ike: Reuse interface ID during CHILD_SA rekeyings
authorTobias Brunner <tobias@strongswan.org>
Tue, 12 Feb 2019 10:59:38 +0000 (11:59 +0100)
committerTobias Brunner <tobias@strongswan.org>
Thu, 4 Apr 2019 07:31:38 +0000 (09:31 +0200)
src/libcharon/sa/ikev1/task_manager_v1.c
src/libcharon/sa/ikev1/tasks/quick_mode.c
src/libcharon/sa/ikev1/tasks/quick_mode.h
src/libcharon/sa/ikev2/task_manager_v2.c
src/libcharon/sa/ikev2/tasks/child_create.c
src/libcharon/sa/ikev2/tasks/child_create.h
src/libcharon/sa/ikev2/tasks/child_rekey.c

index ca04a6a..b4944cf 100644 (file)
@@ -1843,6 +1843,8 @@ METHOD(task_manager_t, queue_child_rekey, void,
                        task->use_reqid(task, child_sa->get_reqid(child_sa));
                        task->use_marks(task, child_sa->get_mark(child_sa, TRUE).value,
                                                        child_sa->get_mark(child_sa, FALSE).value);
+                       task->use_if_ids(task, child_sa->get_if_id(child_sa, TRUE),
+                                                        child_sa->get_if_id(child_sa, FALSE));
                        task->rekey(task, child_sa->get_spi(child_sa, TRUE));
 
                        queue_task(this, &task->task);
index 876b99e..59f049d 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2012-2015 Tobias Brunner
+ * Copyright (C) 2012-2019 Tobias Brunner
  * HSR Hochschule fuer Technik Rapperswil
  *
  * Copyright (C) 2011 Martin Willi
@@ -158,12 +158,22 @@ struct private_quick_mode_t {
        /**
         * Explicit inbound mark value to use, if any
         */
-       u_int mark_in;
+       uint32_t mark_in;
 
        /**
-        * Explicit inbound mark value to use, if any
+        * Explicit outbound mark value to use, if any
+        */
+       uint32_t mark_out;
+
+       /**
+        * Explicit inbound interface ID to use, if any
+        */
+       uint32_t if_id_in;
+
+       /**
+        * Explicit outbound interface ID to use, if any
         */
-       u_int mark_out;
+       uint32_t if_id_out;
 
        /**
         * SPI of SA we rekey
@@ -846,7 +856,7 @@ METHOD(task_t, build_i, status_t,
                                                                        this->ike_sa->get_other_host(this->ike_sa),
                                                                        this->config, this->reqid, this->udp,
                                                                        this->mark_in, this->mark_out,
-                                                                       0, 0);
+                                                                       this->if_id_in, this->if_id_out);
 
                        if (this->udp && this->mode == MODE_TRANSPORT)
                        {
@@ -1048,6 +1058,8 @@ static void check_for_rekeyed_child(private_quick_mode_t *this, bool responder)
                                                                                                                        TRUE).value;
                                                this->mark_out = child_sa->get_mark(child_sa,
                                                                                                                        FALSE).value;
+                                               this->if_id_in = child_sa->get_if_id(child_sa, TRUE);
+                                               this->if_id_out = child_sa->get_if_id(child_sa, FALSE);
                                                child_sa->set_state(child_sa, CHILD_REKEYING);
                                                DBG1(DBG_IKE, "detected rekeying of CHILD_SA %s{%u}",
                                                         child_sa->get_name(child_sa),
@@ -1187,7 +1199,7 @@ METHOD(task_t, process_r, status_t,
                                                                        this->ike_sa->get_other_host(this->ike_sa),
                                                                        this->config, this->reqid, this->udp,
                                                                        this->mark_in, this->mark_out,
-                                                                       0, 0);
+                                                                       this->if_id_in, this->if_id_out);
 
                        tsi = linked_list_create_with_items(this->tsi, NULL);
                        tsr = linked_list_create_with_items(this->tsr, NULL);
@@ -1414,12 +1426,19 @@ METHOD(quick_mode_t, use_reqid, void,
 }
 
