]>
Commit | Line | Data |
---|---|---|
507f26f6 | 1 | /* |
05ca5655 | 2 | * Copyright (C) 2008-2012 Tobias Brunner |
ce5b1708 | 3 | * Copyright (C) 2005-2008 Martin Willi |
507f26f6 TB |
4 | * Hochschule fuer Technik Rapperswil |
5 | * | |
6 | * This program is free software; you can redistribute it and/or modify it | |
7 | * under the terms of the GNU General Public License as published by the | |
8 | * Free Software Foundation; either version 2 of the License, or (at your | |
9 | * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
10 | * | |
11 | * This program is distributed in the hope that it will be useful, but | |
12 | * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
13 | * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
14 | * for more details. | |
507f26f6 TB |
15 | */ |
16 | ||
d266e895 TE |
17 | /* |
18 | * Copyright (C) 2010 secunet Security Networks AG | |
19 | * Copyright (C) 2010 Thomas Egerer | |
20 | * | |
21 | * Permission is hereby granted, free of charge, to any person obtaining a copy | |
22 | * of this software and associated documentation files (the "Software"), to deal | |
23 | * in the Software without restriction, including without limitation the rights | |
24 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | |
25 | * copies of the Software, and to permit persons to whom the Software is | |
26 | * furnished to do so, subject to the following conditions: | |
27 | * | |
28 | * The above copyright notice and this permission notice shall be included in | |
29 | * all copies or substantial portions of the Software. | |
30 | * | |
31 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | |
32 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | |
33 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | |
34 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | |
35 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | |
36 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN | |
37 | * THE SOFTWARE. | |
38 | */ | |
39 | ||
507f26f6 | 40 | #include <sys/socket.h> |
7beb31aa | 41 | #include <sys/utsname.h> |
507f26f6 TB |
42 | #include <linux/netlink.h> |
43 | #include <linux/rtnetlink.h> | |
507f26f6 TB |
44 | #include <unistd.h> |
45 | #include <errno.h> | |
46 | #include <net/if.h> | |
47 | ||
48 | #include "kernel_netlink_net.h" | |
49 | #include "kernel_netlink_shared.h" | |
50 | ||
c5f7146b | 51 | #include <hydra.h> |
062a6022 | 52 | #include <debug.h> |
4a5a5dd2 TB |
53 | #include <threading/thread.h> |
54 | #include <threading/condvar.h> | |
eba64cef | 55 | #include <threading/mutex.h> |
f834249c | 56 | #include <utils/hashtable.h> |
507f26f6 TB |
57 | #include <utils/linked_list.h> |
58 | #include <processing/jobs/callback_job.h> | |
507f26f6 | 59 | |
ba26508d | 60 | /** delay before firing roam events (ms) */ |
507f26f6 TB |
61 | #define ROAM_DELAY 100 |
62 | ||
f834249c TB |
63 | /** delay before reinstalling routes (ms) */ |
64 | #define ROUTE_DELAY 100 | |
65 | ||
507f26f6 TB |
66 | typedef struct addr_entry_t addr_entry_t; |
67 | ||
68 | /** | |
69 | * IP address in an inface_entry_t | |
70 | */ | |
71 | struct addr_entry_t { | |
7daf5226 | 72 | |
507f26f6 TB |
73 | /** The ip address */ |
74 | host_t *ip; | |
7daf5226 | 75 | |
507f26f6 TB |
76 | /** virtual IP managed by us */ |
77 | bool virtual; | |
7daf5226 | 78 | |
507f26f6 TB |
79 | /** scope of the address */ |
80 | u_char scope; | |
7daf5226 | 81 | |
507f26f6 TB |
82 | /** Number of times this IP is used, if virtual */ |
83 | u_int refcount; | |
84 | }; | |
85 | ||
86 | /** | |
87 | * destroy a addr_entry_t object | |
88 | */ | |
89 | static void addr_entry_destroy(addr_entry_t *this) | |
90 | { | |
91 | this->ip->destroy(this->ip); | |
92 | free(this); | |
93 | } | |
94 | ||
95 | typedef struct iface_entry_t iface_entry_t; | |
96 | ||
97 | /** | |
98 | * A network interface on this system, containing addr_entry_t's | |
99 | */ | |
100 | struct iface_entry_t { | |
7daf5226 | 101 | |
507f26f6 TB |
102 | /** interface index */ |
103 | int ifindex; | |
7daf5226 | 104 | |
507f26f6 TB |
105 | /** name of the interface */ |
106 | char ifname[IFNAMSIZ]; | |
7daf5226 | 107 | |
507f26f6 TB |
108 | /** interface flags, as in netdevice(7) SIOCGIFFLAGS */ |
109 | u_int flags; | |
7daf5226 | 110 | |
507f26f6 TB |
111 | /** list of addresses as host_t */ |
112 | linked_list_t *addrs; | |
113 | }; | |
114 | ||
115 | /** | |
116 | * destroy an interface entry | |
117 | */ | |
118 | static void iface_entry_destroy(iface_entry_t *this) | |
119 | { | |
120 | this->addrs->destroy_function(this->addrs, (void*)addr_entry_destroy); | |
121 | free(this); | |
122 | } | |
123 | ||
74ba22c9 TB |
124 | typedef struct route_entry_t route_entry_t; |
125 | ||
126 | /** | |
127 | * Installed routing entry | |
128 | */ | |
129 | struct route_entry_t { | |
130 | /** Name of the interface the route is bound to */ | |
131 | char *if_name; | |
132 | ||
133 | /** Source ip of the route */ | |
134 | host_t *src_ip; | |
135 | ||
136 | /** Gateway for this route */ | |
137 | host_t *gateway; | |
138 | ||
139 | /** Destination net */ | |
140 | chunk_t dst_net; | |
141 | ||
142 | /** Destination net prefixlen */ | |
143 | u_int8_t prefixlen; | |
144 | }; | |
145 | ||
146 | /** | |
147 | * Clone a route_entry_t object. | |
148 | */ | |
149 | static route_entry_t *route_entry_clone(route_entry_t *this) | |
150 | { | |
151 | route_entry_t *route; | |
152 | ||
153 | INIT(route, | |
154 | .if_name = strdup(this->if_name), | |
155 | .src_ip = this->src_ip->clone(this->src_ip), | |
156 | .gateway = this->gateway->clone(this->gateway), | |
157 | .dst_net = chunk_clone(this->dst_net), | |
158 | .prefixlen = this->prefixlen, | |
159 | ); | |
160 | return route; | |
161 | } | |
162 | ||
163 | /** | |
164 | * Destroy a route_entry_t object | |
165 | */ | |
166 | static void route_entry_destroy(route_entry_t *this) | |
167 | { | |
168 | free(this->if_name); | |
169 | DESTROY_IF(this->src_ip); | |
170 | DESTROY_IF(this->gateway); | |
171 | chunk_free(&this->dst_net); | |
172 | free(this); | |
173 | } | |
174 | ||
175 | /** | |
176 | * Hash a route_entry_t object | |
177 | */ | |
178 | static u_int route_entry_hash(route_entry_t *this) | |
179 | { | |
180 | return chunk_hash_inc(chunk_from_thing(this->prefixlen), | |
181 | chunk_hash(this->dst_net)); | |
182 | } | |
183 | ||
184 | /** | |
185 | * Compare two route_entry_t objects | |
186 | */ | |
187 | static bool route_entry_equals(route_entry_t *a, route_entry_t *b) | |
188 | { | |
189 | return a->if_name && b->if_name && streq(a->if_name, b->if_name) && | |
9896b6bd TB |
190 | a->src_ip->ip_equals(a->src_ip, b->src_ip) && |
191 | a->gateway->ip_equals(a->gateway, b->gateway) && | |
74ba22c9 TB |
192 | chunk_equals(a->dst_net, b->dst_net) && a->prefixlen == b->prefixlen; |
193 | } | |
194 | ||
f834249c TB |
195 | typedef struct net_change_t net_change_t; |
196 | ||
197 | /** | |
198 | * Queued network changes | |
199 | */ | |
200 | struct net_change_t { | |
201 | /** Name of the interface that got activated (or an IP appeared on) */ | |
202 | char *if_name; | |
f834249c TB |
203 | }; |
204 | ||
205 | /** | |
206 | * Destroy a net_change_t object | |
207 | */ | |
208 | static void net_change_destroy(net_change_t *this) | |
209 | { | |
f834249c TB |
210 | free(this->if_name); |
211 | free(this); | |
212 | } | |
213 | ||
214 | /** | |
215 | * Hash a net_change_t object | |
216 | */ | |
217 | static u_int net_change_hash(net_change_t *this) | |
218 | { | |
f834249c TB |
219 | return chunk_hash(chunk_create(this->if_name, strlen(this->if_name))); |
220 | } | |
221 | ||
222 | /** | |
223 | * Compare two net_change_t objects | |
224 | */ | |
225 | static bool net_change_equals(net_change_t *a, net_change_t *b) | |
226 | { | |
c732e220 | 227 | return streq(a->if_name, b->if_name); |
f834249c TB |
228 | } |
229 | ||
507f26f6 TB |
230 | typedef struct private_kernel_netlink_net_t private_kernel_netlink_net_t; |
231 | ||
232 | /** | |
233 | * Private variables and functions of kernel_netlink_net class. | |
234 | */ | |
235 | struct private_kernel_netlink_net_t { | |
236 | /** | |
237 | * Public part of the kernel_netlink_net_t object. | |
238 | */ | |
239 | kernel_netlink_net_t public; | |
7daf5226 | 240 | |
507f26f6 TB |
241 | /** |
242 | * mutex to lock access to various lists | |
243 | */ | |
3ac5a0db | 244 | mutex_t *mutex; |
7daf5226 | 245 | |
507f26f6 TB |
246 | /** |
247 | * condition variable to signal virtual IP add/removal | |
248 | */ | |
3ac5a0db | 249 | condvar_t *condvar; |
7daf5226 | 250 | |
507f26f6 TB |
251 | /** |
252 | * Cached list of interfaces and its addresses (iface_entry_t) | |
253 | */ | |
254 | linked_list_t *ifaces; | |
7daf5226 | 255 | |
507f26f6 TB |
256 | /** |
257 | * netlink rt socket (routing) | |
258 | */ | |
259 | netlink_socket_t *socket; | |
7daf5226 | 260 | |
507f26f6 TB |
261 | /** |
262 | * Netlink rt socket to receive address change events | |
