start and route connections defined in an SQL database via start_action field and...
authorAndreas Steffen <andreas.steffen@strongswan.org>
Sun, 28 Nov 2010 10:57:49 +0000 (11:57 +0100)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Sun, 28 Nov 2010 10:57:49 +0000 (11:57 +0100)
14 files changed:
src/libcharon/config/child_cfg.c
src/libcharon/config/child_cfg.h
src/libcharon/plugins/android/android_service.c
src/libcharon/plugins/ha/ha_tunnel.c
src/libcharon/plugins/load_tester/load_tester_config.c
src/libcharon/plugins/maemo/maemo_service.c
src/libcharon/plugins/medcli/medcli_config.c
src/libcharon/plugins/nm/nm_service.c
src/libcharon/plugins/sql/mysql.sql
src/libcharon/plugins/sql/sql_config.c
src/libcharon/plugins/sql/sqlite.sql
src/libcharon/plugins/stroke/stroke_control.c
src/libcharon/plugins/uci/uci_config.c
testing/hosts/default/etc/ipsec.d/tables.sql

index e904b44..070b35a 100644 (file)
@@ -80,6 +80,11 @@ struct private_child_cfg_t {
        ipsec_mode_t mode;
 
        /**
+        * action to take to start CHILD_SA
+        */
+       action_t start_action;
+
+       /**
         * action to take on DPD
         */
        action_t dpd_action;
@@ -375,6 +380,12 @@ METHOD(child_cfg_t, get_mode, ipsec_mode_t,
        return this->mode;
 }
 
+METHOD(child_cfg_t, get_start_action, action_t,
+       private_child_cfg_t *this)
+{
+       return this->start_action;
+}
+
 METHOD(child_cfg_t, get_dpd_action, action_t,
        private_child_cfg_t *this)
 {
@@ -478,9 +489,9 @@ METHOD(child_cfg_t, destroy, void,
  */
 child_cfg_t *child_cfg_create(char *name, lifetime_cfg_t *lifetime,
                                                          char *updown, bool hostaccess,
-                                                         ipsec_mode_t mode, action_t dpd_action,
-                                                         action_t close_action, bool ipcomp,
-                                                         u_int32_t inactivity, u_int32_t reqid,
+                                                         ipsec_mode_t mode, action_t start_action,
+                                                         action_t dpd_action, action_t close_action,
+                                                         bool ipcomp, u_int32_t inactivity, u_int32_t reqid,
                                                          mark_t *mark_in, mark_t *mark_out)
 {
        private_child_cfg_t *this;
@@ -496,6 +507,7 @@ child_cfg_t *child_cfg_create(char *name, lifetime_cfg_t *lifetime,
                        .get_updown = _get_updown,
                        .get_hostaccess = _get_hostaccess,
                        .get_mode = _get_mode,
+                       .get_start_action = _get_start_action,
                        .get_dpd_action = _get_dpd_action,
                        .get_close_action = _get_close_action,
                        .get_lifetime = _get_lifetime,
index 1e6fe3f..1f0c9c8 100644 (file)
@@ -32,14 +32,15 @@ typedef struct child_cfg_t child_cfg_t;
 #include <kernel/kernel_ipsec.h>
 
 /**
- * Action to take when DPD detected/connection gets closed by peer.
+ * Action to take when connection is loaded, DPD is detected or
+ * connection gets closed by peer.
  */
 enum action_t {
        /** No action */
        ACTION_NONE,
-       /** Route config to reestablish on demand */
+       /** Route config to establish or reestablish on demand */
        ACTION_ROUTE,
-       /** Restart config immediately */
+       /** Start or restart config immediately */
        ACTION_RESTART,
 };
 
@@ -169,6 +170,13 @@ struct child_cfg_t {
        ipsec_mode_t (*get_mode) (child_cfg_t *this);
 
        /**
+        * Action to take to start CHILD_SA.
+        *
+        * @return                              start action
+        */
+       action_t (*get_start_action) (child_cfg_t *this);
+
+       /**
         * Action to take on DPD.
         *
         * @return                              DPD action
@@ -276,6 +284,7 @@ struct child_cfg_t {
  * @param updown                       updown script to execute on up/down event
  * @param hostaccess           TRUE to allow access to the local host
  * @param mode                         mode to propose for CHILD_SA, transport, tunnel or BEET
+ * @param start_action         start action
  * @param dpd_action           DPD action
  * @param close_action         close action
  * @param ipcomp                       use IPComp, if peer supports it
@@ -287,9 +296,9 @@ struct child_cfg_t {
  */
 child_cfg_t *child_cfg_create(char *name, lifetime_cfg_t *lifetime,
                                                          char *updown, bool hostaccess,
-                                                         ipsec_mode_t mode, action_t dpd_action,
-                                                         action_t close_action, bool ipcomp,
-                                                         u_int32_t inactivity, u_int32_t reqid,
+                                                         ipsec_mode_t mode, action_t start_action,
+                                                         action_t dpd_action, action_t close_action,
+                                                         bool ipcomp, u_int32_t inactivity, u_int32_t reqid,
                                                          mark_t *mark_in, mark_t *mark_out);
 
