Use a separate mutex for cached routes in kernel-netlink plugin
[strongswan.git] / src / libhydra / plugins / kernel_netlink / kernel_netlink_net.c
index fb3899e..4b64a8d 100644 (file)
@@ -53,6 +53,7 @@
 #include <threading/thread.h>
 #include <threading/condvar.h>
 #include <threading/mutex.h>
+#include <threading/spinlock.h>
 #include <utils/hashtable.h>
 #include <utils/linked_list.h>
 #include <processing/jobs/callback_job.h>
@@ -76,7 +77,7 @@ struct addr_entry_t {
        /** scope of the address */
        u_char scope;
 
-       /** number of times this IP is used, if virtual (> 0 IP is managed by us) */
+       /** number of times this IP is used, if virtual (i.e. managed by us) */
        u_int refcount;
 
        /** TRUE once it is installed, if virtual */
@@ -373,9 +374,14 @@ struct private_kernel_netlink_net_t {
        int socket_events;
 
        /**
-        * time of the last roam event
+        * earliest time of the next roam event
         */
-       timeval_t last_roam;
+       timeval_t next_roam;
+
+       /**
+        * lock to check and update roam event time
+        */
+       spinlock_t *roam_lock;
 
        /**
         * routing table to install routes
@@ -393,6 +399,11 @@ struct private_kernel_netlink_net_t {
        hashtable_t *routes;
 
        /**
+        * mutex for routes
+        */
+       mutex_t *routes_lock;
+
+       /**
         * interface changes which may trigger route reinstallation
         */
        hashtable_t *net_changes;
@@ -418,6 +429,11 @@ struct private_kernel_netlink_net_t {
        bool install_virtual_ip;
 
        /**
+        * the name of the interface virtual IP addresses are installed on
+        */
+       char *install_virtual_ip_on;
+
+       /**
         * whether preferred source addresses can be specified for IPv6 routes
         */
        bool rta_prefsrc_for_ipv6;
@@ -462,7 +478,7 @@ static job_requeue_t reinstall_routes(private_kernel_netlink_net_t *this)
        route_entry_t *route;
 
        this->net_changes_lock->lock(this->net_changes_lock);
-       this->mutex->lock(this->mutex);
+       this->routes_lock->lock(this->routes_lock);
 
        enumerator = this->routes->create_enumerator(this->routes);
        while (enumerator->enumerate(enumerator, NULL, (void**)&route))
@@ -492,7 +508,7 @@ static job_requeue_t reinstall_routes(private_kernel_netlink_net_t *this)
                }
        }
        enumerator->destroy(enumerator);
-       this->mutex->unlock(this->mutex);
+       this->routes_lock->unlock(this->routes_lock);
 
        net_changes_clear(this);
        this->net_changes_lock->unlock(this->net_changes_lock);
@@ -685,21 +701,25 @@ static void fire_roam_event(private_kernel_netlink_net_t *this, bool address)
        job_t *job;
 
        time_monotonic(&now);
-       if (timercmp(&now, &this->last_roam, >))
+       this->roam_lock->lock(this->roam_lock);
+       if (!timercmp(&now, &this->next_roam, >))
        {
-               now.tv_usec += ROAM_DELAY * 1000;
-               while (now.tv_usec > 1000000)
-               {
-                       now.tv_sec++;
-                       now.tv_usec -= 1000000;
-               }
-               this->last_roam = now;
-
-               job = (job_t*)callback_job_create((callback_job_cb_t)roam_event,
-                                                                                 (void*)(uintptr_t)(address ? 1 : 0),
-                                                                                 NULL, NULL);
-               lib->scheduler->schedule_job_ms(lib->scheduler, job, ROAM_DELAY);
+               this->roam_lock->unlock(this->roam_lock);
+               return;
+       }
+       now.tv_usec += ROAM_DELAY * 1000;
+       while (now.tv_usec > 1000000)
+       {
+               now.tv_sec++;
+               now.tv_usec -= 1000000;
        }
+       this->next_roam = now;
+       this->roam_lock->unlock(this->roam_lock);
+
+       job = (job_t*)callback_job_create((callback_job_cb_t)roam_event,
+                                                                         (void*)(uintptr_t)(address ? 1 : 0),
+                                                                          NULL, NULL);
+       lib->scheduler->schedule_job_ms(lib->scheduler, job, ROAM_DELAY);
 }
 
