/*
* Copyright (C) 2013 Tobias Brunner
- * Coyyright (C) 2020 Noel Kuntze
- * Copyright (C) 2023 Andreas Steffen
*
* Copyright (C) secunet Security Networks AG
*
#include <unistd.h>
#include <fcntl.h>
-#ifdef WIN32
-#include <signal.h>
-#include <synchapi.h>
-#endif
-
#include "kernel_libipsec_router.h"
#include <daemon.h>
#include <threading/rwlock.h>
#include <threading/thread.h>
#include <processing/jobs/callback_job.h>
-#include <processing/jobs/acquire_job.h>
typedef struct private_kernel_libipsec_router_t private_kernel_libipsec_router_t;
typedef struct {
/** virtual IP (points to internal data of tun) */
host_t *addr;
-
/** underlying TUN file descriptor (cached from tun) */
-#ifdef WIN32
- HANDLE handle;
-#else /* !WIN32 */
int fd;
-#endif
-
/** TUN device */
tun_device_t *tun;
} tun_entry_t;
*/
rwlock_t *lock;
-#ifdef WIN32
- /**
- * Event we use to signal handle_plain() about changes regarding tun devices
- */
- HANDLE event;
-
- /**
- * This is a notification value that we atomically set and reset if we don't
- * use events right now. It's used so that we can avoid using WaitFor*
- * functions when busy looping.
- */
- volatile bool notify;
-
- /**
- * Setting for waiting on event or using busy loop
- */
- bool use_events;
-
- /**
- * Whether a packet could be read from any of the tun devices in the last
- * iteration of handle_plain
- */
- bool got_result;
-
- /**
- * How long the spinloop should run in microseconds after failing to
- * get a packet before it waits for events again.
- */
- uint64_t spinloop_threshold;
-
- /**
- * TBD
- */
- LARGE_INTEGER switching_time;
-
- /**
- * TBD
- */
- bool windows_close;
-#else /* !WIN32 */
/**
* Pipe to signal handle_plain() about changes regarding TUN devices
*/
int notify[2];
-#endif
};
/**
charon->sender->send_no_marker(charon->sender, (packet_t*)packet);
}
-/**
- * Raise an acquire event
- */
-static void raise_acquire(uint32_t reqid, kernel_acquire_data_t *data)
-{
- lib->processor->queue_job(lib->processor,
- (job_t *)acquire_job_create(reqid, data));
-}
-
/**
* Receiver callback
*/
/**
* Read and process outbound plaintext packet for the given TUN device
*/
-static bool process_plain(tun_device_t *tun)
+static void process_plain(tun_device_t *tun)
{
chunk_t raw;
{
DBG1(DBG_KNL, "invalid IP packet read from TUN device");
}
- return TRUE;
}
- return FALSE;
}
-#ifndef WIN32
/**
* Find flagged revents in a pollfd set by fd
*/
}
return 0;
}
-#endif
/**
* Job handling outbound plaintext packets
{
enumerator_t *enumerator;
tun_entry_t *entry;
- int count = 0;
-#ifdef WIN32
- uint64_t processed_packets = 0, failed_calls = 0;
- LARGE_INTEGER StartingTime = { .QuadPart = 0 };
- LARGE_INTEGER EndingTime = { .QuadPart = 0 };
- LARGE_INTEGER ElapsedMicrosecs = { .QuadPart = 0};
- LARGE_INTEGER Frequency = { .QuadPart = 0};
-
- QueryPerformanceFrequency(&Frequency);
-
- this->lock->read_lock(this->lock);
-
- if (this->use_events || !this->got_result)
- {
- HANDLE *tun_handles;
- DWORD ret;
-
- DBG2(DBG_LIB, "Running in event driven mode.");
- QueryPerformanceCounter(&this->switching_time);
-
- /* Check if any of the TUN devices has data for reading */
- tun_handles = alloca(sizeof(HANDLE)* (this->tuns->get_count(this->tuns)+2));
- tun_handles[count] = this->event;
- count++;
- tun_handles[count] = this->tun.handle;
- count++;
-
- enumerator = this->tuns->create_enumerator(this->tuns);
- while (enumerator->enumerate(enumerator, NULL, &entry))
- {
- tun_handles[count] = entry->handle;
- count++;
- }
- enumerator->destroy(enumerator);
-
- this->lock->unlock(this->lock);
- QueryPerformanceCounter(&StartingTime);
