[prev in list] [next in list] [prev in thread] [next in thread]
List: strongswan-announce
Subject: Re: [strongSwan-dev] HA : config loading and resyncing
From: Emeric POUPON <emeric.poupon () stormshield ! eu>
Date: 2015-03-10 14:37:37
Message-ID: 734894858.24273691.1425998257957.JavaMail.zimbra () stormshield ! eu
[Download RAW message or body]
Hello,
Thanks for your support.
I started by changing the default value too, but I was still not pleased wi=
th that (had to put quite a big value to make sure it works even with a hig=
h debug level)
Finally, I decided to add the relevant events (see attached patch).
This solves my problem, but maybe there is something better to do?
Emeric
----- Mail original -----
De: "Martin Willi" <martin@strongswan.org>
=C3=80: "Emeric POUPON" <emeric.poupon@stormshield.eu>
Cc: dev@lists.strongswan.org
Envoy=C3=A9: Mardi 10 Mars 2015 15:21:45
Objet: Re: [strongSwan-dev] HA : config loading and resyncing
> I have a very large ipsec.conf file. When the HA plugin is initializing
> it requests a resynchronization, 1 second later:
> It looks like we would need a new kind of event to tell charon's ha
> plugin it can start?
While this could make sense, it is actually difficult to know from the
daemon side when starter has completed loading connections.
Alternatively, we might consider making that 1s timeout configurable,
and at the same time use a somewhat more conservative default of 3s.
Regards
Martin
["patch-ha-sync-on-event" (text/x-patch)]
diff --git a/src/libcharon/bus/bus.h b/src/libcharon/bus/bus.h
index e1d221c..7920fac 100644
--- a/src/libcharon/bus/bus.h
+++ b/src/libcharon/bus/bus.h
@@ -152,6 +152,10 @@ enum alert_t {
ALERT_CERT_EXCEEDED_PATH_LEN,
/** Certificate rejected; other policy violation, certificate_t */
ALERT_CERT_POLICY_VIOLATION,
+ /** Configuration reload started, no argument */
+ ALERT_CONF_RELOAD_STARTED,
+ /** Configuration reload finished, no argument */
+ ALERT_CONF_RELOAD_FINISHED,
};
/**
diff --git a/src/libcharon/plugins/ha/ha_cache.c b/src/libcharon/plugins/ha/ha_cache.c
index 60e75fc..dd0b0b8 100644
--- a/src/libcharon/plugins/ha/ha_cache.c
+++ b/src/libcharon/plugins/ha/ha_cache.c
@@ -56,6 +56,11 @@ struct private_ha_cache_t {
* Mutex to lock cache
*/
mutex_t *mutex;
+
+ /**
+ * Sync configuration on config reload
+ */
+ bool sync;
};
/**
@@ -338,6 +343,24 @@ static job_requeue_t request_resync(private_ha_cache_t *this)
return JOB_REQUEUE_NONE;
}
+METHOD(listener_t, alert_hook, bool,
+ private_ha_cache_t *this, ike_sa_t *ike_sa, alert_t alert, va_list args)
+{
+ if (alert == ALERT_CONF_RELOAD_FINISHED)
+ {
+ /* Request sync only after the first configuration load */
+ static bool once = false;
+ if (this->sync && !once)
+ {
+ once = true;
+ lib->scheduler->schedule_job(lib->scheduler, (job_t*)
+ callback_job_create_with_prio((callback_job_cb_t)request_resync,
+ this, NULL, NULL, JOB_PRIO_CRITICAL), 1);
+ }
+ }
+ return TRUE;
+}
+
METHOD(ha_cache_t, destroy, void,
private_ha_cache_t *this)
{
@@ -356,6 +379,9 @@ ha_cache_t *ha_cache_create(ha_kernel_t *kernel, ha_socket_t *socket,
INIT(this,
.public = {
+ .listener = {
+ .alert = _alert_hook,
+ },
.cache = _cache,
.delete = _delete_,
.resync = _resync,
@@ -366,14 +392,8 @@ ha_cache_t *ha_cache_create(ha_kernel_t *kernel, ha_socket_t *socket,
.socket = socket,
.cache = hashtable_create(hashtable_hash_ptr, hashtable_equals_ptr, 8),
.mutex = mutex_create(MUTEX_TYPE_DEFAULT),
+ .sync = sync,
);
- if (sync)
- {
- /* request a resync as soon as we are up */
- lib->scheduler->schedule_job(lib->scheduler, (job_t*)
- callback_job_create_with_prio((callback_job_cb_t)request_resync,
- this, NULL, NULL, JOB_PRIO_CRITICAL), 1);
- }
return &this->public;
}
diff --git a/src/libcharon/plugins/ha/ha_cache.h b/src/libcharon/plugins/ha/ha_cache.h
index 5e3936a..3b02296 100644
--- a/src/libcharon/plugins/ha/ha_cache.h
+++ b/src/libcharon/plugins/ha/ha_cache.h
@@ -37,6 +37,11 @@ typedef struct ha_cache_t ha_cache_t;
struct ha_cache_t {
/**
+ * Implements listener interface to catch reload events
+ */
+ listener_t listener;
+
+ /**
* Cache an IKE specific message.
