summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--sbin/iked/ikev2.c70
1 files changed, 34 insertions, 36 deletions
diff --git a/sbin/iked/ikev2.c b/sbin/iked/ikev2.c
index c19540fe0a4..829615b9331 100644
--- a/sbin/iked/ikev2.c
+++ b/sbin/iked/ikev2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ikev2.c,v 1.165 2017/12/23 10:30:54 patrick Exp $ */
+/* $OpenBSD: ikev2.c,v 1.166 2018/03/05 14:30:30 patrick Exp $ */
/*
* Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org>
@@ -68,6 +68,9 @@ int ikev2_init_ike_auth(struct iked *, struct iked_sa *);
int ikev2_init_auth(struct iked *, struct iked_message *);
int ikev2_init_done(struct iked *, struct iked_sa *);
+void ikev2_enable_timer(struct iked *, struct iked_sa *);
+void ikev2_disable_timer(struct iked *, struct iked_sa *);
+
void ikev2_resp_recv(struct iked *, struct iked_message *,
struct ike_header *);
int ikev2_resp_ike_sa_init(struct iked *, struct iked_message *);
@@ -189,9 +192,8 @@ ikev2_dispatch_parent(int fd, struct privsep_proc *p, struct imsg *imsg)
case IMSG_CTL_PASSIVE:
if (config_getmode(env, imsg->hdr.type) == -1)
return (0); /* ignore error */
- if (env->sc_passive)
- timer_del(env, &env->sc_inittmr);
- else {
+ timer_del(env, &env->sc_inittmr);
+ if (!env->sc_passive) {
timer_set(env, &env->sc_inittmr, ikev2_init_ike_sa,
NULL);
timer_add(env, &env->sc_inittmr,
@@ -1210,6 +1212,28 @@ ikev2_init_ike_auth(struct iked *env, struct iked_sa *sa)
return (ret);
}
+void
+ikev2_enable_timer(struct iked *env, struct iked_sa *sa)
+{
+ timer_set(env, &sa->sa_timer, ikev2_ike_sa_alive, sa);
+ timer_add(env, &sa->sa_timer, IKED_IKE_SA_ALIVE_TIMEOUT);
+ timer_set(env, &sa->sa_keepalive, ikev2_ike_sa_keepalive, sa);
+ if (sa->sa_usekeepalive)
+ timer_add(env, &sa->sa_keepalive,
+ IKED_IKE_SA_KEEPALIVE_TIMEOUT);
+ timer_set(env, &sa->sa_rekey, ikev2_ike_sa_rekey, sa);
+ if (sa->sa_policy->pol_rekey)
+ ikev2_ike_sa_rekey_schedule(env, sa);
+}
+
+void
+ikev2_disable_timer(struct iked *env, struct iked_sa *sa)
+{
+ timer_del(env, &sa->sa_timer);
+ timer_del(env, &sa->sa_keepalive);
+ timer_del(env, &sa->sa_rekey);
+}
+
int
ikev2_init_done(struct iked *env, struct iked_sa *sa)
{
@@ -1226,15 +1250,7 @@ ikev2_init_done(struct iked *env, struct iked_sa *sa)
sa_state(env, sa, IKEV2_STATE_ESTABLISHED);
/* Delete exchange timeout. */
timer_del(env, &sa->sa_timer);
- timer_set(env, &sa->sa_timer, ikev2_ike_sa_alive, sa);
- timer_add(env, &sa->sa_timer, IKED_IKE_SA_ALIVE_TIMEOUT);
- timer_set(env, &sa->sa_keepalive, ikev2_ike_sa_keepalive, sa);
- if (sa->sa_usekeepalive)
- timer_add(env, &sa->sa_keepalive,
- IKED_IKE_SA_KEEPALIVE_TIMEOUT);
- timer_set(env, &sa->sa_rekey, ikev2_ike_sa_rekey, sa);
- if (sa->sa_policy->pol_rekey)
- ikev2_ike_sa_rekey_schedule(env, sa);
+ ikev2_enable_timer(env, sa);
}
if (ret)
@@ -2751,15 +2767,7 @@ ikev2_resp_ike_auth(struct iked *env, struct iked_sa *sa)
sa_state(env, sa, IKEV2_STATE_ESTABLISHED);
/* Delete exchange timeout. */
timer_del(env, &sa->sa_timer);
- timer_set(env, &sa->sa_timer, ikev2_ike_sa_alive, sa);
- timer_add(env, &sa->sa_timer, IKED_IKE_SA_ALIVE_TIMEOUT);
- timer_set(env, &sa->sa_keepalive, ikev2_ike_sa_keepalive, sa);
- if (sa->sa_usekeepalive)
- timer_add(env, &sa->sa_keepalive,
- IKED_IKE_SA_KEEPALIVE_TIMEOUT);
- timer_set(env, &sa->sa_rekey, ikev2_ike_sa_rekey, sa);
- if (sa->sa_policy->pol_rekey)
- ikev2_ike_sa_rekey_schedule(env, sa);
+ ikev2_enable_timer(env, sa);
}
done:
@@ -3512,23 +3520,13 @@ ikev2_ikesa_enable(struct iked *env, struct iked_sa *sa, struct iked_sa *nsa)
log_debug("%s: activating new IKE SA", __func__);
sa_state(env, nsa, IKEV2_STATE_ESTABLISHED);
- timer_set(env, &nsa->sa_timer, ikev2_ike_sa_alive, nsa);
- timer_add(env, &nsa->sa_timer, IKED_IKE_SA_ALIVE_TIMEOUT);
- timer_set(env, &nsa->sa_keepalive, ikev2_ike_sa_keepalive, nsa);
- if (nsa->sa_usekeepalive)
- timer_add(env, &nsa->sa_keepalive,
- IKED_IKE_SA_KEEPALIVE_TIMEOUT);
- timer_set(env, &nsa->sa_rekey, ikev2_ike_sa_rekey, nsa);
- if (nsa->sa_policy->pol_rekey)
- ikev2_ike_sa_rekey_schedule(env, nsa);
+ ikev2_enable_timer(env, nsa);
+
nsa->sa_stateflags = nsa->sa_statevalid; /* XXX */
/* unregister DPD keep alive timer & rekey first */
- if (sa->sa_state == IKEV2_STATE_ESTABLISHED) {
- timer_del(env, &sa->sa_rekey);
- timer_del(env, &sa->sa_keepalive);
- timer_del(env, &sa->sa_timer);
- }
+ if (sa->sa_state == IKEV2_STATE_ESTABLISHED)
+ ikev2_disable_timer(env, sa);
ikev2_ikesa_delete(env, sa, nsa->sa_hdr.sh_initiator);
return (0);
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.