From: Tobias Brunner Date: Tue, 12 Feb 2019 10:59:38 +0000 (+0100) Subject: ike: Reuse interface ID during CHILD_SA rekeyings X-Git-Tag: 5.8.0rc1~41^2~20 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8ab336285a920d014c7dc0db29e74679f9df9a68;p=thirdparty%2Fstrongswan.git ike: Reuse interface ID during CHILD_SA rekeyings --- diff --git a/src/libcharon/sa/ikev1/task_manager_v1.c b/src/libcharon/sa/ikev1/task_manager_v1.c index ca04a6a16e..b4944cfcbb 100644 --- a/src/libcharon/sa/ikev1/task_manager_v1.c +++ b/src/libcharon/sa/ikev1/task_manager_v1.c @@ -1843,6 +1843,8 @@ METHOD(task_manager_t, queue_child_rekey, void, task->use_reqid(task, child_sa->get_reqid(child_sa)); task->use_marks(task, child_sa->get_mark(child_sa, TRUE).value, child_sa->get_mark(child_sa, FALSE).value); + task->use_if_ids(task, child_sa->get_if_id(child_sa, TRUE), + child_sa->get_if_id(child_sa, FALSE)); task->rekey(task, child_sa->get_spi(child_sa, TRUE)); queue_task(this, &task->task); diff --git a/src/libcharon/sa/ikev1/tasks/quick_mode.c b/src/libcharon/sa/ikev1/tasks/quick_mode.c index 876b99e5f3..59f049dbdd 100644 --- a/src/libcharon/sa/ikev1/tasks/quick_mode.c +++ b/src/libcharon/sa/ikev1/tasks/quick_mode.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2012-2015 Tobias Brunner + * Copyright (C) 2012-2019 Tobias Brunner * HSR Hochschule fuer Technik Rapperswil * * Copyright (C) 2011 Martin Willi @@ -158,12 +158,22 @@ struct private_quick_mode_t { /** * Explicit inbound mark value to use, if any */ - u_int mark_in; + uint32_t mark_in; /** - * Explicit inbound mark value to use, if any + * Explicit outbound mark value to use, if any + */ + uint32_t mark_out; + + /** + * Explicit inbound interface ID to use, if any + */ + uint32_t if_id_in; + + /** + * Explicit outbound interface ID to use, if any */ - u_int mark_out; + uint32_t if_id_out; /** * SPI of SA we rekey @@ -846,7 +856,7 @@ METHOD(task_t, build_i, status_t, this->ike_sa->get_other_host(this->ike_sa), this->config, this->reqid, this->udp, this->mark_in, this->mark_out, - 0, 0); + this->if_id_in, this->if_id_out); if (this->udp && this->mode == MODE_TRANSPORT) { @@ -1048,6 +1058,8 @@ static void check_for_rekeyed_child(private_quick_mode_t *this, bool responder) TRUE).value; this->mark_out = child_sa->get_mark(child_sa, FALSE).value; + this->if_id_in = child_sa->get_if_id(child_sa, TRUE); + this->if_id_out = child_sa->get_if_id(child_sa, FALSE); child_sa->set_state(child_sa, CHILD_REKEYING); DBG1(DBG_IKE, "detected rekeying of CHILD_SA %s{%u}", child_sa->get_name(child_sa), @@ -1187,7 +1199,7 @@ METHOD(task_t, process_r, status_t, this->ike_sa->get_other_host(this->ike_sa), this->config, this->reqid, this->udp, this->mark_in, this->mark_out, - 0, 0); + this->if_id_in, this->if_id_out); tsi = linked_list_create_with_items(this->tsi, NULL); tsr = linked_list_create_with_items(this->tsr, NULL); @@ -1414,12 +1426,19 @@ METHOD(quick_mode_t, use_reqid, void, } METHOD(quick_mode_t, use_marks, void, - private_quick_mode_t *this, u_int in, u_int out) + private_quick_mode_t *this, uint32_t in, uint32_t out) { this->mark_in = in; this->mark_out = out; } +METHOD(quick_mode_t, use_if_ids, void, + private_quick_mode_t *this, uint32_t in, uint32_t out) +{ + this->if_id_in = in; + this->if_id_out = out; +} + METHOD(quick_mode_t, rekey, void, private_quick_mode_t *this, uint32_t spi) { @@ -1450,6 +1469,8 @@ METHOD(task_t, migrate, void, this->spi_r = 0; this->mark_in = 0; this->mark_out = 0; + this->if_id_in = 0; + this->if_id_out = 0; if (!this->initiator) { @@ -1490,6 +1511,7 @@ quick_mode_t *quick_mode_create(ike_sa_t *ike_sa, child_cfg_t *config, .get_mid = _get_mid, .use_reqid = _use_reqid, .use_marks = _use_marks, + .use_if_ids = _use_if_ids, .rekey = _rekey, }, .ike_sa = ike_sa, diff --git a/src/libcharon/sa/ikev1/tasks/quick_mode.h b/src/libcharon/sa/ikev1/tasks/quick_mode.h index 0d4c5b47c6..50025440ec 100644 --- a/src/libcharon/sa/ikev1/tasks/quick_mode.h +++ b/src/libcharon/sa/ikev1/tasks/quick_mode.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2015 Tobias Brunner + * Copyright (C) 2015-2019 Tobias Brunner * HSR Hochschule fuer Technik Rapperswil * * Copyright (C) 2011 Martin Willi @@ -61,7 +61,15 @@ struct quick_mode_t { * @param in inbound mark value * @param out outbound mark value */ - void (*use_marks)(quick_mode_t *this, u_int in, u_int out); + void (*use_marks)(quick_mode_t *this, uint32_t in, uint32_t out); + + /** + * Use specific interface IDs, overriding configuration. + * + * @param in inbound interface ID + * @param out outbound interface ID + */ + void (*use_if_ids)(quick_mode_t *this, uint32_t in, uint32_t out); /** * Set the SPI of the old SA, if rekeying. diff --git a/src/libcharon/sa/ikev2/task_manager_v2.c b/src/libcharon/sa/ikev2/task_manager_v2.c index e9142d79b4..ee3422c068 100644 --- a/src/libcharon/sa/ikev2/task_manager_v2.c +++ b/src/libcharon/sa/ikev2/task_manager_v2.c @@ -1874,6 +1874,8 @@ static void trigger_mbb_reauth(private_task_manager_t *this) child_create->use_marks(child_create, child_sa->get_mark(child_sa, TRUE).value, child_sa->get_mark(child_sa, FALSE).value); + /* interface IDs are not migrated as the new CHILD_SAs on old and new + * IKE_SA go though regular updown events */ new->queue_task(new, &child_create->task); children = TRUE; } diff --git a/src/libcharon/sa/ikev2/tasks/child_create.c b/src/libcharon/sa/ikev2/tasks/child_create.c index 1f93be4846..340542b19c 100644 --- a/src/libcharon/sa/ikev2/tasks/child_create.c +++ b/src/libcharon/sa/ikev2/tasks/child_create.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008-2018 Tobias Brunner + * Copyright (C) 2008-2019 Tobias Brunner * Copyright (C) 2005-2008 Martin Willi * Copyright (C) 2005 Jan Hutter * HSR Hochschule fuer Technik Rapperswil @@ -176,12 +176,22 @@ struct private_child_create_t { /** * Explicit inbound mark value */ - u_int mark_in; + uint32_t mark_in; /** * Explicit outbound mark value */ - u_int mark_out; + uint32_t mark_out; + + /** + * Explicit inbound interface ID to use, if any + */ + uint32_t if_id_in; + + /** + * Explicit outbound interface ID to use, if any + */ + uint32_t if_id_out; /** * CHILD_SA which gets established @@ -1110,7 +1120,7 @@ METHOD(task_t, build_i, status_t, this->child_sa = child_sa_create(this->ike_sa->get_my_host(this->ike_sa), this->ike_sa->get_other_host(this->ike_sa), this->config, this->reqid, this->ike_sa->has_condition(this->ike_sa, COND_NAT_ANY), - this->mark_in, this->mark_out, 0, 0); + this->mark_in, this->mark_out, this->if_id_in, this->if_id_out); if (this->reqid) { @@ -1395,7 +1405,7 @@ METHOD(task_t, build_r, status_t, this->child_sa = child_sa_create(this->ike_sa->get_my_host(this->ike_sa), this->ike_sa->get_other_host(this->ike_sa), this->config, this->reqid, this->ike_sa->has_condition(this->ike_sa, COND_NAT_ANY), - this->mark_in, this->mark_out, 