]> git.ipfire.org Git - thirdparty/strongswan.git/blame - src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c
projects / thirdparty / strongswan.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Check routes with equal prefix if preferred source is specified
[thirdparty/strongswan.git] / src / libhydra / plugins / kernel_netlink / kernel_netlink_net.c
CommitLineData
507f26f6 1/*
05ca5655 2 * Copyright (C) 2008-2012 Tobias Brunner
ce5b1708 3 * Copyright (C) 2005-2008 Martin Willi
507f26f6
TB		 4 * Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
507f26f6
TB		 15 */
16
d266e895
TE		 17/*
18 * Copyright (C) 2010 secunet Security Networks AG
19 * Copyright (C) 2010 Thomas Egerer
20 *
21 * Permission is hereby granted, free of charge, to any person obtaining a copy
22 * of this software and associated documentation files (the "Software"), to deal
23 * in the Software without restriction, including without limitation the rights
24 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
25 * copies of the Software, and to permit persons to whom the Software is
26 * furnished to do so, subject to the following conditions:
27 *
28 * The above copyright notice and this permission notice shall be included in
29 * all copies or substantial portions of the Software.
30 *
31 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
32 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
33 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
34 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
35 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
36 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
37 * THE SOFTWARE.
38 */
39
507f26f6 40#include <sys/socket.h>
7beb31aa 41#include <sys/utsname.h>
507f26f6
TB		 42#include <linux/netlink.h>
43#include <linux/rtnetlink.h>
507f26f6
TB		 44#include <unistd.h>
45#include <errno.h>
46#include <net/if.h>
47
48#include "kernel_netlink_net.h"
49#include "kernel_netlink_shared.h"
50
c5f7146b 51#include <hydra.h>
062a6022 52#include <debug.h>
4a5a5dd2
TB		 53#include <threading/thread.h>
54#include <threading/condvar.h>
eba64cef 55#include <threading/mutex.h>
f834249c 56#include <utils/hashtable.h>
507f26f6
TB		 57#include <utils/linked_list.h>
58#include <processing/jobs/callback_job.h>
507f26f6 59
ba26508d 60/** delay before firing roam events (ms) */
507f26f6
TB		 61#define ROAM_DELAY 100
62
f834249c
TB		 63/** delay before reinstalling routes (ms) */
64#define ROUTE_DELAY 100
65
507f26f6
TB		 66typedef struct addr_entry_t addr_entry_t;
67
68/**
69 * IP address in an inface_entry_t
70 */
71struct addr_entry_t {
7daf5226 72
507f26f6
TB		 73 /** The ip address */
74 host_t *ip;
7daf5226 75
507f26f6
TB		 76 /** virtual IP managed by us */
77 bool virtual;
7daf5226 78
507f26f6
TB		 79 /** scope of the address */
80 u_char scope;
7daf5226 81
507f26f6
TB		 82 /** Number of times this IP is used, if virtual */
83 u_int refcount;
84};
85
86/**
87 * destroy a addr_entry_t object
88 */
89static void addr_entry_destroy(addr_entry_t *this)
90{
91 this->ip->destroy(this->ip);
92 free(this);
93}
94
95typedef struct iface_entry_t iface_entry_t;
96
97/**
98 * A network interface on this system, containing addr_entry_t's
99 */
100struct iface_entry_t {
7daf5226 101
507f26f6
TB		 102 /** interface index */
103 int ifindex;
7daf5226 104
507f26f6
TB		 105 /** name of the interface */
106 char ifname[IFNAMSIZ];
7daf5226 107
507f26f6
TB		 108 /** interface flags, as in netdevice(7) SIOCGIFFLAGS */
109 u_int flags;
7daf5226 110
507f26f6
TB		 111 /** list of addresses as host_t */
112 linked_list_t *addrs;
113};
114
115/**
116 * destroy an interface entry
117 */
118static void iface_entry_destroy(iface_entry_t *this)
119{
120 this->addrs->destroy_function(this->addrs, (void*)addr_entry_destroy);
121 free(this);
122}
123
74ba22c9
TB		 124typedef struct route_entry_t route_entry_t;
125
126/**
127 * Installed routing entry
128 */
129struct route_entry_t {
130 /** Name of the interface the route is bound to */
131 char *if_name;
132
133 /** Source ip of the route */
134 host_t *src_ip;
135
136 /** Gateway for this route */
137 host_t *gateway;
138
139 /** Destination net */
140 chunk_t dst_net;
141
142 /** Destination net prefixlen */
143 u_int8_t prefixlen;
144};
145
146/**
147 * Clone a route_entry_t object.
