[strongSwan-dev] charon mobike route detection

Martin Willi martin at strongswan.org
Thu Mar 4 09:17:59 CET 2010 

Hi Markus,

> a) where is the logic where it monitors for new routes/interfaces?

charon registers to the kernel via Netlink to receive events. This is
implemented in [1] and uses a dedicated thread to wait for such events.

If this thread thinks the network setup has changed, it fires a so
called roam_job, which is executed [2] by a thread of the thread pool.
This thread checks all IKE_SAs if they need an update.

> b) how is this communicated to the "sending" code, are they different
> threads

Packet sending/receiving is done in a dedicated thread, as are other
tasks such as receiving kernel events or reading from the IPC interface
used by "ipsec up" and the like.
Processing larger tasks (packet processing, event processing) is handled
by threads from a pool.

> c) where/how is the new route detected?

The roam job checks out each IKE_SA and invokes the roam() method [3].
There the kernel is queried for a new route, and if an update via MOBIKE
is required, queues the mobike task and executes it [4] as soon as the
IKE state machine is ready.

> i) charon will hang on a "getting address to interface"

I can't find this log message in our code. Where does it hang exactly?
Any chance to attach gdb and do a "thread apply all bt"? What is your
kernel version?

> ii) charon appears to log errors as it trys to send out packets to the
> downed interface

Charon currently probes the existing path under certain circumstances,
even if it is down. But this should actually not harm.

> iii) ipsec status sometimes will just hang during a transition period,
> and the only solution is to either wait till it finally returns, or
> kill it.

If a thread hangs in i), it blocks an IKE_SA and the status thread is
not allowed to read its data and waits for the release of the IKE_SA.

Best regards
Martin

[1]http://wiki.strongswan.org/projects/strongswan/repository/revisions/master/entry/src/charon/plugins/kernel_netlink/kernel_netlink_net.c#L479
[2]http://wiki.strongswan.org/projects/strongswan/repository/revisions/master/entry/src/charon/processing/jobs/roam_job.c#L52
[3]http://wiki.strongswan.org/projects/strongswan/repository/revisions/master/entry/src/charon/sa/ike_sa.c#L1795
[4]http://wiki.strongswan.org/projects/strongswan/repository/revisions/master/entry/src/charon/sa/tasks/ike_mobike.c#L353

More information about the Dev mailing list