amin/strongswan: upstream patch for applying limits to initiated connections

author: Timo Teräs <timo.teras@iki.fi> 2015-07-17 11:55:55 +0300
committer: Timo Teräs <timo.teras@iki.fi> 2015-07-17 11:57:00 +0300
commit: 6f2ac56727056f7ba7c55640459e40bbb1f17ef6 (patch)
tree: f3a10eed7ccd10552b1dbf475e4edcb856468f6b /main/strongswan/1001-charon-add-optional-source-and-remote-overrides-for-.patch
parent: 562d4b1c781fc780fa893878ea3a6b850d6dbddb (diff)
download: aports-6f2ac56727056f7ba7c55640459e40bbb1f17ef6.tar.bz2
aports-6f2ac56727056f7ba7c55640459e40bbb1f17ef6.tar.xz
1 files changed, 50 insertions, 45 deletions
diff --git a/main/strongswan/1001-charon-add-optional-source-and-remote-overrides-for-.patch b/main/strongswan/1001-charon-add-optional-source-and-remote-overrides-for-.patch
index 9bd1030d8..b0c65223a 100644
--- a/main/strongswan/1001-charon-add-optional-source-and-remote-overrides-for-.patch
+++ b/main/strongswan/1001-charon-add-optional-source-and-remote-overrides-for-.patch
@@ -1,8 +1,7 @@
-From 75c546a8000f4ac294710e8d2b972587e14ad229 Mon Sep 17 00:00:00 2001
+From 9afff74c4bd8abadfd248f36cf9f8206928d3dc6 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
 Date: Wed, 27 Aug 2014 16:05:21 +0300
-Subject: [PATCH 1/4] charon: add optional source and remote overrides for
- initiate
+Subject: [PATCH] charon: add optional source and remote overrides for initiate
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
@@ -18,30 +17,30 @@ Signed-off-by: Timo Teräs <timo.teras@iki.fi>
 ---
  src/charon-cmd/cmd/cmd_connection.c                |  2 +-
  src/charon-nm/nm/nm_service.c                      |  2 +-
- src/libcharon/control/controller.c                 | 43 +++++++++++++++-
+ src/libcharon/control/controller.c                 | 43 ++++++++++++++-
  src/libcharon/control/controller.h                 |  3 ++
  src/libcharon/plugins/maemo/maemo_service.c        |  2 +-
  src/libcharon/plugins/stroke/stroke_control.c      |  5 +-
  src/libcharon/plugins/vici/vici_config.c           |  2 +-
- src/libcharon/plugins/vici/vici_control.c          | 58 ++++++++++++++++++---
+ src/libcharon/plugins/vici/vici_control.c          | 63 ++++++++++++++++++----
  src/libcharon/processing/jobs/start_action_job.c   |  2 +-
  src/libcharon/sa/ike_sa.c                          |  4 ++
- src/libcharon/sa/ike_sa_manager.c                  | 60 +++++++++++++++++++---
+ src/libcharon/sa/ike_sa_manager.c                  | 60 ++++++++++++++++++---
  src/libcharon/sa/ike_sa_manager.h                  |  8 ++-
  src/libcharon/sa/trap_manager.c                    |  3 +-
- src/swanctl/commands/initiate.c                    | 40 ++++++++++++++-
- 15 files changed, 210 insertions(+), 26 deletions(-)
+ src/swanctl/commands/initiate.c                    | 40 +++++++++++++-
+ 15 files changed, 213 insertions(+), 28 deletions(-)
 
 diff --git a/src/charon-cmd/cmd/cmd_connection.c b/src/charon-cmd/cmd/cmd_connection.c
-index 2c0b7b9..471b444 100644
+index 0c6a504..dc4eca3 100644
 --- a/src/charon-cmd/cmd/cmd_connection.c
 +++ b/src/charon-cmd/cmd/cmd_connection.c
 @@ -434,7 +434,7 @@ static job_requeue_t initiate(private_cmd_connection_t *this)
  	child_cfg = create_child_cfg(this, peer_cfg);
  
