]>
Commit | Line | Data |
---|---|---|
507f26f6 | 1 | /* |
37873f99 | 2 | * Copyright (C) 2008-2013 Tobias Brunner |
ce5b1708 | 3 | * Copyright (C) 2005-2008 Martin Willi |
507f26f6 TB |
4 | * Hochschule fuer Technik Rapperswil |
5 | * | |
6 | * This program is free software; you can redistribute it and/or modify it | |
7 | * under the terms of the GNU General Public License as published by the | |
8 | * Free Software Foundation; either version 2 of the License, or (at your | |
9 | * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
10 | * | |
11 | * This program is distributed in the hope that it will be useful, but | |
12 | * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
13 | * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
14 | * for more details. | |
507f26f6 TB |
15 | */ |
16 | ||
d266e895 TE |
17 | /* |
18 | * Copyright (C) 2010 secunet Security Networks AG | |
19 | * Copyright (C) 2010 Thomas Egerer | |
20 | * | |
21 | * Permission is hereby granted, free of charge, to any person obtaining a copy | |
22 | * of this software and associated documentation files (the "Software"), to deal | |
23 | * in the Software without restriction, including without limitation the rights | |
24 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | |
25 | * copies of the Software, and to permit persons to whom the Software is | |
26 | * furnished to do so, subject to the following conditions: | |
27 | * | |
28 | * The above copyright notice and this permission notice shall be included in | |
29 | * all copies or substantial portions of the Software. | |
30 | * | |
31 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | |
32 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | |
33 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | |
34 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | |
35 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | |
36 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN | |
37 | * THE SOFTWARE. | |
38 | */ | |
39 | ||
507f26f6 | 40 | #include <sys/socket.h> |
7beb31aa | 41 | #include <sys/utsname.h> |
507f26f6 TB |
42 | #include <linux/netlink.h> |
43 | #include <linux/rtnetlink.h> | |
507f26f6 TB |
44 | #include <unistd.h> |
45 | #include <errno.h> | |
46 | #include <net/if.h> | |
51fefe46 | 47 | #include <linux/fib_rules.h> |
507f26f6 TB |
48 | |
49 | #include "kernel_netlink_net.h" | |
50 | #include "kernel_netlink_shared.h" | |
51 | ||
c5f7146b | 52 | #include <hydra.h> |
f05b4272 | 53 | #include <utils/debug.h> |
eba64cef | 54 | #include <threading/mutex.h> |
a25d536e TB |
55 | #include <threading/rwlock.h> |
56 | #include <threading/rwlock_condvar.h> | |
4134108c | 57 | #include <threading/spinlock.h> |
12642a68 TB |
58 | #include <collections/hashtable.h> |
59 | #include <collections/linked_list.h> | |
507f26f6 | 60 | #include <processing/jobs/callback_job.h> |
507f26f6 | 61 | |
ba26508d | 62 | /** delay before firing roam events (ms) */ |
507f26f6 TB |
63 | #define ROAM_DELAY 100 |
64 | ||
f834249c TB |
65 | /** delay before reinstalling routes (ms) */ |
66 | #define ROUTE_DELAY 100 | |
67 | ||
cbd52e7d TB |
68 | /** maximum recursion when searching for addresses in get_route() */ |
69 | #define MAX_ROUTE_RECURSION 2 | |
70 | ||
0b9ce21b TB |
71 | #ifndef ROUTING_TABLE |
72 | #define ROUTING_TABLE 0 | |
73 | #endif | |
74 | ||
75 | #ifndef ROUTING_TABLE_PRIO | |
76 | #define ROUTING_TABLE_PRIO 0 | |
77 | #endif | |
78 | ||
507f26f6 TB |
79 | typedef struct addr_entry_t addr_entry_t; |
80 | ||
81 | /** | |
c6b40158 | 82 | * IP address in an iface_entry_t |
507f26f6 TB |
83 | */ |
84 | struct addr_entry_t { | |
7daf5226 | 85 | |
c6b40158 | 86 | /** the ip address */ |
507f26f6 | 87 | host_t *ip; |
7daf5226 | 88 | |
507f26f6 TB |
89 | /** scope of the address */ |
90 | u_char scope; | |
7daf5226 | 91 | |
e8e9048f | 92 | /** number of times this IP is used, if virtual (i.e. managed by us) */ |
507f26f6 | 93 | u_int refcount; |
c6b40158 TB |
94 | |
95 | /** TRUE once it is installed, if virtual */ | |
96 | bool installed; | |
507f26f6 TB |
97 | }; |
98 | ||
99 | /** | |
100 | * destroy a addr_entry_t object | |
101 | */ | |
102 | static void addr_entry_destroy(addr_entry_t *this) | |
103 | { | |
104 | this->ip->destroy(this->ip); | |
105 | free(this); | |
106 | } | |
107 | ||
108 | typedef struct iface_entry_t iface_entry_t; | |
109 | ||
110 | /** | |
111 | * A network interface on this system, containing addr_entry_t's | |
112 | */ | |
113 | struct iface_entry_t { | |
7daf5226 | 114 | |
507f26f6 TB |
115 | /** interface index */ |
116 | int ifindex; | |
7daf5226 | 117 | |
507f26f6 TB |
118 | /** name of the interface */ |
119 | char ifname[IFNAMSIZ]; | |
7daf5226 | 120 | |
507f26f6 TB |
121 | /** interface flags, as in netdevice(7) SIOCGIFFLAGS */ |
122 | u_int flags; | |
7daf5226 | 123 | |
507f26f6 TB |
124 | /** list of addresses as host_t */ |
125 | linked_list_t *addrs; | |
940e1b0f TB |
126 | |
127 | /** TRUE if usable by config */ | |
128 | bool usable; | |
507f26f6 TB |
129 | }; |
130 | ||
131 | /** | |
132 | * destroy an interface entry | |
133 | */ | |
134 | static void iface_entry_destroy(iface_entry_t *this) | |
135 | { | |
136 | this->addrs->destroy_function(this->addrs, (void*)addr_entry_destroy); | |
137 | free(this); | |
138 | } | |
139 | ||
940e1b0f TB |
140 | /** |
141 | * find an interface entry by index | |
142 | */ | |
143 | static bool iface_entry_by_index(iface_entry_t *this, int *ifindex) | |
144 | { | |
145 | return this->ifindex == *ifindex; | |
146 | } | |
147 | ||
c6b40158 TB |
148 | /** |
149 | * find an interface entry by name | |
150 | */ | |
151 | static bool iface_entry_by_name(iface_entry_t *this, char *ifname) | |
152 | { | |
153 | return streq(this->ifname, ifname); | |
154 | } | |
155 | ||
1f97e1aa TB |
156 | /** |
157 | * check if an interface is up | |
158 | */ | |
159 | static inline bool iface_entry_up(iface_entry_t *iface) | |
160 | { | |
161 | return (iface->flags & IFF_UP) == IFF_UP; | |
162 | } | |
163 | ||
940e1b0f TB |
164 | /** |
165 | * check if an interface is up and usable | |
166 | */ | |
167 | static inline bool iface_entry_up_and_usable(iface_entry_t *iface) | |
168 | { | |
1f97e1aa TB |
169 | return iface->usable && iface_entry_up(iface); |
170 | } | |
171 | ||
172 | typedef struct addr_map_entry_t addr_map_entry_t; | |
173 | ||
174 | /** | |
175 | * Entry that maps an IP address to an interface entry | |
176 | */ | |
177 | struct addr_map_entry_t { | |
178 | /** The IP address */ | |
179 | host_t *ip; | |
180 | ||
c6b40158 TB |
181 | /** The address entry for this IP address */ |
182 | addr_entry_t *addr; | |
183 | ||
1f97e1aa TB |
184 | /** The interface this address is installed on */ |
185 | iface_entry_t *iface; | |
186 | }; | |
187 | ||
188 | /** | |
189 | * Hash a addr_map_entry_t object, all entries with the same IP address | |
190 | * are stored in the same bucket | |
191 | */ | |
192 | static u_int addr_map_entry_hash(addr_map_entry_t *this) | |
193 | { | |
194 | return chunk_hash(this->ip->get_address(this->ip)); | |
195 | } | |
196 | ||
197 | /** | |
198 | * Compare two addr_map_entry_t objects, two entries are equal if they are | |
199 | * installed on the same interface | |
200 | */ | |
201 | static bool addr_map_entry_equals(addr_map_entry_t *a, addr_map_entry_t *b) | |
202 | { | |
203 | return a->iface->ifindex == b->iface->ifindex && | |
204 | a->ip->ip_equals(a->ip, b->ip); | |
205 | } | |
206 | ||
207 | /** | |
208 | * Used with get_match this finds an address entry if it is installed on | |
209 | * an up and usable interface | |
210 | */ | |
211 | static bool addr_map_entry_match_up_and_usable(addr_map_entry_t *a, | |
212 | addr_map_entry_t *b) | |
213 | { | |
214 | return iface_entry_up_and_usable(b->iface) && | |
215 | a->ip->ip_equals(a->ip, b->ip); | |
216 | } | |
217 | ||
218 | /** | |
219 | * Used with get_match this finds an address entry if it is installed on | |
220 | * any active local interface | |
221 | */ | |
222 | static bool addr_map_entry_match_up(addr_map_entry_t *a, addr_map_entry_t *b) | |
223 | { | |
224 | return iface_entry_up(b->iface) && a->ip->ip_equals(a->ip, b->ip); | |
940e1b0f TB |
225 | } |
226 | ||
c6b40158 TB |
227 | /** |
228 | * Used with get_match this finds an address entry if it is installed on | |
229 | * any local interface | |
230 | */ | |
231 | static bool addr_map_entry_match(addr_map_entry_t *a, addr_map_entry_t *b) | |
232 | { | |
233 | return a->ip->ip_equals(a->ip, b->ip); | |
234 | } | |
235 | ||
74ba22c9 TB |
236 | typedef struct route_entry_t route_entry_t; |
237 | ||
238 | /** | |
239 | * Installed routing entry | |
240 | */ | |
241 | struct route_entry_t { | |
242 | /** Name of the interface the route is bound to */ | |
243 | char *if_name; | |
244 | ||
245 | /** Source ip of the route */ | |
246 | host_t *src_ip; | |
247 | ||
248 | /** Gateway for this route */ | |
249 | host_t *gateway; | |
250 | ||
251 | /** Destination net */ | |
252 | chunk_t dst_net; | |
253 | ||
254 | /** Destination net prefixlen */ | |
255 | u_int8_t prefixlen; | |
256 | }; | |
257 | ||
258 | /** | |
259 | * Clone a route_entry_t object. | |
260 | */ | |
261 | static route_entry_t *route_entry_clone(route_entry_t *this) | |
262 | { | |
263 | route_entry_t *route; | |
264 | ||
265 | INIT(route, | |
266 | .if_name = strdup(this->if_name), | |
267 | .src_ip = this->src_ip->clone(this->src_ip), | |
3cd7ba49 | 268 | .gateway = this->gateway ? this->gateway->clone(this->gateway) : NULL, |
74ba22c9 TB |
269 | .dst_net = chunk_clone(this->dst_net), |
270 | .prefixlen = this->prefixlen, | |
271 | ); | |
272 | return route; | |
273 | } | |
274 | ||
275 | /** | |
276 | * Destroy a route_entry_t object | |
277 | */ | |
278 | static void route_entry_destroy(route_entry_t *this) | |
279 | { | |
280 | free(this->if_name); | |
281 | DESTROY_IF(this->src_ip); | |
282 | DESTROY_IF(this->gateway); | |
283 | chunk_free(&this->dst_net); | |
284 | free(this); | |
285 | } | |
286 | ||
287 | /** | |
288 | * Hash a route_entry_t object | |
289 | */ | |
290 | static u_int route_entry_hash(route_entry_t *this) | |
291 | { | |
292 | return chunk_hash_inc(chunk_from_thing(this->prefixlen), | |
293 | chunk_hash(this->dst_net)); | |
294 | } | |
295 | ||
296 | /** | |
297 | * Compare two route_entry_t objects | |
298 | */ | |
299 | static bool route_entry_equals(route_entry_t *a, route_entry_t *b) | |
300 | { | |
3cd7ba49 TB |
301 | if (a->if_name && b->if_name && streq(a->if_name, b->if_name) && |
302 | a->src_ip->ip_equals(a->src_ip, b->src_ip) && | |
303 | chunk_equals(a->dst_net, b->dst_net) && a->prefixlen == b->prefixlen) | |
304 | { | |
305 | return (!a->gateway && !b->gateway) || (a->gateway && b->gateway && | |
306 | a->gateway->ip_equals(a->gateway, b->gateway)); | |
307 | } | |
308 | return FALSE; | |
74ba22c9 TB |
309 | } |
310 | ||
f834249c TB |
311 | typedef struct net_change_t net_change_t; |
312 | ||
313 | /** | |
314 | * Queued network changes | |
315 | */ | |