 #endif /** CHILD_CFG_H_ @}*/
index f9a8e1e..1a68ff9 100644 (file)
@@ -291,8 +291,8 @@ static job_requeue_t initiate(private_android_service_t *this)
        peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE);
 
        child_cfg = child_cfg_create("android", &lifetime, NULL, TRUE, MODE_TUNNEL,
-                                                                ACTION_NONE, ACTION_NONE, FALSE, 0, 0,
-                                                                NULL, NULL);
+                                                                ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE,
+                                                                0, 0, NULL, NULL);
        child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
        ts = traffic_selector_create_dynamic(0, 0, 65535);
        child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
index fef84a4..4accdfb 100644 (file)
@@ -223,8 +223,8 @@ static void setup_tunnel(private_ha_tunnel_t *this,
        peer_cfg->add_auth_cfg(peer_cfg, auth_cfg, FALSE);
 
        child_cfg = child_cfg_create("ha", &lifetime, NULL, TRUE, MODE_TRANSPORT,
-                                                                ACTION_NONE, ACTION_NONE, FALSE, 0, 0,
-                                                                NULL, NULL);
+                                                                ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE,
+                                                                0, 0, NULL, NULL);
        ts = traffic_selector_create_dynamic(IPPROTO_UDP, HA_PORT, HA_PORT);
        child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
        ts = traffic_selector_create_dynamic(IPPROTO_ICMP, 0, 65535);
index a230aa3..4fe5cf5 100644 (file)
@@ -224,8 +224,8 @@ static peer_cfg_t* generate_config(private_load_tester_config_t *this, uint num)
        }
 
        child_cfg = child_cfg_create("load-test", &lifetime, NULL, TRUE, MODE_TUNNEL,
-                                                                ACTION_NONE, ACTION_NONE, FALSE, 0, 0,
-                                                                NULL, NULL);
+                                                                ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE,
+                                                                0, 0, NULL, NULL);
        proposal = proposal_create_from_string(PROTO_ESP, "aes128-sha1");
        child_cfg->add_proposal(child_cfg, proposal);
        ts = traffic_selector_create_dynamic(0, 0, 65535);
index efd914a..8463f8a 100644 (file)
@@ -347,7 +347,7 @@ static gboolean initiate_connection(private_maemo_service_t *this,
 
        child_cfg = child_cfg_create(this->current, &lifetime, NULL /* updown */,
                                                                 TRUE, MODE_TUNNEL, ACTION_NONE, ACTION_NONE,
-                                                                FALSE, 0, 0, NULL, NULL);
+                                                                ACTION_NONE, FALSE, 0, 0, NULL, NULL);
        child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
        ts = traffic_selector_create_dynamic(0, 0, 65535);
        child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
index 870d87c..67f1c71 100644 (file)
@@ -182,8 +182,8 @@ static peer_cfg_t *get_peer_cfg_by_name(private_medcli_config_t *this, char *nam
        peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE);
 
        child_cfg = child_cfg_create(name, &lifetime, NULL, TRUE, MODE_TUNNEL,
-                                                                ACTION_NONE, ACTION_NONE, FALSE, 0, 0,
-                                                                NULL, NULL);
+                                                                ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE,
+                                                                0, 0, NULL, NULL);
        child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
        child_cfg->add_traffic_selector(child_cfg, TRUE, ts_from_string(local_net));
        child_cfg->add_traffic_selector(child_cfg, FALSE, ts_from_string(remote_net));
@@ -261,8 +261,8 @@ static bool peer_enumerator_enumerate(peer_enumerator_t *this, peer_cfg_t **cfg)
        this->current->add_auth_cfg(this->current, auth, FALSE);
 
