summaryrefslogtreecommitdiff
path: root/src/libcharon/control
diff options
context:
space:
mode:
authorYves-Alexis Perez <corsac@debian.org>2013-01-02 14:18:20 +0100
committerYves-Alexis Perez <corsac@debian.org>2013-01-02 14:18:20 +0100
commitc1343b3278cdf99533b7902744d15969f9d6fdc1 (patch)
treed5ed3dc5677a59260ec41cd39bb284d3e94c91b3 /src/libcharon/control
parentb34738ed08c2227300d554b139e2495ca5da97d6 (diff)
downloadvyos-strongswan-c1343b3278cdf99533b7902744d15969f9d6fdc1.tar.gz
vyos-strongswan-c1343b3278cdf99533b7902744d15969f9d6fdc1.zip
Imported Upstream version 5.0.1
Diffstat (limited to 'src/libcharon/control')
-rw-r--r--src/libcharon/control/controller.c437
-rw-r--r--src/libcharon/control/controller.h37
2 files changed, 326 insertions, 148 deletions
diff --git a/src/libcharon/control/controller.c b/src/libcharon/control/controller.c
index 0f247962b..77d73dba9 100644
--- a/src/libcharon/control/controller.c
+++ b/src/libcharon/control/controller.c
@@ -1,4 +1,5 @@
/*
+ * Copyright (C) 2011-2012 Tobias Brunner
* Copyright (C) 2007-2011 Martin Willi
* Copyright (C) 2011 revosec AG
* Hochschule fuer Technik Rapperswil
@@ -23,10 +24,13 @@
#include <daemon.h>
#include <library.h>
-
+#include <threading/thread.h>
+#include <threading/spinlock.h>
+#include <threading/semaphore.h>
typedef struct private_controller_t private_controller_t;
typedef struct interface_listener_t interface_listener_t;
+typedef struct interface_logger_t interface_logger_t;
/**
* Private data of an stroke_t object.
@@ -40,19 +44,18 @@ struct private_controller_t {
};
/**
- * helper struct to map listener callbacks to interface callbacks
+ * helper struct for the logger interface
*/
-struct interface_listener_t {
-
+struct interface_logger_t {
/**
- * public bus listener interface
+ * public logger interface
*/
- listener_t public;
+ logger_t public;
/**
- * status of the operation, return to method callers
+ * reference to the listener
*/
- status_t status;
+ interface_listener_t *listener;
/**
* interface callback (listener gets redirected to here)
@@ -63,6 +66,27 @@ struct interface_listener_t {
* user parameter to pass to callback
*/
void *param;
+};
+
+/**
+ * helper struct to map listener callbacks to interface callbacks
+ */
+struct interface_listener_t {
+
+ /**
+ * public bus listener interface
+ */
+ listener_t public;
+
+ /**
+ * logger interface
+ */
+ interface_logger_t logger;
+
+ /**
+ * status of the operation, return to method callers
+ */
+ status_t status;
/**
* child configuration, used for initiate
@@ -80,14 +104,19 @@ struct interface_listener_t {
ike_sa_t *ike_sa;
/**
- * CHILD_SA to handle
+ * unique ID, used for various methods
*/
- child_sa_t *child_sa;
+ u_int32_t id;
/**
- * unique ID, used for various methods
+ * semaphore to implement wait_for_listener()
*/
- u_int32_t id;
+ semaphore_t *done;
+
+ /**
+ * spinlock to update the IKE_SA handle properly
+ */
+ spinlock_t *lock;
};
@@ -107,20 +136,103 @@ struct interface_job_t {
* associated listener
*/
interface_listener_t listener;
+
+ /**
+ * the job is reference counted as the thread executing a job as well as
+ * the thread waiting in wait_for_listener() require it but either of them
+ * could be done first
+ */
+ refcount_t refcount;
};
-METHOD(listener_t, listener_log, bool,
- interface_listener_t *this, debug_t group, level_t level, int thread,
- ike_sa_t *ike_sa, char* format, va_list args)
+/**
+ * This function wakes a thread that is waiting in wait_for_listener(),
+ * either from a listener or from a job.