316 | struct net_change_t { | |
317 | /** Name of the interface that got activated (or an IP appeared on) */ | |
318 | char *if_name; | |
f834249c TB |
319 | }; |
320 | ||
321 | /** | |
322 | * Destroy a net_change_t object | |
323 | */ | |
324 | static void net_change_destroy(net_change_t *this) | |
325 | { | |
f834249c TB |
326 | free(this->if_name); |
327 | free(this); | |
328 | } | |
329 | ||
330 | /** | |
331 | * Hash a net_change_t object | |
332 | */ | |
333 | static u_int net_change_hash(net_change_t *this) | |
334 | { | |
f834249c TB |
335 | return chunk_hash(chunk_create(this->if_name, strlen(this->if_name))); |
336 | } | |
337 | ||
338 | /** | |
339 | * Compare two net_change_t objects | |
340 | */ | |
341 | static bool net_change_equals(net_change_t *a, net_change_t *b) | |
342 | { | |
c732e220 | 343 | return streq(a->if_name, b->if_name); |
f834249c TB |
344 | } |
345 | ||
507f26f6 TB |
346 | typedef struct private_kernel_netlink_net_t private_kernel_netlink_net_t; |
347 | ||
348 | /** | |
349 | * Private variables and functions of kernel_netlink_net class. | |
350 | */ | |
351 | struct private_kernel_netlink_net_t { | |
352 | /** | |
353 | * Public part of the kernel_netlink_net_t object. | |
354 | */ | |
355 | kernel_netlink_net_t public; | |
7daf5226 | 356 | |
507f26f6 | 357 | /** |
a25d536e | 358 | * lock to access various lists and maps |
507f26f6 | 359 | */ |
a25d536e | 360 | rwlock_t *lock; |
7daf5226 | 361 | |
507f26f6 TB |
362 | /** |
363 | * condition variable to signal virtual IP add/removal | |
364 | */ | |
a25d536e | 365 | rwlock_condvar_t *condvar; |
7daf5226 | 366 | |
507f26f6 TB |
367 | /** |
368 | * Cached list of interfaces and its addresses (iface_entry_t) | |
369 | */ | |
370 | linked_list_t *ifaces; | |
7daf5226 | 371 | |
1f97e1aa TB |
372 | /** |
373 | * Map for IP addresses to iface_entry_t objects (addr_map_entry_t) | |
374 | */ | |
375 | hashtable_t *addrs; | |
376 | ||
c6b40158 TB |
377 | /** |
378 | * Map for virtual IP addresses to iface_entry_t objects (addr_map_entry_t) | |
379 | */ | |
380 | hashtable_t *vips; | |
381 | ||
507f26f6 TB |
382 | /** |
383 | * netlink rt socket (routing) | |
384 | */ | |
385 | netlink_socket_t *socket; | |
7daf5226 | 386 | |
507f26f6 TB |
387 | /** |
388 | * Netlink rt socket to receive address change events | |
389 | */ | |
390 | int socket_events; | |
7daf5226 | 391 | |
507f26f6 | 392 | /** |
4134108c | 393 | * earliest time of the next roam event |
507f26f6 | 394 | */ |
4134108c TB |
395 | timeval_t next_roam; |
396 | ||
77d4a028 TB |
397 | /** |
398 | * roam event due to address change | |
399 | */ | |
400 | bool roam_address; | |
401 | ||
4134108c TB |
402 | /** |
403 | * lock to check and update roam event time | |
404 | */ | |
405 | spinlock_t *roam_lock; | |
7daf5226 | 406 | |
507f26f6 TB |
407 | /** |
408 | * routing table to install routes | |
409 | */ | |
410 | int routing_table; | |
7daf5226 | 411 | |
507f26f6 TB |
412 | /** |
413 | * priority of used routing table | |
414 | */ | |
415 | int routing_table_prio; | |
7daf5226 | 416 | |
74ba22c9 TB |
417 | /** |
418 | * installed routes | |
419 | */ | |
420 | hashtable_t *routes; | |
421 | ||
16d62305 TB |
422 | /** |
423 | * mutex for routes | |
424 | */ | |
425 | mutex_t *routes_lock; | |
426 | ||
f834249c | 427 | /** |
c732e220 | 428 | * interface changes which may trigger route reinstallation |
f834249c TB |
429 | */ |
430 | hashtable_t *net_changes; | |
431 | ||
432 | /** | |
433 | * mutex for route reinstallation triggers | |
434 | */ | |
435 | mutex_t *net_changes_lock; | |
436 | ||
437 | /** | |
438 | * time of last route reinstallation | |
439 | */ | |
440 | timeval_t last_route_reinstall; | |
441 | ||
507f26f6 TB |
442 | /** |
443 | * whether to react to RTM_NEWROUTE or RTM_DELROUTE events | |
444 | */ | |
445 | bool process_route; | |
7daf5226 | 446 | |
37873f99 TB |
447 | /** |
448 | * whether to trigger roam events | |
449 | */ | |
450 | bool roam_events; | |
451 | ||
9474a0d9 MW |
452 | /** |
453 | * whether to actually install virtual IPs | |
454 | */ | |
455 | bool install_virtual_ip; | |
d266e895 | 456 | |
e8e9048f TB |
457 | /** |
458 | * the name of the interface virtual IP addresses are installed on | |
459 | */ | |
460 | char *install_virtual_ip_on; | |
461 | ||
7beb31aa TB |
462 | /** |
463 | * whether preferred source addresses can be specified for IPv6 routes | |
464 | */ | |
465 | bool rta_prefsrc_for_ipv6; | |
466 | ||
d266e895 TE |
467 | /** |
468 | * list with routing tables to be excluded from route lookup | |
469 | */ | |
470 | linked_list_t *rt_exclude; | |
507f26f6 TB |
471 | }; |
472 | ||
f834249c TB |
473 | /** |
474 | * Forward declaration | |
475 | */ | |
476 | static status_t manage_srcroute(private_kernel_netlink_net_t *this, | |
477 | int nlmsg_type, int flags, chunk_t dst_net, | |
478 | u_int8_t prefixlen, host_t *gateway, | |
479 | host_t *src_ip, char *if_name); | |
480 | ||
481 | /** | |
482 | * Clear the queued network changes. | |
483 | */ | |
484 | static void net_changes_clear(private_kernel_netlink_net_t *this) | |
485 | { | |
486 | enumerator_t *enumerator; | |
487 | net_change_t *change; | |
488 | ||
489 | enumerator = this->net_changes->create_enumerator(this->net_changes); | |
490 | while (enumerator->enumerate(enumerator, NULL, (void**)&change)) | |
491 | { | |
492 | this->net_changes->remove_at(this->net_changes, enumerator); | |
493 | net_change_destroy(change); | |
494 | } | |
495 | enumerator->destroy(enumerator); | |
496 | } | |
497 | ||
498 | /** | |
499 | * Act upon queued network changes. | |
500 | */ | |
501 | static job_requeue_t reinstall_routes(private_kernel_netlink_net_t *this) | |
502 | { | |
503 | enumerator_t *enumerator; | |
504 | route_entry_t *route; | |
505 | ||
506 | this->net_changes_lock->lock(this->net_changes_lock); | |
16d62305 | 507 | this->routes_lock->lock(this->routes_lock); |
f834249c TB |
508 | |
509 | enumerator = this->routes->create_enumerator(this->routes); | |
510 | while (enumerator->enumerate(enumerator, NULL, (void**)&route)) | |
511 | { | |
512 | net_change_t *change, lookup = { | |
513 | .if_name = route->if_name, | |
514 | }; | |
c732e220 | 515 | /* check if a change for the outgoing interface is queued */ |
f834249c TB |
516 | change = this->net_changes->get(this->net_changes, &lookup); |
517 | if (!change) | |
c732e220 | 518 | { /* in case src_ip is not on the outgoing interface */ |
9ba36c0f TB |
519 | if (this->public.interface.get_interface(&this->public.interface, |
520 | route->src_ip, &lookup.if_name)) | |
c732e220 | 521 | { |
9ba36c0f TB |
522 | if (!streq(lookup.if_name, route->if_name)) |
523 | { | |
524 | change = this->net_changes->get(this->net_changes, &lookup); | |
525 | } | |
526 | free(lookup.if_name); | |
c732e220 | 527 | } |
f834249c TB |
528 | } |
529 | if (change) | |
530 | { | |
531 | manage_srcroute(this, RTM_NEWROUTE, NLM_F_CREATE | NLM_F_EXCL, | |
532 | route->dst_net, route->prefixlen, route->gateway, | |
533 | route->src_ip, route->if_name); | |
534 | } | |
535 | } | |
536 | enumerator->destroy(enumerator); | |
16d62305 | 537 | this->routes_lock->unlock(this->routes_lock); |
f834249c TB |
538 | |
539 | net_changes_clear(this); | |
540 | this->net_changes_lock->unlock(this->net_changes_lock); | |
541 | return JOB_REQUEUE_NONE; | |
542 | } | |
543 | ||
544 | /** | |
545 | * Queue route reinstallation caused by network changes for a given interface. | |
f834249c TB |
546 | * |
547 | * The route reinstallation is delayed for a while and only done once for | |
548 | * several calls during this delay, in order to avoid doing it too often. | |
c732e220 | 549 | * The interface name is freed. |
f834249c TB |
550 | */ |
551 | static void queue_route_reinstall(private_kernel_netlink_net_t *this, | |
c732e220 | 552 | char *if_name) |
f834249c TB |
553 | { |
554 | net_change_t *update, *found; | |
555 | timeval_t now; | |
556 | job_t *job; | |
557 | ||
558 | INIT(update, | |
c732e220 | 559 | .if_name = if_name |
f834249c TB |
560 | ); |
561 | ||
562 | this->net_changes_lock->lock(this->net_changes_lock); | |
c732e220 | 563 | found = this->net_changes->put(this->net_changes, update, update); |
f834249c TB |
564 | if (found) |
565 | { | |
c732e220 | 566 | net_change_destroy(found); |
f834249c TB |
567 | } |
568 | time_monotonic(&now); | |
569 | if (timercmp(&now, &this->last_route_reinstall, >)) | |
570 | { | |
eecd41e3 | 571 | timeval_add_ms(&now, ROUTE_DELAY); |
f834249c TB |
572 | this->last_route_reinstall = now; |
573 | ||
574 | job = (job_t*)callback_job_create((callback_job_cb_t)reinstall_routes, | |
575 | this, NULL, NULL); | |
576 | lib->scheduler->schedule_job_ms(lib->scheduler, job, ROUTE_DELAY); | |
577 | } | |
578 | this->net_changes_lock->unlock(this->net_changes_lock); | |
579 | } | |
580 | ||
507f26f6 | 581 | /** |
c6b40158 TB |
582 | * check if the given IP is known as virtual IP and currently installed |
583 | * | |
584 | * this function will also return TRUE if the virtual IP entry disappeared. | |
585 | * in that case the returned entry will be NULL. | |
586 | * | |
a25d536e | 587 | * this->lock must be held when calling this function |
507f26f6 | 588 | */ |
c6b40158 TB |
589 | static bool is_vip_installed_or_gone(private_kernel_netlink_net_t *this, |
590 | host_t *ip, addr_map_entry_t **entry) | |
507f26f6 | 591 | { |
c6b40158 TB |
592 | addr_map_entry_t lookup = { |
593 | .ip = ip, | |
594 | }; | |
7daf5226 | 595 | |
c6b40158 TB |
596 | *entry = this->vips->get_match(this->vips, &lookup, |
597 | (void*)addr_map_entry_match); | |
598 | if (*entry == NULL) | |
599 | { /* the virtual IP disappeared */ | |
600 | return TRUE; | |
507f26f6 | 601 | } |
c6b40158 TB |
602 | return (*entry)->addr->installed; |
603 | } | |
7daf5226 | 604 | |
c6b40158 TB |
605 | /** |
606 | * check if the given IP is known as virtual IP | |
607 | * | |
a25d536e | 608 | * this->lock must be held when calling this function |
c6b40158 TB |
609 | */ |
610 | static bool is_known_vip(private_kernel_netlink_net_t *this, host_t *ip) | |
611 | { | |
612 | addr_map_entry_t lookup = { | |
613 | .ip = ip, | |
614 | }; | |
615 | ||
616 | return this->vips->get_match(this->vips, &lookup, | |
617 | (void*)addr_map_entry_match) != NULL; | |
507f26f6 TB |
618 | } |
619 | ||
1f97e1aa TB |
620 | /** |
621 | * Add an address map entry | |
622 | */ | |
c6b40158 TB |
623 | static void addr_map_entry_add(hashtable_t *map, addr_entry_t *addr, |
624 | iface_entry_t *iface) | |
1f97e1aa TB |
625 | { |
626 | addr_map_entry_t *entry; | |
627 | ||
1f97e1aa TB |
628 | INIT(entry, |
629 | .ip = addr->ip, | |
c6b40158 | 630 | .addr = addr, |
1f97e1aa TB |
631 | .iface = iface, |
632 | ); | |
c6b40158 | 633 | entry = map->put(map, entry, entry); |
1f97e1aa TB |
634 | free(entry); |
635 | } | |
636 | ||
637 | /** | |
c6b40158 | 638 | * Remove an address map entry |
1f97e1aa | 639 | */ |
c6b40158 TB |
640 | static void addr_map_entry_remove(hashtable_t *map, addr_entry_t *addr, |
641 | iface_entry_t *iface) | |
