removed obsolete route/unroute code from ike_sa/controller
authorMartin Willi <martin@strongswan.org>
Wed, 6 May 2009 17:49:20 +0000 (19:49 +0200)
committerMartin Willi <martin@strongswan.org>
Fri, 8 May 2009 08:03:59 +0000 (10:03 +0200)
src/charon/control/controller.c
src/charon/control/controller.h
src/charon/sa/ike_sa.c
src/charon/sa/ike_sa.h

index 81832ec..762fc57 100644 (file)
@@ -170,15 +170,12 @@ static bool listener_child_state(interface_listener_t *this, ike_sa_t *ike_sa,
        {
                switch (state)
                {
-                       case CHILD_ROUTED:
                        case CHILD_INSTALLED:
                                this->status = SUCCESS;
                                return FALSE;
                        case CHILD_DESTROYING:
                                switch (child_sa->get_state(child_sa))
                                {
-                                       case CHILD_ROUTED:
-                                               /* has been unrouted */
                                        case CHILD_DELETING:
                                                /* proper delete */
                                                this->status = SUCCESS;
@@ -424,126 +421,6 @@ static status_t terminate_child(controller_t *this, u_int32_t reqid,
 }
 
 /**
- * execute function for route
- */
-static status_t route_execute(interface_job_t *job)
-{
-       interface_listener_t *listener = &job->listener;
-       ike_sa_t *ike_sa = listener->ike_sa;
-       
-       charon->bus->set_sa(charon->bus, ike_sa);
-       if (ike_sa->route(ike_sa, listener->child_cfg) != DESTROY_ME)
-       {
-               charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
-               return SUCCESS;
-       }
-       charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, ike_sa);
-       return FAILED;
-}
-
-/**
- * Implementation of controller_t.route.
- */
-static status_t route(controller_t *this,
-                                         peer_cfg_t *peer_cfg, child_cfg_t *child_cfg,
-                                         controller_cb_t callback, void *param)
-{
-       ike_sa_t *ike_sa;
-       interface_job_t job = {
-               .listener = {
-                       .public = {
-                               .log = (void*)listener_log,
-                               .ike_state_change = (void*)listener_ike_state,
-                               .child_state_change = (void*)listener_child_state,
-                       },
-                       .callback = callback,
-                       .param = param,
-                       .status = FAILED,
-                       .peer_cfg = peer_cfg,
-                       .child_cfg = child_cfg,
-               },
-               .public = {
-                       .execute = (void*)route_execute,
-                       .destroy = (void*)recheckin,
-               },
-       };
-       
-       ike_sa = charon->ike_sa_manager->checkout_by_config(charon->ike_sa_manager,
-                                                                                                               peer_cfg);
-       if (ike_sa->get_peer_cfg(ike_sa) == NULL)
-       {
-               ike_sa->set_peer_cfg(ike_sa, peer_cfg);
-       }
-       job.listener.ike_sa = ike_sa;
-       if (callback == NULL)
-       {
-               return route_execute(&job);
-       }
-       charon->bus->listen(charon->bus, &job.listener.public, (job_t*)&job);
-       return job.listener.status;
-}
-
-/**
- * execute function for unroute
- */
-static status_t unroute_execute(interface_job_t *job)
-{
-       interface_listener_t *listener = &job->listener;
-       ike_sa_t *ike_sa = listener->ike_sa;
-       
-       charon->bus->set_sa(charon->bus, ike_sa);
-       if (ike_sa->unroute(ike_sa, listener->id) != DESTROY_ME)
-       {
-               charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
-               return SUCCESS;
-       }
-       charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, ike_sa);
-       return SUCCESS;
-}
-
-/**
- * Implementation of controller_t.unroute.
- */
-static status_t unroute(controller_t *this, u_int32_t reqid, 
-                                               controller_cb_t callback, void *param)
-{
-       ike_sa_t *ike_sa;
-       interface_job_t job = {
-               .listener = {
-                       .public = {
-                               .log = (void*)listener_log,
-                               .ike_state_change = (void*)listener_ike_state,
-                               .child_state_change = (void*)listener_child_state,
-                       },
-                       .callback = callback,
-                       .param = param,
-                       .status = FAILED,
-                       .id = reqid,
-               },
-               .public = {
-                       .execute = (void*)unroute_execute,
-                       .destroy = (void*)recheckin,
-               },
-       };
-       
-       ike_sa = charon->ike_sa_manager->checkout_by_id(charon->ike_sa_manager,
-                                                                                                       reqid, TRUE);
-       if (ike_sa == NULL)
-       {
-               DBG1(DBG_IKE, "unable to unroute, CHILD_SA with ID %d not found", reqid);
-               return NOT_FOUND;
-       }
-       job.listener.ike_sa = ike_sa;
-
-       if (callback == NULL)
-       {
-               return unroute_execute(&job);
-       }
-       charon->bus->listen(charon->bus, &job.listener.public, (job_t*)&job);   
-       return job.listener.status;
-}
-
-/**
  * See header
  */
 bool controller_cb_empty(void *param, debug_t group, level_t level,
@@ -571,8 +448,6 @@ controller_t *controller_create(void)
        this->public.initiate = (status_t(*)(controller_t*,peer_cfg_t*,child_cfg_t*,controller_cb_t,void*))initiate;
        this->public.terminate_ike = (status_t(*)(controller_t*,u_int32_t,controller_cb_t, void*))terminate_ike;
        this->public.terminate_child = (status_t(*)(controller_t*,u_int32_t,controller_cb_t, void *param))terminate_child;
-       this->public.route = (status_t(*)(controller_t*,peer_cfg_t*, child_cfg_t*,controller_cb_t,void*))route;
-       this->public.unroute = (status_t(*)(controller_t*,u_int32_t,controller_cb_t,void*))unroute;
        this->public.destroy = (void (*)(controller_t*))destroy;
        
