diff options
Diffstat (limited to 'src/libcharon/plugins')
-rw-r--r-- | src/libcharon/plugins/ha/ha_child.c | 2 | ||||
-rw-r--r-- | src/libcharon/plugins/ha/ha_dispatcher.c | 5 | ||||
-rw-r--r-- | src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c | 17 | ||||
-rw-r--r-- | src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c | 17 | ||||
-rw-r--r-- | src/libcharon/plugins/load_tester/load_tester_ipsec.c | 6 | ||||
-rw-r--r-- | src/libcharon/plugins/stroke/stroke_control.c | 8 | ||||
-rw-r--r-- | src/libcharon/plugins/stroke/stroke_list.c | 11 | ||||
-rw-r--r-- | src/libcharon/plugins/unity/unity_handler.c | 22 | ||||
-rw-r--r-- | src/libcharon/plugins/unity/unity_handler.h | 5 | ||||
-rw-r--r-- | src/libcharon/plugins/unity/unity_narrow.c | 4 | ||||
-rw-r--r-- | src/libcharon/plugins/vici/README.md | 1 | ||||
-rw-r--r-- | src/libcharon/plugins/vici/vici_config.c | 20 | ||||
-rw-r--r-- | src/libcharon/plugins/vici/vici_control.c | 4 | ||||
-rw-r--r-- | src/libcharon/plugins/vici/vici_query.c | 1 |
14 files changed, 63 insertions, 60 deletions
diff --git a/src/libcharon/plugins/ha/ha_child.c b/src/libcharon/plugins/ha/ha_child.c index c166d72ac..ed6ca7196 100644 --- a/src/libcharon/plugins/ha/ha_child.c +++ b/src/libcharon/plugins/ha/ha_child.c @@ -128,7 +128,7 @@ METHOD(listener_t, child_keys, bool, ike_sa->get_other_host(ike_sa), child_sa->get_spi(child_sa, FALSE)); DBG1(DBG_CFG, "handling HA CHILD_SA %s{%d} %#R=== %#R " "(segment in: %d%s, out: %d%s)", child_sa->get_name(child_sa), - child_sa->get_reqid(child_sa), local_ts, remote_ts, + child_sa->get_unique_id(child_sa), local_ts, remote_ts, seg_i, this->segments->is_active(this->segments, seg_i) ? "*" : "", seg_o, this->segments->is_active(this->segments, seg_o) ? "*" : ""); diff --git a/src/libcharon/plugins/ha/ha_dispatcher.c b/src/libcharon/plugins/ha/ha_dispatcher.c index e20e872c1..983f9d8fc 100644 --- a/src/libcharon/plugins/ha/ha_dispatcher.c +++ b/src/libcharon/plugins/ha/ha_dispatcher.c @@ -718,7 +718,8 @@ static void process_child_add(private_ha_dispatcher_t *this, child_sa = child_sa_create(ike_sa->get_my_host(ike_sa), ike_sa->get_other_host(ike_sa), config, 0, - ike_sa->has_condition(ike_sa, COND_NAT_ANY)); + ike_sa->has_condition(ike_sa, COND_NAT_ANY), + 0, 0); child_sa->set_mode(child_sa, mode); child_sa->set_protocol(child_sa, PROTO_ESP); child_sa->set_ipcomp(child_sa, ipcomp); @@ -835,7 +836,7 @@ static void process_child_add(private_ha_dispatcher_t *this, DBG1(DBG_CFG, "installed HA CHILD_SA %s{%d} %#R=== %#R " "(segment in: %d%s, out: %d%s)", child_sa->get_name(child_sa), - child_sa->get_reqid(child_sa), local_ts, remote_ts, + child_sa->get_unique_id(child_sa), local_ts, remote_ts, seg_i, this->segments->is_active(this->segments, seg_i) ? "*" : "", seg_o, this->segments->is_active(this->segments, seg_o) ? "*" : ""); child_sa->add_policies(child_sa, local_ts, remote_ts); diff --git a/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c b/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c index bd07a67a2..e6c5d6a1d 100644 --- a/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c +++ b/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c @@ -222,10 +222,10 @@ static inline bool policy_entry_equals(policy_entry_t *a, /** * Expiration callback */ -static void expire(u_int32_t reqid, u_int8_t protocol, u_int32_t spi, bool hard) +static void expire(u_int8_t protocol, u_int32_t spi, host_t *dst, bool hard) { - hydra->kernel_interface->expire(hydra->kernel_interface, reqid, protocol, - spi, hard); + hydra->kernel_interface->expire(hydra->kernel_interface, protocol, + spi, dst, hard); } METHOD(kernel_ipsec_t, get_features, kernel_feature_t, @@ -236,14 +236,14 @@ METHOD(kernel_ipsec_t, get_features, kernel_feature_t, METHOD(kernel_ipsec_t, get_spi, status_t, private_kernel_libipsec_ipsec_t *this, host_t *src, host_t *dst, - u_int8_t protocol, u_int32_t reqid, u_int32_t *spi) + u_int8_t protocol, u_int32_t *spi) { - return ipsec->sas->get_spi(ipsec->sas, src, dst, protocol, reqid, spi); + return ipsec->sas->get_spi(ipsec->sas, src, dst, protocol, spi); } METHOD(kernel_ipsec_t, get_cpi, status_t, private_kernel_libipsec_ipsec_t *this, host_t *src, host_t *dst, - u_int32_t reqid, u_int16_t *cpi) + u_int16_t *cpi) { return NOT_SUPPORTED; } @@ -255,12 +255,11 @@ METHOD(kernel_ipsec_t, add_sa, status_t, u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi, u_int32_t replay_window, bool initiator, bool encap, bool esn, bool inbound, - traffic_selector_t *src_ts, traffic_selector_t *dst_ts) + linked_list_t *src_ts, linked_list_t *dst_ts) { return ipsec->sas->add_sa(ipsec->sas, src, dst, spi, protocol, reqid, mark, tfc, lifetime, enc_alg, enc_key, int_alg, int_key, - mode, ipcomp, cpi, initiator, encap, esn, inbound, - src_ts, dst_ts); + mode, ipcomp, cpi, initiator, encap, esn, inbound); } METHOD(kernel_ipsec_t, update_sa, status_t, diff --git a/src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c b/src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c index 39e37b1c9..86db9e643 100644 --- a/src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c +++ b/src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c @@ -1981,7 +1981,7 @@ static u_int permute(u_int x, u_int p) METHOD(kernel_ipsec_t, get_spi, status_t, private_kernel_wfp_ipsec_t *this, host_t *src, host_t *dst, - u_int8_t protocol, u_int32_t reqid, u_int32_t *spi) + u_int8_t protocol, u_int32_t *spi) { /* To avoid sequencial SPIs, we use a one-to-one permuation function on * an incrementing counter, that is a full period PRNG for the range we @@ -1998,7 +1998,7 @@ METHOD(kernel_ipsec_t, get_spi, status_t, METHOD(kernel_ipsec_t, get_cpi, status_t, private_kernel_wfp_ipsec_t *this, host_t *src, host_t *dst, - u_int32_t reqid, u_int16_t *cpi) + u_int16_t *cpi) { return NOT_SUPPORTED; } @@ -2032,9 +2032,8 @@ static void expire_data_destroy(expire_data_t *data) static job_requeue_t expire_job(expire_data_t *data) { private_kernel_wfp_ipsec_t *this = data->this; - u_int32_t reqid = 0; u_int8_t protocol; - entry_t *entry; + entry_t *entry = NULL; sa_entry_t key = { .spi = data->spi, .dst = data->dst, @@ -2048,7 +2047,6 @@ static job_requeue_t expire_job(expire_data_t *data) if (entry) { protocol = entry->isa.protocol; - reqid = entry->reqid; if (entry->osa.dst) { key.dst = entry->osa.dst; @@ -2065,15 +2063,14 @@ static job_requeue_t expire_job(expire_data_t *data) if (entry) { protocol = entry->isa.protocol; - reqid = entry->reqid; } this->mutex->unlock(this->mutex); } - if (reqid) + if (entry) { - hydra->kernel_interface->expire(hydra->kernel_interface, - reqid, protocol, data->spi, data->hard); + hydra->kernel_interface->expire(hydra->kernel_interface, protocol, + data->spi, data->dst, data->hard); } return JOB_REQUEUE_NONE; @@ -2107,7 +2104,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t, u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi, u_int32_t replay_window, bool initiator, bool encap, bool esn, bool inbound, - traffic_selector_t *src_ts, traffic_selector_t *dst_ts) + linked_list_t *src_ts, linked_list_t *dst_ts) { host_t *local, *remote; entry_t *entry; diff --git a/src/libcharon/plugins/load_tester/load_tester_ipsec.c b/src/libcharon/plugins/load_tester/load_tester_ipsec.c index 3f256ddd0..68af4794d 100644 --- a/src/libcharon/plugins/load_tester/load_tester_ipsec.c +++ b/src/libcharon/plugins/load_tester/load_tester_ipsec.c @@ -36,7 +36,7 @@ struct private_load_tester_ipsec_t { METHOD(kernel_ipsec_t, get_spi, status_t, private_load_tester_ipsec_t *this, host_t *src, host_t *dst, - u_int8_t protocol, u_int32_t reqid, u_int32_t *spi) + u_int8_t protocol, u_int32_t *spi) { *spi = (uint32_t)ref_get(&this->spi); return SUCCESS; @@ -44,7 +44,7 @@ METHOD(kernel_ipsec_t, get_spi, status_t, METHOD(kernel_ipsec_t, get_cpi, status_t, private_load_tester_ipsec_t *this, host_t *src, host_t *dst, - u_int32_t reqid, u_int16_t *cpi) + u_int16_t *cpi) { return FAILED; } @@ -56,7 +56,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t, u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi, u_int32_t replay_window, bool initiator, bool encap, bool esn, bool inbound, - traffic_selector_t *src_ts, traffic_selector_t *dst_ts) + linked_list_t *src_ts, linked_list_t *dst_ts) { return SUCCESS; } diff --git a/src/libcharon/plugins/stroke/stroke_control.c b/src/libcharon/plugins/stroke/stroke_control.c index f770d7c9e..0084fbf93 100644 --- a/src/libcharon/plugins/stroke/stroke_control.c +++ b/src/libcharon/plugins/stroke/stroke_control.c @@ -352,7 +352,7 @@ METHOD(stroke_control_t, terminate, void, if (streq(name, child_sa->get_name(child_sa))) { child_list->insert_last(child_list, - (void*)(uintptr_t)child_sa->get_reqid(child_sa)); + (void*)(uintptr_t)child_sa->get_unique_id(child_sa)); if (!all) { break; @@ -432,13 +432,13 @@ METHOD(stroke_control_t, rekey, void, while (children->enumerate(children, (void**)&child_sa)) { if ((name && streq(name, child_sa->get_name(child_sa))) || - (id && id == child_sa->get_reqid(child_sa))) + (id && id == child_sa->get_unique_id(child_sa))) { lib->processor->queue_job(lib->processor, (job_t*)rekey_child_sa_job_create( - child_sa->get_reqid(child_sa), child_sa->get_protocol(child_sa), - child_sa->get_spi(child_sa, TRUE))); + child_sa->get_spi(child_sa, TRUE), + ike_sa->get_my_host(ike_sa))); if (!all) { finished = TRUE; diff --git a/src/libcharon/plugins/stroke/stroke_list.c b/src/libcharon/plugins/stroke/stroke_list.c