1f97e1aa TB |
642 | { |
643 | addr_map_entry_t *entry, lookup = { | |
644 | .ip = addr->ip, | |
c6b40158 | 645 | .addr = addr, |
1f97e1aa TB |
646 | .iface = iface, |
647 | }; | |
648 | ||
c6b40158 | 649 | entry = map->remove(map, &lookup); |
1f97e1aa TB |
650 | free(entry); |
651 | } | |
652 | ||
29607690 TB |
653 | /** |
654 | * get the first non-virtual ip address on the given interface. | |
da6d86dd TB |
655 | * if a candidate address is given, we first search for that address and if not |
656 | * found return the address as above. | |
29607690 | 657 | * returned host is a clone, has to be freed by caller. |
a25d536e TB |
658 | * |
659 | * this->lock must be held when calling this function | |
29607690 TB |
660 | */ |
661 | static host_t *get_interface_address(private_kernel_netlink_net_t *this, | |
da6d86dd | 662 | int ifindex, int family, host_t *candidate) |
29607690 | 663 | { |
29607690 | 664 | iface_entry_t *iface; |
c6b40158 | 665 | enumerator_t *addrs; |
29607690 TB |
666 | addr_entry_t *addr; |
667 | host_t *ip = NULL; | |
668 | ||
c6b40158 TB |
669 | if (this->ifaces->find_first(this->ifaces, (void*)iface_entry_by_index, |
670 | (void**)&iface, &ifindex) == SUCCESS) | |
29607690 | 671 | { |
c6b40158 TB |
672 | if (iface->usable) |
673 | { /* only use interfaces not excluded by config */ | |
29607690 TB |
674 | addrs = iface->addrs->create_enumerator(iface->addrs); |
675 | while (addrs->enumerate(addrs, &addr)) | |
676 | { | |
c6b40158 TB |
677 | if (addr->refcount) |
678 | { /* ignore virtual IP addresses */ | |
da6d86dd TB |
679 | continue; |
680 | } | |
681 | if (addr->ip->get_family(addr->ip) == family) | |
682 | { | |
683 | if (!candidate || candidate->ip_equals(candidate, addr->ip)) | |
684 | { /* stop at the first address if we don't search for a | |
685 | * candidate or if the candidate matches */ | |
686 | ip = addr->ip; | |
687 | break; | |
688 | } | |
689 | else if (!ip) | |
690 | { /* store the first address as fallback if candidate is | |
691 | * not found */ | |
692 | ip = addr->ip; | |
693 | } | |
29607690 TB |
694 | } |
695 | } | |
696 | addrs->destroy(addrs); | |
29607690 TB |
697 | } |
698 | } | |
a25d536e | 699 | return ip ? ip->clone(ip) : NULL; |
29607690 TB |
700 | } |
701 | ||
507f26f6 | 702 | /** |
ba26508d | 703 | * callback function that raises the delayed roam event |
507f26f6 | 704 | */ |
77d4a028 | 705 | static job_requeue_t roam_event(private_kernel_netlink_net_t *this) |
ba26508d | 706 | { |
77d4a028 TB |
707 | bool address; |
708 | ||
709 | this->roam_lock->lock(this->roam_lock); | |
710 | address = this->roam_address; | |
711 | this->roam_address = FALSE; | |
712 | this->roam_lock->unlock(this->roam_lock); | |
713 | hydra->kernel_interface->roam(hydra->kernel_interface, address); | |
ba26508d TB |
714 | return JOB_REQUEUE_NONE; |
715 | } | |
716 | ||
717 | /** | |
718 | * fire a roaming event. we delay it for a bit and fire only one event | |
719 | * for multiple calls. otherwise we would create too many events. | |
720 | */ | |
721 | static void fire_roam_event(private_kernel_netlink_net_t *this, bool address) | |
507f26f6 | 722 | { |
de578445 | 723 | timeval_t now; |
ba26508d | 724 | job_t *job; |
7daf5226 | 725 | |
37873f99 TB |
726 | if (!this->roam_events) |
727 | { | |
728 | return; | |
729 | } | |
730 | ||
de578445 | 731 | time_monotonic(&now); |
4134108c | 732 | this->roam_lock->lock(this->roam_lock); |
11f46853 | 733 | this->roam_address |= address; |
4134108c | 734 | if (!timercmp(&now, &this->next_roam, >)) |
507f26f6 | 735 | { |
4134108c TB |
736 | this->roam_lock->unlock(this->roam_lock); |
737 | return; | |
507f26f6 | 738 | } |
eecd41e3 | 739 | timeval_add_ms(&now, ROAM_DELAY); |
4134108c TB |
740 | this->next_roam = now; |
741 | this->roam_lock->unlock(this->roam_lock); | |
742 | ||
743 | job = (job_t*)callback_job_create((callback_job_cb_t)roam_event, | |
77d4a028 | 744 | this, NULL, NULL); |
4134108c | 745 | lib->scheduler->schedule_job_ms(lib->scheduler, job, ROAM_DELAY); |
507f26f6 TB |
746 | } |
747 | ||
940e1b0f TB |
748 | /** |
749 | * check if an interface with a given index is up and usable | |
c6b40158 | 750 | * |
a25d536e | 751 | * this->lock must be locked when calling this function |
940e1b0f TB |
752 | */ |
753 | static bool is_interface_up_and_usable(private_kernel_netlink_net_t *this, | |
754 | int index) | |
755 | { | |
756 | iface_entry_t *iface; | |
757 | ||
758 | if (this->ifaces->find_first(this->ifaces, (void*)iface_entry_by_index, | |
759 | (void**)&iface, &index) == SUCCESS) | |
760 | { | |
761 | return iface_entry_up_and_usable(iface); | |
762 | } | |
763 | return FALSE; | |
764 | } | |
765 | ||
c6b40158 TB |
766 | /** |
767 | * unregister the current addr_entry_t from the hashtable it is stored in | |
768 | * | |
a25d536e | 769 | * this->lock must be locked when calling this function |
c6b40158 | 770 | */ |
e8e9048f | 771 | static void addr_entry_unregister(addr_entry_t *addr, iface_entry_t *iface, |
c6b40158 TB |
772 | private_kernel_netlink_net_t *this) |
773 | { | |
774 | if (addr->refcount) | |
775 | { | |
776 | addr_map_entry_remove(this->vips, addr, iface); | |
777 | this->condvar->broadcast(this->condvar); | |
778 | return; | |
779 | } | |
780 | addr_map_entry_remove(this->addrs, addr, iface); | |
781 | } | |
782 | ||
507f26f6 TB |
783 | /** |
784 | * process RTM_NEWLINK/RTM_DELLINK from kernel | |
785 | */ | |
786 | static void process_link(private_kernel_netlink_net_t *this, | |
787 | struct nlmsghdr *hdr, bool event) | |
788 | { | |
789 | struct ifinfomsg* msg = (struct ifinfomsg*)(NLMSG_DATA(hdr)); | |
790 | struct rtattr *rta = IFLA_RTA(msg); | |
791 | size_t rtasize = IFLA_PAYLOAD (hdr); | |
e13389a7 | 792 | enumerator_t *enumerator; |
507f26f6 TB |
793 | iface_entry_t *current, *entry = NULL; |
794 | char *name = NULL; | |
f834249c | 795 | bool update = FALSE, update_routes = FALSE; |
7daf5226 | 796 | |
f834249c | 797 | while (RTA_OK(rta, rtasize)) |
507f26f6 TB |
798 | { |
799 | switch (rta->rta_type) | |
800 | { | |
801 | case IFLA_IFNAME: | |
802 | name = RTA_DATA(rta); | |
803 | break; | |
804 | } | |
805 | rta = RTA_NEXT(rta, rtasize); | |
806 | } | |
807 | if (!name) | |
808 | { | |
809 | name = "(unknown)"; | |
810 | } | |
7daf5226 | 811 | |
a25d536e | 812 | this->lock->write_lock(this->lock); |
507f26f6 TB |
813 | switch (hdr->nlmsg_type) |
814 | { | |
815 | case RTM_NEWLINK: | |
816 | { | |
c6b40158 TB |
817 | if (this->ifaces->find_first(this->ifaces, |
818 | (void*)iface_entry_by_index, (void**)&entry, | |
819 | &msg->ifi_index) != SUCCESS) | |
507f26f6 | 820 | { |
c6b40158 TB |
821 | INIT(entry, |
822 | .ifindex = msg->ifi_index, | |
823 | .addrs = linked_list_create(), | |
824 | .usable = hydra->kernel_interface->is_interface_usable( | |
825 | hydra->kernel_interface, name), | |
826 | ); | |
507f26f6 TB |
827 | this->ifaces->insert_last(this->ifaces, entry); |
828 | } | |
f526b35c | 829 | strncpy(entry->ifname, name, IFNAMSIZ); |
507f26f6 | 830 | entry->ifname[IFNAMSIZ-1] = '\0'; |
940e1b0f | 831 | if (event && entry->usable) |
507f26f6 TB |
832 | { |
833 | if (!(entry->flags & IFF_UP) && (msg->ifi_flags & IFF_UP)) | |
834 | { | |
f834249c | 835 | update = update_routes = TRUE; |
507f26f6 TB |
836 | DBG1(DBG_KNL, "interface %s activated", name); |
837 | } | |
838 | if ((entry->flags & IFF_UP) && !(msg->ifi_flags & IFF_UP)) | |
839 | { | |
840 | update = TRUE; | |
841 | DBG1(DBG_KNL, "interface %s deactivated", name); | |
842 | } | |
843 | } | |
844 | entry->flags = msg->ifi_flags; | |
507f26f6 TB |
845 | break; |
846 | } | |
847 | case RTM_DELLINK: | |
848 | { | |
e13389a7 MW |
849 | enumerator = this->ifaces->create_enumerator(this->ifaces); |
850 | while (enumerator->enumerate(enumerator, ¤t)) | |
507f26f6 TB |
851 | { |
852 | if (current->ifindex == msg->ifi_index) | |
853 | { | |
940e1b0f | 854 | if (event && current->usable) |
7b218736 MP |
855 | { |
856 | update = TRUE; | |
857 | DBG1(DBG_KNL, "interface %s deleted", current->ifname); | |
858 | } | |
c6b40158 TB |
859 | /* TODO: move virtual IPs installed on this interface to |
860 | * another interface? */ | |
7b218736 | 861 | this->ifaces->remove_at(this->ifaces, enumerator); |
1f97e1aa | 862 | current->addrs->invoke_function(current->addrs, |
e8e9048f | 863 | (void*)addr_entry_unregister, current, this); |
7b218736 | 864 | iface_entry_destroy(current); |
507f26f6 TB |
865 | break; |
866 | } | |
867 | } | |
e13389a7 | 868 | enumerator->destroy(enumerator); |
507f26f6 TB |
869 | break; |
870 | } | |
871 | } | |
a25d536e | 872 | this->lock->unlock(this->lock); |
7daf5226 | 873 | |
f834249c TB |
874 | if (update_routes && event) |
875 | { | |
c732e220 | 876 | queue_route_reinstall(this, strdup(name)); |
f834249c TB |
877 | } |
878 | ||
507f26f6 TB |
879 | if (update && event) |
880 | { | |
ba26508d | 881 | fire_roam_event(this, TRUE); |
507f26f6 TB |
882 | } |
883 | } | |
884 | ||
885 | /** | |
886 | * process RTM_NEWADDR/RTM_DELADDR from kernel | |
887 | */ | |
888 | static void process_addr(private_kernel_netlink_net_t *this, | |
889 | struct nlmsghdr *hdr, bool event) | |
890 | { | |
891 | struct ifaddrmsg* msg = (struct ifaddrmsg*)(NLMSG_DATA(hdr)); | |
892 | struct rtattr *rta = IFA_RTA(msg); | |
893 | size_t rtasize = IFA_PAYLOAD (hdr); | |
894 | host_t *host = NULL; | |
507f26f6 | 895 | iface_entry_t *iface; |
507f26f6 | 896 | chunk_t local = chunk_empty, address = chunk_empty; |
f834249c | 897 | char *route_ifname = NULL; |
507f26f6 | 898 | bool update = FALSE, found = FALSE, changed = FALSE; |
7daf5226 | 899 | |
f834249c | 900 | while (RTA_OK(rta, rtasize)) |
507f26f6 TB |
901 | { |
902 | switch (rta->rta_type) | |
903 | { | |
904 | case IFA_LOCAL: | |
905 | local.ptr = RTA_DATA(rta); | |
906 | local.len = RTA_PAYLOAD(rta); | |
907 | break; | |
908 | case IFA_ADDRESS: | |
909 | address.ptr = RTA_DATA(rta); | |
910 | address.len = RTA_PAYLOAD(rta); | |
911 | break; | |
912 | } | |
913 | rta = RTA_NEXT(rta, rtasize); | |
914 | } | |
7daf5226 | 915 | |
507f26f6 TB |
916 | /* For PPP interfaces, we need the IFA_LOCAL address, |
917 | * IFA_ADDRESS is the peers address. But IFA_LOCAL is | |
918 | * not included in all cases (IPv6?), so fallback to IFA_ADDRESS. */ | |
919 | if (local.ptr) | |
920 | { | |
921 | host = host_create_from_chunk(msg->ifa_family, local, 0); | |
922 | } | |
923 | else if (address.ptr) | |
924 | { | |
925 | host = host_create_from_chunk(msg->ifa_family, address, 0); | |
926 | } | |
7daf5226 | 927 | |
507f26f6 TB |
928 | if (host == NULL) |
929 | { /* bad family? */ | |
930 | return; | |
931 | } | |
7daf5226 | 932 | |
a25d536e | 933 | this->lock->write_lock(this->lock); |
c6b40158 TB |
934 | if (this->ifaces->find_first(this->ifaces, (void*)iface_entry_by_index, |
935 | (void**)&iface, &msg->ifa_index) == SUCCESS) | |
507f26f6 | 936 | { |
c6b40158 TB |
937 | addr_map_entry_t *entry, lookup = { |
938 | .ip = host, | |
939 | .iface = iface, | |
940 | }; | |
941 | addr_entry_t *addr; | |
942 | ||
