Module Name: src
Committed By: tteras
Date: Thu Oct 21 06:15:29 UTC 2010
Modified Files:
src/crypto/dist/ipsec-tools/src/racoon: admin.c evt.c grabmyaddr.c
isakmp.c pfkey.c session.c session.h
Log Message:
Introduce priorities for file descriptor polling mechanism and give
priority to admin port. If admin port is used by ISAKMP-SA hook scripts
they should be preferred, other wise heavy traffic can delay admin port
requests considerably. This in turn may cause renegotiation loop for
ISAKMP-SA. This is mostly useful for OpenNHRP setup, but can benefit
other setups too.
To generate a diff of this commit:
cvs rdiff -u -r1.34 -r1.35 src/crypto/dist/ipsec-tools/src/racoon/admin.c
cvs rdiff -u -r1.9 -r1.10 src/crypto/dist/ipsec-tools/src/racoon/evt.c
cvs rdiff -u -r1.24 -r1.25 \
src/crypto/dist/ipsec-tools/src/racoon/grabmyaddr.c
cvs rdiff -u -r1.62 -r1.63 src/crypto/dist/ipsec-tools/src/racoon/isakmp.c
cvs rdiff -u -r1.52 -r1.53 src/crypto/dist/ipsec-tools/src/racoon/pfkey.c
cvs rdiff -u -r1.27 -r1.28 src/crypto/dist/ipsec-tools/src/racoon/session.c
cvs rdiff -u -r1.8 -r1.9 src/crypto/dist/ipsec-tools/src/racoon/session.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/dist/ipsec-tools/src/racoon/admin.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/admin.c:1.34 src/crypto/dist/ipsec-tools/src/racoon/admin.c:1.35
--- src/crypto/dist/ipsec-tools/src/racoon/admin.c:1.34 Thu Oct 21 06:04:33 2010
+++ src/crypto/dist/ipsec-tools/src/racoon/admin.c Thu Oct 21 06:15:28 2010
@@ -1,4 +1,4 @@
-/* $NetBSD: admin.c,v 1.34 2010/10/21 06:04:33 tteras Exp $ */
+/* $NetBSD: admin.c,v 1.35 2010/10/21 06:15:28 tteras Exp $ */
/* Id: admin.c,v 1.25 2006/04/06 14:31:04 manubsd Exp */
@@ -734,7 +734,7 @@
return -1;
}
- monitor_fd(lcconf->sock_admin, admin_handler, NULL);
+ monitor_fd(lcconf->sock_admin, admin_handler, NULL, 0);
plog(LLV_DEBUG, LOCATION, NULL,
"open %s as racoon management.\n", sunaddr.sun_path);
Index: src/crypto/dist/ipsec-tools/src/racoon/evt.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/evt.c:1.9 src/crypto/dist/ipsec-tools/src/racoon/evt.c:1.10
--- src/crypto/dist/ipsec-tools/src/racoon/evt.c:1.9 Fri Jan 23 08:05:58 2009
+++ src/crypto/dist/ipsec-tools/src/racoon/evt.c Thu Oct 21 06:15:28 2010
@@ -1,4 +1,4 @@
-/* $NetBSD: evt.c,v 1.9 2009/01/23 08:05:58 tteras Exp $ */
+/* $NetBSD: evt.c,v 1.10 2010/10/21 06:15:28 tteras Exp $ */
/* Id: evt.c,v 1.5 2006/06/22 20:11:35 manubsd Exp */
@@ -373,7 +373,7 @@
LIST_INSERT_HEAD(list, l, ll_chain);
l->fd = fd;
- monitor_fd(l->fd, evt_unsubscribe_cb, l);
+ monitor_fd(l->fd, evt_unsubscribe_cb, l, 0);
plog(LLV_DEBUG, LOCATION, NULL,
"[%d] admin connection is polling events\n", fd);
Index: src/crypto/dist/ipsec-tools/src/racoon/grabmyaddr.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/grabmyaddr.c:1.24 src/crypto/dist/ipsec-tools/src/racoon/grabmyaddr.c:1.25
--- src/crypto/dist/ipsec-tools/src/racoon/grabmyaddr.c:1.24 Wed Oct 20 10:56:39 2010
+++ src/crypto/dist/ipsec-tools/src/racoon/grabmyaddr.c Thu Oct 21 06:15:28 2010
@@ -1,4 +1,4 @@
-/* $NetBSD: grabmyaddr.c,v 1.24 2010/10/20 10:56:39 tteras Exp $ */
+/* $NetBSD: grabmyaddr.c,v 1.25 2010/10/21 06:15:28 tteras Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
* Copyright (C) 2008 Timo Teras <timo.te...@iki.fi>.