        child_cfg = child_cfg_create(name, &lifetime, NULL, TRUE, MODE_TUNNEL,
-                                                                ACTION_NONE, ACTION_NONE, FALSE, 0, 0,
-                                                                NULL, NULL);
+                                                                ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE,
+                                                                0, 0, NULL, NULL);
        child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
        child_cfg->add_traffic_selector(child_cfg, TRUE, ts_from_string(local_net));
        child_cfg->add_traffic_selector(child_cfg, FALSE, ts_from_string(remote_net));
index 72c5bbb..44b5f0c 100644 (file)
@@ -518,8 +518,8 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
 
        child_cfg = child_cfg_create(priv->name, &lifetime,
                                                                 NULL, TRUE, MODE_TUNNEL, /* updown, hostaccess */
-                                                                ACTION_NONE, ACTION_NONE, ipcomp, 0, 0,
-                                                                NULL, NULL);
+                                                                ACTION_NONE, ACTION_NONE, ACTION_NONE, ipcomp,
+                                                                0, 0, NULL, NULL);
        child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
        ts = traffic_selector_create_dynamic(0, 0, 65535);
        child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
index 5a6dd10..36bac22 100644 (file)
@@ -20,6 +20,7 @@ CREATE TABLE `child_configs` (
   `updown` varchar(128) collate utf8_unicode_ci default NULL,
   `hostaccess` tinyint(1) unsigned NOT NULL default '0',
   `mode` tinyint(4) unsigned NOT NULL default '2',
+  `start_action` tinyint(4) unsigned NOT NULL default '0'
   `dpd_action` tinyint(4) unsigned NOT NULL default '0',
   `close_action` tinyint(4) unsigned NOT NULL default '0',
   `ipcomp` tinyint(4) unsigned NOT NULL default '0',
index a47d93f..d33bddc 100644 (file)
@@ -123,18 +123,19 @@ static void add_traffic_selectors(private_sql_config_t *this,
  */
 static child_cfg_t *build_child_cfg(private_sql_config_t *this, enumerator_t *e)
 {
-       int id, lifetime, rekeytime, jitter, hostaccess, mode, dpd, close, ipcomp;
+       int id, lifetime, rekeytime, jitter, hostaccess, mode, ipcomp;
+       int start, dpd, close;
        char *name, *updown;
        child_cfg_t *child_cfg;
 
-       if (e->enumerate(e, &id, &name, &lifetime, &rekeytime, &jitter,
-                                               &updown, &hostaccess, &mode, &dpd, &close, &ipcomp))
+       if (e->enumerate(e, &id, &name, &lifetime, &rekeytime, &jitter, &updown,
+                                               &hostaccess, &mode, &start, &dpd, &close, &ipcomp))
        {
                lifetime_cfg_t lft = {
                        .time = { .life = lifetime, .rekey = rekeytime, .jitter = jitter }
                };
                child_cfg = child_cfg_create(name, &lft, updown, hostaccess, mode,
-                                                                        dpd, close, ipcomp, 0, 0, NULL, NULL);
+                                                                        start, dpd, close, ipcomp, 0, 0, NULL, NULL);
                /* TODO: read proposal from db */
                child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
                add_traffic_selectors(this, child_cfg, id);
@@ -152,13 +153,13 @@ static void add_child_cfgs(private_sql_config_t *this, peer_cfg_t *peer, int id)
        child_cfg_t *child_cfg;
 
        e = this->db->query(this->db,
-                       "SELECT id, name, lifetime, rekeytime, jitter, "
-                       "updown, hostaccess, mode, dpd_action, close_action, ipcomp "
+                       "SELECT id, name, lifetime, rekeytime, jitter, updown, "
+                       "hostaccess, mode, start_action, dpd_action, close_action, ipcomp "
                        "FROM child_configs JOIN peer_config_child_config ON id = child_cfg "
                        "WHERE peer_cfg = ?",
                        DB_INT, id,
-                       DB_INT, DB_TEXT, DB_INT, DB_INT, DB_INT,
-                       DB_TEXT, DB_INT, DB_INT, DB_INT, DB_INT, DB_INT);
+                       DB_INT, DB_TEXT, DB_INT, DB_INT, DB_INT, DB_TEXT,
+                       DB_INT, DB_INT, DB_INT, DB_INT, DB_INT, DB_INT);
        if (e)
        {
                while ((child_cfg = build_child_cfg(this, e)))
index fcf5a14..fb5f474 100644 (file)
@@ -19,6 +19,7 @@ CREATE TABLE child_configs (
   updown TEXT DEFAULT NULL,
   hostaccess INTEGER NOT NULL DEFAULT '0',
   mode INTEGER NOT NULL DEFAULT '2',
+  start_action INTEGER NOT NULL DEFAULT '0',
   dpd_action INTEGER NOT NULL DEFAULT '0',
   close_action INTEGER NOT NULL DEFAULT '0',
   ipcomp INTEGER NOT NULL DEFAULT '0'
index 11c1103..6669f38 100644 (file)
@@ -93,6 +93,59 @@ static child_cfg_t* get_child_from_peer(peer_cfg_t *peer_cfg, char *name)
 }
 