*
* @param ike_sa associated IKE_SA
diff --git a/src/libcharon/plugins/ha/ha_plugin.c b/src/libcharon/plugins/ha/ha_plugin.c
index 493cad5..00b7f7b 100644
--- a/src/libcharon/plugins/ha/ha_plugin.c
+++ b/src/libcharon/plugins/ha/ha_plugin.c
@@ -108,6 +108,7 @@ static bool plugin_cb(private_ha_plugin_t *this,
charon->bus->add_listener(charon->bus, &this->segments->listener);
charon->bus->add_listener(charon->bus, &this->ike->listener);
charon->bus->add_listener(charon->bus, &this->child->listener);
+ charon->bus->add_listener(charon->bus, &this->cache->listener);
hydra->attributes->add_provider(hydra->attributes,
&this->attr->provider);
}
@@ -118,6 +119,7 @@ static bool plugin_cb(private_ha_plugin_t *this,
charon->bus->remove_listener(charon->bus, &this->segments->listener);
charon->bus->remove_listener(charon->bus, &this->ike->listener);
charon->bus->remove_listener(charon->bus, &this->child->listener);
+ charon->bus->remove_listener(charon->bus, &this->cache->listener);
}
return TRUE;
}
diff --git a/src/libcharon/plugins/stroke/stroke_socket.c b/src/libcharon/plugins/stroke/stroke_socket.c
index 54dd56e..9bf3227 100644
--- a/src/libcharon/plugins/stroke/stroke_socket.c
+++ b/src/libcharon/plugins/stroke/stroke_socket.c
@@ -731,6 +731,14 @@ static bool on_accept(private_stroke_socket_t *this, stream_t *stream)
case STR_COUNTERS:
stroke_counters(this, msg, out);
break;
+ case STR_CONF_RELOAD_START:
+ DBG1(DBG_CFG, "received stroke conf reload start");
+ charon->bus->alert(charon->bus, ALERT_CONF_RELOAD_STARTED);
+ break;
+ case STR_CONF_RELOAD_END:
+ DBG1(DBG_CFG, "received stroke conf reload end");
+ charon->bus->alert(charon->bus, ALERT_CONF_RELOAD_FINISHED);
+ break;
default:
DBG1(DBG_CFG, "received unknown stroke");
break;
diff --git a/src/starter/starter.c b/src/starter/starter.c
index 22074db..21d93ca 100644
--- a/src/starter/starter.c
+++ b/src/starter/starter.c
@@ -705,6 +705,11 @@ int main (int argc, char **argv)
exit(LSB_RC_SUCCESS);
}
+ if (starter_charon_pid())
+ {
+ starter_stroke_config_reload_start();
+ }
+
/*
* Delete all connections. Will be added below
*/
@@ -852,6 +857,7 @@ int main (int argc, char **argv)
}
_action_ &= ~FLAG_ACTION_START_CHARON;
+ starter_stroke_config_reload_start();
for (ca = cfg->ca_first; ca; ca = ca->next)
{
if (ca->state == STATE_ADDED)
@@ -917,6 +923,7 @@ int main (int argc, char **argv)
}
}
}
+ starter_stroke_config_reload_end();
}
/*
diff --git a/src/starter/starterstroke.c b/src/starter/starterstroke.c
index b8418f5..1c8be28 100644
--- a/src/starter/starterstroke.c
+++ b/src/starter/starterstroke.c
@@ -341,6 +341,24 @@ int starter_stroke_purge_ike(void)
return send_stroke_msg(&msg);
}
+int starter_stroke_config_reload_start(void)
+{
+ stroke_msg_t msg;
+
+ msg.type = STR_CONF_RELOAD_START;
+ msg.length = offsetof(stroke_msg_t, buffer);
+ return send_stroke_msg(&msg);
+}
+
+int starter_stroke_config_reload_end(void)
+{
+ stroke_msg_t msg;
+
+ msg.type = STR_CONF_RELOAD_END;
+ msg.length = offsetof(stroke_msg_t, buffer);
+ return send_stroke_msg(&msg);
+}
+
int starter_stroke_add_ca(starter_ca_t *ca)
{
stroke_msg_t msg;
diff --git a/src/starter/starterstroke.h b/src/starter/starterstroke.h
index 4d23b97..56208b5 100644
--- a/src/starter/starterstroke.h
+++ b/src/starter/starterstroke.h
@@ -25,6 +25,8 @@ int starter_stroke_unroute_conn(starter_conn_t *conn);
int starter_stroke_initiate_conn(starter_conn_t *conn);
int starter_stroke_terminate_conn(starter_conn_t *conn);
int starter_stroke_purge_ike(void);
+int starter_stroke_config_reload_start(void);
+int starter_stroke_config_reload_end(void);
int starter_stroke_add_ca(starter_ca_t *ca);
int starter_stroke_del_ca(starter_ca_t *ca);
int starter_stroke_configure(starter_config_t *cfg);
diff --git a/src/stroke/stroke_msg.h b/src/stroke/stroke_msg.h
index c2b923f..613552a 100644
--- a/src/stroke/stroke_msg.h
+++ b/src/stroke/stroke_msg.h
@@ -230,6 +230,10 @@ struct stroke_msg_t {
STR_USER_CREDS,
/* print/reset counters */
STR_COUNTERS,
+ /* notify a config reload start */
+ STR_CONF_RELOAD_START,
+ /* notify a config reload end */
+ STR_CONF_RELOAD_END,
/* more to come */
} type;
_______________________________________________
Dev mailing list
Dev@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic