ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

Renamed ha-sync plugin to ha

This commit is contained in:
Martin Willi 2009-09-29 12:56:10 +02:00 committed by Martin Willi
parent 3c82381296
commit d87489661c
23 changed files with 710 additions and 721 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
configure.in
View File

@ -943,7 +943,7 @@ AC_OUTPUT(
src/libcharon/plugins/medcli/Makefile
src/libcharon/plugins/nm/Makefile
src/libcharon/plugins/uci/Makefile
src/libcharon/plugins/ha_sync/Makefile
src/libcharon/plugins/ha/Makefile
src/libcharon/plugins/android/Makefile
src/libcharon/plugins/stroke/Makefile
src/libcharon/plugins/updown/Makefile

19
src/charon/plugins/ha/Makefile.am Normal file
View File

@ -0,0 +1,19 @@
INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
AM_CFLAGS = -rdynamic -DIPSEC_PIDDIR=\"${piddir}\"
plugin_LTLIBRARIES = libstrongswan-ha.la
libstrongswan_ha_la_SOURCES = \
ha_plugin.h ha_plugin.c \
ha_message.h ha_message.c \
ha_socket.h ha_socket.c \
ha_tunnel.h ha_tunnel.c \
ha_dispatcher.h ha_dispatcher.c \
ha_segments.h ha_segments.c \
ha_kernel.h ha_kernel.c \
ha_ctl.h ha_ctl.c \
ha_ike.h ha_ike.c \
ha_child.h ha_child.c
libstrongswan_ha_la_LDFLAGS = -module

79
src/charon/plugins/ha_sync/ha_sync_child.c → src/charon/plugins/ha/ha_child.c
View File

@ -13,39 +13,39 @@
* for more details.
*/
#include "ha_sync_child.h"
#include "ha_child.h"
typedef struct private_ha_sync_child_t private_ha_sync_child_t;
typedef struct private_ha_child_t private_ha_child_t;
/**
* Private data of an ha_sync_child_t object.
* Private data of an ha_child_t object.
*/
struct private_ha_sync_child_t {
struct private_ha_child_t {
/**
* Public ha_sync_child_t interface.
* Public ha_child_t interface.
*/
ha_sync_child_t public;
ha_child_t public;
/**
* socket we use for syncing
*/
ha_sync_socket_t *socket;
ha_socket_t *socket;
/**
* tunnel securing sync messages
*/
ha_sync_tunnel_t *tunnel;
ha_tunnel_t *tunnel;
};
/**
* Implementation of listener_t.child_keys
*/
static bool child_keys(private_ha_sync_child_t *this, ike_sa_t *ike_sa,
static bool child_keys(private_ha_child_t *this, ike_sa_t *ike_sa,
child_sa_t *child_sa, diffie_hellman_t *dh,
chunk_t nonce_i, chunk_t nonce_r)
{
ha_sync_message_t *m;
ha_message_t *m;
chunk_t secret;
proposal_t *proposal;
u_int16_t alg, len;
@ -53,40 +53,40 @@ static bool child_keys(private_ha_sync_child_t *this, ike_sa_t *ike_sa,
enumerator_t *enumerator;
traffic_selector_t *ts;
if (this->tunnel && this->tunnel->is_sync_sa(this->tunnel, ike_sa))
if (this->tunnel && this->tunnel->is_sa(this->tunnel, ike_sa))
{ /* do not sync SA between nodes */
return TRUE;
}
m = ha_sync_message_create(HA_SYNC_CHILD_ADD);
m = ha_message_create(HA_CHILD_ADD);
m->add_attribute(m, HA_SYNC_IKE_ID, ike_sa->get_id(ike_sa));
m->add_attribute(m, HA_SYNC_INBOUND_SPI, child_sa->get_spi(child_sa, TRUE));
m->add_attribute(m, HA_SYNC_OUTBOUND_SPI, child_sa->get_spi(child_sa, FALSE));
m->add_attribute(m, HA_SYNC_INBOUND_CPI, child_sa->get_cpi(child_sa, TRUE));
m->add_attribute(m, HA_SYNC_OUTBOUND_CPI, child_sa->get_cpi(child_sa, FALSE));
m->add_attribute(m, HA_SYNC_IPSEC_MODE, child_sa->get_mode(child_sa));
m->add_attribute(m, HA_SYNC_IPCOMP, child_sa->get_ipcomp(child_sa));
m->add_attribute(m, HA_SYNC_CONFIG_NAME, child_sa->get_name(child_sa));
m->add_attribute(m, HA_IKE_ID, ike_sa->get_id(ike_sa));
m->add_attribute(m, HA_INBOUND_SPI, child_sa->get_spi(child_sa, TRUE));
m->add_attribute(m, HA_OUTBOUND_SPI, child_sa->get_spi(child_sa, FALSE));
m->add_attribute(m, HA_INBOUND_CPI, child_sa->get_cpi(child_sa, TRUE));
m->add_attribute(m, HA_OUTBOUND_CPI, child_sa->get_cpi(child_sa, FALSE));
m->add_attribute(m, HA_IPSEC_MODE, child_sa->get_mode(child_sa));
m->add_attribute(m, HA_IPCOMP, child_sa->get_ipcomp(child_sa));
m->add_attribute(m, HA_CONFIG_NAME, child_sa->get_name(child_sa));
proposal = child_sa->get_proposal(child_sa);
if (proposal->get_algorithm(proposal, ENCRYPTION_ALGORITHM, &alg, &len))
{
m->add_attribute(m, HA_SYNC_ALG_ENCR, alg);
m->add_attribute(m, HA_ALG_ENCR, alg);
if (len)
{
m->add_attribute(m, HA_SYNC_ALG_ENCR_LEN, len);
m->add_attribute(m, HA_ALG_ENCR_LEN, len);
}
}
if (proposal->get_algorithm(proposal, INTEGRITY_ALGORITHM, &alg, NULL))
{
m->add_attribute(m, HA_SYNC_ALG_INTEG, alg);
m->add_attribute(m, HA_ALG_INTEG, alg);
}
m->add_attribute(m, HA_SYNC_NONCE_I, nonce_i);
m->add_attribute(m, HA_SYNC_NONCE_R, nonce_r);
m->add_attribute(m, HA_NONCE_I, nonce_i);
m->add_attribute(m, HA_NONCE_R, nonce_r);
if (dh && dh->get_shared_secret(dh, &secret) == SUCCESS)
{
m->add_attribute(m, HA_SYNC_SECRET, secret);
m->add_attribute(m, HA_SECRET, secret);
chunk_clear(&secret);
}
@ -94,14 +94,14 @@ static bool child_keys(private_ha_sync_child_t *this, ike_sa_t *ike_sa,
enumerator = list->create_enumerator(list);
while (enumerator->enumerate(enumerator, &ts))
{
m->add_attribute(m, HA_SYNC_LOCAL_TS, ts);
m->add_attribute(m, HA_LOCAL_TS, ts);
}
enumerator->destroy(enumerator);
list = child_sa->get_traffic_selectors(child_sa, FALSE);
enumerator = list->create_enumerator(list);
while (enumerator->enumerate(enumerator, &ts))
{
m->add_attribute(m, HA_SYNC_REMOTE_TS, ts);
m->add_attribute(m, HA_REMOTE_TS, ts);
}
enumerator->destroy(enumerator);
@ -113,7 +113,7 @@ static bool child_keys(private_ha_sync_child_t *this, ike_sa_t *ike_sa,
/**
* Implementation of listener_t.child_state_change
*/
static bool child_state_change(private_ha_sync_child_t *this, ike_sa_t *ike_sa,
static bool child_state_change(private_ha_child_t *this, ike_sa_t *ike_sa,
child_sa_t *child_sa, child_sa_state_t state)
{
if (!ike_sa ||
@ -122,7 +122,7 @@ static bool child_state_change(private_ha_sync_child_t *this, ike_sa_t *ike_sa,
{ /* only sync active IKE_SAs */
return TRUE;
}
if (this->tunnel && this->tunnel->is_sync_sa(this->tunnel, ike_sa))
if (this->tunnel && this->tunnel->is_sa(this->tunnel, ike_sa))
{ /* do not sync SA between nodes */
return TRUE;
}
@ -130,12 +130,12 @@ static bool child_state_change(private_ha_sync_child_t *this, ike_sa_t *ike_sa,
if (state == CHILD_DESTROYING)
{
ha_sync_message_t *m;
ha_message_t *m;
m = ha_sync_message_create(HA_SYNC_CHILD_DELETE);
m = ha_message_create(HA_CHILD_DELETE);
m->add_attribute(m, HA_SYNC_IKE_ID, ike_sa->get_id(ike_sa));
m->add_attribute(m, HA_SYNC_INBOUND_SPI,
m->add_attribute(m, HA_IKE_ID, ike_sa->get_id(ike_sa));
m->add_attribute(m, HA_INBOUND_SPI,
child_sa->get_spi(child_sa, TRUE));
this->socket->push(this->socket, m);
}
@ -143,9 +143,9 @@ static bool child_state_change(private_ha_sync_child_t *this, ike_sa_t *ike_sa,
}
/**
* Implementation of ha_sync_child_t.destroy.
* Implementation of ha_child_t.destroy.
*/
static void destroy(private_ha_sync_child_t *this)
static void destroy(private_ha_child_t *this)
{
free(this);
}
@ -153,15 +153,14 @@ static void destroy(private_ha_sync_child_t *this)
/**
* See header
*/
ha_sync_child_t *ha_sync_child_create(ha_sync_socket_t *socket,
ha_sync_tunnel_t *tunnel)
ha_child_t *ha_child_create(ha_socket_t *socket, ha_tunnel_t *tunnel)
{
private_ha_sync_child_t *this = malloc_thing(private_ha_sync_child_t);
private_ha_child_t *this = malloc_thing(private_ha_child_t);
memset(&this->public.listener, 0, sizeof(listener_t));
this->public.listener.child_keys = (bool(*)(listener_t*, ike_sa_t *ike_sa, child_sa_t *child_sa, diffie_hellman_t *dh, chunk_t nonce_i, chunk_t nonce_r))child_keys;
this->public.listener.child_state_change = (bool(*)(listener_t*,ike_sa_t *ike_sa, child_sa_t *child_sa, child_sa_state_t state))child_state_change;
this->public.destroy = (void(*)(ha_sync_child_t*))destroy;
this->public.destroy = (void(*)(ha_child_t*))destroy;
this->socket = socket;
this->tunnel = tunnel;

29
src/charon/plugins/ha_sync/ha_sync_child.h → src/charon/plugins/ha/ha_child.h
View File

@ -14,25 +14,25 @@
*/
/**
* @defgroup ha_sync_child ha_sync_child
* @{ @ingroup ha_sync
* @defgroup ha_child ha_child
* @{ @ingroup ha
*/
#ifndef HA_SYNC_CHILD_H_
#define HA_SYNC_CHILD_H_
#ifndef HA_CHILD_H_
#define HA_CHILD_H_
#include "ha_sync_socket.h"
#include "ha_sync_tunnel.h"
#include "ha_sync_segments.h"
#include "ha_socket.h"
#include "ha_tunnel.h"
#include "ha_segments.h"
#include <daemon.h>
typedef struct ha_sync_child_t ha_sync_child_t;
typedef struct ha_child_t ha_child_t;
/**
* Listener to synchronize CHILD_SAs.
*/
struct ha_sync_child_t {
struct ha_child_t {
/**
* Implements bus listener interface.
@ -40,19 +40,18 @@ struct ha_sync_child_t {
listener_t listener;
/**
* Destroy a ha_sync_child_t.
* Destroy a ha_child_t.
*/
void (*destroy)(ha_sync_child_t *this);
void (*destroy)(ha_child_t *this);
};
/**
* Create a ha_sync_child instance.
* Create a ha_child instance.
*
* @param socket socket to use for sending synchronization messages
* @param tunnel tunnel securing sync messages, if any
* @return CHILD listener
*/
ha_sync_child_t *ha_sync_child_create(ha_sync_socket_t *socket,
ha_sync_tunnel_t *tunnel);
ha_child_t *ha_child_create(ha_socket_t *socket, ha_tunnel_t *tunnel);
#endif /* HA_SYNC_CHILD_ @}*/
#endif /* HA_CHILD_ @}*/

40
src/charon/plugins/ha_sync/ha_sync_ctl.c → src/charon/plugins/ha/ha_ctl.c
View File

@ -13,7 +13,7 @@
* for more details.
*/
#include "ha_sync_ctl.h"
#include "ha_ctl.h"
#include <sys/types.h>
#include <sys/stat.h>
@ -25,24 +25,24 @@
#include <processing/jobs/callback_job.h>
#define HA_SYNC_FIFO IPSEC_PIDDIR "/charon.ha"
#define HA_FIFO IPSEC_PIDDIR "/charon.ha"
typedef struct private_ha_sync_ctl_t private_ha_sync_ctl_t;
typedef struct private_ha_ctl_t private_ha_ctl_t;
/**
* Private data of an ha_sync_ctl_t object.
* Private data of an ha_ctl_t object.
*/
struct private_ha_sync_ctl_t {
struct private_ha_ctl_t {
/**
* Public ha_sync_ctl_t interface.
* Public ha_ctl_t interface.
*/
ha_sync_ctl_t public;
ha_ctl_t public;
/**
* Segments to control
*/
ha_sync_segments_t *segments;
ha_segments_t *segments;
/**
* FIFO reader thread
@ -53,18 +53,18 @@ struct private_ha_sync_ctl_t {
/**
* FIFO dispatching function
*/
static job_requeue_t dispatch_fifo(private_ha_sync_ctl_t *this)
static job_requeue_t dispatch_fifo(private_ha_ctl_t *this)
{
int fifo, old;
char buf[8];
u_int segment;
pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &old);
fifo = open(HA_SYNC_FIFO, O_RDONLY);
fifo = open(HA_FIFO, O_RDONLY);
pthread_setcancelstate(old, NULL);
if (fifo == -1)
{
DBG1(DBG_CFG, "opening HA sync fifo failed: %s", strerror(errno));
DBG1(DBG_CFG, "opening HA fifo failed: %s", strerror(errno));
sleep(1);
return JOB_REQUEUE_FAIR;
}
@ -97,9 +97,9 @@ static job_requeue_t dispatch_fifo(private_ha_sync_ctl_t *this)
}
/**
* Implementation of ha_sync_ctl_t.destroy.
* Implementation of ha_ctl_t.destroy.
*/
static void destroy(private_ha_sync_ctl_t *this)
static void destroy(private_ha_ctl_t *this)
{
this->job->cancel(this->job);
free(this);
@ -108,18 +108,18 @@ static void destroy(private_ha_sync_ctl_t *this)
/**
* See header
*/
ha_sync_ctl_t *ha_sync_ctl_create(ha_sync_segments_t *segments)
ha_ctl_t *ha_ctl_create(ha_segments_t *segments)
{
private_ha_sync_ctl_t *this = malloc_thing(private_ha_sync_ctl_t);
private_ha_ctl_t *this = malloc_thing(private_ha_ctl_t);
this->public.destroy = (void(*)(ha_sync_ctl_t*))destroy;
this->public.destroy = (void(*)(ha_ctl_t*))destroy;
if (access(HA_SYNC_FIFO, R_OK|W_OK) != 0)
if (access(HA_FIFO, R_OK|W_OK) != 0)
{
if (mkfifo(HA_SYNC_FIFO, 600) != 0)
if (mkfifo(HA_FIFO, 600) != 0)
{
DBG1(DBG_CFG, "creating HA sync FIFO %s failed: %s",
HA_SYNC_FIFO, strerror(errno));
DBG1(DBG_CFG, "creating HA FIFO %s failed: %s",
HA_FIFO, strerror(errno));
}
}

