Hello,
recently, we've seen an issue in our deployment of strongSwan, where
charon was seemingly silently dropping incoming initiator requests.
After some investigation, we've found out that this was caused by the
fact that we were performing some fairly expensive (time-wise)
operations in our custom child-updown handler.
We can process the child-updown events asynchronously, however, we were
planning on using a similar kind of handler for authorization purposes
too. Since the authorization call has to be synchronous, we need to
process it in a way that wouldn't block accepting requests from other
initiators.
I've looked at the implementation of the event bus in
src/libcharon/bus/bus.c and if I'm reading it correctly, it gets locked
for processing of each event. So implementing our authorization code as
a listener for authorize or ike-updown events (in the fashion that
xauth-pam or ext-auth plugins do) is not an option?
So the question is: is there a better place to put this kind of call?
Thanks for any hints.
Best regards,
Vit Herman
_______________________________________________
Dev mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/dev
