sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-06 00:00:47 -04:00
Code Issues Projects Releases Wiki Activity

removed obsolete route/unroute code from ike_sa/controller

Browse Source
This commit is contained in:
Martin Willi 2009-05-06 19:49:20 +02:00
parent 8c99451ae1
commit 17339b9a86
4 changed files with 6 additions and 411 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

125
src/charon/control/controller.c
View File

@ -170,15 +170,12 @@ static bool listener_child_state(interface_listener_t *this, ike_sa_t *ike_sa,
{
switch (state)
{
case CHILD_ROUTED:
case CHILD_INSTALLED:
this->status = SUCCESS;
return FALSE;
case CHILD_DESTROYING:
switch (child_sa->get_state(child_sa))
{
case CHILD_ROUTED:
/* has been unrouted */
case CHILD_DELETING:
/* proper delete */
this->status = SUCCESS;
@ -423,126 +420,6 @@ static status_t terminate_child(controller_t *this, u_int32_t reqid,
return job.listener.status;
}
/**
* execute function for route
*/
static status_t route_execute(interface_job_t *job)
{
interface_listener_t *listener = &job->listener;
ike_sa_t *ike_sa = listener->ike_sa;
charon->bus->set_sa(charon->bus, ike_sa);
if (ike_sa->route(ike_sa, listener->child_cfg) != DESTROY_ME)
{
charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
return SUCCESS;
}
charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, ike_sa);
return FAILED;
}
/**
* Implementation of controller_t.route.
*/
static status_t route(controller_t *this,
peer_cfg_t *peer_cfg, child_cfg_t *child_cfg,
controller_cb_t callback, void *param)
{
ike_sa_t *ike_sa;
interface_job_t job = {
.listener = {
.public = {
.log = (void*)listener_log,
.ike_state_change = (void*)listener_ike_state,
.child_state_change = (void*)listener_child_state,
},
.callback = callback,
.param = param,
.status = FAILED,
.peer_cfg = peer_cfg,
.child_cfg = child_cfg,
},
.public = {
.execute = (void*)route_execute,
.destroy = (void*)recheckin,
},
};
ike_sa = charon->ike_sa_manager->checkout_by_config(charon->ike_sa_manager,
peer_cfg);
if (ike_sa->get_peer_cfg(ike_sa) == NULL)
{
ike_sa->set_peer_cfg(ike_sa, peer_cfg);
}
job.listener.ike_sa = ike_sa;
if (callback == NULL)
{
return route_execute(&job);
}
charon->bus->listen(charon->bus, &job.listener.public, (job_t*)&job);
return job.listener.status;
}
/**
* execute function for unroute
*/
static status_t unroute_execute(interface_job_t *job)
{
interface_listener_t *listener = &job->listener;
ike_sa_t *ike_sa = listener->ike_sa;
charon->bus->set_sa(charon->bus, ike_sa);
if (ike_sa->unroute(ike_sa, listener->id) != DESTROY_ME)
{
charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
return SUCCESS;
}
charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, ike_sa);
return SUCCESS;
}
/**
* Implementation of controller_t.unroute.
*/
static status_t unroute(controller_t *this, u_int32_t reqid,
controller_cb_t callback, void *param)
{
ike_sa_t *ike_sa;
interface_job_t job = {
.listener = {
.public = {
.log = (void*)listener_log,
.ike_state_change = (void*)listener_ike_state,
.child_state_change = (void*)listener_child_state,
},
.callback = callback,
.param = param,
.status = FAILED,
.id = reqid,
},
.public = {
.execute = (void*)unroute_execute,
.destroy = (void*)recheckin,
},
};
ike_sa = charon->ike_sa_manager->checkout_by_id(charon->ike_sa_manager,
reqid, TRUE);
if (ike_sa == NULL)
{
DBG1(DBG_IKE, "unable to unroute, CHILD_SA with ID %d not found", reqid);
return NOT_FOUND;
}
job.listener.ike_sa = ike_sa;
if (callback == NULL)
{
return unroute_execute(&job);
}
charon->bus->listen(charon->bus, &job.listener.public, (job_t*)&job);
return job.listener.status;
}
/**
* See header
*/
@ -571,8 +448,6 @@ controller_t *controller_create(void)
this->public.initiate = (status_t(*)(controller_t*,peer_cfg_t*,child_cfg_t*,controller_cb_t,void*))initiate;
this->public.terminate_ike = (status_t(*)(controller_t*,u_int32_t,controller_cb_t, void*))terminate_ike;
this->public.terminate_child = (status_t(*)(controller_t*,u_int32_t,controller_cb_t, void *param))terminate_child;
this->public.route = (status_t(*)(controller_t*,peer_cfg_t*, child_cfg_t*,controller_cb_t,void*))route;
this->public.unroute = (status_t(*)(controller_t*,u_int32_t,controller_cb_t,void*))unroute;
this->public.destroy = (void (*)(controller_t*))destroy;
return &this->public;

