Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Remove "fastquit" configure option and make it the default behaviour. The

Browse Source 
previous normal behaviour is buggy, as after flush kernel can immediately
create larval SA:s which would prevent exit.
This commit is contained in:
tteras 2009-01-23 08:05:58 +00:00
parent 0306a7c61f
commit 2b7d4cd554
8 changed files with 22 additions and 127 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
crypto/dist/ipsec-tools/configure.ac vendored
View File

@ -556,16 +556,6 @@ if test "x$enable_dpd" = "xyes"; then
fi
AC_MSG_RESULT($enable_dpd)
AC_MSG_CHECKING(if --enable-fastquit option is specified)
AC_ARG_ENABLE(fastquit,
[ --enable-fastquit enable new faster code to flush SAs when stopping racoon],
[], [enable_fastquit=no])
if test "x$enable_fastquit" = "xyes"; then
AC_DEFINE([ENABLE_FASTQUIT], [], [Enable fast SA flush code])
fi
AC_MSG_RESULT($enable_fastquit)
AC_MSG_CHECKING(if --enable-samode-unspec option is specified)
AC_ARG_ENABLE(samode-unspec,
[ --enable-samode-unspec enable to use unspecified a mode of SA],

4
crypto/dist/ipsec-tools/src/racoon/admin.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: admin.c,v 1.27 2008/12/23 14:03:12 tteras Exp $ */
/* $NetBSD: admin.c,v 1.28 2009/01/23 08:05:58 tteras Exp $ */
/* Id: admin.c,v 1.25 2006/04/06 14:31:04 manubsd Exp */
@ -739,7 +739,7 @@ admin_init()
return -1;
}
monitor_fd(lcconf->sock_admin, FALSE, admin_handler, NULL);
monitor_fd(lcconf->sock_admin, admin_handler, NULL);
plog(LLV_DEBUG, LOCATION, NULL,
"open %s as racoon management.\n", sunaddr.sun_path);

4
crypto/dist/ipsec-tools/src/racoon/evt.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: evt.c,v 1.8 2008/12/23 14:03:12 tteras Exp $ */
/* $NetBSD: evt.c,v 1.9 2009/01/23 08:05:58 tteras Exp $ */
/* Id: evt.c,v 1.5 2006/06/22 20:11:35 manubsd Exp */
@ -373,7 +373,7 @@ evt_subscribe(list, fd)
LIST_INSERT_HEAD(list, l, ll_chain);
l->fd = fd;
monitor_fd(l->fd, FALSE, evt_unsubscribe_cb, l);
monitor_fd(l->fd, evt_unsubscribe_cb, l);
plog(LLV_DEBUG, LOCATION, NULL,
"[%d] admin connection is polling events\n", fd);

4
crypto/dist/ipsec-tools/src/racoon/grabmyaddr.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: grabmyaddr.c,v 1.20 2008/12/24 20:20:52 christos Exp $ */
/* $NetBSD: grabmyaddr.c,v 1.21 2009/01/23 08:05:58 tteras Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
* Copyright (C) 2008 Timo Teras <timo.teras@iki.fi>.
@ -298,7 +298,7 @@ myaddr_init()
lcconf->rtsock = kernel_open_socket();
if (lcconf->rtsock < 0)
return -1;
monitor_fd(lcconf->rtsock, TRUE, kernel_receive, NULL);
monitor_fd(lcconf->rtsock, kernel_receive, NULL);
} else {
lcconf->rtsock = -1;
if (!myaddr_open_all_configured(NULL))

4
crypto/dist/ipsec-tools/src/racoon/isakmp.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: isakmp.c,v 1.47 2008/12/23 14:03:12 tteras Exp $ */
/* $NetBSD: isakmp.c,v 1.48 2009/01/23 08:05:58 tteras Exp $ */
/* Id: isakmp.c,v 1.74 2006/05/07 21:32:59 manubsd Exp */
@ -1735,7 +1735,7 @@ isakmp_open(struct sockaddr *addr, int udp_encap)
"%s used as isakmp port (fd=%d)\n",
saddr2str(addr), fd);
monitor_fd(fd, FALSE, isakmp_handler, NULL);
monitor_fd(fd, isakmp_handler, NULL);
return fd;
err:

6
crypto/dist/ipsec-tools/src/racoon/pfkey.c vendored
View File

@ -1,6 +1,6 @@
/* $NetBSD: pfkey.c,v 1.42 2008/12/23 14:03:12 tteras Exp $ */
/* $NetBSD: pfkey.c,v 1.43 2009/01/23 08:05:58 tteras Exp $ */
/* $Id: pfkey.c,v 1.42 2008/12/23 14:03:12 tteras Exp $ */
/* $Id: pfkey.c,v 1.43 2009/01/23 08:05:58 tteras Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@ -480,7 +480,7 @@ pfkey_init()
return -1;
}
#endif
monitor_fd(lcconf->sock_pfkey, TRUE, pfkey_handler, NULL);
monitor_fd(lcconf->sock_pfkey, pfkey_handler, NULL);
return 0;
}

