diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2010-07-06 12:09:06 +0200 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2010-09-02 19:01:24 +0200 |
| commit | a22853b302f6b15c03f647fcf4c9e9498314dcd7 (patch) | |
| tree | d5623a0ed48ccdb131b63a53e54873f3da24a9e1 | |
| parent | 81f6ec276b1322d79428e6195c03065259482a50 (diff) | |
| download | strongswan-a22853b302f6b15c03f647fcf4c9e9498314dcd7.tar.bz2 strongswan-a22853b302f6b15c03f647fcf4c9e9498314dcd7.tar.xz | |
Moved delete/rekey CHILD_SA job creation to kernel event handler.
4 files changed, 39 insertions, 53 deletions
diff --git a/src/libcharon/kernel/kernel_handler.c b/src/libcharon/kernel/kernel_handler.c index 5a12e35ab..64907b77d 100644 --- a/src/libcharon/kernel/kernel_handler.c +++ b/src/libcharon/kernel/kernel_handler.c @@ -18,6 +18,8 @@ #include <hydra.h> #include <daemon.h> #include <processing/jobs/acquire_job.h> +#include <processing/jobs/rekey_child_sa_job.h> +#include <processing/jobs/delete_child_sa_job.h> typedef struct private_kernel_handler_t private_kernel_handler_t; @@ -52,6 +54,26 @@ METHOD(kernel_listener_t, acquire, bool, return TRUE; } +METHOD(kernel_listener_t, expire, bool, + private_kernel_handler_t *this, u_int32_t reqid, protocol_id_t protocol, + u_int32_t spi, bool hard) +{ + job_t *job; + DBG1(DBG_KNL, "creating %s job for %N CHILD_SA with SPI %.8x " + "and reqid {%u}", hard ? "delete" : "rekey", + protocol_id_names, protocol, ntohl(spi), reqid); + if (hard) + { + job = (job_t*)delete_child_sa_job_create(reqid, protocol, spi); + } + else + { + job = (job_t*)rekey_child_sa_job_create(reqid, protocol, spi); + } + hydra->processor->queue_job(hydra->processor, job); + return TRUE; +} + METHOD(kernel_handler_t, destroy, void, private_kernel_handler_t *this) { @@ -68,6 +90,7 @@ kernel_handler_t *kernel_handler_create() .public = { .listener = { .acquire = _acquire, + .expire = _expire, }, .destroy = _destroy, }, diff --git a/src/libcharon/plugins/kernel_klips/kernel_klips_ipsec.c b/src/libcharon/plugins/kernel_klips/kernel_klips_ipsec.c index d21da6f9e..390d90651 100644 --- a/src/libcharon/plugins/kernel_klips/kernel_klips_ipsec.c +++ b/src/libcharon/plugins/kernel_klips/kernel_klips_ipsec.c @@ -33,8 +33,6 @@ #include <threading/thread.h> #include <threading/mutex.h> #include <processing/jobs/callback_job.h> -#include <processing/jobs/rekey_child_sa_job.h> -#include <processing/jobs/delete_child_sa_job.h> #include <processing/jobs/update_sa_job.h> /** default timeout for generated SPIs (in seconds) */ @@ -1418,12 +1416,14 @@ static job_requeue_t receive_events(private_kernel_klips_ipsec_t *this) process_acquire(this, msg); break; case SADB_EXPIRE: - /* SADB_EXPIRE events in KLIPS are only triggered by traffic (even for - * the time based limits). So if there is no traffic for a longer - * period than configured as hard limit, we wouldn't be able to rekey - * the SA and just receive the hard expire and thus delete the SA. - * To avoid this behavior and to make charon behave as with the other - * kernel plugins, we implement the expiration of SAs ourselves. */ + /* SADB_EXPIRE events in KLIPS are only triggered by traffic (even + * for the time based limits). So if there is no traffic for a + * longer period than configured as hard limit, we wouldn't be able + * to rekey the SA and just receive the hard expire and thus delete + * the SA. + * To avoid this behavior and to make charon behave as with the + * other kernel plugins, we implement the expiration of SAs + * ourselves. */ break; case SADB_X_NAT_T_NEW_MAPPING: process_mapping(this, msg); @@ -1470,7 +1470,6 @@ static job_requeue_t sa_expires(sa_expire_t *expire) bool hard = expire->type != EXPIRE_TYPE_SOFT; sa_entry_t *cached_sa; linked_list_t *list; - job_t *job; /* for an expired SPI we first check whether the CHILD_SA got installed * in