[src/trunk]: src/crypto/dist/ipsec-tools/src/racoon Introduce priorities for ...

[tteras <tteras%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/5b7422c5240a
branches:  trunk
changeset: 758136:5b7422c5240a
user:      tteras <tteras%NetBSD.org@localhost>
date:      Thu Oct 21 06:15:28 2010 +0000

description:
Introduce priorities for file descriptor polling mechanism and give
priority to admin port. If admin port is used by ISAKMP-SA hook scripts
they should be preferred, other wise heavy traffic can delay admin port
requests considerably. This in turn may cause renegotiation loop for
ISAKMP-SA. This is mostly useful for OpenNHRP setup, but can benefit
other setups too.

diffstat:

 crypto/dist/ipsec-tools/src/racoon/admin.c      |   4 +-
 crypto/dist/ipsec-tools/src/racoon/evt.c        |   4 +-
 crypto/dist/ipsec-tools/src/racoon/grabmyaddr.c |   4 +-
 crypto/dist/ipsec-tools/src/racoon/isakmp.c     |   4 +-
 crypto/dist/ipsec-tools/src/racoon/pfkey.c      |   8 +-
 crypto/dist/ipsec-tools/src/racoon/session.c    |  53 +++++++++++++++++++-----
 crypto/dist/ipsec-tools/src/racoon/session.h    |   4 +-
 7 files changed, 56 insertions(+), 25 deletions(-)

diffs (235 lines):

diff -r b967b907851b -r 5b7422c5240a crypto/dist/ipsec-tools/src/racoon/admin.c
--- a/crypto/dist/ipsec-tools/src/racoon/admin.c        Thu Oct 21 06:04:33 2010 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/admin.c        Thu Oct 21 06:15:28 2010 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: admin.c,v 1.34 2010/10/21 06:04:33 tteras Exp $        */
+/*     $NetBSD: admin.c,v 1.35 2010/10/21 06:15:28 tteras Exp $        */
 
 /* Id: admin.c,v 1.25 2006/04/06 14:31:04 manubsd Exp */
 
@@ -734,7 +734,7 @@
                return -1;
        }
 
-       monitor_fd(lcconf->sock_admin, admin_handler, NULL);
+       monitor_fd(lcconf->sock_admin, admin_handler, NULL, 0);
        plog(LLV_DEBUG, LOCATION, NULL,
             "open %s as racoon management.\n", sunaddr.sun_path);
 
diff -r b967b907851b -r 5b7422c5240a crypto/dist/ipsec-tools/src/racoon/evt.c
--- a/crypto/dist/ipsec-tools/src/racoon/evt.c  Thu Oct 21 06:04:33 2010 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/evt.c  Thu Oct 21 06:15:28 2010 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: evt.c,v 1.9 2009/01/23 08:05:58 tteras Exp $   */
+/*     $NetBSD: evt.c,v 1.10 2010/10/21 06:15:28 tteras Exp $  */
 
 /* Id: evt.c,v 1.5 2006/06/22 20:11:35 manubsd Exp */
 
@@ -373,7 +373,7 @@
 
        LIST_INSERT_HEAD(list, l, ll_chain);
        l->fd = fd;
-       monitor_fd(l->fd, evt_unsubscribe_cb, l);
+       monitor_fd(l->fd, evt_unsubscribe_cb, l, 0);
 
        plog(LLV_DEBUG, LOCATION, NULL,
             "[%d] admin connection is polling events\n", fd);
diff -r b967b907851b -r 5b7422c5240a crypto/dist/ipsec-tools/src/racoon/grabmyaddr.c
--- a/crypto/dist/ipsec-tools/src/racoon/grabmyaddr.c   Thu Oct 21 06:04:33 2010 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/grabmyaddr.c   Thu Oct 21 06:15:28 2010 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: grabmyaddr.c,v 1.24 2010/10/20 10:56:39 tteras Exp $   */
+/*     $NetBSD: grabmyaddr.c,v 1.25 2010/10/21 06:15:28 tteras Exp $   */
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
  * Copyright (C) 2008 Timo Teras <timo.teras%iki.fi@localhost>.
@@ -297,7 +297,7 @@
                lcconf->rtsock = kernel_open_socket();
                if (lcconf->rtsock < 0)
                        return -1;
-               monitor_fd(lcconf->rtsock, kernel_receive, NULL);
+               monitor_fd(lcconf->rtsock, kernel_receive, NULL, 0);
        } else {
                lcconf->rtsock = -1;
                if (!myaddr_open_all_configured(NULL))
diff -r b967b907851b -r 5b7422c5240a crypto/dist/ipsec-tools/src/racoon/isakmp.c
--- a/crypto/dist/ipsec-tools/src/racoon/isakmp.c       Thu Oct 21 06:04:33 2010 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/isakmp.c       Thu Oct 21 06:15:28 2010 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: isakmp.c,v 1.62 2010/10/20 13:37:37 tteras Exp $       */
+/*     $NetBSD: isakmp.c,v 1.63 2010/10/21 06:15:28 tteras Exp $       */
 
 /* Id: isakmp.c,v 1.74 2006/05/07 21:32:59 manubsd Exp */
 
@@ -1727,7 +1727,7 @@
             "%s used as isakmp port (fd=%d)\n",
             saddr2str(addr), fd);
 
-       monitor_fd(fd, isakmp_handler, NULL);
+       monitor_fd(fd, isakmp_handler, NULL, 1);
        return fd;
 
 err:
diff -r b967b907851b -r 5b7422c5240a crypto/dist/ipsec-tools/src/racoon/pfkey.c
--- a/crypto/dist/ipsec-tools/src/racoon/pfkey.c        Thu Oct 21 06:04:33 2010 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/pfkey.c        Thu Oct 21 06:15:28 2010 +0000
@@ -1,6 +1,6 @@
-/*     $NetBSD: pfkey.c,v 1.52 2010/02/09 23:05:16 wiz Exp $   */
-
-/* $Id: pfkey.c,v 1.52 2010/02/09 23:05:16 wiz Exp $ */
+/*     $NetBSD: pfkey.c,v 1.53 2010/10/21 06:15:28 tteras Exp $        */
+
+/* $Id: pfkey.c,v 1.53 2010/10/21 06:15:28 tteras Exp $ */
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -487,7 +487,7 @@
                return -1;
        }
 #endif
-       monitor_fd(lcconf->sock_pfkey, pfkey_handler, NULL);
+       monitor_fd(lcconf->sock_pfkey, pfkey_handler, NULL, 0);
        return 0;
 }
 
diff -r b967b907851b -r 5b7422c5240a crypto/dist/ipsec-tools/src/racoon/session.c
--- a/crypto/dist/ipsec-tools/src/racoon/session.c      Thu Oct 21 06:04:33 2010 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/session.c      Thu Oct 21 06:15:28 2010 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: session.c,v 1.27 2010/03/04 15:13:53 vanhu Exp $       */
+/*     $NetBSD: session.c,v 1.28 2010/10/21 06:15:28 tteras Exp $      */
 
 /*     $KAME: session.c,v 1.32 2003/09/24 02:01:17 jinmei Exp $        */
 
@@ -103,8 +103,13 @@
 struct fd_monitor {
        int (*callback)(void *ctx, int fd);
        void *ctx;
+       int prio;
+       int fd;
+       TAILQ_ENTRY(fd_monitor) chain;
 };
 
+#define NUM_PRIORITIES 2
+
 static void close_session __P((void));
 static void initfds __P((void));
 static void init_signal __P((void));
@@ -115,13 +120,14 @@
 
 static fd_set preset_mask, active_mask;
 static struct fd_monitor fd_monitors[FD_SETSIZE];
+static TAILQ_HEAD(fd_monitor_list, fd_monitor) fd_monitor_tree[NUM_PRIORITIES];
 static int nfds = 0;
 
 static volatile sig_atomic_t sigreq[NSIG + 1];
 static struct sched scflushsa = SCHED_INITIALIZER();
 