32
src/charon/control/controller.h
View File

@ -123,38 +123,6 @@ struct controller_t {
status_t (*terminate_child)(controller_t *this, u_int32_t reqid,
controller_cb_t callback, void *param);
/**
* Route a CHILD_SA (install triggering policies).
*
* @param peer_cfg peer_cfg to use for IKE_SA setup, if triggered
* @param child_cfg child_cfg to route
* @param cb logging callback
* @param param parameter to include in each call of cb
* @return
* - SUCCESS, if CHILD_SA routed
* - FAILED, if routing failed
* - NEED_MORE, if callback returned FALSE
*/
status_t (*route)(controller_t *this,
peer_cfg_t *peer_cfg, child_cfg_t *child_cfg,
controller_cb_t callback, void *param);
/**
* Unroute a routed CHILD_SA (uninstall triggering policies).
*
* Only the route is removed, not the CHILD_SAs the route triggered.
*
* @param reqid reqid of the CHILD_SA to unroute
* @param cb logging callback
* @param param parameter to include in each call of cb
* @return
* - SUCCESS, if CHILD_SA terminated
* - NOT_FOUND, if no such CHILD_SA routed
* - NEED_MORE, if callback returned FALSE
*/
status_t (*unroute)(controller_t *this, u_int32_t reqid,
controller_cb_t callback, void *param);
/**
* Destroy a controller_t instance.
*/