 METHOD(quick_mode_t, use_marks, void,
-       private_quick_mode_t *this, u_int in, u_int out)
+       private_quick_mode_t *this, uint32_t in, uint32_t out)
 {
        this->mark_in = in;
        this->mark_out = out;
 }
 
+METHOD(quick_mode_t, use_if_ids, void,
+       private_quick_mode_t *this, uint32_t in, uint32_t out)
+{
+       this->if_id_in = in;
+       this->if_id_out = out;
+}
+
 METHOD(quick_mode_t, rekey, void,
        private_quick_mode_t *this, uint32_t spi)
 {
@@ -1450,6 +1469,8 @@ METHOD(task_t, migrate, void,
        this->spi_r = 0;
        this->mark_in = 0;
        this->mark_out = 0;
+       this->if_id_in = 0;
+       this->if_id_out = 0;
 
        if (!this->initiator)
        {
@@ -1490,6 +1511,7 @@ quick_mode_t *quick_mode_create(ike_sa_t *ike_sa, child_cfg_t *config,
                        .get_mid = _get_mid,
                        .use_reqid = _use_reqid,
                        .use_marks = _use_marks,
+                       .use_if_ids = _use_if_ids,
                        .rekey = _rekey,
                },
                .ike_sa = ike_sa,
index 0d4c5b4..5002544 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2015 Tobias Brunner
+ * Copyright (C) 2015-2019 Tobias Brunner
  * HSR Hochschule fuer Technik Rapperswil
  *
  * Copyright (C) 2011 Martin Willi
@@ -61,7 +61,15 @@ struct quick_mode_t {
         * @param in                    inbound mark value
         * @param out                   outbound mark value
         */
-       void (*use_marks)(quick_mode_t *this, u_int in, u_int out);
+       void (*use_marks)(quick_mode_t *this, uint32_t in, uint32_t out);
+
+       /**
+        * Use specific interface IDs, overriding configuration.
+        *
+        * @param in                    inbound interface ID
+        * @param out                   outbound interface ID
+        */
+       void (*use_if_ids)(quick_mode_t *this, uint32_t in, uint32_t out);
 
        /**
         * Set the SPI of the old SA, if rekeying.
index e9142d7..ee3422c 100644 (file)
@@ -1874,6 +1874,8 @@ static void trigger_mbb_reauth(private_task_manager_t *this)
                child_create->use_marks(child_create,
                                                                child_sa->get_mark(child_sa, TRUE).value,
                                                                child_sa->get_mark(child_sa, FALSE).value);
+               /* interface IDs are not migrated as the new CHILD_SAs on old and new
+                * IKE_SA go though regular updown events */
                new->queue_task(new, &child_create->task);
                children = TRUE;
        }
index 1f93be4..340542b 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2008-2018 Tobias Brunner
+ * Copyright (C) 2008-2019 Tobias Brunner
  * Copyright (C) 2005-2008 Martin Willi
  * Copyright (C) 2005 Jan Hutter
  * HSR Hochschule fuer Technik Rapperswil
@@ -176,12 +176,22 @@ struct private_child_create_t {
        /**
         * Explicit inbound mark value
         */
-       u_int mark_in;
+       uint32_t mark_in;
 
        /**
         * Explicit outbound mark value
         */
-       u_int mark_out;
+       uint32_t mark_out;
+
+       /**
+        * Explicit inbound interface ID to use, if any
+        */
+       uint32_t if_id_in;
+
+       /**
+        * Explicit outbound interface ID to use, if any
+        */
+       uint32_t if_id_out;
 
        /**
         * CHILD_SA which gets established
@@ -1110,7 +1120,7 @@ METHOD(task_t, build_i, status_t,
        this->child_sa = child_sa_create(this->ike_sa->get_my_host(this->ike_sa),
                        this->ike_sa->get_other_host(this->ike_sa), this->config, this->reqid,
                        this->ike_sa->has_condition(this->ike_sa, COND_NAT_ANY),
-                       this->mark_in, this->mark_out, 0, 0);
+                       this->mark_in, this->mark_out, this->if_id_in, this->if_id_out);
 
