daemon: Flush shunts before unloading plugins
[strongswan.git] / src / libcharon / control / controller.c
index c23bf04..fd8349e 100644 (file)
 #include <sys/types.h>
 #include <dirent.h>
 #include <sys/stat.h>
-#include <dlfcn.h>
 
 #include <daemon.h>
 #include <library.h>
 #include <threading/thread.h>
+#include <threading/spinlock.h>
 #include <threading/semaphore.h>
 
 typedef struct private_controller_t private_controller_t;
@@ -103,11 +103,6 @@ struct interface_listener_t {
        ike_sa_t *ike_sa;
 
        /**
-        * CHILD_SA to handle
-        */
-       child_sa_t *child_sa;
-
-       /**
         * unique ID, used for various methods
         */
        u_int32_t id;
@@ -116,6 +111,11 @@ struct interface_listener_t {
         * semaphore to implement wait_for_listener()
         */
        semaphore_t *done;
+
+       /**
+        * spinlock to update the IKE_SA handle properly
+        */
+       spinlock_t *lock;
 };
 
 
@@ -135,11 +135,18 @@ struct interface_job_t {
         * associated listener
         */
        interface_listener_t listener;
+
+       /**
+        * the job is reference counted as the thread executing a job as well as
+        * the thread waiting in wait_for_listener() require it but either of them
+        * could be done first
+        */
+       refcount_t refcount;
 };
 
 /**
- * This function properly unregisters a listener that is used
- * with wait_for_listener()
+ * This function wakes a thread that is waiting in wait_for_listener(),
+ * either from a listener or from a job.
  */
 static inline bool listener_done(interface_listener_t *listener)
 {
@@ -151,18 +158,17 @@ static inline bool listener_done(interface_listener_t *listener)
 }
 
 /**
- * thread_cleanup_t handler to unregister and cleanup a listener
+ * thread_cleanup_t handler to unregister a listener.
  */
-static void listener_cleanup(interface_listener_t *listener)
+static void listener_unregister(interface_listener_t *listener)
 {
        charon->bus->remove_listener(charon->bus, &listener->public);
        charon->bus->remove_logger(charon->bus, &listener->logger.public);
-       listener->done->destroy(listener->done);
 }
 
 /**
  * Registers the listener, executes the job and then waits synchronously until
- * the listener is done or the timeout occured.
+ * the listener is done or the timeout occurred.
  *
  * @note Use 'return listener_done(listener)' to properly unregister a listener
  *
@@ -171,18 +177,21 @@ static void listener_cleanup(interface_listener_t *listener)
  * @param timeout   max timeout in ms to listen for events, 0 to disable
  * @return          TRUE if timed out
  */
-static bool wait_for_listener(interface_listener_t *listener, job_t *job,
-                                                         u_int timeout)
+static bool wait_for_listener(interface_job_t *job, u_int timeout)
 {
+       interface_listener_t *listener = &job->listener;
        bool old, timed_out = FALSE;
 
+       /* avoid that the job is destroyed too early */
+       ref_get(&job->refcount);
+
        listener->done = semaphore_create(0);
 
        charon->bus->add_logger(charon->bus, &listener->logger.public);
        charon->bus->add_listener(charon->bus, &listener->public);
-       lib->processor->queue_job(lib->processor, job);
+       lib->processor->queue_job(lib->processor, &job->public);
 
-       thread_cleanup_push((thread_cleanup_t)listener_cleanup, listener);
+       thread_cleanup_push((thread_cleanup_t)listener_unregister, listener);
        old = thread_cancelability(TRUE);
        if (timeout)
        {
@@ -199,9 +208,15 @@ static bool wait_for_listener(interface_listener_t *listener, job_t *job,
 
