[strongSwan-dev] question for the deletion of ike/child sa

Sun, 12 Jul 2015 17:25:31 -0700 

I found one different thing between deletion of ikesa and childsa in
StrongSwan v5.3.1 like below

Comparing with childsa, Is there any reason for missing recreation of
ikesa?(refer to yellow blocks)



src/libcharon/sa/ikev2/tasks/ike_delete.c

METHOD(task_t, build_i, status_t,

    private_ike_delete_t *this, message_t *message)

{

    delete_payload_t *delete_payload;



    DBG0(DBG_IKE, "deleting IKE_SA %s[%d] between %H[%Y]...%H[%Y]",

         this->ike_sa->get_name(this->ike_sa),

         this->ike_sa->get_unique_id(this->ike_sa),

         this->ike_sa->get_my_host(this->ike_sa),

         this->ike_sa->get_my_id(this->ike_sa),

         this->ike_sa->get_other_host(this->ike_sa),

         this->ike_sa->get_other_id(this->ike_sa));



    delete_payload = delete_payload_create(PLV2_DELETE, PROTO_IKE);

    message->add_payload(message, (payload_t*)delete_payload);



    if (this->ike_sa->get_state(this->ike_sa) == IKE_REKEYING)

    {

        this->rekeyed = TRUE;

    }

    this->ike_sa->set_state(this->ike_sa, IKE_DELETING);



    DBG1(DBG_IKE, "sending DELETE for IKE_SA %s[%d]",

         this->ike_sa->get_name(this->ike_sa),

         this->ike_sa->get_unique_id(this->ike_sa));



    return NEED_MORE;

}



src/libcharon/sa/ikev2/tasks/child_delete.c

METHOD(task_t, build_i, status_t,

    private_child_delete_t *this, message_t *message)

{

    child_sa_t *child_sa;



    child_sa = this->ike_sa->get_child_sa(this->ike_sa, this->protocol,

                                          this->spi, TRUE);

    if (!child_sa)

    {   /* check if it is an outbound sa */

        child_sa = this->ike_sa->get_child_sa(this->ike_sa, this->protocol,

                                              this->spi, FALSE);

        if (!child_sa)

        {   /* child does not exist anymore */

            return SUCCESS;

        }

        /* we work only with the inbound SPI */

        this->spi = child_sa->get_spi(child_sa, TRUE);

    }

    this->child_sas->insert_last(this->child_sas, child_sa);

    if (child_sa->get_state(child_sa) == CHILD_REKEYING)

    {

        this->rekeyed = TRUE;

    }

    log_children(this);

    build_payloads(this, message);



    if (!this->rekeyed && this->expired)

    {

        child_cfg_t *child_cfg;



        DBG1(DBG_IKE, "scheduling CHILD_SA recreate after hard expire");

        child_cfg = child_sa->get_config(child_sa);

        this->ike_sa->queue_task(this->ike_sa, (task_t*)

                child_create_create(this->ike_sa,
child_cfg->get_ref(child_cfg),

                                    FALSE, NULL, NULL));

    }

    return NEED_MORE;

}

_______________________________________________
Dev mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/dev

Reply via email to