Updated HA plugin to new APIs
authorMartin Willi <martin@revosec.ch>
Mon, 22 Mar 2010 10:25:27 +0000 (10:25 +0000)
committerMartin Willi <martin@revosec.ch>
Wed, 7 Apr 2010 11:55:16 +0000 (13:55 +0200)
src/libcharon/plugins/ha/Makefile.am
src/libcharon/plugins/ha/ha_dispatcher.c
src/libcharon/plugins/ha/ha_ike.c
src/libcharon/plugins/ha/ha_message.c
src/libcharon/plugins/ha/ha_message.h
src/libcharon/plugins/ha/ha_plugin.c
src/libcharon/plugins/ha/ha_plugin.h
src/libcharon/plugins/ha/ha_segments.c
src/libcharon/plugins/ha/ha_tunnel.c

index 9d321dc..74fe1f4 100644 (file)
@@ -1,5 +1,6 @@
 
-INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libcharon
+INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan \
+       -I$(top_srcdir)/src/libhydra -I$(top_srcdir)/src/libcharon
 
 AM_CFLAGS = -rdynamic -DIPSEC_PIDDIR=\"${piddir}\"
 
index 4acf747..7df2f1f 100644 (file)
@@ -222,9 +222,6 @@ static void process_ike_update(private_ha_dispatcher_t *this,
                        case HA_REMOTE_ID:
                                ike_sa->set_other_id(ike_sa, value.id->clone(value.id));
                                break;
-                       case HA_EAP_ID:
-                               ike_sa->set_eap_identity(ike_sa, value.id->clone(value.id));
-                               break;
                        case HA_LOCAL_ADDR:
                                ike_sa->set_my_host(ike_sa, value.host->clone(value.host));
                                break;
@@ -359,12 +356,12 @@ static void process_child_add(private_ha_dispatcher_t *this,
        ha_message_value_t value;
        enumerator_t *enumerator;
        ike_sa_t *ike_sa = NULL;
-       char *config_name;
+       char *config_name = "";
        child_cfg_t *config = NULL;
        child_sa_t *child_sa;
        proposal_t *proposal;
        keymat_t *keymat;
-       bool initiator, failed = FALSE;
+       bool initiator = FALSE, failed = FALSE;
        u_int32_t inbound_spi = 0, outbound_spi = 0;
        u_int16_t inbound_cpi = 0, outbound_cpi = 0;
        u_int8_t mode = MODE_TUNNEL, ipcomp = 0;
@@ -475,22 +472,42 @@ static void process_child_add(private_ha_dispatcher_t *this,
        child_sa->set_state(child_sa, CHILD_INSTALLING);
        proposal->destroy(proposal);
 
+       /* TODO: Change CHILD_SA API to avoid cloning twice */
+       local_ts = linked_list_create();
+       remote_ts = linked_list_create();
+       enumerator = message->create_attribute_enumerator(message);
+       while (enumerator->enumerate(enumerator, &attribute, &value))
+       {
+               switch (attribute)
+               {
+                       case HA_LOCAL_TS:
+                               local_ts->insert_last(local_ts, value.ts->clone(value.ts));
+                               break;
+                       case HA_REMOTE_TS:
+                               remote_ts->insert_last(remote_ts, value.ts->clone(value.ts));
+                               break;
+                       default:
+                               break;
+               }
+       }
+       enumerator->destroy(enumerator);
+
        if (initiator)
        {
-               if (child_sa->install(child_sa, encr_r, integ_r,
-                                                         inbound_spi, inbound_cpi, TRUE) != SUCCESS ||
-                       child_sa->install(child_sa, encr_i, integ_i,
-                                                         outbound_spi, outbound_cpi, FALSE) != SUCCESS)
+               if (child_sa->install(child_sa, encr_r, integ_r, inbound_spi,
+                                               inbound_cpi, TRUE, local_ts, remote_ts) != SUCCESS ||
+                       child_sa->install(child_sa, encr_i, integ_i, outbound_spi,
+                                               outbound_cpi, FALSE, local_ts, remote_ts) != SUCCESS)
                {
                        failed = TRUE;
                }
        }
        else
        {
-               if (child_sa->install(child_sa, encr_i, integ_i,
-                                                         inbound_spi, inbound_cpi, TRUE) != SUCCESS ||
-                       child_sa->install(child_sa, encr_r, integ_r,
-                                                         outbound_spi, outbound_cpi, FALSE) != SUCCESS)
+               if (child_sa->install(child_sa, encr_i, integ_i, inbound_spi,
+                                               inbound_cpi, TRUE, local_ts, remote_ts) != SUCCESS ||
+                       child_sa->install(child_sa, encr_r, integ_r, outbound_spi,
+                                               outbound_cpi, FALSE, local_ts, remote_ts) != SUCCESS)
                {
                        failed = TRUE;
                }
@@ -504,29 +521,12 @@ static void process_child_add(private_ha_dispatcher_t *this,
        {
                DBG1(DBG_CHD, "HA CHILD_SA installation failed");
                child_sa->destroy(child_sa);
+               local_ts->destroy_offset(local_ts, offsetof(traffic_selector_t, destroy));
+               remote_ts->destroy_offset(remote_ts, offsetof(traffic_selector_t, destroy));
                charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
                return;
        }
 