  	if (charon->controller->initiate(charon->controller, peer_cfg, child_cfg,
--									 controller_cb_empty, NULL, 0) != SUCCESS)
-+									 NULL, NULL, controller_cb_empty, NULL, 0) != SUCCESS)
+-								controller_cb_empty, NULL, 0, FALSE) != SUCCESS)
++								NULL, NULL, controller_cb_empty, NULL, 0, FALSE) != SUCCESS)
  	{
  		terminate(pid);
  	}
@@ -59,7 +58,7 @@ index fc7e899..4f4461a 100644
  	{
  		peer_cfg->destroy(peer_cfg);
 diff --git a/src/libcharon/control/controller.c b/src/libcharon/control/controller.c
-index fd8349e..665c2fa 100644
+index 097f5ac..9c3b45b 100644
 --- a/src/libcharon/control/controller.c
 +++ b/src/libcharon/control/controller.c
 @@ -15,6 +15,28 @@
@@ -108,7 +107,7 @@ index fd8349e..665c2fa 100644
  	 * unique ID, used for various methods
  	 */
  	u_int32_t id;
-@@ -350,9 +382,14 @@ METHOD(job_t, initiate_execute, job_requeue_t,
+@@ -355,9 +387,14 @@ METHOD(job_t, initiate_execute, job_requeue_t,
  	ike_sa_t *ike_sa;
  	interface_listener_t *listener = &job->listener;
  	peer_cfg_t *peer_cfg = listener->peer_cfg;
@@ -124,7 +123,7 @@ index fd8349e..665c2fa 100644
  	if (!ike_sa)
  	{
  		listener->child_cfg->destroy(listener->child_cfg);
-@@ -362,6 +399,7 @@ METHOD(job_t, initiate_execute, job_requeue_t,
+@@ -366,6 +403,7 @@ METHOD(job_t, initiate_execute, job_requeue_t,
  		listener_done(listener);
  		return JOB_REQUEUE_NONE;
  	}
@@ -132,25 +131,25 @@ index fd8349e..665c2fa 100644
  	listener->lock->lock(listener->lock);
  	listener->ike_sa = ike_sa;
  	listener->lock->unlock(listener->lock);
-@@ -391,6 +429,7 @@ METHOD(job_t, initiate_execute, job_requeue_t,
+@@ -438,6 +476,7 @@ METHOD(job_t, initiate_execute, job_requeue_t,
  
  METHOD(controller_t, initiate, status_t,
  	private_controller_t *this, peer_cfg_t *peer_cfg, child_cfg_t *child_cfg,
 +	host_t *my_host, host_t *other_host,
- 	controller_cb_t callback, void *param, u_int timeout)
+ 	controller_cb_t callback, void *param, u_int timeout, bool limits)
  {
  	interface_job_t *job;
-@@ -413,6 +452,8 @@ METHOD(controller_t, initiate, status_t,
+@@ -460,6 +499,8 @@ METHOD(controller_t, initiate, status_t,
  			.status = FAILED,
  			.child_cfg = child_cfg,
  			.peer_cfg = peer_cfg,
 +			.my_host = my_host ? my_host->clone(my_host) : NULL,
 +			.other_host = other_host ? other_host->clone(other_host) : NULL,
  			.lock = spinlock_create(),
+ 			.limits = limits,
  		},
- 		.public = {
 diff --git a/src/libcharon/control/controller.h b/src/libcharon/control/controller.h
-index 02f4ebb..e70f2b5 100644
+index 5ffeac5..fb2e787 100644
 --- a/src/libcharon/control/controller.h
 +++ b/src/libcharon/control/controller.h
 @@ -79,6 +79,8 @@ struct controller_t {
@@ -162,14 +161,14 @@ index 02f4ebb..e70f2b5 100644
  	 * @param cb			logging callback
  	 * @param param			parameter to include in each call of cb
  	 * @param timeout		timeout in ms to wait for callbacks, 0 to disable
-@@ -90,6 +92,7 @@ struct controller_t {
+@@ -92,6 +94,7 @@ struct controller_t {
  	 */
  	status_t (*initiate)(controller_t *this,
  						 peer_cfg_t *peer_cfg, child_cfg_t *child_cfg,
 +						 host_t *my_host, host_t *other_host,
- 						 controller_cb_t callback, void *param, u_int timeout);
+ 						 controller_cb_t callback, void *param, u_int timeout,
+ 						 bool limits);
  
