Returning an unconditional true in kernel_ipsec_register makes it
impossible to detect the missing feature dependencies for
"kernel-ipsec". Failed kernel ipsec interface initialization turns charon
into a process that still starts up fine but fails to perform anything
that requires the kernel ipsec interface. This patch modifies both,
kernel interface and kernel ipsec interface such that failed ipsec
interface initialization results in a false return value.
Signed-off-by: Thomas Egerer <[email protected]>
---
src/libhydra/kernel/kernel_interface.c | 8 ++++++--
src/libhydra/kernel/kernel_interface.h | 11 +++++++++--
src/libhydra/kernel/kernel_ipsec.c | 7 ++++---
3 files changed, 19 insertions(+), 7 deletions(-)
diff --git a/src/libhydra/kernel/kernel_interface.c b/src/libhydra/kernel/kernel_interface.c
index 3fa28e0..77dbbb5 100644
--- a/src/libhydra/kernel/kernel_interface.c
+++ b/src/libhydra/kernel/kernel_interface.c
@@ -498,24 +498,28 @@ METHOD(kernel_interface_t, get_address_by_ts, status_t,
}
-METHOD(kernel_interface_t, add_ipsec_interface, void,
+METHOD(kernel_interface_t, add_ipsec_interface, bool,
private_kernel_interface_t *this, kernel_ipsec_constructor_t constructor)
{
if (!this->ipsec)
{
this->ipsec_constructor = constructor;
this->ipsec = constructor();
+ return this->ipsec != NULL;
}
+ return FALSE;
}
-METHOD(kernel_interface_t, remove_ipsec_interface, void,
+METHOD(kernel_interface_t, remove_ipsec_interface, bool,
private_kernel_interface_t *this, kernel_ipsec_constructor_t constructor)
{
if (constructor == this->ipsec_constructor && this->ipsec)
{
this->ipsec->destroy(this->ipsec);
this->ipsec = NULL;
+ return TRUE;
}
+ return FALSE;
}
METHOD(kernel_interface_t, add_net_interface, void,
diff --git a/src/libhydra/kernel/kernel_interface.h b/src/libhydra/kernel/kernel_interface.h
index cd55038..889f49b 100644
--- a/src/libhydra/kernel/kernel_interface.h
+++ b/src/libhydra/kernel/kernel_interface.h
@@ -474,16 +474,23 @@ struct kernel_interface_t {
* Register an ipsec kernel interface constructor on the manager.
*
* @param create constructor to register
+ * @return TRUE if the desired ipsec kernel interface
+ * was successfully registered, FALSE if not or
+ * if another interface was already registered.
*/
- void (*add_ipsec_interface)(kernel_interface_t *this,
+ bool (*add_ipsec_interface)(kernel_interface_t *this,
kernel_ipsec_constructor_t create);
/**
* Unregister an ipsec kernel interface constructor.
*
* @param create constructor to unregister
+ * @return TRUE if the desired ipsec kernel interface
+ * was successfully unregistered, FALSE if the
+ * registered interface was different from the
+ * one to be unregistered.
*/
- void (*remove_ipsec_interface)(kernel_interface_t *this,
+ bool (*remove_ipsec_interface)(kernel_interface_t *this,
kernel_ipsec_constructor_t create);
/**
diff --git a/src/libhydra/kernel/kernel_ipsec.c b/src/libhydra/kernel/kernel_ipsec.c
index 1a32ab4..697b1b3 100644
--- a/src/libhydra/kernel/kernel_ipsec.c
+++ b/src/libhydra/kernel/kernel_ipsec.c
@@ -25,13 +25,14 @@ bool kernel_ipsec_register(plugin_t *plugin, plugin_feature_t *feature,
{
if (reg)
{
- hydra->kernel_interface->add_ipsec_interface(hydra->kernel_interface,
+ return hydra->kernel_interface->add_ipsec_interface(
+ hydra->kernel_interface,
(kernel_ipsec_constructor_t)data);
}
else
{
- hydra->kernel_interface->remove_ipsec_interface(hydra->kernel_interface,
+ return hydra->kernel_interface->remove_ipsec_interface(
+ hydra->kernel_interface,
(kernel_ipsec_constructor_t)data);
}
- return TRUE;
}
_______________________________________________
Dev mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/dev