263 | */ | |
264 | int socket_events; | |
7daf5226 | 265 | |
507f26f6 | 266 | /** |
ba26508d | 267 | * time of the last roam event |
507f26f6 | 268 | */ |
de578445 | 269 | timeval_t last_roam; |
7daf5226 | 270 | |
507f26f6 TB |
271 | /** |
272 | * routing table to install routes | |
273 | */ | |
274 | int routing_table; | |
7daf5226 | 275 | |
507f26f6 TB |
276 | /** |
277 | * priority of used routing table | |
278 | */ | |
279 | int routing_table_prio; | |
7daf5226 | 280 | |
74ba22c9 TB |
281 | /** |
282 | * installed routes | |
283 | */ | |
284 | hashtable_t *routes; | |
285 | ||
f834249c | 286 | /** |
c732e220 | 287 | * interface changes which may trigger route reinstallation |
f834249c TB |
288 | */ |
289 | hashtable_t *net_changes; | |
290 | ||
291 | /** | |
292 | * mutex for route reinstallation triggers | |
293 | */ | |
294 | mutex_t *net_changes_lock; | |
295 | ||
296 | /** | |
297 | * time of last route reinstallation | |
298 | */ | |
299 | timeval_t last_route_reinstall; | |
300 | ||
507f26f6 TB |
301 | /** |
302 | * whether to react to RTM_NEWROUTE or RTM_DELROUTE events | |
303 | */ | |
304 | bool process_route; | |
7daf5226 | 305 | |
9474a0d9 MW |
306 | /** |
307 | * whether to actually install virtual IPs | |
308 | */ | |
309 | bool install_virtual_ip; | |
d266e895 | 310 | |
7beb31aa TB |
311 | /** |
312 | * whether preferred source addresses can be specified for IPv6 routes | |
313 | */ | |
314 | bool rta_prefsrc_for_ipv6; | |
315 | ||
d266e895 TE |
316 | /** |
317 | * list with routing tables to be excluded from route lookup | |
318 | */ | |
319 | linked_list_t *rt_exclude; | |
507f26f6 TB |
320 | }; |
321 | ||
f834249c TB |
322 | /** |
323 | * Forward declaration | |
324 | */ | |
325 | static status_t manage_srcroute(private_kernel_netlink_net_t *this, | |
326 | int nlmsg_type, int flags, chunk_t dst_net, | |
327 | u_int8_t prefixlen, host_t *gateway, | |
328 | host_t *src_ip, char *if_name); | |
329 | ||
330 | /** | |
331 | * Clear the queued network changes. | |
332 | */ | |
333 | static void net_changes_clear(private_kernel_netlink_net_t *this) | |
334 | { | |
335 | enumerator_t *enumerator; | |
336 | net_change_t *change; | |
337 | ||
338 | enumerator = this->net_changes->create_enumerator(this->net_changes); | |
339 | while (enumerator->enumerate(enumerator, NULL, (void**)&change)) | |
340 | { | |
341 | this->net_changes->remove_at(this->net_changes, enumerator); | |
342 | net_change_destroy(change); | |
343 | } | |
344 | enumerator->destroy(enumerator); | |
345 | } | |
346 | ||
347 | /** | |
348 | * Act upon queued network changes. | |
349 | */ | |
350 | static job_requeue_t reinstall_routes(private_kernel_netlink_net_t *this) | |
351 | { | |
352 | enumerator_t *enumerator; | |
353 | route_entry_t *route; | |
354 | ||
355 | this->net_changes_lock->lock(this->net_changes_lock); | |
356 | this->mutex->lock(this->mutex); | |
357 | ||
358 | enumerator = this->routes->create_enumerator(this->routes); | |
359 | while (enumerator->enumerate(enumerator, NULL, (void**)&route)) | |
360 | { | |
361 | net_change_t *change, lookup = { | |
362 | .if_name = route->if_name, | |
363 | }; | |
c732e220 | 364 | /* check if a change for the outgoing interface is queued */ |
f834249c TB |
365 | change = this->net_changes->get(this->net_changes, &lookup); |
366 | if (!change) | |
c732e220 TB |
367 | { /* in case src_ip is not on the outgoing interface */ |
368 | lookup.if_name = this->public.interface.get_interface( | |
369 | &this->public.interface, route->src_ip); | |
370 | if (lookup.if_name && !streq(lookup.if_name, route->if_name)) | |
371 | { | |
372 | change = this->net_changes->get(this->net_changes, &lookup); | |
373 | } | |
374 | free(lookup.if_name); | |
f834249c TB |
375 | } |
376 | if (change) | |
377 | { | |
378 | manage_srcroute(this, RTM_NEWROUTE, NLM_F_CREATE | NLM_F_EXCL, | |
379 | route->dst_net, route->prefixlen, route->gateway, | |
380 | route->src_ip, route->if_name); | |
381 | } | |
382 | } | |
383 | enumerator->destroy(enumerator); | |
384 | this->mutex->unlock(this->mutex); | |
385 | ||
386 | net_changes_clear(this); | |
387 | this->net_changes_lock->unlock(this->net_changes_lock); | |
388 | return JOB_REQUEUE_NONE; | |
389 | } | |
390 | ||
391 | /** | |
392 | * Queue route reinstallation caused by network changes for a given interface. | |
f834249c TB |
393 | * |
394 | * The route reinstallation is delayed for a while and only done once for | |
395 | * several calls during this delay, in order to avoid doing it too often. | |
c732e220 | 396 | * The interface name is freed. |
f834249c TB |
397 | */ |
398 | static void queue_route_reinstall(private_kernel_netlink_net_t *this, | |
c732e220 | 399 | char *if_name) |
f834249c TB |
400 | { |
401 | net_change_t *update, *found; | |
402 | timeval_t now; | |
403 | job_t *job; | |
404 | ||
405 | INIT(update, | |
c732e220 | 406 | .if_name = if_name |
f834249c TB |
407 | ); |
408 | ||
409 | this->net_changes_lock->lock(this->net_changes_lock); | |
c732e220 | 410 | found = this->net_changes->put(this->net_changes, update, update); |
f834249c TB |
411 | if (found) |
412 | { | |
c732e220 | 413 | net_change_destroy(found); |
f834249c TB |
414 | } |
415 | time_monotonic(&now); | |
416 | if (timercmp(&now, &this->last_route_reinstall, >)) | |
417 | { | |
418 | now.tv_usec += ROUTE_DELAY * 1000; | |
419 | while (now.tv_usec > 1000000) | |
420 | { | |
421 | now.tv_sec++; | |
422 | now.tv_usec -= 1000000; | |
423 | } | |
424 | this->last_route_reinstall = now; | |
425 | ||
426 | job = (job_t*)callback_job_create((callback_job_cb_t)reinstall_routes, | |
427 | this, NULL, NULL); | |
428 | lib->scheduler->schedule_job_ms(lib->scheduler, job, ROUTE_DELAY); | |
429 | } | |
430 | this->net_changes_lock->unlock(this->net_changes_lock); | |
431 | } | |
432 | ||
507f26f6 TB |
433 | /** |
434 | * get the refcount of a virtual ip | |
435 | */ | |
436 | static int get_vip_refcount(private_kernel_netlink_net_t *this, host_t* ip) | |
437 | { | |
e2630434 | 438 | enumerator_t *ifaces, *addrs; |
507f26f6 TB |
439 | iface_entry_t *iface; |
440 | addr_entry_t *addr; | |
441 | int refcount = 0; | |
7daf5226 | 442 | |
e2630434 TB |
443 | ifaces = this->ifaces->create_enumerator(this->ifaces); |
444 | while (ifaces->enumerate(ifaces, (void**)&iface)) | |
507f26f6 | 445 | { |
e2630434 TB |
446 | addrs = iface->addrs->create_enumerator(iface->addrs); |
447 | while (addrs->enumerate(addrs, (void**)&addr)) | |
507f26f6 TB |
448 | { |
449 | if (addr->virtual && (iface->flags & IFF_UP) && | |
450 | ip->ip_equals(ip, addr->ip)) | |
451 | { | |
452 | refcount = addr->refcount; | |
453 | break; | |
454 | } | |
455 | } | |
456 | addrs->destroy(addrs); | |
457 | if (refcount) | |
458 | { | |
459 | break; | |
460 | } | |
461 | } | |
462 | ifaces->destroy(ifaces); | |
7daf5226 | 463 | |
507f26f6 TB |
464 | return refcount; |
465 | } | |
466 | ||
29607690 TB |
467 | /** |
468 | * get the first non-virtual ip address on the given interface. | |
da6d86dd TB |
469 | * if a candidate address is given, we first search for that address and if not |
470 | * found return the address as above. | |
29607690 TB |
471 | * returned host is a clone, has to be freed by caller. |
472 | */ | |
473 | static host_t *get_interface_address(private_kernel_netlink_net_t *this, | |
da6d86dd | 474 | int ifindex, int family, host_t *candidate) |
29607690 TB |
475 | { |
476 | enumerator_t *ifaces, *addrs; | |
477 | iface_entry_t *iface; | |
478 | addr_entry_t *addr; | |
479 | host_t *ip = NULL; | |
480 | ||
481 | this->mutex->lock(this->mutex); | |
482 | ifaces = this->ifaces->create_enumerator(this->ifaces); | |
483 | while (ifaces->enumerate(ifaces, &iface)) | |
484 | { | |
485 | if (iface->ifindex == ifindex) | |
486 | { | |
487 | addrs = iface->addrs->create_enumerator(iface->addrs); | |
488 | while (addrs->enumerate(addrs, &addr)) | |
489 | { | |
da6d86dd | 490 | if (addr->virtual) |
29607690 | 491 | { |
da6d86dd TB |
492 | continue; |
493 | } | |
494 | if (addr->ip->get_family(addr->ip) == family) | |
495 | { | |
496 | if (!candidate || candidate->ip_equals(candidate, addr->ip)) | |
497 | { /* stop at the first address if we don't search for a | |
498 | * candidate or if the candidate matches */ | |
499 | ip = addr->ip; | |
500 | break; | |
501 | } | |
502 | else if (!ip) | |
503 | { /* store the first address as fallback if candidate is | |
504 | * not found */ | |
505 | ip = addr->ip; | |
506 | } | |
29607690 TB |
507 | } |
508 | } | |
509 | addrs->destroy(addrs); | |
510 | break; | |
511 | } | |
512 | } | |
513 | ifaces->destroy(ifaces); | |
da6d86dd TB |
514 | if (ip) |
515 | { | |
516 | ip = ip->clone(ip); | |
517 | } | |
29607690 TB |
518 | this->mutex->unlock(this->mutex); |
519 | return ip; | |
520 | } | |
521 | ||
507f26f6 | 522 | /** |
ba26508d | 523 | * callback function that raises the delayed roam event |
507f26f6 | 524 | */ |
ba26508d TB |
