Don't manually register kernel_netlink_net

Load complete kernel_netlink plugin instead. Registering the TKM
specific plugins first still ensures that the correct ipsec plugin
is used.

Lazy initialize the RNG_WEAK plugin to avoid the unsatisfiable
soft dependency on startup.

diff --git a/src/charon-tkm/Makefile.am b/src/charon-tkm/Makefile.am
index 62731af..0f4f518 100644 (file)
--- a/src/charon-tkm/Makefile.am
+++ b/src/charon-tkm/Makefile.am
@@ -26,6 +26,7 @@ PLUGINS = \
        aes \
        constraints \
        hmac \
+       kernel-netlink \
        pem \
        pkcs1 \
        pkcs8 \

diff --git a/src/charon-tkm/src/charon-tkm.c b/src/charon-tkm/src/charon-tkm.c
index 7afde6e..92217b8 100644 (file)
--- a/src/charon-tkm/src/charon-tkm.c
+++ b/src/charon-tkm/src/charon-tkm.c
@@ -27,7 +27,6 @@
 
 #include <hydra.h>
 #include <daemon.h>
-#include <plugins/kernel_netlink/kernel_netlink_net.h>
 #include <library.h>
 #include <utils/backtrace.h>
 #include <threading/thread.h>
@@ -297,10 +296,6 @@ int main(int argc, char *argv[])
                        PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA256),
                PLUGIN_CALLBACK(kernel_ipsec_register, tkm_kernel_ipsec_create),
                        PLUGIN_PROVIDE(CUSTOM, "kernel-ipsec"),
-                       PLUGIN_DEPENDS(RNG, RNG_WEAK),
-               PLUGIN_CALLBACK(kernel_net_register, kernel_netlink_net_create),
-                       PLUGIN_PROVIDE(CUSTOM, "kernel-net"),
-
        };
        lib->plugins->add_static_features(lib->plugins, "tkm-backend", features,
                        countof(features), TRUE);

diff --git a/src/charon-tkm/src/tkm/tkm_kernel_ipsec.c b/src/charon-tkm/src/tkm/tkm_kernel_ipsec.c
index b043299..734bec7 100644 (file)
--- a/src/charon-tkm/src/tkm/tkm_kernel_ipsec.c
+++ b/src/charon-tkm/src/tkm/tkm_kernel_ipsec.c
@@ -62,6 +62,16 @@ METHOD(kernel_ipsec_t, get_spi, status_t,
        private_tkm_kernel_ipsec_t *this, host_t *src, host_t *dst,
        u_int8_t protocol, u_int32_t reqid, u_int32_t *spi)
 {
+       if (!this->rng)
+       {
+               this->rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
+               if (!this->rng)
+               {
+                       DBG1(DBG_KNL, "unable to create RNG");
+                       return FAILED;
+               }
+       }
+
        DBG1(DBG_KNL, "getting SPI for reqid {%u}", reqid);
        const bool result = this->rng->get_bytes(this->rng, sizeof(u_int32_t),
                                                                                         (u_int8_t *)spi);
@@ -365,16 +375,9 @@ tkm_kernel_ipsec_t *tkm_kernel_ipsec_create()
                                .destroy = _destroy,
                        },
                },
-               .rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK),
                .sad = tkm_kernel_sad_create(),
        );
 
-       if (!this->rng)
-       {
-               DBG1(DBG_KNL, "unable to create RNG");
-               destroy(this);
-               return NULL;
-       }
        if (!this->sad)
        {
                DBG1(DBG_KNL, "unable to create SAD");

diff --git a/src/charon-tkm/tests/test_runner.c b/src/charon-tkm/tests/test_runner.c
index b22f1ff..5ae0329 100644 (file)
--- a/src/charon-tkm/tests/test_runner.c
+++ b/src/charon-tkm/tests/test_runner.c
@@ -17,7 +17,6 @@
 #include <library.h>
 #include <hydra.h>
 #include <daemon.h>
-#include <plugins/kernel_netlink/kernel_netlink_net.h>
 
 #include "tkm.h"
 #include "tkm_nonceg.h"
@@ -44,9 +43,6 @@ int main(void)
                        PLUGIN_PROVIDE(DH, MODP_4096_BIT),
                PLUGIN_CALLBACK(kernel_ipsec_register, tkm_kernel_ipsec_create),
                        PLUGIN_PROVIDE(CUSTOM, "kernel-ipsec"),
-                       PLUGIN_DEPENDS(RNG, RNG_WEAK),
-               PLUGIN_CALLBACK(kernel_net_register, kernel_netlink_net_create),
-                       PLUGIN_PROVIDE(CUSTOM, "kernel-net"),
        };
        lib->plugins->add_static_features(lib->plugins, "tkm-tests", features,
                        countof(features), TRUE);