0, 0); + this->mark_in, this->mark_out, this->if_id_in, this->if_id_out); if (this->ipcomp_received != IPCOMP_NONE) { @@ -1664,12 +1674,19 @@ METHOD(child_create_t, use_reqid, void, } METHOD(child_create_t, use_marks, void, - private_child_create_t *this, u_int in, u_int out) + private_child_create_t *this, uint32_t in, uint32_t out) { this->mark_in = in; this->mark_out = out; } +METHOD(child_create_t, use_if_ids, void, + private_child_create_t *this, uint32_t in, uint32_t out) +{ + this->if_id_in = in; + this->if_id_out = out; +} + METHOD(child_create_t, use_dh_group, void, private_child_create_t *this, diffie_hellman_group_t dh_group) { @@ -1748,6 +1765,8 @@ METHOD(task_t, migrate, void, this->reqid = 0; this->mark_in = 0; this->mark_out = 0; + this->if_id_in = 0; + this->if_id_out = 0; this->established = FALSE; } @@ -1797,6 +1816,7 @@ child_create_t *child_create_create(ike_sa_t *ike_sa, .get_lower_nonce = _get_lower_nonce, .use_reqid = _use_reqid, .use_marks = _use_marks, + .use_if_ids = _use_if_ids, .use_dh_group = _use_dh_group, .task = { .get_type = _get_type, diff --git a/src/libcharon/sa/ikev2/tasks/child_create.h b/src/libcharon/sa/ikev2/tasks/child_create.h index 59fc6d2d9e..eae1f3532f 100644 --- a/src/libcharon/sa/ikev2/tasks/child_create.h +++ b/src/libcharon/sa/ikev2/tasks/child_create.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2018 Tobias Brunner + * Copyright (C) 2018-2019 Tobias Brunner * Copyright (C) 2007 Martin Willi * HSR Hochschule fuer Technik Rapperswil * @@ -58,7 +58,15 @@ struct child_create_t { * @param in inbound mark value * @param out outbound mark value */ - void (*use_marks)(child_create_t *this, u_int in, u_int out); + void (*use_marks)(child_create_t *this, uint32_t in, uint32_t out); + + /** + * Use specific interface IDs, overriding configuration. + * + * @param in inbound interface ID + * @param out outbound interface ID + */ + void (*use_if_ids)(child_create_t *this, uint32_t in, uint32_t out); /** * Initially propose a specific DH group to override configuration. diff --git a/src/libcharon/sa/ikev2/tasks/child_rekey.c b/src/libcharon/sa/ikev2/tasks/child_rekey.c index d5188c0bc9..6b0f427856 100644 --- a/src/libcharon/sa/ikev2/tasks/child_rekey.c +++ b/src/libcharon/sa/ikev2/tasks/child_rekey.c @@ -207,6 +207,9 @@ METHOD(task_t, build_i, status_t, this->child_create->use_marks(this->child_create, this->child_sa->get_mark(this->child_sa, TRUE).value, this->child_sa->get_mark(this->child_sa, FALSE).value); + this->child_create->use_if_ids(this->child_create, + this->child_sa->get_if_id(this->child_sa, TRUE), + this->child_sa->get_if_id(this->child_sa, FALSE)); if (this->child_create->task.build(&this->child_create->task, message) != NEED_MORE) @@ -266,6 +269,9 @@ METHOD(task_t, build_r, status_t, this->child_create->use_marks(this->child_create, this->child_sa->get_mark(this->child_sa, TRUE).value, this->child_sa->get_mark(this->child_sa, FALSE).value); + this->child_create->use_if_ids(this->child_create, + this->child_sa->get_if_id(this->child_sa, TRUE), + this->child_sa->get_if_id(this->child_sa, FALSE)); config = this->child_sa->get_config(this->child_sa); this->child_create->set_config(this->child_create, config->get_ref(config)); this->child_create->task.build(&this->child_create->task, message);