Don't manually register kernel_netlink_net
Load complete kernel_netlink plugin instead. Registering the TKM specific plugins first still ensures that the correct ipsec plugin is used. Lazy initialize the RNG_WEAK plugin to avoid the unsatisfiable soft dependency on startup.
This commit is contained in:
parent
32b2ea9edb
commit
ae6f4ee39f
|
@ -26,6 +26,7 @@ PLUGINS = \
|
||||||
aes \
|
aes \
|
||||||
constraints \
|
constraints \
|
||||||
hmac \
|
hmac \
|
||||||
|
kernel-netlink \
|
||||||
pem \
|
pem \
|
||||||
pkcs1 \
|
pkcs1 \
|
||||||
pkcs8 \
|
pkcs8 \
|
||||||
|
|
|
@ -27,7 +27,6 @@
|
||||||
|
|
||||||
#include <hydra.h>
|
#include <hydra.h>
|
||||||
#include <daemon.h>
|
#include <daemon.h>
|
||||||
#include <plugins/kernel_netlink/kernel_netlink_net.h>
|
|
||||||
#include <library.h>
|
#include <library.h>
|
||||||
#include <utils/backtrace.h>
|
#include <utils/backtrace.h>
|
||||||
#include <threading/thread.h>
|
#include <threading/thread.h>
|
||||||
|
@ -297,10 +296,6 @@ int main(int argc, char *argv[])
|
||||||
PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA256),
|
PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA256),
|
||||||
PLUGIN_CALLBACK(kernel_ipsec_register, tkm_kernel_ipsec_create),
|
PLUGIN_CALLBACK(kernel_ipsec_register, tkm_kernel_ipsec_create),
|
||||||
PLUGIN_PROVIDE(CUSTOM, "kernel-ipsec"),
|
PLUGIN_PROVIDE(CUSTOM, "kernel-ipsec"),
|
||||||
PLUGIN_DEPENDS(RNG, RNG_WEAK),
|
|
||||||
PLUGIN_CALLBACK(kernel_net_register, kernel_netlink_net_create),
|
|
||||||
PLUGIN_PROVIDE(CUSTOM, "kernel-net"),
|
|
||||||
|
|
||||||
};
|
};
|
||||||
lib->plugins->add_static_features(lib->plugins, "tkm-backend", features,
|
lib->plugins->add_static_features(lib->plugins, "tkm-backend", features,
|
||||||
countof(features), TRUE);
|
countof(features), TRUE);
|
||||||
|
|
|
@ -62,6 +62,16 @@ METHOD(kernel_ipsec_t, get_spi, status_t,
|
||||||
private_tkm_kernel_ipsec_t *this, host_t *src, host_t *dst,
|
private_tkm_kernel_ipsec_t *this, host_t *src, host_t *dst,
|
||||||
u_int8_t protocol, u_int32_t reqid, u_int32_t *spi)
|
u_int8_t protocol, u_int32_t reqid, u_int32_t *spi)
|
||||||
{
|
{
|
||||||
|
if (!this->rng)
|
||||||
|
{
|
||||||
|
this->rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
|
||||||
|
if (!this->rng)
|
||||||
|
{
|
||||||
|
DBG1(DBG_KNL, "unable to create RNG");
|
||||||
|
return FAILED;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
DBG1(DBG_KNL, "getting SPI for reqid {%u}", reqid);
|
DBG1(DBG_KNL, "getting SPI for reqid {%u}", reqid);
|
||||||
const bool result = this->rng->get_bytes(this->rng, sizeof(u_int32_t),
|
const bool result = this->rng->get_bytes(this->rng, sizeof(u_int32_t),
|
||||||
(u_int8_t *)spi);
|
(u_int8_t *)spi);
|
||||||
|
@ -365,16 +375,9 @@ tkm_kernel_ipsec_t *tkm_kernel_ipsec_create()
|
||||||
.destroy = _destroy,
|
.destroy = _destroy,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
.rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK),
|
|
||||||
.sad = tkm_kernel_sad_create(),
|
.sad = tkm_kernel_sad_create(),
|
||||||
);
|
);
|
||||||
|
|
||||||
if (!this->rng)
|
|
||||||
{
|
|
||||||
DBG1(DBG_KNL, "unable to create RNG");
|
|
||||||
destroy(this);
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
if (!this->sad)
|
if (!this->sad)
|
||||||
{
|
{
|
||||||
DBG1(DBG_KNL, "unable to create SAD");
|
DBG1(DBG_KNL, "unable to create SAD");
|
||||||
|
|
|
@ -17,7 +17,6 @@
|
||||||
#include <library.h>
|
#include <library.h>
|
||||||
#include <hydra.h>
|
#include <hydra.h>
|
||||||
#include <daemon.h>
|
#include <daemon.h>
|
||||||
#include <plugins/kernel_netlink/kernel_netlink_net.h>
|
|
||||||
|
|
||||||
#include "tkm.h"
|
#include "tkm.h"
|
||||||
#include "tkm_nonceg.h"
|
#include "tkm_nonceg.h"
|
||||||
|
@ -44,9 +43,6 @@ int main(void)
|
||||||
PLUGIN_PROVIDE(DH, MODP_4096_BIT),
|
PLUGIN_PROVIDE(DH, MODP_4096_BIT),
|
||||||
PLUGIN_CALLBACK(kernel_ipsec_register, tkm_kernel_ipsec_create),
|
PLUGIN_CALLBACK(kernel_ipsec_register, tkm_kernel_ipsec_create),
|
||||||
PLUGIN_PROVIDE(CUSTOM, "kernel-ipsec"),
|
PLUGIN_PROVIDE(CUSTOM, "kernel-ipsec"),
|
||||||
PLUGIN_DEPENDS(RNG, RNG_WEAK),
|
|
||||||
PLUGIN_CALLBACK(kernel_net_register, kernel_netlink_net_create),
|
|
||||||
PLUGIN_PROVIDE(CUSTOM, "kernel-net"),
|
|
||||||
};
|
};
|
||||||
lib->plugins->add_static_features(lib->plugins, "tkm-tests", features,
|
lib->plugins->add_static_features(lib->plugins, "tkm-tests", features,
|
||||||
countof(features), TRUE);
|
countof(features), TRUE);
|
||||||
|
|
Loading…
Reference in New Issue