[strongSwan-dev] destroy callback_job in strongswan

Baal Su baaltommysu at gmail.com
Mon Sep 14 10:45:11 CEST 2015


Hi all, 

	I apologize if I posted a stupid question. 

	I am right now working on a charon plugin hooks to listener_t with type ‘authorize’, it allows the strongswan client to install the IKE_SA and its Child_SAs only after the plugin’s return result is TRUE. The plugin is very simple, it sends a http request to an external server during the first authentication phase, and then it creates a callback job which is running in the background, sending the same http requests continuously to the external server. Once the returned result is FALSE, the plugin kills the IKE_SA based on its IKE_SA_ID. 

	Everything works perfectly until I notice that if the strongswan client and server re-authenticate each other, this solution does not work because the IKE_SA_ID will increase but the IKE_SA_ID in the callback job is not updated and if the http request returns FALSE, the plugin will kill the ipsec connection with IKE_SA_ID equals to 1, which is the id of the first ipsec connection. 

	In this case, I am curious if there is a way to destroy the callback job created in the ipsec connection first authentication phase? Or if there is some other way to terminate the ipsec connection besides basing on the IKE_SA_ID?

Thank you very much and best wishes!
Tao


More information about the Dev mailing list