From: Martin Willi Date: Wed, 12 Nov 2008 13:28:18 +0000 (+0000) Subject: set up basic infrastructure ha_sync plugin X-Git-Tag: 4.4.0~109 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=e5e91eec298b0ea2e96ec9cbe61c3ad625ac51d3;p=thirdparty%2Fstrongswan.git set up basic infrastructure ha_sync plugin --- diff --git a/src/charon/plugins/ha_sync/Makefile.am b/src/charon/plugins/ha_sync/Makefile.am index be4e358232..d3c46496eb 100644 --- a/src/charon/plugins/ha_sync/Makefile.am +++ b/src/charon/plugins/ha_sync/Makefile.am @@ -4,7 +4,11 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon AM_CFLAGS = -rdynamic plugin_LTLIBRARIES = libstrongswan-ha-sync.la -libstrongswan_ha_sync_la_SOURCES = ha_sync_plugin.h ha_sync_plugin.c \ +libstrongswan_ha_sync_la_SOURCES = \ + ha_sync_plugin.h ha_sync_plugin.c \ + ha_sync_message.h ha_sync_message.c \ + ha_sync_socket.h ha_sync_socket.c \ + ha_sync_ike.h ha_sync_ike.c \ ha_sync_child.h ha_sync_child.c libstrongswan_ha_sync_la_LDFLAGS = -module diff --git a/src/charon/plugins/ha_sync/ha_sync_child.c b/src/charon/plugins/ha_sync/ha_sync_child.c index 1d05f20850..ab6908eb45 100644 --- a/src/charon/plugins/ha_sync/ha_sync_child.c +++ b/src/charon/plugins/ha_sync/ha_sync_child.c @@ -18,8 +18,6 @@ #include "ha_sync_child.h" typedef struct private_ha_sync_child_t private_ha_sync_child_t; -typedef struct serialized_child_sa_t serialized_child_sa_t; -typedef struct serialized_ts_t serialized_ts_t; /** * Private data of an ha_sync_child_t object. @@ -30,163 +28,20 @@ struct private_ha_sync_child_t { * Public ha_sync_child_t interface. */ ha_sync_child_t public; -}; - -/* version number of serialization fromat */ -#define SERIALIZE_VERSION 1 - -/** - * A serialized traffic selector - */ -struct serialized_ts_t { - u_int8_t type; - u_int8_t protocol; - u_int8_t dynamic; - struct { - u_int8_t addr[16]; - u_int16_t port; - } from, to; -}; - -/** - * A serialized CHILD_SA - */ -struct serialized_child_sa_t { - - u_int8_t version; - - /* per CHILD values */ - u_int8_t protocol; - u_int8_t mode; - u_int8_t encap; - u_int8_t ipcomp; - u_int32_t soft_lifetime; - u_int32_t hard_lifetime; - /* configuration name */ - char config[32]; - - /* algs and keys */ - struct { - u_int16_t alg; - u_int16_t keylen; - u_int8_t in[64], out[64]; - } integrity, encryption; - - struct { - u_int32_t spi; - u_int16_t cpi; - - u_int8_t addr_fam; - u_int8_t addr[16]; - u_int16_t port; - - /* traffic selector, currently only one, TODO */ - serialized_ts_t ts; - } in, out; + /** + * socket we use for syncing + */ + ha_sync_socket_t *socket; }; /** - * Serialize a traffic selector list + * Implementation of listener_t.child_keys */ -static void serialize_ts_list(linked_list_t *ts_list, serialized_ts_t *ser) +static bool child_keys(private_ha_sync_child_t *this, ike_sa_t *ike_sa, + child_sa_t *child_sa, diffie_hellman_t *dh, + chunk_t nonce_i, chunk_t nonce_r) { - enumerator_t *enumerator; - traffic_selector_t *ts; - chunk_t chunk; - int i = 0; - - enumerator = ts_list->create_enumerator(ts_list); - if (enumerator->enumerate(enumerator, &ts)) - { - ser->type = ts->get_type(ts); - ser->protocol = ts->get_protocol(ts); - ser->dynamic = ts->is_dynamic(ts); - ser->from.port = htons(ts->get_from_port(ts)); - ser->to.port = htons(ts->get_to_port(ts)); - chunk = ts->get_from_address(ts); - memcpy(ser->from.addr, chunk.ptr, min(chunk.len, sizeof(ser->from.addr))); - chunk = ts->get_to_address(ts); - memcpy(ser->to.addr, chunk.ptr, min(chunk.len, sizeof(ser->to.addr))); - } - enumerator->destroy(enumerator); -} - -/** - * Serialize a CHILD_SA - */ -static chunk_t serialize(ike_sa_t *ike_sa, child_sa_t *child_sa) -{ - serialized_child_sa_t *ser; - child_cfg_t *config; - host_t *me, *other; - chunk_t chunk; - - config = child_sa->get_config(child_sa); - me = ike_sa->get_my_host(ike_sa); - other = ike_sa->get_other_host(ike_sa); - - ser = malloc_thing(serialized_child_sa_t); - memset(ser, 0, sizeof(serialized_child_sa_t)); - - ser->version = SERIALIZE_VERSION; - ser->protocol = child_sa->get_protocol(child_sa); - ser->mode = child_sa->get_mode(child_sa); - ser->encap = child_sa->has_encap(child_sa); - ser->ipcomp = child_sa->get_ipcomp(child_sa); - ser->soft_lifetime = child_sa->get_lifetime(child_sa, FALSE); - ser->hard_lifetime = child_sa->get_lifetime(child_sa, TRUE); - ser->in.spi = child_sa->get_spi(child_sa, TRUE); - ser->in.cpi = child_sa->get_cpi(child_sa, TRUE); - ser->out.spi = child_sa->get_spi(child_sa, FALSE); - ser->out.cpi = child_sa->get_cpi(child_sa, FALSE); - snprintf(ser->config, sizeof(ser->config), config->get_name(config)); - - ser->integrity.alg = child_sa->get_integrity(child_sa, TRUE, &chunk); - ser->integrity.keylen = chunk.len; - memcpy(ser->integrity.in, chunk.ptr, ser->integrity.keylen); - child_sa->get_integrity(child_sa, FALSE, &chunk); - memcpy(ser->integrity.out, chunk.ptr, ser->integrity.keylen); - - ser->encryption.alg = child_sa->get_encryption(child_sa, TRUE, &chunk); - ser->encryption.keylen = chunk.len; - memcpy(ser->encryption.in, chunk.ptr, ser->encryption.keylen); - child_sa->get_integrity(child_sa, FALSE, &chunk); - memcpy(ser->encryption.out, chunk.ptr, ser->encryption.keylen); - - ser->in.addr_fam = me->get_family(me); - ser->in.port = htons(me->get_port(me)); - chunk = me->get_address(me); - memcpy(ser->in.addr, chunk.ptr, chunk.len); - - ser->out.addr_fam = other->get_family(other); - ser->out.port = htons(other->get_port(other)); - chunk = other->get_address(other); - memcpy(ser->out.addr, chunk.ptr, chunk.len); - - serialize_ts_list(child_sa->get_traffic_selectors(child_sa, TRUE), - &ser->in.ts); - serialize_ts_list(child_sa->get_traffic_selectors(child_sa, FALSE), - &ser->out.ts); - - return chunk_create((void*)ser, sizeof(serialized_child_sa_t)); -} - -/** - * Listener implementation - */ -static bool child_state_change(private_ha_sync_child_t *this, ike_sa_t *ike_sa, - child_sa_t *child_sa, child_sa_state_t state) -{ - if (state == CHILD_INSTALLED) - { - chunk_t chunk; - - chunk = serialize(ike_sa, child_sa); - DBG1(DBG_IKE, "NEW CHILD: %B", &chunk); - - chunk_clear(&chunk); - } return TRUE; } @@ -201,15 +56,16 @@ static void destroy(private_ha_sync_child_t *this) /** * See header */ -ha_sync_child_t *ha_sync_child_create() +ha_sync_child_t *ha_sync_child_create(ha_sync_socket_t *socket) { private_ha_sync_child_t *this = malloc_thing(private_ha_sync_child_t); memset(&this->public.listener, 0, sizeof(listener_t)); - - this->public.listener.child_state_change = (void*)child_state_change; + this->public.listener.child_keys = (bool(*)(listener_t*, ike_sa_t *ike_sa, child_sa_t *child_sa, diffie_hellman_t *dh, chunk_t nonce_i, chunk_t nonce_r))child_keys; this->public.destroy = (void(*)(ha_sync_child_t*))destroy; + this->socket = socket; + return &this->public; } diff --git a/src/charon/plugins/ha_sync/ha_sync_child.h b/src/charon/plugins/ha_sync/ha_sync_child.h index 6b66c8ca2b..8a5edcb684 100644 --- a/src/charon/plugins/ha_sync/ha_sync_child.h +++ b/src/charon/plugins/ha_sync/ha_sync_child.h @@ -23,6 +23,8 @@ #ifndef HA_SYNC_CHILD_H_ #define HA_SYNC_CHILD_H_ +#include "ha_sync_socket.h" + #include typedef struct ha_sync_child_t ha_sync_child_t; @@ -45,7 +47,9 @@ struct ha_sync_child_t { /** * Create a ha_sync_child instance. + * + * @param socket socket to use for sending synchronization messages */ -ha_sync_child_t *ha_sync_child_create(); +ha_sync_child_t *ha_sync_child_create(ha_sync_socket_t *socket); #endif /* HA_SYNC_CHILD_ @}*/ diff --git a/src/charon/plugins/ha_sync/ha_sync_ike.c b/src/charon/plugins/ha_sync/ha_sync_ike.c new file mode 100644 index 0000000000..e894e39368 --- /dev/null +++ b/src/charon/plugins/ha_sync/ha_sync_ike.c @@ -0,0 +1,71 @@ +/* + * Copyright (C) 2008 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + * + * $Id$ + */ + +#include "ha_sync_ike.h" + +typedef struct private_ha_sync_ike_t private_ha_sync_ike_t; + +/** + * Private data of an ha_sync_ike_t object. + */ +struct private_ha_sync_ike_t { + + /** + * Public ha_sync_ike_t interface. + */ + ha_sync_ike_t public; + + /** + * socket we use for syncing + */ + ha_sync_socket_t *socket; +}; + +/** + * Implementation of listener_t.ike_keys + */ +static bool ike_keys(private_ha_sync_ike_t *this, ike_sa_t *ike_sa, + diffie_hellman_t *dh, chunk_t nonce_i, chunk_t nonce_r, + ike_sa_t *rekey) +{ + return TRUE; +} + +/** + * Implementation of ha_sync_ike_t.destroy. + */ +static void destroy(private_ha_sync_ike_t *this) +{ + free(this); +} + +/** + * See header + */ +ha_sync_ike_t *ha_sync_ike_create(ha_sync_socket_t *socket) +{ + private_ha_sync_ike_t *this = malloc_thing(private_ha_sync_ike_t); + + memset(&this->public.listener, 0, sizeof(listener_t)); + this->public.listener.ike_keys = (bool(*)(listener_t*, ike_sa_t *ike_sa, diffie_hellman_t *dh,chunk_t nonce_i, chunk_t nonce_r, ike_sa_t *rekey))ike_keys; + this->public.destroy = (void(*)(ha_sync_ike_t*))destroy; + + this->socket = socket; + + return &this->public; +} + diff --git a/src/charon/plugins/ha_sync/ha_sync_ike.h b/src/charon/plugins/ha_sync/ha_sync_ike.h new file mode 100644 index 0000000000..f2d0343430 --- /dev/null +++ b/src/charon/plugins/ha_sync/ha_sync_ike.h @@ -0,0 +1,55 @@ +/* + * Copyright (C) 2008 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + * + * $Id$ + */ + +/** + * @defgroup ha_sync_ike ha_sync_ike + * @{ @ingroup ha_sync + */ + +#ifndef HA_SYNC_IKE_H_ +#define HA_SYNC_IKE_H_ + +#include "ha_sync_socket.h" + +#include + +typedef struct ha_sync_ike_t ha_sync_ike_t; + +/** + * Synchronize IKE_SAs. + */ +struct ha_sync_ike_t { + + /** + * Implements bus listener interface. + */ + listener_t listener; + + /** + * Destroy a ha_sync_ike_t. + */ + void (*destroy)(ha_sync_ike_t *this); +}; + +/** + * Create a ha_sync_ike instance. + * + * @param socket socket to use for sending synchronization messages + */ +ha_sync_ike_t *ha_sync_ike_create(ha_sync_socket_t *socket); + +#endif /* HA_SYNC_IKE_ @}*/ diff --git a/src/charon/plugins/ha_sync/ha_sync_message.c b/src/charon/plugins/ha_sync/ha_sync_message.c new file mode 100644 index 0000000000..fcb601c204 --- /dev/null +++ b/src/charon/plugins/ha_sync/ha_sync_message.c @@ -0,0 +1,207 @@ +/* + * Copyright (C) 2008 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + * + * $Id$ + */ + +#include "ha_sync_message.h" + +#include + +#include + +typedef struct private_ha_sync_message_t private_ha_sync_message_t; + +/** + * Private data of an ha_sync_message_t