        return &this->public;
index 05d9a81..3c928d2 100644 (file)
@@ -124,38 +124,6 @@ struct controller_t {
                                                                controller_cb_t callback, void *param);
        
        /**
-        * Route a CHILD_SA (install triggering policies).
-        *
-        * @param peer_cfg              peer_cfg to use for IKE_SA setup, if triggered
-        * @param child_cfg             child_cfg to route
-        * @param cb                    logging callback
-        * @param param                 parameter to include in each call of cb
-        * @return
-        *                                              - SUCCESS, if CHILD_SA routed
-        *                                              - FAILED, if routing failed
-        *                                              - NEED_MORE, if callback returned FALSE
-        */
-       status_t (*route)(controller_t *this,
-                                         peer_cfg_t *peer_cfg, child_cfg_t *child_cfg,
-                                         controller_cb_t callback, void *param);
-       
-       /**
-        * Unroute a routed CHILD_SA (uninstall triggering policies).
-        *
-        * Only the route is removed, not the CHILD_SAs the route triggered.
-        *
-        * @param reqid                 reqid of the CHILD_SA to unroute
-        * @param cb                    logging callback
-        * @param param                 parameter to include in each call of cb
-        * @return
-        *                                              - SUCCESS, if CHILD_SA terminated
-        *                                              - NOT_FOUND, if no such CHILD_SA routed
-        *                                              - NEED_MORE, if callback returned FALSE
-        */
-       status_t (*unroute)(controller_t *this, u_int32_t reqid, 
-                                               controller_cb_t callback, void *param);
-       
-       /**
         * Destroy a controller_t instance.
         */
        void (*destroy) (controller_t *this);
index 126011e..1e95021 100644 (file)
@@ -1105,7 +1105,8 @@ static void resolve_hosts(private_ike_sa_t *this)
 /**
  * Initiates a CHILD_SA using the appropriate reqid
  */
-static status_t initiate_with_reqid(private_ike_sa_t *this, child_cfg_t *child_cfg, u_int32_t reqid)
+static status_t initiate_with_reqid(private_ike_sa_t *this,
+                                                                       child_cfg_t *child_cfg, u_int32_t reqid)
 {
        task_t *task;
        
@@ -1199,168 +1200,6 @@ static status_t initiate(private_ike_sa_t *this, child_cfg_t *child_cfg)
 }
 
