From: Thomas Egerer <thomas.egerer@secunet.com>
Date: Tue, 26 Jul 2022 13:38:34 +0000 (+0200)
Subject: kernel-interface: Make first reqid configurable
X-Git-Tag: 5.9.9rc1~50
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4ea61dcbfed5c7340a69cd0a50cbfe0689109622;p=thirdparty%2Fstrongswan.git

kernel-interface: Make first reqid configurable

This can be helpful to reserve low reqids for manual configuration.

Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
---

diff --git a/conf/options/charon.opt b/conf/options/charon.opt
index 3ed84a1f9a..dc525a8070 100644
--- a/conf/options/charon.opt
+++ b/conf/options/charon.opt
@@ -405,6 +405,9 @@ charon.routing_table
 charon.routing_table_prio
 	Priority of the routing table.
 
+charon.reqid_base = 1
+	Value of the first reqid to be automatically assigned to a CHILD_SA.
+
 charon.rsa_pss = no
 	Whether to use RSA with PSS padding instead of PKCS#1 padding by default.
 
diff --git a/src/libcharon/kernel/kernel_interface.c b/src/libcharon/kernel/kernel_interface.c
index 4f4a997319..08570b4bcf 100644
--- a/src/libcharon/kernel/kernel_interface.c
+++ b/src/libcharon/kernel/kernel_interface.c
@@ -115,6 +115,11 @@ struct private_kernel_interface_t {
 	 */
 	linked_list_t *listeners;
 
+	/**
+	 * Reqid to assign next
+	 */
+	uint32_t next_reqid;
+
 	/**
 	 * Reqid entries indexed by reqids
 	 */
@@ -373,9 +378,7 @@ METHOD(kernel_interface_t, alloc_reqid, status_t,
 	mark_t mark_in, mark_t mark_out, uint32_t if_id_in, uint32_t if_id_out,
 	sec_label_t *label, uint32_t *reqid)
 {
-	static uint32_t counter = 0;
 	reqid_entry_t *entry = NULL, *tmpl;
-	status_t status = SUCCESS;
 
 	INIT(tmpl,
 		.local = array_from_ts_list(local_ts),
@@ -415,7 +418,13 @@ METHOD(kernel_interface_t, alloc_reqid, status_t,
 			entry = tmpl;
 			if (!array_remove(this->released_reqids, ARRAY_HEAD, &entry->reqid))
 			{
-				entry->reqid = ++counter;
+				if (!this->next_reqid)
+				{
+					this->mutex->unlock(this->mutex);
+					reqid_entry_destroy(entry);
+					return OUT_OF_RES;
+				}
+				entry->reqid = this->next_reqid++;
 			}
 			this->reqids_by_ts->put(this->reqids_by_ts, entry, entry);
 			this->reqids->put(this->reqids, entry, entry);
@@ -425,7 +434,7 @@ METHOD(kernel_interface_t, alloc_reqid, status_t,
 	entry->refs++;
 	this->mutex->unlock(this->mutex);
 
-	return status;
+	return SUCCESS;
 }
 
 METHOD(kernel_interface_t, release_reqid, status_t,
@@ -1105,6 +1114,8 @@ kernel_interface_t *kernel_interface_create()
 								   (hashtable_equals_t)equals_reqid, 8),
 		.reqids_by_ts = hashtable_create((hashtable_hash_t)hash_reqid_by_ts,
 								   (hashtable_equals_t)equals_reqid_by_ts, 8),
+		.next_reqid = lib->settings->get_int(lib->settings, "%s.reqid_base", 1,
+											 lib->ns) ?: 1,
 	);
 
 	ifaces = lib->settings->get_str(lib->settings,
diff --git a/src/libcharon/kernel/kernel_interface.h b/src/libcharon/kernel/kernel_interface.h
index 21b777ae93..c11738b409 100644
--- a/src/libcharon/kernel/kernel_interface.h
+++ b/src/libcharon/kernel/kernel_interface.h
@@ -147,7 +147,8 @@ struct kernel_interface_t {
 	 * @param if_id_out	outbound interface ID on SA
 	 * @param label		security label (usually the one on the policy, not SA)
 	 * @param reqid		allocated reqid
-	 * @return			SUCCESS if reqid allocated
+	 * @return			SUCCESS if reqid allocated, OUT_OF_RES if no reqid is
+	 *					available due to an overflow
 	 */
 	status_t (*alloc_reqid)(kernel_interface_t *this,
 							linked_list_t *local_ts, linked_list_t *remote_ts,