Hello Guys,<br><br>I'm working with the High Availability plugin and its new features. I have some questions regarding the code.<br>I did notice that the HA Plugin has different listeners in order to synchronize the SA's: "ike_rekeys", "ike_updown", "ike_rekey", "ike_state_change" and "message_hook". <br>
<br>By the way, I see that "ike_updown" listener checks if a connection is being set to UP or DOWN through the command line as for example:<br><br> > sudo ipsec up "connection-name"<br>
<br>What I don't get is why the tag of this message.type is HA_IKE_UPDATE instead of HA_IKE_ADD ? <br><br>I mean, once you initiate a new connection, I would be more familiar with HA_IKE_ADD instead of HA_IKE_UPDATE, because once we get a connection-name up and established, It should be a new SA to synchronize for HA-PLUGIN, isn't?. Maybe I'm simply getting the idea wrong with the names of the messages (types)?<br>
<br>In the other hand, I don't get why a HA_IKE_ADD synchronization type message would be generated from a "ike_keys" listener? Could someone help me on this? <br><br>Hope I've been clear concerning these doubts!<br>
<br>I'm working in a Thesis concerning the study of mechanisms to assure the connectivity through IKEv2/IPsec context. So I'm working on the transfer of a Security Association from one node to another, for achieving this I'm taking ideas from the ha_plugin of course. <br>
My goal is not to synchronize every SA on a cluster but to take a SA whenever I want and then been able to install it anywhere else. <br><br>Having a look at "ha_ike.c" , the METHODS <b>ike_keys</b> and <b>ike_updown</b> describe how to create both HA_IKE_ADD and HA_IKE_UPDATE. <br>
Then, when I had a look at "ha_dispatcher.c" I realized as well that the message.type=HA_IKE_ADD generates a totally new IKE_SA, and message.type=HA_IKE_UPDATE just update the information of a previously checked_out IKE_SA.<br>
<br>Thanks for your help in advance, <br><br>PS: in order to install a new IKE_SA, I saw the <b>process_ike_add()</b> function in "ha_dispatcher.c" which is quite clear.<br> <br>Daniel Palomares Velásquez<br>
Orange Labs de France Télécom<br>
Doctorate Student<br><br>