void charon_esa_acquire(result_type *res, const sp_id_type sp_id)
{
+ kernel_acquire_data_t data = {};
+
DBG1(DBG_KNL, "ees: acquire received for reqid %u", sp_id);
- charon->kernel->acquire(charon->kernel, sp_id, NULL, NULL);
+ charon->kernel->acquire(charon->kernel, sp_id, &data);
*res = TKM_OK;
}
}
METHOD(kernel_listener_t, acquire, bool,
- private_kernel_handler_t *this, uint32_t reqid,
- traffic_selector_t *src_ts, traffic_selector_t *dst_ts)
+ private_kernel_handler_t *this, uint32_t reqid, kernel_acquire_data_t *data)
{
- if (src_ts && dst_ts)
+ if (data->src && data->dst)
{
DBG1(DBG_KNL, "creating acquire job for policy %R === %R with "
- "reqid {%u}", src_ts, dst_ts, reqid);
+ "reqid {%u}", data->src, data->dst, reqid);
}
else
{
DBG1(DBG_KNL, "creating acquire job for policy with reqid {%u}", reqid);
}
lib->processor->queue_job(lib->processor,
- (job_t*)acquire_job_create(reqid, src_ts, dst_ts));
+ (job_t*)acquire_job_create(reqid, data));
return TRUE;
}
METHOD(kernel_interface_t, acquire, void,
private_kernel_interface_t *this, uint32_t reqid,
- traffic_selector_t *src_ts, traffic_selector_t *dst_ts)
+ kernel_acquire_data_t *data)
{
kernel_listener_t *listener;
enumerator_t *enumerator;
enumerator = this->listeners->create_enumerator(this->listeners);
while (enumerator->enumerate(enumerator, &listener))
{
- if (listener->acquire &&
- !listener->acquire(listener, reqid, src_ts, dst_ts))
+ if (listener->acquire && !listener->acquire(listener, reqid, data))
{
this->listeners->remove_at(this->listeners, enumerator);
}
* Raise an acquire event.
*
* @param reqid reqid of the policy to acquire
- * @param src_ts source traffic selector
- * @param dst_ts destination traffic selector
+ * @param data data from the acquire
*/
void (*acquire)(kernel_interface_t *this, uint32_t reqid,
- traffic_selector_t *src_ts, traffic_selector_t *dst_ts);
+ kernel_acquire_data_t *data);
/**
* Raise an expire event.
#define KERNEL_LISTENER_H_
typedef struct kernel_listener_t kernel_listener_t;
+typedef struct kernel_acquire_data_t kernel_acquire_data_t;
#include <networking/host.h>
#include <networking/tun_device.h>
#include <selectors/traffic_selector.h>
#include <kernel/kernel_ipsec.h>
+/**
+ * Data received with a kernel's acquire, has to be cloned/copied by listener.
+ */
+struct kernel_acquire_data_t {
+ /** Optional source of the triggering packet */
+ traffic_selector_t *src;
+ /** Optional destination of the triggering packet */
+ traffic_selector_t *dst;
+};
+
/**
* Interface for components interested in kernel events.
*
* Hook called if an acquire event for a policy is received.
*
* @param reqid reqid of the policy to acquire
- * @param src_ts source traffic selector
- * @param dst_ts destination traffic selector
+ * @param data data from the acquire
* @return TRUE to remain registered, FALSE to unregister
*/
bool (*acquire)(kernel_listener_t *this, uint32_t reqid,
- traffic_selector_t *src_ts, traffic_selector_t *dst_ts);
+ kernel_acquire_data_t *data);
/**
* Hook called if an expire event for an IPsec SA is received.
struct xfrm_user_acquire *acquire;
struct rtattr *rta;
size_t rtasize;
- traffic_selector_t *src_ts, *dst_ts;
+ kernel_acquire_data_t data = {};
uint32_t reqid = 0;
uint8_t proto;
/* acquire for AH/ESP only, not for IPCOMP */
return;
}
- src_ts = selector2ts(&acquire->sel, TRUE);
- dst_ts = selector2ts(&acquire->sel, FALSE);
+ data.src = selector2ts(&acquire->sel, TRUE);
+ data.dst = selector2ts(&acquire->sel, FALSE);
+
+ charon->kernel->acquire(charon->kernel, reqid, &data);
- charon->kernel->acquire(charon->kernel, reqid, src_ts, dst_ts);
+ DESTROY_IF(data.src);
+ DESTROY_IF(data.dst);
}
/**
struct sadb_msg* msg)
{
pfkey_msg_t response;
+ kernel_acquire_data_t data = {};
uint32_t index, reqid = 0;
- traffic_selector_t *src_ts, *dst_ts;
policy_entry_t *policy;
policy_sa_t *sa;
this->mutex->unlock(this->mutex);
}
- src_ts = sadb_address2ts(response.src);
- dst_ts = sadb_address2ts(response.dst);
+ if (reqid)
+ {
+ data.src = sadb_address2ts(response.src);
+ data.dst = sadb_address2ts(response.dst);
+
+ charon->kernel->acquire(charon->kernel, reqid, &data);
- charon->kernel->acquire(charon->kernel, reqid, src_ts, dst_ts);
+ data.src->destroy(data.src);
+ data.dst->destroy(data.dst);
+ }
}
/**
static void acquire(private_kernel_wfp_ipsec_t *this, UINT64 filter_id,
traffic_selector_t *src, traffic_selector_t *dst)
{
+ kernel_acquire_data_t data = {};
