Moved delete/rekey CHILD_SA job creation to kernel event handler.
authorTobias Brunner <tobias@strongswan.org>
Tue, 6 Jul 2010 10:09:06 +0000 (12:09 +0200)
committerTobias Brunner <tobias@strongswan.org>
Thu, 2 Sep 2010 17:01:24 +0000 (19:01 +0200)
src/libcharon/kernel/kernel_handler.c
src/libcharon/plugins/kernel_klips/kernel_klips_ipsec.c
src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c

index 5a12e35..64907b7 100644 (file)
@@ -18,6 +18,8 @@
 #include <hydra.h>
 #include <daemon.h>
 #include <processing/jobs/acquire_job.h>
+#include <processing/jobs/rekey_child_sa_job.h>
+#include <processing/jobs/delete_child_sa_job.h>
 
 typedef struct private_kernel_handler_t private_kernel_handler_t;
 
@@ -52,6 +54,26 @@ METHOD(kernel_listener_t, acquire, bool,
        return TRUE;
 }
 
+METHOD(kernel_listener_t, expire, bool,
+          private_kernel_handler_t *this, u_int32_t reqid, protocol_id_t protocol,
+          u_int32_t spi, bool hard)
+{
+       job_t *job;
+       DBG1(DBG_KNL, "creating %s job for %N CHILD_SA with SPI %.8x "
+                                 "and reqid {%u}", hard ? "delete" : "rekey",
+                                 protocol_id_names, protocol, ntohl(spi), reqid);
+       if (hard)
+       {
+               job = (job_t*)delete_child_sa_job_create(reqid, protocol, spi);
+       }
+       else
+       {
+               job = (job_t*)rekey_child_sa_job_create(reqid, protocol, spi);
+       }
+       hydra->processor->queue_job(hydra->processor, job);
+       return TRUE;
+}
+
 METHOD(kernel_handler_t, destroy, void,
           private_kernel_handler_t *this)
 {
@@ -68,6 +90,7 @@ kernel_handler_t *kernel_handler_create()
                .public = {
                        .listener = {
                                .acquire = _acquire,
+                               .expire = _expire,
                        },
                        .destroy = _destroy,
                },
index d21da6f..390d906 100644 (file)
@@ -33,8 +33,6 @@
 #include <threading/thread.h>
 #include <threading/mutex.h>
 #include <processing/jobs/callback_job.h>
-#include <processing/jobs/rekey_child_sa_job.h>
-#include <processing/jobs/delete_child_sa_job.h>
 #include <processing/jobs/update_sa_job.h>
 
 /** default timeout for generated SPIs (in seconds) */
@@ -1418,12 +1416,14 @@ static job_requeue_t receive_events(private_kernel_klips_ipsec_t *this)
                        process_acquire(this, msg);
                        break;
                case SADB_EXPIRE:
-                       /* SADB_EXPIRE events in KLIPS are only triggered by traffic (even for
-                        * the time based limits). So if there is no traffic for a longer
-                        * period than configured as hard limit, we wouldn't be able to rekey
-                        * the SA and just receive the hard expire and thus delete the SA.
-                        * To avoid this behavior and to make charon behave as with the other
-                        * kernel plugins, we implement the expiration of SAs ourselves. */
+                       /* SADB_EXPIRE events in KLIPS are only triggered by traffic (even
+                        * for the time based limits). So if there is no traffic for a
+                        * longer period than configured as hard limit, we wouldn't be able
+                        * to rekey the SA and just receive the hard expire and thus delete
+                        * the SA.
+                        * To avoid this behavior and to make charon behave as with the
+                        * other kernel plugins, we implement the expiration of SAs
+                        * ourselves. */
                        break;
                case SADB_X_NAT_T_NEW_MAPPING:
                        process_mapping(this, msg);
@@ -1470,7 +1470,6 @@ static job_requeue_t sa_expires(sa_expire_t *expire)
        bool hard = expire->type != EXPIRE_TYPE_SOFT;
        sa_entry_t *cached_sa;
        linked_list_t *list;
-       job_t *job;
 
        /* for an expired SPI we first check whether the CHILD_SA got installed
         * in the meantime, for expired SAs we check whether they are still installed */
@@ -1496,18 +1495,8 @@ static job_requeue_t sa_expires(sa_expire_t *expire)
        DBG2(DBG_KNL, "%N CHILD_SA with SPI %.8x and reqid {%d} expired",
                        protocol_id_names, protocol, ntohl(spi), reqid);
 