 /**
+ * Handles all connections that must be either started or routed
+ * Currently only for connections stored in an SQL database
+ * Connection defined in ipsec.conf are started via stroke commands
+ */
+static void start_all_connections(void)
+{
+       enumerator_t *enumerator, *children;
+       peer_cfg_t *peer_cfg;
+       child_cfg_t *child_cfg;
+       char *name;
+
+       enumerator = charon->backends->create_peer_cfg_enumerator(charon->backends,
+                                                                                                       NULL, NULL, NULL, NULL);
+       while (enumerator->enumerate(enumerator, &peer_cfg))
+       {
+               if (peer_cfg->get_ike_version(peer_cfg) != 2)
+               {
+                       continue;
+               }
+
+               children = peer_cfg->create_child_cfg_enumerator(peer_cfg);
+               while (children->enumerate(children, &child_cfg))
+               {
+                       name = child_cfg->get_name(child_cfg);
+
+                       switch (child_cfg->get_start_action(child_cfg))
+                       {
+                               case ACTION_RESTART:
+                                       charon->controller->initiate(charon->controller,
+                                                                                                peer_cfg->get_ref(peer_cfg),
+                                                                                                child_cfg->get_ref(child_cfg),
+                                                                                                NULL, NULL);
+                                       break;
+                               case ACTION_ROUTE:
+                                       if (charon->traps->install(charon->traps, peer_cfg, child_cfg))
+                                       {
+                                               DBG1(DBG_CFG, "configuration '%s' routed", name);
+                                       }
+                                       else
+                                       {
+                                               DBG1(DBG_CFG, "routing configuration '%s' failed", name);
+                                       }
+                                       break;
+                               case ACTION_NONE:
+                                       break;
+                       }
+               }
+               children->destroy(children);
+       }
+       enumerator->destroy(enumerator);
+}
+
+/**
  * Implementation of stroke_control_t.initiate.
  */
 static void initiate(private_stroke_control_t *this, stroke_msg_t *msg, FILE *out)
@@ -101,6 +154,12 @@ static void initiate(private_stroke_control_t *this, stroke_msg_t *msg, FILE *ou
        child_cfg_t *child_cfg;
        stroke_log_info_t info;
 
+       if (streq(msg->initiate.name, "%startall"))
+       {
+               start_all_connections();
+               return;
+       }
+
        peer_cfg = charon->backends->get_peer_cfg_by_name(charon->backends,
                                                                                                          msg->initiate.name);
        if (peer_cfg == NULL)
index ddddae7..f16da22 100644 (file)
@@ -196,8 +196,8 @@ static bool peer_enumerator_enumerate(peer_enumerator_t *this, peer_cfg_t **cfg)
                this->peer_cfg->add_auth_cfg(this->peer_cfg, auth, FALSE);
 
                child_cfg = child_cfg_create(name, &lifetime, NULL, TRUE, MODE_TUNNEL,
-                                                                        ACTION_NONE, ACTION_NONE, FALSE, 0, 0,
-                                                                        NULL, NULL);
+                                                                        ACTION_NONE, ACTION_NONE, ACTION_NONE,
+                                                                        FALSE, 0, 0, NULL, NULL);
                child_cfg->add_proposal(child_cfg, create_proposal(esp_proposal, PROTO_ESP));
                child_cfg->add_traffic_selector(child_cfg, TRUE, create_ts(local_net));
                child_cfg->add_traffic_selector(child_cfg, FALSE, create_ts(remote_net));
index eb41533..a4ae722 100644 (file)
@@ -18,6 +18,7 @@ CREATE TABLE child_configs (
   updown TEXT DEFAULT NULL,
   hostaccess INTEGER NOT NULL DEFAULT '0',
   mode INTEGER NOT NULL DEFAULT '2',
+  start_action INTEGER NOT NULL DEFAULT '0',
   dpd_action INTEGER NOT NULL DEFAULT '0',
   close_action INTEGER NOT NULL DEFAULT '0',
   ipcomp INTEGER NOT NULL DEFAULT '0'