ike: Reuse interface ID during CHILD_SA rekeyings

diff --git a/src/libcharon/sa/ikev1/task_manager_v1.c b/src/libcharon/sa/ikev1/task_manager_v1.c
index ca04a6a16ec0d7243bad44ab0cc489161f731e6c..b4944cfcbb4b6e36832cec1c5d5f9a0efd16231c 100644 (file)
--- a/src/libcharon/sa/ikev1/task_manager_v1.c
+++ b/src/libcharon/sa/ikev1/task_manager_v1.c
@@ -1843,6 +1843,8 @@ METHOD(task_manager_t, queue_child_rekey, void,
                        task->use_reqid(task, child_sa->get_reqid(child_sa));
                        task->use_marks(task, child_sa->get_mark(child_sa, TRUE).value,
                                                        child_sa->get_mark(child_sa, FALSE).value);
+                       task->use_if_ids(task, child_sa->get_if_id(child_sa, TRUE),
+                                                        child_sa->get_if_id(child_sa, FALSE));
                        task->rekey(task, child_sa->get_spi(child_sa, TRUE));
 
                        queue_task(this, &task->task);

diff --git a/src/libcharon/sa/ikev1/tasks/quick_mode.c b/src/libcharon/sa/ikev1/tasks/quick_mode.c
index 876b99e5f35081f13ca2e70d3b30636d0a16e0e3..59f049dbddd3628dae591a3ca4abe15d5eed547f 100644 (file)
--- a/src/libcharon/sa/ikev1/tasks/quick_mode.c
+++ b/src/libcharon/sa/ikev1/tasks/quick_mode.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2012-2015 Tobias Brunner
+ * Copyright (C) 2012-2019 Tobias Brunner
  * HSR Hochschule fuer Technik Rapperswil
  *
  * Copyright (C) 2011 Martin Willi
@@ -158,12 +158,22 @@ struct private_quick_mode_t {
        /**
         * Explicit inbound mark value to use, if any
         */
-       u_int mark_in;
+       uint32_t mark_in;
 
        /**
-        * Explicit inbound mark value to use, if any
+        * Explicit outbound mark value to use, if any
+        */
+       uint32_t mark_out;
+
+       /**
+        * Explicit inbound interface ID to use, if any
+        */
+       uint32_t if_id_in;
+
+       /**
+        * Explicit outbound interface ID to use, if any
         */
-       u_int mark_out;
+       uint32_t if_id_out;
 
        /**
         * SPI of SA we rekey
@@ -846,7 +856,7 @@ METHOD(task_t, build_i, status_t,
                                                                        this->ike_sa->get_other_host(this->ike_sa),
                                                                        this->config, this->reqid, this->udp,
                                                                        this->mark_in, this->mark_out,
-                                                                       0, 0);
+                                                                       this->if_id_in, this->if_id_out);
 
                        if (this->udp && this->mode == MODE_TRANSPORT)
                        {
@@ -1048,6 +1058,8 @@ static void check_for_rekeyed_child(private_quick_mode_t *this, bool responder)
                                                                                                                        TRUE).value;
                                                this->mark_out = child_sa->get_mark(child_sa,
                                                                                                                        FALSE).value;
+                                               this->if_id_in = child_sa->get_if_id(child_sa, TRUE);
+                                               this->if_id_out = child_sa->get_if_id(child_sa, FALSE);
                                                child_sa->set_state(child_sa, CHILD_REKEYING);
                                                DBG1(DBG_IKE, "detected rekeying of CHILD_SA %s{%u}",
                                                         child_sa->get_name(child_sa),
@@ -1187,7 +1199,7 @@ METHOD(task_t, process_r, status_t,
                                                                        this->ike_sa->get_other_host(this->ike_sa),
                                                                        this->config, this->reqid, this->udp,
                                                                        this->mark_in, this->mark_out,
-                                                                       0, 0);
+                                                                       this->if_id_in, this->if_id_out);
 
                        tsi = linked_list_create_with_items(this->tsi, NULL);
                        tsr = linked_list_create_with_items(this->tsr, NULL);
@@ -1414,12 +1426,19 @@ METHOD(quick_mode_t, use_reqid, void,
 }
 
 METHOD(quick_mode_t, use_marks, void,
-       private_quick_mode_t *this, u_int in, u_int out)
+       private_quick_mode_t *this, uint32_t in, uint32_t out)
 {
        this->mark_in = in;
        this->mark_out = out;
 }
 