+ */
+static inline bool listener_done(interface_listener_t *listener)
{
- if (this->ike_sa == ike_sa)
+ if (listener->done)
{
- if (!this->callback(this->param, group, level, ike_sa, format, args))
+ listener->done->post(listener->done);
+ }
+ return FALSE;
+}
+
+/**
+ * thread_cleanup_t handler to unregister a listener.
+ */
+static void listener_unregister(interface_listener_t *listener)
+{
+ charon->bus->remove_listener(charon->bus, &listener->public);
+ charon->bus->remove_logger(charon->bus, &listener->logger.public);
+}
+
+/**
+ * Registers the listener, executes the job and then waits synchronously until
+ * the listener is done or the timeout occurred.
+ *
+ * @note Use 'return listener_done(listener)' to properly unregister a listener
+ *
+ * @param listener listener to register
+ * @param job job to execute asynchronously when registered, or NULL
+ * @param timeout max timeout in ms to listen for events, 0 to disable
+ * @return TRUE if timed out
+ */
+static bool wait_for_listener(interface_job_t *job, u_int timeout)
+{
+ interface_listener_t *listener = &job->listener;
+ bool old, timed_out = FALSE;
+
+ /* avoid that the job is destroyed too early */
+ ref_get(&job->refcount);
+
+ listener->done = semaphore_create(0);
+
+ charon->bus->add_logger(charon->bus, &listener->logger.public);
+ charon->bus->add_listener(charon->bus, &listener->public);
+ lib->processor->queue_job(lib->processor, &job->public);
+
+ thread_cleanup_push((thread_cleanup_t)listener_unregister, listener);
+ old = thread_cancelability(TRUE);
+ if (timeout)
+ {
+ timed_out = listener->done->timed_wait(listener->done, timeout);
+ }
+ else
+ {
+ listener->done->wait(listener->done);
+ }
+ thread_cancelability(old);
+ thread_cleanup_pop(TRUE);
+ return timed_out;
+}
+
+METHOD(logger_t, listener_log, void,
+ interface_logger_t *this, debug_t group, level_t level, int thread,
+ ike_sa_t *ike_sa, const char *message)
+{
+ ike_sa_t *target;
+
+ this->listener->lock->lock(this->listener->lock);
+ target = this->listener->ike_sa;
+ this->listener->lock->unlock(this->listener->lock);
+
+ if (target == ike_sa)
+ {
+ if (!this->callback(this->param, group, level, ike_sa, message))
{
- return FALSE;
+ this->listener->status = NEED_MORE;
+ listener_done(this->listener);
}
}
- return TRUE;
+}
+
+METHOD(logger_t, listener_get_level, level_t,
+ interface_logger_t *this, debug_t group)
+{
+ /* in order to allow callback listeners to decide what they want to log
+ * we request any log message, but only if we actually want logging */
+ return this->callback == controller_cb_empty ? LEVEL_SILENT : LEVEL_PRIVATE;
}
METHOD(job_t, get_priority_medium, job_priority_t,
@@ -132,7 +244,13 @@ METHOD(job_t, get_priority_medium, job_priority_t,
METHOD(listener_t, ike_state_change, bool,
interface_listener_t *this, ike_sa_t *ike_sa, ike_sa_state_t state)
{
- if (this->ike_sa == ike_sa)
+ ike_sa_t *target;
+
+ this->lock->lock(this->lock);
+ target = this->ike_sa;
+ this->lock->unlock(this->lock);
+
+ if (target == ike_sa)
{
switch (state)
{
@@ -144,7 +262,7 @@ METHOD(listener_t, ike_state_change, bool,
if (peer_cfg->is_mediation(peer_cfg))
{
this->status = SUCCESS;
- return FALSE;
+ return listener_done(this);
}
break;
}
@@ -154,7 +272,7 @@ METHOD(listener_t, ike_state_change, bool,
{ /* proper termination */
this->status = SUCCESS;
}
- return FALSE;
+ return listener_done(this);
default:
break;
}
@@ -166,13 +284,19 @@ METHOD(listener_t, child_state_change, bool,
interface_listener_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa,
child_sa_state_t state)
{
- if (this->ike_sa == ike_sa)