26
src/charon/plugins/ha_sync/ha_sync_ctl.h → src/charon/plugins/ha/ha_ctl.h
View File

@ -14,34 +14,34 @@
*/
/**
* @defgroup ha_sync_ctl ha_sync_ctl
* @{ @ingroup ha_sync
* @defgroup ha_ctl ha_ctl
* @{ @ingroup ha
*/
#ifndef HA_SYNC_CTL_H_
#define HA_SYNC_CTL_H_
#ifndef HA_CTL_H_
#define HA_CTL_H_
#include "ha_sync_segments.h"
#include "ha_segments.h"
typedef struct ha_sync_ctl_t ha_sync_ctl_t;
typedef struct ha_ctl_t ha_ctl_t;
/**
* HA Sync control interface using a FIFO.
*/
struct ha_sync_ctl_t {
struct ha_ctl_t {
/**
* Destroy a ha_sync_ctl_t.
* Destroy a ha_ctl_t.
*/
void (*destroy)(ha_sync_ctl_t *this);
void (*destroy)(ha_ctl_t *this);
};
/**
* Create a ha_sync_ctl instance.
* Create a ha_ctl instance.
*
* @param segments segments to control
* @return HA sync control interface
* @return HA control interface
*/
ha_sync_ctl_t *ha_sync_ctl_create(ha_sync_segments_t *segments);
ha_ctl_t *ha_ctl_create(ha_segments_t *segments);
#endif /* HA_SYNC_CTL_ @}*/
#endif /* HA_CTL_ @}*/

211
src/charon/plugins/ha_sync/ha_sync_dispatcher.c → src/charon/plugins/ha/ha_dispatcher.c
View File

@ -13,32 +13,32 @@
* for more details.
*/
#include "ha_sync_dispatcher.h"
#include "ha_dispatcher.h"
#include <daemon.h>
#include <processing/jobs/callback_job.h>
typedef struct private_ha_sync_dispatcher_t private_ha_sync_dispatcher_t;
typedef struct private_ha_dispatcher_t private_ha_dispatcher_t;
/**
* Private data of an ha_sync_dispatcher_t object.
* Private data of an ha_dispatcher_t object.
*/
struct private_ha_sync_dispatcher_t {
struct private_ha_dispatcher_t {
/**
* Public ha_sync_dispatcher_t interface.
* Public ha_dispatcher_t interface.
*/
ha_sync_dispatcher_t public;
ha_dispatcher_t public;
/**
* socket to pull messages from
*/
ha_sync_socket_t *socket;
ha_socket_t *socket;
/**
* segments to control
*/
ha_sync_segments_t *segments;
ha_segments_t *segments;
/**
* Dispatcher job
@ -58,11 +58,10 @@ static status_t get_shared_secret(diffie_hellman_t *this, chunk_t *secret)
/**
* Process messages of type IKE_ADD
*/
static void process_ike_add(private_ha_sync_dispatcher_t *this,
ha_sync_message_t *message)
static void process_ike_add(private_ha_dispatcher_t *this, ha_message_t *message)
{
ha_sync_message_attribute_t attribute;
ha_sync_message_value_t value;
ha_message_attribute_t attribute;
ha_message_value_t value;
enumerator_t *enumerator;
ike_sa_t *ike_sa = NULL, *old_sa = NULL;
u_int16_t encr = 0, len = 0, integ = 0, prf = 0, old_prf = PRF_UNDEFINED;
@ -74,38 +73,38 @@ static void process_ike_add(private_ha_sync_dispatcher_t *this,
{
switch (attribute)
{
case HA_SYNC_IKE_ID:
case HA_IKE_ID:
ike_sa = ike_sa_create(value.ike_sa_id);
break;
case HA_SYNC_IKE_REKEY_ID:
case HA_IKE_REKEY_ID:
old_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager,
value.ike_sa_id);
break;
case HA_SYNC_NONCE_I:
case HA_NONCE_I:
nonce_i = value.chunk;
break;
case HA_SYNC_NONCE_R:
case HA_NONCE_R:
nonce_r = value.chunk;
break;
case HA_SYNC_SECRET:
case HA_SECRET:
secret = value.chunk;
break;
case HA_SYNC_OLD_SKD:
case HA_OLD_SKD:
old_skd = value.chunk;
break;
case HA_SYNC_ALG_ENCR:
case HA_ALG_ENCR:
encr = value.u16;
break;
case HA_SYNC_ALG_ENCR_LEN:
case HA_ALG_ENCR_LEN:
len = value.u16;
break;
case HA_SYNC_ALG_INTEG:
case HA_ALG_INTEG:
integ = value.u16;
break;
case HA_SYNC_ALG_PRF:
case HA_ALG_PRF:
prf = value.u16;
break;
case HA_SYNC_ALG_OLD_PRF:
case HA_ALG_OLD_PRF:
old_prf = value.u16;
break;
default:
@ -158,7 +157,7 @@ static void process_ike_add(private_ha_sync_dispatcher_t *this,
}
else
{
DBG1(DBG_IKE, "HA sync keymat derivation failed");
DBG1(DBG_IKE, "HA keymat derivation failed");
ike_sa->destroy(ike_sa);
}
charon->bus->set_sa(charon->bus, NULL);
@ -194,11 +193,11 @@ static void set_extension(ike_sa_t *ike_sa, ike_extension_t set,
/**
* Process messages of type IKE_UPDATE
*/
static void process_ike_update(private_ha_sync_dispatcher_t *this,
ha_sync_message_t *message)
static void process_ike_update(private_ha_dispatcher_t *this,
ha_message_t *message)
{
ha_sync_message_attribute_t attribute;
ha_sync_message_value_t value;
ha_message_attribute_t attribute;
ha_message_value_t value;
enumerator_t *enumerator;
ike_sa_t *ike_sa = NULL;
peer_cfg_t *peer_cfg = NULL;
@ -206,43 +205,43 @@ static void process_ike_update(private_ha_sync_dispatcher_t *this,
enumerator = message->create_attribute_enumerator(message);
while (enumerator->enumerate(enumerator, &attribute, &value))
{
if (attribute != HA_SYNC_IKE_ID && ike_sa == NULL)
if (attribute != HA_IKE_ID && ike_sa == NULL)
{
/* must be first attribute */
break;
}
switch (attribute)
{
case HA_SYNC_IKE_ID:
case HA_IKE_ID:
ike_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager,
value.ike_sa_id);
break;
case HA_SYNC_LOCAL_ID:
case HA_LOCAL_ID:
ike_sa->set_my_id(ike_sa, value.id->clone(value.id));
break;
case HA_SYNC_REMOTE_ID:
case HA_REMOTE_ID:
ike_sa->set_other_id(ike_sa, value.id->clone(value.id));
break;
case HA_SYNC_EAP_ID:
case HA_EAP_ID:
ike_sa->set_eap_identity(ike_sa, value.id->clone(value.id));
break;
case HA_SYNC_LOCAL_ADDR:
case HA_LOCAL_ADDR:
ike_sa->set_my_host(ike_sa, value.host->clone(value.host));
break;
case HA_SYNC_REMOTE_ADDR:
case HA_REMOTE_ADDR:
ike_sa->set_other_host(ike_sa, value.host->clone(value.host));
break;
case HA_SYNC_LOCAL_VIP:
case HA_LOCAL_VIP:
ike_sa->set_virtual_ip(ike_sa, TRUE, value.host);
break;
case HA_SYNC_REMOTE_VIP:
case HA_REMOTE_VIP:
ike_sa->set_virtual_ip(ike_sa, FALSE, value.host);
break;
case HA_SYNC_ADDITIONAL_ADDR:
case HA_ADDITIONAL_ADDR:
ike_sa->add_additional_address(ike_sa,
value.host->clone(value.host));
break;
case HA_SYNC_CONFIG_NAME:
case HA_CONFIG_NAME:
peer_cfg = charon->backends->get_peer_cfg_by_name(
charon->backends, value.str);
if (peer_cfg)
@ -252,15 +251,15 @@ static void process_ike_update(private_ha_sync_dispatcher_t *this,
}
else
{
DBG1(DBG_IKE, "HA sync is missing nodes peer configuration");
DBG1(DBG_IKE, "HA is missing nodes peer configuration");
}
break;
case HA_SYNC_EXTENSIONS:
case HA_EXTENSIONS:
set_extension(ike_sa, value.u32, EXT_NATT);
set_extension(ike_sa, value.u32, EXT_MOBIKE);
set_extension(ike_sa, value.u32, EXT_HASH_AND_URL);
break;
case HA_SYNC_CONDITIONS:
case HA_CONDITIONS:
set_condition(ike_sa, value.u32, COND_NAT_ANY);
set_condition(ike_sa, value.u32, COND_NAT_HERE);
set_condition(ike_sa, value.u32, COND_NAT_THERE);
@ -269,10 +268,10 @@ static void process_ike_update(private_ha_sync_dispatcher_t *this,
set_condition(ike_sa, value.u32, COND_CERTREQ_SEEN);
set_condition(ike_sa, value.u32, COND_ORIGINAL_INITIATOR);
break;
case HA_SYNC_INITIATE_MID:
case HA_INITIATE_MID:
ike_sa->set_message_id(ike_sa, TRUE, value.u32);
break;
case HA_SYNC_RESPOND_MID:
case HA_RESPOND_MID:
ike_sa->set_message_id(ike_sa, FALSE, value.u32);
break;
default:
@ -295,11 +294,11 @@ static void process_ike_update(private_ha_sync_dispatcher_t *this,
/**
* Process messages of type IKE_DELETE
*/
static void process_ike_delete(private_ha_sync_dispatcher_t *this,
ha_sync_message_t *message)
static void process_ike_delete(private_ha_dispatcher_t *this,
ha_message_t *message)
{
ha_sync_message_attribute_t attribute;
ha_sync_message_value_t value;
ha_message_attribute_t attribute;
ha_message_value_t value;
enumerator_t *enumerator;
ike_sa_t *ike_sa;
@ -308,7 +307,7 @@ static void process_ike_delete(private_ha_sync_dispatcher_t *this,
{
switch (attribute)
{
case HA_SYNC_IKE_ID:
case HA_IKE_ID:
ike_sa = charon->ike_sa_manager->checkout(
charon->ike_sa_manager, value.ike_sa_id);
if (ike_sa)
@ -353,11 +352,11 @@ static child_cfg_t* find_child_cfg(ike_sa_t *ike_sa, char *name)
/**
* Process messages of type CHILD_ADD
*/
static void process_child_add(private_ha_sync_dispatcher_t *this,
ha_sync_message_t *message)
static void process_child_add(private_ha_dispatcher_t *this,
ha_message_t *message)
{
ha_sync_message_attribute_t attribute;
ha_sync_message_value_t value;
ha_message_attribute_t attribute;
ha_message_value_t value;
enumerator_t *enumerator;
ike_sa_t *ike_sa = NULL;
char *config_name;
@ -382,48 +381,48 @@ static void process_child_add(private_ha_sync_dispatcher_t *this,
{
switch (attribute)
{
case HA_SYNC_IKE_ID:
case HA_IKE_ID:
ike_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager,
value.ike_sa_id);
initiator = value.ike_sa_id->is_initiator(value.ike_sa_id);
break;
case HA_SYNC_CONFIG_NAME:
case HA_CONFIG_NAME:
config_name = value.str;
break;
case HA_SYNC_INBOUND_SPI:
case HA_INBOUND_SPI:
inbound_spi = value.u32;
break;
case HA_SYNC_OUTBOUND_SPI:
case HA_OUTBOUND_SPI:
outbound_spi = value.u32;
break;
case HA_SYNC_INBOUND_CPI:
case HA_INBOUND_CPI:
inbound_cpi = value.u32;
break;
case HA_SYNC_OUTBOUND_CPI:
case HA_OUTBOUND_CPI:
outbound_cpi = value.u32;
break;
case HA_SYNC_IPSEC_MODE:
case HA_IPSEC_MODE:
mode = value.u8;
break;
case HA_SYNC_IPCOMP:
case HA_IPCOMP:
ipcomp = value.u8;
break;
case HA_SYNC_ALG_ENCR:
case HA_ALG_ENCR:
encr = value.u16;
break;
case HA_SYNC_ALG_ENCR_LEN:
case HA_ALG_ENCR_LEN:
len = value.u16;
break;
case HA_SYNC_ALG_INTEG:
case HA_ALG_INTEG:
integ = value.u16;
break;
case HA_SYNC_NONCE_I:
case HA_NONCE_I:
nonce_i = value.chunk;
break;
case HA_SYNC_NONCE_R:
case HA_NONCE_R:
nonce_r = value.chunk;
break;
case HA_SYNC_SECRET:
case HA_SECRET:
secret = value.chunk;
break;
default:
@ -434,13 +433,13 @@ static void process_child_add(private_ha_sync_dispatcher_t *this,
if (!ike_sa)
{
DBG1(DBG_CHD, "IKE_SA for HA sync CHILD_SA not found");
DBG1(DBG_CHD, "IKE_SA for HA CHILD_SA not found");
return;
}
config = find_child_cfg(ike_sa, config_name);
if (!config)
{
DBG1(DBG_CHD, "HA sync is missing nodes child configuration");
DBG1(DBG_CHD, "HA is missing nodes child configuration");
charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
return;
}
@ -466,7 +465,7 @@ static void process_child_add(private_ha_sync_dispatcher_t *this,
if (!keymat->derive_child_keys(keymat, proposal, secret.ptr ? &dh : NULL,
nonce_i, nonce_r, &encr_i, &integ_i, &encr_r, &integ_r))
{
DBG1(DBG_CHD, "HA sync CHILD_SA key derivation failed");
DBG1(DBG_CHD, "HA CHILD_SA key derivation failed");
child_sa->destroy(child_sa);
proposal->destroy(proposal);
charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
@ -503,7 +502,7 @@ static void process_child_add(private_ha_sync_dispatcher_t *this,
if (failed)
{
DBG1(DBG_CHD, "HA sync CHILD_SA installation failed");
DBG1(DBG_CHD, "HA CHILD_SA installation failed");
child_sa->destroy(child_sa);
charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
return;
@ -517,10 +516,10 @@ static void process_child_add(private_ha_sync_dispatcher_t *this,
{
switch (attribute)
{
case HA_SYNC_LOCAL_TS:
case HA_LOCAL_TS:
local_ts->insert_last(local_ts, value.ts->clone(value.ts));
break;
case HA_SYNC_REMOTE_TS:
case HA_REMOTE_TS:
remote_ts->insert_last(remote_ts, value.ts->clone(value.ts));
break;
default:
@ -540,11 +539,11 @@ static void process_child_add(private_ha_sync_dispatcher_t *this,
/**
* Process messages of type CHILD_DELETE
*/
static void process_child_delete(private_ha_sync_dispatcher_t *this,
ha_sync_message_t *message)
static void process_child_delete(private_ha_dispatcher_t *this,
ha_message_t *message)
{
ha_sync_message_attribute_t attribute;
ha_sync_message_value_t value;
ha_message_attribute_t attribute;
ha_message_value_t value;
enumerator_t *enumerator;
ike_sa_t *ike_sa = NULL;
@ -553,11 +552,11 @@ static void process_child_delete(private_ha_sync_dispatcher_t *this,
{
switch (attribute)
{
case HA_SYNC_IKE_ID:
case HA_IKE_ID:
ike_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager,
value.ike_sa_id);
break;
case HA_SYNC_INBOUND_SPI:
case HA_INBOUND_SPI:
if (ike_sa)
{
ike_sa->destroy_child_sa(ike_sa, PROTO_ESP, value.u32);
@ -577,11 +576,11 @@ static void process_child_delete(private_ha_sync_dispatcher_t *this,
/**
* Process messages of type SEGMENT_TAKE/DROP
*/
static void process_segment(private_ha_sync_dispatcher_t *this,
ha_sync_message_t *message, bool take)
static void process_segment(private_ha_dispatcher_t *this,
ha_message_t *message, bool take)
{
ha_sync_message_attribute_t attribute;
ha_sync_message_value_t value;
ha_message_attribute_t attribute;
ha_message_value_t value;
enumerator_t *enumerator;
enumerator = message->create_attribute_enumerator(message);
@ -589,7 +588,7 @@ static void process_segment(private_ha_sync_dispatcher_t *this,
{
switch (attribute)
{
case HA_SYNC_SEGMENT:
case HA_SEGMENT:
if (take)
{
this->segments->deactivate(this->segments, value.u16, FALSE);
@ -609,11 +608,11 @@ static void process_segment(private_ha_sync_dispatcher_t *this,
/**
* Process messages of type STATUS
*/
static void process_status(private_ha_sync_dispatcher_t *this,
ha_sync_message_t *message)
static void process_status(private_ha_dispatcher_t *this,
ha_message_t *message)
{
ha_sync_message_attribute_t attribute;
ha_sync_message_value_t value;
ha_message_attribute_t attribute;
ha_message_value_t value;
enumerator_t *enumerator;
segment_mask_t mask = 0;
@ -622,7 +621,7 @@ static void process_status(private_ha_sync_dispatcher_t *this,
{
switch (attribute)
{
case HA_SYNC_SEGMENT:
case HA_SEGMENT:
mask |= SEGMENTS_BIT(value.u16);
break;
default:
@ -637,39 +636,39 @@ static void process_status(private_ha_sync_dispatcher_t *this,
/**
* Dispatcher job function
*/
static job_requeue_t dispatch(private_ha_sync_dispatcher_t *this)
static job_requeue_t dispatch(private_ha_dispatcher_t *this)
{
ha_sync_message_t *message;
ha_message_t *message;
message = this->socket->pull(this->socket);
switch (message->get_type(message))
{
case HA_SYNC_IKE_ADD:
case HA_IKE_ADD:
process_ike_add(this, message);
break;
case HA_SYNC_IKE_UPDATE:
case HA_IKE_UPDATE:
process_ike_update(this, message);
break;
case HA_SYNC_IKE_DELETE:
case HA_IKE_DELETE:
process_ike_delete(this, message);
break;
case HA_SYNC_CHILD_ADD:
case HA_CHILD_ADD:
process_child_add(this, message);
break;
case HA_SYNC_CHILD_DELETE:
case HA_CHILD_DELETE:
process_child_delete(this, message);
break;
case HA_SYNC_SEGMENT_DROP:
case HA_SEGMENT_DROP:
process_segment(this, message, FALSE);
break;
case HA_SYNC_SEGMENT_TAKE:
case HA_SEGMENT_TAKE:
process_segment(this, message, TRUE);
break;
case HA_SYNC_STATUS:
case HA_STATUS:
process_status(this, message);
break;
default:
DBG1(DBG_CFG, "received unknown HA sync message type %d",
DBG1(DBG_CFG, "received unknown HA message type %d",
message->get_type(message));
break;
}
@ -679,9 +678,9 @@ static job_requeue_t dispatch(private_ha_sync_dispatcher_t *this)
}
/**
* Implementation of ha_sync_dispatcher_t.destroy.
* Implementation of ha_dispatcher_t.destroy.
*/
static void destroy(private_ha_sync_dispatcher_t *this)
static void destroy(private_ha_dispatcher_t *this)
{
this->job->cancel(this->job);
free(this);
@ -690,12 +689,12 @@ static void destroy(private_ha_sync_dispatcher_t *this)
/**
* See header
*/
ha_sync_dispatcher_t *ha_sync_dispatcher_create(ha_sync_socket_t *socket,
ha_sync_segments_t *segments)
ha_dispatcher_t *ha_dispatcher_create(ha_socket_t *socket,
ha_segments_t *segments)
{
private_ha_sync_dispatcher_t *this = malloc_thing(private_ha_sync_dispatcher_t);
private_ha_dispatcher_t *this = malloc_thing(private_ha_dispatcher_t);
this->public.destroy = (void(*)(ha_sync_dispatcher_t*))destroy;
this->public.destroy = (void(*)(ha_dispatcher_t*))destroy;
this->socket = socket;
this->segments = segments;

31
src/charon/plugins/ha_sync/ha_sync_dispatcher.h → src/charon/plugins/ha/ha_dispatcher.h
View File

@ -14,38 +14,37 @@
*/
/**
* @defgroup ha_sync_dispatcher ha_sync_dispatcher
* @{ @ingroup ha-sync
* @defgroup ha_dispatcher ha_dispatcher
* @{ @ingroup ha
*/
#ifndef HA_SYNC_DISPATCHER_H_
#define HA_SYNC_DISPATCHER_H_
#ifndef HA_DISPATCHER_H_
#define HA_DISPATCHER_H_
#include "ha_sync_socket.h"
#include "ha_sync_segments.h"
#include "ha_socket.h"
#include "ha_segments.h"
typedef struct ha_sync_dispatcher_t ha_sync_dispatcher_t;
typedef struct ha_dispatcher_t ha_dispatcher_t;
/**
* The dispatcher pulls sync message in a thread an processes them.
* The dispatcher pulls messages in a thread an processes them.
*/
struct ha_sync_dispatcher_t {
struct ha_dispatcher_t {
/**
* Destroy a ha_sync_dispatcher_t.
* Destroy a ha_dispatcher_t.
*/
void (*destroy)(ha_sync_dispatcher_t *this);
void (*destroy)(ha_dispatcher_t *this);
};
/**
* Create a ha_sync_dispatcher instance pulling from socket.
* Create a ha_dispatcher instance pulling from socket.
*
* @param socket socket to pull messages from
* @param segments segments to control based on received messages
* @param manager distributed management logic for segment control
* @return dispatcher object
*/
ha_sync_dispatcher_t *ha_sync_dispatcher_create(ha_sync_socket_t *socket,
ha_sync_segments_t *segments);
ha_dispatcher_t *ha_dispatcher_create(ha_socket_t *socket,
ha_segments_t *segments);
#endif /* HA_SYNC_DISPATCHER_ @}*/
#endif /* HA_DISPATCHER_ @}*/

111
src/charon/plugins/ha_sync/ha_sync_ike.c → src/charon/plugins/ha/ha_ike.c
View File

@ -13,29 +13,29 @@
* for more details.
*/
#include "ha_sync_ike.h"
#include "ha_ike.h"
typedef struct private_ha_sync_ike_t private_ha_sync_ike_t;
typedef struct private_ha_ike_t private_ha_ike_t;
/**
* Private data of an ha_sync_ike_t object.
* Private data of an ha_ike_t object.
*/
struct private_ha_sync_ike_t {
struct private_ha_ike_t {
/**
* Public ha_sync_ike_t interface.
* Public ha_ike_t interface.
*/
ha_sync_ike_t public;
ha_ike_t public;
/**
* socket we use for syncing
*/
ha_sync_socket_t *socket;
ha_socket_t *socket;
/**
* tunnel securing sync messages
*/
ha_sync_tunnel_t *tunnel;
ha_tunnel_t *tunnel;
};
/**
@ -65,16 +65,16 @@ static ike_extension_t copy_extension(ike_sa_t *ike_sa, ike_extension_t ext)
/**
* Implementation of listener_t.ike_keys
*/
static bool ike_keys(private_ha_sync_ike_t *this, ike_sa_t *ike_sa,
static bool ike_keys(private_ha_ike_t *this, ike_sa_t *ike_sa,
diffie_hellman_t *dh, chunk_t nonce_i, chunk_t nonce_r,
ike_sa_t *rekey)
{
ha_sync_message_t *m;
ha_message_t *m;
chunk_t secret;
proposal_t *proposal;
u_int16_t alg, len;
if (this->tunnel && this->tunnel->is_sync_sa(this->tunnel, ike_sa))
if (this->tunnel && this->tunnel->is_sa(this->tunnel, ike_sa))
{ /* do not sync SA between nodes */
return TRUE;
}
@ -83,8 +83,8 @@ static bool ike_keys(private_ha_sync_ike_t *this, ike_sa_t *ike_sa,
return TRUE;
}
m = ha_sync_message_create(HA_SYNC_IKE_ADD);
m->add_attribute(m, HA_SYNC_IKE_ID, ike_sa->get_id(ike_sa));
m = ha_message_create(HA_IKE_ADD);
m->add_attribute(m, HA_IKE_ID, ike_sa->get_id(ike_sa));
if (rekey)
{
@ -92,31 +92,31 @@ static bool ike_keys(private_ha_sync_ike_t *this, ike_sa_t *ike_sa,
keymat_t *keymat;
keymat = rekey->get_keymat(rekey);
m->add_attribute(m, HA_SYNC_IKE_REKEY_ID, rekey->get_id(rekey));
m->add_attribute(m, HA_SYNC_ALG_OLD_PRF, keymat->get_skd(keymat, &skd));
m->add_attribute(m, HA_SYNC_OLD_SKD, skd);
m->add_attribute(m, HA_IKE_REKEY_ID, rekey->get_id(rekey));
m->add_attribute(m, HA_ALG_OLD_PRF, keymat->get_skd(keymat, &skd));
m->add_attribute(m, HA_OLD_SKD, skd);
}
proposal = ike_sa->get_proposal(ike_sa);
if (proposal->get_algorithm(proposal, ENCRYPTION_ALGORITHM, &alg, &len))
{
m->add_attribute(m, HA_SYNC_ALG_ENCR, alg);
m->add_attribute(m, HA_ALG_ENCR, alg);
if (len)
{
m->add_attribute(m, HA_SYNC_ALG_ENCR_LEN, len);
m->add_attribute(m, HA_ALG_ENCR_LEN, len);
}
}
if (proposal->get_algorithm(proposal, INTEGRITY_ALGORITHM, &alg, NULL))
{
m->add_attribute(m, HA_SYNC_ALG_INTEG, alg);
m->add_attribute(m, HA_ALG_INTEG, alg);
}
if (proposal->get_algorithm(proposal, PSEUDO_RANDOM_FUNCTION, &alg, NULL))
{
m->add_attribute(m, HA_SYNC_ALG_PRF, alg);
m->add_attribute(m, HA_ALG_PRF, alg);
}
m->add_attribute(m, HA_SYNC_NONCE_I, nonce_i);
m->add_attribute(m, HA_SYNC_NONCE_R, nonce_r);
m->add_attribute(m, HA_SYNC_SECRET, secret);
m->add_attribute(m, HA_NONCE_I, nonce_i);
m->add_attribute(m, HA_NONCE_R, nonce_r);
m->add_attribute(m, HA_SECRET, secret);
chunk_clear(&secret);
this->socket->push(this->socket, m);
@ -127,16 +127,16 @@ static bool ike_keys(private_ha_sync_ike_t *this, ike_sa_t *ike_sa,
/**
* Implementation of listener_t.ike_state_change
*/
static bool ike_state_change(private_ha_sync_ike_t *this, ike_sa_t *ike_sa,
static bool ike_state_change(private_ha_ike_t *this, ike_sa_t *ike_sa,
ike_sa_state_t state)
{
ha_sync_message_t *m;
ha_message_t *m;
if (ike_sa->get_state(ike_sa) == IKE_PASSIVE)
{ /* only sync active IKE_SAs */
return TRUE;
}
if (this->tunnel && this->tunnel->is_sync_sa(this->tunnel, ike_sa))
if (this->tunnel && this->tunnel->is_sa(this->tunnel, ike_sa))
{ /* do not sync SA between nodes */
return TRUE;
}
@ -169,31 +169,31 @@ static bool ike_state_change(private_ha_sync_ike_t *this, ike_sa_t *ike_sa,
eap_id = ike_sa->get_eap_identity(ike_sa);
id = ike_sa->get_id(ike_sa);
m = ha_sync_message_create(HA_SYNC_IKE_UPDATE);
m->add_attribute(m, HA_SYNC_IKE_ID, id);
m->add_attribute(m, HA_SYNC_LOCAL_ID, ike_sa->get_my_id(ike_sa));
m->add_attribute(m, HA_SYNC_REMOTE_ID, ike_sa->get_other_id(ike_sa));
m->add_attribute(m, HA_SYNC_LOCAL_ADDR, ike_sa->get_my_host(ike_sa));
m->add_attribute(m, HA_SYNC_REMOTE_ADDR, ike_sa->get_other_host(ike_sa));
m->add_attribute(m, HA_SYNC_CONDITIONS, condition);
m->add_attribute(m, HA_SYNC_EXTENSIONS, extension);
m->add_attribute(m, HA_SYNC_CONFIG_NAME, peer_cfg->get_name(peer_cfg));
m = ha_message_create(HA_IKE_UPDATE);
m->add_attribute(m, HA_IKE_ID, id);
m->add_attribute(m, HA_LOCAL_ID, ike_sa->get_my_id(ike_sa));
m->add_attribute(m, HA_REMOTE_ID, ike_sa->get_other_id(ike_sa));
m->add_attribute(m, HA_LOCAL_ADDR, ike_sa->get_my_host(ike_sa));
m->add_attribute(m, HA_REMOTE_ADDR, ike_sa->get_other_host(ike_sa));
m->add_attribute(m, HA_CONDITIONS, condition);
m->add_attribute(m, HA_EXTENSIONS, extension);
m->add_attribute(m, HA_CONFIG_NAME, peer_cfg->get_name(peer_cfg));
if (eap_id)
{
m->add_attribute(m, HA_SYNC_EAP_ID, eap_id);
m->add_attribute(m, HA_EAP_ID, eap_id);
}
iterator = ike_sa->create_additional_address_iterator(ike_sa);
while (iterator->iterate(iterator, (void**)&addr))
{
m->add_attribute(m, HA_SYNC_ADDITIONAL_ADDR, addr);
m->add_attribute(m, HA_ADDITIONAL_ADDR, addr);
}
iterator->destroy(iterator);
break;
}
case IKE_DESTROYING:
{
m = ha_sync_message_create(HA_SYNC_IKE_DELETE);
m->add_attribute(m, HA_SYNC_IKE_ID, ike_sa->get_id(ike_sa));
m = ha_message_create(HA_IKE_DELETE);
m->add_attribute(m, HA_IKE_ID, ike_sa->get_id(ike_sa));
break;
}
default:
@ -206,10 +206,10 @@ static bool ike_state_change(private_ha_sync_ike_t *this, ike_sa_t *ike_sa,
/**
* Implementation of listener_t.message
*/
static bool message_hook(private_ha_sync_ike_t *this, ike_sa_t *ike_sa,
static bool message_hook(private_ha_ike_t *this, ike_sa_t *ike_sa,
message_t *message, bool incoming)
{
if (this->tunnel && this->tunnel->is_sync_sa(this->tunnel, ike_sa))
if (this->tunnel && this->tunnel->is_sa(this->tunnel, ike_sa))
{ /* do not sync SA between nodes */
return TRUE;
}
@ -217,19 +217,19 @@ static bool message_hook(private_ha_sync_ike_t *this, ike_sa_t *ike_sa,
if (message->get_exchange_type(message) != IKE_SA_INIT &&
message->get_request(message))
{ /* we sync on requests, but skip it on IKE_SA_INIT */
ha_sync_message_t *m;
ha_message_t *m;
u_int32_t mid;
m = ha_sync_message_create(HA_SYNC_IKE_UPDATE);
m->add_attribute(m, HA_SYNC_IKE_ID, ike_sa->get_id(ike_sa));
m = ha_message_create(HA_IKE_UPDATE);
m->add_attribute(m, HA_IKE_ID, ike_sa->get_id(ike_sa));
mid = message->get_message_id(message) + 1;
if (incoming)
{
m->add_attribute(m, HA_SYNC_RESPOND_MID, mid);
m->add_attribute(m, HA_RESPOND_MID, mid);
}
else
{
m->add_attribute(m, HA_SYNC_INITIATE_MID, mid);
m->add_attribute(m, HA_INITIATE_MID, mid);
}
this->socket->push(this->socket, m);
}
@ -239,15 +239,15 @@ static bool message_hook(private_ha_sync_ike_t *this, ike_sa_t *ike_sa,
{ /* After IKE_SA has been established, sync peers virtual IP.
* We cannot sync it in the state_change hook, it is installed later.
* TODO: where to sync local VIP? */
ha_sync_message_t *m;
ha_message_t *m;
host_t *vip;
vip = ike_sa->get_virtual_ip(ike_sa, FALSE);
if (vip)
{
m = ha_sync_message_create(HA_SYNC_IKE_UPDATE);
m->add_attribute(m, HA_SYNC_IKE_ID, ike_sa->get_id(ike_sa));
m->add_attribute(m, HA_SYNC_REMOTE_VIP, vip);
m = ha_message_create(HA_IKE_UPDATE);
m->add_attribute(m, HA_IKE_ID, ike_sa->get_id(ike_sa));
m->add_attribute(m, HA_REMOTE_VIP, vip);
this->socket->push(this->socket, m);
}
}
@ -255,9 +255,9 @@ static bool message_hook(private_ha_sync_ike_t *this, ike_sa_t *ike_sa,
}
/**
* Implementation of ha_sync_ike_t.destroy.
* Implementation of ha_ike_t.destroy.
*/
static void destroy(private_ha_sync_ike_t *this)
static void destroy(private_ha_ike_t *this)
{
free(this);
}
@ -265,16 +265,15 @@ static void destroy(private_ha_sync_ike_t *this)
/**
* See header
*/
ha_sync_ike_t *ha_sync_ike_create(ha_sync_socket_t *socket,
ha_sync_tunnel_t *tunnel)
ha_ike_t *ha_ike_create(ha_socket_t *socket, ha_tunnel_t *tunnel)
{
private_ha_sync_ike_t *this = malloc_thing(private_ha_sync_ike_t);
private_ha_ike_t *this = malloc_thing(private_ha_ike_t);
memset(&this->public.listener, 0, sizeof(listener_t));
this->public.listener.ike_keys = (bool(*)(listener_t*, ike_sa_t *ike_sa, diffie_hellman_t *dh,chunk_t nonce_i, chunk_t nonce_r, ike_sa_t *rekey))ike_keys;
this->public.listener.ike_state_change = (bool(*)(listener_t*,ike_sa_t *ike_sa, ike_sa_state_t state))ike_state_change;
this->public.listener.message = (bool(*)(listener_t*, ike_sa_t *, message_t *,bool))message_hook;
this->public.destroy = (void(*)(ha_sync_ike_t*))destroy;
this->public.destroy = (void(*)(ha_ike_t*))destroy;
this->socket = socket;
this->tunnel = tunnel;

29
src/charon/plugins/ha_sync/ha_sync_ike.h → src/charon/plugins/ha/ha_ike.h
View File

@ -14,25 +14,25 @@
*/
/**
* @defgroup ha_sync_ike ha_sync_ike
* @{ @ingroup ha_sync
* @defgroup ha_ike ha_ike
* @{ @ingroup ha
*/
#ifndef HA_SYNC_IKE_H_
#define HA_SYNC_IKE_H_
#ifndef HA_IKE_H_
#define HA_IKE_H_
#include "ha_sync_socket.h"
#include "ha_sync_tunnel.h"
#include "ha_sync_segments.h"
#include "ha_socket.h"
#include "ha_tunnel.h"
#include "ha_segments.h"
#include <daemon.h>
typedef struct ha_sync_ike_t ha_sync_ike_t;
typedef struct ha_ike_t ha_ike_t;
/**
* Listener to synchronize IKE_SAs.
*/
struct ha_sync_ike_t {
struct ha_ike_t {
/**
* Implements bus listener interface.
@ -40,19 +40,18 @@ struct ha_sync_ike_t {
listener_t listener;
/**
* Destroy a ha_sync_ike_t.
* Destroy a ha_ike_t.
*/
void (*destroy)(ha_sync_ike_t *this);
void (*destroy)(ha_ike_t *this);
};
/**
* Create a ha_sync_ike instance.
* Create a ha_ike instance.
*
* @param socket socket to use for sending synchronization messages
* @param tunnel tunnel securing sync messages, if any
* @return IKE listener
*/
ha_sync_ike_t *ha_sync_ike_create(ha_sync_socket_t *socket,
ha_sync_tunnel_t *tunnel);
ha_ike_t *ha_ike_create(ha_socket_t *socket, ha_tunnel_t *tunnel);
#endif /* HA_SYNC_IKE_ @}*/
#endif /* HA_IKE_ @}*/

47
src/charon/plugins/ha_sync/ha_sync_kernel.c → src/charon/plugins/ha/ha_kernel.c
View File

@ -13,7 +13,7 @@
* for more details.
*/
#include "ha_sync_kernel.h"
#include "ha_kernel.h"
typedef u_int32_t u32;
typedef u_int8_t u8;
@ -26,17 +26,17 @@ typedef u_int8_t u8;
#include <sys/stat.h>
#include <fcntl.h>
typedef struct private_ha_sync_kernel_t private_ha_sync_kernel_t;
typedef struct private_ha_kernel_t private_ha_kernel_t;
/**
* Private data of an ha_sync_kernel_t object.
* Private data of an ha_kernel_t object.
*/
struct private_ha_sync_kernel_t {
struct private_ha_kernel_t {
/**
* Public ha_sync_kernel_t interface.
* Public ha_kernel_t interface.
*/
ha_sync_kernel_t public;
ha_kernel_t public;
/**
* Init value for jhash
@ -55,10 +55,9 @@ struct private_ha_sync_kernel_t {
};
/**
* Implementation of ha_sync_kernel_t.in_segment
* Implementation of ha_kernel_t.in_segment
*/
static bool in_segment(private_ha_sync_kernel_t *this,
host_t *host, u_int segment)
static bool in_segment(private_ha_kernel_t *this, host_t *host, u_int segment)
{
if (host->get_family(host) == AF_INET)
{
@ -78,7 +77,7 @@ static bool in_segment(private_ha_sync_kernel_t *this,
/**
* Activate/Deactivate a segment
*/
static void activate_deactivate(private_ha_sync_kernel_t *this,
static void activate_deactivate(private_ha_kernel_t *this,
u_int segment, char op)
{
enumerator_t *enumerator;
@ -110,17 +109,17 @@ static void activate_deactivate(private_ha_sync_kernel_t *this,
}
/**
* Implementation of ha_sync_kernel_t.activate
* Implementation of ha_kernel_t.activate
*/
static void activate(private_ha_sync_kernel_t *this, u_int segment)
static void activate(private_ha_kernel_t *this, u_int segment)
{
activate_deactivate(this, segment, '+');
}
/**
* Implementation of ha_sync_kernel_t.deactivate
* Implementation of ha_kernel_t.deactivate
*/
static void deactivate(private_ha_sync_kernel_t *this, u_int segment)
static void deactivate(private_ha_kernel_t *this, u_int segment)
{
activate_deactivate(this, segment, '-');
}
@ -128,7 +127,7 @@ static void deactivate(private_ha_sync_kernel_t *this, u_int segment)
/**
* Mangle IPtable rules for virtual addresses
*/
static bool mangle_rules(private_ha_sync_kernel_t *this, bool add)
static bool mangle_rules(private_ha_kernel_t *this, bool add)
{
enumerator_t *enumerator;
host_t *host;
@ -174,7 +173,7 @@ static bool mangle_rules(private_ha_sync_kernel_t *this, bool add)
/**
* Parse the list of virtual cluster addresses
*/
static void parse_virtuals(private_ha_sync_kernel_t *this, char *virtual)
static void parse_virtuals(private_ha_kernel_t *this, char *virtual)
{
enumerator_t *enumerator;
host_t *host;
@ -197,9 +196,9 @@ static void parse_virtuals(private_ha_sync_kernel_t *this, char *virtual)
}
/**
* Implementation of ha_sync_kernel_t.destroy.
* Implementation of ha_kernel_t.destroy.
*/
static void destroy(private_ha_sync_kernel_t *this)
static void destroy(private_ha_kernel_t *this)
{
mangle_rules(this, FALSE);
this->virtuals->destroy_offset(this->virtuals, offsetof(host_t, destroy));
@ -209,14 +208,14 @@ static void destroy(private_ha_sync_kernel_t *this)
/**
* See header
*/
ha_sync_kernel_t *ha_sync_kernel_create(u_int count, char *virtuals)
ha_kernel_t *ha_kernel_create(u_int count, char *virtuals)
{
private_ha_sync_kernel_t *this = malloc_thing(private_ha_sync_kernel_t);
private_ha_kernel_t *this = malloc_thing(private_ha_kernel_t);
this->public.in_segment = (bool(*)(ha_sync_kernel_t*, host_t *host, u_int segment))in_segment;
this->public.activate = (void(*)(ha_sync_kernel_t*, u_int segment))activate;
this->public.deactivate = (void(*)(ha_sync_kernel_t*, u_int segment))deactivate;
this->public.destroy = (void(*)(ha_sync_kernel_t*))destroy;
this->public.in_segment = (bool(*)(ha_kernel_t*, host_t *host, u_int segment))in_segment;
this->public.activate = (void(*)(ha_kernel_t*, u_int segment))activate;
this->public.deactivate = (void(*)(ha_kernel_t*, u_int segment))deactivate;
this->public.destroy = (void(*)(ha_kernel_t*))destroy;
this->initval = 0;
this->count = count;

32
src/charon/plugins/ha_sync/ha_sync_kernel.h → src/charon/plugins/ha/ha_kernel.h
View File

@ -14,21 +14,21 @@
*/
/**
* @defgroup ha_sync_kernel ha_sync_kernel
* @{ @ingroup ha_sync
* @defgroup ha_kernel ha_kernel
* @{ @ingroup ha
*/
#ifndef HA_SYNC_KERNEL_H_
#define HA_SYNC_KERNEL_H_
#ifndef HA_KERNEL_H_
#define HA_KERNEL_H_
typedef struct ha_sync_kernel_t ha_sync_kernel_t;
typedef struct ha_kernel_t ha_kernel_t;
#include "ha_sync_segments.h"
#include "ha_segments.h"
/**
* HA sync segment kernel configuration interface.
* HA segment kernel configuration interface.
*/
struct ha_sync_kernel_t {
struct ha_kernel_t {
/**
* Check if a host is in a segment.
@ -37,35 +37,35 @@ struct ha_sync_kernel_t {
* @param segment segment
* @return TRUE if host belongs to segment
*/
bool (*in_segment)(ha_sync_kernel_t *this, host_t *host, u_int segment);
bool (*in_segment)(ha_kernel_t *this, host_t *host, u_int segment);
/**
* Activate a segment at kernel level for all cluster addresses.
*
* @param segment segment to activate
*/
void (*activate)(ha_sync_kernel_t *this, u_int segment);
void (*activate)(ha_kernel_t *this, u_int segment);
/**
* Deactivate a segment at kernel level for all cluster addresses.
*
* @param segment segment to deactivate
*/
void (*deactivate)(ha_sync_kernel_t *this, u_int segment);
void (*deactivate)(ha_kernel_t *this, u_int segment);
/**
* Destroy a ha_sync_kernel_t.
* Destroy a ha_kernel_t.
*/
void (*destroy)(ha_sync_kernel_t *this);
void (*destroy)(ha_kernel_t *this);
};
/**
* Create a ha_sync_kernel instance.
* Create a ha_kernel instance.
*
* @param count total number of segments to use
* @param active bitmask of initially active segments
* @param virtuals comma separated list of virtual cluster addresses
*/
ha_sync_kernel_t *ha_sync_kernel_create(u_int count, char *virtuals);
ha_kernel_t *ha_kernel_create(u_int count, char *virtuals);
#endif /* HA_SYNC_KERNEL_ @}*/
#endif /* HA_KERNEL_ @}*/

208
src/charon/plugins/ha_sync/ha_sync_message.c → src/charon/plugins/ha/ha_message.c
View File