 METHOD(logger_t, listener_log, void,
        interface_logger_t *this, debug_t group, level_t level, int thread,
-       ike_sa_t *ike_sa, char* message)
+       ike_sa_t *ike_sa, const char *message)
 {
-       if (this->listener->ike_sa == ike_sa)
+       ike_sa_t *target;
+
+       this->listener->lock->lock(this->listener->lock);
+       target = this->listener->ike_sa;
+       this->listener->lock->unlock(this->listener->lock);
+
+       if (target == ike_sa)
        {
                if (!this->callback(this->param, group, level, ike_sa, message))
                {
@@ -228,7 +243,13 @@ METHOD(job_t, get_priority_medium, job_priority_t,
 METHOD(listener_t, ike_state_change, bool,
        interface_listener_t *this, ike_sa_t *ike_sa, ike_sa_state_t state)
 {
-       if (this->ike_sa == ike_sa)
+       ike_sa_t *target;
+
+       this->lock->lock(this->lock);
+       target = this->ike_sa;
+       this->lock->unlock(this->lock);
+
+       if (target == ike_sa)
        {
                switch (state)
                {
@@ -262,7 +283,13 @@ METHOD(listener_t, child_state_change, bool,
        interface_listener_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa,
        child_sa_state_t state)
 {
-       if (this->ike_sa == ike_sa)
+       ike_sa_t *target;
+
+       this->lock->lock(this->lock);
+       target = this->ike_sa;
+       this->lock->unlock(this->lock);
+
+       if (target == ike_sa)
        {
                switch (state)
                {
@@ -276,6 +303,18 @@ METHOD(listener_t, child_state_change, bool,
                                                /* proper delete */
                                                this->status = SUCCESS;
                                                break;
+                                       case CHILD_RETRYING:
+                                               /* retrying with a different DH group; survive another
+                                                * initiation round */
+                                               this->status = NEED_MORE;
+                                               return TRUE;
+                                       case CHILD_CREATED:
+                                               if (this->status == NEED_MORE)
+                                               {
+                                                       this->status = FAILED;
+                                                       return TRUE;
+                                               }
+                                               break;
                                        default:
                                                break;
                                }
@@ -287,13 +326,14 @@ METHOD(listener_t, child_state_change, bool,
        return TRUE;
 }
 
-METHOD(job_t, recheckin, void,
-       interface_job_t *job)
+METHOD(job_t, destroy_job, void,
+       interface_job_t *this)
 {
-       if (job->listener.ike_sa)
+       if (ref_put(&this->refcount))
        {
-               charon->ike_sa_manager->checkin(charon->ike_sa_manager,
-                                                                               job->listener.ike_sa);
+               this->listener.lock->destroy(this->listener.lock);
+               DESTROY_IF(this->listener.done);
+               free(this);
        }
 }
 
@@ -304,7 +344,7 @@ METHOD(controller_t, create_ike_sa_enumerator, enumerator_t*,
                                                                                                         wait);
 }
 
-METHOD(job_t, initiate_execute, void,
+METHOD(job_t, initiate_execute, job_requeue_t,
        interface_job_t *job)
 {
        ike_sa_t *ike_sa;
@@ -317,14 +357,14 @@ METHOD(job_t, initiate_execute, void,
        {
                listener->child_cfg->destroy(listener->child_cfg);
                peer_cfg->destroy(peer_cfg);
-               /* trigger down event to release listener */
-               listener->ike_sa = charon->ike_sa_manager->checkout_new(
-                                                                               charon->ike_sa_manager, IKE_ANY, TRUE);
-               DESTROY_IF(listener->ike_sa);
                listener->status = FAILED;
-               return;
+               /* release listener */
+               listener_done(listener);
+               return JOB_REQUEUE_NONE;
        }
+       listener->lock->lock(listener->lock);
        listener->ike_sa = ike_sa;
+       listener->lock->unlock(listener->lock);
 
        if (ike_sa->get_peer_cfg(ike_sa) == NULL)
        {
@@ -334,22 +374,29 @@ METHOD(job_t, initiate_execute, void,
 
        if (ike_sa->initiate(ike_sa, listener->child_cfg, 0, NULL, NULL) == SUCCESS)
        {
+               if (!listener->logger.callback)
+               {
+                       listener->status = SUCCESS;
+               }
                charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
-               listener->status = SUCCESS;
        }
        else
        {
+               listener->status = FAILED;
                charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager,
                                                                                                        ike_sa);
-               listener->status = FAILED;
        }
+       return JOB_REQUEUE_NONE;
 }
 
 METHOD(controller_t, initiate, status_t,
        private_controller_t *this, peer_cfg_t *peer_cfg, child_cfg_t *child_cfg,
        controller_cb_t callback, void *param, u_int timeout)
 {
-       interface_job_t job = {
+       interface_job_t *job;
+       status_t status;
+
+       INIT(job,
                .listener = {
                        .public = {
                                .ike_state_change = _ike_state_change,
@@ -366,57 +413,80 @@ METHOD(controller_t, initiate, status_t,
                        .status = FAILED,
                        .child_cfg = child_cfg,
                        .peer_cfg = peer_cfg,
+                       .lock = spinlock_create(),
                },
                .public = {
                        .execute = _initiate_execute,
                        .get_priority = _get_priority_medium,
-                       .destroy = _recheckin,
+                       .destroy = _destroy_job,
                },
-       };
-       job.listener.logger.listener = &job.listener;
+               .refcount = 1,
+       );
+       job->listener.logger.listener = &job->listener;
+       thread_cleanup_push((void*)destroy_job, job);
 
        if (callback == NULL)
        {
-               initiate_execute(&job);
+               initiate_execute(job);
        }
        else
        {
-               if (wait_for_listener(&job.listener, &job.public, timeout))
+               if (wait_for_listener(job, timeout))
                {
-                       job.listener.status = OUT_OF_RES;
+                       job->listener.status = OUT_OF_RES;
                }
        }
-       return job.listener.status;
+       status = job->listener.status;
+       thread_cleanup_pop(TRUE);
+       return status;
 }
 
-METHOD(job_t, terminate_ike_execute, void,
+METHOD(job_t, terminate_ike_execute, job_requeue_t,
        interface_job_t *job)
 {
        interface_listener_t *listener = &job->listener;
-       ike_sa_t *ike_sa = listener->ike_sa;
+       u_int32_t unique_id = listener->id;
+       ike_sa_t *ike_sa;
 
-       charon->bus->set_sa(charon->bus, ike_sa);
+       ike_sa = charon->ike_sa_manager->checkout_by_id(charon->ike_sa_manager,
+                                                                                                       unique_id);
+       if (!ike_sa)
+       {
+               DBG1(DBG_IKE, "unable to terminate IKE_SA: ID %d not found", unique_id);
+               listener->status = NOT_FOUND;
+               /* release listener */
+               listener_done(listener);
+               return JOB_REQUEUE_NONE;
+       }
+       listener->lock->lock(listener->lock);
+       listener->ike_sa = ike_sa;
+       listener->lock->unlock(listener->lock);
 
        if (ike_sa->delete(ike_sa) != DESTROY_ME)
-       {
-               charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
-               /* delete failed */
+       {       /* delete failed */
                listener->status = FAILED;
+               charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
        }
        else
        {
+               if (!listener->logger.callback)
+               {
+                       listener->status = SUCCESS;
+               }
                charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager,
                                                                                                        ike_sa);
-               listener->status = SUCCESS;
        }
+       return JOB_REQUEUE_NONE;
 }
 
 METHOD(controller_t, terminate_ike, status_t,
        controller_t *this, u_int32_t unique_id,
        controller_cb_t callback, void *param, u_int timeout)
 {
-       ike_sa_t *ike_sa;
-       interface_job_t job = {
+       interface_job_t *job;
+       status_t status;
+
+       INIT(job,
                .listener = {
                        .public = {
                                .ike_state_change = _ike_state_change,
@@ -432,70 +502,93 @@ METHOD(controller_t, terminate_ike, status_t,
                        },
                        .status = FAILED,
                        .id = unique_id,
+                       .lock = spinlock_create(),
                },
                .public = {
                        .execute = _terminate_ike_execute,
                        .get_priority = _get_priority_medium,
-                       .destroy = _recheckin,
+                       .destroy = _destroy_job,
                },
-       };
-       job.listener.logger.listener = &job.listener;
-
-       ike_sa = charon->ike_sa_manager->checkout_by_id(charon->ike_sa_manager,
-                                                                                                       unique_id, FALSE);
-       if (ike_sa == NULL)
-       {
-               DBG1(DBG_IKE, "unable to terminate IKE_SA: ID %d not found", unique_id);
-               return NOT_FOUND;
-       }
-       job.listener.ike_sa = ike_sa;
+               .refcount = 1,
+       );
+       job->listener.logger.listener = &job->listener;
+       thread_cleanup_push((void*)destroy_job, job);
 
        if (callback == NULL)
        {
-               terminate_ike_execute(&job);
+               terminate_ike_execute(job);
        }
        else
        {
-               if (wait_for_listener(&job.listener, &job.public, timeout))
+               if (wait_for_listener(job, timeout))
                {
-                       job.listener.status = OUT_OF_RES;
+                       job->listener.status = OUT_OF_RES;
                }
-               /* checkin of the ike_sa happened in the thread that executed the job */
-               charon->bus->set_sa(charon->bus, NULL);
        }
-       return job.listener.status;
+       status = job->listener.status;
+       thread_cleanup_pop(TRUE);
+       return status;
 }
 
