[Swan-dev] does the address pool really share leases?

Andrew Cagney andrew.cagney at gmail.com
Sat Sep 28 01:34:24 UTC 2019 

On Fri, 27 Sep 2019 at 15:04, Paul Wouters <paul at nohats.ca> wrote:
>
> On Thu, 26 Sep 2019, Andrew Cagney wrote:
>
> > I'm trying to understand shared leases - while the code gives the
> > impression that arbitrary connections can share leases I suspect that
> > isn't true.  Instead, I suspect there are two scenarios:
>
> I think you are mising up "shared lease" with "shared pool" ?

Unfortunately, no:

 *
 * Leases are shared between appropriate connections.
 *
static bool can_share_lease(const struct connection *c)

so I guess sharing but not as we know it

> Connections can share a single pool of leases. Each lease can only be
> handed out once, and is only potentially available to another connection
> instance of the same user (as identified by the user ID)
>
> > - where an SA shuts down (cleanly), so that the same lease might be
> > assigned when the SA later re-establishes, the id:lease pair
> > this doesn't involve sharing, but is only useful when leases can be
> > uniquely identified using the ID
>
> Yes, this is not "sharing" though. It is mostly just trying to give the
> same IP to the same user to try and prevent connections that were still
> open from breaking. Ideally, with things like MOBIKE, that would not
> happen.
>
> > - where a new CHILD SA is trying to steal an existing lease
> > . SAs establish with a lease assigned
> > . something goes wrong, an end starts bringing up a new SA and wants
> > to re-use the old lease (but it is still reserved by the old SA)
> > . since the IDs match the lease is shared
> > . when the new SA hits the kernel things get updated
> > . when the old SA gets zapped, the sharing stops
>
> Yes.
>
> > - is there anything else?
>
> I don't think so.
>
> > More generally, the second problem seems to have a lot in common with
> > connection instances - trying to pair up a new SA with an existing but
> > failing instance using the ID.  Can (shared) leases only be assigned
> > to connection instances and vice versa?
>
> In practise yes. In theory, a static client with left=ip, right=ip
> could use the client mechanism to request an IP(4 and/or 6) and get
> this from the addresspool? eg:
>
> conn test1
>         left=76.10.157.69
>         leftsubnet=0.0.0.0/0
>         right=1.2.3.5
>         rightaddresspool=10.100.1.1-10.100.1.3
>
> but it would be a strange use of it. Because you could just rewrite that to:
>
> conn test2
>         left=76.10.157.69
>         leftsubnet=0.0.0.0/0
>         right=1.2.3.5
>         rightsubnet=10.100.1.1/32
>
> A pool does kind of imply right=%any and instantiation. And if it helps
> you, I wouldn't mind failing to load the above conn test1.

I'll keep that in mind, but I don't think I need it.

The current code is maintaining, and constantly scanning, an ordered
linked list of assigned (and released) addresses.  With "shared
leases" I suspect the list grows until there's an entry for every
possible assigned address - consider 10.0.0.0/8.

By simply changing the list to an array (and doubled in size as
needed) I suspect most of this goes away (sprinkled with some lists,
and slightly more aggressive address reuse strategy, and a hash table
for ID->lease).  At least that's the theory.

Andrew

More information about the Swan-dev mailing list