@ -17,23 +17,23 @@
#include <string.h>
#include <arpa/inet.h>
#include "ha_sync_message.h"
#include "ha_message.h"
#include <daemon.h>
#define ALLOCATION_BLOCK 64
typedef struct private_ha_sync_message_t private_ha_sync_message_t;
typedef struct private_ha_message_t private_ha_message_t;
/**
* Private data of an ha_sync_message_t object.
* Private data of an ha_message_t object.
*/
struct private_ha_sync_message_t {
struct private_ha_message_t {
/**
* Public ha_sync_message_t interface.
* Public ha_message_t interface.
*/
ha_sync_message_t public;
ha_message_t public;
/**
* Allocated size of buf
@ -94,9 +94,9 @@ struct ts_encoding_t {
} __attribute__((packed));
/**
* Implementation of ha_sync_message_t.get_type
* Implementation of ha_message_t.get_type
*/
static ha_sync_message_type_t get_type(private_ha_sync_message_t *this)
static ha_message_type_t get_type(private_ha_message_t *this)
{
return this->buf.ptr[1];
}
@ -104,7 +104,7 @@ static ha_sync_message_type_t get_type(private_ha_sync_message_t *this)
/**
* check for space in buffer, increase if necessary
*/
static void check_buf(private_ha_sync_message_t *this, size_t len)
static void check_buf(private_ha_message_t *this, size_t len)
{
int increased = 0;
@ -120,10 +120,10 @@ static void check_buf(private_ha_sync_message_t *this, size_t len)
}
/**
* Implementation of ha_sync_message_t.add_attribute
* Implementation of ha_message_t.add_attribute
*/
static void add_attribute(private_ha_sync_message_t *this,
ha_sync_message_attribute_t attribute, ...)
static void add_attribute(private_ha_message_t *this,
ha_message_attribute_t attribute, ...)
{
size_t len;
va_list args;
@ -136,8 +136,8 @@ static void add_attribute(private_ha_sync_message_t *this,
switch (attribute)
{
/* ike_sa_id_t* */
case HA_SYNC_IKE_ID:
case HA_SYNC_IKE_REKEY_ID:
case HA_IKE_ID:
case HA_IKE_REKEY_ID:
{
ike_sa_id_encoding_t *enc;
ike_sa_id_t *id;
@ -152,9 +152,9 @@ static void add_attribute(private_ha_sync_message_t *this,
break;
}
/* identification_t* */
case HA_SYNC_LOCAL_ID:
case HA_SYNC_REMOTE_ID:
case HA_SYNC_EAP_ID:
case HA_LOCAL_ID:
case HA_REMOTE_ID:
case HA_EAP_ID:
{
identification_encoding_t *enc;
identification_t *id;
@ -171,11 +171,11 @@ static void add_attribute(private_ha_sync_message_t *this,
break;
}
/* host_t* */
case HA_SYNC_LOCAL_ADDR:
case HA_SYNC_REMOTE_ADDR:
case HA_SYNC_LOCAL_VIP:
case HA_SYNC_REMOTE_VIP:
case HA_SYNC_ADDITIONAL_ADDR:
case HA_LOCAL_ADDR:
case HA_REMOTE_ADDR:
case HA_LOCAL_VIP:
case HA_REMOTE_VIP:
case HA_ADDITIONAL_ADDR:
{
host_encoding_t *enc;
host_t *host;
@ -192,7 +192,7 @@ static void add_attribute(private_ha_sync_message_t *this,
break;
}
/* char* */
case HA_SYNC_CONFIG_NAME:
case HA_CONFIG_NAME:
{
char *str;
@ -204,8 +204,8 @@ static void add_attribute(private_ha_sync_message_t *this,
break;
}
/* u_int8_t */
case HA_SYNC_IPSEC_MODE:
case HA_SYNC_IPCOMP:
case HA_IPSEC_MODE:
case HA_IPCOMP:
{
u_int8_t val;
@ -216,14 +216,14 @@ static void add_attribute(private_ha_sync_message_t *this,
break;
}
/* u_int16_t */
case HA_SYNC_ALG_PRF:
case HA_SYNC_ALG_OLD_PRF:
case HA_SYNC_ALG_ENCR:
case HA_SYNC_ALG_ENCR_LEN:
case HA_SYNC_ALG_INTEG:
case HA_SYNC_INBOUND_CPI:
case HA_SYNC_OUTBOUND_CPI:
case HA_SYNC_SEGMENT:
case HA_ALG_PRF:
case HA_ALG_OLD_PRF:
case HA_ALG_ENCR:
case HA_ALG_ENCR_LEN:
case HA_ALG_INTEG:
case HA_INBOUND_CPI:
case HA_OUTBOUND_CPI:
case HA_SEGMENT:
{
u_int16_t val;
@ -234,12 +234,12 @@ static void add_attribute(private_ha_sync_message_t *this,
break;
}
/** u_int32_t */
case HA_SYNC_CONDITIONS:
case HA_SYNC_EXTENSIONS:
case HA_SYNC_INBOUND_SPI:
case HA_SYNC_OUTBOUND_SPI:
case HA_SYNC_INITIATE_MID:
case HA_SYNC_RESPOND_MID:
case HA_CONDITIONS:
case HA_EXTENSIONS:
case HA_INBOUND_SPI:
case HA_OUTBOUND_SPI:
case HA_INITIATE_MID:
case HA_RESPOND_MID:
{
u_int32_t val;
@ -250,10 +250,10 @@ static void add_attribute(private_ha_sync_message_t *this,
break;
}
/** chunk_t */
case HA_SYNC_NONCE_I:
case HA_SYNC_NONCE_R:
case HA_SYNC_SECRET:
case HA_SYNC_OLD_SKD:
case HA_NONCE_I:
case HA_NONCE_R:
case HA_SECRET:
case HA_OLD_SKD:
{
chunk_t chunk;
@ -266,8 +266,8 @@ static void add_attribute(private_ha_sync_message_t *this,
break;
}
/** traffic_selector_t */
case HA_SYNC_LOCAL_TS:
case HA_SYNC_REMOTE_TS:
case HA_LOCAL_TS:
case HA_REMOTE_TS:
{
ts_encoding_t *enc;
traffic_selector_t *ts;
@ -315,10 +315,10 @@ typedef struct {
* Implementation of create_attribute_enumerator().enumerate
*/
static bool attribute_enumerate(attribute_enumerator_t *this,
ha_sync_message_attribute_t *attr_out,
ha_sync_message_value_t *value)
ha_message_attribute_t *attr_out,
ha_message_value_t *value)
{
ha_sync_message_attribute_t attr;
ha_message_attribute_t attr;
if (this->cleanup)
{
@ -334,8 +334,8 @@ static bool attribute_enumerate(attribute_enumerator_t *this,
switch (attr)
{
/* ike_sa_id_t* */
case HA_SYNC_IKE_ID:
case HA_SYNC_IKE_REKEY_ID:
case HA_IKE_ID:
case HA_IKE_REKEY_ID:
{
ike_sa_id_encoding_t *enc;
@ -353,9 +353,9 @@ static bool attribute_enumerate(attribute_enumerator_t *this,
return TRUE;
}
/* identification_t* */
case HA_SYNC_LOCAL_ID:
case HA_SYNC_REMOTE_ID:
case HA_SYNC_EAP_ID:
case HA_LOCAL_ID:
case HA_REMOTE_ID:
case HA_EAP_ID:
{
identification_encoding_t *enc;
@ -375,11 +375,11 @@ static bool attribute_enumerate(attribute_enumerator_t *this,
return TRUE;
}
/* host_t* */
case HA_SYNC_LOCAL_ADDR:
case HA_SYNC_REMOTE_ADDR:
case HA_SYNC_LOCAL_VIP:
case HA_SYNC_REMOTE_VIP:
case HA_SYNC_ADDITIONAL_ADDR:
case HA_LOCAL_ADDR:
case HA_REMOTE_ADDR:
case HA_LOCAL_VIP:
case HA_REMOTE_VIP:
case HA_ADDITIONAL_ADDR:
{
host_encoding_t *enc;
@ -404,7 +404,7 @@ static bool attribute_enumerate(attribute_enumerator_t *this,
return TRUE;
}
/* char* */
case HA_SYNC_CONFIG_NAME:
case HA_CONFIG_NAME:
{
size_t len;
@ -419,8 +419,8 @@ static bool attribute_enumerate(attribute_enumerator_t *this,
return TRUE;
}
/* u_int8_t */
case HA_SYNC_IPSEC_MODE:
case HA_SYNC_IPCOMP:
case HA_IPSEC_MODE:
case HA_IPCOMP:
{
if (this->buf.len < sizeof(u_int8_t))
{
@ -432,14 +432,14 @@ static bool attribute_enumerate(attribute_enumerator_t *this,
return TRUE;
}
/** u_int16_t */
case HA_SYNC_ALG_PRF:
case HA_SYNC_ALG_OLD_PRF:
case HA_SYNC_ALG_ENCR:
case HA_SYNC_ALG_ENCR_LEN:
case HA_SYNC_ALG_INTEG:
case HA_SYNC_INBOUND_CPI:
case HA_SYNC_OUTBOUND_CPI:
case HA_SYNC_SEGMENT:
case HA_ALG_PRF:
case HA_ALG_OLD_PRF:
case HA_ALG_ENCR:
case HA_ALG_ENCR_LEN:
case HA_ALG_INTEG:
case HA_INBOUND_CPI:
case HA_OUTBOUND_CPI:
case HA_SEGMENT:
{
if (this->buf.len < sizeof(u_int16_t))
{
@ -451,12 +451,12 @@ static bool attribute_enumerate(attribute_enumerator_t *this,
return TRUE;
}
/** u_int32_t */
case HA_SYNC_CONDITIONS:
case HA_SYNC_EXTENSIONS:
case HA_SYNC_INBOUND_SPI:
case HA_SYNC_OUTBOUND_SPI:
case HA_SYNC_INITIATE_MID:
case HA_SYNC_RESPOND_MID:
case HA_CONDITIONS:
case HA_EXTENSIONS:
case HA_INBOUND_SPI:
case HA_OUTBOUND_SPI:
case HA_INITIATE_MID:
case HA_RESPOND_MID:
{
if (this->buf.len < sizeof(u_int32_t))
{
@ -468,10 +468,10 @@ static bool attribute_enumerate(attribute_enumerator_t *this,
return TRUE;
}
/** chunk_t */
case HA_SYNC_NONCE_I:
case HA_SYNC_NONCE_R:
case HA_SYNC_SECRET:
case HA_SYNC_OLD_SKD:
case HA_NONCE_I:
case HA_NONCE_R:
case HA_SECRET:
case HA_OLD_SKD:
{
size_t len;
@ -491,8 +491,8 @@ static bool attribute_enumerate(attribute_enumerator_t *this,
this->buf = chunk_skip(this->buf, len);
return TRUE;
}
case HA_SYNC_LOCAL_TS:
case HA_SYNC_REMOTE_TS:
case HA_LOCAL_TS:
case HA_REMOTE_TS:
{
ts_encoding_t *enc;
host_t *host;
@ -574,9 +574,9 @@ static void enum_destroy(attribute_enumerator_t *this)
}
/**
* Implementation of ha_sync_message_t.create_attribute_enumerator
* Implementation of ha_message_t.create_attribute_enumerator
*/
static enumerator_t* create_attribute_enumerator(private_ha_sync_message_t *this)
static enumerator_t* create_attribute_enumerator(private_ha_message_t *this)
{
attribute_enumerator_t *e = malloc_thing(attribute_enumerator_t);
@ -591,32 +591,32 @@ static enumerator_t* create_attribute_enumerator(private_ha_sync_message_t *this
}
/**
* Implementation of ha_sync_message_t.get_encoding
* Implementation of ha_message_t.get_encoding
*/
static chunk_t get_encoding(private_ha_sync_message_t *this)
static chunk_t get_encoding(private_ha_message_t *this)
{
return this->buf;
}
/**
* Implementation of ha_sync_message_t.destroy.
* Implementation of ha_message_t.destroy.
*/
static void destroy(private_ha_sync_message_t *this)
static void destroy(private_ha_message_t *this)
{
free(this->buf.ptr);
free(this);
}
static private_ha_sync_message_t *ha_sync_message_create_generic()
static private_ha_message_t *ha_message_create_generic()
{
private_ha_sync_message_t *this = malloc_thing(private_ha_sync_message_t);
private_ha_message_t *this = malloc_thing(private_ha_message_t);
this->public.get_type = (ha_sync_message_type_t(*)(ha_sync_message_t*))get_type;
this->public.add_attribute = (void(*)(ha_sync_message_t*, ha_sync_message_attribute_t attribute, ...))add_attribute;
this->public.create_attribute_enumerator = (enumerator_t*(*)(ha_sync_message_t*))create_attribute_enumerator;
this->public.get_encoding = (chunk_t(*)(ha_sync_message_t*))get_encoding;
this->public.destroy = (void(*)(ha_sync_message_t*))destroy;
this->public.get_type = (ha_message_type_t(*)(ha_message_t*))get_type;
this->public.add_attribute = (void(*)(ha_message_t*, ha_message_attribute_t attribute, ...))add_attribute;
this->public.create_attribute_enumerator = (enumerator_t*(*)(ha_message_t*))create_attribute_enumerator;
this->public.get_encoding = (chunk_t(*)(ha_message_t*))get_encoding;
this->public.destroy = (void(*)(ha_message_t*))destroy;
return this;
}
@ -624,14 +624,14 @@ static private_ha_sync_message_t *ha_sync_message_create_generic()
/**
* See header
*/
ha_sync_message_t *ha_sync_message_create(ha_sync_message_type_t type)
ha_message_t *ha_message_create(ha_message_type_t type)
{
private_ha_sync_message_t *this = ha_sync_message_create_generic();
private_ha_message_t *this = ha_message_create_generic();
this->allocated = ALLOCATION_BLOCK;
this->buf.ptr = malloc(this->allocated);
this->buf.len = 2;
this->buf.ptr[0] = HA_SYNC_MESSAGE_VERSION;
this->buf.ptr[0] = HA_MESSAGE_VERSION;
this->buf.ptr[1] = type;
return &this->public;
@ -640,23 +640,23 @@ ha_sync_message_t *ha_sync_message_create(ha_sync_message_type_t type)
/**
* See header
*/
ha_sync_message_t *ha_sync_message_parse(chunk_t data)
ha_message_t *ha_message_parse(chunk_t data)
{
private_ha_sync_message_t *this;
private_ha_message_t *this;
if (data.len < 2)
{
DBG1(DBG_CFG, "HA sync message too short");
DBG1(DBG_CFG, "HA message too short");
return NULL;
}
if (data.ptr[0] != HA_SYNC_MESSAGE_VERSION)
if (data.ptr[0] != HA_MESSAGE_VERSION)
{
DBG1(DBG_CFG, "HA sync message has version %d, expected %d",
data.ptr[0], HA_SYNC_MESSAGE_VERSION);
DBG1(DBG_CFG, "HA message has version %d, expected %d",
data.ptr[0], HA_MESSAGE_VERSION);
return NULL;
}
this = ha_sync_message_create_generic();
this = ha_message_create_generic();
this->buf = chunk_clone(data);
this->allocated = this->buf.len;

138
src/charon/plugins/ha_sync/ha_sync_message.h → src/charon/plugins/ha/ha_message.h
View File