- 	/**
 diff --git a/src/libcharon/plugins/maemo/maemo_service.c b/src/libcharon/plugins/maemo/maemo_service.c
 index 2e96f8f..e594a71 100644
 --- a/src/libcharon/plugins/maemo/maemo_service.c
@@ -184,15 +183,15 @@ index 2e96f8f..e594a71 100644
  	{
  		peer_cfg->destroy(peer_cfg);
 diff --git a/src/libcharon/plugins/stroke/stroke_control.c b/src/libcharon/plugins/stroke/stroke_control.c
-index 0084fbf..e5f38b4 100644
+index 0125d17..72c806c 100644
 --- a/src/libcharon/plugins/stroke/stroke_control.c
 +++ b/src/libcharon/plugins/stroke/stroke_control.c
 @@ -109,7 +109,7 @@ static void charon_initiate(private_stroke_control_t *this, peer_cfg_t *peer_cfg
  	if (msg->output_verbosity < 0)
  	{
  		charon->controller->initiate(charon->controller, peer_cfg, child_cfg,
--									 NULL, NULL, 0);
-+									 NULL, NULL, NULL, NULL, 0);
+-									 NULL, NULL, 0, FALSE);
++									 NULL, NULL, NULL, NULL, 0, FALSE);
  	}
  	else
  	{
@@ -203,24 +202,24 @@ index 0084fbf..e5f38b4 100644
 -							peer_cfg, child_cfg, (controller_cb_t)stroke_log,
 +							peer_cfg, child_cfg, NULL, NULL,
 +							(controller_cb_t)stroke_log,
- 							&info, this->timeout);
+ 							&info, this->timeout, FALSE);
  		switch (status)
  		{
 diff --git a/src/libcharon/plugins/vici/vici_config.c b/src/libcharon/plugins/vici/vici_config.c
-index d232599..3c4e3ec 100644
+index dfea2ab..233af4c 100644
 --- a/src/libcharon/plugins/vici/vici_config.c
 +++ b/src/libcharon/plugins/vici/vici_config.c
 @@ -1558,7 +1558,7 @@ static void run_start_action(private_vici_config_t *this, peer_cfg_t *peer_cfg,
  			DBG1(DBG_CFG, "initiating '%s'", child_cfg->get_name(child_cfg));
  			charon->controller->initiate(charon->controller,
  					peer_cfg->get_ref(peer_cfg), child_cfg->get_ref(child_cfg),
--					NULL, NULL, 0);
-+					NULL, NULL, NULL, NULL, 0);
+-					NULL, NULL, 0, FALSE);
++					NULL, NULL, NULL, NULL, 0, FALSE);
  			break;
  		case ACTION_ROUTE:
  			DBG1(DBG_CFG, "installing '%s'", child_cfg->get_name(child_cfg));
 diff --git a/src/libcharon/plugins/vici/vici_control.c b/src/libcharon/plugins/vici/vici_control.c
-index 01d5036..9a58399 100644
+index 88574f8..d37e11f 100644
 --- a/src/libcharon/plugins/vici/vici_control.c
 +++ b/src/libcharon/plugins/vici/vici_control.c
 @@ -13,6 +13,28 @@
@@ -263,11 +262,11 @@ index 01d5036..9a58399 100644
 +	host_t *my_host = NULL, *other_host = NULL;
 +	char *child, *my_host_str, *other_host_str;
  	u_int timeout;
+ 	bool limits;
  	log_info_t log = {
- 		.dispatcher = this->dispatcher,
-@@ -171,31 +195,51 @@ CALLBACK(initiate, vici_message_t*,
- 	child = request->get_str(request, NULL, "child");
+@@ -173,34 +197,55 @@ CALLBACK(initiate, vici_message_t*,
  	timeout = request->get_int(request, 0, "timeout");
+ 	limits = request->get_bool(request, FALSE, "init-limits");
  	log.level = request->get_int(request, 1, "loglevel");
 +	my_host_str = request->get_str(request, NULL, "my-host");
 +	other_host_str = request->get_str(request, NULL, "other-host");
@@ -287,7 +286,7 @@ index 01d5036..9a58399 100644
 +		other_host = host_create_from_string(other_host_str, 0);
 +	}
 +
-+	DBG1(DBG_CFG, "vici initiate '%s', me %H, other %H", child, my_host, other_host);
++	DBG1(DBG_CFG, "vici initiate '%s', me %H, other %H, limits %d", child, my_host, other_host, limits);
  
