diff options
Diffstat (limited to 'src/libcharon/plugins/ha')
| -rw-r--r-- | src/libcharon/plugins/ha/ha_cache.c | 12 | ||||
| -rw-r--r-- | src/libcharon/plugins/ha/ha_cache.h | 3 | ||||
| -rw-r--r-- | src/libcharon/plugins/ha/ha_plugin.c | 128 |
3 files changed, 83 insertions, 60 deletions
diff --git a/src/libcharon/plugins/ha/ha_cache.c b/src/libcharon/plugins/ha/ha_cache.c index 6c1b3471d..0650f7fd9 100644 --- a/src/libcharon/plugins/ha/ha_cache.c +++ b/src/libcharon/plugins/ha/ha_cache.c @@ -43,6 +43,11 @@ struct private_ha_cache_t { ha_socket_t *socket; /** + * Tunnel securing sync messages + */ + ha_tunnel_t *tunnel; + + /** * Total number of segments */ u_int count; @@ -259,6 +264,10 @@ static void rekey_segment(private_ha_cache_t *this, u_int segment) charon->ike_sa_manager, TRUE); while (enumerator->enumerate(enumerator, &ike_sa)) { + if (this->tunnel && this->tunnel->is_sa(this->tunnel, ike_sa)) + { + continue; + } if (ike_sa->get_state(ike_sa) == IKE_ESTABLISHED && this->kernel->get_segment(this->kernel, ike_sa->get_other_host(ike_sa)) == segment) @@ -365,7 +374,7 @@ METHOD(ha_cache_t, destroy, void, * See header */ ha_cache_t *ha_cache_create(ha_kernel_t *kernel, ha_socket_t *socket, - bool sync, u_int count) + ha_tunnel_t *tunnel, bool sync, u_int count) { private_ha_cache_t *this; @@ -379,6 +388,7 @@ ha_cache_t *ha_cache_create(ha_kernel_t *kernel, ha_socket_t *socket, .count = count, .kernel = kernel, .socket = socket, + .tunnel = tunnel, .cache = hashtable_create(hashtable_hash_ptr, hashtable_equals_ptr, 8), .mutex = mutex_create(MUTEX_TYPE_DEFAULT), ); diff --git a/src/libcharon/plugins/ha/ha_cache.h b/src/libcharon/plugins/ha/ha_cache.h index 5e3936a20..8cfcbb24c 100644 --- a/src/libcharon/plugins/ha/ha_cache.h +++ b/src/libcharon/plugins/ha/ha_cache.h @@ -69,10 +69,11 @@ struct ha_cache_t { * * @param kernel kernel helper * @param socket socket to send resync messages + * @param tunnel HA tunnel * @param resync request a resync during startup? * @param count total number of segments */ ha_cache_t *ha_cache_create(ha_kernel_t *kernel, ha_socket_t *socket, - bool resync, u_int count); + ha_tunnel_t *tunnel, bool resync, u_int count); #endif /** HA_CACHE_H_ @}*/ diff --git a/src/libcharon/plugins/ha/ha_plugin.c b/src/libcharon/plugins/ha/ha_plugin.c index a58377bab..037b69bac 100644 --- a/src/libcharon/plugins/ha/ha_plugin.c +++ b/src/libcharon/plugins/ha/ha_plugin.c @@ -97,13 +97,73 @@ METHOD(plugin_t, get_name, char*, } /** - * Register listener + * Initialize plugin + */ +static bool initialize_plugin(private_ha_plugin_t *this) +{ + char *local, *remote, *secret; + u_int count; + bool fifo, monitor, resync; + + local = lib->settings->get_str(lib->settings, + "%s.plugins.ha.local", NULL, lib->ns); + remote = lib->settings->get_str(lib->settings, + "%s.plugins.ha.remote", NULL, lib->ns); + secret = lib->settings->get_str(lib->settings, + "%s.plugins.ha.secret", NULL, lib->ns); + fifo = lib->settings->get_bool(lib->settings, + "%s.plugins.ha.fifo_interface", TRUE, lib->ns); + monitor = lib->settings->get_bool(lib->settings, + "%s.plugins.ha.monitor", TRUE, lib->ns); + resync = lib->settings->get_bool(lib->settings, + "%s.plugins.ha.resync", TRUE, lib->ns); + count = min(SEGMENTS_MAX, lib->settings->get_int(lib->settings, + "%s.plugins.ha.segment_count", 1, lib->ns)); + if (!local || !remote) + { + DBG1(DBG_CFG, "HA config misses local/remote address"); + return FALSE; + } + + if (secret) + { + this->tunnel = ha_tunnel_create(local, remote, secret); + } + this->socket = ha_socket_create(local, remote); + if (!this->socket) + { + return FALSE; + } + this->kernel = ha_kernel_create(count); + this->segments = ha_segments_create(this->socket, this->kernel, this->tunnel, + count, strcmp(local, remote) > 0, monitor); + this->cache = ha_cache_create(this->kernel, this->socket, this->tunnel, + resync, count); + if (fifo) + { + this->ctl = ha_ctl_create(this->segments, this->cache); + } + this->attr = ha_attribute_create(this->kernel, this->segments); + this->dispatcher = ha_dispatcher_create(this->socket, this->segments, + this->cache, this->kernel, this->attr); + this->ike = ha_ike_create(this->socket, this->tunnel, this->cache); + this->child = ha_child_create(this->socket, this->tunnel, this->segments, + this->kernel); + return TRUE; +} + +/** + * Initialize plugin and register listener */ static bool plugin_cb(private_ha_plugin_t *this, plugin_feature_t *feature, bool reg, void *cb_data) { if (reg) { + if (!initialize_plugin(this)) + { + return FALSE; + } charon->bus->add_listener(charon->bus, &this->segments->listener); charon->bus->add_listener(charon->bus, &this->ike->listener); charon->bus->add_listener(charon->bus, &this->child->listener); @@ -127,6 +187,7 @@ METHOD(plugin_t, get_features, int, static plugin_feature_t f[] = { PLUGIN_CALLBACK((plugin_feature_callback_t)plugin_cb, NULL), PLUGIN_PROVIDE(CUSTOM, "ha"), + PLUGIN_SDEPEND(CUSTOM, "kernel-ipsec"), }; *features = f; return countof(f); @@ -136,14 +197,14 @@ METHOD(plugin_t, destroy, void, private_ha_plugin_t *this) { DESTROY_IF(this->ctl); - this->ike->destroy(this->ike); - this->child->destroy(this->child); - this->dispatcher->destroy(this->dispatcher); - this->attr->destroy(this->attr); - this->cache->destroy(this->cache); - this->segments->destroy(this->segments); - this->kernel->destroy(this->kernel); - this->socket->destroy(this->socket); + DESTROY_IF(this->ike); + DESTROY_IF(this->child); + DESTROY_IF(this->dispatcher); + DESTROY_IF(this->attr); + DESTROY_IF(this->cache); + DESTROY_IF(this->segments); + DESTROY_IF(this->kernel); + DESTROY_IF(this->socket); DESTROY_IF(this->tunnel); free(this); } @@ -154,29 +215,6 @@ METHOD(plugin_t, destroy, void, plugin_t *ha_plugin_create() { private_ha_plugin_t *this; - char *local, *remote, *secret; - u_int count; - bool fifo, monitor, resync; - - local = lib->settings->get_str(lib->settings, - "%s.plugins.ha.local", NULL, lib->ns); - remote = lib->settings->get_str(lib->settings, - "%s.plugins.ha.remote", NULL, lib->ns); - secret = lib->settings->get_str(lib->settings, - "%s.plugins.ha.secret", NULL, lib->ns); - fifo = lib->settings->get_bool(lib->settings, - "%s.plugins.ha.fifo_interface", TRUE, lib->ns); - monitor = lib->settings->get_bool(lib->settings, - "%s.plugins.ha.monitor", TRUE, lib->ns); - resync = lib->settings->get_bool(lib->settings, - "%s.plugins.ha.resync", TRUE, lib->ns); - count = min(SEGMENTS_MAX, lib->settings->get_int(lib->settings, - "%s.plugins.ha.segment_count", 1, lib->ns)); - if (!local || !remote) - { - DBG1(DBG_CFG, "HA config misses local/remote address"); - return NULL; - } if (!lib->caps->keep(lib->caps, CAP_CHOWN)) { /* required to chown(2) control socket, ha_kernel also needs it at @@ -195,31 +233,5 @@ plugin_t *ha_plugin_create() }, ); - if (secret) - { - this->tunnel = ha_tunnel_create(local, remote, secret); - } - this->socket = ha_socket_create(local, remote); - if (!this->socket) - { - DESTROY_IF(this->tunnel); - free(this); - return NULL; - } - this->kernel = ha_kernel_create(count); - this->segments = ha_segments_create(this->socket, this->kernel, this->tunnel, - count, strcmp(local, remote) > 0, monitor); - this->cache = ha_cache_create(this->kernel, this->socket, resync, count); - if (fifo) - { - this->ctl = ha_ctl_create(this->segments, this->cache); - } - this->attr = ha_attribute_create(this->kernel, this->segments); - this->dispatcher = ha_dispatcher_create(this->socket, this->segments, - this->cache, this->kernel, this->attr); - this->ike = ha_ike_create(this->socket, this->tunnel, this->cache); - this->child = ha_child_create(this->socket, this->tunnel, this->segments, - this->kernel); - return &this->public.plugin; } |