@ -14,12 +14,12 @@
*/
/**
* @defgroup ha_sync_message ha_sync_message
* @{ @ingroup ha_sync
* @defgroup ha_message ha_message
* @{ @ingroup ha
*/
#ifndef HA_SYNC_MESSAGE_H_
#define HA_SYNC_MESSAGE_H_
#ifndef HA_MESSAGE_H_
#define HA_MESSAGE_H_
#include <library.h>
#include <utils/host.h>
@ -30,111 +30,111 @@
/**
* Protocol version of this implementation
*/
#define HA_SYNC_MESSAGE_VERSION 1
#define HA_MESSAGE_VERSION 1
typedef struct ha_sync_message_t ha_sync_message_t;
typedef enum ha_sync_message_type_t ha_sync_message_type_t;
typedef enum ha_sync_message_attribute_t ha_sync_message_attribute_t;
typedef union ha_sync_message_value_t ha_sync_message_value_t;
typedef struct ha_message_t ha_message_t;
typedef enum ha_message_type_t ha_message_type_t;
typedef enum ha_message_attribute_t ha_message_attribute_t;
typedef union ha_message_value_t ha_message_value_t;
/**
* Type of a sync message
* Type of a HA message
*/
enum ha_sync_message_type_t {
enum ha_message_type_t {
/** add a completely new IKE_SA */
HA_SYNC_IKE_ADD = 1,
HA_IKE_ADD = 1,
/** update an existing IKE_SA (message IDs, address update, ...) */
HA_SYNC_IKE_UPDATE,
HA_IKE_UPDATE,
/** delete an existing IKE_SA */
HA_SYNC_IKE_DELETE,
HA_IKE_DELETE,
/** add a new CHILD_SA */
HA_SYNC_CHILD_ADD,
HA_CHILD_ADD,
/** delete an existing CHILD_SA */
HA_SYNC_CHILD_DELETE,
HA_CHILD_DELETE,
/** segments the sending node is giving up */
HA_SYNC_SEGMENT_DROP,
HA_SEGMENT_DROP,
/** segments the sending node is taking over */
HA_SYNC_SEGMENT_TAKE,
HA_SEGMENT_TAKE,
/** status with the segments the sending node is currently serving */
HA_SYNC_STATUS,
HA_STATUS,
};
/**
* Type of attributes contained in a message
*/
enum ha_sync_message_attribute_t {
enum ha_message_attribute_t {
/** ike_sa_id_t*, to identify IKE_SA */
HA_SYNC_IKE_ID = 1,
HA_IKE_ID = 1,
/** ike_Sa_id_t*, identifies IKE_SA which gets rekeyed */
HA_SYNC_IKE_REKEY_ID,
HA_IKE_REKEY_ID,
/** identification_t*, local identity */
HA_SYNC_LOCAL_ID,
HA_LOCAL_ID,
/** identification_t*, remote identity */
HA_SYNC_REMOTE_ID,
HA_REMOTE_ID,
/** identification_t*, EAP identity */
HA_SYNC_EAP_ID,
HA_EAP_ID,
/** host_t*, local address */
HA_SYNC_LOCAL_ADDR,
HA_LOCAL_ADDR,
/** host_t*, remote address */
HA_SYNC_REMOTE_ADDR,
HA_REMOTE_ADDR,
/** char*, name of configuration */
HA_SYNC_CONFIG_NAME,
HA_CONFIG_NAME,
/** u_int32_t, bitset of ike_condition_t */
HA_SYNC_CONDITIONS,
HA_CONDITIONS,
/** u_int32_t, bitset of ike_extension_t */
HA_SYNC_EXTENSIONS,
HA_EXTENSIONS,
/** host_t*, local virtual IP */
HA_SYNC_LOCAL_VIP,
HA_LOCAL_VIP,
/** host_t*, remote virtual IP */
HA_SYNC_REMOTE_VIP,
HA_REMOTE_VIP,
/** host_t*, additional MOBIKE peer address */
HA_SYNC_ADDITIONAL_ADDR,
HA_ADDITIONAL_ADDR,
/** chunk_t, initiators nonce */
HA_SYNC_NONCE_I,
HA_NONCE_I,
/** chunk_t, responders nonce */
HA_SYNC_NONCE_R,
HA_NONCE_R,
/** chunk_t, diffie hellman shared secret */
HA_SYNC_SECRET,
HA_SECRET,
/** chunk_t, SKd of old SA if rekeying */
HA_SYNC_OLD_SKD,
HA_OLD_SKD,
/** u_int16_t, pseudo random function */
HA_SYNC_ALG_PRF,
HA_ALG_PRF,
/** u_int16_t, old pseudo random function if rekeying */
HA_SYNC_ALG_OLD_PRF,
HA_ALG_OLD_PRF,
/** u_int16_t, encryption algorithm */
HA_SYNC_ALG_ENCR,
HA_ALG_ENCR,
/** u_int16_t, encryption key size in bytes */
HA_SYNC_ALG_ENCR_LEN,
HA_ALG_ENCR_LEN,
/** u_int16_t, integrity protection algorithm */
HA_SYNC_ALG_INTEG,
HA_ALG_INTEG,
/** u_int8_t, IPsec mode, TUNNEL|TRANSPORT|... */
HA_SYNC_IPSEC_MODE,
HA_IPSEC_MODE,
/** u_int8_t, IPComp protocol */
HA_SYNC_IPCOMP,
HA_IPCOMP,
/** u_int32_t, inbound security parameter index */
HA_SYNC_INBOUND_SPI,
HA_INBOUND_SPI,
/** u_int32_t, outbound security parameter index */
HA_SYNC_OUTBOUND_SPI,
HA_OUTBOUND_SPI,
/** u_int16_t, inbound security parameter index */
HA_SYNC_INBOUND_CPI,
HA_INBOUND_CPI,
/** u_int16_t, outbound security parameter index */
HA_SYNC_OUTBOUND_CPI,
HA_OUTBOUND_CPI,
/** traffic_selector_t*, local traffic selector */
HA_SYNC_LOCAL_TS,
HA_LOCAL_TS,
/** traffic_selector_t*, remote traffic selector */
HA_SYNC_REMOTE_TS,
HA_REMOTE_TS,
/** u_int32_t, initiating message ID */
HA_SYNC_INITIATE_MID,
HA_INITIATE_MID,
/** u_int32_t, responding message ID */
HA_SYNC_RESPOND_MID,
/** u_int16_t, HA sync segment */
HA_SYNC_SEGMENT,
HA_RESPOND_MID,
/** u_int16_t, HA segment */
HA_SEGMENT,
};
/**
* Union to enumerate typed attributes in a message
*/
union ha_sync_message_value_t {
union ha_message_value_t {
u_int8_t u8;
u_int16_t u16;
u_int32_t u32;
@ -149,14 +149,14 @@ union ha_sync_message_value_t {
/**
* Abstracted message passed between nodes in a HA cluster.
*/
struct ha_sync_message_t {
struct ha_message_t {
/**
* Get the type of the message.
*
* @return message type
*/
ha_sync_message_type_t (*get_type)(ha_sync_message_t *this);
ha_message_type_t (*get_type)(ha_message_t *this);
/**
* Add an attribute to a message.
@ -164,42 +164,42 @@ struct ha_sync_message_t {
* @param attribute attribute type to add
* @param ... attribute specific data
*/
void (*add_attribute)(ha_sync_message_t *this,
ha_sync_message_attribute_t attribute, ...);
void (*add_attribute)(ha_message_t *this,
ha_message_attribute_t attribute, ...);
/**
* Create an enumerator over all attributes in a message.
*
* @return enumerator over attribute, ha_sync_message_value_t
* @return enumerator over attribute, ha_message_value_t
*/
enumerator_t* (*create_attribute_enumerator)(ha_sync_message_t *this);
enumerator_t* (*create_attribute_enumerator)(ha_message_t *this);
/**
* Get the message in a encoded form.
*
* @return chunk pointing to internal data
*/
chunk_t (*get_encoding)(ha_sync_message_t *this);
chunk_t (*get_encoding)(ha_message_t *this);
/**
* Destroy a ha_sync_message_t.
* Destroy a ha_message_t.
*/
void (*destroy)(ha_sync_message_t *this);
void (*destroy)(ha_message_t *this);
};
/**
* Create a new ha_sync_message instance, ready for adding attributes
* Create a new ha_message instance, ready for adding attributes
*
* @param version protocol version to create a message from
* @param type type of the message
*/
ha_sync_message_t *ha_sync_message_create(ha_sync_message_type_t type);
ha_message_t *ha_message_create(ha_message_type_t type);
/**
* Create a ha_sync_message from encoded data.
* Create a ha_message from encoded data.
*
* @param data encoded message data
*/
ha_sync_message_t *ha_sync_message_parse(chunk_t data);
ha_message_t *ha_message_parse(chunk_t data);
#endif /* HA_SYNC_MESSAGE_ @}*/
#endif /* HA_MESSAGE_ @}*/

76
src/charon/plugins/ha_sync/ha_sync_plugin.c → src/charon/plugins/ha/ha_plugin.c
View File

@ -13,75 +13,75 @@
* for more details.
*/
#include "ha_sync_plugin.h"
#include "ha_sync_ike.h"
#include "ha_sync_child.h"
#include "ha_sync_socket.h"
#include "ha_sync_tunnel.h"
#include "ha_sync_dispatcher.h"
#include "ha_sync_segments.h"
#include "ha_sync_ctl.h"
#include "ha_plugin.h"
#include "ha_ike.h"
#include "ha_child.h"
#include "ha_socket.h"
#include "ha_tunnel.h"
#include "ha_dispatcher.h"
#include "ha_segments.h"
#include "ha_ctl.h"
#include <daemon.h>
#include <config/child_cfg.h>
typedef struct private_ha_sync_plugin_t private_ha_sync_plugin_t;
typedef struct private_ha_plugin_t private_ha_plugin_t;
/**
* private data of ha_sync plugin
* private data of ha plugin
*/
struct private_ha_sync_plugin_t {
struct private_ha_plugin_t {
/**
* implements plugin interface
*/
ha_sync_plugin_t public;
ha_plugin_t public;
/**
* Communication socket
*/
ha_sync_socket_t *socket;
ha_socket_t *socket;
/**
* Tunnel securing sync messages.
*/
ha_sync_tunnel_t *tunnel;
ha_tunnel_t *tunnel;
/**
* IKE_SA synchronization
*/
ha_sync_ike_t *ike;
ha_ike_t *ike;
/**
* CHILD_SA synchronization
*/
ha_sync_child_t *child;
ha_child_t *child;
/**
* Dispatcher to process incoming messages
*/
ha_sync_dispatcher_t *dispatcher;
ha_dispatcher_t *dispatcher;
/**
* Active/Passive segment management
*/
ha_sync_segments_t *segments;
ha_segments_t *segments;
/**
* Interface to control segments at kernel level
*/
ha_sync_kernel_t *kernel;
ha_kernel_t *kernel;
/**
* Segment control interface via FIFO
*/
ha_sync_ctl_t *ctl;
ha_ctl_t *ctl;
};
/**
* Implementation of plugin_t.destroy
*/
static void destroy(private_ha_sync_plugin_t *this)
static void destroy(private_ha_plugin_t *this)
{
DESTROY_IF(this->ctl);
charon->bus->remove_listener(charon->bus, &this->segments->listener);
@ -102,42 +102,42 @@ static void destroy(private_ha_sync_plugin_t *this)
*/
plugin_t *plugin_create()
{
private_ha_sync_plugin_t *this;
private_ha_plugin_t *this;
char *local, *remote, *secret, *virtuals;
u_int count;
bool fifo;
local = lib->settings->get_str(lib->settings,
"charon.plugins.ha_sync.local", NULL);
"charon.plugins.ha.local", NULL);
remote = lib->settings->get_str(lib->settings,
"charon.plugins.ha_sync.remote", NULL);
"charon.plugins.ha.remote", NULL);
virtuals = lib->settings->get_str(lib->settings,
"charon.plugins.ha_sync.virtuals", "");
"charon.plugins.ha.virtuals", "");
secret = lib->settings->get_str(lib->settings,
"charon.plugins.ha_sync.secret", NULL);
"charon.plugins.ha.secret", NULL);
fifo = lib->settings->get_bool(lib->settings,
"charon.plugins.ha_sync.fifo_interface", FALSE);
"charon.plugins.ha.fifo_interface", FALSE);
count = min(SEGMENTS_MAX, lib->settings->get_int(lib->settings,
"charon.plugins.ha_sync.segment_count", 1));
"charon.plugins.ha.segment_count", 1));
if (!local || !remote)
{
DBG1(DBG_CFG, "HA sync config misses local/remote address");
DBG1(DBG_CFG, "HA config misses local/remote address");
return NULL;
}
this = malloc_thing(private_ha_sync_plugin_t);
this = malloc_thing(private_ha_plugin_t);
this->public.plugin.destroy = (void(*)(plugin_t*))destroy;
this->tunnel = NULL;
this->ctl = NULL;
this->socket = ha_sync_socket_create(local, remote);
this->socket = ha_socket_create(local, remote);
if (!this->socket)
{
free(this);
return NULL;
}
this->kernel = ha_sync_kernel_create(count, virtuals);
this->kernel = ha_kernel_create(count, virtuals);
if (!this->kernel)
{
this->socket->destroy(this->socket);
@ -147,17 +147,17 @@ plugin_t *plugin_create()
if (secret)
{
this->tunnel = ha_sync_tunnel_create(local, remote, secret);
this->tunnel = ha_tunnel_create(local, remote, secret);
}
this->segments = ha_sync_segments_create(this->socket, this->kernel,
this->segments = ha_segments_create(this->socket, this->kernel,
this->tunnel, local, remote, count);
if (fifo)
{
this->ctl = ha_sync_ctl_create(this->segments);
this->ctl = ha_ctl_create(this->segments);
}
this->dispatcher = ha_sync_dispatcher_create(this->socket, this->segments);
this->ike = ha_sync_ike_create(this->socket, this->tunnel);
this->child = ha_sync_child_create(this->socket, this->tunnel);
this->dispatcher = ha_dispatcher_create(this->socket, this->segments);
this->ike = ha_ike_create(this->socket, this->tunnel);
this->child = ha_child_create(this->socket, this->tunnel);
charon->bus->add_listener(charon->bus, &this->segments->listener);
charon->bus->add_listener(charon->bus, &this->ike->listener);
charon->bus->add_listener(charon->bus, &this->child->listener);

20
src/charon/plugins/ha_sync/ha_sync_plugin.h → src/charon/plugins/ha/ha_plugin.h
View File

@ -14,29 +14,29 @@
*/
/**
* @defgroup ha_sync ha_sync
* @defgroup ha ha
* @ingroup cplugins
*
* @defgroup ha_sync_plugin ha_sync_plugin
* @{ @ingroup ha_sync
* @defgroup ha_plugin ha_plugin
* @{ @ingroup ha
*/
#ifndef HA_SYNC_PLUGIN_H_
#define HA_SYNC_PLUGIN_H_
#ifndef HA_PLUGIN_H_
#define HA_PLUGIN_H_
#include <plugins/plugin.h>
/**
* UDP port we use for communication
*/
#define HA_SYNC_PORT 4510
#define HA_PORT 4510
typedef struct ha_sync_plugin_t ha_sync_plugin_t;
typedef struct ha_plugin_t ha_plugin_t;
/**
* Plugin to synchronize state in a high availability cluster.
*/
struct ha_sync_plugin_t {
struct ha_plugin_t {
/**
* implements plugin interface
@ -45,8 +45,8 @@ struct ha_sync_plugin_t {
};
/**
* Create a ha_sync_plugin instance.
* Create a ha_plugin instance.
*/
plugin_t *plugin_create();
#endif /* HA_SYNC_PLUGIN_H_ @}*/
#endif /* HA_PLUGIN_H_ @}*/

91
src/charon/plugins/ha_sync/ha_sync_segments.c → src/charon/plugins/ha/ha_segments.c
View File