@@ -297,7 +297,7 @@
lcconf->rtsock = kernel_open_socket();
if (lcconf->rtsock < 0)
return -1;
- monitor_fd(lcconf->rtsock, kernel_receive, NULL);
+ monitor_fd(lcconf->rtsock, kernel_receive, NULL, 0);
} else {
lcconf->rtsock = -1;
if (!myaddr_open_all_configured(NULL))
Index: src/crypto/dist/ipsec-tools/src/racoon/isakmp.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/isakmp.c:1.62 src/crypto/dist/ipsec-tools/src/racoon/isakmp.c:1.63
--- src/crypto/dist/ipsec-tools/src/racoon/isakmp.c:1.62 Wed Oct 20 13:37:37 2010
+++ src/crypto/dist/ipsec-tools/src/racoon/isakmp.c Thu Oct 21 06:15:28 2010
@@ -1,4 +1,4 @@
-/* $NetBSD: isakmp.c,v 1.62 2010/10/20 13:37:37 tteras Exp $ */
+/* $NetBSD: isakmp.c,v 1.63 2010/10/21 06:15:28 tteras Exp $ */
/* Id: isakmp.c,v 1.74 2006/05/07 21:32:59 manubsd Exp */
@@ -1727,7 +1727,7 @@
"%s used as isakmp port (fd=%d)\n",
saddr2str(addr), fd);
- monitor_fd(fd, isakmp_handler, NULL);
+ monitor_fd(fd, isakmp_handler, NULL, 1);
return fd;
err:
Index: src/crypto/dist/ipsec-tools/src/racoon/pfkey.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/pfkey.c:1.52 src/crypto/dist/ipsec-tools/src/racoon/pfkey.c:1.53
--- src/crypto/dist/ipsec-tools/src/racoon/pfkey.c:1.52 Tue Feb 9 23:05:16 2010
+++ src/crypto/dist/ipsec-tools/src/racoon/pfkey.c Thu Oct 21 06:15:28 2010
@@ -1,6 +1,6 @@
-/* $NetBSD: pfkey.c,v 1.52 2010/02/09 23:05:16 wiz Exp $ */
+/* $NetBSD: pfkey.c,v 1.53 2010/10/21 06:15:28 tteras Exp $ */
-/* $Id: pfkey.c,v 1.52 2010/02/09 23:05:16 wiz Exp $ */
+/* $Id: pfkey.c,v 1.53 2010/10/21 06:15:28 tteras Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -487,7 +487,7 @@
return -1;
}
#endif
- monitor_fd(lcconf->sock_pfkey, pfkey_handler, NULL);
+ monitor_fd(lcconf->sock_pfkey, pfkey_handler, NULL, 0);
return 0;
}
Index: src/crypto/dist/ipsec-tools/src/racoon/session.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/session.c:1.27 src/crypto/dist/ipsec-tools/src/racoon/session.c:1.28
--- src/crypto/dist/ipsec-tools/src/racoon/session.c:1.27 Thu Mar 4 15:13:53 2010
+++ src/crypto/dist/ipsec-tools/src/racoon/session.c Thu Oct 21 06:15:28 2010
@@ -1,4 +1,4 @@
-/* $NetBSD: session.c,v 1.27 2010/03/04 15:13:53 vanhu Exp $ */
+/* $NetBSD: session.c,v 1.28 2010/10/21 06:15:28 tteras Exp $ */
/* $KAME: session.c,v 1.32 2003/09/24 02:01:17 jinmei Exp $ */
@@ -103,8 +103,13 @@
struct fd_monitor {
int (*callback)(void *ctx, int fd);
void *ctx;
+ int prio;
+ int fd;
+ TAILQ_ENTRY(fd_monitor) chain;
};
+#define NUM_PRIORITIES 2
+
static void close_session __P((void));
static void initfds __P((void));
static void init_signal __P((void));
@@ -115,13 +120,14 @@
static fd_set preset_mask, active_mask;
static struct fd_monitor fd_monitors[FD_SETSIZE];
+static TAILQ_HEAD(fd_monitor_list, fd_monitor) fd_monitor_tree[NUM_PRIORITIES];
static int nfds = 0;
