added per-community locking

include/n2n.h

@@ -349,6 +349,7 @@ typedef struct sn_stats
 struct sn_community
 {
   char community[N2N_COMMUNITY_SIZE];
+  uint8_t             purgeable;              /* indicates purgeable community (fixed-name, predetermined (-c parameter) communties usually are unpurgeable) */
   uint8_t	      header_encryption;      /* Header encryption indicator. */
   he_context_t        *header_encryption_ctx; /* Header encryption cipher context. */
   he_context_t        *header_iv_ctx;	      /* Header IV ecnryption cipher context, REMOVE as soon as seperate fields for checksum and replay protection available */

src/sn.c

@@ -64,6 +64,8 @@ static int load_allowed_sn_community(n2n_sn_t *sss, char *path) {
     if(s != NULL) {
       strncpy((char*)s->community, line, N2N_COMMUNITY_SIZE-1);
       s->community[N2N_COMMUNITY_SIZE-1] = '\0';
+      /* loaded from file, this community is not to be unpurgeable */
+      s->purgeable = COMMUNITY_UNPURGEABLE;
       /* we do not know if header encryption is used in this community,
        * first packet will show. just in case, setup the key.           */
       s->header_encryption = HEADER_ENCRYPTION_UNKNOWN;

src/sn_utils.c

@@ -358,10 +358,10 @@ static int purge_expired_communities(n2n_sn_t *sss,
 
   HASH_ITER(hh, sss->communities, comm, tmp) {
     num_reg += purge_peer_list(&comm->edges, now - REGISTRATION_TIMEOUT);
-    if ((comm->edges == NULL) && (!sss->lock_communities)) {
+    if ((comm->edges == NULL) && (comm->purgeable == COMMUNITY_PURGEABLE)) {
       traceEvent(TRACE_INFO, "Purging idle community %s", comm->community);
       if (NULL != comm->header_encryption_ctx)
-        /* this should not happen as no 'locked' and thus only communities w/o encrypted header here */
+        /* this should not happen as 'purgeable' and thus only communities w/o encrypted header here */
         free(comm->header_encryption_ctx);
       HASH_DEL(sss->communities, comm);
       free(comm);
@@ -818,9 +818,11 @@ static int process_udp(n2n_sn_t * sss,
       if(comm) {
 	strncpy(comm->community, (char*)cmn.community, N2N_COMMUNITY_SIZE-1);
 	comm->community[N2N_COMMUNITY_SIZE-1] = '\0';
-        /* new communities introduced by REGISTERs could not have had encrypted header */
+        /* new communities introduced by REGISTERs could not have had encrypted header... */
         comm->header_encryption = HEADER_ENCRYPTION_NONE;
 	comm->header_encryption_ctx = NULL;
+        /* ... and also are purgeable during periodic purge */
+        comm->purgeable = COMMUNITY_PURGEABLE;
         comm->number_enc_packets = 0;
 	HASH_ADD_STR(sss->communities, community, comm);