object. + */ +struct private_ha_sync_message_t { + + /** + * Public ha_sync_message_t interface. + */ + ha_sync_message_t public; + + /** + * Number of bytes allocted in buffer + */ + size_t allocated; + + /** + * Buffer containing encoded data + */ + chunk_t buf; +}; + +/** + * Implementation of ha_sync_message_t.get_type + */ +static ha_sync_message_type_t get_type(private_ha_sync_message_t *this) +{ + return this->buf.ptr[1]; +} + +/** + * check for space in buffer, increase if necessary + */ +static void check_buf(private_ha_sync_message_t *this, size_t len) +{ + while (this->buf.len + len > this->allocated) + { /* double size */ + this->allocated = this->allocated * 2; + this->buf.ptr = realloc(this->buf.ptr, this->allocated); + } +} + +/** + * Implementation of ha_sync_message_t.add_attribute + */ +static void add_attribute(private_ha_sync_message_t *this, + ha_sync_message_attribute_t attribute, + ha_sync_message_value_t value) +{ + size_t len; + + check_buf(this, sizeof(u_int8_t)); + this->buf.ptr[this->buf.len] = attribute; + this->buf.len += sizeof(u_int8_t); + + switch (attribute) + { + case HA_SYNC_ENCAP_U8: + case HA_SYNC_MODE_U8: + case HA_SYNC_IPCOMP_U8: + check_buf(this, sizeof(value.u8)); + this->buf.ptr[this->buf.len] = value.u8; + this->buf.len += sizeof(value.u8); + break; + case HA_SYNC_PORT_L_U16: + case HA_SYNC_PORT_R_U16: + case HA_SYNC_CPI_L_U16: + case HA_SYNC_CPI_R_U16: + case HA_SYNC_ALG_INTEG_U16: + case HA_SYNC_ALG_ENC_U16: + check_buf(this, sizeof(value.u16)); + this->buf.ptr[this->buf.len] = htons(value.u16); + this->buf.len += sizeof(value.u16); + break; + case HA_SYNC_SPI_L_U32: + case HA_SYNC_SPI_R_U32: + check_buf(this, sizeof(value.u32)); + this->buf.ptr[this->buf.len] = htonl(value.u32); + this->buf.len += sizeof(value.u32); + break; + case HA_SYNC_IPV4_L_CHNK: + case HA_SYNC_IPV4_R_CHNK: + case HA_SYNC_NONCE_I_CHNK: + case HA_SYNC_NONCE_R_CHNK: + case HA_SYNC_SECRET_CHNK: + check_buf(this, value.chnk.len); + memcpy(this->buf.ptr + this->buf.len, value.chnk.ptr, value.chnk.len); + this->buf.len += value.chnk.len; + break; + case HA_SYNC_CONFIG_STR: + len = strlen(value.str) + 1; + check_buf(this, len); + memcpy(this->buf.ptr + this->buf.len, value.str, len); + this->buf.len += len; + break; + default: + DBG1(DBG_CFG, "unable to encode, attribute %d unknown", attribute); + this->buf.len -= sizeof(u_int8_t); + break; + } +} + +/** + * Implementation of ha_sync_message_t.create_attribute_enumerator + */ +static enumerator_t* create_attribute_enumerator(private_ha_sync_message_t *this) +{ + return enumerator_create_empty(); +} + +/** + * Implementation of ha_sync_message_t.get_encoding + */ +static chunk_t get_encoding(private_ha_sync_message_t *this) +{ + return this->buf; +} + +/** + * Implementation of ha_sync_message_t.destroy. + */ +static void destroy(private_ha_sync_message_t *this) +{ + free(this->buf.ptr); + free(this); +} + + +static private_ha_sync_message_t *ha_sync_message_create_generic() +{ + private_ha_sync_message_t *this = malloc_thing(private_ha_sync_message_t); + + this->public.get_type = (ha_sync_message_type_t(*)(ha_sync_message_t*))get_type; + this->public.add_attribute = (void(*)(ha_sync_message_t*, ha_sync_message_attribute_t attribute, ...))add_attribute; + this->public.create_attribute_enumerator = (enumerator_t*(*)(ha_sync_message_t*))create_attribute_enumerator; + this->public.get_encoding = (chunk_t(*)(ha_sync_message_t*))get_encoding; + this->public.destroy = (void(*)(ha_sync_message_t*))destroy; + + return this; +} + +/** + * See header + */ +ha_sync_message_t *ha_sync_message_create(ha_sync_message_type_t type) +{ + private_ha_sync_message_t *this = ha_sync_message_create_generic(); + + this->allocated = 64; + this->buf.ptr = malloc(this->allocated); + this->buf.len = 2; + this->buf.ptr[0] = HA_SYNC_MESSAGE_VERSION; + this->buf.ptr[1] = type; + + return &this->public; +} + +/** + * See header + */ +ha_sync_message_t *ha_sync_message_parse(chunk_t data) +{ + private_ha_sync_message_t *this; + + if (data.len < 2) + { + DBG1(DBG_CFG, "HA sync message too short"); + return NULL; + } + if (data.ptr[0] != HA_SYNC_MESSAGE_VERSION) + { + DBG1(DBG_CFG, "HA sync message has version %d, expected %d", + data.ptr[0], HA_SYNC_MESSAGE_VERSION); + return NULL; + } + + this = ha_sync_message_create_generic(); + this->buf = chunk_clone(data); + this->allocated = this->buf.len; + + return &this->public; +} + diff --git a/src/charon/plugins/ha_sync/ha_sync_message.h b/src/charon/plugins/ha_sync/ha_sync_message.h new file mode 100644 index 0000000000..714becfc14 --- /dev/null +++ b/src/charon/plugins/ha_sync/ha_sync_message.h @@ -0,0 +1,137 @@ +/* + * Copyright (C) 2008 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + * + * $Id$ + */ + +/** + * @defgroup ha_sync_message ha_sync_message + * @{ @ingroup ha_sync + */ + +#ifndef HA_SYNC_MESSAGE_H_ +#define HA_SYNC_MESSAGE_H_ + +#include + +/** + * Protocol version of this implementation + */ +#define HA_SYNC_MESSAGE_VERSION 1 + +typedef struct ha_sync_message_t ha_sync_message_t; +typedef enum ha_sync_message_type_t ha_sync_message_type_t; +typedef enum ha_sync_message_attribute_t ha_sync_message_attribute_t; +typedef union ha_sync_message_value_t ha_sync_message_value_t; + +/** + * Type of a sync message + */ +enum ha_sync_message_type_t { + HA_SYNC_CHILD_SA = 0, + HA_SYNC_IKE_SA, + HA_SYNC_IKE_MID, +}; + +/** + * Type of attributes contained in a message + */ +enum ha_sync_message_attribute_t { + HA_SYNC_CONFIG_STR = 0, + HA_SYNC_IPV4_L_CHNK, + HA_SYNC_IPV4_R_CHNK, + HA_SYNC_PORT_L_U16, + HA_SYNC_PORT_R_U16, + HA_SYNC_SPI_L_U32, + HA_SYNC_SPI_R_U32, + HA_SYNC_CPI_L_U16, + HA_SYNC_CPI_R_U16, + HA_SYNC_ENCAP_U8, + HA_SYNC_MODE_U8, + HA_SYNC_IPCOMP_U8, + HA_SYNC_NONCE_I_CHNK, + HA_SYNC_NONCE_R_CHNK, + HA_SYNC_SECRET_CHNK, + HA_SYNC_ALG_INTEG_U16, + HA_SYNC_ALG_ENC_U16, +}; + +/** + * Union to enumerate typed attributes in a message + */ +union ha_sync_message_value_t { + u_int8_t u8; + u_int32_t u32; + u_int16_t u16; + chunk_t chnk; + char *str; +}; + +/** + * Abstracted message passed between nodes in a HA cluster. + */ +struct ha_sync_message_t { + + /** + * Get the type of the message. + * + * @return message type + */ + ha_sync_message_type_t (*get_type)(ha_sync_message_t *this); + + /** + * Add an attribute to a message. + * + * @param attribute attribute type to add + * @param ... attribute specific data + */ + void (*add_attribute)(ha_sync_message_t *this, + ha_sync_message_attribute_t attribute, ...); + + /** + * Create an enumerator over all attributes in a message. + * + * @return enumerator over attribute, ha_sync_message_value_t + */ + enumerator_t* (*create_attribute_enumerator)(ha_sync_message_t *this); + + /** + * Get the message in a encoded form. + * + * @return chunk pointing to internal data + */ + chunk_t (*get_encoding)(ha_sync_message_t *this); + + /** + * Destroy a ha_sync_message_t. + */ + void (*destroy)(ha_sync_message_t *this); +}; + +/** + * Create a new ha_sync_message instance, ready for adding attributes + * + * @param version protocol version to create a message from + * @param type type of the message + */ +ha_sync_message_t *ha_sync_message_create(ha_sync_message_type_t type); + +/** + * Create a ha_sync_message from encoded data. + * + * @param data encoded message data + */ +ha_sync_message_t *ha_sync_message_parse(chunk_t data); + +#endif /* HA_SYNC_MESSAGE_ @}*/ diff --git a/src/charon/plugins/ha_sync/ha_sync_plugin.c b/src/charon/plugins/ha_sync/ha_sync_plugin.c index 1dfa14d11d..d6d2fe3bac 100644 --- a/src/charon/plugins/ha_sync/ha_sync_plugin.c +++ b/src/charon/plugins/ha_sync/ha_sync_plugin.c @@ -16,7 +16,9 @@ */ #include "ha_sync_plugin.h" +#include "ha_sync_ike.h" #include "ha_sync_child.h" +#include "ha_sync_socket.h" #include #include @@ -34,7 +36,17 @@ struct private_ha_sync_plugin_t { ha_sync_plugin_t public; /** - * CHILD_SA sync + * Communication socket + */ + ha_sync_socket_t *socket; + + /** + * IKE_SA synchronization + */ + ha_sync_ike_t *ike; + + /** + * CHILD_SA synchronization */ ha_sync_child_t *child; }; @@ -44,8 +56,11 @@ struct private_ha_sync_plugin_t { */ static void destroy(private_ha_sync_plugin_t *this) { + charon->bus->remove_listener(charon->bus, &this->ike->listener); charon->bus->remove_listener(charon->bus, &this->child->listener); + this->ike->destroy(this->ike); this->child->destroy(this->child); + this->socket->destroy(this->socket); free(this); } @@ -58,7 +73,15 @@ plugin_t *plugin_create() this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - this->child = ha_sync_child_create(); + this->socket = ha_sync_socket_create(); + if (!this->socket) + { + free(this); + return NULL; + } + this->ike = ha_sync_ike_create(this->socket); + this->child = ha_sync_child_create(this->socket); + charon->bus->add_listener(charon->bus, &this->ike->listener); charon->bus->add_listener(charon->bus, &this->child->listener); return &this->public.plugin; diff --git a/src/charon/plugins/ha_sync/ha_sync_socket.c b/src/charon/plugins/ha_sync/ha_sync_socket.c new file mode 100644 index 0000000000..193d6cb9c1 --- /dev/null +++ b/src/charon/plugins/ha_sync/ha_sync_socket.c @@ -0,0 +1,185 @@ +/* + * Copyright (C) 2008 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + * + * $Id$ + */ + +#include "ha_sync_socket.h" + +#include +#include +#include +#include + +#include +#include + +typedef struct private_ha_sync_socket_t private_ha_sync_socket_t; + +/** + * Private data of an ha_sync_socket_t object. + */ +struct private_ha_sync_socket_t { + + /** + * Public ha_sync_socket_t interface. + */ + ha_sync_socket_t public; + + /** + * UDP communication socket fd + */ + int fd; +}; + +/** + * Implementation of ha_sync_socket_t.push + */ +static void push(private_ha_sync_socket_t *this, ha_sync_message_t *message) +{ + chunk_t data; + + data = message->get_encoding(message); + if (send(this->fd, data.ptr, data.len, 0) < data.len) + { + DBG1(DBG_CFG, "pushing HA sync message failed: %s", strerror(errno)); + } +} + +/** + * Implementation of ha_sync_socket_t.pull + */ +static ha_sync_message_t *pull(private_ha_sync_socket_t *this) +{ + while (TRUE) + { + ha_sync_message_t *message; + char buf[1024]; + ssize_t len; + + len = recv(this->fd, buf, sizeof(buf), 0); + if (len <= 0) + { + if (errno != EINTR) + { + DBG1(DBG_CFG, "pulling HA sync message failed: %s", + strerror(errno)); + sleep(1); + } + continue; + } + message = ha_sync_message_parse(chunk_create(buf, len)); + if (message) + { + return message; + } + } +} + +/** + * read local/remote node address from config + */ +static host_t *get_host_config(char *key) +{ + char *value; + host_t *host; + + value = lib->settings->get_str(lib->settings, + "charon.plugins.ha_sync.