improved MOBIKE roaming between interfaces
This commit is contained in:
Martin Willi
parent
e5f1ead26f
commit
d9d69536b0
|
|
@ -1370,11 +1370,11 @@ static status_t manage_srcroute(private_kernel_interface_t *this, int nlmsg_type
|
||||||
struct nlmsghdr *hdr;
|
struct nlmsghdr *hdr;
|
||||||
struct rtmsg *msg;
|
struct rtmsg *msg;
|
||||||
chunk_t chunk;
|
chunk_t chunk;
|
||||||
|
|
||||||
|
#if IPSEC_ROUTING_TABLE == 0
|
||||||
/* if route is 0.0.0.0/0, we can't install it, as it would
|
/* if route is 0.0.0.0/0, we can't install it, as it would
|
||||||
* overwrite the default route. Instead, we add two routes:
|
* overwrite the default route. Instead, we add two routes:
|
||||||
* 0.0.0.0/1 and 128.0.0.0/1
|
* 0.0.0.0/1 and 128.0.0.0/1 */
|
||||||
* TODO: use metrics instead */
|
|
||||||
if (route->prefixlen == 0)
|
if (route->prefixlen == 0)
|
||||||
{
|
{
|
||||||
route_entry_t half;
|
route_entry_t half;
|
||||||
|
|
@ -1392,6 +1392,7 @@ static status_t manage_srcroute(private_kernel_interface_t *this, int nlmsg_type
|
||||||
status = manage_srcroute(this, nlmsg_type, flags, &half);
|
status = manage_srcroute(this, nlmsg_type, flags, &half);
|
||||||
return status;
|
return status;
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
memset(&request, 0, sizeof(request));
|
memset(&request, 0, sizeof(request));
|
||||||
|
|
||||||
|
|
@ -1695,7 +1696,7 @@ static status_t add_ip(private_kernel_interface_t *this,
|
||||||
pthread_mutex_unlock(&this->mutex);
|
pthread_mutex_unlock(&this->mutex);
|
||||||
return SUCCESS;
|
return SUCCESS;
|
||||||
}
|
}
|
||||||
DBG2(DBG_KNL, "adding virtual IP %H failed", virtual_ip);
|
DBG1(DBG_KNL, "adding virtual IP %H failed", virtual_ip);
|
||||||
return FAILED;
|
return FAILED;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
@ -1703,7 +1704,7 @@ static status_t add_ip(private_kernel_interface_t *this,
|
||||||
}
|
}
|
||||||
ifaces->destroy(ifaces);
|
ifaces->destroy(ifaces);
|
||||||
|
|
||||||
DBG2(DBG_KNL, "interface address %H not found, unable to install"
|
DBG1(DBG_KNL, "interface address %H not found, unable to install"
|
||||||
"virtual IP %H", iface_ip, virtual_ip);
|
"virtual IP %H", iface_ip, virtual_ip);
|
||||||
return FAILED;
|
return FAILED;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -832,6 +832,16 @@ static status_t update_hosts(private_child_sa_t *this,
|
||||||
{
|
{
|
||||||
policy->other_ts->set_address(policy->other_ts, other);
|
policy->other_ts->set_address(policy->other_ts, other);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* we reinstall the virtual IP to handle interface romaing
|
||||||
|
* correctly */
|
||||||
|
if (this->virtual_ip)
|
||||||
|
{
|
||||||
|
charon->kernel_interface->del_ip(charon->kernel_interface,
|
||||||
|
this->virtual_ip);
|
||||||
|
charon->kernel_interface->add_ip(charon->kernel_interface,
|
||||||
|
this->virtual_ip, me);
|
||||||
|
}
|
||||||
|
|
||||||
/* reinstall updated policies */
|
/* reinstall updated policies */
|
||||||
charon->kernel_interface->add_policy(charon->kernel_interface,
|
charon->kernel_interface->add_policy(charon->kernel_interface,
|
||||||
|
|
|
||||||
|
|
@ -664,14 +664,14 @@ static void set_virtual_ip(private_ike_sa_t *this, bool local, host_t *ip)
|
||||||
{
|
{
|
||||||
if (local)
|
if (local)
|
||||||
{
|
{
|
||||||
DBG1(DBG_IKE, "installing new virtual IP %H", ip);
|
|
||||||
if (this->my_virtual_ip)
|
if (this->my_virtual_ip)
|
||||||
{
|
{
|
||||||
DBG1(DBG_IKE, "removing old virtual IP %H", this->my_virtual_ip);
|
DBG1(DBG_IKE, "removing old virtual IP %H", this->my_virtual_ip);
|
||||||