-       /* TODO: Change CHILD_SA API to avoid cloning twice */
-       local_ts = linked_list_create();
-       remote_ts = linked_list_create();
-       enumerator = message->create_attribute_enumerator(message);
-       while (enumerator->enumerate(enumerator, &attribute, &value))
-       {
-               switch (attribute)
-               {
-                       case HA_LOCAL_TS:
-                               local_ts->insert_last(local_ts, value.ts->clone(value.ts));
-                               break;
-                       case HA_REMOTE_TS:
-                               remote_ts->insert_last(remote_ts, value.ts->clone(value.ts));
-                               break;
-                       default:
-                               break;
-               }
-       }
-       enumerator->destroy(enumerator);
        child_sa->add_policies(child_sa, local_ts, remote_ts);
        local_ts->destroy_offset(local_ts, offsetof(traffic_selector_t, destroy));
        remote_ts->destroy_offset(remote_ts, offsetof(traffic_selector_t, destroy));
index 501c79b..1f025d0 100644 (file)
@@ -146,7 +146,6 @@ static bool ike_updown(private_ha_ike_t *this, ike_sa_t *ike_sa, bool up)
                peer_cfg_t *peer_cfg;
                u_int32_t extension, condition;
                host_t *addr;
-               identification_t *eap_id;
                ike_sa_id_t *id;
 
                peer_cfg = ike_sa->get_peer_cfg(ike_sa);
@@ -163,7 +162,6 @@ static bool ike_updown(private_ha_ike_t *this, ike_sa_t *ike_sa, bool up)
                                  | copy_extension(ike_sa, EXT_MOBIKE)
                                  | copy_extension(ike_sa, EXT_HASH_AND_URL);
 
-               eap_id = ike_sa->get_eap_identity(ike_sa);
                id = ike_sa->get_id(ike_sa);
 
                m = ha_message_create(HA_IKE_UPDATE);
@@ -175,10 +173,6 @@ static bool ike_updown(private_ha_ike_t *this, ike_sa_t *ike_sa, bool up)
                m->add_attribute(m, HA_CONDITIONS, condition);
                m->add_attribute(m, HA_EXTENSIONS, extension);
                m->add_attribute(m, HA_CONFIG_NAME, peer_cfg->get_name(peer_cfg));
-               if (eap_id)
-               {
-                       m->add_attribute(m, HA_EAP_ID, eap_id);
-               }
                iterator = ike_sa->create_additional_address_iterator(ike_sa);
                while (iterator->iterate(iterator, (void**)&addr))
                {
index cd6c90a..54b10f0 100644 (file)
@@ -154,7 +154,6 @@ static void add_attribute(private_ha_message_t *this,
                /* identification_t* */
                case HA_LOCAL_ID:
                case HA_REMOTE_ID:
-               case HA_EAP_ID:
                {
                        identification_encoding_t *enc;
                        identification_t *id;
@@ -355,7 +354,6 @@ static bool attribute_enumerate(attribute_enumerator_t *this,
                /* identification_t* */
                case HA_LOCAL_ID:
                case HA_REMOTE_ID:
-               case HA_EAP_ID:
                {
                        identification_encoding_t *enc;
 
index c7bca08..b2bc237 100644 (file)
@@ -73,8 +73,6 @@ enum ha_message_attribute_t {
        HA_LOCAL_ID,
        /** identification_t*, remote identity */
        HA_REMOTE_ID,
-       /** identification_t*, EAP identity */
-       HA_EAP_ID,
        /** host_t*, local address */
        HA_LOCAL_ADDR,
        /** host_t*, remote address */
index 661db8a..ea255c8 100644 (file)
@@ -97,10 +97,10 @@ static void destroy(private_ha_plugin_t *this)
        free(this);
 }
 
-/*
- * see header file
+/**
+ * Plugin constructor
  */
-plugin_t *plugin_create()
+plugin_t *ha_plugin_create()
 {
        private_ha_plugin_t *this;
        char *local, *remote, *secret;
index e83712f..1ae2fe6 100644 (file)
@@ -44,9 +44,4 @@ struct ha_plugin_t {
        plugin_t plugin;
 };
 
-/**
- * Create a ha_plugin instance.
- */
-plugin_t *plugin_create();
-
 #endif /* HA_PLUGIN_H_ @}*/
index 3575d05..2199671 100644 (file)
@@ -17,7 +17,8 @@
 
 #include <pthread.h>
 
-#include <utils/mutex.h>
+#include <threading/mutex.h>
+#include <threading/condvar.h>
 #include <utils/linked_list.h>
 #include <processing/jobs/callback_job.h>
 
index 97a252d..b3511e5 100644 (file)
@@ -214,7 +214,8 @@ static void setup_tunnel(private_ha_tunnel_t *this,
        charon->credentials->add_set(charon->credentials, &this->creds.public);
 
        /* create config and backend */
-       ike_cfg = ike_cfg_create(FALSE, FALSE, local, remote);
+       ike_cfg = ike_cfg_create(FALSE, FALSE, local, IKEV2_UDP_PORT,
+                                                        remote, IKEV2_UDP_PORT);
        ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
        peer_cfg = peer_cfg_create("ha", 2, ike_cfg, CERT_NEVER_SEND,
                                                UNIQUE_KEEP, 0, 86400, 0, 7200, 3600, FALSE, 30,
@@ -233,7 +234,7 @@ static void setup_tunnel(private_ha_tunnel_t *this,
        peer_cfg->add_auth_cfg(peer_cfg, auth_cfg, FALSE);
 
        child_cfg = child_cfg_create("ha", &lifetime, NULL, TRUE,
-                                               MODE_TRANSPORT, ACTION_NONE, ACTION_NONE, FALSE);
+                                               MODE_TRANSPORT, ACTION_NONE, ACTION_NONE, FALSE, 0);
        ts = traffic_selector_create_dynamic(IPPROTO_UDP, HA_PORT, HA_PORT);
        child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
        ts = traffic_selector_create_dynamic(IPPROTO_ICMP, 0, 65535);