%s", NULL, key); + if (!value) + { + DBG1(DBG_CFG, "no %s node specified for HA sync", key); + return NULL; + } + host = host_create_from_dns(value, 0, HA_SYNC_PORT); + if (!host) + { + DBG1(DBG_CFG, "%s node '%s' is invalid", key, value); + } + return host; +} + +/** + * Open and connect the HA sync socket + */ +static bool open_socket(private_ha_sync_socket_t *this) +{ + host_t *local, *remote; + bool success = TRUE; + + local = get_host_config("local"); + remote = get_host_config("remote"); + if (!local || !remote) + { + DESTROY_IF(local); + DESTROY_IF(remote); + return FALSE; + } + + this->fd = socket(local->get_family(local), SOCK_DGRAM, 0); + if (!this->fd) + { + DESTROY_IF(local); + DESTROY_IF(remote); + DBG1(DBG_CFG, "opening HA sync socket failed: %s", strerror(errno)); + return FALSE; + } + + if (bind(this->fd, local->get_sockaddr(local), + *local->get_sockaddr_len(local)) == -1) + { + DBG1(DBG_CFG, "binding HA sync socket failed: %s", strerror(errno)); + close(this->fd); + success = FALSE; + } + if (connect(this->fd, remote->get_sockaddr(remote), + *remote->get_sockaddr_len(remote)) == -1) + { + DBG1(DBG_CFG, "connecting HA sync socket failed: %s", strerror(errno)); + close(this->fd); + success = FALSE; + } + local->destroy(local); + remote->destroy(remote); + return success; +} + +/** + * Implementation of ha_sync_socket_t.destroy. + */ +static void destroy(private_ha_sync_socket_t *this) +{ + close(this->fd); + free(this); +} + +/** + * See header + */ +ha_sync_socket_t *ha_sync_socket_create() +{ + private_ha_sync_socket_t *this = malloc_thing(private_ha_sync_socket_t); + + this->public.push = (void(*)(ha_sync_socket_t*, ha_sync_message_t*))push; + this->public.pull = (ha_sync_message_t*(*)(ha_sync_socket_t*))pull; + this->public.destroy = (void(*)(ha_sync_socket_t*))destroy; + + if (!open_socket(this)) + { + free(this); + return NULL; + } + return &this->public; +} + diff --git a/src/charon/plugins/ha_sync/ha_sync_socket.h b/src/charon/plugins/ha_sync/ha_sync_socket.h new file mode 100644 index 0000000000..12fdef2be6 --- /dev/null +++ b/src/charon/plugins/ha_sync/ha_sync_socket.h @@ -0,0 +1,65 @@ +/* + * Copyright (C) 2008 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + * + * $Id$ + */ + +/** + * @defgroup ha_sync_socket ha_sync_socket + * @{ @ingroup ha_sync + */ + +#ifndef HA_SYNC_SOCKET_H_ +#define HA_SYNC_SOCKET_H_ + +#include "ha_sync_message.h" + +/** + * UDP port we use for communication + */ +#define HA_SYNC_PORT 4510 + +typedef struct ha_sync_socket_t ha_sync_socket_t; + +/** + * Socket to send/received SA synchronization data + */ +struct ha_sync_socket_t { + + /** + * Push synchronization information to the responsible node. + * + * @param message message to send + */ + void (*push)(ha_sync_socket_t *this, ha_sync_message_t *message); + + /** + * Pull synchronization information from a peer we are responsible. + * + * @return received message + */ + ha_sync_message_t *(*pull)(ha_sync_socket_t *this); + + /** + * Destroy a ha_sync_socket_t. + */ + void (*destroy)(ha_sync_socket_t *this); +}; + +/** + * Create a ha_sync_socket instance. + */ +ha_sync_socket_t *ha_sync_socket_create(); + +#endif /* HA_SYNC_SOCKET_ @}*/