 /**
@@ -725,7 +745,7 @@ static bool is_interface_up_and_usable(private_kernel_netlink_net_t *this,
  *
  * this->mutex must be locked when calling this function
  */
-static void unregister_addr_entry(addr_entry_t *addr, iface_entry_t *iface,
+static void addr_entry_unregister(addr_entry_t *addr, iface_entry_t *iface,
                                                                  private_kernel_netlink_net_t *this)
 {
        if (addr->refcount)
@@ -817,7 +837,7 @@ static void process_link(private_kernel_netlink_net_t *this,
                                         * another interface? */
                                        this->ifaces->remove_at(this->ifaces, enumerator);
                                        current->addrs->invoke_function(current->addrs,
-                                                               (void*)unregister_addr_entry, current, this);
+                                                               (void*)addr_entry_unregister, current, this);
                                        iface_entry_destroy(current);
                                        break;
                                }
@@ -1649,14 +1669,13 @@ METHOD(kernel_net_t, add_ip, status_t,
        addr_map_entry_t *entry, lookup = {
                .ip = virtual_ip,
        };
-       iface_entry_t *iface;
+       iface_entry_t *iface = NULL;
 
        if (!this->install_virtual_ip)
        {       /* disabled by config */
                return SUCCESS;
        }
 
-       DBG2(DBG_KNL, "adding virtual IP %H", virtual_ip);
        this->mutex->lock(this->mutex);
        /* the virtual IP might actually be installed as regular IP, in which case
         * we don't track it as virtual IP */
@@ -1671,8 +1690,8 @@ METHOD(kernel_net_t, add_ip, status_t,
                         * ready, 2) just added by another thread, but not yet confirmed to
                         * be installed by the kernel, 3) just deleted, but not yet gone.
                         * Then while we wait below, several things could happen (as we
-                        * release the mutex).  For instance, the interface could disappear.
-                        * Or the IP is finally deleted, and it reappears on a different
+                        * release the mutex).  For instance, the interface could disappear,
+                        * or the IP is finally deleted, and it reappears on a different
                         * interface. All these cases are handled by the call below. */
                        while (!is_vip_installed_or_gone(this, virtual_ip, &entry))
                        {
@@ -1691,21 +1710,23 @@ METHOD(kernel_net_t, add_ip, status_t,
                this->mutex->unlock(this->mutex);
                return SUCCESS;
        }
-       /* try to find the target interface */
-       lookup.ip = iface_ip;
-       entry = this->addrs->get_match(this->addrs, &lookup,
-                                                                 (void*)addr_map_entry_match);
-       if (!entry)
-       {       /* if we don't find the requested interface we just use the first */
-               if (this->ifaces->get_first(this->ifaces, (void**)&iface) != SUCCESS)
+       /* try to find the target interface, either by config or via src ip */
+       if (!this->install_virtual_ip_on ||
+                this->ifaces->find_first(this->ifaces, (void*)iface_entry_by_name,
+                                               (void**)&iface, this->install_virtual_ip_on) != SUCCESS)
+       {
+               lookup.ip = iface_ip;
+               entry = this->addrs->get_match(this->addrs, &lookup,
+                                                                         (void*)addr_map_entry_match);
+               if (!entry)
+               {       /* if we don't find the requested interface we just use the first */
+                       this->ifaces->get_first(this->ifaces, (void**)&iface);
+               }
+               else
                {
-                       iface = NULL;
+                       iface = entry->iface;
                }
        }
-       else
-       {
-               iface = entry->iface;
-       }
        if (iface)
        {
                addr_entry_t *addr;
@@ -1726,6 +1747,8 @@ METHOD(kernel_net_t, add_ip, status_t,
                        }
                        if (entry)
                        {       /* we fail if the interface got deleted in the meantime */
+                               DBG2(DBG_KNL, "virtual IP %H installed on %s", virtual_ip,
+                                        entry->iface->ifname);
                                this->mutex->unlock(this->mutex);
                                return SUCCESS;
                        }
@@ -1881,18 +1904,18 @@ METHOD(kernel_net_t, add_route, status_t,
                .if_name = if_name,
        };
 