943 | entry = this->vips->get(this->vips, &lookup); | |
944 | if (entry) | |
507f26f6 | 945 | { |
c6b40158 TB |
946 | if (hdr->nlmsg_type == RTM_NEWADDR) |
947 | { /* mark as installed and signal waiting threads */ | |
948 | entry->addr->installed = TRUE; | |
949 | } | |
950 | else | |
951 | { /* the address was already marked as uninstalled */ | |
952 | addr = entry->addr; | |
953 | iface->addrs->remove(iface->addrs, addr, NULL); | |
954 | addr_map_entry_remove(this->vips, addr, iface); | |
955 | addr_entry_destroy(addr); | |
956 | } | |
957 | /* no roam events etc. for virtual IPs */ | |
958 | this->condvar->broadcast(this->condvar); | |
a25d536e | 959 | this->lock->unlock(this->lock); |
c6b40158 TB |
960 | host->destroy(host); |
961 | return; | |
962 | } | |
963 | entry = this->addrs->get(this->addrs, &lookup); | |
964 | if (entry) | |
965 | { | |
966 | if (hdr->nlmsg_type == RTM_DELADDR) | |
507f26f6 | 967 | { |
c6b40158 TB |
968 | found = TRUE; |
969 | addr = entry->addr; | |
970 | iface->addrs->remove(iface->addrs, addr, NULL); | |
971 | if (iface->usable) | |
507f26f6 | 972 | { |
c6b40158 TB |
973 | changed = TRUE; |
974 | DBG1(DBG_KNL, "%H disappeared from %s", host, | |
975 | iface->ifname); | |
507f26f6 | 976 | } |
c6b40158 TB |
977 | addr_map_entry_remove(this->addrs, addr, iface); |
978 | addr_entry_destroy(addr); | |
507f26f6 | 979 | } |
c6b40158 TB |
980 | } |
981 | else | |
982 | { | |
507f26f6 TB |
983 | if (hdr->nlmsg_type == RTM_NEWADDR) |
984 | { | |
c6b40158 TB |
985 | found = TRUE; |
986 | changed = TRUE; | |
987 | route_ifname = strdup(iface->ifname); | |
988 | INIT(addr, | |
989 | .ip = host->clone(host), | |
990 | .scope = msg->ifa_scope, | |
991 | ); | |
992 | iface->addrs->insert_last(iface->addrs, addr); | |
993 | addr_map_entry_add(this->addrs, addr, iface); | |
994 | if (event && iface->usable) | |
507f26f6 | 995 | { |
c6b40158 | 996 | DBG1(DBG_KNL, "%H appeared on %s", host, iface->ifname); |
507f26f6 TB |
997 | } |
998 | } | |
c6b40158 TB |
999 | } |
1000 | if (found && (iface->flags & IFF_UP)) | |
1001 | { | |
1002 | update = TRUE; | |
1003 | } | |
1004 | if (!iface->usable) | |
1005 | { /* ignore events for interfaces excluded by config */ | |
1006 | update = changed = FALSE; | |
507f26f6 TB |
1007 | } |
1008 | } | |
a25d536e | 1009 | this->lock->unlock(this->lock); |
f834249c TB |
1010 | |
1011 | if (update && event && route_ifname) | |
1012 | { | |
c732e220 | 1013 | queue_route_reinstall(this, route_ifname); |
f834249c TB |
1014 | } |
1015 | else | |
1016 | { | |
1017 | free(route_ifname); | |
1018 | } | |
507f26f6 | 1019 | host->destroy(host); |
7daf5226 | 1020 | |
507f26f6 TB |
1021 | /* send an update to all IKE_SAs */ |
1022 | if (update && event && changed) | |
1023 | { | |
ba26508d | 1024 | fire_roam_event(this, TRUE); |
507f26f6 TB |
1025 | } |
1026 | } | |
1027 | ||
1028 | /** | |
1029 | * process RTM_NEWROUTE and RTM_DELROUTE from kernel | |
1030 | */ | |
1031 | static void process_route(private_kernel_netlink_net_t *this, struct nlmsghdr *hdr) | |
1032 | { | |
1033 | struct rtmsg* msg = (struct rtmsg*)(NLMSG_DATA(hdr)); | |
1034 | struct rtattr *rta = RTM_RTA(msg); | |
1035 | size_t rtasize = RTM_PAYLOAD(hdr); | |
29607690 | 1036 | u_int32_t rta_oif = 0; |
507f26f6 | 1037 | host_t *host = NULL; |
7daf5226 | 1038 | |
ec0c756d TB |
1039 | /* ignore routes added by us or in the local routing table (local addrs) */ |
1040 | if (msg->rtm_table && (msg->rtm_table == this->routing_table || | |
1041 | msg->rtm_table == RT_TABLE_LOCAL)) | |
85be7e5b MW |
1042 | { |
1043 | return; | |
1044 | } | |
8ec51f83 TB |
1045 | else if (msg->rtm_flags & RTM_F_CLONED) |
1046 | { /* ignore cached routes, seem to be created a lot for IPv6 */ | |
1047 | return; | |
1048 | } | |
7daf5226 | 1049 | |
507f26f6 TB |
1050 | while (RTA_OK(rta, rtasize)) |
1051 | { | |
1052 | switch (rta->rta_type) | |
1053 | { | |
1054 | case RTA_PREFSRC: | |
862ef49f | 1055 | DESTROY_IF(host); |
507f26f6 TB |
1056 | host = host_create_from_chunk(msg->rtm_family, |
1057 | chunk_create(RTA_DATA(rta), RTA_PAYLOAD(rta)), 0); | |
1058 | break; | |
29607690 TB |
1059 | case RTA_OIF: |
1060 | if (RTA_PAYLOAD(rta) == sizeof(rta_oif)) | |
1061 | { | |
1062 | rta_oif = *(u_int32_t*)RTA_DATA(rta); | |
1063 | } | |
1064 | break; | |
507f26f6 TB |
1065 | } |
1066 | rta = RTA_NEXT(rta, rtasize); | |
1067 | } | |
a25d536e | 1068 | this->lock->read_lock(this->lock); |
940e1b0f TB |
1069 | if (rta_oif && !is_interface_up_and_usable(this, rta_oif)) |
1070 | { /* ignore route changes for interfaces that are ignored or down */ | |
a25d536e | 1071 | this->lock->unlock(this->lock); |
940e1b0f TB |
1072 | DESTROY_IF(host); |
1073 | return; | |
1074 | } | |
29607690 TB |
1075 | if (!host && rta_oif) |
1076 | { | |
da6d86dd | 1077 | host = get_interface_address(this, rta_oif, msg->rtm_family, NULL); |
29607690 | 1078 | } |
a25d536e TB |
1079 | if (!host || is_known_vip(this, host)) |
1080 | { /* ignore routes added for virtual IPs */ | |
1081 | this->lock->unlock(this->lock); | |
1082 | DESTROY_IF(host); | |
1083 | return; | |
507f26f6 | 1084 | } |
a25d536e TB |
1085 | this->lock->unlock(this->lock); |
1086 | fire_roam_event(this, FALSE); | |
1087 | host->destroy(host); | |
507f26f6 TB |
1088 | } |
1089 | ||
1090 | /** | |
1091 | * Receives events from kernel | |
1092 | */ | |
f4f77d74 MW |
1093 | static bool receive_events(private_kernel_netlink_net_t *this, int fd, |
1094 | watcher_event_t event) | |
507f26f6 | 1095 | { |
ec331a7d | 1096 | char response[1536]; |
507f26f6 TB |
1097 | struct nlmsghdr *hdr = (struct nlmsghdr*)response; |
1098 | struct sockaddr_nl addr; | |
1099 | socklen_t addr_len = sizeof(addr); | |
4a5a5dd2 | 1100 | int len; |
7daf5226 | 1101 | |
f4f77d74 MW |
1102 | len = recvfrom(this->socket_events, response, sizeof(response), |
1103 | MSG_DONTWAIT, (struct sockaddr*)&addr, &addr_len); | |
507f26f6 TB |
1104 | if (len < 0) |
1105 | { | |
1106 | switch (errno) | |
1107 | { | |
1108 | case EINTR: | |
1109 | /* interrupted, try again */ | |
f4f77d74 | 1110 | return TRUE; |
507f26f6 TB |
1111 | case EAGAIN: |
1112 | /* no data ready, select again */ | |
f4f77d74 | 1113 | return TRUE; |
507f26f6 TB |
1114 | default: |
1115 | DBG1(DBG_KNL, "unable to receive from rt event socket"); | |
1116 | sleep(1); | |
f4f77d74 | 1117 | return TRUE; |
507f26f6 TB |
1118 | } |
1119 | } | |
7daf5226 | 1120 | |
507f26f6 TB |
1121 | if (addr.nl_pid != 0) |
1122 | { /* not from kernel. not interested, try another one */ | |
f4f77d74 | 1123 | return TRUE; |
507f26f6 | 1124 | } |
7daf5226 | 1125 | |
507f26f6 TB |
1126 | while (NLMSG_OK(hdr, len)) |
1127 | { | |
1128 | /* looks good so far, dispatch netlink message */ | |
1129 | switch (hdr->nlmsg_type) | |
1130 | { | |
1131 | case RTM_NEWADDR: | |
1132 | case RTM_DELADDR: | |
1133 | process_addr(this, hdr, TRUE); | |
507f26f6 TB |
1134 | break; |
1135 | case RTM_NEWLINK: | |
1136 | case RTM_DELLINK: | |
1137 | process_link(this, hdr, TRUE); | |
507f26f6 TB |
1138 | break; |
1139 | case RTM_NEWROUTE: | |
1140 | case RTM_DELROUTE: | |
1141 | if (this->process_route) | |
1142 | { | |
1143 | process_route(this, hdr); | |
1144 | } | |
1145 | break; | |
1146 | default: | |
1147 | break; | |
1148 | } | |
1149 | hdr = NLMSG_NEXT(hdr, len); | |
1150 | } | |
f4f77d74 | 1151 | return TRUE; |
507f26f6 TB |
1152 | } |
1153 | ||
1154 | /** enumerator over addresses */ | |
1155 | typedef struct { | |
1156 | private_kernel_netlink_net_t* this; | |
4106aea8 TB |
1157 | /** which addresses to enumerate */ |
1158 | kernel_address_type_t which; | |
507f26f6 TB |
1159 | } address_enumerator_t; |
1160 | ||
1161 | /** | |
1162 | * cleanup function for address enumerator | |
1163 | */ | |
1164 | static void address_enumerator_destroy(address_enumerator_t *data) | |
1165 | { | |
a25d536e | 1166 | data->this->lock->unlock(data->this->lock); |
507f26f6 TB |
1167 | free(data); |
1168 | } | |
1169 | ||
1170 | /** | |
1171 | * filter for addresses | |
1172 | */ | |
887abfb1 MW |
1173 | static bool filter_addresses(address_enumerator_t *data, |
1174 | addr_entry_t** in, host_t** out) | |
507f26f6 | 1175 | { |
c6b40158 | 1176 | if (!(data->which & ADDR_TYPE_VIRTUAL) && (*in)->refcount) |
507f26f6 TB |
1177 | { /* skip virtual interfaces added by us */ |
1178 | return FALSE; | |
1179 | } | |
1a2a8bff MW |
1180 | if (!(data->which & ADDR_TYPE_REGULAR) && !(*in)->refcount) |
1181 | { /* address is regular, but not requested */ | |
1182 | return FALSE; | |
1183 | } | |
507f26f6 TB |
1184 | if ((*in)->scope >= RT_SCOPE_LINK) |
1185 | { /* skip addresses with a unusable scope */ | |
1186 | return FALSE; | |
1187 | } | |
1188 | *out = (*in)->ip; | |
1189 | return TRUE; | |
1190 | } | |
1191 | ||
1192 | /** | |
1193 | * enumerator constructor for interfaces | |
1194 | */ | |
887abfb1 MW |
1195 | static enumerator_t *create_iface_enumerator(iface_entry_t *iface, |
1196 | address_enumerator_t *data) | |
507f26f6 | 1197 | { |
887abfb1 MW |
1198 | return enumerator_create_filter( |
1199 | iface->addrs->create_enumerator(iface->addrs), | |
507f26f6 TB |
1200 | (void*)filter_addresses, data, NULL); |
1201 | } | |
1202 | ||
1203 | /** | |
1204 | * filter for interfaces | |
1205 | */ | |
887abfb1 MW |
1206 | static bool filter_interfaces(address_enumerator_t *data, iface_entry_t** in, |
1207 | iface_entry_t** out) | |
507f26f6 | 1208 | { |
4106aea8 | 1209 | if (!(data->which & ADDR_TYPE_IGNORED) && !(*in)->usable) |
940e1b0f TB |
1210 | { /* skip interfaces excluded by config */ |
1211 | return FALSE; | |
1212 | } | |
4106aea8 | 1213 | if (!(data->which & ADDR_TYPE_LOOPBACK) && ((*in)->flags & IFF_LOOPBACK)) |
aed33805 TB |
1214 | { /* ignore loopback devices */ |
1215 | return FALSE; | |
1216 | } | |
4106aea8 | 1217 | if (!(data->which & ADDR_TYPE_DOWN) && !((*in)->flags & IFF_UP)) |
507f26f6 TB |
1218 | { /* skip interfaces not up */ |
1219 | return FALSE; | |
1220 | } | |
1221 | *out = *in; | |
1222 | return TRUE; | |
1223 | } | |
1224 | ||
887abfb1 | 1225 | METHOD(kernel_net_t, create_address_enumerator, enumerator_t*, |
4106aea8 | 1226 | private_kernel_netlink_net_t *this, kernel_address_type_t which) |
507f26f6 | 1227 | { |
1a2a8bff MW |
1228 | address_enumerator_t *data; |
1229 | ||
1230 | INIT(data, | |
1231 | .this = this, | |
1232 | .which = which, | |
1233 | ); | |
7daf5226 | 1234 | |
a25d536e | 1235 | this->lock->read_lock(this->lock); |
507f26f6 | 1236 | return enumerator_create_nested( |
887abfb1 MW |
1237 | enumerator_create_filter( |
1238 | this->ifaces->create_enumerator(this->ifaces), | |
1239 | (void*)filter_interfaces, data, NULL), | |
1240 | (void*)create_iface_enumerator, data, | |
1241 | (void*)address_enumerator_destroy); | |
507f26f6 TB |
1242 | } |
1243 | ||
9ba36c0f TB |
1244 | METHOD(kernel_net_t, get_interface_name, bool, |
1245 | private_kernel_netlink_net_t *this, host_t* ip, char **name) | |
507f26f6 | 1246 | { |
1f97e1aa TB |
1247 | addr_map_entry_t *entry, lookup = { |
1248 | .ip = ip, | |
1249 | }; | |
7daf5226 | 1250 | |
645d7a5e TB |
1251 | if (ip->is_anyaddr(ip)) |
1252 | { | |
1253 | return FALSE; | |
1254 | } | |
a25d536e | 1255 | this->lock->read_lock(this->lock); |
1f97e1aa TB |
1256 | /* first try to find it on an up and usable interface */ |
1257 | entry = this->addrs->get_match(this->addrs, &lookup, | |
1258 | (void*)addr_map_entry_match_up_and_usable); | |
1259 | if (entry) | |
507f26f6 | 1260 | { |
1f97e1aa | 1261 | if (name) |
507f26f6 | 1262 | { |
1f97e1aa TB |
1263 | *name = strdup(entry->iface->ifname); |
1264 | DBG2(DBG_KNL, "%H is on interface %s", ip, *name); | |
507f26f6 | 1265 | } |
a25d536e | 1266 | this->lock->unlock(this->lock); |
1f97e1aa | 1267 | return TRUE; |
507f26f6 | 1268 | } |
544c2e3d MW |
1269 | /* in a second step, consider virtual IPs installed by us */ |
1270 | entry = this->vips->get_match(this->vips, &lookup, | |
1271 | (void*)addr_map_entry_match_up_and_usable); | |
1272 | if (entry) | |
1273 | { | |
1274 | if (name) | |
1275 | { | |
1276 | *name = strdup(entry->iface->ifname); | |
5310f485 | 1277 | DBG2(DBG_KNL, "virtual IP %H is on interface %s", ip, *name); |
544c2e3d MW |
1278 | } |
1279 | this->lock->unlock(this->lock); | |
1280 | return TRUE; | |
1281 | } | |
1f97e1aa TB |
1282 | /* maybe it is installed on an ignored interface */ |
1283 | entry = this->addrs->get_match(this->addrs, &lookup, | |
1284 | (void*)addr_map_entry_match_up); | |
1285 | if (!entry) | |
507f26f6 | 1286 | { |
1f97e1aa | 1287 | DBG2(DBG_KNL, "%H is not a local address or the interface is down", ip); |
507f26f6 | 1288 | } |
a25d536e | 1289 | this->lock->unlock(this->lock); |
1f97e1aa | 1290 | return FALSE; |
507f26f6 TB |
1291 | } |
1292 | ||
1293 | /** | |
1294 | * get the index of an interface by name | |
1295 | */ | |
1296 | static int get_interface_index(private_kernel_netlink_net_t *this, char* name) | |
1297 | { | |
507f26f6 TB |
1298 | iface_entry_t *iface; |
1299 | int ifindex = 0; | |
7daf5226 | 1300 | |
507f26f6 | 1301 | DBG2(DBG_KNL, "getting iface index for %s", name); |
7daf5226 | 1302 | |
a25d536e | 1303 | this->lock->read_lock(this->lock); |
c6b40158 TB |
1304 | if (this->ifaces->find_first(this->ifaces, (void*)iface_entry_by_name, |
1305 | (void**)&iface, name) == SUCCESS) | |
507f26f6 | 1306 | { |
c6b40158 | 1307 | ifindex = iface->ifindex; |
507f26f6 | 1308 | } |
a25d536e | 1309 | this->lock->unlock(this->lock); |
507f26f6 TB |
1310 | |
1311 | if (ifindex == 0) | |
1312 | { | |
1313 | DBG1(DBG_KNL, "unable to get interface index for %s", name); | |
1314 | } | |
1315 | return ifindex; | |
1316 | } | |
1317 | ||
1318 | /** | |
1319 | * check if an address (chunk) addr is in subnet (net with net_len net bits) | |
1320 | */ | |
1321 | static bool addr_in_subnet(chunk_t addr, chunk_t net, int net_len) | |
1322 | { | |
03d5f411 AS |
1323 | static const u_char mask[] = { 0x00, 0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe }; |
1324 | int byte = 0; | |
7daf5226 | 1325 | |
d1769942 MW |
1326 | if (net_len == 0) |
1327 | { /* any address matches a /0 network */ | |
1328 | return TRUE; | |
1329 | } | |
03d5f411 | 1330 | if (addr.len != net.len || net_len > 8 * net.len ) |
507f26f6 TB |
1331 | { |
1332 | return FALSE; | |
1333 | } | |
03d5f411 AS |
1334 | /* scan through all bytes in network order */ |
1335 | while (net_len > 0) | |
507f26f6 | 1336 | { |
03d5f411 | 1337 | if (net_len < 8) |
507f26f6 | 1338 | { |
03d5f411 AS |
1339 | return (mask[net_len] & addr.ptr[byte]) == (mask[net_len] & net.ptr[byte]); |
1340 | } | |
1341 | else | |
1342 | { | |
1343 | if (addr.ptr[byte] != net.ptr[byte]) | |
507f26f6 TB |
1344 | { |
1345 | return FALSE; | |
1346 | } | |
03d5f411 AS |
1347 | byte++; |
1348 | net_len -= 8; | |
507f26f6 TB |
1349 | } |
1350 | } | |
1351 | return TRUE; | |
1352 | } | |
1353 | ||
66253465 TB |
1354 | /** |
1355 | * Store information about a route retrieved via RTNETLINK | |
1356 | */ | |
1357 | typedef struct { | |
1358 | chunk_t gtw; | |
1359 | chunk_t src; | |
1360 | chunk_t dst; | |
1361 | host_t *src_host; | |
1362 | u_int8_t dst_len; | |
1363 | u_int32_t table; | |
1364 | u_int32_t oif; | |
1365 | } rt_entry_t; | |
1366 | ||
1367 | /** | |
1368 | * Free a route entry | |
1369 | */ | |
1370 | static void rt_entry_destroy(rt_entry_t *this) | |
1371 | { | |
1372 | DESTROY_IF(this->src_host); | |
1373 | free(this); | |
1374 | } | |
1375 | ||
1376 | /** | |
1377 | * Parse route received with RTM_NEWROUTE. The given rt_entry_t object will be | |
1378 | * reused if not NULL. | |
1379 | * | |
1380 | * Returned chunks point to internal data of the Netlink message. | |
1381 | */ | |
1382 | static rt_entry_t *parse_route(struct nlmsghdr *hdr, rt_entry_t *route) | |
1383 | { | |
1384 | struct rtattr *rta; | |
1385 | struct rtmsg *msg; | |
1386 | size_t rtasize; | |
1387 | ||
1388 | msg = (struct rtmsg*)(NLMSG_DATA(hdr)); | |
1389 | rta = RTM_RTA(msg); | |
1390 | rtasize = RTM_PAYLOAD(hdr); | |
1391 | ||
1392 | if (route) | |
1393 | { | |
1394 | route->gtw = chunk_empty; | |
1395 | route->src = chunk_empty; | |
1396 | route->dst = chunk_empty; | |
1397 | route->dst_len = msg->rtm_dst_len; | |
1398 | route->table = msg->rtm_table; | |
1399 | route->oif = 0; | |
1400 | } | |
1401 | else | |
1402 | { | |
1403 | INIT(route, | |
1404 | .dst_len = msg->rtm_dst_len, | |
1405 | .table = msg->rtm_table, | |
1406 | ); | |
1407 | } | |
1408 | ||
1409 | while (RTA_OK(rta, rtasize)) | |
1410 | { | |
1411 | switch (rta->rta_type) | |
1412 | { | |
1413 | case RTA_PREFSRC: | |
1414 | route->src = chunk_create(RTA_DATA(rta), RTA_PAYLOAD(rta)); | |
1415 | break; | |
1416 | case RTA_GATEWAY: | |
1417 | route->gtw = chunk_create(RTA_DATA(rta), RTA_PAYLOAD(rta)); | |
1418 | break; | |
1419 | case RTA_DST: | |
1420 | route->dst = chunk_create(RTA_DATA(rta), RTA_PAYLOAD(rta)); | |
1421 | break; | |
1422 | case RTA_OIF: | |
1423 | if (RTA_PAYLOAD(rta) == sizeof(route->oif)) | |
1424 | { | |
1425 | route->oif = *(u_int32_t*)RTA_DATA(rta); | |
1426 | } | |
1427 | break; | |
1428 | #ifdef HAVE_RTA_TABLE | |
1429 | case RTA_TABLE: | |
1430 | if (RTA_PAYLOAD(rta) == sizeof(route->table)) | |
1431 | { | |
1432 | route->table = *(u_int32_t*)RTA_DATA(rta); | |
1433 | } | |
1434 | break; | |
1435 | #endif /* HAVE_RTA_TABLE*/ | |
1436 | } | |
1437 | rta = RTA_NEXT(rta, rtasize); | |
1438 | } | |
1439 | return route; | |
1440 | } | |
1441 | ||
507f26f6 TB |
1442 | /** |
1443 | * Get a route: If "nexthop", the nexthop is returned. source addr otherwise. | |
1444 | */ | |
1445 | static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest, | |
cbd52e7d | 1446 | bool nexthop, host_t *candidate, u_int recursion) |
507f26f6 | 1447 | { |
21bf86f7 | 1448 | netlink_buf_t request; |
507f26f6 TB |
1449 | struct nlmsghdr *hdr, *out, *current; |
1450 | struct rtmsg *msg; | |
1451 | chunk_t chunk; | |
1452 | size_t len; | |
66253465 TB |
1453 | linked_list_t *routes; |
1454 | rt_entry_t *route = NULL, *best = NULL; | |
d266e895 | 1455 | enumerator_t *enumerator; |
66253465 | 1456 | host_t *addr = NULL; |
7daf5226 | 1457 | |
cbd52e7d TB |
1458 | if (recursion > MAX_ROUTE_RECURSION) |
1459 | { | |
1460 | return NULL; | |
1461 | } | |
1462 | ||
507f26f6 TB |
1463 | memset(&request, 0, sizeof(request)); |
1464 | ||
1465 | hdr = (struct nlmsghdr*)request; | |
5be75c2c | 1466 | hdr->nlmsg_flags = NLM_F_REQUEST; |
7beb31aa TB |
1467 | if (dest->get_family(dest) == AF_INET || this->rta_prefsrc_for_ipv6 || |
1468 | this->routing_table) | |
1469 | { /* kernels prior to 3.0 do not support RTA_PREFSRC for IPv6 routes. | |
1470 | * as we want to ignore routes with virtual IPs we cannot use DUMP | |
1471 | * if these routes are not installed in a separate table */ | |
5c1332bf | 1472 | hdr->nlmsg_flags |= NLM_F_DUMP; |
5be75c2c | 1473 | } |
507f26f6 TB |
1474 | hdr->nlmsg_type = RTM_GETROUTE; |
1475 | hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct rtmsg)); | |
1476 | ||
1477 | msg = (struct rtmsg*)NLMSG_DATA(hdr); | |
1478 | msg->rtm_family = dest->get_family(dest); | |
ce5b1708 MW |
1479 | if (candidate) |
1480 | { | |
1481 | chunk = candidate->get_address(candidate); | |
1482 | netlink_add_attribute(hdr, RTA_PREFSRC, chunk, sizeof(request)); | |
1483 | } | |
d1769942 MW |
1484 | chunk = dest->get_address(dest); |
1485 | netlink_add_attribute(hdr, RTA_DST, chunk, sizeof(request)); | |
7daf5226 | 1486 | |
507f26f6 TB |
1487 | if (this->socket->send(this->socket, hdr, &out, &len) != SUCCESS) |
1488 | { | |
66253465 TB |
1489 | DBG2(DBG_KNL, "getting %s to reach %H failed", |
1490 | nexthop ? "nexthop" : "address", dest); | |
507f26f6 TB |
1491 | return NULL; |
1492 | } | |
66253465 | 1493 | routes = linked_list_create(); |
a25d536e | 1494 | this->lock->read_lock(this->lock); |
36b7ba5e MW |
1495 | |
1496 | for (current = out; NLMSG_OK(current, len); | |
1497 | current = NLMSG_NEXT(current, len)) | |
507f26f6 TB |
1498 | { |
1499 | switch (current->nlmsg_type) | |
1500 | { | |
1501 | case NLMSG_DONE: | |
1502 | break; | |
1503 | case RTM_NEWROUTE: | |
1504 | { | |
66253465 | 1505 | rt_entry_t *other; |
d266e895 | 1506 | uintptr_t table; |
7daf5226 | 1507 | |
66253465 TB |
1508 | route = parse_route(current, route); |
1509 | ||
1510 | table = (uintptr_t)route->table; | |
1511 | if (this->rt_exclude->find_first(this->rt_exclude, NULL, | |
1512 | (void**)&table) == SUCCESS) | |
1513 | { /* route is from an excluded routing table */ | |
d266e895 TE |
1514 | continue; |
1515 | } | |
fb6c8591 | 1516 | if (this->routing_table != 0 && |
66253465 | 1517 | route->table == this->routing_table) |
fb6c8591 | 1518 | { /* route is from our own ipsec routing table */ |
36b7ba5e | 1519 | continue; |
fb6c8591 | 1520 | } |
940e1b0f | 1521 | if (route->oif && !is_interface_up_and_usable(this, route->oif)) |
d1769942 | 1522 | { /* interface is down */ |
36b7ba5e | 1523 | continue; |
fb6c8591 | 1524 | } |
66253465 | 1525 | if (!addr_in_subnet(chunk, route->dst, route->dst_len)) |
d1769942 | 1526 | { /* route destination does not contain dest */ |
36b7ba5e | 1527 | continue; |
fb6c8591 | 1528 | } |
66253465 TB |
1529 | if (route->src.ptr) |
1530 | { /* verify source address, if any */ | |
1531 | host_t *src = host_create_from_chunk(msg->rtm_family, | |
1532 | route->src, 0); | |
c6b40158 | 1533 | if (src && is_known_vip(this, src)) |
66253465 TB |
1534 | { /* ignore routes installed by us */ |
1535 | src->destroy(src); | |
1536 | continue; | |
507f26f6 | 1537 | } |
66253465 | 1538 | route->src_host = src; |
fb6c8591 | 1539 | } |
66253465 TB |
1540 | /* insert route, sorted by decreasing network prefix */ |
1541 | enumerator = routes->create_enumerator(routes); | |
1542 | while (enumerator->enumerate(enumerator, &other)) | |
1543 | { | |
1544 | if (route->dst_len > other->dst_len) | |
507f26f6 | 1545 | { |
66253465 | 1546 | break; |
507f26f6 TB |
1547 | } |
1548 | } | |
66253465 TB |
1549 | routes->insert_before(routes, enumerator, route); |
1550 | enumerator->destroy(enumerator); | |
1551 | route = NULL; | |