+ ike_sa_t *target;
+
+ this->lock->lock(this->lock);
+ target = this->ike_sa;
+ this->lock->unlock(this->lock);
+
+ if (target == ike_sa)
{
switch (state)
{
case CHILD_INSTALLED:
this->status = SUCCESS;
- return FALSE;
+ return listener_done(this);
case CHILD_DESTROYING:
switch (child_sa->get_state(child_sa))
{
@@ -183,7 +307,7 @@ METHOD(listener_t, child_state_change, bool,
default:
break;
}
- return FALSE;
+ return listener_done(this);
default:
break;
}
@@ -191,13 +315,14 @@ METHOD(listener_t, child_state_change, bool,
return TRUE;
}
-METHOD(job_t, recheckin, void,
- interface_job_t *job)
+METHOD(job_t, destroy_job, void,
+ interface_job_t *this)
{
- if (job->listener.ike_sa)
+ if (ref_put(&this->refcount))
{
- charon->ike_sa_manager->checkin(charon->ike_sa_manager,
- job->listener.ike_sa);
+ this->listener.lock->destroy(this->listener.lock);
+ DESTROY_IF(this->listener.done);
+ free(this);
}
}
@@ -208,7 +333,7 @@ METHOD(controller_t, create_ike_sa_enumerator, enumerator_t*,
wait);
}
-METHOD(job_t, initiate_execute, void,
+METHOD(job_t, initiate_execute, job_requeue_t,
interface_job_t *job)
{
ike_sa_t *ike_sa;
@@ -217,7 +342,18 @@ METHOD(job_t, initiate_execute, void,
ike_sa = charon->ike_sa_manager->checkout_by_config(charon->ike_sa_manager,
peer_cfg);
+ if (!ike_sa)
+ {
+ listener->child_cfg->destroy(listener->child_cfg);
+ peer_cfg->destroy(peer_cfg);
+ listener->status = FAILED;
+ /* release listener */
+ listener_done(listener);
+ return JOB_REQUEUE_NONE;
+ }
+ listener->lock->lock(listener->lock);
listener->ike_sa = ike_sa;
+ listener->lock->unlock(listener->lock);
if (ike_sa->get_peer_cfg(ike_sa) == NULL)
{
@@ -227,228 +363,271 @@ METHOD(job_t, initiate_execute, void,
if (ike_sa->initiate(ike_sa, listener->child_cfg, 0, NULL, NULL) == SUCCESS)
{
- charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
listener->status = SUCCESS;
+ charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
}
else
{
+ listener->status = FAILED;
charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager,
ike_sa);
- listener->status = FAILED;
}
+ return JOB_REQUEUE_NONE;
}
METHOD(controller_t, initiate, status_t,
private_controller_t *this, peer_cfg_t *peer_cfg, child_cfg_t *child_cfg,
controller_cb_t callback, void *param, u_int timeout)
{
- interface_job_t job = {
+ interface_job_t *job;
+ status_t status;
+
+ INIT(job,
.listener = {
.public = {
- .log = _listener_log,
.ike_state_change = _ike_state_change,
.child_state_change = _child_state_change,
},
- .callback = callback,
- .param = param,
+ .logger = {
+ .public = {
+ .log = _listener_log,
+ .get_level = _listener_get_level,
+ },
+ .callback = callback,
+ .param = param,
+ },
.status = FAILED,
.child_cfg = child_cfg,
.peer_cfg = peer_cfg,
+ .lock = spinlock_create(),
},
.public = {
.execute = _initiate_execute,
.get_priority = _get_priority_medium,
- .destroy = _recheckin,
+ .destroy = _destroy_job,
},
- };
+ .refcount = 1,
+ );
+ job->listener.logger.listener = &job->listener;
+
if (callback == NULL)
{
- initiate_execute(&job);
+ initiate_execute(job);
}
else
{
- if (charon->bus->listen(charon->bus, &job.listener.public, &job.public,
- timeout))
+ if (wait_for_listener(job, timeout))
{
- job.listener.status = OUT_OF_RES;
+ job->listener.status = OUT_OF_RES;
}
}
- return job.listener.status;
+ status = job->listener.status;
+ destroy_job(job);
+ return status;
}
-METHOD(job_t, terminate_ike_execute, void,
+METHOD(job_t, terminate_ike_execute, job_requeue_t,
interface_job_t *job)
{
interface_listener_t *listener = &job->listener;
- ike_sa_t *ike_sa = listener->ike_sa;