        if (this->reqid)
        {
@@ -1395,7 +1405,7 @@ METHOD(task_t, build_r, status_t,
        this->child_sa = child_sa_create(this->ike_sa->get_my_host(this->ike_sa),
                        this->ike_sa->get_other_host(this->ike_sa), this->config, this->reqid,
                        this->ike_sa->has_condition(this->ike_sa, COND_NAT_ANY),
-                       this->mark_in, this->mark_out, 0, 0);
+                       this->mark_in, this->mark_out, this->if_id_in, this->if_id_out);
 
        if (this->ipcomp_received != IPCOMP_NONE)
        {
@@ -1664,12 +1674,19 @@ METHOD(child_create_t, use_reqid, void,
 }
 
 METHOD(child_create_t, use_marks, void,
-       private_child_create_t *this, u_int in, u_int out)
+       private_child_create_t *this, uint32_t in, uint32_t out)
 {
        this->mark_in = in;
        this->mark_out = out;
 }
 
+METHOD(child_create_t, use_if_ids, void,
+       private_child_create_t *this, uint32_t in, uint32_t out)
+{
+       this->if_id_in = in;
+       this->if_id_out = out;
+}
+
 METHOD(child_create_t, use_dh_group, void,
        private_child_create_t *this, diffie_hellman_group_t dh_group)
 {
@@ -1748,6 +1765,8 @@ METHOD(task_t, migrate, void,
        this->reqid = 0;
        this->mark_in = 0;
        this->mark_out = 0;
+       this->if_id_in = 0;
+       this->if_id_out = 0;
        this->established = FALSE;
 }
 
@@ -1797,6 +1816,7 @@ child_create_t *child_create_create(ike_sa_t *ike_sa,
                        .get_lower_nonce = _get_lower_nonce,
                        .use_reqid = _use_reqid,
                        .use_marks = _use_marks,
+                       .use_if_ids = _use_if_ids,
                        .use_dh_group = _use_dh_group,
                        .task = {
                                .get_type = _get_type,
index 59fc6d2..eae1f35 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2018 Tobias Brunner
+ * Copyright (C) 2018-2019 Tobias Brunner
  * Copyright (C) 2007 Martin Willi
  * HSR Hochschule fuer Technik Rapperswil
  *
@@ -58,7 +58,15 @@ struct child_create_t {
         * @param in            inbound mark value
         * @param out           outbound mark value
         */
-       void (*use_marks)(child_create_t *this, u_int in, u_int out);
+       void (*use_marks)(child_create_t *this, uint32_t in, uint32_t out);
+
+       /**
+        * Use specific interface IDs, overriding configuration.
+        *
+        * @param in                    inbound interface ID
+        * @param out                   outbound interface ID
+        */
+       void (*use_if_ids)(child_create_t *this, uint32_t in, uint32_t out);
 
        /**
         * Initially propose a specific DH group to override configuration.
index d5188c0..6b0f427 100644 (file)
@@ -207,6 +207,9 @@ METHOD(task_t, build_i, status_t,
        this->child_create->use_marks(this->child_create,
                                                this->child_sa->get_mark(this->child_sa, TRUE).value,
                                                this->child_sa->get_mark(this->child_sa, FALSE).value);
+       this->child_create->use_if_ids(this->child_create,
+                                               this->child_sa->get_if_id(this->child_sa, TRUE),
+                                               this->child_sa->get_if_id(this->child_sa, FALSE));
 
        if (this->child_create->task.build(&this->child_create->task,
                                                                           message) != NEED_MORE)
@@ -266,6 +269,9 @@ METHOD(task_t, build_r, status_t,
        this->child_create->use_marks(this->child_create,
                                                this->child_sa->get_mark(this->child_sa, TRUE).value,
                                                this->child_sa->get_mark(this->child_sa, FALSE).value);
+       this->child_create->use_if_ids(this->child_create,
+                                               this->child_sa->get_if_id(this->child_sa, TRUE),
+                                               this->child_sa->get_if_id(this->child_sa, FALSE));
        config = this->child_sa->get_config(this->child_sa);
        this->child_create->set_config(this->child_create, config->get_ref(config));
        this->child_create->task.build(&this->child_create->task, message);