36b7ba5e | 1552 | continue; |
507f26f6 TB |
1553 | } |
1554 | default: | |
507f26f6 TB |
1555 | continue; |
1556 | } | |
1557 | break; | |
1558 | } | |
66253465 TB |
1559 | if (route) |
1560 | { | |
1561 | rt_entry_destroy(route); | |
1562 | } | |
1563 | ||
1564 | /* now we have a list of routes matching dest, sorted by net prefix. | |
1565 | * we will look for source addresses for these routes and select the one | |
1566 | * with the preferred source address, if possible */ | |
1567 | enumerator = routes->create_enumerator(routes); | |
1568 | while (enumerator->enumerate(enumerator, &route)) | |
1569 | { | |
1570 | if (route->src_host) | |
1571 | { /* got a source address with the route, if no preferred source | |
1572 | * is given or it matches we are done, as this is the best route */ | |
1573 | if (!candidate || candidate->ip_equals(candidate, route->src_host)) | |
1574 | { | |
1575 | best = route; | |
1576 | break; | |
1577 | } | |
1578 | else if (route->oif) | |
1579 | { /* no match yet, maybe it is assigned to the same interface */ | |
1580 | host_t *src = get_interface_address(this, route->oif, | |
1581 | msg->rtm_family, candidate); | |
1582 | if (src && src->ip_equals(src, candidate)) | |
1583 | { | |
1584 | route->src_host->destroy(route->src_host); | |
1585 | route->src_host = src; | |
1586 | best = route; | |
1587 | break; | |
1588 | } | |
1589 | DESTROY_IF(src); | |
1590 | } | |
1591 | /* no luck yet with the source address. if this is the best (first) | |
1592 | * route we store it as fallback in case we don't find a route with | |
1593 | * the preferred source */ | |
1594 | best = best ?: route; | |
1595 | continue; | |
1596 | } | |
1597 | if (route->oif) | |
1598 | { /* no src, but an interface - get address from it */ | |
1599 | route->src_host = get_interface_address(this, route->oif, | |
1600 | msg->rtm_family, candidate); | |
1601 | if (route->src_host) | |
1602 | { /* we handle this address the same as the one above */ | |
1603 | if (!candidate || | |
1604 | candidate->ip_equals(candidate, route->src_host)) | |
1605 | { | |
1606 | best = route; | |
1607 | break; | |
1608 | } | |
1609 | best = best ?: route; | |
1610 | continue; | |
1611 | } | |
1612 | } | |
1613 | if (route->gtw.ptr) | |
1614 | { /* no src, no iface, but a gateway - lookup src to reach gtw */ | |
1615 | host_t *gtw; | |
1616 | ||
1617 | gtw = host_create_from_chunk(msg->rtm_family, route->gtw, 0); | |
5be88ca6 TB |
1618 | if (gtw && !gtw->ip_equals(gtw, dest)) |
1619 | { | |
cbd52e7d TB |
1620 | route->src_host = get_route(this, gtw, FALSE, candidate, |
1621 | recursion + 1); | |
5be88ca6 TB |
1622 | } |
1623 | DESTROY_IF(gtw); | |
66253465 TB |
1624 | if (route->src_host) |
1625 | { /* more of the same */ | |
1626 | if (!candidate || | |
1627 | candidate->ip_equals(candidate, route->src_host)) | |
1628 | { | |
1629 | best = route; | |
1630 | break; | |
1631 | } | |
1632 | best = best ?: route; | |
1633 | } | |
1634 | } | |
1635 | } | |
1636 | enumerator->destroy(enumerator); | |
7daf5226 | 1637 | |
507f26f6 | 1638 | if (nexthop) |
66253465 TB |
1639 | { /* nexthop lookup, return gateway if any */ |
1640 | if (best || routes->get_first(routes, (void**)&best) == SUCCESS) | |
1641 | { | |
1642 | addr = host_create_from_chunk(msg->rtm_family, best->gtw, 0); | |
1643 | } | |
1644 | addr = addr ?: dest->clone(dest); | |
1645 | } | |
1646 | else | |
507f26f6 | 1647 | { |
66253465 | 1648 | if (best) |
507f26f6 | 1649 | { |
66253465 | 1650 | addr = best->src_host->clone(best->src_host); |
507f26f6 | 1651 | } |
507f26f6 | 1652 | } |
a25d536e | 1653 | this->lock->unlock(this->lock); |
66253465 TB |
1654 | routes->destroy_function(routes, (void*)rt_entry_destroy); |
1655 | free(out); | |
1656 | ||
1657 | if (addr) | |
1658 | { | |
1659 | DBG2(DBG_KNL, "using %H as %s to reach %H", addr, | |
1660 | nexthop ? "nexthop" : "address", dest); | |
1661 | } | |
cbd52e7d | 1662 | else if (!recursion) |
66253465 TB |
1663 | { |
1664 | DBG2(DBG_KNL, "no %s found to reach %H", | |
1665 | nexthop ? "nexthop" : "address", dest); | |
1666 | } | |
1667 | return addr; | |
507f26f6 TB |
1668 | } |
1669 | ||
887abfb1 MW |
1670 | METHOD(kernel_net_t, get_source_addr, host_t*, |
1671 | private_kernel_netlink_net_t *this, host_t *dest, host_t *src) | |
507f26f6 | 1672 | { |
cbd52e7d | 1673 | return get_route(this, dest, FALSE, src, 0); |
507f26f6 TB |
1674 | } |
1675 | ||
887abfb1 | 1676 | METHOD(kernel_net_t, get_nexthop, host_t*, |
dad6d904 | 1677 | private_kernel_netlink_net_t *this, host_t *dest, host_t *src) |
507f26f6 | 1678 | { |
cbd52e7d | 1679 | return get_route(this, dest, TRUE, src, 0); |
507f26f6 TB |
1680 | } |
1681 | ||
1682 | /** | |
1683 | * Manages the creation and deletion of ip addresses on an interface. | |
1684 | * By setting the appropriate nlmsg_type, the ip will be set or unset. | |
1685 | */ | |
1686 | static status_t manage_ipaddr(private_kernel_netlink_net_t *this, int nlmsg_type, | |
50bd7558 | 1687 | int flags, int if_index, host_t *ip, int prefix) |
507f26f6 | 1688 | { |
21bf86f7 | 1689 | netlink_buf_t request; |
507f26f6 TB |
1690 | struct nlmsghdr *hdr; |
1691 | struct ifaddrmsg *msg; | |
1692 | chunk_t chunk; | |
7daf5226 | 1693 | |
507f26f6 | 1694 | memset(&request, 0, sizeof(request)); |
7daf5226 | 1695 | |
507f26f6 | 1696 | chunk = ip->get_address(ip); |
7daf5226 | 1697 | |
323f9f99 | 1698 | hdr = (struct nlmsghdr*)request; |
507f26f6 | 1699 | hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK | flags; |
7daf5226 | 1700 | hdr->nlmsg_type = nlmsg_type; |
507f26f6 | 1701 | hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct ifaddrmsg)); |
7daf5226 | 1702 | |
507f26f6 | 1703 | msg = (struct ifaddrmsg*)NLMSG_DATA(hdr); |
323f9f99 MW |
1704 | msg->ifa_family = ip->get_family(ip); |
1705 | msg->ifa_flags = 0; | |
50bd7558 | 1706 | msg->ifa_prefixlen = prefix < 0 ? chunk.len * 8 : prefix; |
323f9f99 MW |
1707 | msg->ifa_scope = RT_SCOPE_UNIVERSE; |
1708 | msg->ifa_index = if_index; | |
7daf5226 | 1709 | |
507f26f6 TB |
1710 | netlink_add_attribute(hdr, IFA_LOCAL, chunk, sizeof(request)); |
1711 | ||
1712 | return this->socket->send_ack(this->socket, hdr); | |
1713 | } | |
1714 | ||
887abfb1 | 1715 | METHOD(kernel_net_t, add_ip, status_t, |
50bd7558 | 1716 | private_kernel_netlink_net_t *this, host_t *virtual_ip, int prefix, |
b185cdd1 | 1717 | char *iface_name) |
507f26f6 | 1718 | { |
c6b40158 TB |
1719 | addr_map_entry_t *entry, lookup = { |
1720 | .ip = virtual_ip, | |
1721 | }; | |
e8e9048f | 1722 | iface_entry_t *iface = NULL; |
7daf5226 | 1723 | |
9474a0d9 MW |
1724 | if (!this->install_virtual_ip) |
1725 | { /* disabled by config */ | |
1726 | return SUCCESS; | |
1727 | } | |
7daf5226 | 1728 | |
a25d536e | 1729 | this->lock->write_lock(this->lock); |
c6b40158 TB |
1730 | /* the virtual IP might actually be installed as regular IP, in which case |
1731 | * we don't track it as virtual IP */ | |
1732 | entry = this->addrs->get_match(this->addrs, &lookup, | |
1733 | (void*)addr_map_entry_match); | |
1734 | if (!entry) | |
1735 | { /* otherwise it might already be installed as virtual IP */ | |
1736 | entry = this->vips->get_match(this->vips, &lookup, | |
1737 | (void*)addr_map_entry_match); | |
1738 | if (entry) | |
1739 | { /* the vip we found can be in one of three states: 1) installed and | |
1740 | * ready, 2) just added by another thread, but not yet confirmed to | |
1741 | * be installed by the kernel, 3) just deleted, but not yet gone. | |
1742 | * Then while we wait below, several things could happen (as we | |
a25d536e | 1743 | * release the lock). For instance, the interface could disappear, |
e8e9048f | 1744 | * or the IP is finally deleted, and it reappears on a different |
c6b40158 TB |
1745 | * interface. All these cases are handled by the call below. */ |
1746 | while (!is_vip_installed_or_gone(this, virtual_ip, &entry)) | |
507f26f6 | 1747 | { |
a25d536e | 1748 | this->condvar->wait(this->condvar, this->lock); |
507f26f6 | 1749 | } |
c6b40158 | 1750 | if (entry) |
507f26f6 | 1751 | { |
c6b40158 | 1752 | entry->addr->refcount++; |
507f26f6 TB |
1753 | } |
1754 | } | |
c6b40158 TB |
1755 | } |
1756 | if (entry) | |
1757 | { | |
1758 | DBG2(DBG_KNL, "virtual IP %H is already installed on %s", virtual_ip, | |
1759 | entry->iface->ifname); | |
a25d536e | 1760 | this->lock->unlock(this->lock); |
c6b40158 TB |
1761 | return SUCCESS; |
1762 | } | |
e8e9048f TB |
1763 | /* try to find the target interface, either by config or via src ip */ |
1764 | if (!this->install_virtual_ip_on || | |
1765 | this->ifaces->find_first(this->ifaces, (void*)iface_entry_by_name, | |
1766 | (void**)&iface, this->install_virtual_ip_on) != SUCCESS) | |
1767 | { | |
b185cdd1 MW |
1768 | if (this->ifaces->find_first(this->ifaces, (void*)iface_entry_by_name, |
1769 | (void**)&iface, iface_name) != SUCCESS) | |
e8e9048f TB |
1770 | { /* if we don't find the requested interface we just use the first */ |
1771 | this->ifaces->get_first(this->ifaces, (void**)&iface); | |
1772 | } | |
c6b40158 | 1773 | } |
c6b40158 TB |
1774 | if (iface) |
1775 | { | |
1776 | addr_entry_t *addr; | |
7daf5226 | 1777 | |
c6b40158 TB |
1778 | INIT(addr, |
1779 | .ip = virtual_ip->clone(virtual_ip), | |
1780 | .refcount = 1, | |
1781 | .scope = RT_SCOPE_UNIVERSE, | |
1782 | ); | |
1783 | iface->addrs->insert_last(iface->addrs, addr); | |
1784 | addr_map_entry_add(this->vips, addr, iface); | |
1785 | if (manage_ipaddr(this, RTM_NEWADDR, NLM_F_CREATE | NLM_F_EXCL, | |
50bd7558 | 1786 | iface->ifindex, virtual_ip, prefix) == SUCCESS) |
507f26f6 | 1787 | { |
c6b40158 TB |
1788 | while (!is_vip_installed_or_gone(this, virtual_ip, &entry)) |
1789 | { /* wait until address appears */ | |
a25d536e | 1790 | this->condvar->wait(this->condvar, this->lock); |
c6b40158 TB |
1791 | } |
1792 | if (entry) | |
1793 | { /* we fail if the interface got deleted in the meantime */ | |
e8e9048f TB |
1794 | DBG2(DBG_KNL, "virtual IP %H installed on %s", virtual_ip, |
1795 | entry->iface->ifname); | |
a25d536e | 1796 | this->lock->unlock(this->lock); |
3dc9d427 MW |
1797 | /* during IKEv1 reauthentication, children get moved from |
1798 | * old the new SA before the virtual IP is available. This | |
1799 | * kills the route for our virtual IP, reinstall. */ | |
cf6a4ea0 | 1800 | queue_route_reinstall(this, strdup(entry->iface->ifname)); |
507f26f6 TB |
1801 | return SUCCESS; |
1802 | } | |
507f26f6 | 1803 | } |
a25d536e | 1804 | this->lock->unlock(this->lock); |
c6b40158 TB |
1805 | DBG1(DBG_KNL, "adding virtual IP %H failed", virtual_ip); |
1806 | return FAILED; | |
507f26f6 | 1807 | } |
a25d536e | 1808 | this->lock->unlock(this->lock); |
c6b40158 TB |
1809 | DBG1(DBG_KNL, "no interface available, unable to install virtual IP %H", |
1810 | virtual_ip); | |
507f26f6 TB |
1811 | return FAILED; |
1812 | } | |
1813 | ||
887abfb1 | 1814 | METHOD(kernel_net_t, del_ip, status_t, |
d88597f0 MW |
1815 | private_kernel_netlink_net_t *this, host_t *virtual_ip, int prefix, |