the meantime, for expired SAs we check whether they are still installed */ @@ -1496,18 +1495,8 @@ static job_requeue_t sa_expires(sa_expire_t *expire) DBG2(DBG_KNL, "%N CHILD_SA with SPI %.8x and reqid {%d} expired", protocol_id_names, protocol, ntohl(spi), reqid); - DBG1(DBG_KNL, "creating %s job for %N CHILD_SA with SPI %.8x and reqid {%d}", - hard ? "delete" : "rekey", protocol_id_names, - protocol, ntohl(spi), reqid); - if (hard) - { - job = (job_t*)delete_child_sa_job_create(reqid, protocol, spi); - } - else - { - job = (job_t*)rekey_child_sa_job_create(reqid, protocol, spi); - } - hydra->processor->queue_job(hydra->processor, job); + charon->kernel_interface->expire(charon->kernel_interface, reqid, protocol, + spi, hard); return JOB_REQUEUE_NONE; } diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c index 68fcab8de..b603b136a 100644 --- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c +++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c @@ -42,8 +42,6 @@ #include <utils/hashtable.h> #include <processing/jobs/callback_job.h> #include <processing/jobs/migrate_job.h> -#include <processing/jobs/rekey_child_sa_job.h> -#include <processing/jobs/delete_child_sa_job.h> #include <processing/jobs/update_sa_job.h> /** required for Linux 2.6.26 kernel and later */ @@ -599,7 +597,6 @@ static void process_acquire(private_kernel_netlink_ipsec_t *this, struct nlmsghd */ static void process_expire(private_kernel_netlink_ipsec_t *this, struct nlmsghdr *hdr) { - job_t *job; protocol_id_t protocol; u_int32_t spi, reqid; struct xfrm_user_expire *expire; @@ -613,23 +610,13 @@ static void process_expire(private_kernel_netlink_ipsec_t *this, struct nlmsghdr if (protocol != PROTO_ESP && protocol != PROTO_AH) { - DBG2(DBG_KNL, "ignoring XFRM_MSG_EXPIRE for SA with SPI %.8x and reqid {%u} " - "which is not a CHILD_SA", ntohl(spi), reqid); + DBG2(DBG_KNL, "ignoring XFRM_MSG_EXPIRE for SA with SPI %.8x and " + "reqid {%u} which is not a CHILD_SA", ntohl(spi), reqid); return; } - DBG1(DBG_KNL, "creating %s job for %N CHILD_SA with SPI %.8x and reqid {%d}", - expire->hard ? "delete" : "rekey", protocol_id_names, - protocol, ntohl(spi), reqid); - if (expire->hard) - { - job = (job_t*)delete_child_sa_job_create(reqid, protocol, spi); - } - else - { - job = (job_t*)rekey_child_sa_job_create(reqid, protocol, spi); - } - hydra->processor->queue_job(hydra->processor, job); + charon->kernel_interface->expire(charon->kernel_interface, reqid, protocol, + spi, expire->hard != 0); } /** diff --git a/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c index b49009545..b91b6d141 100644 --- a/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c +++ b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c @@ -61,8 +61,6 @@ #include <threading/mutex.h> #include <processing/jobs/callback_job.h> #include <processing/jobs/migrate_job.h> -#include <processing/jobs/rekey_child_sa_job.h> -#include <processing/jobs/delete_child_sa_job.h> #include <processing/jobs/update_sa_job.h> /** non linux specific */ @@ -949,7 +947,6 @@ static void process_expire(private_kernel_pfkey_ipsec_t *this, struct sadb_msg* protocol_id_t protocol; u_int32_t spi, reqid; bool hard; - job_t *job; DBG2(DBG_KNL, "received an SADB_EXPIRE"); @@ -971,18 +968,8 @@ static void process_expire(private_kernel_pfkey_ipsec_t *this, struct sadb_msg* return; } - DBG1(DBG_KNL, "creating %s job for %N CHILD_SA with SPI %.8x and reqid {%u}", - hard ? "delete" : "rekey", protocol_id_names, - protocol, ntohl(spi), reqid); - if (hard) - { - job = (job_t*)delete_child_sa_job_create(reqid, protocol, spi); - } - else - { - job = (job_t*)rekey_child_sa_job_create(reqid, protocol, spi); - } - hydra->processor->queue_job(hydra->processor, job); + charon->kernel_interface->expire(charon->kernel_interface, reqid, protocol, + spi, hard); } #ifdef SADB_X_MIGRATE |