525 | static job_requeue_t roam_event(uintptr_t address) |
526 | { | |
f6659688 | 527 | hydra->kernel_interface->roam(hydra->kernel_interface, address != 0); |
ba26508d TB |
528 | return JOB_REQUEUE_NONE; |
529 | } | |
530 | ||
531 | /** | |
532 | * fire a roaming event. we delay it for a bit and fire only one event | |
533 | * for multiple calls. otherwise we would create too many events. | |
534 | */ | |
535 | static void fire_roam_event(private_kernel_netlink_net_t *this, bool address) | |
507f26f6 | 536 | { |
de578445 | 537 | timeval_t now; |
ba26508d | 538 | job_t *job; |
7daf5226 | 539 | |
de578445 MW |
540 | time_monotonic(&now); |
541 | if (timercmp(&now, &this->last_roam, >)) | |
507f26f6 | 542 | { |
de578445 MW |
543 | now.tv_usec += ROAM_DELAY * 1000; |
544 | while (now.tv_usec > 1000000) | |
507f26f6 | 545 | { |
de578445 MW |
546 | now.tv_sec++; |
547 | now.tv_usec -= 1000000; | |
507f26f6 | 548 | } |
de578445 | 549 | this->last_roam = now; |
ba26508d TB |
550 | |
551 | job = (job_t*)callback_job_create((callback_job_cb_t)roam_event, | |
552 | (void*)(uintptr_t)(address ? 1 : 0), | |
553 | NULL, NULL); | |
bb381e26 | 554 | lib->scheduler->schedule_job_ms(lib->scheduler, job, ROAM_DELAY); |
507f26f6 TB |
555 | } |
556 | } | |
557 | ||
558 | /** | |
559 | * process RTM_NEWLINK/RTM_DELLINK from kernel | |
560 | */ | |
561 | static void process_link(private_kernel_netlink_net_t *this, | |
562 | struct nlmsghdr *hdr, bool event) | |
563 | { | |
564 | struct ifinfomsg* msg = (struct ifinfomsg*)(NLMSG_DATA(hdr)); | |
565 | struct rtattr *rta = IFLA_RTA(msg); | |
566 | size_t rtasize = IFLA_PAYLOAD (hdr); | |
e13389a7 | 567 | enumerator_t *enumerator; |
507f26f6 TB |
568 | iface_entry_t *current, *entry = NULL; |
569 | char *name = NULL; | |
f834249c | 570 | bool update = FALSE, update_routes = FALSE; |
7daf5226 | 571 | |
f834249c | 572 | while (RTA_OK(rta, rtasize)) |
507f26f6 TB |
573 | { |
574 | switch (rta->rta_type) | |
575 | { | |
576 | case IFLA_IFNAME: | |
577 | name = RTA_DATA(rta); | |
578 | break; | |
579 | } | |
580 | rta = RTA_NEXT(rta, rtasize); | |
581 | } | |
582 | if (!name) | |
583 | { | |
584 | name = "(unknown)"; | |
585 | } | |
7daf5226 | 586 | |
3ac5a0db | 587 | this->mutex->lock(this->mutex); |
507f26f6 TB |
588 | switch (hdr->nlmsg_type) |
589 | { | |
590 | case RTM_NEWLINK: | |
591 | { | |
592 | if (msg->ifi_flags & IFF_LOOPBACK) | |
593 | { /* ignore loopback interfaces */ | |
594 | break; | |
595 | } | |
e13389a7 MW |
596 | enumerator = this->ifaces->create_enumerator(this->ifaces); |
597 | while (enumerator->enumerate(enumerator, ¤t)) | |
507f26f6 TB |
598 | { |
599 | if (current->ifindex == msg->ifi_index) | |
600 | { | |
601 | entry = current; | |
602 | break; | |
603 | } | |
604 | } | |
e13389a7 | 605 | enumerator->destroy(enumerator); |
507f26f6 TB |
606 | if (!entry) |
607 | { | |
608 | entry = malloc_thing(iface_entry_t); | |
609 | entry->ifindex = msg->ifi_index; | |
610 | entry->flags = 0; | |
611 | entry->addrs = linked_list_create(); | |
612 | this->ifaces->insert_last(this->ifaces, entry); | |
613 | } | |
f526b35c | 614 | strncpy(entry->ifname, name, IFNAMSIZ); |
507f26f6 TB |
615 | entry->ifname[IFNAMSIZ-1] = '\0'; |
616 | if (event) | |
617 | { | |
618 | if (!(entry->flags & IFF_UP) && (msg->ifi_flags & IFF_UP)) | |
619 | { | |
f834249c | 620 | update = update_routes = TRUE; |
507f26f6 TB |
621 | DBG1(DBG_KNL, "interface %s activated", name); |
622 | } | |
623 | if ((entry->flags & IFF_UP) && !(msg->ifi_flags & IFF_UP)) | |
624 | { | |
625 | update = TRUE; | |
626 | DBG1(DBG_KNL, "interface %s deactivated", name); | |
627 | } | |
628 | } | |
629 | entry->flags = msg->ifi_flags; | |
507f26f6 TB |
630 | break; |
631 | } | |
632 | case RTM_DELLINK: | |
633 | { | |
e13389a7 MW |
634 | enumerator = this->ifaces->create_enumerator(this->ifaces); |
635 | while (enumerator->enumerate(enumerator, ¤t)) | |
507f26f6 TB |
636 | { |
637 | if (current->ifindex == msg->ifi_index) | |
638 | { | |
7b218736 MP |
639 | if (event) |
640 | { | |
641 | update = TRUE; | |
642 | DBG1(DBG_KNL, "interface %s deleted", current->ifname); | |
643 | } | |
644 | this->ifaces->remove_at(this->ifaces, enumerator); | |
645 | iface_entry_destroy(current); | |
507f26f6 TB |
646 | break; |
647 | } | |
648 | } | |
e13389a7 | 649 | enumerator->destroy(enumerator); |
507f26f6 TB |
650 | break; |
651 | } | |
652 | } | |
3ac5a0db | 653 | this->mutex->unlock(this->mutex); |
7daf5226 | 654 | |
f834249c TB |
655 | if (update_routes && event) |
656 | { | |
c732e220 | 657 | queue_route_reinstall(this, strdup(name)); |
f834249c TB |
658 | } |
659 | ||
507f26f6 TB |
660 | /* send an update to all IKE_SAs */ |
661 | if (update && event) | |
662 | { | |
ba26508d | 663 | fire_roam_event(this, TRUE); |
507f26f6 TB |
664 | } |
665 | } | |
666 | ||
667 | /** | |
668 | * process RTM_NEWADDR/RTM_DELADDR from kernel | |
669 | */ | |
670 | static void process_addr(private_kernel_netlink_net_t *this, | |
671 | struct nlmsghdr *hdr, bool event) | |
672 | { | |
673 | struct ifaddrmsg* msg = (struct ifaddrmsg*)(NLMSG_DATA(hdr)); | |
674 | struct rtattr *rta = IFA_RTA(msg); | |
675 | size_t rtasize = IFA_PAYLOAD (hdr); | |
676 | host_t *host = NULL; | |
e13389a7 | 677 | enumerator_t *ifaces, *addrs; |
507f26f6 TB |
678 | iface_entry_t *iface; |
679 | addr_entry_t *addr; | |
680 | chunk_t local = chunk_empty, address = chunk_empty; | |
f834249c | 681 | char *route_ifname = NULL; |
507f26f6 | 682 | bool update = FALSE, found = FALSE, changed = FALSE; |
7daf5226 | 683 | |
f834249c | 684 | while (RTA_OK(rta, rtasize)) |
507f26f6 TB |
685 | { |
686 | switch (rta->rta_type) | |
687 | { | |
688 | case IFA_LOCAL: | |
689 | local.ptr = RTA_DATA(rta); | |
690 | local.len = RTA_PAYLOAD(rta); | |
691 | break; | |
692 | case IFA_ADDRESS: | |
693 | address.ptr = RTA_DATA(rta); | |
694 | address.len = RTA_PAYLOAD(rta); | |
695 | break; | |
696 | } | |
697 | rta = RTA_NEXT(rta, rtasize); | |
698 | } | |
7daf5226 | 699 | |
507f26f6 TB |
700 | /* For PPP interfaces, we need the IFA_LOCAL address, |
701 | * IFA_ADDRESS is the peers address. But IFA_LOCAL is | |
702 | * not included in all cases (IPv6?), so fallback to IFA_ADDRESS. */ | |
703 | if (local.ptr) | |
704 | { | |
705 | host = host_create_from_chunk(msg->ifa_family, local, 0); | |
706 | } | |
707 | else if (address.ptr) | |
708 | { | |
709 | host = host_create_from_chunk(msg->ifa_family, address, 0); | |
710 | } | |
7daf5226 | 711 | |
507f26f6 TB |
712 | if (host == NULL) |
713 | { /* bad family? */ | |
714 | return; | |
715 | } | |
7daf5226 | 716 | |
3ac5a0db | 717 | this->mutex->lock(this->mutex); |
e13389a7 MW |
718 | ifaces = this->ifaces->create_enumerator(this->ifaces); |
719 | while (ifaces->enumerate(ifaces, &iface)) | |
507f26f6 TB |
720 | { |
721 | if (iface->ifindex == msg->ifa_index) | |
722 | { | |
e13389a7 MW |
723 | addrs = iface->addrs->create_enumerator(iface->addrs); |
724 | while (addrs->enumerate(addrs, &addr)) | |
507f26f6 TB |
725 | { |
726 | if (host->ip_equals(host, addr->ip)) | |
727 | { | |
728 | found = TRUE; | |
729 | if (hdr->nlmsg_type == RTM_DELADDR) | |
730 | { | |
e13389a7 | 731 | iface->addrs->remove_at(iface->addrs, addrs); |
507f26f6 TB |
732 | if (!addr->virtual) |
733 | { | |
734 | changed = TRUE; | |
735 | DBG1(DBG_KNL, "%H disappeared from %s", | |
736 | host, iface->ifname); | |
737 | } | |
738 | addr_entry_destroy(addr); | |
739 | } | |
740 | else if (hdr->nlmsg_type == RTM_NEWADDR && addr->virtual) | |
741 | { | |
742 | addr->refcount = 1; | |
743 | } | |
744 | } | |
745 | } | |
746 | addrs->destroy(addrs); | |
7daf5226 | 747 | |
507f26f6 TB |
748 | if (hdr->nlmsg_type == RTM_NEWADDR) |
749 | { | |
750 | if (!found) | |
751 | { | |
752 | found = TRUE; | |
753 | changed = TRUE; | |
f834249c | 754 | route_ifname = strdup(iface->ifname); |
507f26f6 TB |
755 | addr = malloc_thing(addr_entry_t); |
756 | addr->ip = host->clone(host); | |
757 | addr->virtual = FALSE; | |
758 | addr->refcount = 1; | |
759 | addr->scope = msg->ifa_scope; | |
7daf5226 | 760 | |
507f26f6 TB |
761 | iface->addrs->insert_last(iface->addrs, addr); |
762 | if (event) | |
763 | { | |
764 | DBG1(DBG_KNL, "%H appeared on %s", host, iface->ifname); | |
765 | } | |
766 | } | |
767 | } | |
768 | if (found && (iface->flags & IFF_UP)) | |
769 | { | |
770 | update = TRUE; | |
771 | } | |
772 | break; | |
773 | } | |
774 | } | |
775 | ifaces->destroy(ifaces); | |
3ac5a0db | 776 | this->mutex->unlock(this->mutex); |
f834249c TB |
777 | |
778 | if (update && event && route_ifname) | |
779 | { | |
c732e220 | 780 | queue_route_reinstall(this, route_ifname); |
f834249c TB |
781 | } |
782 | else | |
783 | { | |
784 | free(route_ifname); | |
785 | } | |
507f26f6 | 786 | host->destroy(host); |
7daf5226 | 787 | |
507f26f6 TB |
788 | /* send an update to all IKE_SAs */ |
789 | if (update && event && changed) | |
790 | { | |
ba26508d | 791 | fire_roam_event(this, TRUE); |
507f26f6 TB |
792 | } |
793 | } | |
794 | ||
795 | /** | |
796 | * process RTM_NEWROUTE and RTM_DELROUTE from kernel | |
797 | */ | |
798 | static void process_route(private_kernel_netlink_net_t *this, struct nlmsghdr *hdr) | |
799 | { | |
800 | struct rtmsg* msg = (struct rtmsg*)(NLMSG_DATA(hdr)); | |
801 | struct rtattr *rta = RTM_RTA(msg); | |
802 | size_t rtasize = RTM_PAYLOAD(hdr); | |
29607690 | 803 | u_int32_t rta_oif = 0; |
507f26f6 | 804 | host_t *host = NULL; |
7daf5226 | 805 | |
ec0c756d TB |
806 | /* ignore routes added by us or in the local routing table (local addrs) */ |
807 | if (msg->rtm_table && (msg->rtm_table == this->routing_table || | |
808 | msg->rtm_table == RT_TABLE_LOCAL)) | |
85be7e5b MW |
809 | { |
810 | return; | |
811 | } | |
8ec51f83 TB |
812 | else if (msg->rtm_flags & RTM_F_CLONED) |
813 | { /* ignore cached routes, seem to be created a lot for IPv6 */ | |
814 | return; | |
815 | } | |
7daf5226 | 816 | |
507f26f6 TB |
817 | while (RTA_OK(rta, rtasize)) |
818 | { | |
819 | switch (rta->rta_type) | |
820 | { | |
821 | case RTA_PREFSRC: | |
862ef49f | 822 | DESTROY_IF(host); |
507f26f6 TB |
823 | host = host_create_from_chunk(msg->rtm_family, |
824 | chunk_create(RTA_DATA(rta), RTA_PAYLOAD(rta)), 0); | |
825 | break; | |
29607690 TB |
826 | case RTA_OIF: |
827 | if (RTA_PAYLOAD(rta) == sizeof(rta_oif)) | |
828 | { | |
829 | rta_oif = *(u_int32_t*)RTA_DATA(rta); | |
830 | } | |
831 | break; | |
507f26f6 TB |
832 | } |
833 | rta = RTA_NEXT(rta, rtasize); | |
834 | } | |
29607690 TB |
835 | if (!host && rta_oif) |
836 | { | |
da6d86dd | 837 | host = get_interface_address(this, rta_oif, msg->rtm_family, NULL); |
29607690 | 838 | } |
507f26f6 TB |
839 | if (host) |
840 | { | |
3ac5a0db | 841 | this->mutex->lock(this->mutex); |
507f26f6 TB |
842 | if (!get_vip_refcount(this, host)) |
843 | { /* ignore routes added for virtual IPs */ | |
ba26508d | 844 | fire_roam_event(this, FALSE); |
507f26f6 | 845 | } |
3ac5a0db | 846 | this->mutex->unlock(this->mutex); |
507f26f6 TB |
847 | host->destroy(host); |
848 | } | |
849 | } | |
850 | ||
851 | /** | |
852 | * Receives events from kernel | |
853 | */ | |
854 | static job_requeue_t receive_events(private_kernel_netlink_net_t *this) | |
855 | { | |
856 | char response[1024]; | |
857 | struct nlmsghdr *hdr = (struct nlmsghdr*)response; | |
858 | struct sockaddr_nl addr; | |
859 | socklen_t addr_len = sizeof(addr); | |
4a5a5dd2 TB |
860 | int len; |
861 | bool oldstate; | |
507f26f6 | 862 | |
4a5a5dd2 | 863 | oldstate = thread_cancelability(TRUE); |
507f26f6 TB |
864 | len = recvfrom(this->socket_events, response, sizeof(response), 0, |
865 | (struct sockaddr*)&addr, &addr_len); | |
4a5a5dd2 | 866 | thread_cancelability(oldstate); |
7daf5226 | 867 | |
507f26f6 TB |
868 | if (len < 0) |
869 | { | |
870 | switch (errno) | |
871 | { | |
872 | case EINTR: | |
873 | /* interrupted, try again */ | |
874 | return JOB_REQUEUE_DIRECT; | |
875 | case EAGAIN: | |
876 | /* no data ready, select again */ | |
877 | return JOB_REQUEUE_DIRECT; | |
878 | default: | |
879 | DBG1(DBG_KNL, "unable to receive from rt event socket"); | |
880 | sleep(1); | |
881 | return JOB_REQUEUE_FAIR; | |
882 | } | |
883 | } | |
7daf5226 | 884 | |
507f26f6 TB |
885 | if (addr.nl_pid != 0) |
886 | { /* not from kernel. not interested, try another one */ | |
887 | return JOB_REQUEUE_DIRECT; | |
888 | } | |
7daf5226 | 889 | |
507f26f6 TB |
890 | while (NLMSG_OK(hdr, len)) |
891 | { | |
892 | /* looks good so far, dispatch netlink message */ | |
893 | switch (hdr->nlmsg_type) | |
894 | { | |
895 | case RTM_NEWADDR: | |
896 | case RTM_DELADDR: | |
897 | process_addr(this, hdr, TRUE); | |
3ac5a0db | 898 | this->condvar->broadcast(this->condvar); |
507f26f6 TB |
899 | break; |
900 | case RTM_NEWLINK: | |
901 | case RTM_DELLINK: | |
902 | process_link(this, hdr, TRUE); | |
3ac5a0db | 903 | this->condvar->broadcast(this->condvar); |
507f26f6 TB |
904 | break; |
905 | case RTM_NEWROUTE: | |
906 | case RTM_DELROUTE: | |
907 | if (this->process_route) | |
908 | { | |
909 | process_route(this, hdr); | |
910 | } | |
911 | break; | |
912 | default: | |
913 | break; | |
914 | } | |
915 | hdr = NLMSG_NEXT(hdr, len); | |
916 | } | |
917 | return JOB_REQUEUE_DIRECT; | |
918 | } | |
919 | ||
920 | /** enumerator over addresses */ | |
921 | typedef struct { | |
922 | private_kernel_netlink_net_t* this; | |
923 | /** whether to enumerate down interfaces */ | |
924 | bool include_down_ifaces; | |
7daf5226 | 925 | /** whether to enumerate virtual ip addresses */ |
507f26f6 TB |
926 | bool include_virtual_ips; |
927 | } address_enumerator_t; | |
928 | ||
929 | /** | |
930 | * cleanup function for address enumerator | |
931 | */ | |
932 | static void address_enumerator_destroy(address_enumerator_t *data) | |
933 | { | |
3ac5a0db | 934 | data->this->mutex->unlock(data->this->mutex); |
507f26f6 TB |
935 | free(data); |
936 | } | |
937 | ||
938 | /** | |
939 | * filter for addresses | |
940 | */ | |
887abfb1 MW |
941 | static bool filter_addresses(address_enumerator_t *data, |
942 | addr_entry_t** in, host_t** out) | |
507f26f6 TB |
943 | { |
944 | if (!data->include_virtual_ips && (*in)->virtual) | |
945 | { /* skip virtual interfaces added by us */ | |
946 | return FALSE; | |
947 | } | |
948 | if ((*in)->scope >= RT_SCOPE_LINK) | |
949 | { /* skip addresses with a unusable scope */ | |
950 | return FALSE; | |
951 | } | |
952 | *out = (*in)->ip; | |
953 | return TRUE; | |
954 | } | |
955 | ||
956 | /** | |
957 | * enumerator constructor for interfaces | |
958 | */ | |
887abfb1 MW |
959 | static enumerator_t *create_iface_enumerator(iface_entry_t *iface, |
960 | address_enumerator_t *data) | |
507f26f6 | 961 | { |
887abfb1 MW |
962 | return enumerator_create_filter( |
963 | iface->addrs->create_enumerator(iface->addrs), | |
507f26f6 TB |
964 | (void*)filter_addresses, data, NULL); |
965 | } | |
966 | ||
967 | /** | |
968 | * filter for interfaces | |
969 | */ | |
887abfb1 MW |
970 | static bool filter_interfaces(address_enumerator_t *data, iface_entry_t** in, |
971 | iface_entry_t** out) | |
507f26f6 TB |
972 | { |
973 | if (!data->include_down_ifaces && !((*in)->flags & IFF_UP)) | |
974 | { /* skip interfaces not up */ | |
975 | return FALSE; | |
976 | } | |
977 | *out = *in; | |
978 | return TRUE; | |
979 | } | |
980 | ||
887abfb1 MW |
981 | METHOD(kernel_net_t, create_address_enumerator, enumerator_t*, |
982 | private_kernel_netlink_net_t *this, | |
983 | bool include_down_ifaces, bool include_virtual_ips) | |
507f26f6 TB |
984 | { |
985 | address_enumerator_t *data = malloc_thing(address_enumerator_t); | |
986 | data->this = this; | |
987 | data->include_down_ifaces = include_down_ifaces; | |
988 | data->include_virtual_ips = include_virtual_ips; | |
7daf5226 | 989 | |
3ac5a0db | 990 | this->mutex->lock(this->mutex); |
507f26f6 | 991 | return enumerator_create_nested( |
887abfb1 MW |
992 | enumerator_create_filter( |
993 | this->ifaces->create_enumerator(this->ifaces), | |
994 | (void*)filter_interfaces, data, NULL), | |
995 | (void*)create_iface_enumerator, data, | |
996 | (void*)address_enumerator_destroy); | |
507f26f6 TB |
997 | } |
998 | ||
887abfb1 MW |
999 | METHOD(kernel_net_t, get_interface_name, char*, |
1000 | private_kernel_netlink_net_t *this, host_t* ip) | |
507f26f6 | 1001 | { |
e13389a7 | 1002 | enumerator_t *ifaces, *addrs; |
507f26f6 TB |
1003 | iface_entry_t *iface; |
1004 | addr_entry_t *addr; | |
1005 | char *name = NULL; | |
7daf5226 | 1006 | |
507f26f6 | 1007 | DBG2(DBG_KNL, "getting interface name for %H", ip); |
7daf5226 | 1008 | |
3ac5a0db | 1009 | this->mutex->lock(this->mutex); |
e13389a7 MW |
1010 | ifaces = this->ifaces->create_enumerator(this->ifaces); |
1011 | while (ifaces->enumerate(ifaces, &iface)) | |
507f26f6 | 1012 | { |
e13389a7 MW |
1013 | addrs = iface->addrs->create_enumerator(iface->addrs); |
1014 | while (addrs->enumerate(addrs, &addr)) | |
507f26f6 TB |
1015 | { |
1016 | if (ip->ip_equals(ip, addr->ip)) | |
1017 | { | |
1018 | name = strdup(iface->ifname); | |
1019 | break; | |
1020 | } | |
1021 | } | |
1022 | addrs->destroy(addrs); | |
1023 | if (name) | |
1024 | { | |
1025 | break; | |
1026 | } | |
1027 | } | |
1028 | ifaces->destroy(ifaces); | |
3ac5a0db | 1029 | this->mutex->unlock(this->mutex); |
7daf5226 | 1030 | |
507f26f6 TB |
1031 | if (name) |
1032 | { | |
1033 | DBG2(DBG_KNL, "%H is on interface %s", ip, name); | |
1034 | } | |
1035 | else | |
1036 | { | |
1037 | DBG2(DBG_KNL, "%H is not a local address", ip); | |
1038 | } | |
1039 | return name; | |
1040 | } | |
1041 | ||
1042 | /** | |
1043 | * get the index of an interface by name | |
1044 | */ | |
1045 | static int get_interface_index(private_kernel_netlink_net_t *this, char* name) | |
1046 | { | |
e13389a7 | 1047 | enumerator_t *ifaces; |
507f26f6 TB |
1048 | iface_entry_t *iface; |
1049 | int ifindex = 0; | |
7daf5226 | 1050 | |
