From d9d69536b0ecdb298cc40acf81d42c1a09e69a05 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Mon, 24 Sep 2007 12:15:25 +0000 Subject: [PATCH] improved MOBIKE roaming between interfaces --- src/charon/kernel/kernel_interface.c | 11 ++++++----- src/charon/sa/child_sa.c | 10 ++++++++++ src/charon/sa/ike_sa.c | 4 ++-- src/charon/sa/task_manager.c | 11 +++++++++-- src/charon/sa/tasks/ike_mobike.c | 15 ++++----------- 5 files changed, 31 insertions(+), 20 deletions(-) diff --git a/src/charon/kernel/kernel_interface.c b/src/charon/kernel/kernel_interface.c index 83f542e6c..5d487be36 100644 --- a/src/charon/kernel/kernel_interface.c +++ b/src/charon/kernel/kernel_interface.c @@ -1370,11 +1370,11 @@ static status_t manage_srcroute(private_kernel_interface_t *this, int nlmsg_type struct nlmsghdr *hdr; struct rtmsg *msg; chunk_t chunk; - + +#if IPSEC_ROUTING_TABLE == 0 /* if route is 0.0.0.0/0, we can't install it, as it would * overwrite the default route. Instead, we add two routes: - * 0.0.0.0/1 and 128.0.0.0/1 - * TODO: use metrics instead */ + * 0.0.0.0/1 and 128.0.0.0/1 */ if (route->prefixlen == 0) { route_entry_t half; @@ -1392,6 +1392,7 @@ static status_t manage_srcroute(private_kernel_interface_t *this, int nlmsg_type status = manage_srcroute(this, nlmsg_type, flags, &half); return status; } +#endif memset(&request, 0, sizeof(request)); @@ -1695,7 +1696,7 @@ static status_t add_ip(private_kernel_interface_t *this, pthread_mutex_unlock(&this->mutex); return SUCCESS; } - DBG2(DBG_KNL, "adding virtual IP %H failed", virtual_ip); + DBG1(DBG_KNL, "adding virtual IP %H failed", virtual_ip); return FAILED; } @@ -1703,7 +1704,7 @@ static status_t add_ip(private_kernel_interface_t *this, } ifaces->destroy(ifaces); - DBG2(DBG_KNL, "interface address %H not found, unable to install" + DBG1(DBG_KNL, "interface address %H not found, unable to install" "virtual IP %H", iface_ip, virtual_ip); return FAILED; } diff --git a/src/charon/sa/child_sa.c b/src/charon/sa/child_sa.c index 118af3b30..44f0298d5 100644 --- a/src/charon/sa/child_sa.c +++ b/src/charon/sa/child_sa.c @@ -832,6 +832,16 @@ static status_t update_hosts(private_child_sa_t *this, { policy->other_ts->set_address(policy->other_ts, other); } + + /* we reinstall the virtual IP to handle interface romaing + * correctly */ + if (this->virtual_ip) + { + charon->kernel_interface->del_ip(charon->kernel_interface, + this->virtual_ip); + charon->kernel_interface->add_ip(charon->kernel_interface, + this->virtual_ip, me); + } /* reinstall updated policies */ charon->kernel_interface->add_policy(charon->kernel_interface, diff --git a/src/charon/sa/ike_sa.c b/src/charon/sa/ike_sa.c index 380fec1de..0c0e1792c 100644 --- a/src/charon/sa/ike_sa.c +++ b/src/charon/sa/ike_sa.c @@ -664,14 +664,14 @@ static void set_virtual_ip(private_ike_sa_t *this, bool local, host_t *ip) { if (local) { - DBG1(DBG_IKE, "installing new virtual IP %H", ip); if (this->my_virtual_ip) - { + { DBG1(DBG_IKE, "removing old virtual IP %H", this->my_virtual_ip); charon->kernel_interface->del_ip(charon->kernel_interface, this->my_virtual_ip); this->my_virtual_ip->destroy(this->my_virtual_ip); } + DBG1(DBG_IKE, "installing new virtual IP %H", ip); if (charon->kernel_interface->add_ip(charon->kernel_interface, ip, this->my_host) == SUCCESS) { diff --git a/src/charon/sa/task_manager.c b/src/charon/sa/task_manager.c index a44f88b15..30e870422 100644 --- a/src/charon/sa/task_manager.c +++ b/src/charon/sa/task_manager.c @@ -809,10 +809,17 @@ static status_t process_message(private_task_manager_t *this, message_t *msg) } else if ((mid == this->responding.mid - 1) && this->responding.packet) { + packet_t *clone; + host_t *me, *other; + DBG1(DBG_IKE, "received retransmit of request with ID %d, " "retransmitting response", mid); - charon->sender->send(charon->sender, - this->responding.packet->clone(this->responding.packet)); + clone = this->responding.packet->clone(this->responding.packet); + me = msg->get_destination(msg); + other = msg->get_source(msg); + clone->set_source(clone, me->clone(me)); + clone->set_destination(clone, other->clone(other)); + charon->sender->send(charon->sender, clone); } else { diff --git a/src/charon/sa/tasks/ike_mobike.c b/src/charon/sa/tasks/ike_mobike.c index aee75fbdb..a32f7e5e0 100644 --- a/src/charon/sa/tasks/ike_mobike.c +++ b/src/charon/sa/tasks/ike_mobike.c @@ -217,17 +217,6 @@ static void update_children(private_ike_mobike_t *this) { iterator_t *iterator; child_sa_t *child_sa; - host_t *ip; - - /* additionally, we reinstall the virtual IP as we may have changed - * our interface */ - ip = this->ike_sa->get_virtual_ip(this->ike_sa, TRUE); - if (ip) - { - ip = ip->clone(ip); - this->ike_sa->set_virtual_ip(this->ike_sa, TRUE, ip); - ip->destroy(ip); - } iterator = this->ike_sa->create_child_sa_iterator(this->ike_sa); while (iterator->iterate(iterator, (void**)&child_sa)) @@ -279,6 +268,7 @@ static void transmit(private_ike_mobike_t *this, packet_t *packet) other = other->clone(other); other->set_port(other, other->ip_equals(other, other_old) ? other_old->get_port(other_old) : IKEV2_NATT_PORT); + DBG1(DBG_IKE, "checking path %#H - %#H", me, other); copy = packet->clone(packet); copy->set_source(copy, me); copy->set_destination(copy, other); @@ -286,6 +276,9 @@ static void transmit(private_ike_mobike_t *this, packet_t *packet) } } iterator->destroy(iterator); + me = packet->get_source(packet); + other = packet->get_destination(packet); + DBG1(DBG_IKE, "checking path %#H - %#H", me, other); } /**