+       this->mutex->unlock(this->mutex);
+}
+
 METHOD(bus_t, authorize, bool,
        private_bus_t *this, bool final)
 {
@@ -770,6 +797,7 @@ bus_t *bus_create()
                        .child_keys = _child_keys,
                        .ike_updown = _ike_updown,
                        .ike_rekey = _ike_rekey,
+                       .ike_reestablish = _ike_reestablish,
                        .child_updown = _child_updown,
                        .child_rekey = _child_rekey,
                        .authorize = _authorize,

diff --git a/src/libcharon/bus/bus.h b/src/libcharon/bus/bus.h
index f9c4394dbce432aa400c81c2ce41495fc5d3f759..9f820e62ffa9fa9cfa63bbf3c34d0308b38d25e5 100644 (file)
--- a/src/libcharon/bus/bus.h
+++ b/src/libcharon/bus/bus.h
@@ -317,6 +317,14 @@ struct bus_t {
         */
        void (*ike_rekey)(bus_t *this, ike_sa_t *old, ike_sa_t *new);
 
+       /**
+        * IKE_SA reestablishing hook.
+        *
+        * @param old           reestablished and obsolete IKE_SA
+        * @param new           new IKE_SA replacing old
+        */
+       void (*ike_reestablish)(bus_t *this, ike_sa_t *old, ike_sa_t *new);
+
        /**
         * CHILD_SA up/down hook.
         *

diff --git a/src/libcharon/bus/listeners/listener.h b/src/libcharon/bus/listeners/listener.h
index 703e85289745878aa18f275281070d8bd1cee026..782289302a3a94603b91e41ec8fcfeda5ce19606 100644 (file)
--- a/src/libcharon/bus/listeners/listener.h
+++ b/src/libcharon/bus/listeners/listener.h
@@ -126,6 +126,18 @@ struct listener_t {
         */
        bool (*ike_rekey)(listener_t *this, ike_sa_t *old, ike_sa_t *new);
 
+       /**
+        * Hook called when an initiator reestablishes an IKE_SA.
+        *
+        * This is invoked right before the new IKE_SA is checked in after
+        * initiating it.  It is not invoked on the responder.
+        *
+        * @param old           IKE_SA getting reestablished (is destroyed)
+        * @param new           new IKE_SA replacing old (gets established)
+        * @return                      TRUE to stay registered, FALSE to unregister
+        */
+       bool (*ike_reestablish)(listener_t *this, ike_sa_t *old, ike_sa_t *new);
+
        /**
         * Hook called when a CHILD_SA gets up or down.
         *

diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c
index e795d01bfc85d4fe25717e25b461338e4a760a00..e141380d2b7eb74f9964f5b9a52f50e45326ffd6 100644 (file)
--- a/src/libcharon/sa/ike_sa.c
+++ b/src/libcharon/sa/ike_sa.c
@@ -1659,6 +1659,7 @@ METHOD(ike_sa_t, reestablish, status_t,
        }
        else
        {
+               charon->bus->ike_reestablish(charon->bus, &this->public, new);
                charon->ike_sa_manager->checkin(charon->ike_sa_manager, new);
                status = SUCCESS;
        }