 void
-monitor_fd(int fd, int (*callback)(void *, int), void *ctx)
+monitor_fd(int fd, int (*callback)(void *, int), void *ctx, int priority)
 {
        if (fd < 0 || fd >= FD_SETSIZE) {
                plog(LLV_ERROR, LOCATION, NULL, "fd_set overrun");
@@ -131,9 +137,17 @@
        FD_SET(fd, &preset_mask);
        if (fd > nfds)
                nfds = fd;
+       if (priority <= 0)
+               priority = 0;
+       if (priority >= NUM_PRIORITIES)
+               priority = NUM_PRIORITIES - 1;
 
        fd_monitors[fd].callback = callback;
        fd_monitors[fd].ctx = ctx;
+       fd_monitors[fd].prio = priority;
+       fd_monitors[fd].fd = fd;
+       TAILQ_INSERT_TAIL(&fd_monitor_tree[priority],
+                         &fd_monitors[fd], chain);
 }
 
 void
@@ -144,10 +158,15 @@
                exit(1);
        }
 
+       if (fd_monitors[fd].callback == NULL)
+               return;
+
        FD_CLR(fd, &preset_mask);
        FD_CLR(fd, &active_mask);
        fd_monitors[fd].callback = NULL;
        fd_monitors[fd].ctx = NULL;
+       TAILQ_REMOVE(&fd_monitor_tree[fd_monitors[fd].prio],
+                    &fd_monitors[fd], chain);
 }
 
 int
@@ -158,11 +177,15 @@
        char pid_file[MAXPATHLEN];
        FILE *fp;
        pid_t racoon_pid = 0;
-       int i;
+       int i, count;
+       struct fd_monitor *fdm;
 
        nfds = 0;
        FD_ZERO(&preset_mask);
 
+       for (i = 0; i < NUM_PRIORITIES; i++)
+               TAILQ_INIT(&fd_monitor_tree[i]);
+
        /* initialize schedular */
        sched_init();
        init_signal();
@@ -291,16 +314,24 @@
                        /*NOTREACHED*/
                }
 
-               for (i = 0; i <= nfds; i++) {
-                       if (!FD_ISSET(i, &active_mask))
-                               continue;
+               count = 0;
+               for (i = 0; i < NUM_PRIORITIES; i++) {
+                       TAILQ_FOREACH(fdm, &fd_monitor_tree[i], chain) {
+                               if (!FD_ISSET(fdm->fd, &active_mask))
+                                       continue;
 
-                       if (fd_monitors[i].callback != NULL)
-                               fd_monitors[i].callback(fd_monitors[i].ctx, i);
-                       else
-                               plog(LLV_ERROR, LOCATION, NULL,
-                                    "fd %d set, but no active callback\n", i);
+                               FD_CLR(fdm->fd, &active_mask);
+                               if (fdm->callback != NULL) {
+                                       fdm->callback(fdm->ctx, fdm->fd);
+                                       count++;
+                               } else
+                                       plog(LLV_ERROR, LOCATION, NULL,
+                                       "fd %d set, but no active callback\n", i);
+                       }
+                       if (count != 0)
+                               break;
                }
+
        }
 }
 
diff -r b967b907851b -r 5b7422c5240a crypto/dist/ipsec-tools/src/racoon/session.h
--- a/crypto/dist/ipsec-tools/src/racoon/session.h      Thu Oct 21 06:04:33 2010 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/session.h      Thu Oct 21 06:15:28 2010 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: session.h,v 1.8 2009/01/23 08:05:58 tteras Exp $       */
+/*     $NetBSD: session.h,v 1.9 2010/10/21 06:15:28 tteras Exp $       */
 
 /* Id: session.h,v 1.3 2004/06/11 16:00:17 ludvigm Exp */
 
@@ -37,7 +37,7 @@
 extern int session __P((void));
 extern RETSIGTYPE signal_handler __P((int));
 
-extern void monitor_fd __P((int fd, int (*callback)(void *, int), void *ctx));
+extern void monitor_fd __P((int fd, int (*callback)(void *, int), void *ctx, int priority));
 extern void unmonitor_fd __P((int fd));
 
 #endif /* _SESSION_H */