projects / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Added a non-blocking, skipping variant of IKE_SA enumerator
[strongswan.git] / src / conftest / actions.c
1 /*
2 * Copyright (C) 2010 Martin Willi
3 * Copyright (C) 2010 revosec AG
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "actions.h"
17 #include "conftest.h"
18
19 #include <daemon.h>
20 #include <processing/jobs/callback_job.h>
21 #include <processing/jobs/rekey_ike_sa_job.h>
22 #include <processing/jobs/rekey_child_sa_job.h>
23 #include <processing/jobs/send_dpd_job.h>
24
25 typedef struct private_actions_t private_actions_t;
26
27 /**
28 * Private data of an actions_t object.
29 */
30 struct private_actions_t {
31
32 /**
33 * Public actions_t interface.
34 */
35 actions_t public;
36 };
37
38 /**
39 * Initiate a CHILD_SA
40 */
41 static job_requeue_t initiate(char *config)
42 {
43 peer_cfg_t *peer_cfg;
44 child_cfg_t *child_cfg = NULL, *current;
45 enumerator_t *enumerator;
46
47 peer_cfg = charon->backends->get_peer_cfg_by_name(charon->backends, config);
48 if (!peer_cfg)
49 {
50 DBG1(DBG_CFG, "initiating '%s' failed, config not found", config);
51 return JOB_REQUEUE_NONE;
52 }
53 enumerator = peer_cfg->create_child_cfg_enumerator(peer_cfg);
54 while (enumerator->enumerate(enumerator, &current))
55 {
56 if (streq(current->get_name(current), config))
57 {
58 child_cfg = current;
59 child_cfg->get_ref(child_cfg);
60 break;
61 }
62 }
63 enumerator->destroy(enumerator);
64 if (child_cfg)
65 {
66 DBG1(DBG_CFG, "initiating IKE_SA for CHILD_SA config '%s'", config);
67 charon->controller->initiate(charon->controller, peer_cfg, child_cfg,
68 NULL, NULL);
69 }
70 else
71 {
72 DBG1(DBG_CFG, "initiating '%s' failed, CHILD_SA config not found",
73 config);
74 }
75
76 return JOB_REQUEUE_NONE;
77 }
78
79 /**
80 * Rekey an IKE_SA
81 */
82 static job_requeue_t rekey_ike(char *config)
83 {
84 enumerator_t *enumerator;
85 job_t *job = NULL;
86 ike_sa_t *ike_sa;
87
88 enumerator = charon->controller->create_ike_sa_enumerator(
89 charon->controller, TRUE);
90 while (enumerator->enumerate(enumerator, &ike_sa))
91 {
92 if (strcaseeq(config, ike_sa->get_name(ike_sa)))
93 {
94 job = (job_t*)rekey_ike_sa_job_create(ike_sa->get_id(ike_sa), FALSE);
95 break;
96 }
97 }
98 enumerator->destroy(enumerator);
99
100 if (job)
101 {
102 DBG1(DBG_CFG, "starting rekey of IKE_SA '%s'", config);
103 lib->processor->queue_job(lib->processor, job);
104 }
105 else
106 {
107 DBG1(DBG_CFG, "rekeying '%s' failed, IKE_SA not found", config);
108 }
109 return JOB_REQUEUE_NONE;
110 }
111
112 /**
113 * Rekey an CHILD_SA
114 */
115 static job_requeue_t rekey_child(char *config)
116 {
117 enumerator_t *enumerator;
118 iterator_t *children;
119 ike_sa_t *ike_sa;
120 child_sa_t *child_sa;
121 u_int32_t reqid = 0, spi = 0;
122 protocol_id_t proto = PROTO_ESP;
123
124 enumerator = charon->controller->create_ike_sa_enumerator(
125 charon->controller, TRUE);
126 while (enumerator->enumerate(enumerator, &ike_sa))
127 {
128 children = ike_sa->create_child_sa_iterator(ike_sa);
129 while (children->iterate(children, (void**)&child_sa))
130 {
131 if (streq(config, child_sa->get_name(child_sa)))
132 {
133 reqid = child_sa->get_reqid(child_sa);
134 proto = child_sa->get_protocol(child_sa);
135 spi = child_sa->get_spi(child_sa, TRUE);
136 break;
137 }
138 }
139 children->destroy(children);
140 }
141 enumerator->destroy(enumerator);
142 if (reqid)
143 {
144 DBG1(DBG_CFG, "starting rekey of CHILD_SA '%s'", config);
145 lib->processor->queue_job(lib->processor,
146 (job_t*)rekey_child_sa_job_create(reqid, proto, spi));
147 }
148 else
149 {
150 DBG1(DBG_CFG, "rekeying '%s' failed, CHILD_SA not found", config);
151 }
152 return JOB_REQUEUE_NONE;
153 }
154
155 /**
156 * Do a liveness check
157 */
158 static job_requeue_t liveness(char *config)
159 {
160 enumerator_t *enumerator;
161 job_t *job = NULL;
162 ike_sa_t *ike_sa;
163
164 enumerator = charon->controller->create_ike_sa_enumerator(
165 charon->controller, TRUE);
166 while (enumerator->enumerate(enumerator, &ike_sa))
167 {
168 if (strcaseeq(config, ike_sa->get_name(ike_sa)))
169 {
170 job = (job_t*)send_dpd_job_create(ike_sa->get_id(ike_sa));
171 break;
172 }
173 }
174 enumerator->destroy(enumerator);
175
176 if (job)
177 {
178 DBG1(DBG_CFG, "starting liveness check of IKE_SA '%s'", config);
179 lib->processor->queue_job(lib->processor, job);
180 }
181 else
182 {
183 DBG1(DBG_CFG, "liveness check for '%s' failed, IKE_SA not found", config);
184 }
185 return JOB_REQUEUE_NONE;
186 }
187
188 /**
189 * Close an IKE_SA with all CHILD_SAs
190 */
191 static job_requeue_t close_ike(char *config)
192 {
193 enumerator_t *enumerator;
194 ike_sa_t *ike_sa;
195 int id = 0;
196
197 enumerator = charon->controller->create_ike_sa_enumerator(
198 charon->controller, TRUE);
199 while (enumerator->enumerate(enumerator, &ike_sa))
200 {
201 if (strcaseeq(config, ike_sa->get_name(ike_sa)))
202 {
203 id = ike_sa->get_unique_id(ike_sa);
204 break;
205 }
206 }
207 enumerator->destroy(enumerator);
208 if (id)
209 {
210 DBG1(DBG_CFG, "closing IKE_SA '%s'", config);
211 charon->controller->terminate_ike(charon->controller, id, NULL, NULL);
212 }
213 else
214 {
215 DBG1(DBG_CFG, "unable to close IKE_SA '%s', not found", config);
216 }
217 return JOB_REQUEUE_NONE;
218 }
219
220 /**
221 * Close a CHILD_SAs
222 */
223 static job_requeue_t close_child(char *config)
224 {
225 enumerator_t *enumerator;
226 iterator_t *children;
227 ike_sa_t *ike_sa;
228 child_sa_t *child_sa;
229 int id = 0;
230
231 enumerator = charon->controller->create_ike_sa_enumerator(
232 charon->controller, TRUE);
233 while (enumerator->enumerate(enumerator, &ike_sa))
234 {
235
236 children = ike_sa->create_child_sa_iterator(ike_sa);
237 while (children->iterate(children, (void**)&child_sa))
238 {
239 if (streq(config, child_sa->get_name(child_sa)))
240 {
241 id = child_sa->get_reqid(child_sa);
242 break;
243 }
244 }
245 children->destroy(children);
246 }
247 enumerator->destroy(enumerator);
248 if (id)
249 {
250 DBG1(DBG_CFG, "closing CHILD_SA '%s'", config);
251 charon->controller->terminate_child(charon->controller, id, NULL, NULL);
252 }
253 else
254 {
255 DBG1(DBG_CFG, "unable to close CHILD_SA '%s', not found", config);
256 }
257 return JOB_REQUEUE_NONE;
258 }
259
260 /**
261 * Load a single action
262 */
263 static void load_action(settings_t *settings, char *action)
264 {
265 static struct {
266 char *name;
267 callback_job_cb_t cb;
268 } actions[] = {
269 {"initiate", (void*)initiate},
270 {"rekey_ike", (void*)rekey_ike},
271 {"rekey_child", (void*)rekey_child},
272 {"liveness", (void*)liveness},
273 {"close_ike", (void*)close_ike},
274 {"close_child", (void*)close_child},
275 };
276 bool found = FALSE;
277 int i;
278
279 for (i = 0; i < countof(actions); i++)
280 {
281 if (strncaseeq(actions[i].name, action, strlen(actions[i].name)))
282 {
283 int delay;
284 char *config;
285
286 found = TRUE;
287 delay = settings->get_int(settings, "actions.%s.delay", 0, action);
288 config = settings->get_str(settings, "actions.%s.config",
289 NULL, action);
290 if (!config)
291 {
292 DBG1(DBG_CFG, "no config defined for action '%s'", action);
293 break;
294 }
295 lib->scheduler->schedule_job(lib->scheduler,
296 (job_t*)callback_job_create(actions[i].cb, config, NULL, NULL),
297 delay);
298 }
299 }
300 if (!found)
301 {
302 DBG1(DBG_CFG, "unknown action '%s', skipped", action);
303 }
304 }
305
306 /**
307 * Load configured actions
308 */
309 static void load_actions(settings_t *settings)
310 {
311 enumerator_t *enumerator;
312 char *action;
313
314 enumerator = settings->create_section_enumerator(settings, "actions");
315 while (enumerator->enumerate(enumerator, &action))
316 {
317 load_action(settings, action);
318 }
319 enumerator->destroy(enumerator);
320 }
321
322 METHOD(actions_t, destroy, void,
323 private_actions_t *this)
324 {
325 free(this);
326 }
327
328 /**
329 * See header
330 */
331 actions_t *actions_create()
332 {
333 private_actions_t *this;
334
335 INIT(this,
336 .public = {
337 .destroy = _destroy,
338 },
339 );
340
341 load_actions(conftest->test);
342
343 return &this->public;
344 }
strongSwan - IPsec VPN