'Re: [strongSwan-dev] [PATCH 0/5] Recover IKE_SA reset after'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       strongswan-announce
Subject:    Re: [strongSwan-dev] [PATCH 0/5] Recover IKE_SA reset after
From:       Martin Willi <martin () strongswan ! org>
Date:       2010-06-30 11:51:35
Message-ID: 1277898695.1840.37.camel () martin
[Download RAW message or body]

> We'll need a better check there...

The best solution is probably to check for the IKE_INIT task directly,
and recreate it along with the related tasks.

I'll push the attached patch if this works for you.

Thanks!
Martin

["0001-Recreate-IKE_SA_INIT-related-tasks-only-if-they-have.patch" (0001-Recreate-IKE_SA_INIT-related-tasks-only-if-they-have.patch)]

>From 02571374c43e70275492edde8fe14dab25db0fdf Mon Sep 17 00:00:00 2001
From: Martin Willi <martin@revosec.ch>
Date: Wed, 30 Jun 2010 13:48:47 +0200
Subject: [PATCH] Recreate IKE_SA_INIT related tasks only if they have completed

---
 src/libcharon/sa/ike_sa.c |   46 ++++++++++++++++++++++++++++++++++----------
 1 files changed, 35 insertions(+), 11 deletions(-)

diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c
index 8b44fd9..7536662 100644
--- a/src/libcharon/sa/ike_sa.c
+++ b/src/libcharon/sa/ike_sa.c
@@ -1613,6 +1613,40 @@ METHOD(ike_sa_t, reestablish, status_t,
 	return status;
 }
 
+/**
+ * Requeue the IKE_SA_INIT tasks for initiation, if required
+ */
+static void requeue_init_tasks(private_ike_sa_t *this)
+{
+	enumerator_t *enumerator;
+	bool has_init = FALSE;
+	task_t *task;
+
+	/* if we have advanced to IKE_AUTH, the IKE_INIT and related tasks
+	 * have already completed. Recreate them if necessary. */
+	enumerator = this->task_manager->create_task_enumerator(
+										this->task_manager, TASK_QUEUE_QUEUED);
+	while (enumerator->enumerate(enumerator, &task))
+	{
+		if (task->get_type(task) == IKE_INIT)
+		{
+			has_init = TRUE;
+			break;
+		}
+	}
+	enumerator->destroy(enumerator);
+
+	if (!has_init)
+	{
+		task = (task_t*)ike_vendor_create(&this->public, TRUE);
+		this->task_manager->queue_task(this->task_manager, task);
+		task = (task_t*)ike_natd_create(&this->public, TRUE);
+		this->task_manager->queue_task(this->task_manager, task);
+		task = (task_t*)ike_init_create(&this->public, TRUE, NULL);
+		this->task_manager->queue_task(this->task_manager, task);
+	}
+}
+
 METHOD(ike_sa_t, retransmit, status_t,
 	private_ike_sa_t *this, u_int32_t message_id)
 {
@@ -1632,17 +1666,7 @@ METHOD(ike_sa_t, retransmit, status_t,
 					DBG1(DBG_IKE, "peer not responding, trying again (%d/%d)",
 						 this->keyingtry + 1, tries);
 					reset(this);
-					if (this->stats[STAT_INBOUND])
-					{	/* IKE_INIT already completed, recreate associated tasks */
-						task_t *task;
-
-						task = (task_t*)ike_vendor_create(&this->public, TRUE);
-						this->task_manager->queue_task(this->task_manager, task);
-						task = (task_t*)ike_natd_create(&this->public, TRUE);
-						this->task_manager->queue_task(this->task_manager, task);
-						task = (task_t*)ike_init_create(&this->public, TRUE, NULL);
-						this->task_manager->queue_task(this->task_manager, task);
-					}
+					requeue_init_tasks(this);
 					return this->task_manager->initiate(this->task_manager);
 				}
 				DBG1(DBG_IKE, "establishing IKE_SA failed, peer not responding");
-- 
1.7.0.4



_______________________________________________
Dev mailing list
Dev@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/dev

[prev in list] [next in list] [prev in thread] [next in thread] 