+METHOD(quick_mode_t, use_if_ids, void,
+       private_quick_mode_t *this, uint32_t in, uint32_t out)
+{
+       this->if_id_in = in;
+       this->if_id_out = out;
+}
+
 METHOD(quick_mode_t, rekey, void,
        private_quick_mode_t *this, uint32_t spi)
 {
@@ -1450,6 +1469,8 @@ METHOD(task_t, migrate, void,
        this->spi_r = 0;
        this->mark_in = 0;
        this->mark_out = 0;
+       this->if_id_in = 0;
+       this->if_id_out = 0;
 
        if (!this->initiator)
        {
@@ -1490,6 +1511,7 @@ quick_mode_t *quick_mode_create(ike_sa_t *ike_sa, child_cfg_t *config,
                        .get_mid = _get_mid,
                        .use_reqid = _use_reqid,
                        .use_marks = _use_marks,
+                       .use_if_ids = _use_if_ids,
                        .rekey = _rekey,
                },
                .ike_sa = ike_sa,

diff --git a/src/libcharon/sa/ikev1/tasks/quick_mode.h b/src/libcharon/sa/ikev1/tasks/quick_mode.h
index 0d4c5b47c6757be26b3b342d048465efda41f0f1..50025440ec9aa6a2444b0350c47ead22e32b86b6 100644 (file)
--- a/src/libcharon/sa/ikev1/tasks/quick_mode.h
+++ b/src/libcharon/sa/ikev1/tasks/quick_mode.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2015 Tobias Brunner
+ * Copyright (C) 2015-2019 Tobias Brunner
  * HSR Hochschule fuer Technik Rapperswil
  *
  * Copyright (C) 2011 Martin Willi
@@ -61,7 +61,15 @@ struct quick_mode_t {
         * @param in                    inbound mark value
         * @param out                   outbound mark value
         */
-       void (*use_marks)(quick_mode_t *this, u_int in, u_int out);
+       void (*use_marks)(quick_mode_t *this, uint32_t in, uint32_t out);
+
+       /**
+        * Use specific interface IDs, overriding configuration.
+        *
+        * @param in                    inbound interface ID
+        * @param out                   outbound interface ID
+        */
+       void (*use_if_ids)(quick_mode_t *this, uint32_t in, uint32_t out);
 
        /**
         * Set the SPI of the old SA, if rekeying.

diff --git a/src/libcharon/sa/ikev2/task_manager_v2.c b/src/libcharon/sa/ikev2/task_manager_v2.c
index e9142d79b487f791360a41b8341b55f3754a71f1..ee3422c068e16cba22b57702aaeeb423f536caf7 100644 (file)
--- a/src/libcharon/sa/ikev2/task_manager_v2.c
+++ b/src/libcharon/sa/ikev2/task_manager_v2.c
@@ -1874,6 +1874,8 @@ static void trigger_mbb_reauth(private_task_manager_t *this)
                child_create->use_marks(child_create,
                                                                child_sa->get_mark(child_sa, TRUE).value,
                                                                child_sa->get_mark(child_sa, FALSE).value);
+               /* interface IDs are not migrated as the new CHILD_SAs on old and new
+                * IKE_SA go though regular updown events */
                new->queue_task(new, &child_create->task);
                children = TRUE;
        }

diff --git a/src/libcharon/sa/ikev2/tasks/child_create.c b/src/libcharon/sa/ikev2/tasks/child_create.c
index 1f93be48466dbfa762a15a873d0fb6de81096952..340542b19c28ea35fd2c3eb45bb89dfd993af5fe 100644 (file)
--- a/src/libcharon/sa/ikev2/tasks/child_create.c
+++ b/src/libcharon/sa/ikev2/tasks/child_create.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2008-2018 Tobias Brunner
+ * Copyright (C) 2008-2019 Tobias Brunner
  * Copyright (C) 2005-2008 Martin Willi
  * Copyright (C) 2005 Jan Hutter
  * HSR Hochschule fuer Technik Rapperswil
@@ -176,12 +176,22 @@ struct private_child_create_t {
        /**
         * Explicit inbound mark value
         */
-       u_int mark_in;
+       uint32_t mark_in;
 
        /**
         * Explicit outbound mark value
         */
-       u_int mark_out;
+       uint32_t mark_out;
+
+       /**
+        * Explicit inbound interface ID to use, if any
+        */
+       uint32_t if_id_in;
+
+       /**
+        * Explicit outbound interface ID to use, if any
+        */
+       uint32_t if_id_out;
 
        /**
         * CHILD_SA which gets established
@@ -1110,7 +1120,7 @@ METHOD(task_t, build_i, status_t,
        this->child_sa = child_sa_create(this->ike_sa->get_my_host(this->ike_sa),
                        this->ike_sa->get_other_host(this->ike_sa), this->config, this->reqid,
                        this->ike_sa->has_condition(this->ike_sa, COND_NAT_ANY),
-                       this->mark_in, this->mark_out, 0, 0);
+                       this->mark_in, this->mark_out, this->if_id_in, this->if_id_out);
 
        if (this->reqid)
        {
@@ -1395,7 +1405,7 @@ METHOD(task_t, build_r, status_t,
        this->child_sa = child_sa_create(this->ike_sa->get_my_host(this->ike_sa),
                        this->ike_sa->get_other_host(this->ike_sa), this->config, this->reqid,
                        this->ike_sa->has_condition(this->ike_sa, COND_NAT_ANY),
-                       this->mark_in, this->mark_out, 0, 0);
+                       this->mark_in, this->mark_out, this->if_id_in, this->if_id_out);
 
        if (this->ipcomp_received != IPCOMP_NONE)
        {
@@ -1664,12 +1674,19 @@ METHOD(child_create_t, use_reqid, void,
 }
 