 /**
- * Implementation of ike_sa_t.acquire.
- */
-static status_t acquire(private_ike_sa_t *this, u_int32_t reqid)
-{
-       child_cfg_t *child_cfg;
-       iterator_t *iterator;
-       child_sa_t *current, *child_sa = NULL;
-       
-       switch (this->state)
-       {
-               case IKE_DELETING:
-                       DBG1(DBG_IKE, "acquiring CHILD_SA {reqid %d} failed: "
-                                "IKE_SA is deleting", reqid);
-                       return FAILED;
-               case IKE_PASSIVE:
-                       /* do not process acquires if passive */
-                       return FAILED;
-               default:
-                       break;
-       }
-       
-       /* find CHILD_SA */
-       iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
-       while (iterator->iterate(iterator, (void**)&current))
-       {
-               if (current->get_reqid(current) == reqid)
-               {
-                       child_sa = current;
-                       break;
-               }
-       }
-       iterator->destroy(iterator);
-       if (!child_sa)
-       {
-               DBG1(DBG_IKE, "acquiring CHILD_SA {reqid %d} failed: "
-                        "CHILD_SA not found", reqid);
-               return FAILED;
-       }
-       
-       child_cfg = child_sa->get_config(child_sa);
-       child_cfg->get_ref(child_cfg);
-       
-       return initiate_with_reqid(this, child_cfg, reqid);
-}
-
-/**
- * Implementation of ike_sa_t.route.
- */
-static status_t route(private_ike_sa_t *this, child_cfg_t *child_cfg)
-{
-       child_sa_t *child_sa;
-       iterator_t *iterator;
-       linked_list_t *my_ts, *other_ts;
-       host_t *me, *other;
-       status_t status;
-       
-       /* check if not already routed*/
-       iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
-       while (iterator->iterate(iterator, (void**)&child_sa))
-       {
-               if (child_sa->get_state(child_sa) == CHILD_ROUTED &&
-                       streq(child_sa->get_name(child_sa), child_cfg->get_name(child_cfg)))
-               {
-                       iterator->destroy(iterator);
-                       DBG1(DBG_IKE, "routing CHILD_SA failed: already routed");
-                       return FAILED;
-               }
-       }
-       iterator->destroy(iterator);
-       
-       switch (this->state)
-       {
-               case IKE_DELETING:
-               case IKE_REKEYING:
-                       DBG1(DBG_IKE, "routing CHILD_SA failed: IKE_SA is %N",
-                                ike_sa_state_names, this->state);
-                       return FAILED;
-               case IKE_CREATED:
-               case IKE_CONNECTING:
-               case IKE_ESTABLISHED:
-               case IKE_PASSIVE:
-               default:
-                       break;
-       }
-       
-       resolve_hosts(this);
-
-       /* install kernel policies */
-       child_sa = child_sa_create(this->my_host, this->other_host,
-                                                          child_cfg, 0, FALSE);
-       me = this->my_host;
-       if (this->my_virtual_ip)
-       {
-               me = this->my_virtual_ip;
-       }
-       other = this->other_host;
-       if (this->other_virtual_ip)
-       {
-               other = this->other_virtual_ip;
-       }
-       
-       my_ts = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, me);
-       other_ts = child_cfg->get_traffic_selectors(child_cfg, FALSE, NULL, other);
-
-       child_sa->set_mode(child_sa, child_cfg->get_mode(child_cfg));
-       status = child_sa->add_policies(child_sa, my_ts, other_ts);
-
-       my_ts->destroy_offset(my_ts, offsetof(traffic_selector_t, destroy));
-       other_ts->destroy_offset(other_ts, offsetof(traffic_selector_t, destroy));
-       if (status == SUCCESS)
-       {
-               this->child_sas->insert_last(this->child_sas, child_sa);
-               DBG1(DBG_IKE, "CHILD_SA routed");
-       }
-       else
-       {
-               child_sa->destroy(child_sa);
-               DBG1(DBG_IKE, "routing CHILD_SA failed");
-       }
-       return status;
-}
-
-/**
- * Implementation of ike_sa_t.unroute.
- */
-static status_t unroute(private_ike_sa_t *this, u_int32_t reqid)
-{
-       iterator_t *iterator;
-       child_sa_t *child_sa;
-       bool found = FALSE;
-       
-       /* find CHILD_SA in ROUTED state */
-       iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
-       while (iterator->iterate(iterator, (void**)&child_sa))
-       {
-               if (child_sa->get_state(child_sa) == CHILD_ROUTED &&
-                       child_sa->get_reqid(child_sa) == reqid)
-               {
-                       iterator->remove(iterator);
-                       DBG1(DBG_IKE, "CHILD_SA unrouted");
-                       child_sa->destroy(child_sa);
-                       found = TRUE;
-                       break;
-               }
-       }
-       iterator->destroy(iterator);
-       
-       if (!found)
-       {
-               DBG1(DBG_IKE, "unrouting CHILD_SA failed: reqid %d not found", reqid);
-               return FAILED;
-       }
-       /* if we are not established, and we have no more routed childs, remove whole SA */
-       if (this->state == IKE_CREATED &&
-               this->child_sas->get_count(this->child_sas) == 0)
-       {
-               return DESTROY_ME;
-       }
-       return SUCCESS;
-}
-
-/**
  * Implementation of ike_sa_t.process_message.
  */
 static status_t process_message(private_ike_sa_t *this, message_t *message)
@@ -1434,14 +1273,10 @@ static status_t process_message(private_ike_sa_t *this, message_t *message)
        else
        {
                host_t *me, *other;
-               private_ike_sa_t *new;
-               iterator_t *iterator;
-               child_sa_t *child;
-               bool has_routed = FALSE;
                