507f26f6 | 1051 | DBG2(DBG_KNL, "getting iface index for %s", name); |
7daf5226 | 1052 | |
3ac5a0db | 1053 | this->mutex->lock(this->mutex); |
e13389a7 MW |
1054 | ifaces = this->ifaces->create_enumerator(this->ifaces); |
1055 | while (ifaces->enumerate(ifaces, &iface)) | |
507f26f6 TB |
1056 | { |
1057 | if (streq(name, iface->ifname)) | |
1058 | { | |
1059 | ifindex = iface->ifindex; | |
1060 | break; | |
1061 | } | |
1062 | } | |
1063 | ifaces->destroy(ifaces); | |
3ac5a0db | 1064 | this->mutex->unlock(this->mutex); |
507f26f6 TB |
1065 | |
1066 | if (ifindex == 0) | |
1067 | { | |
1068 | DBG1(DBG_KNL, "unable to get interface index for %s", name); | |
1069 | } | |
1070 | return ifindex; | |
1071 | } | |
1072 | ||
fb6c8591 MW |
1073 | /** |
1074 | * Check if an interface with a given index is up | |
1075 | */ | |
1076 | static bool is_interface_up(private_kernel_netlink_net_t *this, int index) | |
1077 | { | |
1078 | enumerator_t *ifaces; | |
1079 | iface_entry_t *iface; | |
32f59c56 MW |
1080 | /* default to TRUE for interface we do not monitor (e.g. lo) */ |
1081 | bool up = TRUE; | |
7daf5226 | 1082 | |
fb6c8591 MW |
1083 | ifaces = this->ifaces->create_enumerator(this->ifaces); |
1084 | while (ifaces->enumerate(ifaces, &iface)) | |
1085 | { | |
1086 | if (iface->ifindex == index) | |
1087 | { | |
1088 | up = iface->flags & IFF_UP; | |
1089 | break; | |
1090 | } | |
1091 | } | |
1092 | ifaces->destroy(ifaces); | |
1093 | return up; | |
1094 | } | |
1095 | ||
507f26f6 TB |
1096 | /** |
1097 | * check if an address (chunk) addr is in subnet (net with net_len net bits) | |
1098 | */ | |
1099 | static bool addr_in_subnet(chunk_t addr, chunk_t net, int net_len) | |
1100 | { | |
03d5f411 AS |
1101 | static const u_char mask[] = { 0x00, 0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe }; |
1102 | int byte = 0; | |
7daf5226 | 1103 | |
d1769942 MW |
1104 | if (net_len == 0) |
1105 | { /* any address matches a /0 network */ | |
1106 | return TRUE; | |
1107 | } | |
03d5f411 | 1108 | if (addr.len != net.len || net_len > 8 * net.len ) |
507f26f6 TB |
1109 | { |
1110 | return FALSE; | |
1111 | } | |
03d5f411 AS |
1112 | /* scan through all bytes in network order */ |
1113 | while (net_len > 0) | |
507f26f6 | 1114 | { |
03d5f411 | 1115 | if (net_len < 8) |
507f26f6 | 1116 | { |
03d5f411 AS |
1117 | return (mask[net_len] & addr.ptr[byte]) == (mask[net_len] & net.ptr[byte]); |
1118 | } | |
1119 | else | |
1120 | { | |
1121 | if (addr.ptr[byte] != net.ptr[byte]) | |
507f26f6 TB |
1122 | { |
1123 | return FALSE; | |
1124 | } | |
03d5f411 AS |
1125 | byte++; |
1126 | net_len -= 8; | |
507f26f6 TB |
1127 | } |
1128 | } | |
1129 | return TRUE; | |
1130 | } | |
1131 | ||
1132 | /** | |
1133 | * Get a route: If "nexthop", the nexthop is returned. source addr otherwise. | |
1134 | */ | |
1135 | static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest, | |
ce5b1708 | 1136 | bool nexthop, host_t *candidate) |
507f26f6 | 1137 | { |
21bf86f7 | 1138 | netlink_buf_t request; |
507f26f6 TB |
1139 | struct nlmsghdr *hdr, *out, *current; |
1140 | struct rtmsg *msg; | |
1141 | chunk_t chunk; | |
1142 | size_t len; | |
1143 | int best = -1; | |
d266e895 | 1144 | enumerator_t *enumerator; |
507f26f6 | 1145 | host_t *src = NULL, *gtw = NULL; |
7daf5226 | 1146 | |
507f26f6 | 1147 | DBG2(DBG_KNL, "getting address to reach %H", dest); |
7daf5226 | 1148 | |
507f26f6 TB |
1149 | memset(&request, 0, sizeof(request)); |
1150 | ||
1151 | hdr = (struct nlmsghdr*)request; | |
5be75c2c | 1152 | hdr->nlmsg_flags = NLM_F_REQUEST; |
7beb31aa TB |
1153 | if (dest->get_family(dest) == AF_INET || this->rta_prefsrc_for_ipv6 || |
1154 | this->routing_table) | |
1155 | { /* kernels prior to 3.0 do not support RTA_PREFSRC for IPv6 routes. | |
1156 | * as we want to ignore routes with virtual IPs we cannot use DUMP | |
1157 | * if these routes are not installed in a separate table */ | |
5c1332bf | 1158 | hdr->nlmsg_flags |= NLM_F_DUMP; |
5be75c2c | 1159 | } |
507f26f6 TB |
1160 | hdr->nlmsg_type = RTM_GETROUTE; |
1161 | hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct rtmsg)); | |
1162 | ||
1163 | msg = (struct rtmsg*)NLMSG_DATA(hdr); | |
1164 | msg->rtm_family = dest->get_family(dest); | |
ce5b1708 MW |
1165 | if (candidate) |
1166 | { | |
1167 | chunk = candidate->get_address(candidate); | |
1168 | netlink_add_attribute(hdr, RTA_PREFSRC, chunk, sizeof(request)); | |
1169 | } | |
d1769942 MW |
1170 | chunk = dest->get_address(dest); |
1171 | netlink_add_attribute(hdr, RTA_DST, chunk, sizeof(request)); | |
7daf5226 | 1172 | |
507f26f6 TB |
1173 | if (this->socket->send(this->socket, hdr, &out, &len) != SUCCESS) |
1174 | { | |
1175 | DBG1(DBG_KNL, "getting address to %H failed", dest); | |
1176 | return NULL; | |
1177 | } | |
3ac5a0db | 1178 | this->mutex->lock(this->mutex); |
36b7ba5e MW |
1179 | |
1180 | for (current = out; NLMSG_OK(current, len); | |
1181 | current = NLMSG_NEXT(current, len)) | |
507f26f6 | 1182 | { |
da6d86dd TB |
1183 | if (!nexthop && candidate && src && src->ip_equals(src, candidate)) |
1184 | { /* if we found a route that includes our preferred source address | |
1185 | * we stop looking for any other routes. this is mainly for the | |
1186 | * DUMP cases as there the RTA_PREFSRC attribute has no effect */ | |
1187 | break; | |
1188 | } | |
1189 | ||
507f26f6 TB |
1190 | switch (current->nlmsg_type) |
1191 | { | |
1192 | case NLMSG_DONE: | |
1193 | break; | |
1194 | case RTM_NEWROUTE: | |
1195 | { | |
1196 | struct rtattr *rta; | |
1197 | size_t rtasize; | |
1198 | chunk_t rta_gtw, rta_src, rta_dst; | |
2e370a30 | 1199 | u_int32_t rta_oif = 0, rta_table; |
d1769942 | 1200 | host_t *new_src, *new_gtw; |
d266e895 TE |
1201 | bool cont = FALSE; |
1202 | uintptr_t table; | |
7daf5226 | 1203 | |
507f26f6 TB |
1204 | rta_gtw = rta_src = rta_dst = chunk_empty; |
1205 | msg = (struct rtmsg*)(NLMSG_DATA(current)); | |
1206 | rta = RTM_RTA(msg); | |
1207 | rtasize = RTM_PAYLOAD(current); | |
2e370a30 | 1208 | rta_table = msg->rtm_table; |
507f26f6 TB |
1209 | while (RTA_OK(rta, rtasize)) |
1210 | { | |
1211 | switch (rta->rta_type) | |
1212 | { | |
1213 | case RTA_PREFSRC: | |
1214 | rta_src = chunk_create(RTA_DATA(rta), RTA_PAYLOAD(rta)); | |
1215 | break; | |
1216 | case RTA_GATEWAY: | |
1217 | rta_gtw = chunk_create(RTA_DATA(rta), RTA_PAYLOAD(rta)); | |
1218 | break; | |
1219 | case RTA_DST: | |
1220 | rta_dst = chunk_create(RTA_DATA(rta), RTA_PAYLOAD(rta)); | |
1221 | break; | |
1222 | case RTA_OIF: | |
1223 | if (RTA_PAYLOAD(rta) == sizeof(rta_oif)) | |
1224 | { | |
1225 | rta_oif = *(u_int32_t*)RTA_DATA(rta); | |
1226 | } | |
1227 | break; | |
439cb93c | 1228 | #ifdef HAVE_RTA_TABLE |
2e370a30 TB |
1229 | case RTA_TABLE: |
1230 | if (RTA_PAYLOAD(rta) == sizeof(rta_table)) | |
1231 | { | |
1232 | rta_table = *(u_int32_t*)RTA_DATA(rta); | |
1233 | } | |
1234 | break; | |
439cb93c | 1235 | #endif /* HAVE_RTA_TABLE*/ |
507f26f6 TB |
1236 | } |
1237 | rta = RTA_NEXT(rta, rtasize); | |
1238 | } | |
cef0a811 TB |
1239 | if (msg->rtm_dst_len < best || |
1240 | msg->rtm_dst_len == best && (nexthop || !candidate)) | |
1241 | { /* not better than a previous one, but if a preferred source | |
1242 | * address is specified, we still check equal routes */ | |
36b7ba5e | 1243 | continue; |
fb6c8591 | 1244 | } |
d266e895 TE |
1245 | enumerator = this->rt_exclude->create_enumerator(this->rt_exclude); |
1246 | while (enumerator->enumerate(enumerator, &table)) | |
1247 | { | |
2e370a30 | 1248 | if (table == rta_table) |
d266e895 TE |
1249 | { |
1250 | cont = TRUE; | |
1251 | break; | |
1252 | } | |
1253 | } | |
1254 | enumerator->destroy(enumerator); | |
1255 | if (cont) | |
1256 | { | |
1257 | continue; | |
1258 | } | |
fb6c8591 | 1259 | if (this->routing_table != 0 && |
2e370a30 | 1260 | rta_table == this->routing_table) |
fb6c8591 | 1261 | { /* route is from our own ipsec routing table */ |
36b7ba5e | 1262 | continue; |
fb6c8591 | 1263 | } |
d1769942 MW |
1264 | if (rta_oif && !is_interface_up(this, rta_oif)) |
1265 | { /* interface is down */ | |
36b7ba5e | 1266 | continue; |
fb6c8591 | 1267 | } |
d1769942 MW |
1268 | if (!addr_in_subnet(chunk, rta_dst, msg->rtm_dst_len)) |
1269 | { /* route destination does not contain dest */ | |
36b7ba5e | 1270 | continue; |
fb6c8591 | 1271 | } |
7daf5226 | 1272 | |
fb6c8591 | 1273 | if (nexthop) |
507f26f6 | 1274 | { |
4a03e85b MW |
1275 | /* nexthop lookup, return gateway if any */ |
1276 | DESTROY_IF(gtw); | |
1277 | gtw = host_create_from_chunk(msg->rtm_family, rta_gtw, 0); | |
1278 | best = msg->rtm_dst_len; | |
36b7ba5e | 1279 | continue; |
fb6c8591 | 1280 | } |
9d6b02d6 TB |
1281 | |
1282 | /* try to find an appropriate source address */ | |
fb6c8591 | 1283 | if (rta_src.ptr) |
9d6b02d6 TB |
1284 | { /* got a source address with the route */ |
1285 | new_src = host_create_from_chunk(msg->rtm_family, | |
1286 | rta_src, 0); | |
0406ed7a | 1287 | if (new_src) |
d1769942 | 1288 | { |
0406ed7a | 1289 | if (get_vip_refcount(this, new_src)) |
9d6b02d6 | 1290 | { /* skip route if it is installed by us */ |
0406ed7a | 1291 | new_src->destroy(new_src); |
9d6b02d6 | 1292 | continue; |
0406ed7a | 1293 | } |
9d6b02d6 TB |
1294 | DESTROY_IF(src); |
1295 | src = new_src; | |
1296 | if (candidate && !src->ip_equals(src, candidate) && | |
1297 | rta_oif) | |
1298 | { /* this source does not match our preferred source. | |
1299 | * but maybe it is assigned to the same iface */ | |
1300 | new_src = get_interface_address(this, rta_oif, | |
1301 | msg->rtm_family, | |
1302 | candidate); | |
1303 | if (new_src && | |
1304 | new_src->ip_equals(new_src, candidate)) | |
1305 | { | |
1306 | DESTROY_IF(src); | |
1307 | src = new_src; | |
1308 | } | |
1309 | else | |
1310 | { | |
1311 | DESTROY_IF(new_src); | |
1312 | } | |
0406ed7a | 1313 | } |
9d6b02d6 | 1314 | best = msg->rtm_dst_len; |
507f26f6 | 1315 | } |
36b7ba5e | 1316 | continue; |
fb6c8591 | 1317 | } |
0ac6d2e6 | 1318 | if (rta_oif) |
9d6b02d6 | 1319 | { /* no src, but an interface - get address from it */ |
0ac6d2e6 | 1320 | new_src = get_interface_address(this, rta_oif, |
da6d86dd | 1321 | msg->rtm_family, candidate); |
0ac6d2e6 TB |
1322 | if (new_src) |
1323 | { | |
1324 | DESTROY_IF(src); | |
1325 | src = new_src; | |
1326 | best = msg->rtm_dst_len; | |
1327 | } | |
1328 | continue; | |
1329 | } | |
d1769942 | 1330 | if (rta_gtw.ptr) |
9d6b02d6 | 1331 | { /* no src, but a gateway - lookup src to reach gtw */ |
d1769942 MW |
1332 | new_gtw = host_create_from_chunk(msg->rtm_family, rta_gtw, 0); |
1333 | new_src = get_route(this, new_gtw, FALSE, candidate); | |
1334 | new_gtw->destroy(new_gtw); | |
1335 | if (new_src) | |
507f26f6 | 1336 | { |
d1769942 MW |
1337 | DESTROY_IF(src); |
1338 | src = new_src; | |
1339 | best = msg->rtm_dst_len; | |
507f26f6 | 1340 | } |
36b7ba5e | 1341 | continue; |
507f26f6 | 1342 | } |
36b7ba5e | 1343 | continue; |
507f26f6 TB |
1344 | } |
1345 | default: | |
507f26f6 TB |
1346 | continue; |
1347 | } | |
1348 | break; | |
1349 | } | |
1350 | free(out); | |
3ac5a0db | 1351 | this->mutex->unlock(this->mutex); |
7daf5226 | 1352 | |
507f26f6 TB |
1353 | if (nexthop) |
1354 | { | |
1355 | if (gtw) | |
1356 | { | |
1357 | return gtw; | |
1358 | } | |
1359 | return dest->clone(dest); | |
1360 | } | |
1361 | return src; | |
1362 | } | |
1363 | ||
887abfb1 MW |
1364 | METHOD(kernel_net_t, get_source_addr, host_t*, |
1365 | private_kernel_netlink_net_t *this, host_t *dest, host_t *src) | |
507f26f6 | 1366 | { |
ce5b1708 | 1367 | return get_route(this, dest, FALSE, src); |
507f26f6 TB |
1368 | } |
1369 | ||
887abfb1 MW |
1370 | METHOD(kernel_net_t, get_nexthop, host_t*, |
1371 | private_kernel_netlink_net_t *this, host_t *dest) | |
507f26f6 | 1372 | { |
ce5b1708 | 1373 | return get_route(this, dest, TRUE, NULL); |
507f26f6 TB |
1374 | } |
1375 | ||
1376 | /** | |
1377 | * Manages the creation and deletion of ip addresses on an interface. | |
1378 | * By setting the appropriate nlmsg_type, the ip will be set or unset. | |
1379 | */ | |
1380 | static status_t manage_ipaddr(private_kernel_netlink_net_t *this, int nlmsg_type, | |
1381 | int flags, int if_index, host_t *ip) | |
1382 | { | |
21bf86f7 | 1383 | netlink_buf_t request; |
507f26f6 TB |
1384 | struct nlmsghdr *hdr; |
1385 | struct ifaddrmsg *msg; | |
1386 | chunk_t chunk; | |
7daf5226 | 1387 | |
507f26f6 | 1388 | memset(&request, 0, sizeof(request)); |
7daf5226 | 1389 | |
507f26f6 | 1390 | chunk = ip->get_address(ip); |
7daf5226 | 1391 | |
323f9f99 | 1392 | hdr = (struct nlmsghdr*)request; |
507f26f6 | 1393 | hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK | flags; |
7daf5226 | 1394 | hdr->nlmsg_type = nlmsg_type; |
507f26f6 | 1395 | hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct ifaddrmsg)); |
7daf5226 | 1396 | |
507f26f6 | 1397 | msg = (struct ifaddrmsg*)NLMSG_DATA(hdr); |
323f9f99 MW |
1398 | msg->ifa_family = ip->get_family(ip); |
1399 | msg->ifa_flags = 0; | |
1400 | msg->ifa_prefixlen = 8 * chunk.len; | |
1401 | msg->ifa_scope = RT_SCOPE_UNIVERSE; | |
1402 | msg->ifa_index = if_index; | |
7daf5226 | 1403 | |
507f26f6 TB |
1404 | netlink_add_attribute(hdr, IFA_LOCAL, chunk, sizeof(request)); |
1405 | ||
1406 | return this->socket->send_ack(this->socket, hdr); | |
1407 | } | |
1408 | ||
887abfb1 MW |
1409 | METHOD(kernel_net_t, add_ip, status_t, |
1410 | private_kernel_netlink_net_t *this, host_t *virtual_ip, host_t *iface_ip) | |
507f26f6 TB |
1411 | { |
1412 | iface_entry_t *iface; | |
1413 | addr_entry_t *addr; | |
e13389a7 | 1414 | enumerator_t *addrs, *ifaces; |
507f26f6 | 1415 | int ifindex; |
7daf5226 | 1416 | |
9474a0d9 MW |
1417 | if (!this->install_virtual_ip) |
1418 | { /* disabled by config */ | |
1419 | return SUCCESS; | |
1420 | } | |
7daf5226 | 1421 | |
507f26f6 | 1422 | DBG2(DBG_KNL, "adding virtual IP %H", virtual_ip); |
7daf5226 | 1423 | |
3ac5a0db | 1424 | this->mutex->lock(this->mutex); |
e13389a7 MW |
1425 | ifaces = this->ifaces->create_enumerator(this->ifaces); |
1426 | while (ifaces->enumerate(ifaces, &iface)) | |
507f26f6 TB |
1427 | { |
1428 | bool iface_found = FALSE; | |
7daf5226 | 1429 | |
e13389a7 MW |
1430 | addrs = iface->addrs->create_enumerator(iface->addrs); |
1431 | while (addrs->enumerate(addrs, &addr)) | |
507f26f6 TB |
1432 | { |
1433 | if (iface_ip->ip_equals(iface_ip, addr->ip)) | |
1434 | { | |
1435 | iface_found = TRUE; | |
1436 | } | |
1437 | else if (virtual_ip->ip_equals(virtual_ip, addr->ip)) | |
1438 | { | |
1439 | addr->refcount++; | |
1440 | DBG2(DBG_KNL, "virtual IP %H already installed on %s", | |
1441 | virtual_ip, iface->ifname); | |
1442 | addrs->destroy(addrs); | |
1443 | ifaces->destroy(ifaces); | |
3ac5a0db | 1444 | this->mutex->unlock(this->mutex); |
507f26f6 TB |
1445 | return SUCCESS; |
1446 | } | |
1447 | } | |
1448 | addrs->destroy(addrs); | |
7daf5226 | 1449 | |
507f26f6 TB |
1450 | if (iface_found) |
1451 | { | |
1452 | ifindex = iface->ifindex; | |
1453 | addr = malloc_thing(addr_entry_t); | |
1454 | addr->ip = virtual_ip->clone(virtual_ip); | |
1455 | addr->refcount = 0; | |
1456 | addr->virtual = TRUE; | |
1457 | addr->scope = RT_SCOPE_UNIVERSE; | |
1458 | iface->addrs->insert_last(iface->addrs, addr); | |
7daf5226 | 1459 | |
507f26f6 TB |
1460 | if (manage_ipaddr(this, RTM_NEWADDR, NLM_F_CREATE | NLM_F_EXCL, |
1461 | ifindex, virtual_ip) == SUCCESS) | |
1462 | { | |
1463 | while (get_vip_refcount(this, virtual_ip) == 0) | |
1464 | { /* wait until address appears */ | |
3ac5a0db | 1465 | this->condvar->wait(this->condvar, this->mutex); |
507f26f6 TB |
1466 | } |
1467 | ifaces->destroy(ifaces); | |
3ac5a0db | 1468 | this->mutex->unlock(this->mutex); |
507f26f6 TB |
1469 | return SUCCESS; |
1470 | } | |
1471 | ifaces->destroy(ifaces); | |
3ac5a0db | 1472 | this->mutex->unlock(this->mutex); |
507f26f6 TB |
1473 | DBG1(DBG_KNL, "adding virtual IP %H failed", virtual_ip); |
1474 | return FAILED; | |
1475 | } | |
1476 | } | |
1477 | ifaces->destroy(ifaces); | |
3ac5a0db | 1478 | this->mutex->unlock(this->mutex); |
7daf5226 | 1479 | |
507f26f6 TB |
1480 | DBG1(DBG_KNL, "interface address %H not found, unable to install" |
1481 | "virtual IP %H", iface_ip, virtual_ip); | |
1482 | return FAILED; | |
1483 | } | |
1484 | ||
887abfb1 MW |
1485 | METHOD(kernel_net_t, del_ip, status_t, |
1486 | private_kernel_netlink_net_t *this, host_t *virtual_ip) | |
507f26f6 TB |
1487 | { |
1488 | iface_entry_t *iface; | |
1489 | addr_entry_t *addr; | |
e13389a7 | 1490 | enumerator_t *addrs, *ifaces; |
507f26f6 TB |
1491 | status_t status; |
1492 | int ifindex; | |
7daf5226 | 1493 | |
9474a0d9 MW |
1494 | if (!this->install_virtual_ip) |
1495 | { /* disabled by config */ | |
1496 | return SUCCESS; | |
1497 | } | |
7daf5226 | 1498 | |
507f26f6 | 1499 | DBG2(DBG_KNL, "deleting virtual IP %H", virtual_ip); |
7daf5226 | 1500 | |
3ac5a0db | 1501 | this->mutex->lock(this->mutex); |
e13389a7 MW |
1502 | ifaces = this->ifaces->create_enumerator(this->ifaces); |
1503 | while (ifaces->enumerate(ifaces, &iface)) | |
507f26f6 | 1504 | { |
e13389a7 MW |
1505 | addrs = iface->addrs->create_enumerator(iface->addrs); |
1506 | while (addrs->enumerate(addrs, &addr)) | |
507f26f6 TB |
1507 | { |
1508 | if (virtual_ip->ip_equals(virtual_ip, addr->ip)) | |
1509 | { | |
1510 | ifindex = iface->ifindex; | |
1511 | if (addr->refcount == 1) | |
1512 | { | |
1513 | status = manage_ipaddr(this, RTM_DELADDR, 0, | |
b9b8a98f | 1514 | ifindex, virtual_ip); |
507f26f6 TB |
1515 | if (status == SUCCESS) |
1516 | { /* wait until the address is really gone */ | |
1517 | while (get_vip_refcount(this, virtual_ip) > 0) | |
1518 | { | |
3ac5a0db | 1519 | this->condvar->wait(this->condvar, this->mutex); |
507f26f6 TB |
1520 | } |
1521 | } | |
1522 | addrs->destroy(addrs); | |
1523 | ifaces->destroy(ifaces); | |
3ac5a0db | 1524 | this->mutex->unlock(this->mutex); |
507f26f6 TB |
1525 | return status; |
1526 | } | |
1527 | else | |
