Besides the previous key exchange method, this will allow us to also
reuse the previous traffic selectors. Some data is still passed in
separate methods as some are set even when there is no previous SA and
others are not set in all cases.
The interface for queue_child() now optionally takes the previous
Child SA to handle both recreations and initiations from scratch.
This fixes cases where `start_action = trap|start` is used and an acquire
is triggered while the SA is initiated (granted if narrowing is expected,
that's not a recommended configuration as the responder can only use
the first config when there is no packet TS). The resulting second
create-child task will potentially get dropped by the duplicate check,
so the temporary state won't get removed and traffic is blocked until
that expires, neither can acquires get triggered for traffic that doesn't
match the initial SA's policies.
This was the case before bce0c5fd74a0 ("child-create: Update CHILD_SA IP
addresses before installation") and allows listeners to consider the
traffic selectors of the SA that's about to get installed.
The addresses are actually the endpoints of the SA, not information on
the matched packet (except that the RFC says to set the ports and
protocol of the packet in the source address, which the Linux kernel
doesn't do). So these are useless, unless transport mode is used, where
the addresses are needed for the wildcard trap policy use case.
The RFC mentions a PROXY address (a single one, not two), that could
apparently be something like the source address in tunnel mode.
However, the description of how this is used in the RFC is quite weird
and neither Linux nor FreeBSD send such an attribute in SADB_ACQUIRE.
Note that while PF_KEYv2 also uses sequence numbers to identify acquires,
which we currently don't use correctly by the way, it does not include
information about the packet that triggered an acquire. What we receive
in src and dst, and currently forward as traffic selectors, are actually
the designated endpoints of the SA. So especially in tunnel mode this is
useless to do narrowing on the responder (these addresses might not even
match the configured TS).
With the sequence numbers we don't have to maintain the reqid to delete
the temporary state.
One exception is with labels. There we currently only install trap
policies with the generic label. SAs created from those don't have
policies installed, so we have to reuse the reqid of the trap even if
narrowing occurs.
And as before, we reuse the reqid without checking traffic selectors if
sequence numbers are not supported.
Note that if a CHILD_SA is manually initiated (i.e. has no sequence
number assigned) right before an acquire is triggered, there are several
possible outcomes depending on whether narrowing occurs. If there is no
narrowing, the same reqid is assigned and the kernel will remove the
temporary SA when the SA is installed (no seq => reqid match).
Afterwards, the queued duplicate CHILD_SA is destroyed and the acquire
state in the trap manager gets removed. If there is narrowing, a new
reqid is allocated, so the installation of the SA will not remove the
temporary state. However, due to the narrowing, the duplicate check
fails and when the duplicate is installed (with sequence number), the
temporary state is deleted (as is the state in the trap manager).
Optionally with "dynamic" traffic selectors resolved. A new method
is added for those cases where we actually want to select potentially
narrowed traffic selectors using a supplied list. The latter now also
always logs details, while the former does not.
Either use the sequence number from the kernel (and potentially update
it if the acquire was retriggered), or generate our own sequence
numbers, which simplifies matching acquires to established/destroyed
CHILD_SAs.
When cross-compiling for Windows on Ubuntu, we don't have POSIX regular
expressions available (there does not seem to be any alternative libraries
either), but since the tests are not executed that's OK. On AppVeyor,
MSYS2 has libgnurx installed, which works fine but requires explicit
linking with `-lregex`.
This is loosely based on a patch by Thomas Egerer.
Threads initiating SAs can get stuck on the semaphore in
wait_for_listener() during shutdown if the corresponding job is never
executed. A particular case when this can happen is if more initiations
are triggered than worker threads are available. This causes a (known)
deadlock as no workers are free anymore to process jobs (for inbound
messages or timeouts etc.), including the one to initiate an SA.
This change at least allows a proper shutdown.
The plugin was apparently broken for years because it uses functions that
don't exist anymore. It was quite limited anyway, so it was never really
used in OpenWrt to begin with (instead they generate configs in a custom
init script).
The `crypt` functions defined here conflict with the `crypt` function
defined in `unistd.h` and trigger compilation errors when building
against the latest version of AWS-LC, which introduced a new transitive
include of `unistd.h` via `bio.h`.
This simply renames the function to avoid the error.
Closesstrongswan/strongswan#2786
This changes how EAP identities are used from the config. Instead of
setting a statically configured identity != %any, an EAP-Identity
exchange is now always initiated (and required). If the received identity
doesn't match, the peer config is switched to one with a matching
identity (wildcards are supported for that match). This allows switching
to a config with a different EAP method or child settings based on the
EAP identity.
There is currently no "best" match. The configs are evaluated based on
the order returned from the initial peer config lookup.
References strongswan/strongswan#2702
Newer NDKs have RISC-V as experimental ABI (not enabled by default, see
next commit). If we don't have a mapping for a specific target, OpenSSL
falls back to 'android-arm', so that won't really work (interestingly,
it does build).
These sockets are closed immediately again, so no need to re-protect them
during roaming events.
References strongswan/strongswan#1691
Fixes: 6d87a8651068 ("android: Use new sockets to determine source IP")
If this is not set, it looks like NM shuts down the VPN connection and
calls disconnect() if there is any connectivity change.
References strongswan/strongswan#2707
This enables GRO offload for inbound ESP-in-UDP packets if the
esp4|6_offload modules are loaded. Note that inbound ESP or ESP-in-UDP
packets won't be visible on layer 3 in Netfilter or tcpdump.
