Hi all,
I apologize if I posted a stupid question.
I am right now working on a charon plugin hooks to listener_t with type
‘authorize’, it allows the strongswan client to install the IKE_SA and its
Child_SAs only after the plugin’s return result is TRUE. The plugin is very
simple, it sends a http request to an external server during the first
authentication phase, and then it creates a callback job which is running in
the background, sending the same http requests continuously to the external
server. Once the returned result is FALSE, the plugin kills the IKE_SA based on
its IKE_SA_ID.
Everything works perfectly until I notice that if the strongswan client
and server re-authenticate each other, this solution does not work because the
IKE_SA_ID will increase but the IKE_SA_ID in the callback job is not updated
and if the http request returns FALSE, the plugin will kill the ipsec
connection with IKE_SA_ID equals to 1, which is the id of the first ipsec
connection.
In this case, I am curious if there is a way to destroy the callback
job created in the ipsec connection first authentication phase? Or if there is
some other way to terminate the ipsec connection besides basing on the
IKE_SA_ID?
Thank you very much and best wishes!
Tao
_______________________________________________
Dev mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/dev