-METHOD(job_t, terminate_child_execute, void,
+METHOD(job_t, terminate_child_execute, job_requeue_t,
        interface_job_t *job)
 {
        interface_listener_t *listener = &job->listener;
-       ike_sa_t *ike_sa = listener->ike_sa;
-       child_sa_t *child_sa = listener->child_sa;
+       u_int32_t id = listener->id;
+       child_sa_t *child_sa;
+       ike_sa_t *ike_sa;
+
+       ike_sa = charon->child_sa_manager->checkout_by_id(charon->child_sa_manager,
+                                                                                                         id, &child_sa);
+       if (!ike_sa)
+       {
+               DBG1(DBG_IKE, "unable to terminate, CHILD_SA with ID %d not found", id);
+               listener->status = NOT_FOUND;
+               /* release listener */
+               listener_done(listener);
+               return JOB_REQUEUE_NONE;
+       }
+       listener->lock->lock(listener->lock);
+       listener->ike_sa = ike_sa;
+       listener->lock->unlock(listener->lock);
+
+       if (child_sa->get_state(child_sa) == CHILD_ROUTED)
+       {
+               DBG1(DBG_IKE, "unable to terminate, established "
+                        "CHILD_SA with ID %d not found", id);
+               charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
+               listener->status = NOT_FOUND;
+               /* release listener */
+               listener_done(listener);
+               return JOB_REQUEUE_NONE;
+       }
 
-       charon->bus->set_sa(charon->bus, ike_sa);
        if (ike_sa->delete_child_sa(ike_sa, child_sa->get_protocol(child_sa),
                                        child_sa->get_spi(child_sa, TRUE), FALSE) != DESTROY_ME)
        {
+               if (!listener->logger.callback)
+               {
+                       listener->status = SUCCESS;
+               }
                charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
-               listener->status = SUCCESS;
        }
        else
        {
+               listener->status = FAILED;
                charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager,
                                                                                                        ike_sa);
-               listener->status = FAILED;
        }
+       return JOB_REQUEUE_NONE;
 }
 
 METHOD(controller_t, terminate_child, status_t,
-       controller_t *this, u_int32_t reqid,
+       controller_t *this, u_int32_t unique_id,
        controller_cb_t callback, void *param, u_int timeout)
 {
-       ike_sa_t *ike_sa;
-       child_sa_t *child_sa;
-       enumerator_t *enumerator;
-       interface_job_t job = {
+       interface_job_t *job;
+       status_t status;
+
+       INIT(job,
                .listener = {
                        .public = {
                                .ike_state_change = _ike_state_change,
@@ -510,68 +603,40 @@ METHOD(controller_t, terminate_child, status_t,
                                .param = param,
                        },
                        .status = FAILED,
-                       .id = reqid,
+                       .id = unique_id,
+                       .lock = spinlock_create(),
                },
                .public = {
                        .execute = _terminate_child_execute,
                        .get_priority = _get_priority_medium,
-                       .destroy = _recheckin,
+                       .destroy = _destroy_job,
                },
-       };
-       job.listener.logger.listener = &job.listener;
-
-       ike_sa = charon->ike_sa_manager->checkout_by_id(charon->ike_sa_manager,
-                                                                                                       reqid, TRUE);
-       if (ike_sa == NULL)
-       {
-               DBG1(DBG_IKE, "unable to terminate, CHILD_SA with ID %d not found",
-                        reqid);
-               return NOT_FOUND;
-       }
-       job.listener.ike_sa = ike_sa;
-
-       enumerator = ike_sa->create_child_sa_enumerator(ike_sa);
-       while (enumerator->enumerate(enumerator, (void**)&child_sa))
-       {
-               if (child_sa->get_state(child_sa) != CHILD_ROUTED &&
-                       child_sa->get_reqid(child_sa) == reqid)
-               {
-                       break;
-               }
-               child_sa = NULL;
-       }
-       enumerator->destroy(enumerator);
-
-       if (child_sa == NULL)
-       {
-               DBG1(DBG_IKE, "unable to terminate, established "
-                        "CHILD_SA with ID %d not found", reqid);
-               charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
-               return NOT_FOUND;
-       }
-       job.listener.child_sa = child_sa;
+               .refcount = 1,
+       );
+       job->listener.logger.listener = &job->listener;
+       thread_cleanup_push((void*)destroy_job, job);
 
        if (callback == NULL)
        {
-               terminate_child_execute(&job);
+               terminate_child_execute(job);
        }
        else
        {
-               if (wait_for_listener(&job.listener, &job.public, timeout))
+               if (wait_for_listener(job, timeout))
                {
-                       job.listener.status = OUT_OF_RES;
+                       job->listener.status = OUT_OF_RES;
                }
-               /* checkin of the ike_sa happened in the thread that executed the job */
-               charon->bus->set_sa(charon->bus, NULL);
        }
-       return job.listener.status;
+       status = job->listener.status;
+       thread_cleanup_pop(TRUE);
+       return status;
 }
 
 /**
  * See header
  */
 bool controller_cb_empty(void *param, debug_t group, level_t level,
-                                                ike_sa_t *ike_sa, char *message)
+                                                ike_sa_t *ike_sa, const char *message)
 {
        return TRUE;
 }
@@ -601,4 +666,3 @@ controller_t *controller_create(void)
 
        return &this->public;
 }
-