1528 | { | |
1529 | addr->refcount--; | |
1530 | } | |
1531 | DBG2(DBG_KNL, "virtual IP %H used by other SAs, not deleting", | |
1532 | virtual_ip); | |
1533 | addrs->destroy(addrs); | |
1534 | ifaces->destroy(ifaces); | |
3ac5a0db | 1535 | this->mutex->unlock(this->mutex); |
507f26f6 TB |
1536 | return SUCCESS; |
1537 | } | |
1538 | } | |
1539 | addrs->destroy(addrs); | |
1540 | } | |
1541 | ifaces->destroy(ifaces); | |
3ac5a0db | 1542 | this->mutex->unlock(this->mutex); |
7daf5226 | 1543 | |
507f26f6 TB |
1544 | DBG2(DBG_KNL, "virtual IP %H not cached, unable to delete", virtual_ip); |
1545 | return FAILED; | |
1546 | } | |
1547 | ||
1548 | /** | |
1549 | * Manages source routes in the routing table. | |
1550 | * By setting the appropriate nlmsg_type, the route gets added or removed. | |
1551 | */ | |
74ba22c9 TB |
1552 | static status_t manage_srcroute(private_kernel_netlink_net_t *this, |
1553 | int nlmsg_type, int flags, chunk_t dst_net, | |
1554 | u_int8_t prefixlen, host_t *gateway, | |
1555 | host_t *src_ip, char *if_name) | |
507f26f6 | 1556 | { |
21bf86f7 | 1557 | netlink_buf_t request; |
507f26f6 TB |
1558 | struct nlmsghdr *hdr; |
1559 | struct rtmsg *msg; | |
1560 | int ifindex; | |
1561 | chunk_t chunk; | |
1562 | ||
1563 | /* if route is 0.0.0.0/0, we can't install it, as it would | |
1564 | * overwrite the default route. Instead, we add two routes: | |
1565 | * 0.0.0.0/1 and 128.0.0.0/1 */ | |
1566 | if (this->routing_table == 0 && prefixlen == 0) | |
1567 | { | |
1568 | chunk_t half_net; | |
1569 | u_int8_t half_prefixlen; | |
1570 | status_t status; | |
7daf5226 | 1571 | |
507f26f6 TB |
1572 | half_net = chunk_alloca(dst_net.len); |
1573 | memset(half_net.ptr, 0, half_net.len); | |
1574 | half_prefixlen = 1; | |
7daf5226 | 1575 | |
507f26f6 TB |
1576 | status = manage_srcroute(this, nlmsg_type, flags, half_net, half_prefixlen, |
1577 | gateway, src_ip, if_name); | |
1578 | half_net.ptr[0] |= 0x80; | |
1579 | status = manage_srcroute(this, nlmsg_type, flags, half_net, half_prefixlen, | |
1580 | gateway, src_ip, if_name); | |
1581 | return status; | |
1582 | } | |
7daf5226 | 1583 | |
507f26f6 TB |
1584 | memset(&request, 0, sizeof(request)); |
1585 | ||
1586 | hdr = (struct nlmsghdr*)request; | |
1587 | hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK | flags; | |
1588 | hdr->nlmsg_type = nlmsg_type; | |
1589 | hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct rtmsg)); | |
1590 | ||
1591 | msg = (struct rtmsg*)NLMSG_DATA(hdr); | |
1592 | msg->rtm_family = src_ip->get_family(src_ip); | |
1593 | msg->rtm_dst_len = prefixlen; | |
1594 | msg->rtm_table = this->routing_table; | |
1595 | msg->rtm_protocol = RTPROT_STATIC; | |
1596 | msg->rtm_type = RTN_UNICAST; | |
1597 | msg->rtm_scope = RT_SCOPE_UNIVERSE; | |
7daf5226 | 1598 | |
507f26f6 TB |
1599 | netlink_add_attribute(hdr, RTA_DST, dst_net, sizeof(request)); |
1600 | chunk = src_ip->get_address(src_ip); | |
1601 | netlink_add_attribute(hdr, RTA_PREFSRC, chunk, sizeof(request)); | |
5be75c2c MW |
1602 | if (gateway && gateway->get_family(gateway) == src_ip->get_family(src_ip)) |
1603 | { | |
1604 | chunk = gateway->get_address(gateway); | |
1605 | netlink_add_attribute(hdr, RTA_GATEWAY, chunk, sizeof(request)); | |
1606 | } | |
507f26f6 TB |
1607 | ifindex = get_interface_index(this, if_name); |
1608 | chunk.ptr = (char*)&ifindex; | |
1609 | chunk.len = sizeof(ifindex); | |
1610 | netlink_add_attribute(hdr, RTA_OIF, chunk, sizeof(request)); | |
1611 | ||
1612 | return this->socket->send_ack(this->socket, hdr); | |
1613 | } | |
1614 | ||
887abfb1 MW |
1615 | METHOD(kernel_net_t, add_route, status_t, |
1616 | private_kernel_netlink_net_t *this, chunk_t dst_net, u_int8_t prefixlen, | |
1617 | host_t *gateway, host_t *src_ip, char *if_name) | |
507f26f6 | 1618 | { |
74ba22c9 TB |
1619 | status_t status; |
1620 | route_entry_t *found, route = { | |
1621 | .dst_net = dst_net, | |
1622 | .prefixlen = prefixlen, | |
1623 | .gateway = gateway, | |
1624 | .src_ip = src_ip, | |
1625 | .if_name = if_name, | |
1626 | }; | |
1627 | ||
1628 | this->mutex->lock(this->mutex); | |
1629 | found = this->routes->get(this->routes, &route); | |
1630 | if (found) | |
1631 | { | |
1632 | this->mutex->unlock(this->mutex); | |
1633 | return ALREADY_DONE; | |
1634 | } | |
1635 | found = route_entry_clone(&route); | |
1636 | this->routes->put(this->routes, found, found); | |
1637 | status = manage_srcroute(this, RTM_NEWROUTE, NLM_F_CREATE | NLM_F_EXCL, | |
1638 | dst_net, prefixlen, gateway, src_ip, if_name); | |
1639 | this->mutex->unlock(this->mutex); | |
1640 | return status; | |
507f26f6 | 1641 | } |
7daf5226 | 1642 | |
887abfb1 MW |
1643 | METHOD(kernel_net_t, del_route, status_t, |
1644 | private_kernel_netlink_net_t *this, chunk_t dst_net, u_int8_t prefixlen, | |
1645 | host_t *gateway, host_t *src_ip, char *if_name) | |
507f26f6 | 1646 | { |
74ba22c9 TB |
1647 | status_t status; |
1648 | route_entry_t *found, route = { | |
1649 | .dst_net = dst_net, | |
1650 | .prefixlen = prefixlen, | |
1651 | .gateway = gateway, | |
1652 | .src_ip = src_ip, | |
1653 | .if_name = if_name, | |
1654 | }; | |
1655 | ||
1656 | this->mutex->lock(this->mutex); | |
1657 | found = this->routes->get(this->routes, &route); | |
1658 | if (!found) | |
1659 | { | |
1660 | this->mutex->unlock(this->mutex); | |
1661 | return NOT_FOUND; | |
1662 | } | |
1663 | this->routes->remove(this->routes, found); | |
1664 | route_entry_destroy(found); | |
1665 | status = manage_srcroute(this, RTM_DELROUTE, 0, dst_net, prefixlen, | |
1666 | gateway, src_ip, if_name); | |
1667 | this->mutex->unlock(this->mutex); | |
1668 | return status; | |
507f26f6 TB |
1669 | } |
1670 | ||
1671 | /** | |
1672 | * Initialize a list of local addresses. | |
1673 | */ | |
1674 | static status_t init_address_list(private_kernel_netlink_net_t *this) | |
1675 | { | |
21bf86f7 | 1676 | netlink_buf_t request; |
507f26f6 TB |
1677 | struct nlmsghdr *out, *current, *in; |
1678 | struct rtgenmsg *msg; | |
1679 | size_t len; | |
e13389a7 | 1680 | enumerator_t *ifaces, *addrs; |
507f26f6 TB |
1681 | iface_entry_t *iface; |
1682 | addr_entry_t *addr; | |
7daf5226 | 1683 | |
31a0e24b | 1684 | DBG2(DBG_KNL, "known interfaces and IP addresses:"); |
7daf5226 | 1685 | |
507f26f6 TB |
1686 | memset(&request, 0, sizeof(request)); |
1687 | ||
1688 | in = (struct nlmsghdr*)&request; | |
1689 | in->nlmsg_len = NLMSG_LENGTH(sizeof(struct rtgenmsg)); | |
1690 | in->nlmsg_flags = NLM_F_REQUEST | NLM_F_MATCH | NLM_F_ROOT; | |
1691 | msg = (struct rtgenmsg*)NLMSG_DATA(in); | |
1692 | msg->rtgen_family = AF_UNSPEC; | |
7daf5226 | 1693 | |
507f26f6 TB |
1694 | /* get all links */ |
1695 | in->nlmsg_type = RTM_GETLINK; | |
1696 | if (this->socket->send(this->socket, in, &out, &len) != SUCCESS) | |
1697 | { | |
1698 | return FAILED; | |
1699 | } | |
1700 | current = out; | |
1701 | while (NLMSG_OK(current, len)) | |
1702 | { | |
1703 | switch (current->nlmsg_type) | |
1704 | { | |
1705 | case NLMSG_DONE: | |
1706 | break; | |
1707 | case RTM_NEWLINK: | |
1708 | process_link(this, current, FALSE); | |
1709 | /* fall through */ | |
1710 | default: | |
1711 | current = NLMSG_NEXT(current, len); | |
1712 | continue; | |
1713 | } | |
1714 | break; | |
1715 | } | |
1716 | free(out); | |
7daf5226 | 1717 | |
507f26f6 TB |
1718 | /* get all interface addresses */ |
1719 | in->nlmsg_type = RTM_GETADDR; | |
1720 | if (this->socket->send(this->socket, in, &out, &len) != SUCCESS) | |
1721 | { | |
1722 | return FAILED; | |
1723 | } | |
1724 | current = out; | |
1725 | while (NLMSG_OK(current, len)) | |
1726 | { | |
1727 | switch (current->nlmsg_type) | |
1728 | { | |
1729 | case NLMSG_DONE: | |
1730 | break; | |
1731 | case RTM_NEWADDR: | |
1732 | process_addr(this, current, FALSE); | |
1733 | /* fall through */ | |
1734 | default: | |
1735 | current = NLMSG_NEXT(current, len); | |
1736 | continue; | |
1737 | } | |
1738 | break; | |
1739 | } | |
1740 | free(out); | |
7daf5226 | 1741 | |
3ac5a0db | 1742 | this->mutex->lock(this->mutex); |
e13389a7 MW |
1743 | ifaces = this->ifaces->create_enumerator(this->ifaces); |
1744 | while (ifaces->enumerate(ifaces, &iface)) | |
507f26f6 TB |
1745 | { |
1746 | if (iface->flags & IFF_UP) | |
1747 | { | |
31a0e24b | 1748 | DBG2(DBG_KNL, " %s", iface->ifname); |
e13389a7 MW |
1749 | addrs = iface->addrs->create_enumerator(iface->addrs); |
1750 | while (addrs->enumerate(addrs, (void**)&addr)) | |
507f26f6 | 1751 | { |
31a0e24b | 1752 | DBG2(DBG_KNL, " %H", addr->ip); |
507f26f6 TB |
1753 | } |
1754 | addrs->destroy(addrs); | |
1755 | } | |
1756 | } | |
1757 | ifaces->destroy(ifaces); | |
3ac5a0db | 1758 | this->mutex->unlock(this->mutex); |
507f26f6 TB |
1759 | return SUCCESS; |
1760 | } | |
1761 | ||
1762 | /** | |
1763 | * create or delete a rule to use our routing table | |
1764 | */ | |
1765 | static status_t manage_rule(private_kernel_netlink_net_t *this, int nlmsg_type, | |
