[strongSwan-dev] Blocking operations during authorization processing
vit at herman.pro
Tue Aug 18 15:19:25 CEST 2015
recently, we've seen an issue in our deployment of strongSwan, where
charon was seemingly silently dropping incoming initiator requests.
After some investigation, we've found out that this was caused by the
fact that we were performing some fairly expensive (time-wise)
operations in our custom child-updown handler.
We can process the child-updown events asynchronously, however, we were
planning on using a similar kind of handler for authorization purposes
too. Since the authorization call has to be synchronous, we need to
process it in a way that wouldn't block accepting requests from other
I've looked at the implementation of the event bus in
src/libcharon/bus/bus.c and if I'm reading it correctly, it gets locked
for processing of each event. So implementing our authorization code as
a listener for authorize or ike-updown events (in the fashion that
xauth-pam or ext-auth plugins do) is not an option?
So the question is: is there a better place to put this kind of call?
Thanks for any hints.
More information about the Dev