- ret = WaitForMultipleObjects(count, tun_handles, FALSE, INFINITE);
- QueryPerformanceCounter(&EndingTime);
- ElapsedMicrosecs.QuadPart = EndingTime.QuadPart - StartingTime.QuadPart;
- ElapsedMicrosecs.QuadPart *= 1000000000;
- ElapsedMicrosecs.QuadPart /= Frequency.QuadPart;
- DBG2(DBG_LIB, "Waited for %lld nanoseconds (%lld miliseconds)",
- ElapsedMicrosecs.QuadPart, ElapsedMicrosecs.QuadPart/1000000);
- this->lock->read_lock(this->lock);
-
- if (ret >= WAIT_OBJECT_0 || ret <= WAIT_OBJECT_0 + count -1)
- {
- int offset = ret - WAIT_OBJECT_0;
- this->got_result = TRUE;
-
- switch (offset)
- {
- case 0:
- DBG2(DBG_LIB, "Interrupt job from event");
- ResetEvent(tun_handles[offset]);
- break;
- case 1:
- DBG2(DBG_LIB, "got packet in event mode");
- process_plain(this->tun.tun);
- break;
- default:
- DBG2(DBG_LIB, "got packet in event mode");
- enumerator = this->tuns->create_enumerator(this->tuns);
- while (enumerator->enumerate(enumerator, NULL, &entry))
- {
- if (WaitForSingleObjectEx(entry->handle, 0, FALSE) == WAIT_OBJECT_0)
- {
- process_plain(entry->tun);
- }
- }
- enumerator->destroy(enumerator);
- break;
- }
- }
- else if (ret >= WAIT_ABANDONED_0 || ret <= WAIT_ABANDONED_0 + count -1)
- {
- int offset = ret - WAIT_ABANDONED_0;
- this->got_result = FALSE;
- switch(offset)
- {
- case 0:
- DBG2(DBG_LIB, "Notify handle closed.");
- break;
- case 1:
- DBG2(DBG_LIB, "Primary tun handle closed");
- break;
- default:
- DBG2(DBG_LIB, "Other tun handle closed at offset %d", offset);
- break;
- }
- return JOB_REQUEUE_NONE;
- }
- else if (ret == WAIT_FAILED)
- {
- DBG1(DBG_LIB, "Failed to wait for tun devices to be ready for reading");
- }
- QueryPerformanceCounter(&this->switching_time);
- }
- else
- {
- /* TODO: Set realtime priority for charon-svc.exe
- * (otherwise Windows suspends the process after only a couple
- * of processes or stops waking up the process events)
- */
-
- /* Check each handle individually */
- QueryPerformanceCounter(&EndingTime);
- ElapsedMicrosecs.QuadPart = EndingTime.QuadPart -
- this->switching_time.QuadPart;
- ElapsedMicrosecs.QuadPart *= 1000000000;
- ElapsedMicrosecs.QuadPart /= Frequency.QuadPart;
- DBG2(DBG_LIB, "Delay between switching is %lld nanoseconds",
- ElapsedMicrosecs.QuadPart);
-
- do {
- /* Because the NT kernel scheduler stops waking up the process
- * if we wait too often, we need to avoid calling any WaitFor* functions.
- * Thus we busy loop in user space until we get no result for some time */
- this->got_result = FALSE;
- if (process_plain(this->tun.tun))
- {
- this->got_result |= TRUE;
- processed_packets++;
- }
- else
- {
- failed_calls++;
- }
- ResetEvent(this->tun.handle);
-
- enumerator = this->tuns->create_enumerator(this->tuns);
- while(enumerator->enumerate(enumerator, NULL, &entry))
- {
- if (process_plain(entry->tun))
- {
- processed_packets++;
- this->got_result |= TRUE;
- }
- else
- {
- failed_calls++;
- }
- ResetEvent(entry->handle);
- }
- enumerator->destroy(enumerator);
-
- if (!this->got_result)
- {
- if (!StartingTime.QuadPart)
- {
- QueryPerformanceCounter(&StartingTime);
- }
- else
- {
- QueryPerformanceCounter(&EndingTime);
- ElapsedMicrosecs.QuadPart = EndingTime.QuadPart -
- StartingTime.QuadPart;
- ElapsedMicrosecs.QuadPart *= 1000000000;
- ElapsedMicrosecs.QuadPart /= Frequency.QuadPart;
- }
-
- enumerator = this->tuns->create_enumerator(this->tuns);
- while(enumerator->enumerate(enumerator, NULL, &entry))
- {
- ResetEvent(entry->handle);
- }
- enumerator->destroy(enumerator);
-
- if (ElapsedMicrosecs.QuadPart >= this->spinloop_threshold)
- {
- DBG2(DBG_LIB, "Processed %lld packets, "
- "failed %lld calls to read packets. "