5be75c2c | 1766 | int family, u_int32_t table, u_int32_t prio) |
507f26f6 | 1767 | { |
21bf86f7 | 1768 | netlink_buf_t request; |
507f26f6 TB |
1769 | struct nlmsghdr *hdr; |
1770 | struct rtmsg *msg; | |
1771 | chunk_t chunk; | |
1772 | ||
7daf5226 | 1773 | memset(&request, 0, sizeof(request)); |
507f26f6 TB |
1774 | hdr = (struct nlmsghdr*)request; |
1775 | hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK; | |
7daf5226 | 1776 | hdr->nlmsg_type = nlmsg_type; |
507f26f6 TB |
1777 | if (nlmsg_type == RTM_NEWRULE) |
1778 | { | |
1779 | hdr->nlmsg_flags |= NLM_F_CREATE | NLM_F_EXCL; | |
1780 | } | |
1781 | hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct rtmsg)); | |
1782 | ||
1783 | msg = (struct rtmsg*)NLMSG_DATA(hdr); | |
1784 | msg->rtm_table = table; | |
5be75c2c | 1785 | msg->rtm_family = family; |
507f26f6 TB |
1786 | msg->rtm_protocol = RTPROT_BOOT; |
1787 | msg->rtm_scope = RT_SCOPE_UNIVERSE; | |
1788 | msg->rtm_type = RTN_UNICAST; | |
1789 | ||
1790 | chunk = chunk_from_thing(prio); | |
1791 | netlink_add_attribute(hdr, RTA_PRIORITY, chunk, sizeof(request)); | |
1792 | ||
1793 | return this->socket->send_ack(this->socket, hdr); | |
1794 | } | |
1795 | ||
7beb31aa TB |
1796 | /** |
1797 | * check for kernel features (currently only via version number) | |
1798 | */ | |
1799 | static void check_kernel_features(private_kernel_netlink_net_t *this) | |
1800 | { | |
1801 | struct utsname utsname; | |
1802 | int a, b, c; | |
1803 | ||
1804 | if (uname(&utsname) == 0) | |
1805 | { | |
1806 | switch(sscanf(utsname.release, "%d.%d.%d", &a, &b, &c)) | |
1807 | { | |
1808 | case 3: | |
1809 | if (a == 2) | |
1810 | { | |
1811 | DBG2(DBG_KNL, "detected Linux %d.%d.%d, no support for " | |
1812 | "RTA_PREFSRC for IPv6 routes", a, b, c); | |
1813 | break; | |
1814 | } | |
1815 | /* fall-through */ | |
1816 | case 2: | |
1817 | /* only 3.x+ uses two part version numbers */ | |
1818 | this->rta_prefsrc_for_ipv6 = TRUE; | |
1819 | break; | |
1820 | default: | |
1821 | break; | |
1822 | } | |
1823 | } | |
1824 | } | |
1825 | ||
887abfb1 MW |
1826 | METHOD(kernel_net_t, destroy, void, |
1827 | private_kernel_netlink_net_t *this) | |
507f26f6 | 1828 | { |
74ba22c9 TB |
1829 | enumerator_t *enumerator; |
1830 | route_entry_t *route; | |
1831 | ||
507f26f6 TB |
1832 | if (this->routing_table) |
1833 | { | |
5be75c2c MW |
1834 | manage_rule(this, RTM_DELRULE, AF_INET, this->routing_table, |
1835 | this->routing_table_prio); | |
1836 | manage_rule(this, RTM_DELRULE, AF_INET6, this->routing_table, | |
507f26f6 TB |
1837 | this->routing_table_prio); |
1838 | } | |
d6a27ec6 MW |
1839 | if (this->socket_events > 0) |
1840 | { | |
1841 | close(this->socket_events); | |
1842 | } | |
74ba22c9 TB |
1843 | enumerator = this->routes->create_enumerator(this->routes); |
1844 | while (enumerator->enumerate(enumerator, NULL, (void**)&route)) | |
1845 | { | |
1846 | manage_srcroute(this, RTM_DELROUTE, 0, route->dst_net, route->prefixlen, | |
1847 | route->gateway, route->src_ip, route->if_name); | |
1848 | route_entry_destroy(route); | |
1849 | } | |
1850 | enumerator->destroy(enumerator); | |
1851 | this->routes->destroy(this->routes); | |
9e19cb91 | 1852 | DESTROY_IF(this->socket); |
74ba22c9 | 1853 | |
f834249c TB |
1854 | net_changes_clear(this); |
1855 | this->net_changes->destroy(this->net_changes); | |
1856 | this->net_changes_lock->destroy(this->net_changes_lock); | |
1857 | ||
507f26f6 | 1858 | this->ifaces->destroy_function(this->ifaces, (void*)iface_entry_destroy); |
d266e895 | 1859 | this->rt_exclude->destroy(this->rt_exclude); |
3ac5a0db MW |
1860 | this->condvar->destroy(this->condvar); |
1861 | this->mutex->destroy(this->mutex); | |
507f26f6 TB |
1862 | free(this); |
1863 | } | |
1864 | ||
1865 | /* | |
1866 | * Described in header. | |
1867 | */ | |
1868 | kernel_netlink_net_t *kernel_netlink_net_create() | |
1869 | { | |
887abfb1 | 1870 | private_kernel_netlink_net_t *this; |
d266e895 | 1871 | enumerator_t *enumerator; |
05ca5655 | 1872 | bool register_for_events = TRUE; |
d266e895 | 1873 | char *exclude; |
7daf5226 | 1874 | |
887abfb1 MW |
1875 | INIT(this, |
1876 | .public = { | |
1877 | .interface = { | |
1878 | .get_interface = _get_interface_name, | |
1879 | .create_address_enumerator = _create_address_enumerator, | |
1880 | .get_source_addr = _get_source_addr, | |
1881 | .get_nexthop = _get_nexthop, | |
1882 | .add_ip = _add_ip, | |
1883 | .del_ip = _del_ip, | |
1884 | .add_route = _add_route, | |
1885 | .del_route = _del_route, | |
1886 | .destroy = _destroy, | |
1887 | }, | |
1888 | }, | |
1889 | .socket = netlink_socket_create(NETLINK_ROUTE), | |
1890 | .rt_exclude = linked_list_create(), | |
74ba22c9 TB |
1891 | .routes = hashtable_create((hashtable_hash_t)route_entry_hash, |
1892 | (hashtable_equals_t)route_entry_equals, 16), | |
f834249c TB |
1893 | .net_changes = hashtable_create( |
1894 | (hashtable_hash_t)net_change_hash, | |
1895 | (hashtable_equals_t)net_change_equals, 16), | |
1896 | .net_changes_lock = mutex_create(MUTEX_TYPE_DEFAULT), | |
887abfb1 MW |
1897 | .ifaces = linked_list_create(), |
1898 | .mutex = mutex_create(MUTEX_TYPE_RECURSIVE), | |
1899 | .condvar = condvar_create(CONDVAR_TYPE_DEFAULT), | |
1900 | .routing_table = lib->settings->get_int(lib->settings, | |
1901 | "%s.routing_table", ROUTING_TABLE, hydra->daemon), | |
1902 | .routing_table_prio = lib->settings->get_int(lib->settings, | |
1903 | "%s.routing_table_prio", ROUTING_TABLE_PRIO, hydra->daemon), | |
1904 | .process_route = lib->settings->get_bool(lib->settings, | |
1905 | "%s.process_route", TRUE, hydra->daemon), | |
1906 | .install_virtual_ip = lib->settings->get_bool(lib->settings, | |
1907 | "%s.install_virtual_ip", TRUE, hydra->daemon), | |
1908 | ); | |
f834249c | 1909 | timerclear(&this->last_route_reinstall); |
507f26f6 | 1910 | timerclear(&this->last_roam); |
887abfb1 | 1911 | |
7beb31aa TB |
1912 | check_kernel_features(this); |
1913 | ||
05ca5655 TB |
1914 | if (streq(hydra->daemon, "starter")) |
1915 | { /* starter has no threads, so we do not register for kernel events */ | |
1916 | register_for_events = FALSE; | |
1917 | } | |
1918 | ||
d266e895 | 1919 | exclude = lib->settings->get_str(lib->settings, |
06cdeac2 | 1920 | "%s.ignore_routing_tables", NULL, hydra->daemon); |
d266e895 TE |
1921 | if (exclude) |
1922 | { | |
1923 | char *token; | |
1924 | uintptr_t table; | |
1925 | ||
1926 | enumerator = enumerator_create_token(exclude, " ", " "); | |
1927 | while (enumerator->enumerate(enumerator, &token)) | |
1928 | { | |
1929 | errno = 0; | |
1930 | table = strtoul(token, NULL, 10); | |
1931 | ||
1932 | if (errno == 0) | |
1933 | { | |
1934 | this->rt_exclude->insert_last(this->rt_exclude, (void*)table); | |
1935 | } | |
1936 | } | |
1937 | enumerator->destroy(enumerator); | |
1938 | } | |
1939 | ||
05ca5655 | 1940 | if (register_for_events) |
507f26f6 | 1941 | { |
05ca5655 TB |
1942 | struct sockaddr_nl addr; |
1943 | ||
1944 | memset(&addr, 0, sizeof(addr)); | |
1945 | addr.nl_family = AF_NETLINK; | |
7daf5226 | 1946 | |
05ca5655 TB |
1947 | /* create and bind RT socket for events (address/interface/route changes) */ |
1948 | this->socket_events = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE); | |
1949 | if (this->socket_events < 0) | |
1950 | { | |
1951 | DBG1(DBG_KNL, "unable to create RT event socket"); | |
1952 | destroy(this); | |
1953 | return NULL; | |
1954 | } | |
1955 | addr.nl_groups = RTMGRP_IPV4_IFADDR | RTMGRP_IPV6_IFADDR | | |
1956 | RTMGRP_IPV4_ROUTE | RTMGRP_IPV6_ROUTE | RTMGRP_LINK; | |
1957 | if (bind(this->socket_events, (struct sockaddr*)&addr, sizeof(addr))) | |
1958 | { | |
1959 | DBG1(DBG_KNL, "unable to bind RT event socket"); | |
1960 | destroy(this); | |
1961 | return NULL; | |
1962 | } | |
1963 | ||
26d77eb3 TB |
1964 | lib->processor->queue_job(lib->processor, |
1965 | (job_t*)callback_job_create_with_prio( | |
1966 | (callback_job_cb_t)receive_events, this, NULL, | |
1967 | (callback_job_cancel_t)return_false, JOB_PRIO_CRITICAL)); | |
05ca5655 | 1968 | } |
7daf5226 | 1969 | |
507f26f6 TB |
1970 | if (init_address_list(this) != SUCCESS) |
1971 | { | |
d6a27ec6 MW |
1972 | DBG1(DBG_KNL, "unable to get interface list"); |
1973 | destroy(this); | |
1974 | return NULL; | |
507f26f6 | 1975 | } |
7daf5226 | 1976 | |
507f26f6 TB |
1977 | if (this->routing_table) |
1978 | { | |
5be75c2c MW |
1979 | if (manage_rule(this, RTM_NEWRULE, AF_INET, this->routing_table, |
1980 | this->routing_table_prio) != SUCCESS) | |
1981 | { | |
1982 | DBG1(DBG_KNL, "unable to create IPv4 routing table rule"); | |
1983 | } | |
1984 | if (manage_rule(this, RTM_NEWRULE, AF_INET6, this->routing_table, | |
507f26f6 TB |
1985 | this->routing_table_prio) != SUCCESS) |
1986 | { | |
5be75c2c | 1987 | DBG1(DBG_KNL, "unable to create IPv6 routing table rule"); |
507f26f6 TB |
1988 | } |
1989 | } | |
7daf5226 | 1990 | |
507f26f6 TB |
1991 | return &this->public; |
1992 | } |