+ u_int32_t unique_id = listener->id;
+ ike_sa_t *ike_sa;
- charon->bus->set_sa(charon->bus, ike_sa);
+ ike_sa = charon->ike_sa_manager->checkout_by_id(charon->ike_sa_manager,
+ unique_id, FALSE);
+ if (!ike_sa)
+ {
+ DBG1(DBG_IKE, "unable to terminate IKE_SA: ID %d not found", unique_id);
+ listener->status = NOT_FOUND;
+ /* release listener */
+ listener_done(listener);
+ return JOB_REQUEUE_NONE;
+ }
+ listener->lock->lock(listener->lock);
+ listener->ike_sa = ike_sa;
+ listener->lock->unlock(listener->lock);
if (ike_sa->delete(ike_sa) != DESTROY_ME)
- {
- charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
- /* delete failed */
+ { /* delete failed */
listener->status = FAILED;
+ charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
}
else
{
+ listener->status = SUCCESS;
charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager,
ike_sa);
- listener->status = SUCCESS;
}
+ return JOB_REQUEUE_NONE;
}
METHOD(controller_t, terminate_ike, status_t,
controller_t *this, u_int32_t unique_id,
controller_cb_t callback, void *param, u_int timeout)
{
- ike_sa_t *ike_sa;
- interface_job_t job = {
+ interface_job_t *job;
+ status_t status;
+
+ INIT(job,
.listener = {
.public = {
- .log = _listener_log,
.ike_state_change = _ike_state_change,
.child_state_change = _child_state_change,
},
- .callback = callback,
- .param = param,
+ .logger = {
+ .public = {
+ .log = _listener_log,
+ .get_level = _listener_get_level,
+ },
+ .callback = callback,
+ .param = param,
+ },
.status = FAILED,
.id = unique_id,
+ .lock = spinlock_create(),
},
.public = {
.execute = _terminate_ike_execute,
.get_priority = _get_priority_medium,
- .destroy = _recheckin,
+ .destroy = _destroy_job,
},
- };
-
- ike_sa = charon->ike_sa_manager->checkout_by_id(charon->ike_sa_manager,
- unique_id, FALSE);
- if (ike_sa == NULL)
- {
- DBG1(DBG_IKE, "unable to terminate IKE_SA: ID %d not found", unique_id);
- return NOT_FOUND;
- }
- job.listener.ike_sa = ike_sa;
+ .refcount = 1,
+ );
+ job->listener.logger.listener = &job->listener;
if (callback == NULL)
{
- terminate_ike_execute(&job);
+ terminate_ike_execute(job);
}
else
{
- if (charon->bus->listen(charon->bus, &job.listener.public, &job.public,
- timeout))
+ if (wait_for_listener(job, timeout))
{
- job.listener.status = OUT_OF_RES;
+ job->listener.status = OUT_OF_RES;
}
- /* checkin of the ike_sa happened in the thread that executed the job */
- charon->bus->set_sa(charon->bus, NULL);
}
- return job.listener.status;
+ status = job->listener.status;
+ destroy_job(job);
+ return status;
}
-METHOD(job_t, terminate_child_execute, void,
+METHOD(job_t, terminate_child_execute, job_requeue_t,
interface_job_t *job)
{
interface_listener_t *listener = &job->listener;
- ike_sa_t *ike_sa = listener->ike_sa;
- child_sa_t *child_sa = listener->child_sa;
+ u_int32_t reqid = listener->id;
+ enumerator_t *enumerator;
+ child_sa_t *child_sa;
+ ike_sa_t *ike_sa;
- charon->bus->set_sa(charon->bus, ike_sa);
- if (ike_sa->delete_child_sa(ike_sa, child_sa->get_protocol(child_sa),
- child_sa->get_spi(child_sa, TRUE)) != DESTROY_ME)
+ ike_sa = charon->ike_sa_manager->checkout_by_id(charon->ike_sa_manager,
+ reqid, TRUE);
+ if (!ike_sa)
+ {
+ DBG1(DBG_IKE, "unable to terminate, CHILD_SA with ID %d not found",
+ reqid);
+ listener->status = NOT_FOUND;
+ /* release listener */
+ listener_done(listener);
+ return JOB_REQUEUE_NONE;
+ }
+ listener->lock->lock(listener->lock);
+ listener->ike_sa = ike_sa;
+ listener->lock->unlock(listener->lock);
+
+ enumerator = ike_sa->create_child_sa_enumerator(ike_sa);
+ while (enumerator->enumerate(enumerator, (void**)&child_sa))
{
+ if (child_sa->get_state(child_sa) != CHILD_ROUTED &&
+ child_sa->get_reqid(child_sa) == reqid)
+ {
+ break;
+ }
+ child_sa = NULL;
+ }
+ enumerator->destroy(enumerator);
+
+ if (!child_sa)
+ {
+ DBG1(DBG_IKE, "unable to terminate, established "
+ "CHILD_SA with ID %d not found", reqid);
charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
+ listener->status = NOT_FOUND;
+ /* release listener */
+ listener_done(listener);
+ return JOB_REQUEUE_NONE;
+ }
+
+ if (ike_sa->delete_child_sa(ike_sa, child_sa->get_protocol(child_sa),
+ child_sa->get_spi(child_sa, TRUE), FALSE) != DESTROY_ME)
+ {
listener->status = SUCCESS;
+ charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
}
else
{
+ listener->status = FAILED;
charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager,
ike_sa);
- listener->status = FAILED;
}
+ return JOB_REQUEUE_NONE;
}
METHOD(controller_t, terminate_child, status_t,
controller_t *this, u_int32_t reqid,
controller_cb_t callback, void *param, u_int timeout)
{
- ike_sa_t *ike_sa;
- child_sa_t *child_sa;
- enumerator_t *enumerator;
- interface_job_t job = {
+ interface_job_t *job;
+ status_t status;
+
+ INIT(job,
.listener = {
.public = {
- .log = _listener_log,
.ike_state_change = _ike_state_change,
.child_state_change = _child_state_change,
},
- .callback = callback,
- .param = param,
+ .logger = {
+ .public = {
+ .log = _listener_log,
+ .get_level = _listener_get_level,
+ },
+ .callback = callback,
+ .param = param,
+ },
.status = FAILED,
.id = reqid,
+ .lock = spinlock_create(),
},
.public = {
.execute = _terminate_child_execute,
.get_priority = _get_priority_medium,
- .destroy = _recheckin,
+ .destroy = _destroy_job,
},
- };
-
- ike_sa = charon->ike_sa_manager->checkout_by_id(charon->ike_sa_manager,
- reqid, TRUE);
- if (ike_sa == NULL)
- {
- DBG1(DBG_IKE, "unable to terminate, CHILD_SA with ID %d not found",
- reqid);
- return NOT_FOUND;
- }
- job.listener.ike_sa = ike_sa;
-
- enumerator = ike_sa->create_child_sa_enumerator(ike_sa);
- while (enumerator->enumerate(enumerator, (void**)&child_sa))
- {
- if (child_sa->get_state(child_sa) != CHILD_ROUTED &&
- child_sa->get_reqid(child_sa) == reqid)
- {
- break;
- }
- child_sa = NULL;
- }
- enumerator->destroy(enumerator);
-
- if (child_sa == NULL)
- {
- DBG1(DBG_IKE, "unable to terminate, established "
- "CHILD_SA with ID %d not found", reqid);
- charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
- return NOT_FOUND;
- }
- job.listener.child_sa = child_sa;
+ .refcount = 1,
+ );
+ job->listener.logger.listener = &job->listener;
if (callback == NULL)
{
- terminate_child_execute(&job);
+ terminate_child_execute(job);
}
else
{
- if (charon->bus->listen(charon->bus, &job.listener.public, &job.public,
- timeout))
+ if (wait_for_listener(job, timeout))
{
- job.listener.status = OUT_OF_RES;
+ job->listener.status = OUT_OF_RES;
}
- /* checkin of the ike_sa happened in the thread that executed the job */
- charon->bus->set_sa(charon->bus, NULL);
}
- return job.listener.status;
+ status = job->listener.status;
+ destroy_job(job);
+ return status;
}
/**
* See header
*/
bool controller_cb_empty(void *param, debug_t group, level_t level,
- ike_sa_t *ike_sa, char *format, va_list args)
+ ike_sa_t *ike_sa, const char *message)
{
return TRUE;
}
diff --git a/src/libcharon/control/controller.h b/src/libcharon/control/controller.h
index 6adaef109..222285cde 100644
--- a/src/libcharon/control/controller.h
+++ b/src/libcharon/control/controller.h
@@ -24,27 +24,26 @@
#include <bus/bus.h>
/**
- * callback to log things triggered by controller.
