Martin Willi [Fri, 12 Sep 2014 08:35:23 +0000 (10:35 +0200)]
travis: Disable build of native systemd IKE daemon
Travis still uses Ubuntu 12.04, where no systemd libraries are available. Skip
systemd support on Travis until we have a more recent Ubuntu distribution.
Martin Willi [Thu, 17 Jul 2014 16:07:05 +0000 (18:07 +0200)]
settings: Use strongswan.conf used during library initialization for reload
Since 4b670a20 we require an explicit strongswan.conf to re-load configurations.
However, the define was missing in the build, breaking SIGHUP based config
reloading.
Tobias Brunner [Fri, 29 Aug 2014 10:13:49 +0000 (12:13 +0200)]
testing: Add a script to build the current (or an arbitrary) source tree
This allows to (relatively) quickly (re-)build and install the current
or an arbitrary strongSwan source tree within the root image.
bindfs is used to bind mount the source directory using the regular user
and group (only works if sudo is used to run the script) so that newly
created files are not owned by root.
As with building the root image in general the guests must not be
running while executing this script. The guest images are automatically
rebuilt after the root image has been updated so configuration files and
other modifications in guests will be lost.
Tobias Brunner [Fri, 15 Aug 2014 15:52:15 +0000 (17:52 +0200)]
ikev1: Don't cache last block of INFORMATIONAL messages as IV
We don't expect a response with the same MID, but apparently some
devices (e.g. FRITZ!Box) do that for DPDs, while still treating the
response as a new exchange. By storing the last message block as IV
we can't decrypt the first block of such a response.
Tobias Brunner [Fri, 15 Aug 2014 13:57:22 +0000 (15:57 +0200)]
ikev1: Properly handle different proposal numbering schemes
While the examples in RFC 2408 show proposal numbers starting at 1 and
increasing by one for each subsequent proposal this is not mandatory.
Actually, IKEv1 proposals may start at any number, the only requirement
is that the proposal numbers increase monotonically they don't have to
do so consecutively.
Most implementations follow the examples and start numbering at 1 (charon,
racoon, Shrew, Cisco, Windows XP, FRITZ!Box) but pluto was one of the
implementations that started with 0 and there might be others out there.
The previous assumption that implementations always start numbering proposals
at 0 caused problems with clients that start numbering with 1 and whose first
proposal consists of multiple protocols (e.g. ESP+IPComp).
ikev2: Enable path probing for currently active MOBIKE task
This might not be the case if e.g. an address appeared but the old one
is still available but not actually usable. Without this the MOBIKE
task would eventually time out even though we might be able to switch
to a working address.
ikev2: Properly keep track of pending MOBIKE updates
Because we only queue one MOBIKE task at a time, but destroy superfluous
ones only after we already increased the counter for pending MOBIKE updates,
we have to reduce the counter when such tasks are destroyed. Otherwise, the
queued task would assume another task is queued when it is running and
ignore any successful response.
auth-cfg: Fix crash after several reauthentications with multiple authentication rounds
Due to the issue described in c641974, purge() inadvertently destroyed
CA certificates that should have been kept (while the pointer to these
objects remained in the array). This lead to incorrect reference counts
and after a few reauthentications with multiple authentication rounds,
which cause calls to purge(TRUE), to crashes.
array: Warn about caveat with array_remove_at() and value based arrays
Because enumerate() for value based arrays returns a pointer directly to
the internal array elements and because array_remove_at() or rather the
called array_remove() may move elements over the element at the currently
enumerated position, the pointer passed to enumerate() will point to a
different array element after the array_remove_at() call. The caller
will thus operate on the wrong element if that pointer is accessed again
before calling enumerate().
For performance reasons we currently don't change the implementation to copy
each array element during enumeration to a private member of the enumerator and
return a pointer to that. Similarly, due to the danger of subtle bugs we don't
remember the pointer passed to enumerate() to later redirect it to a copy
created during the array_remove_at() call.
stream-service: Prevent race conditions due to blocking call to destroy()
In the previous implementation queued jobs could prevent a service from
getting destroyed. This could have lead to a deadlock when the
processor is cancelled. Now destroy() still blocks, but waits only for
actually running tasks. The service instance is reference counted so that
queued jobs can safely be destroyed.
stream-service: Restart accepting without blocking
Calling on_accept() sometimes lead to deadlocks when service->destroy()
was called concurrently. That is, two threads waiting in on_accept() but
the last worker would only wake one due to the call to signal(). Calling
broadcast() wouldn't help either as that could lead to crashes if the thread
that called destroy() is woken first.
This is also more efficient as a constant pool of concurrent workers can
be maintained, otherwise peaks at the limit were followed by only a single
worker being active.