charon->kernel_interface->del_ip(charon->kernel_interface,
|
charon->kernel_interface->del_ip(charon->kernel_interface,
|
||||||
this->my_virtual_ip);
|
this->my_virtual_ip);
|
||||||
this->my_virtual_ip->destroy(this->my_virtual_ip);
|
this->my_virtual_ip->destroy(this->my_virtual_ip);
|
||||||
}
|
}
|
||||||
|
DBG1(DBG_IKE, "installing new virtual IP %H", ip);
|
||||||
if (charon->kernel_interface->add_ip(charon->kernel_interface, ip,
|
if (charon->kernel_interface->add_ip(charon->kernel_interface, ip,
|
||||||
this->my_host) == SUCCESS)
|
this->my_host) == SUCCESS)
|
||||||
{
|
{
|
||||||
|
|
|
||||||
|
|
@ -809,10 +809,17 @@ static status_t process_message(private_task_manager_t *this, message_t *msg)
|
||||||
}
|
}
|
||||||
else if ((mid == this->responding.mid - 1) && this->responding.packet)
|
else if ((mid == this->responding.mid - 1) && this->responding.packet)
|
||||||
{
|
{
|
||||||
|
packet_t *clone;
|
||||||
|
host_t *me, *other;
|
||||||
|
|
||||||
DBG1(DBG_IKE, "received retransmit of request with ID %d, "
|
DBG1(DBG_IKE, "received retransmit of request with ID %d, "
|
||||||
"retransmitting response", mid);
|
"retransmitting response", mid);
|
||||||
charon->sender->send(charon->sender,
|
clone = this->responding.packet->clone(this->responding.packet);
|
||||||
this->responding.packet->clone(this->responding.packet));
|
me = msg->get_destination(msg);
|
||||||
|
other = msg->get_source(msg);
|
||||||
|
clone->set_source(clone, me->clone(me));
|
||||||
|
clone->set_destination(clone, other->clone(other));
|
||||||
|
charon->sender->send(charon->sender, clone);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
|
|
||||||
|
|
@ -217,17 +217,6 @@ static void update_children(private_ike_mobike_t *this)
|
||||||
{
|
{
|
||||||
iterator_t *iterator;
|
iterator_t *iterator;
|
||||||
child_sa_t *child_sa;
|
child_sa_t *child_sa;
|
||||||
host_t *ip;
|
|
||||||
|
|
||||||
/* additionally, we reinstall the virtual IP as we may have changed
|
|
||||||
* our interface */
|
|
||||||
ip = this->ike_sa->get_virtual_ip(this->ike_sa, TRUE);
|
|
||||||
if (ip)
|
|
||||||
{
|
|
||||||
ip = ip->clone(ip);
|
|
||||||
this->ike_sa->set_virtual_ip(this->ike_sa, TRUE, ip);
|
|
||||||
ip->destroy(ip);
|
|
||||||
}
|
|
||||||
|
|
||||||
iterator = this->ike_sa->create_child_sa_iterator(this->ike_sa);
|
iterator = this->ike_sa->create_child_sa_iterator(this->ike_sa);
|
||||||
while (iterator->iterate(iterator, (void**)&child_sa))
|
while (iterator->iterate(iterator, (void**)&child_sa))
|
||||||
|
|
@ -279,6 +268,7 @@ static void transmit(private_ike_mobike_t *this, packet_t *packet)
|
||||||
other = other->clone(other);
|
other = other->clone(other);
|
||||||
other->set_port(other, other->ip_equals(other, other_old) ?
|
other->set_port(other, other->ip_equals(other, other_old) ?
|
||||||
other_old->get_port(other_old) : IKEV2_NATT_PORT);
|
other_old->get_port(other_old) : IKEV2_NATT_PORT);
|
||||||
|
DBG1(DBG_IKE, "checking path %#H - %#H", me, other);
|
||||||
copy = packet->clone(packet);
|
copy = packet->clone(packet);
|
||||||
copy->set_source(copy, me);
|
copy->set_source(copy, me);
|
||||||
copy->set_destination(copy, other);
|
copy->set_destination(copy, other);
|
||||||
|
|
@ -286,6 +276,9 @@ static void transmit(private_ike_mobike_t *this, packet_t *packet)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
iterator->destroy(iterator);
|
iterator->destroy(iterator);
|
||||||
|
me = packet->get_source(packet);
|
||||||
|
other = packet->get_destination(packet);
|
||||||
|
DBG1(DBG_IKE, "checking path %#H - %#H", me, other);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue