sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-08 00:02:03 -04:00
Code Issues Projects Releases Wiki Activity

child-create: Trigger NARROW_RESPONDER_POST hook before installing SAs

Browse Source 
This makes sure we use the same set of traffic selectors when installing
the SAs and installing the policies.
This commit is contained in:
Tobias Brunner 2017-03-01 12:34:22 +01:00
parent 4cc77142e0
commit b00bcb9add
1 changed files with 21 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
src/libcharon/sa/ikev2/tasks/child_create.c
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (C) 2008-2016 Tobias Brunner * Copyright (C) 2008-2017 Tobias Brunner
* Copyright (C) 2005-2008 Martin Willi * Copyright (C) 2005-2008 Martin Willi
* Copyright (C) 2005 Jan Hutter * Copyright (C) 2005 Jan Hutter
* HSR Hochschule fuer Technik Rapperswil * HSR Hochschule fuer Technik Rapperswil
@ -630,6 +630,23 @@ static status_t select_and_install(private_child_create_t *this,
default: default:
break; break;
} }
/* use a copy of the traffic selectors, as the POST hook should not
* change payloads */
my_ts = this->tsr->clone_offset(this->tsr,
offsetof(traffic_selector_t, clone));
other_ts = this->tsi->clone_offset(this->tsi,
offsetof(traffic_selector_t, clone));
charon->bus->narrow(charon->bus, this->child_sa,
NARROW_RESPONDER_POST, my_ts, other_ts);
if (my_ts->get_count(my_ts) == 0 || other_ts->get_count(other_ts) == 0)
{
my_ts->destroy_offset(my_ts,
offsetof(traffic_selector_t, destroy));
other_ts->destroy_offset(other_ts,
offsetof(traffic_selector_t, destroy));
return NOT_FOUND;
}
} }
this->child_sa->set_state(this->child_sa, CHILD_INSTALLING); this->child_sa->set_state(this->child_sa, CHILD_INSTALLING);
@ -679,31 +696,10 @@ static status_t select_and_install(private_child_create_t *this,
} }
else else
{ {
if (this->initiator) status = this->child_sa->add_policies(this->child_sa, my_ts, other_ts);
if (!this->initiator)
{ {
status = this->child_sa->add_policies(this->child_sa,
my_ts, other_ts);
}
else
{
/* use a copy of the traffic selectors, as the POST hook should not
* change payloads */
my_ts = this->tsr->clone_offset(this->tsr,
offsetof(traffic_selector_t, clone));
other_ts = this->tsi->clone_offset(this->tsi,
offsetof(traffic_selector_t, clone));
charon->bus->narrow(charon->bus, this->child_sa,
NARROW_RESPONDER_POST, my_ts, other_ts);
if (my_ts->get_count(my_ts) == 0 ||
other_ts->get_count(other_ts) == 0)
{
status = FAILED;
}
else
{
status = this->child_sa->add_policies(this->child_sa,
my_ts, other_ts);
}
my_ts->destroy_offset(my_ts, my_ts->destroy_offset(my_ts,
offsetof(traffic_selector_t, destroy)); offsetof(traffic_selector_t, destroy));
other_ts->destroy_offset(other_ts, other_ts->destroy_offset(other_ts,