PATCH: iked SA cleanup on shutdown

Sat, 02 May 2015 10:25:53 -0700 

Hi folks,

this patch makes iked clean its SAs on shutdown: for each existing IKE
SA, all of their Child SAs will be removed from the kernel, and a IKE
DELETE notification payload will be sent to the peer.

Comments ?

Cheers,

--
Vincent / dermiste


Index: iked.h
===================================================================
RCS file: /cvs/src/sbin/iked/iked.h,v
retrieving revision 1.84
diff -u -p -r1.84 iked.h
--- iked.h      26 Mar 2015 19:52:35 -0000      1.84
+++ iked.h      2 May 2015 17:11:34 -0000
@@ -549,7 +549,7 @@ struct privsep_proc {
        const char              *p_chroot;
        struct privsep          *p_ps;
        struct iked             *p_env;
-       void                    (*p_shutdown)(void);
+       void                    (*p_shutdown)(struct privsep_proc *);
        u_int                    p_instance;
 };
 
@@ -744,6 +744,7 @@ pid_t        ikev1(struct privsep *, struct pr
 
 /* ikev2.c */
 pid_t   ikev2(struct privsep *, struct privsep_proc *);
+void    ikev2_shutdown(struct privsep_proc *);
 void    ikev2_recv(struct iked *, struct iked_message *);
 void    ikev2_init_ike_sa(struct iked *, void *);
 int     ikev2_sa_negotiate(struct iked_proposals *, struct iked_proposals *,
Index: ikev2.c
===================================================================
RCS file: /cvs/src/sbin/iked/ikev2.c,v
retrieving revision 1.120
diff -u -p -r1.120 ikev2.c
--- ikev2.c     26 Mar 2015 19:52:35 -0000      1.120
+++ ikev2.c     2 May 2015 17:11:39 -0000
@@ -136,7 +136,20 @@ static struct privsep_proc procs[] = {
 pid_t
 ikev2(struct privsep *ps, struct privsep_proc *p)
 {
+       p->p_shutdown = ikev2_shutdown;
        return (proc_run(ps, p, procs, nitems(procs), NULL, NULL));
+}
+
+void
+ikev2_shutdown(struct privsep_proc *p)
+{
+       struct iked     *env = p->p_env;
+       struct iked_sa  *sa, *tmpsa;
+
+       RB_FOREACH_SAFE(sa, iked_sas, &env->sc_sas,tmpsa) {
+               ikev2_ikesa_delete(env, sa, sa->sa_hdr.sh_initiator);
+               sa_free(env, sa);
+       }
 }
 
 int
Index: proc.c
===================================================================
RCS file: /cvs/src/sbin/iked/proc.c,v
retrieving revision 1.22
diff -u -p -r1.22 proc.c
--- proc.c      16 Jan 2015 06:39:58 -0000      1.22
+++ proc.c      2 May 2015 17:11:39 -0000
@@ -297,7 +297,7 @@ proc_shutdown(struct privsep_proc *p)
                control_cleanup(&ps->ps_csock);
 
        if (p->p_shutdown != NULL)
-               (*p->p_shutdown)();
+               (*p->p_shutdown)(p);
 
        proc_close(ps);

Reply via email to