uint32_t reqid = 0;
trap_t *trap, key = {
.filter_id = filter_id,
if (reqid)
{
- src = src ? src->clone(src) : NULL;
- dst = dst ? dst->clone(dst) : NULL;
- charon->kernel->acquire(charon->kernel, reqid, src, dst);
+ data.src = src ? src->clone(src) : NULL;
+ data.dst = dst ? dst->clone(dst) : NULL;
+
+ charon->kernel->acquire(charon->kernel, reqid, &data);
+
+ DESTROY_IF(data.src);
+ DESTROY_IF(data.dst);
}
}
acquire_job_t public;
/**
- * reqid of the child to rekey
+ * reqid of the triggered policy
*/
uint32_t reqid;
/**
- * acquired source traffic selector
+ * Data from the acquire
*/
- traffic_selector_t *src_ts;
-
- /**
- * acquired destination traffic selector
- */
- traffic_selector_t *dst_ts;
+ kernel_acquire_data_t data;
};
METHOD(job_t, destroy, void,
private_acquire_job_t *this)
{
- DESTROY_IF(this->src_ts);
- DESTROY_IF(this->dst_ts);
+ DESTROY_IF(this->data.src);
+ DESTROY_IF(this->data.dst);
free(this);
}
METHOD(job_t, execute, job_requeue_t,
private_acquire_job_t *this)
{
- charon->traps->acquire(charon->traps, this->reqid,
- this->src_ts, this->dst_ts);
+ charon->traps->acquire(charon->traps, this->reqid, &this->data);
return JOB_REQUEUE_NONE;
}
/*
* Described in header
*/
-acquire_job_t *acquire_job_create(uint32_t reqid,
- traffic_selector_t *src_ts,
- traffic_selector_t *dst_ts)
+acquire_job_t *acquire_job_create(uint32_t reqid, kernel_acquire_data_t *data)
{
private_acquire_job_t *this;
},
},
.reqid = reqid,
- .src_ts = src_ts,
- .dst_ts = dst_ts,
+ .data = *data,
);
+ if (this->data.src)
+ {
+ this->data.src = this->data.src->clone(this->data.src);
+ }
+ if (this->data.dst)
+ {
+ this->data.dst = this->data.dst->clone(this->data.dst);
+ }
+
return &this->public;
}
typedef struct acquire_job_t acquire_job_t;
#include <library.h>
-#include <selectors/traffic_selector.h>
+#include <kernel/kernel_interface.h>
#include <processing/jobs/job.h>
/**
/**
* Creates a job of type ACQUIRE.
*
- * @param reqid reqid of the trapped CHILD_SA to acquire
- * @param src_ts source traffic selector
- * @param dst_ts destination traffic selector
+ * @param reqid reqid of the triggered policy
+ * @param data data from the acquire
* @return acquire_job_t object
*/
-acquire_job_t *acquire_job_create(uint32_t reqid,
- traffic_selector_t *src_ts,
- traffic_selector_t *dst_ts);
+acquire_job_t *acquire_job_create(uint32_t reqid, kernel_acquire_data_t *data);
#endif /** REKEY_CHILD_SA_JOB_H_ @}*/
}
METHOD(trap_manager_t, acquire, void,
- private_trap_manager_t *this, uint32_t reqid,
- traffic_selector_t *src, traffic_selector_t *dst)
+ private_trap_manager_t *this, uint32_t reqid, kernel_acquire_data_t *data)
{
enumerator_t *enumerator;
entry_t *entry, *found = NULL;
this->lock->unlock(this->lock);
return;
}
- reqid = found->child_sa->get_reqid(found->child_sa);
wildcard = found->wildcard;
this->mutex->lock(this->mutex);
* with the same peer */
uint8_t mask;
- dst->to_subnet(dst, &host, &mask);
+ data->dst->to_subnet(data->dst, &host, &mask);
if (this->acquires->find_first(this->acquires, acquire_by_dst,
(void**)&acquire, host))
{
this->mutex->unlock(this->mutex);
if (ignore)
{
- DBG1(DBG_CFG, "ignoring acquire, connection attempt pending");
+ DBG1(DBG_CFG, "ignoring acquire for reqid %u, connection attempt "
+ "pending", reqid);
this->lock->unlock(this->lock);
return;
}
ike_cfg = ike_sa->get_ike_cfg(ike_sa);
port = ike_cfg->get_other_port(ike_cfg);
- dst->to_subnet(dst, &host, &mask);
+ data->dst->to_subnet(data->dst, &host, &mask);
host->set_port(host, port);
ike_sa->set_other_host(ike_sa, host);
port = ike_cfg->get_my_port(ike_cfg);
- src->to_subnet(src, &host, &mask);
+ data->src->to_subnet(data->src, &host, &mask);
host->set_port(host, port);
ike_sa->set_my_host(ike_sa, host);
{
child_init_args_t args = {
.reqid = reqid,
- .src = src,
- .dst = dst,
+ .src = data->src,
+ .dst = data->dst,
};
if (this->ignore_acquire_ts || ike_sa->get_version(ike_sa) == IKEV1)
/**
* Acquire an SA triggered by an installed trap.
*
- * @param reqid reqid of the triggering CHILD_SA
- * @param src source of the triggering packet
- * @param dst destination of the triggering packet
+ * @param reqid reqid of the triggered policy
+ * @param data data from the acquire
*/
void (*acquire)(trap_manager_t *this, uint32_t reqid,
- traffic_selector_t *src, traffic_selector_t *dst);
+ kernel_acquire_data_t *data);
/**
* Clear any installed trap.
projects / thirdparty / strongswan.git / commitdiff
