sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-04 00:00:14 -04:00
Code Issues Projects Releases Wiki Activity

ike-sa-manager: Prevent new IKE_SA from getting created when flush() is called

Browse Source 
Without ability to create SPIs, other threads are prevented from creating
new IKE_SAs while we are flushing existing IKE_SAs.  However, there could
still be IKE_SAs already created that might get checked in while the
segments are temporarily unlocked to wait for threads to check existing
SAs in.
This commit is contained in:
Tobias Brunner 2022-08-26 15:33:22 +02:00
parent 69995ed2c4
commit 6f456afe39
1 changed files with 8 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/libcharon/sa/ike_sa_manager.c
View File

@ -2391,6 +2391,14 @@ METHOD(ike_sa_manager_t, flush, void,
entry_t *entry;
u_int segment;
/* prevent threads from creating new SAs */
this->spi_lock->write_lock(this->spi_lock);
DESTROY_IF(this->rng);
this->rng = NULL;
this->spi_cb.cb = NULL;
this->spi_cb.data = NULL;
this->spi_lock->unlock(this->spi_lock);
lock_all_segments(this);
DBG2(DBG_MGR, "going to destroy IKE_SA manager and all managed IKE_SA's");
/* Step 1: drive out all waiting threads */
@ -2431,13 +2439,6 @@ METHOD(ike_sa_manager_t, flush, void,
/* Step 4: destroy all entries */
destroy_all_entries(this);
unlock_all_segments(this);
this->spi_lock->write_lock(this->spi_lock);
DESTROY_IF(this->rng);
this->rng = NULL;
this->spi_cb.cb = NULL;
this->spi_cb.data = NULL;
this->spi_lock->unlock(this->spi_lock);
}
METHOD(ike_sa_manager_t, destroy, void,