Tobias Brunner [Tue, 12 Aug 2014 10:05:16 +0000 (12:05 +0200)]
ike: Reset IKE_SA in state CONNECTING instead of reauthenticating
Due to how reauthentication works for IKEv1 we could get a second
IKE_SA, which might cause problems, when connectivity problems arise
when the connection is initially established.
kernel-pfroute: Delete interfaces on RTM_IFANNOUNCE/IFAN_DEPARTURE events
We actually never deleted cached interfaces. So if the kernel reuses
interface indices events for newly created interfaces could have been
associated with interface objects of deactivated and deleted interfaces.
Since we also didn't update the interface name when such an interface
got reactivated we ended up using the old name e.g. to install routes.
A trigger for this was the deletion and recreation of TUN devices during
reauthentication of SAs that use virtual IPs.
Seems that packet counts can be retrieved after all. At least the Linux
and FreeBSD kernels treat the number of allocations as number of packets.
We actually installed packet limits in that field already.
mutex: Use atomics to set current thread in recursive mutex
Because this->thread is also read by threads that don't hold the
mutex the previous implementation was problematic (especially since
pthread_t is an opaque type of unknown length).
Thomas Egerer [Thu, 28 Aug 2014 14:04:06 +0000 (16:04 +0200)]
credmgr: Fix copy and paste error in add_validator
This won't hurt as long as sets and validators are of the same class.
But as soon as one of the object's class is changed this will cause
either a compile error (best option), or result (most likely) in a
crash.
Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
Martin Willi [Mon, 4 Aug 2014 08:38:08 +0000 (10:38 +0200)]
unity: Do not bump TS to 0.0.0.0/0 as initiator when no Split-Include received
When having the unity plugin enabled and both peers send the Unity Vendor ID,
we proposed 0.0.0.0/0 as traffic selector, even if no Split-Include has been
received on the SA. This can break compatibility with some responders, as
they don't narrow the TS themselves, but expect the configured TS.
Martin Willi [Mon, 7 Jul 2014 08:42:11 +0000 (10:42 +0200)]
ikev1: Defer Mode Config push after CHILD adoption and reauth detection
When an initiator starts reauthentication on a connection that uses push
mode to assign a virtual IP, we can't execute the Mode Config before releasing
the virtual IP. Otherwise we would request a new and different lease, which
the client probably can't handle. Defer Mode Config execution, so the same IP
gets first released then reassigned during reauthentication.
Martin Willi [Fri, 11 Jul 2014 09:59:01 +0000 (11:59 +0200)]
ikev1: Accept Quick Mode DELETES while Quick Mode rekeying is active
If a peer immediately sends DELETE messages when completing Quick Mode rekeying,
the third Quick Mode message and the DELETE are sent simultaneously. This
implies that DELETE messages may arrive before the completing third Quick Mode
message.
Handle this case by ignoring the DELETE INFORMATIONAL in Quick Mode and let
the delete task handle it.
Martin Willi [Fri, 11 Jul 2014 12:40:56 +0000 (14:40 +0200)]
starter: Do not close all file descriptors after fork()
As we use libstrongswan and expect that it still works after the fork, we
can't just closefrom() all file descriptors. Watcher, for example, uses
a pipe to notify FDSET changes, which must be kept open.
ike-sa-manager: Use transient hasher for IKE_SA_INIT hash calculation
To check if a received IKE_SA_INIT request is a new request or a
retransmit, charon maintains hashes of the pending IKE_SA_INIT
exchanges.
However, the hash calculation is not reentrant because a single hasher
is used for the whole IKE SA manager. It leads to bogus calculations
under high load and hence dropped messages on responder
(IkeInInvalidSpi incremented).
Don't share a single hasher in the IKE SA manager, create a transient
one whenever a message must be hashed.
Martin Willi [Wed, 16 Jul 2014 14:44:24 +0000 (16:44 +0200)]
diffie-hellman: Explicitly initialize DH exponent sizes during initialization
To avoid any race conditions when multiple threads call and initialize
diffie_hellman_get_params(), explicitly examine the optimum DH exponent size
during library initialization.
Tobias Brunner [Tue, 19 Aug 2014 09:08:33 +0000 (11:08 +0200)]
kernel-pfroute: Fix kernel response handling
The condvar is signaled for every handled message received from the
kernel not only for replies (this changed with 2a2d7a4dc8). This may
cause segfaults because this->reply is not set when the waiting thread is
woken due to an IP address change.
Since this->reply is only set when it is actually the expected reply (and
only one request is sent at a time, thanks to c9a323c1d9) we only have
to make sure the reply is there (and clear it once we handled it).
Using separate condvars could also be an option in the future.
The package/library is called libjson-c on recent distributions.
Some like Ubuntu 14.04 provide symlinks with the old name but these
will eventually disappear. Using pkg-config allows us to easily check
for it (with a fallback) and configure the proper compiler flags.