1816 | bool wait) | |
507f26f6 | 1817 | { |
c6b40158 TB |
1818 | addr_map_entry_t *entry, lookup = { |
1819 | .ip = virtual_ip, | |
1820 | }; | |
7daf5226 | 1821 | |
9474a0d9 MW |
1822 | if (!this->install_virtual_ip) |
1823 | { /* disabled by config */ | |
1824 | return SUCCESS; | |
1825 | } | |
7daf5226 | 1826 | |
507f26f6 | 1827 | DBG2(DBG_KNL, "deleting virtual IP %H", virtual_ip); |
7daf5226 | 1828 | |
a25d536e | 1829 | this->lock->write_lock(this->lock); |
c6b40158 TB |
1830 | entry = this->vips->get_match(this->vips, &lookup, |
1831 | (void*)addr_map_entry_match); | |
1832 | if (!entry) | |
1833 | { /* we didn't install this IP as virtual IP */ | |
1834 | entry = this->addrs->get_match(this->addrs, &lookup, | |
1835 | (void*)addr_map_entry_match); | |
1836 | if (entry) | |
507f26f6 | 1837 | { |
c6b40158 TB |
1838 | DBG2(DBG_KNL, "not deleting existing IP %H on %s", virtual_ip, |
1839 | entry->iface->ifname); | |
a25d536e | 1840 | this->lock->unlock(this->lock); |
c6b40158 TB |
1841 | return SUCCESS; |
1842 | } | |
1843 | DBG2(DBG_KNL, "virtual IP %H not cached, unable to delete", virtual_ip); | |
a25d536e | 1844 | this->lock->unlock(this->lock); |
c6b40158 TB |
1845 | return FAILED; |
1846 | } | |
1847 | if (entry->addr->refcount == 1) | |
1848 | { | |
1849 | status_t status; | |
1850 | ||
1851 | /* we set this flag so that threads calling add_ip will block and wait | |
1852 | * until the entry is gone, also so we can wait below */ | |
1853 | entry->addr->installed = FALSE; | |
1854 | status = manage_ipaddr(this, RTM_DELADDR, 0, entry->iface->ifindex, | |
50bd7558 | 1855 | virtual_ip, prefix); |
d88597f0 | 1856 | if (status == SUCCESS && wait) |
c6b40158 TB |
1857 | { /* wait until the address is really gone */ |
1858 | while (is_known_vip(this, virtual_ip)) | |
507f26f6 | 1859 | { |
a25d536e | 1860 | this->condvar->wait(this->condvar, this->lock); |
507f26f6 TB |
1861 | } |
1862 | } | |
a25d536e | 1863 | this->lock->unlock(this->lock); |
c6b40158 | 1864 | return status; |
507f26f6 | 1865 | } |
c6b40158 TB |
1866 | else |
1867 | { | |
1868 | entry->addr->refcount--; | |
1869 | } | |
1870 | DBG2(DBG_KNL, "virtual IP %H used by other SAs, not deleting", | |
1871 | virtual_ip); | |
a25d536e | 1872 | this->lock->unlock(this->lock); |
c6b40158 | 1873 | return SUCCESS; |
507f26f6 TB |
1874 | } |
1875 | ||
1876 | /** | |
1877 | * Manages source routes in the routing table. | |
1878 | * By setting the appropriate nlmsg_type, the route gets added or removed. | |
1879 | */ | |
74ba22c9 TB |
1880 | static status_t manage_srcroute(private_kernel_netlink_net_t *this, |
1881 | int nlmsg_type, int flags, chunk_t dst_net, | |
1882 | u_int8_t prefixlen, host_t *gateway, | |
1883 | host_t *src_ip, char *if_name) | |
507f26f6 | 1884 | { |
21bf86f7 | 1885 | netlink_buf_t request; |
507f26f6 TB |
1886 | struct nlmsghdr *hdr; |
1887 | struct rtmsg *msg; | |
1888 | int ifindex; | |
1889 | chunk_t chunk; | |
1890 | ||
1891 | /* if route is 0.0.0.0/0, we can't install it, as it would | |
1892 | * overwrite the default route. Instead, we add two routes: | |
1893 | * 0.0.0.0/1 and 128.0.0.0/1 */ | |
1894 | if (this->routing_table == 0 && prefixlen == 0) | |
1895 | { | |
1896 | chunk_t half_net; | |
1897 | u_int8_t half_prefixlen; | |
1898 | status_t status; | |
7daf5226 | 1899 | |
507f26f6 TB |
1900 | half_net = chunk_alloca(dst_net.len); |
1901 | memset(half_net.ptr, 0, half_net.len); | |
1902 | half_prefixlen = 1; | |
7daf5226 | 1903 | |
507f26f6 TB |
1904 | status = manage_srcroute(this, nlmsg_type, flags, half_net, half_prefixlen, |
1905 | gateway, src_ip, if_name); | |
1906 | half_net.ptr[0] |= 0x80; | |
1907 | status = manage_srcroute(this, nlmsg_type, flags, half_net, half_prefixlen, | |
1908 | gateway, src_ip, if_name); | |
1909 | return status; | |
1910 | } | |
7daf5226 | 1911 | |
507f26f6 TB |
1912 | memset(&request, 0, sizeof(request)); |
1913 | ||
1914 | hdr = (struct nlmsghdr*)request; | |
1915 | hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK | flags; | |
1916 | hdr->nlmsg_type = nlmsg_type; | |
1917 | hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct rtmsg)); | |
1918 | ||
1919 | msg = (struct rtmsg*)NLMSG_DATA(hdr); | |
1920 | msg->rtm_family = src_ip->get_family(src_ip); | |
1921 | msg->rtm_dst_len = prefixlen; | |
1922 | msg->rtm_table = this->routing_table; | |
1923 | msg->rtm_protocol = RTPROT_STATIC; | |
1924 | msg->rtm_type = RTN_UNICAST; | |
1925 | msg->rtm_scope = RT_SCOPE_UNIVERSE; | |
7daf5226 | 1926 | |
507f26f6 TB |
1927 | netlink_add_attribute(hdr, RTA_DST, dst_net, sizeof(request)); |
1928 | chunk = src_ip->get_address(src_ip); | |
1929 | netlink_add_attribute(hdr, RTA_PREFSRC, chunk, sizeof(request)); | |
5be75c2c MW |
1930 | if (gateway && gateway->get_family(gateway) == src_ip->get_family(src_ip)) |
1931 | { | |
1932 | chunk = gateway->get_address(gateway); | |
1933 | netlink_add_attribute(hdr, RTA_GATEWAY, chunk, sizeof(request)); | |
1934 | } | |
507f26f6 TB |
1935 | ifindex = get_interface_index(this, if_name); |
1936 | chunk.ptr = (char*)&ifindex; | |
1937 | chunk.len = sizeof(ifindex); | |
1938 | netlink_add_attribute(hdr, RTA_OIF, chunk, sizeof(request)); | |
1939 | ||
1940 | return this->socket->send_ack(this->socket, hdr); | |
1941 | } | |
1942 | ||
887abfb1 MW |
1943 | METHOD(kernel_net_t, add_route, status_t, |
1944 | private_kernel_netlink_net_t *this, chunk_t dst_net, u_int8_t prefixlen, | |
1945 | host_t *gateway, host_t *src_ip, char *if_name) | |
507f26f6 | 1946 | { |
74ba22c9 TB |
1947 | status_t status; |
1948 | route_entry_t *found, route = { | |
1949 | .dst_net = dst_net, | |
1950 | .prefixlen = prefixlen, | |
1951 | .gateway = gateway, | |
1952 | .src_ip = src_ip, | |
1953 | .if_name = if_name, | |
1954 | }; | |
1955 | ||
16d62305 | 1956 | this->routes_lock->lock(this->routes_lock); |
74ba22c9 TB |
1957 | found = this->routes->get(this->routes, &route); |
1958 | if (found) | |
1959 | { | |
16d62305 | 1960 | this->routes_lock->unlock(this->routes_lock); |
74ba22c9 TB |
1961 | return ALREADY_DONE; |
1962 | } | |
1963 | found = route_entry_clone(&route); | |
1964 | this->routes->put(this->routes, found, found); | |
1965 | status = manage_srcroute(this, RTM_NEWROUTE, NLM_F_CREATE | NLM_F_EXCL, | |
1966 | dst_net, prefixlen, gateway, src_ip, if_name); | |
16d62305 | 1967 | this->routes_lock->unlock(this->routes_lock); |
74ba22c9 | 1968 | return status; |
507f26f6 | 1969 | } |
7daf5226 | 1970 | |
887abfb1 MW |
1971 | METHOD(kernel_net_t, del_route, status_t, |
1972 | private_kernel_netlink_net_t *this, chunk_t dst_net, u_int8_t prefixlen, | |
1973 | host_t *gateway, host_t *src_ip, char *if_name) | |
507f26f6 | 1974 | { |
74ba22c9 TB |
1975 | status_t status; |
1976 | route_entry_t *found, route = { | |
1977 | .dst_net = dst_net, | |
1978 | .prefixlen = prefixlen, | |
1979 | .gateway = gateway, | |
1980 | .src_ip = src_ip, | |
1981 | .if_name = if_name, | |
1982 | }; | |
1983 | ||
16d62305 | 1984 | this->routes_lock->lock(this->routes_lock); |
74ba22c9 TB |
1985 | found = this->routes->get(this->routes, &route); |
1986 | if (!found) | |
1987 | { | |
16d62305 | 1988 | this->routes_lock->unlock(this->routes_lock); |
74ba22c9 TB |
1989 | return NOT_FOUND; |
1990 | } | |
1991 | this->routes->remove(this->routes, found); | |
1992 | route_entry_destroy(found); | |
1993 | status = manage_srcroute(this, RTM_DELROUTE, 0, dst_net, prefixlen, | |
1994 | gateway, src_ip, if_name); | |
16d62305 | 1995 | this->routes_lock->unlock(this->routes_lock); |
74ba22c9 | 1996 | return status; |
507f26f6 TB |
1997 | } |
1998 | ||
1999 | /** | |
2000 | * Initialize a list of local addresses. | |
2001 | */ | |
2002 | static status_t init_address_list(private_kernel_netlink_net_t *this) | |
2003 | { | |
21bf86f7 | 2004 | netlink_buf_t request; |
507f26f6 TB |
2005 | struct nlmsghdr *out, *current, *in; |
2006 | struct rtgenmsg *msg; | |
2007 | size_t len; | |
e13389a7 | 2008 | enumerator_t *ifaces, *addrs; |
507f26f6 TB |
2009 | iface_entry_t *iface; |
2010 | addr_entry_t *addr; | |
7daf5226 | 2011 | |
31a0e24b | 2012 | DBG2(DBG_KNL, "known interfaces and IP addresses:"); |
7daf5226 | 2013 | |
507f26f6 TB |
2014 | memset(&request, 0, sizeof(request)); |
2015 | ||
2016 | in = (struct nlmsghdr*)&request; | |
2017 | in->nlmsg_len = NLMSG_LENGTH(sizeof(struct rtgenmsg)); | |
2018 | in->nlmsg_flags = NLM_F_REQUEST | NLM_F_MATCH | NLM_F_ROOT; | |
2019 | msg = (struct rtgenmsg*)NLMSG_DATA(in); | |
2020 | msg->rtgen_family = AF_UNSPEC; | |
7daf5226 | 2021 | |
507f26f6 TB |
2022 | /* get all links */ |
2023 | in->nlmsg_type = RTM_GETLINK; | |
2024 | if (this->socket->send(this->socket, in, &out, &len) != SUCCESS) | |
2025 | { | |
2026 | return FAILED; | |
2027 | } | |
2028 | current = out; | |
2029 | while (NLMSG_OK(current, len)) | |
2030 | { | |
2031 | switch (current->nlmsg_type) | |
2032 | { | |
2033 | case NLMSG_DONE: | |
2034 | break; | |
2035 | case RTM_NEWLINK: | |
2036 | process_link(this, current, FALSE); | |
2037 | /* fall through */ | |
2038 | default: | |
2039 | current = NLMSG_NEXT(current, len); | |
2040 | continue; | |
2041 | } | |
2042 | break; | |
2043 | } | |
2044 | free(out); | |
7daf5226 | 2045 | |
507f26f6 TB |
2046 | /* get all interface addresses */ |
2047 | in->nlmsg_type = RTM_GETADDR; | |
2048 | if (this->socket->send(this->socket, in, &out, &len) != SUCCESS) | |
2049 | { | |
2050 | return FAILED; | |
2051 | } | |
2052 | current = out; | |
2053 | while (NLMSG_OK(current, len)) | |
2054 | { | |
2055 | switch (current->nlmsg_type) | |
2056 | { | |
2057 | case NLMSG_DONE: | |
2058 | break; | |
2059 | case RTM_NEWADDR: | |
2060 | process_addr(this, current, FALSE); | |
2061 | /* fall through */ | |
2062 | default: | |
2063 | current = NLMSG_NEXT(current, len); | |
2064 | continue; | |
2065 | } | |
2066 | break; | |
2067 | } | |
2068 | free(out); | |
7daf5226 | 2069 | |
a25d536e | 2070 | this->lock->read_lock(this->lock); |
e13389a7 MW |
2071 | ifaces = this->ifaces->create_enumerator(this->ifaces); |
2072 | while (ifaces->enumerate(ifaces, &iface)) | |
507f26f6 | 2073 | { |
940e1b0f | 2074 | if (iface_entry_up_and_usable(iface)) |
507f26f6 | 2075 | { |
31a0e24b | 2076 | DBG2(DBG_KNL, " %s", iface->ifname); |
e13389a7 MW |
2077 | addrs = iface->addrs->create_enumerator(iface->addrs); |
2078 | while (addrs->enumerate(addrs, (void**)&addr)) | |
507f26f6 | 2079 | { |
31a0e24b | 2080 | DBG2(DBG_KNL, " %H", addr->ip); |
507f26f6 TB |
2081 | } |
2082 | addrs->destroy(addrs); | |
2083 | } | |
2084 | } | |
2085 | ifaces->destroy(ifaces); | |
a25d536e | 2086 | this->lock->unlock(this->lock); |
507f26f6 TB |
2087 | return SUCCESS; |
2088 | } | |
2089 | ||
2090 | /** | |
2091 | * create or delete a rule to use our routing table | |
2092 | */ | |
2093 | static status_t manage_rule(private_kernel_netlink_net_t *this, int nlmsg_type, | |
5be75c2c | 2094 | int family, u_int32_t table, u_int32_t prio) |
507f26f6 | 2095 | { |
21bf86f7 | 2096 | netlink_buf_t request; |
507f26f6 TB |