-       this->mutex->lock(this->mutex);
+       this->routes_lock->lock(this->routes_lock);
        found = this->routes->get(this->routes, &route);
        if (found)
        {
-               this->mutex->unlock(this->mutex);
+               this->routes_lock->unlock(this->routes_lock);
                return ALREADY_DONE;
        }
        found = route_entry_clone(&route);
        this->routes->put(this->routes, found, found);
        status = manage_srcroute(this, RTM_NEWROUTE, NLM_F_CREATE | NLM_F_EXCL,
                                                         dst_net, prefixlen, gateway, src_ip, if_name);
-       this->mutex->unlock(this->mutex);
+       this->routes_lock->unlock(this->routes_lock);
        return status;
 }
 
@@ -1909,18 +1932,18 @@ METHOD(kernel_net_t, del_route, status_t,
                .if_name = if_name,
        };
 
-       this->mutex->lock(this->mutex);
+       this->routes_lock->lock(this->routes_lock);
        found = this->routes->get(this->routes, &route);
        if (!found)
        {
-               this->mutex->unlock(this->mutex);
+               this->routes_lock->unlock(this->routes_lock);
                return NOT_FOUND;
        }
        this->routes->remove(this->routes, found);
        route_entry_destroy(found);
        status = manage_srcroute(this, RTM_DELROUTE, 0, dst_net, prefixlen,
                                                         gateway, src_ip, if_name);
-       this->mutex->unlock(this->mutex);
+       this->routes_lock->unlock(this->routes_lock);
        return status;
 }
 
@@ -2122,6 +2145,7 @@ METHOD(kernel_net_t, destroy, void,
        }
        enumerator->destroy(enumerator);
        this->routes->destroy(this->routes);
+       this->routes_lock->destroy(this->routes_lock);
        DESTROY_IF(this->socket);
 
        net_changes_clear(this);
@@ -2133,6 +2157,7 @@ METHOD(kernel_net_t, destroy, void,
 
        this->ifaces->destroy_function(this->ifaces, (void*)iface_entry_destroy);
        this->rt_exclude->destroy(this->rt_exclude);
+       this->roam_lock->destroy(this->roam_lock);
        this->condvar->destroy(this->condvar);
        this->mutex->destroy(this->mutex);
        free(this);
@@ -2174,10 +2199,12 @@ kernel_netlink_net_t *kernel_netlink_net_create()
                                                                (hashtable_equals_t)addr_map_entry_equals, 16),
                .vips = hashtable_create((hashtable_hash_t)addr_map_entry_hash,
                                                                 (hashtable_equals_t)addr_map_entry_equals, 16),
+               .routes_lock = mutex_create(MUTEX_TYPE_DEFAULT),
                .net_changes_lock = mutex_create(MUTEX_TYPE_DEFAULT),
                .ifaces = linked_list_create(),
                .mutex = mutex_create(MUTEX_TYPE_RECURSIVE),
                .condvar = condvar_create(CONDVAR_TYPE_DEFAULT),
+               .roam_lock = spinlock_create(),
                .routing_table = lib->settings->get_int(lib->settings,
                                "%s.routing_table", ROUTING_TABLE, hydra->daemon),
                .routing_table_prio = lib->settings->get_int(lib->settings,
@@ -2186,9 +2213,11 @@ kernel_netlink_net_t *kernel_netlink_net_create()
                                "%s.process_route", TRUE, hydra->daemon),
                .install_virtual_ip = lib->settings->get_bool(lib->settings,
                                "%s.install_virtual_ip", TRUE, hydra->daemon),
+               .install_virtual_ip_on = lib->settings->get_str(lib->settings,
+                               "%s.install_virtual_ip_on", NULL, hydra->daemon),
        );
        timerclear(&this->last_route_reinstall);
-       timerclear(&this->last_roam);
+       timerclear(&this->next_roam);
 
        check_kernel_features(this);