  	child_cfg = find_child_cfg(child, &peer_cfg);
  	if (!child_cfg)
@@ -296,10 +295,11 @@ index 01d5036..9a58399 100644
 +		msg = send_reply(this, "CHILD_SA config '%s' not found", child);
 +		goto ret;
  	}
- 	switch (charon->controller->initiate(charon->controller,
--				peer_cfg, child_cfg, (controller_cb_t)log_vici, &log, timeout))
+-	switch (charon->controller->initiate(charon->controller, peer_cfg,
+-				child_cfg, (controller_cb_t)log_vici, &log, timeout, limits))
++	switch (charon->controller->initiate(charon->controller,
 +				peer_cfg, child_cfg, my_host, other_host,
-+				(controller_cb_t)log_vici, &log, timeout))
++				(controller_cb_t)log_vici, &log, timeout, limits))
  	{
  		case SUCCESS:
 -			return send_reply(this, NULL);
@@ -310,6 +310,11 @@ index 01d5036..9a58399 100644
 +			msg = send_reply(this, "CHILD_SA '%s' not established after %dms",
  							  child, timeout);
 +			break;
+ 		case INVALID_STATE:
+-			return send_reply(this, "establishing CHILD_SA '%s' not possible "
++			msg = send_reply(this, "establishing CHILD_SA '%s' not possible "
+ 							  "at the moment due to limits", child);
++			break;
  		case FAILED:
  		default:
 -			return send_reply(this, "establishing CHILD_SA '%s' failed", child);
@@ -324,15 +329,15 @@ index 01d5036..9a58399 100644
  
  CALLBACK(terminate, vici_message_t*,
 diff --git a/src/libcharon/processing/jobs/start_action_job.c b/src/libcharon/processing/jobs/start_action_job.c
-index 981473b..fd42f3b 100644
+index 5e88ac2..7043332 100644
 --- a/src/libcharon/processing/jobs/start_action_job.c
 +++ b/src/libcharon/processing/jobs/start_action_job.c
 @@ -61,7 +61,7 @@ METHOD(job_t, execute, job_requeue_t,
  					charon->controller->initiate(charon->controller,
  												 peer_cfg->get_ref(peer_cfg),
  												 child_cfg->get_ref(child_cfg),
--												 NULL, NULL, 0);
-+												 NULL, NULL, NULL, NULL, 0);
+-												 NULL, NULL, 0, FALSE);
++												 NULL, NULL, NULL, NULL, 0, FALSE);
  					break;
  				case ACTION_ROUTE:
  					DBG1(DBG_JOB, "start action: route '%s'", name);
@@ -352,7 +357,7 @@ index 3aafa4c..dcd54a1 100644
  	if (host)
  	{
 diff --git a/src/libcharon/sa/ike_sa_manager.c b/src/libcharon/sa/ike_sa_manager.c
-index 938f784..23d0488 100644
+index 987260d..2f44f7c 100644
 --- a/src/libcharon/sa/ike_sa_manager.c
 +++ b/src/libcharon/sa/ike_sa_manager.c
 @@ -16,6 +16,28 @@
@@ -384,7 +389,7 @@ index 938f784..23d0488 100644
  #include <string.h>
  
  #include "ike_sa_manager.h"
-@@ -1328,16 +1350,28 @@ METHOD(ike_sa_manager_t, checkout_by_message, ike_sa_t*,
+@@ -1335,16 +1357,28 @@ METHOD(ike_sa_manager_t, checkout_by_message, ike_sa_t*,
  }
  
  METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*,
@@ -416,7 +421,7 @@ index 938f784..23d0488 100644
  
  	if (!this->reuse_ikesa)
  	{	/* IKE_SA reuse disable by config */
-@@ -1358,14 +1392,24 @@ METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*,
+@@ -1365,14 +1399,24 @@ METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*,
  			continue;
  		}
  
@@ -443,7 +448,7 @@ index 938f784..23d0488 100644
  				DBG2(DBG_MGR, "found existing IKE_SA %u with a '%s' config",
  						ike_sa->get_unique_id(ike_sa),
  						current_peer->get_name(current_peer));
-@@ -1375,9 +1419,13 @@ METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*,
+@@ -1382,9 +1426,13 @@ METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*,
  	}
  	enumerator->destroy(enumerator);
  
@@ -581,5 +586,5 @@ index eb7b6ad..706fa57 100644
  			{"raw",			'r', 0, "dump raw response message"},
  			{"pretty",		'P', 0, "dump raw response message in pretty print"},
 -- 
-2.4.2
+2.4.5
author	Timo Teräs <timo.teras@iki.fi>	2015-07-17 11:55:55 +0300
committer	Timo Teräs <timo.teras@iki.fi>	2015-07-17 11:57:00 +0300
commit	6f2ac56727056f7ba7c55640459e40bbb1f17ef6 (patch)
tree	f3a10eed7ccd10552b1dbf475e4edcb856468f6b /main/strongswan/1001-charon-add-optional-source-and-remote-overrides-for-.patch
parent	562d4b1c781fc780fa893878ea3a6b850d6dbddb (diff)
download	aports-6f2ac56727056f7ba7c55640459e40bbb1f17ef6.tar.bz2 aports-6f2ac56727056f7ba7c55640459e40bbb1f17ef6.tar.xz