@ -13,38 +13,38 @@
* for more details.
*/
#include "ha_sync_segments.h"
#include "ha_segments.h"
#include <utils/mutex.h>
#include <utils/linked_list.h>
#include <processing/jobs/callback_job.h>
typedef struct private_ha_sync_segments_t private_ha_sync_segments_t;
typedef struct private_ha_segments_t private_ha_segments_t;
/**
* Private data of an ha_sync_segments_t object.
* Private data of an ha_segments_t object.
*/
struct private_ha_sync_segments_t {
struct private_ha_segments_t {
/**
* Public ha_sync_segments_t interface.
* Public ha_segments_t interface.
*/
ha_sync_segments_t public;
ha_segments_t public;
/**
* communication socket
*/
ha_sync_socket_t *socket;
ha_socket_t *socket;
/**
* Sync tunnel, if any
*/
ha_sync_tunnel_t *tunnel;
ha_tunnel_t *tunnel;
/**
* Interface to control segments at kernel level
*/
ha_sync_kernel_t *kernel;
ha_kernel_t *kernel;
/**
* read/write lock for segment manipulation
@ -70,7 +70,7 @@ struct private_ha_sync_segments_t {
/**
* Log currently active segments
*/
static void log_segments(private_ha_sync_segments_t *this, bool activated,
static void log_segments(private_ha_segments_t *this, bool activated,
u_int segment)
{
char buf[64] = "none", *pos = buf;
@ -92,21 +92,21 @@ static void log_segments(private_ha_sync_segments_t *this, bool activated,
pos += snprintf(pos, buf + sizeof(buf) - pos, "%d", i);
}
}
DBG1(DBG_CFG, "HA sync segment %d %sactivated, now active: %s",
DBG1(DBG_CFG, "HA segment %d %sactivated, now active: %s",
segment, activated ? "" : "de", buf);
}
/**
* Enable/Disable a specific segment
*/
static void enable_disable(private_ha_sync_segments_t *this, u_int segment,
static void enable_disable(private_ha_segments_t *this, u_int segment,
bool enable, bool notify)
{
ike_sa_t *ike_sa;
enumerator_t *enumerator;
ike_sa_state_t old, new;
ha_sync_message_t *message = NULL;
ha_sync_message_type_t type;
ha_message_t *message = NULL;
ha_message_type_t type;
bool changes = FALSE;
if (segment > this->count)
@ -118,7 +118,7 @@ static void enable_disable(private_ha_sync_segments_t *this, u_int segment,
{
old = IKE_PASSIVE;
new = IKE_ESTABLISHED;
type = HA_SYNC_SEGMENT_TAKE;
type = HA_SEGMENT_TAKE;
if (!(this->active & SEGMENTS_BIT(segment)))
{
this->active |= SEGMENTS_BIT(segment);
@ -130,7 +130,7 @@ static void enable_disable(private_ha_sync_segments_t *this, u_int segment,
{
old = IKE_ESTABLISHED;
new = IKE_PASSIVE;
type = HA_SYNC_SEGMENT_DROP;
type = HA_SEGMENT_DROP;
if (this->active & SEGMENTS_BIT(segment))
{
this->active &= ~SEGMENTS_BIT(segment);
@ -148,7 +148,7 @@ static void enable_disable(private_ha_sync_segments_t *this, u_int segment,
{
continue;
}
if (this->tunnel && this->tunnel->is_sync_sa(this->tunnel, ike_sa))
if (this->tunnel && this->tunnel->is_sa(this->tunnel, ike_sa))
{
continue;
}
@ -164,8 +164,8 @@ static void enable_disable(private_ha_sync_segments_t *this, u_int segment,
if (notify)
{
message = ha_sync_message_create(type);
message->add_attribute(message, HA_SYNC_SEGMENT, segment);
message = ha_message_create(type);
message->add_attribute(message, HA_SEGMENT, segment);
this->socket->push(this->socket, message);
}
}
@ -173,7 +173,7 @@ static void enable_disable(private_ha_sync_segments_t *this, u_int segment,
/**
* Enable/Disable all or a specific segment, do locking
*/
static void enable_disable_all(private_ha_sync_segments_t *this, u_int segment,
static void enable_disable_all(private_ha_segments_t *this, u_int segment,
bool enable, bool notify)
{
int i;
@ -194,19 +194,17 @@ static void enable_disable_all(private_ha_sync_segments_t *this, u_int segment,
}
/**
* Implementation of ha_sync_segments_t.activate
* Implementation of ha_segments_t.activate
*/
static void activate(private_ha_sync_segments_t *this, u_int segment,
bool notify)
static void activate(private_ha_segments_t *this, u_int segment, bool notify)
{
enable_disable_all(this, segment, TRUE, notify);
}
/**
* Implementation of ha_sync_segments_t.deactivate
* Implementation of ha_segments_t.deactivate
*/
static void deactivate(private_ha_sync_segments_t *this, u_int segment,
bool notify)
static void deactivate(private_ha_segments_t *this, u_int segment, bool notify)
{
enable_disable_all(this, segment, FALSE, notify);
}
@ -236,9 +234,9 @@ static status_t rekey_children(ike_sa_t *ike_sa)
}
/**
* Implementation of ha_sync_segments_t.resync
* Implementation of ha_segments_t.resync
*/
static void resync(private_ha_sync_segments_t *this, u_int segment)
static void resync(private_ha_segments_t *this, u_int segment)
{
ike_sa_t *ike_sa;
enumerator_t *enumerator;
@ -253,7 +251,7 @@ static void resync(private_ha_sync_segments_t *this, u_int segment)
{
this->active &= ~mask;
DBG1(DBG_CFG, "resyncing HA sync segment %d", segment);
DBG1(DBG_CFG, "resyncing HA segment %d", segment);
/* we do the actual rekeying in a seperate loop to avoid rekeying
* an SA twice. */
@ -299,7 +297,7 @@ static void resync(private_ha_sync_segments_t *this, u_int segment)
/**
* Implementation of listener_t.alert
*/
static bool alert_hook(private_ha_sync_segments_t *this, ike_sa_t *ike_sa,
static bool alert_hook(private_ha_segments_t *this, ike_sa_t *ike_sa,
alert_t alert, va_list args)
{
if (alert == ALERT_SHUTDOWN_SIGNAL)
@ -310,9 +308,9 @@ static bool alert_hook(private_ha_sync_segments_t *this, ike_sa_t *ike_sa,
}
/**
* Implementation of ha_sync_segments_t.handle_status
* Implementation of ha_segments_t.handle_status
*/
static void handle_status(private_ha_sync_segments_t *this, segment_mask_t mask)
static void handle_status(private_ha_segments_t *this, segment_mask_t mask)
{
segment_mask_t missing, overlap;
int i, active = 0;
@ -366,18 +364,18 @@ static void handle_status(private_ha_sync_segments_t *this, segment_mask_t mask)
/**
* Send a status message with our active segments
*/
static job_requeue_t send_status(private_ha_sync_segments_t *this)
static job_requeue_t send_status(private_ha_segments_t *this)
{
ha_sync_message_t *message;
ha_message_t *message;
int i;
message = ha_sync_message_create(HA_SYNC_STATUS);
message = ha_message_create(HA_STATUS);
for (i = 1; i <= this->count; i++)
{
if (this->active & SEGMENTS_BIT(i))
{
message->add_attribute(message, HA_SYNC_SEGMENT, i);
message->add_attribute(message, HA_SEGMENT, i);
}
}
@ -393,9 +391,9 @@ static job_requeue_t send_status(private_ha_sync_segments_t *this)
}
/**
* Implementation of ha_sync_segments_t.destroy.
* Implementation of ha_segments_t.destroy.
*/
static void destroy(private_ha_sync_segments_t *this)
static void destroy(private_ha_segments_t *this)
{
this->lock->destroy(this->lock);
free(this);
@ -404,20 +402,19 @@ static void destroy(private_ha_sync_segments_t *this)
/**
* See header
*/
ha_sync_segments_t *ha_sync_segments_create(ha_sync_socket_t *socket,
ha_sync_kernel_t *kernel, ha_sync_tunnel_t *tunnel,
char *local, char *remote, u_int count)
ha_segments_t *ha_segments_create(ha_socket_t *socket, ha_kernel_t *kernel,
ha_tunnel_t *tunnel, char *local, char *remote, u_int count)
{
private_ha_sync_segments_t *this = malloc_thing(private_ha_sync_segments_t);
private_ha_segments_t *this = malloc_thing(private_ha_segments_t);
int i;
memset(&this->public.listener, 0, sizeof(listener_t));
this->public.listener.alert = (bool(*)(listener_t*, ike_sa_t *, alert_t, va_list))alert_hook;
this->public.activate = (void(*)(ha_sync_segments_t*, u_int segment,bool))activate;
this->public.deactivate = (void(*)(ha_sync_segments_t*, u_int segment,bool))deactivate;
this->public.resync = (void(*)(ha_sync_segments_t*, u_int segment))resync;
this->public.handle_status = (void(*)(ha_sync_segments_t*, segment_mask_t mask))handle_status;
this->public.destroy = (void(*)(ha_sync_segments_t*))destroy;
this->public.activate = (void(*)(ha_segments_t*, u_int segment,bool))activate;
this->public.deactivate = (void(*)(ha_segments_t*, u_int segment,bool))deactivate;
this->public.resync = (void(*)(ha_segments_t*, u_int segment))resync;
this->public.handle_status = (void(*)(ha_segments_t*, segment_mask_t mask))handle_status;
this->public.destroy = (void(*)(ha_segments_t*))destroy;
this->socket = socket;
this->tunnel = tunnel;

39
src/charon/plugins/ha_sync/ha_sync_segments.h → src/charon/plugins/ha/ha_segments.h
View File

@ -14,16 +14,16 @@
*/
/**
* @defgroup ha_sync_segments ha_sync_segments
* @{ @ingroup ha_sync
* @defgroup ha_segments ha_segments
* @{ @ingroup ha
*/
#ifndef HA_SYNC_SEGMENTS_H_
#define HA_SYNC_SEGMENTS_H_
#ifndef HA_SEGMENTS_H_
#define HA_SEGMENTS_H_
#include <daemon.h>
typedef struct ha_sync_segments_t ha_sync_segments_t;
typedef struct ha_segments_t ha_segments_t;
typedef u_int16_t segment_mask_t;
@ -37,14 +37,14 @@ typedef u_int16_t segment_mask_t;
*/
#define SEGMENTS_BIT(segment) (0x01 << (segment - 1))
#include "ha_sync_socket.h"
#include "ha_sync_tunnel.h"
#include "ha_sync_kernel.h"
#include "ha_socket.h"
#include "ha_tunnel.h"
#include "ha_kernel.h"
/**
* Segmentation of peers into active and passive.
*/
struct ha_sync_segments_t {
struct ha_segments_t {
/**
* Implements listener interface to catch daemon shutdown.
@ -57,7 +57,7 @@ struct ha_sync_segments_t {
* @param segment numerical segment to takeover, 0 for all
* @param notify wheter to notify other nodes about activation
*/
void (*activate)(ha_sync_segments_t *this, u_int segment, bool notify);
void (*activate)(ha_segments_t *this, u_int segment, bool notify);
/**
* Deactivate a set of IKE_SAs identified by a segment.
@ -65,7 +65,7 @@ struct ha_sync_segments_t {
* @param segment numerical segment to takeover, 0 for all
* @param notify wheter to notify other nodes about deactivation
*/
void (*deactivate)(ha_sync_segments_t *this, u_int segment, bool notify);
void (*deactivate)(ha_segments_t *this, u_int segment, bool notify);
/**
* Resync an active segment.
@ -77,23 +77,23 @@ struct ha_sync_segments_t {
*
* @param segment segment to resync
*/
void (*resync)(ha_sync_segments_t *this, u_int segment);
void (*resync)(ha_segments_t *this, u_int segment);
/**
* Handle a status message from the remote node.
*
* @param mask segments the remote node is serving actively
*/
void (*handle_status)(ha_sync_segments_t *this, segment_mask_t mask);
void (*handle_status)(ha_segments_t *this, segment_mask_t mask);
/**
* Destroy a ha_sync_segments_t.
* Destroy a ha_segments_t.
*/
void (*destroy)(ha_sync_segments_t *this);
void (*destroy)(ha_segments_t *this);
};
/**
* Create a ha_sync_segments instance.
* Create a ha_segments instance.
*
* @param socket socket to communicate segment (de-)activation
* @param kernel interface to control segments at kernel level
@ -101,8 +101,7 @@ struct ha_sync_segments_t {
* @param active bit mask of initially active segments
* @return segment object
*/
ha_sync_segments_t *ha_sync_segments_create(ha_sync_socket_t *socket,
ha_sync_kernel_t *kernel, ha_sync_tunnel_t *tunnel,
char *local, char *remote, u_int count);
ha_segments_t *ha_segments_create(ha_socket_t *socket, ha_kernel_t *kernel,
ha_tunnel_t *tunnel, char *local, char *remote, u_int count);
#endif /* HA_SYNC_SEGMENTS_ @}*/
#endif /* HA_SEGMENTS_ @}*/

68
src/charon/plugins/ha_sync/ha_sync_socket.c → src/charon/plugins/ha/ha_socket.c
View File