148 */
149static route_entry_t *route_entry_clone(route_entry_t *this)
150{
151 route_entry_t *route;
152
153 INIT(route,
154 .if_name = strdup(this->if_name),
155 .src_ip = this->src_ip->clone(this->src_ip),
156 .gateway = this->gateway->clone(this->gateway),
157 .dst_net = chunk_clone(this->dst_net),
158 .prefixlen = this->prefixlen,
159 );
160 return route;
161}
162
163/**
164 * Destroy a route_entry_t object
165 */
166static void route_entry_destroy(route_entry_t *this)
167{
168 free(this->if_name);
169 DESTROY_IF(this->src_ip);
170 DESTROY_IF(this->gateway);
171 chunk_free(&this->dst_net);
172 free(this);
173}
174
175/**
176 * Hash a route_entry_t object
177 */
178static u_int route_entry_hash(route_entry_t *this)
179{
180 return chunk_hash_inc(chunk_from_thing(this->prefixlen),
181 chunk_hash(this->dst_net));
182}
183
184/**
185 * Compare two route_entry_t objects
186 */
187static bool route_entry_equals(route_entry_t *a, route_entry_t *b)
188{
189 return a->if_name && b->if_name && streq(a->if_name, b->if_name) &&
9896b6bd
TB		 190 a->src_ip->ip_equals(a->src_ip, b->src_ip) &&
191 a->gateway->ip_equals(a->gateway, b->gateway) &&
74ba22c9
TB		 192 chunk_equals(a->dst_net, b->dst_net) && a->prefixlen == b->prefixlen;
193}
194
f834249c
TB		 195typedef struct net_change_t net_change_t;
196
197/**
198 * Queued network changes
199 */
200struct net_change_t {
201 /** Name of the interface that got activated (or an IP appeared on) */
202 char *if_name;
f834249c
TB		 203};
204
205/**
206 * Destroy a net_change_t object
207 */
208static void net_change_destroy(net_change_t *this)
209{
f834249c
TB		 210 free(this->if_name);
211 free(this);
212}
213
214/**
215 * Hash a net_change_t object
216 */
217static u_int net_change_hash(net_change_t *this)
218{
f834249c
TB		 219 return chunk_hash(chunk_create(this->if_name, strlen(this->if_name)));
220}
221
222/**
223 * Compare two net_change_t objects
224 */
225static bool net_change_equals(net_change_t *a, net_change_t *b)
226{
c732e220 227 return streq(a->if_name, b->if_name);
f834249c
TB		 228}
229
507f26f6
TB		 230typedef struct private_kernel_netlink_net_t private_kernel_netlink_net_t;
231
232/**
233 * Private variables and functions of kernel_netlink_net class.
234 */
235struct private_kernel_netlink_net_t {
236 /**
237 * Public part of the kernel_netlink_net_t object.