static volatile sig_atomic_t sigreq[NSIG + 1];
static struct sched scflushsa = SCHED_INITIALIZER();
void
-monitor_fd(int fd, int (*callback)(void *, int), void *ctx)
+monitor_fd(int fd, int (*callback)(void *, int), void *ctx, int priority)
{
if (fd < 0 || fd >= FD_SETSIZE) {
plog(LLV_ERROR, LOCATION, NULL, "fd_set overrun");
@@ -131,9 +137,17 @@
FD_SET(fd, &preset_mask);
if (fd > nfds)
nfds = fd;
+ if (priority <= 0)
+ priority = 0;
+ if (priority >= NUM_PRIORITIES)
+ priority = NUM_PRIORITIES - 1;
fd_monitors[fd].callback = callback;
fd_monitors[fd].ctx = ctx;
+ fd_monitors[fd].prio = priority;
+ fd_monitors[fd].fd = fd;
+ TAILQ_INSERT_TAIL(&fd_monitor_tree[priority],
+ &fd_monitors[fd], chain);
}
void
@@ -144,10 +158,15 @@
exit(1);
}
+ if (fd_monitors[fd].callback == NULL)
+ return;
+
FD_CLR(fd, &preset_mask);
FD_CLR(fd, &active_mask);
fd_monitors[fd].callback = NULL;
fd_monitors[fd].ctx = NULL;
+ TAILQ_REMOVE(&fd_monitor_tree[fd_monitors[fd].prio],
+ &fd_monitors[fd], chain);
}
int
@@ -158,11 +177,15 @@
char pid_file[MAXPATHLEN];
FILE *fp;
pid_t racoon_pid = 0;
- int i;
+ int i, count;
+ struct fd_monitor *fdm;
nfds = 0;
FD_ZERO(&preset_mask);
+ for (i = 0; i < NUM_PRIORITIES; i++)
+ TAILQ_INIT(&fd_monitor_tree[i]);
+
/* initialize schedular */
sched_init();
init_signal();
@@ -291,16 +314,24 @@
/*NOTREACHED*/
}
- for (i = 0; i <= nfds; i++) {
- if (!FD_ISSET(i, &active_mask))
- continue;
-
- if (fd_monitors[i].callback != NULL)
- fd_monitors[i].callback(fd_monitors[i].ctx, i);
- else
- plog(LLV_ERROR, LOCATION, NULL,
- "fd %d set, but no active callback\n", i);
+ count = 0;
+ for (i = 0; i < NUM_PRIORITIES; i++) {
+ TAILQ_FOREACH(fdm, &fd_monitor_tree[i], chain) {
+ if (!FD_ISSET(fdm->fd, &active_mask))
+ continue;
+
+ FD_CLR(fdm->fd, &active_mask);
+ if (fdm->callback != NULL) {
+ fdm->callback(fdm->ctx, fdm->fd);
+ count++;
+ } else
+ plog(LLV_ERROR, LOCATION, NULL,
+ "fd %d set, but no active callback\n", i);
+ }
+ if (count != 0)
+ break;
}
+
}
}
Index: src/crypto/dist/ipsec-tools/src/racoon/session.h
diff -u src/crypto/dist/ipsec-tools/src/racoon/session.h:1.8 src/crypto/dist/ipsec-tools/src/racoon/session.h:1.9
--- src/crypto/dist/ipsec-tools/src/racoon/session.h:1.8 Fri Jan 23 08:05:58 2009
+++ src/crypto/dist/ipsec-tools/src/racoon/session.h Thu Oct 21 06:15:28 2010
@@ -1,4 +1,4 @@
-/* $NetBSD: session.h,v 1.8 2009/01/23 08:05:58 tteras Exp $ */
+/* $NetBSD: session.h,v 1.9 2010/10/21 06:15:28 tteras Exp $ */
/* Id: session.h,v 1.3 2004/06/11 16:00:17 ludvigm Exp */
@@ -37,7 +37,7 @@
extern int session __P((void));
extern RETSIGTYPE signal_handler __P((int));
-extern void monitor_fd __P((int fd, int (*callback)(void *, int), void *ctx));
+extern void monitor_fd __P((int fd, int (*callback)(void *, int), void *ctx, int priority));
extern void unmonitor_fd __P((int fd));
#endif /* _SESSION_H */