@ -13,8 +13,8 @@
* for more details.
*/
#include "ha_sync_socket.h"
#include "ha_sync_plugin.h"
#include "ha_socket.h"
#include "ha_plugin.h"
#include <sys/types.h>
#include <sys/socket.h>
@ -26,17 +26,17 @@
#include <utils/host.h>
#include <processing/jobs/callback_job.h>
typedef struct private_ha_sync_socket_t private_ha_sync_socket_t;
typedef struct private_ha_socket_t private_ha_socket_t;
/**
* Private data of an ha_sync_socket_t object.
* Private data of an ha_socket_t object.
*/
struct private_ha_sync_socket_t {
struct private_ha_socket_t {
/**
* Public ha_sync_socket_t interface.
* Public ha_socket_t interface.
*/
ha_sync_socket_t public;
ha_socket_t public;
/**
* UDP communication socket fd
@ -58,8 +58,8 @@ struct private_ha_sync_socket_t {
* Data to pass to the send_message() callback job
*/
typedef struct {
ha_sync_message_t *message;
private_ha_sync_socket_t *this;
ha_message_t *message;
private_ha_socket_t *this;
} job_data_t;
/**
@ -76,22 +76,22 @@ static void job_data_destroy(job_data_t *this)
*/
static job_requeue_t send_message(job_data_t *data)
{
private_ha_sync_socket_t *this;
private_ha_socket_t *this;
chunk_t chunk;
this = data->this;
chunk = data->message->get_encoding(data->message);
if (send(this->fd, chunk.ptr, chunk.len, 0) < chunk.len)
{
DBG1(DBG_CFG, "pushing HA sync message failed: %s", strerror(errno));
DBG1(DBG_CFG, "pushing HA message failed: %s", strerror(errno));
}
return JOB_REQUEUE_NONE;
}
/**
* Implementation of ha_sync_socket_t.push
* Implementation of ha_socket_t.push
*/
static void push(private_ha_sync_socket_t *this, ha_sync_message_t *message)
static void push(private_ha_socket_t *this, ha_message_t *message)
{
chunk_t chunk;
@ -116,19 +116,19 @@ static void push(private_ha_sync_socket_t *this, ha_sync_message_t *message)
charon->processor->queue_job(charon->processor, (job_t*)job);
return;
}
DBG1(DBG_CFG, "pushing HA sync message failed: %s", strerror(errno));
DBG1(DBG_CFG, "pushing HA message failed: %s", strerror(errno));
}
message->destroy(message);
}
/**
* Implementation of ha_sync_socket_t.pull
* Implementation of ha_socket_t.pull
*/
static ha_sync_message_t *pull(private_ha_sync_socket_t *this)
static ha_message_t *pull(private_ha_socket_t *this)
{
while (TRUE)
{
ha_sync_message_t *message;
ha_message_t *message;
char buf[1024];
int oldstate;
ssize_t len;
@ -144,12 +144,12 @@ static ha_sync_message_t *pull(private_ha_sync_socket_t *this)
case EINTR:
continue;
default:
DBG1(DBG_CFG, "pulling HA sync message failed: %s",
DBG1(DBG_CFG, "pulling HA message failed: %s",
strerror(errno));
sleep(1);
}
}
message = ha_sync_message_parse(chunk_create(buf, len));
message = ha_message_parse(chunk_create(buf, len));
if (message)
{
return message;
@ -158,21 +158,21 @@ static ha_sync_message_t *pull(private_ha_sync_socket_t *this)
}
/**
* Open and connect the HA sync socket
* Open and connect the HA socket
*/
static bool open_socket(private_ha_sync_socket_t *this)
static bool open_socket(private_ha_socket_t *this)
{
this->fd = socket(this->local->get_family(this->local), SOCK_DGRAM, 0);
if (this->fd == -1)
{
DBG1(DBG_CFG, "opening HA sync socket failed: %s", strerror(errno));
DBG1(DBG_CFG, "opening HA socket failed: %s", strerror(errno));
return FALSE;
}
if (bind(this->fd, this->local->get_sockaddr(this->local),
*this->local->get_sockaddr_len(this->local)) == -1)
{
DBG1(DBG_CFG, "binding HA sync socket failed: %s", strerror(errno));
DBG1(DBG_CFG, "binding HA socket failed: %s", strerror(errno));
close(this->fd);
this->fd = -1;
return FALSE;
@ -180,7 +180,7 @@ static bool open_socket(private_ha_sync_socket_t *this)
if (connect(this->fd, this->remote->get_sockaddr(this->remote),
*this->remote->get_sockaddr_len(this->remote)) == -1)
{
DBG1(DBG_CFG, "connecting HA sync socket failed: %s", strerror(errno));
DBG1(DBG_CFG, "connecting HA socket failed: %s", strerror(errno));
close(this->fd);
this->fd = -1;
return FALSE;
@ -190,9 +190,9 @@ static bool open_socket(private_ha_sync_socket_t *this)
}
/**
* Implementation of ha_sync_socket_t.destroy.
* Implementation of ha_socket_t.destroy.
*/
static void destroy(private_ha_sync_socket_t *this)
static void destroy(private_ha_socket_t *this)
{
if (this->fd != -1)
{
@ -206,21 +206,21 @@ static void destroy(private_ha_sync_socket_t *this)
/**
* See header
*/
ha_sync_socket_t *ha_sync_socket_create(char *local, char *remote)
ha_socket_t *ha_socket_create(char *local, char *remote)
{
private_ha_sync_socket_t *this = malloc_thing(private_ha_sync_socket_t);
private_ha_socket_t *this = malloc_thing(private_ha_socket_t);
this->public.push = (void(*)(ha_sync_socket_t*, ha_sync_message_t*))push;
this->public.pull = (ha_sync_message_t*(*)(ha_sync_socket_t*))pull;
this->public.destroy = (void(*)(ha_sync_socket_t*))destroy;
this->public.push = (void(*)(ha_socket_t*, ha_message_t*))push;
this->public.pull = (ha_message_t*(*)(ha_socket_t*))pull;
this->public.destroy = (void(*)(ha_socket_t*))destroy;
this->local = host_create_from_dns(local, 0, HA_SYNC_PORT);
this->remote = host_create_from_dns(remote, 0, HA_SYNC_PORT);
this->local = host_create_from_dns(local, 0, HA_PORT);
this->remote = host_create_from_dns(remote, 0, HA_PORT);
this->fd = -1;
if (!this->local || !this->remote)
{
DBG1(DBG_CFG, "invalid local/remote HA sync address");
DBG1(DBG_CFG, "invalid local/remote HA address");
destroy(this);
return NULL;
}

28
src/charon/plugins/ha_sync/ha_sync_socket.h → src/charon/plugins/ha/ha_socket.h
View File

@ -14,47 +14,47 @@
*/
/**
* @defgroup ha_sync_socket ha_sync_socket
* @{ @ingroup ha_sync
* @defgroup ha_socket ha_socket
* @{ @ingroup ha
*/
#ifndef HA_SYNC_SOCKET_H_
#define HA_SYNC_SOCKET_H_
#ifndef HA_SOCKET_H_
#define HA_SOCKET_H_
#include "ha_sync_message.h"
#include "ha_message.h"
#include <sa/ike_sa.h>
typedef struct ha_sync_socket_t ha_sync_socket_t;
typedef struct ha_socket_t ha_socket_t;
/**
* Socket to send/received SA synchronization data
*/
struct ha_sync_socket_t {
struct ha_socket_t {
/**
* Push synchronization information to the responsible node.
*
* @param message message to send, gets destroyed by push()
*/
void (*push)(ha_sync_socket_t *this, ha_sync_message_t *message);
void (*push)(ha_socket_t *this, ha_message_t *message);
/**
* Pull synchronization information from a peer we are responsible.
*
* @return received message
*/
ha_sync_message_t *(*pull)(ha_sync_socket_t *this);
ha_message_t *(*pull)(ha_socket_t *this);
/**
* Destroy a ha_sync_socket_t.
* Destroy a ha_socket_t.
*/
void (*destroy)(ha_sync_socket_t *this);
void (*destroy)(ha_socket_t *this);
};
/**
* Create a ha_sync_socket instance.
* Create a ha_socket instance.
*/
ha_sync_socket_t *ha_sync_socket_create(char *local, char *remote);
ha_socket_t *ha_socket_create(char *local, char *remote);
#endif /* HA_SYNC_SOCKET_ @}*/
#endif /* HA_SOCKET_ @}*/

54
src/charon/plugins/ha_sync/ha_sync_tunnel.c → src/charon/plugins/ha/ha_tunnel.c
View File

@ -13,19 +13,19 @@
* for more details.
*/
#include "ha_sync_tunnel.h"
#include "ha_sync_plugin.h"
#include "ha_tunnel.h"
#include "ha_plugin.h"
#include <daemon.h>
#include <utils/identification.h>
#include <processing/jobs/callback_job.h>
typedef struct private_ha_sync_tunnel_t private_ha_sync_tunnel_t;
typedef struct private_ha_tunnel_t private_ha_tunnel_t;
typedef struct ha_backend_t ha_backend_t;
typedef struct ha_creds_t ha_creds_t;
/**
* Serves credentials for the HA sync SA
* Serves credentials for the HA SA
*/
struct ha_creds_t {
@ -51,7 +51,7 @@ struct ha_creds_t {
};
/**
* Serves configurations for the HA sync SA
* Serves configurations for the HA SA
*/
struct ha_backend_t {
@ -67,14 +67,14 @@ struct ha_backend_t {
};
/**
* Private data of an ha_sync_tunnel_t object.
* Private data of an ha_tunnel_t object.
*/
struct private_ha_sync_tunnel_t {
struct private_ha_tunnel_t {
/**
* Public ha_sync_tunnel_t interface.
* Public ha_tunnel_t interface.
*/
ha_sync_tunnel_t public;
ha_tunnel_t public;
/**
* Reqid of installed trap
@ -82,20 +82,20 @@ struct private_ha_sync_tunnel_t {
u_int32_t trap;
/**
* backend for sync SA
* backend for HA SA
*/
ha_backend_t backend;
/**
* credential set for sync SA
* credential set for HA SA
*/
ha_creds_t creds;
};
/**
* Implementation of ha_sync_tunnel_t.is_sync_sa
* Implementation of ha_tunnel_t.is_sa
*/
static bool is_sync_sa(private_ha_sync_tunnel_t *this, ike_sa_t *ike_sa)
static bool is_sa(private_ha_tunnel_t *this, ike_sa_t *ike_sa)
{
peer_cfg_t *cfg = this->backend.cfg;
@ -184,10 +184,10 @@ static enumerator_t* create_ike_cfg_enumerator(ha_backend_t *this,
}
/**
* Install configs and a a trap for secured sync
* Install configs and a a trap for secured HA message exchange
*/
static void setup_sync_tunnel(private_ha_sync_tunnel_t *this,
char *local, char *remote, char *secret)
static void setup_tunnel(private_ha_tunnel_t *this,
char *local, char *remote, char *secret)
{
peer_cfg_t *peer_cfg;
ike_cfg_t *ike_cfg;
@ -216,7 +216,7 @@ static void setup_sync_tunnel(private_ha_sync_tunnel_t *this,
/* create config and backend */
ike_cfg = ike_cfg_create(FALSE, FALSE, local, remote);
ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
peer_cfg = peer_cfg_create("ha-sync", 2, ike_cfg, CERT_NEVER_SEND,
peer_cfg = peer_cfg_create("ha", 2, ike_cfg, CERT_NEVER_SEND,
UNIQUE_KEEP, 0, 86400, 0, 7200, 3600, FALSE, 30,
NULL, NULL, FALSE, NULL, NULL);
@ -232,13 +232,13 @@ static void setup_sync_tunnel(private_ha_sync_tunnel_t *this,
identification_create_from_string(remote));
peer_cfg->add_auth_cfg(peer_cfg, auth_cfg, FALSE);
child_cfg = child_cfg_create("ha-sync", &lifetime, NULL, TRUE,
child_cfg = child_cfg_create("ha", &lifetime, NULL, TRUE,
MODE_TRANSPORT, ACTION_NONE, ACTION_NONE, FALSE);
ts = traffic_selector_create_dynamic(IPPROTO_UDP, HA_SYNC_PORT, HA_SYNC_PORT);
ts = traffic_selector_create_dynamic(IPPROTO_UDP, HA_PORT, HA_PORT);
child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
ts = traffic_selector_create_dynamic(IPPROTO_ICMP, 0, 65535);
child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
ts = traffic_selector_create_dynamic(IPPROTO_UDP, HA_SYNC_PORT, HA_SYNC_PORT);
ts = traffic_selector_create_dynamic(IPPROTO_UDP, HA_PORT, HA_PORT);
child_cfg->add_traffic_selector(child_cfg, FALSE, ts);
ts = traffic_selector_create_dynamic(IPPROTO_ICMP, 0, 65535);
child_cfg->add_traffic_selector(child_cfg, FALSE, ts);
@ -257,9 +257,9 @@ static void setup_sync_tunnel(private_ha_sync_tunnel_t *this,
}
/**
* Implementation of ha_sync_tunnel_t.destroy.
* Implementation of ha_tunnel_t.destroy.
*/
static void destroy(private_ha_sync_tunnel_t *this)
static void destroy(private_ha_tunnel_t *this)
{
if (this->backend.cfg)
{
@ -283,14 +283,14 @@ static void destroy(private_ha_sync_tunnel_t *this)
/**
* See header
*/
ha_sync_tunnel_t *ha_sync_tunnel_create(char *local, char *remote, char *secret)
ha_tunnel_t *ha_tunnel_create(char *local, char *remote, char *secret)
{
private_ha_sync_tunnel_t *this = malloc_thing(private_ha_sync_tunnel_t);
private_ha_tunnel_t *this = malloc_thing(private_ha_tunnel_t);
this->public.is_sync_sa = (bool(*)(ha_sync_tunnel_t*, ike_sa_t *ike_sa))is_sync_sa;
this->public.destroy = (void(*)(ha_sync_tunnel_t*))destroy;
this->public.is_sa = (bool(*)(ha_tunnel_t*, ike_sa_t *ike_sa))is_sa;
this->public.destroy = (void(*)(ha_tunnel_t*))destroy;
setup_sync_tunnel(this, local, remote, secret);
setup_tunnel(this, local, remote, secret);
return &this->public;
}

34
src/charon/plugins/ha_sync/ha_sync_tunnel.h → src/charon/plugins/ha/ha_tunnel.h
View File

@ -14,44 +14,44 @@
*/
/**
* @defgroup ha_sync_ ha_sync_tunnel
* @{ @ingroup ha_sync
* @defgroup ha_ ha_tunnel
* @{ @ingroup ha
*/
#ifndef HA_SYNC_TUNNEL_H_
#define HA_SYNC_TUNNEL_H_
#ifndef HA_TUNNEL_H_
#define HA_TUNNEL_H_
#include <sa/ike_sa.h>
typedef struct ha_sync_tunnel_t ha_sync_tunnel_t;
typedef struct ha_tunnel_t ha_tunnel_t;
/**
* Socket to send/received SA synchronization data
*/
struct ha_sync_tunnel_t {
struct ha_tunnel_t {
/**
* Check if an IKE_SA is used for exchanging sync messages.
* Check if an IKE_SA is used for exchanging HA messages.
*
* @param ike_Sa ike_sa to check
* @return TRUE if IKE_SA is used to secure sync messages
* @return TRUE if IKE_SA is used to secure HA messages
*/
bool (*is_sync_sa)(ha_sync_tunnel_t *this, ike_sa_t *ike_sa);
bool (*is_sa)(ha_tunnel_t *this, ike_sa_t *ike_sa);
/**
* Destroy a ha_sync_tunnel_t.
* Destroy a ha_tunnel_t.
*/
void (*destroy)(ha_sync_tunnel_t *this);
void (*destroy)(ha_tunnel_t *this);
};
/**
* Create a ha_sync_tunnel instance.
* Create a ha_tunnel instance.
*
* @param local local address of sync tunnel
* @param remote remote address of sync tunnel
* @param local local address of HA tunnel
* @param remote remote address of HA tunnel
* @param secret PSK tunnel authentication secret
* @return sync tunnel instance
* @return HA tunnel instance
*/
ha_sync_tunnel_t *ha_sync_tunnel_create(char *local, char *remote, char *secret);
ha_tunnel_t *ha_tunnel_create(char *local, char *remote, char *secret);
#endif /* HA_SYNC_TUNNEL_H_ @}*/
#endif /* HA_TUNNEL_H_ @}*/

19
src/charon/plugins/ha_sync/Makefile.am
View File

@ -1,19 +0,0 @@
INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
AM_CFLAGS = -rdynamic -DIPSEC_PIDDIR=\"${piddir}\"
plugin_LTLIBRARIES = libstrongswan-ha-sync.la
libstrongswan_ha_sync_la_SOURCES = \
ha_sync_plugin.h ha_sync_plugin.c \
ha_sync_message.h ha_sync_message.c \
ha_sync_socket.h ha_sync_socket.c \
ha_sync_tunnel.h ha_sync_tunnel.c \
ha_sync_dispatcher.h ha_sync_dispatcher.c \
ha_sync_segments.h ha_sync_segments.c \
ha_sync_kernel.h ha_sync_kernel.c \
ha_sync_ctl.h ha_sync_ctl.c \
ha_sync_ike.h ha_sync_ike.c \
ha_sync_child.h ha_sync_child.c
libstrongswan_ha_sync_la_LDFLAGS = -module