223
src/charon/sa/ike_sa.c
View File

@ -1105,7 +1105,8 @@ static void resolve_hosts(private_ike_sa_t *this)
/**
* Initiates a CHILD_SA using the appropriate reqid
*/
static status_t initiate_with_reqid(private_ike_sa_t *this, child_cfg_t *child_cfg, u_int32_t reqid)
static status_t initiate_with_reqid(private_ike_sa_t *this,
child_cfg_t *child_cfg, u_int32_t reqid)
{
task_t *task;
@ -1198,168 +1199,6 @@ static status_t initiate(private_ike_sa_t *this, child_cfg_t *child_cfg)
return initiate_with_reqid(this, child_cfg, 0);
}
/**
* Implementation of ike_sa_t.acquire.
*/
static status_t acquire(private_ike_sa_t *this, u_int32_t reqid)
{
child_cfg_t *child_cfg;
iterator_t *iterator;
child_sa_t *current, *child_sa = NULL;
switch (this->state)
{
case IKE_DELETING:
DBG1(DBG_IKE, "acquiring CHILD_SA {reqid %d} failed: "
"IKE_SA is deleting", reqid);
return FAILED;
case IKE_PASSIVE:
/* do not process acquires if passive */
return FAILED;
default:
break;
}
/* find CHILD_SA */
iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
while (iterator->iterate(iterator, (void**)&current))
{
if (current->get_reqid(current) == reqid)
{
child_sa = current;
break;
}
}
iterator->destroy(iterator);
if (!child_sa)
{
DBG1(DBG_IKE, "acquiring CHILD_SA {reqid %d} failed: "
"CHILD_SA not found", reqid);
return FAILED;
}
child_cfg = child_sa->get_config(child_sa);
child_cfg->get_ref(child_cfg);
return initiate_with_reqid(this, child_cfg, reqid);
}
/**
* Implementation of ike_sa_t.route.
*/
static status_t route(private_ike_sa_t *this, child_cfg_t *child_cfg)
{
child_sa_t *child_sa;
iterator_t *iterator;
linked_list_t *my_ts, *other_ts;
host_t *me, *other;
status_t status;
/* check if not already routed*/
iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
while (iterator->iterate(iterator, (void**)&child_sa))
{
if (child_sa->get_state(child_sa) == CHILD_ROUTED &&
streq(child_sa->get_name(child_sa), child_cfg->get_name(child_cfg)))
{
iterator->destroy(iterator);
DBG1(DBG_IKE, "routing CHILD_SA failed: already routed");
return FAILED;
}
}
iterator->destroy(iterator);
switch (this->state)
{
case IKE_DELETING:
case IKE_REKEYING:
DBG1(DBG_IKE, "routing CHILD_SA failed: IKE_SA is %N",
ike_sa_state_names, this->state);
return FAILED;
case IKE_CREATED:
case IKE_CONNECTING:
case IKE_ESTABLISHED:
case IKE_PASSIVE:
default:
break;
}
resolve_hosts(this);
/* install kernel policies */
child_sa = child_sa_create(this->my_host, this->other_host,
child_cfg, 0, FALSE);
me = this->my_host;
if (this->my_virtual_ip)
{
me = this->my_virtual_ip;
}
other = this->other_host;
if (this->other_virtual_ip)
{
other = this->other_virtual_ip;
}
my_ts = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, me);
other_ts = child_cfg->get_traffic_selectors(child_cfg, FALSE, NULL, other);
child_sa->set_mode(child_sa, child_cfg->get_mode(child_cfg));
status = child_sa->add_policies(child_sa, my_ts, other_ts);
my_ts->destroy_offset(my_ts, offsetof(traffic_selector_t, destroy));
other_ts->destroy_offset(other_ts, offsetof(traffic_selector_t, destroy));
if (status == SUCCESS)
{
this->child_sas->insert_last(this->child_sas, child_sa);
DBG1(DBG_IKE, "CHILD_SA routed");
}
else
{
child_sa->destroy(child_sa);
DBG1(DBG_IKE, "routing CHILD_SA failed");
}
return status;
}
/**
* Implementation of ike_sa_t.unroute.
*/
static status_t unroute(private_ike_sa_t *this, u_int32_t reqid)
{
iterator_t *iterator;
child_sa_t *child_sa;
bool found = FALSE;
/* find CHILD_SA in ROUTED state */
iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
while (iterator->iterate(iterator, (void**)&child_sa))
{
if (child_sa->get_state(child_sa) == CHILD_ROUTED &&
child_sa->get_reqid(child_sa) == reqid)
{
iterator->remove(iterator);
DBG1(DBG_IKE, "CHILD_SA unrouted");
child_sa->destroy(child_sa);
found = TRUE;
break;
}
}
iterator->destroy(iterator);
if (!found)
{
DBG1(DBG_IKE, "unrouting CHILD_SA failed: reqid %d not found", reqid);
return FAILED;
}
/* if we are not established, and we have no more routed childs, remove whole SA */
if (this->state == IKE_CREATED &&
this->child_sas->get_count(this->child_sas) == 0)
{
return DESTROY_ME;
}
return SUCCESS;
}
/**
* Implementation of ike_sa_t.process_message.
*/
@ -1434,14 +1273,10 @@ static status_t process_message(private_ike_sa_t *this, message_t *message)
else
{
host_t *me, *other;
private_ike_sa_t *new;
iterator_t *iterator;
child_sa_t *child;
bool has_routed = FALSE;
me = message->get_destination(message);
other = message->get_source(message);
/* if this IKE_SA is virgin, we check for a config */
if (this->ike_cfg == NULL)
{
@ -1471,51 +1306,7 @@ static status_t process_message(private_ike_sa_t *this, message_t *message)
update_hosts(this, me, other);
}
}
status = this->task_manager->process_message(this->task_manager, message);
if (status != DESTROY_ME)
{
return status;
}
/* if IKE_SA gets closed for any reasons, reroute routed children */
iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
while (iterator->iterate(iterator, (void**)&child))
{
if (child->get_state(child) == CHILD_ROUTED)
{
has_routed = TRUE;
break;
}
}
iterator->destroy(iterator);
if (!has_routed)
{
return status;
}
/* move routed children to a new IKE_SA, apply connection info */
new = (private_ike_sa_t*)charon->ike_sa_manager->checkout_new(
charon->ike_sa_manager, TRUE);
set_peer_cfg(new, this->peer_cfg);
new->other_host->destroy(new->other_host);
new->other_host = this->other_host->clone(this->other_host);
if (!has_condition(this, COND_NAT_THERE))
{
new->other_host->set_port(new->other_host, IKEV2_UDP_PORT);
}
if (this->my_virtual_ip)
{
set_virtual_ip(new, TRUE, this->my_virtual_ip);
}
iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
while (iterator->iterate(iterator, (void**)&child))
{
if (child->get_state(child) == CHILD_ROUTED)
{
route(new, child->get_config(child));
}
}
iterator->destroy(iterator);
charon->ike_sa_manager->checkin(charon->ike_sa_manager, &new->public);
return status;
return this->task_manager->process_message(this->task_manager, message);
}
}
@ -1850,7 +1641,8 @@ static status_t reestablish(private_ike_sa_t *this)
status = new->initiate(new, child_cfg);
break;
case ACTION_ROUTE:
status = new->route(new, child_cfg);
charon->traps->install(charon->traps,
this->peer_cfg, child_cfg);
break;
default:
continue;
@ -2206,9 +1998,6 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id)
this->public.get_statistic = (u_int32_t(*)(ike_sa_t*, statistic_t kind))get_statistic;
this->public.process_message = (status_t (*)(ike_sa_t*, message_t*)) process_message;
this->public.initiate = (status_t (*)(ike_sa_t*,child_cfg_t*)) initiate;
this->public.route = (status_t (*)(ike_sa_t*,child_cfg_t*)) route;
this->public.unroute = (status_t (*)(ike_sa_t*,u_int32_t)) unroute;
this->public.acquire = (status_t (*)(ike_sa_t*,u_int32_t)) acquire;
this->public.get_ike_cfg = (ike_cfg_t* (*)(ike_sa_t*))get_ike_cfg;
this->public.set_ike_cfg = (void (*)(ike_sa_t*,ike_cfg_t*))set_ike_cfg;
this->public.get_peer_cfg = (peer_cfg_t* (*)(ike_sa_t*))get_peer_cfg;

37
src/charon/sa/ike_sa.h
View File

@ -608,43 +608,6 @@ struct ike_sa_t {
* - DESTROY_ME if initialization failed
*/
status_t (*initiate) (ike_sa_t *this, child_cfg_t *child_cfg);
/**
* Route a policy in the kernel.
*
* Installs the policies in the kernel. If traffic matches,
* the kernel requests connection setup from the IKE_SA via acquire().
*
* @param child_cfg child config to route
* @return
* - SUCCESS if routed successfully
* - FAILED if routing failed
*/
status_t (*route) (ike_sa_t *this, child_cfg_t *child_cfg);
/**
* Unroute a policy in the kernel previously routed.
*
* @param reqid reqid of CHILD_SA to unroute
* @return
* - SUCCESS if route removed
* - NOT_FOUND if CHILD_SA not found
* - DESTROY_ME if last CHILD_SA was unrouted
*/
status_t (*unroute) (ike_sa_t *this, u_int32_t reqid);
/**
* Acquire connection setup for an installed kernel policy.
*
* If an installed policy raises an acquire, the kernel calls
* this function to establish the CHILD_SA (and maybe the IKE_SA).
*
* @param reqid reqid of the CHILD_SA the policy belongs to.
* @return
* - SUCCESS if initialization started
* - DESTROY_ME if initialization failed
*/
status_t (*acquire) (ike_sa_t *this, u_int32_t reqid);
/**
* Initiates the deletion of an IKE_SA.