2097 | struct nlmsghdr *hdr; |
2098 | struct rtmsg *msg; | |
2099 | chunk_t chunk; | |
51fefe46 TB |
2100 | char *fwmark; |
2101 | mark_t mark; | |
507f26f6 | 2102 | |
7daf5226 | 2103 | memset(&request, 0, sizeof(request)); |
507f26f6 TB |
2104 | hdr = (struct nlmsghdr*)request; |
2105 | hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK; | |
7daf5226 | 2106 | hdr->nlmsg_type = nlmsg_type; |
507f26f6 TB |
2107 | if (nlmsg_type == RTM_NEWRULE) |
2108 | { | |
2109 | hdr->nlmsg_flags |= NLM_F_CREATE | NLM_F_EXCL; | |
2110 | } | |
2111 | hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct rtmsg)); | |
2112 | ||
2113 | msg = (struct rtmsg*)NLMSG_DATA(hdr); | |
2114 | msg->rtm_table = table; | |
5be75c2c | 2115 | msg->rtm_family = family; |
507f26f6 TB |
2116 | msg->rtm_protocol = RTPROT_BOOT; |
2117 | msg->rtm_scope = RT_SCOPE_UNIVERSE; | |
2118 | msg->rtm_type = RTN_UNICAST; | |
2119 | ||
2120 | chunk = chunk_from_thing(prio); | |
2121 | netlink_add_attribute(hdr, RTA_PRIORITY, chunk, sizeof(request)); | |
2122 | ||
51fefe46 TB |
2123 | fwmark = lib->settings->get_str(lib->settings, |
2124 | "%s.plugins.kernel-netlink.fwmark", NULL, hydra->daemon); | |
2125 | if (fwmark) | |
2126 | { | |
2127 | if (fwmark[0] == '!') | |
2128 | { | |
2129 | msg->rtm_flags |= FIB_RULE_INVERT; | |
2130 | fwmark++; | |
2131 | } | |
2132 | if (mark_from_string(fwmark, &mark)) | |
2133 | { | |
2134 | chunk = chunk_from_thing(mark.value); | |
2135 | netlink_add_attribute(hdr, FRA_FWMARK, chunk, sizeof(request)); | |
2136 | chunk = chunk_from_thing(mark.mask); | |
2137 | netlink_add_attribute(hdr, FRA_FWMASK, chunk, sizeof(request)); | |
2138 | } | |
2139 | } | |
507f26f6 TB |
2140 | return this->socket->send_ack(this->socket, hdr); |
2141 | } | |
2142 | ||
7beb31aa TB |
2143 | /** |
2144 | * check for kernel features (currently only via version number) | |
2145 | */ | |
2146 | static void check_kernel_features(private_kernel_netlink_net_t *this) | |
2147 | { | |
2148 | struct utsname utsname; | |
2149 | int a, b, c; | |
2150 | ||
2151 | if (uname(&utsname) == 0) | |
2152 | { | |
2153 | switch(sscanf(utsname.release, "%d.%d.%d", &a, &b, &c)) | |
2154 | { | |
2155 | case 3: | |
2156 | if (a == 2) | |
2157 | { | |
2158 | DBG2(DBG_KNL, "detected Linux %d.%d.%d, no support for " | |
2159 | "RTA_PREFSRC for IPv6 routes", a, b, c); | |
2160 | break; | |
2161 | } | |
2162 | /* fall-through */ | |
2163 | case 2: | |
2164 | /* only 3.x+ uses two part version numbers */ | |
2165 | this->rta_prefsrc_for_ipv6 = TRUE; | |
2166 | break; | |
2167 | default: | |
2168 | break; | |
2169 | } | |
2170 | } | |
2171 | } | |
2172 | ||
c6b40158 TB |
2173 | /** |
2174 | * Destroy an address to iface map | |
2175 | */ | |
2176 | static void addr_map_destroy(hashtable_t *map) | |
2177 | { | |
2178 | enumerator_t *enumerator; | |
2179 | addr_map_entry_t *addr; | |
2180 | ||
2181 | enumerator = map->create_enumerator(map); | |
2182 | while (enumerator->enumerate(enumerator, NULL, (void**)&addr)) | |
2183 | { | |
2184 | free(addr); | |
2185 | } | |
2186 | enumerator->destroy(enumerator); | |
2187 | map->destroy(map); | |
2188 | } | |
2189 | ||
887abfb1 MW |
2190 | METHOD(kernel_net_t, destroy, void, |
2191 | private_kernel_netlink_net_t *this) | |
507f26f6 | 2192 | { |
74ba22c9 TB |
2193 | enumerator_t *enumerator; |
2194 | route_entry_t *route; | |
2195 | ||
507f26f6 TB |
2196 | if (this->routing_table) |
2197 | { | |
5be75c2c MW |
2198 | manage_rule(this, RTM_DELRULE, AF_INET, this->routing_table, |
2199 | this->routing_table_prio); | |
2200 | manage_rule(this, RTM_DELRULE, AF_INET6, this->routing_table, | |
507f26f6 TB |
2201 | this->routing_table_prio); |
2202 | } | |
d6a27ec6 MW |
2203 | if (this->socket_events > 0) |
2204 | { | |
f4f77d74 | 2205 | lib->watcher->remove(lib->watcher, this->socket_events); |
d6a27ec6 MW |
2206 | close(this->socket_events); |
2207 | } | |
74ba22c9 TB |
2208 | enumerator = this->routes->create_enumerator(this->routes); |
2209 | while (enumerator->enumerate(enumerator, NULL, (void**)&route)) | |
2210 | { | |
2211 | manage_srcroute(this, RTM_DELROUTE, 0, route->dst_net, route->prefixlen, | |
2212 | route->gateway, route->src_ip, route->if_name); | |
2213 | route_entry_destroy(route); | |
2214 | } | |
2215 | enumerator->destroy(enumerator); | |
2216 | this->routes->destroy(this->routes); | |
16d62305 | 2217 | this->routes_lock->destroy(this->routes_lock); |
9e19cb91 | 2218 | DESTROY_IF(this->socket); |
74ba22c9 | 2219 | |
f834249c TB |
2220 | net_changes_clear(this); |
2221 | this->net_changes->destroy(this->net_changes); | |
2222 | this->net_changes_lock->destroy(this->net_changes_lock); | |
2223 | ||
c6b40158 TB |
2224 | addr_map_destroy(this->addrs); |
2225 | addr_map_destroy(this->vips); | |
1f97e1aa | 2226 | |
507f26f6 | 2227 | this->ifaces->destroy_function(this->ifaces, (void*)iface_entry_destroy); |
d266e895 | 2228 | this->rt_exclude->destroy(this->rt_exclude); |
4134108c | 2229 | this->roam_lock->destroy(this->roam_lock); |
3ac5a0db | 2230 | this->condvar->destroy(this->condvar); |
a25d536e | 2231 | this->lock->destroy(this->lock); |
507f26f6 TB |
2232 | free(this); |
2233 | } | |
2234 | ||
2235 | /* | |
2236 | * Described in header. | |
2237 | */ | |
2238 | kernel_netlink_net_t *kernel_netlink_net_create() | |
2239 | { | |
887abfb1 | 2240 | private_kernel_netlink_net_t *this; |
d266e895 | 2241 | enumerator_t *enumerator; |
05ca5655 | 2242 | bool register_for_events = TRUE; |
d266e895 | 2243 | char *exclude; |
7daf5226 | 2244 | |
887abfb1 MW |
2245 | INIT(this, |
2246 | .public = { | |
2247 | .interface = { | |
2248 | .get_interface = _get_interface_name, | |
2249 | .create_address_enumerator = _create_address_enumerator, | |
2250 | .get_source_addr = _get_source_addr, | |
2251 | .get_nexthop = _get_nexthop, | |
2252 | .add_ip = _add_ip, | |
2253 | .del_ip = _del_ip, | |
2254 | .add_route = _add_route, | |
2255 | .del_route = _del_route, | |
2256 | .destroy = _destroy, | |
2257 | }, | |
2258 | }, | |
2259 | .socket = netlink_socket_create(NETLINK_ROUTE), | |
2260 | .rt_exclude = linked_list_create(), | |
74ba22c9 TB |
2261 | .routes = hashtable_create((hashtable_hash_t)route_entry_hash, |
2262 | (hashtable_equals_t)route_entry_equals, 16), | |
f834249c TB |
2263 | .net_changes = hashtable_create( |
2264 | (hashtable_hash_t)net_change_hash, | |
2265 | (hashtable_equals_t)net_change_equals, 16), | |
1f97e1aa TB |
2266 | .addrs = hashtable_create( |
2267 | (hashtable_hash_t)addr_map_entry_hash, | |
2268 | (hashtable_equals_t)addr_map_entry_equals, 16), | |
c6b40158 TB |
2269 | .vips = hashtable_create((hashtable_hash_t)addr_map_entry_hash, |
2270 | (hashtable_equals_t)addr_map_entry_equals, 16), | |
16d62305 | 2271 | .routes_lock = mutex_create(MUTEX_TYPE_DEFAULT), |
f834249c | 2272 | .net_changes_lock = mutex_create(MUTEX_TYPE_DEFAULT), |
887abfb1 | 2273 | .ifaces = linked_list_create(), |
a25d536e TB |
2274 | .lock = rwlock_create(RWLOCK_TYPE_DEFAULT), |
2275 | .condvar = rwlock_condvar_create(), | |
4134108c | 2276 | .roam_lock = spinlock_create(), |
887abfb1 MW |
2277 | .routing_table = lib->settings->get_int(lib->settings, |
2278 | "%s.routing_table", ROUTING_TABLE, hydra->daemon), | |
2279 | .routing_table_prio = lib->settings->get_int(lib->settings, | |
2280 | "%s.routing_table_prio", ROUTING_TABLE_PRIO, hydra->daemon), | |
2281 | .process_route = lib->settings->get_bool(lib->settings, | |
2282 | "%s.process_route", TRUE, hydra->daemon), | |
2283 | .install_virtual_ip = lib->settings->get_bool(lib->settings, | |
2284 | "%s.install_virtual_ip", TRUE, hydra->daemon), | |
e8e9048f TB |
2285 | .install_virtual_ip_on = lib->settings->get_str(lib->settings, |
2286 | "%s.install_virtual_ip_on", NULL, hydra->daemon), | |
37873f99 TB |
2287 | .roam_events = lib->settings->get_bool(lib->settings, |
2288 | "%s.plugins.kernel-netlink.roam_events", TRUE, hydra->daemon), | |
887abfb1 | 2289 | ); |
f834249c | 2290 | timerclear(&this->last_route_reinstall); |
4134108c | 2291 | timerclear(&this->next_roam); |
887abfb1 | 2292 | |
7beb31aa TB |
2293 | check_kernel_features(this); |
2294 | ||
05ca5655 TB |
2295 | if (streq(hydra->daemon, "starter")) |
2296 | { /* starter has no threads, so we do not register for kernel events */ | |
2297 | register_for_events = FALSE; | |
2298 | } | |
2299 | ||
d266e895 | 2300 | exclude = lib->settings->get_str(lib->settings, |
06cdeac2 | 2301 | "%s.ignore_routing_tables", NULL, hydra->daemon); |
d266e895 TE |
2302 | if (exclude) |
2303 | { | |
2304 | char *token; | |
2305 | uintptr_t table; | |
2306 | ||
2307 | enumerator = enumerator_create_token(exclude, " ", " "); | |
2308 | while (enumerator->enumerate(enumerator, &token)) | |
2309 | { | |
2310 | errno = 0; | |
2311 | table = strtoul(token, NULL, 10); | |
2312 | ||
2313 | if (errno == 0) | |
2314 | { | |
2315 | this->rt_exclude->insert_last(this->rt_exclude, (void*)table); | |
2316 | } | |
2317 | } | |
2318 | enumerator->destroy(enumerator); | |
2319 | } | |
2320 | ||
05ca5655 | 2321 | if (register_for_events) |
507f26f6 | 2322 | { |
05ca5655 TB |
2323 | struct sockaddr_nl addr; |
2324 | ||
2325 | memset(&addr, 0, sizeof(addr)); | |
2326 | addr.nl_family = AF_NETLINK; | |
7daf5226 | 2327 | |
05ca5655 TB |
2328 | /* create and bind RT socket for events (address/interface/route changes) */ |
2329 | this->socket_events = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE); | |
2330 | if (this->socket_events < 0) | |
2331 | { | |
2332 | DBG1(DBG_KNL, "unable to create RT event socket"); | |
2333 | destroy(this); | |
2334 | return NULL; | |
2335 | } | |
2336 | addr.nl_groups = RTMGRP_IPV4_IFADDR | RTMGRP_IPV6_IFADDR | | |
2337 | RTMGRP_IPV4_ROUTE | RTMGRP_IPV6_ROUTE | RTMGRP_LINK; | |
2338 | if (bind(this->socket_events, (struct sockaddr*)&addr, sizeof(addr))) | |
2339 | { | |
2340 | DBG1(DBG_KNL, "unable to bind RT event socket"); | |
2341 | destroy(this); | |
2342 | return NULL; | |
2343 | } | |
2344 | ||
f4f77d74 MW |
2345 | lib->watcher->add(lib->watcher, this->socket_events, WATCHER_READ, |
2346 | (watcher_cb_t)receive_events, this); | |
05ca5655 | 2347 | } |
7daf5226 | 2348 | |
507f26f6 TB |
2349 | if (init_address_list(this) != SUCCESS) |
2350 | { | |
d6a27ec6 MW |
2351 | DBG1(DBG_KNL, "unable to get interface list"); |
2352 | destroy(this); | |
2353 | return NULL; | |
507f26f6 | 2354 | } |
7daf5226 | 2355 | |
507f26f6 TB |
2356 | if (this->routing_table) |
2357 | { | |
5be75c2c MW |
2358 | if (manage_rule(this, RTM_NEWRULE, AF_INET, this->routing_table, |
2359 | this->routing_table_prio) != SUCCESS) | |
2360 | { | |
2361 | DBG1(DBG_KNL, "unable to create IPv4 routing table rule"); | |
2362 | } | |
2363 | if (manage_rule(this, RTM_NEWRULE, AF_INET6, this->routing_table, | |
507f26f6 TB |
2364 | this->routing_table_prio) != SUCCESS) |
2365 | { | |
5be75c2c | 2366 | DBG1(DBG_KNL, "unable to create IPv6 routing table rule"); |
507f26f6 TB |
2367 | } |
2368 | } | |
7daf5226 | 2369 | |
507f26f6 TB |
2370 | return &this->public; |
2371 | } |