                me = message->get_destination(message);
                other = message->get_source(message);
-
+               
                /* if this IKE_SA is virgin, we check for a config */
                if (this->ike_cfg == NULL)
                {
@@ -1471,51 +1306,7 @@ static status_t process_message(private_ike_sa_t *this, message_t *message)
                                update_hosts(this, me, other);
                        }
                }
-               status = this->task_manager->process_message(this->task_manager, message);
-               if (status != DESTROY_ME)
-               {
-                       return status;
-               }
-               /* if IKE_SA gets closed for any reasons, reroute routed children */
-               iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
-               while (iterator->iterate(iterator, (void**)&child))
-               {
-                       if (child->get_state(child) == CHILD_ROUTED)
-                       {
-                               has_routed = TRUE;
-                               break;
-                       }
-               }
-               iterator->destroy(iterator);
-               if (!has_routed)
-               {
-                       return status;
-               }
-               /* move routed children to a new IKE_SA, apply connection info */
-               new = (private_ike_sa_t*)charon->ike_sa_manager->checkout_new(
-                                                                                       charon->ike_sa_manager, TRUE);
-               set_peer_cfg(new, this->peer_cfg);
-               new->other_host->destroy(new->other_host);
-               new->other_host = this->other_host->clone(this->other_host);
-               if (!has_condition(this, COND_NAT_THERE))
-               {
-                       new->other_host->set_port(new->other_host, IKEV2_UDP_PORT);
-               }
-               if (this->my_virtual_ip)
-               {
-                       set_virtual_ip(new, TRUE, this->my_virtual_ip);
-               }
-               iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
-               while (iterator->iterate(iterator, (void**)&child))
-               {
-                       if (child->get_state(child) == CHILD_ROUTED)
-                       {
-                               route(new, child->get_config(child));
-                       }
-               }
-               iterator->destroy(iterator);
-               charon->ike_sa_manager->checkin(charon->ike_sa_manager, &new->public);
-               return status;
+               return this->task_manager->process_message(this->task_manager, message);
        }
 }
 
@@ -1850,7 +1641,8 @@ static status_t reestablish(private_ike_sa_t *this)
                                        status = new->initiate(new, child_cfg);
                                        break;
                                case ACTION_ROUTE:
-                                       status = new->route(new, child_cfg);
+                                       charon->traps->install(charon->traps,
+                                                                                  this->peer_cfg, child_cfg);
                                        break;
                                default:
                                        continue;
@@ -2206,9 +1998,6 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id)
        this->public.get_statistic = (u_int32_t(*)(ike_sa_t*, statistic_t kind))get_statistic;
        this->public.process_message = (status_t (*)(ike_sa_t*, message_t*)) process_message;
        this->public.initiate = (status_t (*)(ike_sa_t*,child_cfg_t*)) initiate;
-       this->public.route = (status_t (*)(ike_sa_t*,child_cfg_t*)) route;
-       this->public.unroute = (status_t (*)(ike_sa_t*,u_int32_t)) unroute;
-       this->public.acquire = (status_t (*)(ike_sa_t*,u_int32_t)) acquire;
        this->public.get_ike_cfg = (ike_cfg_t* (*)(ike_sa_t*))get_ike_cfg;
        this->public.set_ike_cfg = (void (*)(ike_sa_t*,ike_cfg_t*))set_ike_cfg;
        this->public.get_peer_cfg = (peer_cfg_t* (*)(ike_sa_t*))get_peer_cfg;
index 29c9168..2272e10 100644 (file)
@@ -608,43 +608,6 @@ struct ike_sa_t {
         *                                              - DESTROY_ME if initialization failed
         */
        status_t (*initiate) (ike_sa_t *this, child_cfg_t *child_cfg);
-
-       /**
-        * Route a policy in the kernel.
-        *
-        * Installs the policies in the kernel. If traffic matches,
-        * the kernel requests connection setup from the IKE_SA via acquire().
-        * 
-        * @param child_cfg             child config to route
-        * @return                              
-        *                                              - SUCCESS if routed successfully
-        *                                              - FAILED if routing failed
-        */
-       status_t (*route) (ike_sa_t *this, child_cfg_t *child_cfg);
-
-       /**
-        * Unroute a policy in the kernel previously routed.
-        *
-        * @param reqid                 reqid of CHILD_SA to unroute
-        * @return                              
-        *                                              - SUCCESS if route removed
-        *                                              - NOT_FOUND if CHILD_SA not found
-        *                                              - DESTROY_ME if last CHILD_SA was unrouted
-        */
-       status_t (*unroute) (ike_sa_t *this, u_int32_t reqid);
-       
-       /**
-        * Acquire connection setup for an installed kernel policy.
-        *
-        * If an installed policy raises an acquire, the kernel calls
-        * this function to establish the CHILD_SA (and maybe the IKE_SA).
-        *
-        * @param reqid                 reqid of the CHILD_SA the policy belongs to.
-        * @return                              
-        *                                              - SUCCESS if initialization started
-        *                                              - DESTROY_ME if initialization failed
-        */
-       status_t (*acquire) (ike_sa_t *this, u_int32_t reqid);
        
        /**
         * Initiates the deletion of an IKE_SA.