112
crypto/dist/ipsec-tools/src/racoon/session.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: session.c,v 1.23 2009/01/05 06:00:27 tteras Exp $ */
/* $NetBSD: session.c,v 1.24 2009/01/23 08:05:58 tteras Exp $ */
/* $KAME: session.c,v 1.32 2003/09/24 02:01:17 jinmei Exp $ */
@ -110,31 +110,25 @@ static void initfds __P((void));
static void init_signal __P((void));
static int set_signal __P((int sig, RETSIGTYPE (*func) __P((int))));
static void check_sigreq __P((void));
static void check_flushsa_stub __P((struct sched *));
static void check_flushsa __P((void));
static int close_sockets __P((void));
static fd_set mask0;
static fd_set maskdying;
static fd_set mask;
static struct fd_monitor fd_monitors[FD_SETSIZE];
static int nfds = 0;
static volatile sig_atomic_t sigreq[NSIG + 1];
static int dying = 0;
static struct sched scflushsa = SCHED_INITIALIZER();
void
monitor_fd(int fd, int when_dying, int (*callback)(void *, int), void *ctx)
monitor_fd(int fd, int (*callback)(void *, int), void *ctx)
{
if (fd < 0 || fd >= FD_SETSIZE) {
plog(LLV_ERROR, LOCATION, NULL, "fd_set overrun");
exit(1);
}
FD_SET(fd, &mask0);
if (when_dying)
FD_SET(fd, &maskdying);
FD_SET(fd, &mask);
if (fd > nfds)
nfds = fd;
@ -150,8 +144,7 @@ unmonitor_fd(int fd)
exit(1);
}
FD_CLR(fd, &mask0);
FD_CLR(fd, &maskdying);
FD_CLR(fd, &mask);
fd_monitors[fd].callback = NULL;
fd_monitors[fd].ctx = NULL;
}
@ -168,8 +161,7 @@ session(void)
int i;
nfds = 0;
FD_ZERO(&mask0);
FD_ZERO(&maskdying);
FD_ZERO(&mask);
/* initialize schedular */
sched_init();
@ -280,10 +272,7 @@ session(void)
/* schedular can change select() mask, so we reset
* the working copy here */
if (dying)
rfds = maskdying;
else
rfds = mask0;
rfds = mask;
error = select(nfds + 1, &rfds, NULL, NULL, timeout);
if (error < 0) {
@ -310,9 +299,9 @@ session(void)
static void
close_session()
{
#ifdef ENABLE_FASTQUIT
evt_generic(EVT_RACOON_QUIT, NULL);
pfkey_send_flush(lcconf->sock_pfkey, SADB_SATYPE_UNSPEC);
flushph2();
#endif
flushph1();
close_sockets();
backupsa_clean();
@ -446,15 +435,7 @@ check_sigreq()
case SIGTERM:
plog(LLV_INFO, LOCATION, NULL,
"caught signal %d\n", sig);
evt_generic(EVT_RACOON_QUIT, NULL);
pfkey_send_flush(lcconf->sock_pfkey,
SADB_SATYPE_UNSPEC);
#ifdef ENABLE_FASTQUIT
close_session();
#else
sched_schedule(&scflushsa, 1, check_flushsa_stub);
#endif
dying = 1;
break;
default:
@ -465,81 +446,6 @@ check_sigreq()
}
}
/*
* waiting the termination of processing until sending DELETE message
* for all inbound SA will complete.
*/
static void
check_flushsa_stub(p)
struct sched *p;
{
check_flushsa();
}
static void
check_flushsa()
{
vchar_t *buf;
struct sadb_msg *msg, *end, *next;
struct sadb_sa *sa;
caddr_t mhp[SADB_EXT_MAX + 1];
int n;
buf = pfkey_dump_sadb(SADB_SATYPE_UNSPEC);
if (buf == NULL) {
plog(LLV_DEBUG, LOCATION, NULL,
"pfkey_dump_sadb: returned nothing.\n");
return;
}
msg = (struct sadb_msg *)buf->v;
end = (struct sadb_msg *)(buf->v + buf->l);
/* counting SA except of dead one. */
n = 0;
while (msg < end) {
if (PFKEY_UNUNIT64(msg->sadb_msg_len) < sizeof(*msg))
break;
next = (struct sadb_msg *)((caddr_t)msg + PFKEY_UNUNIT64(msg->sadb_msg_len));
if (msg->sadb_msg_type != SADB_DUMP) {
msg = next;
continue;
}
if (pfkey_align(msg, mhp) || pfkey_check(mhp)) {
plog(LLV_ERROR, LOCATION, NULL,
"pfkey_check (%s)\n", ipsec_strerror());
msg = next;
continue;
}
sa = (struct sadb_sa *)(mhp[SADB_EXT_SA]);
if (!sa) {
msg = next;
continue;
}
if (sa->sadb_sa_state != SADB_SASTATE_DEAD) {
n++;
msg = next;
continue;
}
msg = next;
}
if (buf != NULL)
vfree(buf);
if (n) {
sched_schedule(&scflushsa, 1, check_flushsa_stub);
return;
}
close_session();
}
static void
init_signal()
{

5
crypto/dist/ipsec-tools/src/racoon/session.h vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: session.h,v 1.7 2008/12/23 14:03:12 tteras Exp $ */
/* $NetBSD: session.h,v 1.8 2009/01/23 08:05:58 tteras Exp $ */
/* Id: session.h,v 1.3 2004/06/11 16:00:17 ludvigm Exp */
@ -37,8 +37,7 @@
extern int session __P((void));
extern RETSIGTYPE signal_handler __P((int));
extern void monitor_fd __P((int fd, int when_dying,
int (*callback)(void *, int), void *ctx));
extern void monitor_fd __P((int fd, int (*callback)(void *, int), void *ctx));
extern void unmonitor_fd __P((int fd));
#endif /* _SESSION_H */