+ * Callback to log things triggered by controller.
*
- * @param param echoed parameter supplied when function invoked
+ * @param param parameter supplied when controller method was called
* @param group debugging group
- * @param level verbosity level if log
+ * @param level verbosity level
* @param ike_sa associated IKE_SA, if any
- * @param format printf like format string
- * @param args list of arguments to use for format
- * @return FALSE to return from invoked function
+ * @param message log message
+ * @return FALSE to return from called controller method
*/
-typedef bool(*controller_cb_t)(void* param, debug_t group, level_t level,
- ike_sa_t* ike_sa, char* format, va_list args);
+typedef bool (*controller_cb_t)(void* param, debug_t group, level_t level,
+ ike_sa_t* ike_sa, const char *message);
/**
- * Empty callback function for controller_t functions.
+ * Empty callback function for controller_t methods.
*
* If you want to do a synchronous call, but don't need a callback, pass
- * this function to the controllers methods.
+ * this function to the controller methods.
*/
bool controller_cb_empty(void *param, debug_t group, level_t level,
- ike_sa_t *ike_sa, char *format, va_list args);
+ ike_sa_t *ike_sa, const char *message);
typedef struct controller_t controller_t;
@@ -75,9 +74,8 @@ struct controller_t {
/**
* Initiate a CHILD_SA, and if required, an IKE_SA.
*
- * The initiate() function is synchronous and thus blocks until the
- * IKE_SA is established or failed. Because of this, the initiate() function
- * contains a thread cancellation point.
+ * If a callback is provided the function is synchronous and thus blocks
+ * until the IKE_SA is established or failed.
*
* @param peer_cfg peer_cfg to use for IKE_SA setup
* @param child_cfg child_cfg to set up CHILD_SA from
@@ -97,9 +95,8 @@ struct controller_t {
/**
* Terminate an IKE_SA and all of its CHILD_SAs.
*
- * The terminate() function is synchronous and thus blocks until the
- * IKE_SA is properly deleted, or the delete timed out.
- * The terminate() function contains a thread cancellation point.
+ * If a callback is provided the function is synchronous and thus blocks
+ * until the IKE_SA is properly deleted, or the call timed out.
*
* @param unique_id unique id of the IKE_SA to terminate.
* @param cb logging callback
@@ -118,6 +115,9 @@ struct controller_t {
/**
* Terminate a CHILD_SA.
*
+ * If a callback is provided the function is synchronous and thus blocks
+ * until the CHILD_SA is properly deleted, or the call timed out.
+ *
* @param reqid reqid of the CHILD_SA to terminate
* @param cb logging callback
* @param param parameter to include in each call of cb
@@ -138,12 +138,11 @@ struct controller_t {
void (*destroy) (controller_t *this);
};
-
/**
* Creates a controller instance.
*
* @return controller_t object
*/
-controller_t *controller_create(void);
+controller_t *controller_create();
#endif /** CONTROLLER_H_ @}*/