index 1aa49ce0d..490983100 100644 --- a/src/libcharon/plugins/stroke/stroke_list.c +++ b/src/libcharon/plugins/stroke/stroke_list.c @@ -214,11 +214,12 @@ static void log_child_sa(FILE *out, child_sa_t *child_sa, bool all) config = child_sa->get_config(child_sa); now = time_monotonic(NULL); - fprintf(out, "%12s{%d}: %N, %N%s", - child_sa->get_name(child_sa), child_sa->get_reqid(child_sa), + fprintf(out, "%12s{%d}: %N, %N%s, reqid %u", + child_sa->get_name(child_sa), child_sa->get_unique_id(child_sa), child_sa_state_names, child_sa->get_state(child_sa), ipsec_mode_names, child_sa->get_mode(child_sa), - config->use_proxy_mode(config) ? "_PROXY" : ""); + config->use_proxy_mode(config) ? "_PROXY" : "", + child_sa->get_reqid(child_sa)); if (child_sa->get_state(child_sa) == CHILD_INSTALLED) { @@ -238,7 +239,7 @@ static void log_child_sa(FILE *out, child_sa_t *child_sa, bool all) if (all) { fprintf(out, "\n%12s{%d}: ", child_sa->get_name(child_sa), - child_sa->get_reqid(child_sa)); + child_sa->get_unique_id(child_sa)); proposal = child_sa->get_proposal(child_sa); if (proposal) @@ -333,7 +334,7 @@ static void log_child_sa(FILE *out, child_sa_t *child_sa, bool all) other_ts = linked_list_create_from_enumerator( child_sa->create_ts_enumerator(child_sa, FALSE)); fprintf(out, "\n%12s{%d}: %#R=== %#R\n", - child_sa->get_name(child_sa), child_sa->get_reqid(child_sa), + child_sa->get_name(child_sa), child_sa->get_unique_id(child_sa), my_ts, other_ts); my_ts->destroy(my_ts); other_ts->destroy(other_ts); diff --git a/src/libcharon/plugins/unity/unity_handler.c b/src/libcharon/plugins/unity/unity_handler.c index bcef0dc25..eb0ddba5d 100644 --- a/src/libcharon/plugins/unity/unity_handler.c +++ b/src/libcharon/plugins/unity/unity_handler.c @@ -50,8 +50,8 @@ struct private_unity_handler_t { * Traffic selector entry for networks to include under a given IKE_SA */ typedef struct { - /** associated IKE_SA, unique ID */ - u_int32_t sa; + /** associated IKE_SA COOKIEs */ + ike_sa_id_t *id; /** traffic selector to include/exclude */ traffic_selector_t *ts; } entry_t; @@ -61,6 +61,7 @@ typedef struct { */ static void entry_destroy(entry_t *this) { + this->id->destroy(this->id); this->ts->destroy(this->ts); free(this); } @@ -131,9 +132,10 @@ static bool add_include(private_unity_handler_t *this, chunk_t data) while (list->remove_first(list, (void**)&ts) == SUCCESS) { INIT(entry, - .sa = ike_sa->get_unique_id(ike_sa), + .id = ike_sa->get_id(ike_sa), .ts = ts, ); + entry->id = entry->id->clone(entry->id); this->mutex->lock(this->mutex); this->include->insert_last(this->include, entry); @@ -171,7 +173,7 @@ static bool remove_include(private_unity_handler_t *this, chunk_t data) enumerator = this->include->create_enumerator(this->include); while (enumerator->enumerate(enumerator, &entry)) { - if (entry->sa == ike_sa->get_unique_id(ike_sa) && + if (entry->id->equals(entry->id, ike_sa->get_id(ike_sa)) && ts->equals(ts, entry->ts)) { this->include->remove_at(this->include, enumerator); @@ -209,8 +211,7 @@ static job_requeue_t add_exclude_async(entry_t *entry) char name[128]; host_t *host; - ike_sa = charon->ike_sa_manager->checkout_by_id(charon->ike_sa_manager, - entry->sa, FALSE); + ike_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager, entry->id); if (ike_sa) { create_shunt_name(ike_sa, entry->ts, name, sizeof(name)); @@ -267,9 +268,10 @@ static bool add_exclude(private_unity_handler_t *this, chunk_t data) while (list->remove_first(list, (void**)&ts) == SUCCESS) { INIT(entry, - .sa = ike_sa->get_unique_id(ike_sa), + .id = ike_sa->get_id(ike_sa), .ts = ts, ); + entry->id = entry->id->clone(entry->id); /* we can't install the shunt policy yet, as we don't know the virtual IP. * Defer installation using an async callback. */ @@ -402,7 +404,7 @@ typedef struct { /** mutex to unlock */ mutex_t *mutex; /** IKE_SA ID to filter for */ - u_int32_t id; + ike_sa_id_t *id; } include_filter_t; /** @@ -411,7 +413,7 @@ typedef struct { static bool include_filter(include_filter_t *data, entry_t **entry, traffic_selector_t **ts) { - if ((*entry)->sa == data->id) + if (data->id->equals(data->id, (*entry)->id)) { *ts = (*entry)->ts; return TRUE; @@ -429,7 +431,7 @@ static void destroy_filter(include_filter_t *data) } METHOD(unity_handler_t, create_include_enumerator, enumerator_t*, - private_unity_handler_t *this, u_int32_t id) + private_unity_handler_t *this, ike_sa_id_t *id) { include_filter_t *data; diff --git a/src/libcharon/plugins/unity/unity_handler.h b/src/libcharon/plugins/unity/unity_handler.h index 8656fd372..18efe293b 100644 --- a/src/libcharon/plugins/unity/unity_handler.h +++ b/src/libcharon/plugins/unity/unity_handler.h @@ -21,6 +21,7 @@ #ifndef UNITY_HANDLER_H_ #define UNITY_HANDLER_H_ +#include <sa/ike_sa_id.h> #include <attributes/attribute_handler.h> typedef struct unity_handler_t unity_handler_t; @@ -38,11 +39,11 @@ struct unity_handler_t { /** * Create an enumerator over Split-Include attributes received for an IKE_SA. * - * @param id IKE_SA unique ID to get Split-Includes for + * @param id IKE_SA ID to get Split-Includes for * @return enumerator over traffic_selector_t* */ enumerator_t* (*create_include_enumerator)(unity_handler_t *this, - u_int32_t id); + ike_sa_id_t *id); /** * Destroy a unity_handler_t. diff --git a/src/libcharon/plugins/unity/unity_narrow.c b/src/libcharon/plugins/unity/unity_narrow.c index 94089563d..227d24be8 100644 --- a/src/libcharon/plugins/unity/unity_narrow.c +++ b/src/libcharon/plugins/unity/unity_narrow.c @@ -75,7 +75,7 @@ static void narrow_initiator(private_unity_narrow_t *this, ike_sa_t *ike_sa, enumerator_t *enumerator; enumerator = this->handler->create_include_enumerator(this->handler, - ike_sa->get_unique_id(ike_sa)); + ike_sa->get_id(ike_sa)); while (enumerator->enumerate(enumerator, ¤t)) { if (orig == NULL) @@ -159,7 +159,7 @@ static bool has_split_includes(private_unity_narrow_t *this, ike_sa_t *ike_sa) bool has; enumerator = this->handler->create_include_enumerator(this->handler, - ike_sa->get_unique_id(ike_sa)); + ike_sa->get_id(ike_sa)); has = enumerator->enumerate(enumerator, &ts); enumerator->destroy(enumerator); diff --git a/src/libcharon/plugins/vici/README.md b/src/libcharon/plugins/vici/README.md index b74ef0f15..c25b99e1d 100644 --- a/src/libcharon/plugins/vici/README.md +++ b/src/libcharon/plugins/vici/README.md @@ -559,6 +559,7 @@ command. ] child-sas = { <child-sa-name>* = { + uniqueid = <unique CHILD_SA identifier> reqid = <reqid of CHILD_SA> state = <state string of CHILD_SA> mode = <IPsec mode, tunnel|transport|beet> diff --git a/src/libcharon/plugins/vici/vici_config.c b/src/libcharon/plugins/vici/vici_config.c index 113d48084..43b3f0712 100644 --- a/src/libcharon/plugins/vici/vici_config.c +++ b/src/libcharon/plugins/vici/vici_config.c @@ -1551,8 +1551,8 @@ static void clear_start_action(private_vici_config_t *this, enumerator_t *enumerator, *children; child_sa_t *child_sa; ike_sa_t *ike_sa; - u_int32_t reqid = 0, *del; - array_t *reqids = NULL; + u_int32_t id = 0, *del; + array_t *ids = NULL; char *name; name = child_cfg->get_name(child_cfg); @@ -1568,23 +1568,23 @@ static void clear_start_action(private_vici_config_t *this, { if (streq(name, child_sa->get_name(child_sa))) { - reqid = child_sa->get_reqid(child_sa); - array_insert_create(&reqids, ARRAY_TAIL, &reqid); + id = child_sa->get_unique_id(child_sa); + array_insert_create(&ids, ARRAY_TAIL, &id); } } children->destroy(children); } enumerator->destroy(enumerator); - if (array_count(reqids)) + if (array_count(ids)) { - while (array_remove(reqids, ARRAY_HEAD, &del)) + while (array_remove(ids, ARRAY_HEAD, &del)) { DBG1(DBG_CFG, "closing '%s' #%u", name, *del); charon->controller->terminate_child(charon->controller, *del, NULL, NULL, 0); } - array_destroy(reqids); + array_destroy(ids); } break; case ACTION_ROUTE: @@ -1601,14 +1601,14 @@ static void clear_start_action(private_vici_config_t *this, { if (streq(name, child_sa->get_name(child_sa))) { - reqid = child_sa->get_reqid(child_sa); + id = child_sa->get_reqid(child_sa); break; } } enumerator->destroy(enumerator); - if (reqid) + if (id) { - charon->traps->uninstall(charon->traps, reqid); + charon->traps->uninstall(charon->traps, id); } break; } diff --git a/src/libcharon/plugins/vici/vici_control.c b/src/libcharon/plugins/vici/vici_control.c index 292a40032..01d503644 100644 --- a/src/libcharon/plugins/vici/vici_control.c +++ b/src/libcharon/plugins/vici/vici_control.c @@ -264,11 +264,11 @@ CALLBACK(terminate, vici_message_t*, { continue; } - if (child_id && child_sa->get_reqid(child_sa) != child_id) + if (child_id && child_sa->get_unique_id(child_sa) != child_id) { continue; } - current = child_sa->get_reqid(child_sa); + current = child_sa->get_unique_id(child_sa); array_insert(ids, ARRAY_TAIL, ¤t); } csas->destroy(csas); diff --git a/src/libcharon/plugins/vici/vici_query.c b/src/libcharon/plugins/vici/vici_query.c index 54833abde..5a8ef25d8 100644 --- a/src/libcharon/plugins/vici/vici_query.c +++ b/src/libcharon/plugins/vici/vici_query.c @@ -63,6 +63,7 @@ static void list_child(private_vici_query_t *this, vici_builder_t *b, enumerator_t *enumerator; traffic_selector_t *ts; + b->add_kv(b, "uniqueid", "%u", child->get_unique_id(child)); b->add_kv(b, "reqid", "%u", child->get_reqid(child)); b->add_kv(b, "state", "%N", child_sa_state_names, child->get_state(child)); b->add_kv(b, "mode", "%N", ipsec_mode_names, child->get_mode(child)); |