 METHOD(child_create_t, use_marks, void,
-       private_child_create_t *this, u_int in, u_int out)
+       private_child_create_t *this, uint32_t in, uint32_t out)
 {
        this->mark_in = in;
        this->mark_out = out;
 }
 
+METHOD(child_create_t, use_if_ids, void,
+       private_child_create_t *this, uint32_t in, uint32_t out)
+{
+       this->if_id_in = in;
+       this->if_id_out = out;
+}
+
 METHOD(child_create_t, use_dh_group, void,
        private_child_create_t *this, diffie_hellman_group_t dh_group)
 {
@@ -1748,6 +1765,8 @@ METHOD(task_t, migrate, void,
        this->reqid = 0;
        this->mark_in = 0;
        this->mark_out = 0;
+       this->if_id_in = 0;
+       this->if_id_out = 0;
        this->established = FALSE;
 }
 
@@ -1797,6 +1816,7 @@ child_create_t *child_create_create(ike_sa_t *ike_sa,
                        .get_lower_nonce = _get_lower_nonce,
                        .use_reqid = _use_reqid,
                        .use_marks = _use_marks,
+                       .use_if_ids = _use_if_ids,
                        .use_dh_group = _use_dh_group,
                        .task = {
                                .get_type = _get_type,

diff --git a/src/libcharon/sa/ikev2/tasks/child_create.h b/src/libcharon/sa/ikev2/tasks/child_create.h
index 59fc6d2d9e7ffcaf93cabb3c8c37bbb92aca17b1..eae1f3532f548edcc56a693229812a752ab8f5e9 100644 (file)
--- a/src/libcharon/sa/ikev2/tasks/child_create.h
+++ b/src/libcharon/sa/ikev2/tasks/child_create.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2018 Tobias Brunner
+ * Copyright (C) 2018-2019 Tobias Brunner
  * Copyright (C) 2007 Martin Willi
  * HSR Hochschule fuer Technik Rapperswil
  *
@@ -58,7 +58,15 @@ struct child_create_t {
         * @param in            inbound mark value
         * @param out           outbound mark value
         */
-       void (*use_marks)(child_create_t *this, u_int in, u_int out);
+       void (*use_marks)(child_create_t *this, uint32_t in, uint32_t out);
+
+       /**
+        * Use specific interface IDs, overriding configuration.
+        *
+        * @param in                    inbound interface ID
+        * @param out                   outbound interface ID
+        */
+       void (*use_if_ids)(child_create_t *this, uint32_t in, uint32_t out);
 
        /**
         * Initially propose a specific DH group to override configuration.

diff --git a/src/libcharon/sa/ikev2/tasks/child_rekey.c b/src/libcharon/sa/ikev2/tasks/child_rekey.c
index d5188c0bc9ef75a2fb076ddc5e04bf22791d44c8..6b0f4278563d2ee1418286c6c0ff43df00ea3fdd 100644 (file)
--- a/src/libcharon/sa/ikev2/tasks/child_rekey.c
+++ b/src/libcharon/sa/ikev2/tasks/child_rekey.c
@@ -207,6 +207,9 @@ METHOD(task_t, build_i, status_t,
        this->child_create->use_marks(this->child_create,
                                                this->child_sa->get_mark(this->child_sa, TRUE).value,
                                                this->child_sa->get_mark(this->child_sa, FALSE).value);
+       this->child_create->use_if_ids(this->child_create,
+                                               this->child_sa->get_if_id(this->child_sa, TRUE),
+                                               this->child_sa->get_if_id(this->child_sa, FALSE));
 
        if (this->child_create->task.build(&this->child_create->task,
                                                                           message) != NEED_MORE)
@@ -266,6 +269,9 @@ METHOD(task_t, build_r, status_t,
        this->child_create->use_marks(this->child_create,
                                                this->child_sa->get_mark(this->child_sa, TRUE).value,
                                                this->child_sa->get_mark(this->child_sa, FALSE).value);
+       this->child_create->use_if_ids(this->child_create,
+                                               this->child_sa->get_if_id(this->child_sa, TRUE),
+                                               this->child_sa->get_if_id(this->child_sa, FALSE));
        config = this->child_sa->get_config(this->child_sa);
        this->child_create->set_config(this->child_create, config->get_ref(config));
        this->child_create->task.build(&this->child_create->task, message);