- "Reached threshold at %lld ns, switching back to events.",
- processed_packets, failed_calls,
- ElapsedMicrosecs.QuadPart);
-
- ResetEvent(this->event);
- this->notify = FALSE;
- break;
- }
- }
-
- if(this->notify)
- {
- DBG2(DBG_LIB, "Processed %lld packets, Interrupt job from bool",
- processed_packets);
- ResetEvent(this->event);
- this->notify = FALSE;
- break;
- }
-
- }
- while (TRUE);
- }
-#else /* !WIN32 */
bool oldstate;
+ int count = 0;
char buf[1];
struct pollfd *pfd;
}
}
enumerator->destroy(enumerator);
-#endif
this->lock->unlock(this->lock);
+
return JOB_REQUEUE_DIRECT;
}
private_kernel_libipsec_router_t *this, tun_device_t *tun, bool created)
{
tun_entry_t *entry, lookup;
-#ifndef WIN32
char buf[] = {0x01};
-#endif
this->lock->write_lock(this->lock);
if (created)
{
INIT(entry,
.addr = tun->get_address(tun, NULL),
-#ifdef WIN32
- .handle = tun->get_handle(tun),
-#else /* !WIN32 */
.fd = tun->get_fd(tun),
-#endif
.tun = tun,
);
this->tuns->put(this->tuns, entry, entry);
free(entry);
}
/* notify handler thread to recreate FD set */
-#ifdef WIN32
- SetEvent(this->event);
- this->notify = TRUE;
-#else /* !WIN32 */
ignore_result(write(this->notify[1], buf, sizeof(buf)));
-#endif
this->lock->unlock(this->lock);
return TRUE;
}
(ipsec_outbound_cb_t)send_esp);
ipsec->processor->unregister_inbound(ipsec->processor,
(ipsec_inbound_cb_t)deliver_plain);
- ipsec->processor->unregister_acquire(ipsec->processor,
- (ipsec_acquire_cb_t)raise_acquire);
charon->kernel->remove_listener(charon->kernel, &this->public.listener);
-#ifdef WIN32
- SetEvent(this->event);
- this->tun.tun->destroy(this->tun.tun);
- CloseHandle(this->tun.handle);
- CloseHandle(this->event);
-#else /* !WIN32 */
- close(this->notify[0]);
- close(this->notify[1]);
-#endif
this->lock->destroy(this->lock);
this->tuns->destroy(this->tuns);
+ close(this->notify[0]);
+ close(this->notify[1]);
router = NULL;
free(this);
}
-#ifndef WIN32
/**
* Set O_NONBLOCK on the given socket.
*/
int flags = fcntl(socket, F_GETFL);
return flags != -1 && fcntl(socket, F_SETFL, flags | O_NONBLOCK) != -1;
}
-#endif
-
-#ifdef WIN32
-static void reload(private_kernel_libipsec_router_t *this)
-{
- this->use_events = lib->settings->get_bool(
- lib->settings, "%s.use_events", FALSE, lib->ns);
- this->spinloop_threshold = lib->settings->get_int(
- lib->settings, "%s.spinloop_threshold", 4000000, lib->ns);
- DBG1(DBG_LIB, "Read new use_events setting %d and spinloop_threshold %lld",
- this->use_events, this->spinloop_threshold);
-}
-#endif
/*
* See header file
}
);
-#ifdef WIN32
- reload(this);
- this->tun.handle = this->tun.tun->get_handle(this->tun.tun);
- if (!(this->event = CreateEvent(NULL, FALSE, FALSE, FALSE)))
-#else /* !WIN32 */
if (pipe(this->notify) != 0 ||
!set_nonblock(this->notify[0]) || !set_nonblock(this->notify[1]))
-#endif
{
- DBG1(DBG_KNL, "creating notify for kernel-libipsec router failed");
+ DBG1(DBG_KNL, "creating notify pipe for kernel-libipsec router failed");
free(this);
return NULL;
}
-#ifndef WIN32
+
this->tun.fd = this->tun.tun->get_fd(this->tun.tun);
-#endif
+
this->tuns = hashtable_create((hashtable_hash_t)tun_entry_hash,
(hashtable_equals_t)tun_entry_equals, 4);
this->lock = rwlock_create(RWLOCK_TYPE_DEFAULT);
ipsec->processor->register_outbound(ipsec->processor, send_esp, NULL);
ipsec->processor->register_inbound(ipsec->processor,
(ipsec_inbound_cb_t)deliver_plain, this);
- ipsec->processor->register_acquire(ipsec->processor, raise_acquire, NULL);
charon->receiver->add_esp_cb(charon->receiver,
(receiver_esp_cb_t)receiver_esp_cb, NULL);
lib->processor->queue_job(lib->processor,
projects / thirdparty / strongswan.git / commitdiff