-       DBG1(DBG_KNL, "creating %s job for %N CHILD_SA with SPI %.8x and reqid {%d}",
-                hard ? "delete" : "rekey",  protocol_id_names,
-                protocol, ntohl(spi), reqid);
-       if (hard)
-       {
-               job = (job_t*)delete_child_sa_job_create(reqid, protocol, spi);
-       }
-       else
-       {
-               job = (job_t*)rekey_child_sa_job_create(reqid, protocol, spi);
-       }
-       hydra->processor->queue_job(hydra->processor, job);
+       charon->kernel_interface->expire(charon->kernel_interface, reqid, protocol,
+                                                                        spi, hard);
        return JOB_REQUEUE_NONE;
 }
 
index 68fcab8..b603b13 100644 (file)
@@ -42,8 +42,6 @@
 #include <utils/hashtable.h>
 #include <processing/jobs/callback_job.h>
 #include <processing/jobs/migrate_job.h>
-#include <processing/jobs/rekey_child_sa_job.h>
-#include <processing/jobs/delete_child_sa_job.h>
 #include <processing/jobs/update_sa_job.h>
 
 /** required for Linux 2.6.26 kernel and later */
@@ -599,7 +597,6 @@ static void process_acquire(private_kernel_netlink_ipsec_t *this, struct nlmsghd
  */
 static void process_expire(private_kernel_netlink_ipsec_t *this, struct nlmsghdr *hdr)
 {
-       job_t *job;
        protocol_id_t protocol;
        u_int32_t spi, reqid;
        struct xfrm_user_expire *expire;
@@ -613,23 +610,13 @@ static void process_expire(private_kernel_netlink_ipsec_t *this, struct nlmsghdr
 
        if (protocol != PROTO_ESP && protocol != PROTO_AH)
        {
-               DBG2(DBG_KNL, "ignoring XFRM_MSG_EXPIRE for SA with SPI %.8x and reqid {%u} "
-                                         "which is not a CHILD_SA", ntohl(spi), reqid);
+               DBG2(DBG_KNL, "ignoring XFRM_MSG_EXPIRE for SA with SPI %.8x and "
+                                         "reqid {%u} which is not a CHILD_SA", ntohl(spi), reqid);
                return;
        }
 
-       DBG1(DBG_KNL, "creating %s job for %N CHILD_SA with SPI %.8x and reqid {%d}",
-                expire->hard ? "delete" : "rekey",  protocol_id_names,
-                protocol, ntohl(spi), reqid);
-       if (expire->hard)
-       {
-               job = (job_t*)delete_child_sa_job_create(reqid, protocol, spi);
-       }
-       else
-       {
-               job = (job_t*)rekey_child_sa_job_create(reqid, protocol, spi);
-       }
-       hydra->processor->queue_job(hydra->processor, job);
+       charon->kernel_interface->expire(charon->kernel_interface, reqid, protocol,
+                                                                        spi, expire->hard != 0);
 }
 
 /**
index b490095..b91b6d1 100644 (file)
@@ -61,8 +61,6 @@
 #include <threading/mutex.h>
 #include <processing/jobs/callback_job.h>
 #include <processing/jobs/migrate_job.h>
-#include <processing/jobs/rekey_child_sa_job.h>
-#include <processing/jobs/delete_child_sa_job.h>
 #include <processing/jobs/update_sa_job.h>
 
 /** non linux specific */
@@ -949,7 +947,6 @@ static void process_expire(private_kernel_pfkey_ipsec_t *this, struct sadb_msg*
        protocol_id_t protocol;
        u_int32_t spi, reqid;
        bool hard;
-       job_t *job;
 
        DBG2(DBG_KNL, "received an SADB_EXPIRE");
 
@@ -971,18 +968,8 @@ static void process_expire(private_kernel_pfkey_ipsec_t *this, struct sadb_msg*
                return;
        }
 
-       DBG1(DBG_KNL, "creating %s job for %N CHILD_SA with SPI %.8x and reqid {%u}",
-                hard ? "delete" : "rekey",  protocol_id_names,
-                protocol, ntohl(spi), reqid);
-       if (hard)
-       {
-               job = (job_t*)delete_child_sa_job_create(reqid, protocol, spi);
-       }
-       else
-       {
-               job = (job_t*)rekey_child_sa_job_create(reqid, protocol, spi);
-       }
-       hydra->processor->queue_job(hydra->processor, job);
+       charon->kernel_interface->expire(charon->kernel_interface, reqid, protocol,
+                                                                        spi, hard);
 }
 
 #ifdef SADB_X_MIGRATE