238 */
239 kernel_netlink_net_t public;
7daf5226 240
507f26f6
TB		 241 /**
242 * mutex to lock access to various lists
243 */
3ac5a0db 244 mutex_t *mutex;
7daf5226 245
507f26f6
TB		 246 /**
247 * condition variable to signal virtual IP add/removal
248 */
3ac5a0db 249 condvar_t *condvar;
7daf5226 250
507f26f6
TB		 251 /**
252 * Cached list of interfaces and its addresses (iface_entry_t)
253 */
254 linked_list_t *ifaces;
7daf5226 255
507f26f6
TB		 256 /**
257 * netlink rt socket (routing)
258 */
259 netlink_socket_t *socket;
7daf5226 260
507f26f6
TB		 261 /**
262 * Netlink rt socket to receive address change events
263 */
264 int socket_events;
7daf5226 265
507f26f6 266 /**
ba26508d 267 * time of the last roam event
507f26f6 268 */
de578445 269 timeval_t last_roam;
7daf5226 270
507f26f6
TB		 271 /**
272 * routing table to install routes
273 */
274 int routing_table;
7daf5226 275
507f26f6
TB		 276 /**
277 * priority of used routing table
278 */
279 int routing_table_prio;
7daf5226 280
74ba22c9
TB		 281 /**
282 * installed routes
283 */
284 hashtable_t *routes;
285
f834249c 286 /**
c732e220 287 * interface changes which may trigger route reinstallation
f834249c
TB		 288 */
289 hashtable_t *net_changes;
290
291 /**
292 * mutex for route reinstallation triggers
293 */
294 mutex_t *net_changes_lock;
295
296 /**
297 * time of last route reinstallation
298 */
299 timeval_t last_route_reinstall;
300
507f26f6
TB		 301 /**
302 * whether to react to RTM_NEWROUTE or RTM_DELROUTE events
303 */
304 bool process_route;
7daf5226 305
9474a0d9
MW		 306 /**
307 * whether to actually install virtual IPs
308 */
309 bool install_virtual_ip;
d266e895 310
7beb31aa
TB		 311 /**
312 * whether preferred source addresses can be specified for IPv6 routes
313 */
314 bool rta_prefsrc_for_ipv6;
315
d266e895
TE		 316 /**
317 * list with routing tables to be excluded from route lookup
318 */
319 linked_list_t *rt_exclude;
507f26f6
TB		 320};
321
f834249c
TB		 322/**
323 * Forward declaration
324 */
325static status_t manage_srcroute(private_kernel_netlink_net_t *this,
326 int nlmsg_type, int flags, chunk_t dst_net,
327 u_int8_t prefixlen, host_t *gateway,
328 host_t *src_ip, char *if_name);
329
330/**
331 * Clear the queued network changes.
332 */
333static void net_changes_clear(private_kernel_netlink_net_t *this)
334{
335 enumerator_t *enumerator;
336 net_change_t *change;
337
338 enumerator = this->net_changes->create_enumerator(this->net_changes);
339 while (enumerator->enumerate(enumerator, NULL, (void**)&change))
340 {
341 this->net_changes->remove_at(this->net_changes, enumerator);
342 net_change_destroy(change);
343 }
344 enumerator->destroy(enumerator);
345}
346
347/**
348 * Act upon queued network changes.
349 */
350static job_requeue_t reinstall_routes(private_kernel_netlink_net_t *this)
351{
352 enumerator_t *enumerator;
353 route_entry_t *route;
354
355 this->net_changes_lock->lock(this->net_changes_lock);
356 this->mutex->lock(this->mutex);
357
358 enumerator = this->routes->create_enumerator(this->routes);
359 while (enumerator->enumerate(enumerator, NULL, (void**)&route))
360 {
361 net_change_t *change, lookup = {
362 .if_name = route->if_name,
363 };
c732e220 364 /* check if a change for the outgoing interface is queued */
f834249c
TB		 365 change = this->net_changes->get(this->net_changes, &lookup);
366 if (!change)
c732e220
TB		 367 { /* in case src_ip is not on the outgoing interface */
368 lookup.if_name = this->public.interface.get_interface(
369 &this->public.interface, route->src_ip);
370 if (lookup.if_name && !streq(lookup.if_name, route->if_name))
371 {
372 change = this->net_changes->get(this->net_changes, &lookup);
373 }
374 free(lookup.if_name);
f834249c
TB		 375 }
376 if (change)
377 {
378 manage_srcroute(this, RTM_NEWROUTE, NLM_F_CREATE | NLM_F_EXCL,
379 route->dst_net, route->prefixlen, route->gateway,
380 route->src_ip, route->if_name);
381 }
382 }
383 enumerator->destroy(enumerator);
384 this->mutex->unlock(this->mutex);
385
386 net_changes_clear(this);
387 this->net_changes_lock->unlock(this->net_changes_lock);
388 return JOB_REQUEUE_NONE;
389}
390
391/**
392 * Queue route reinstallation caused by network changes for a given interface.
f834249c
TB		 393 *
394 * The route reinstallation is delayed for a while and only done once for
395 * several calls during this delay, in order to avoid doing it too often.
c732e220 396 * The interface name is freed.
f834249c
TB		 397 */
398static void queue_route_reinstall(private_kernel_netlink_net_t *this,
c732e220 399 char *if_name)
f834249c
TB		 400{
401 net_change_t *update, *found;
402 timeval_t now;
403 job_t *job;
404
405 INIT(update,
c732e220 406 .if_name = if_name
f834249c
TB		 407 );
408
409 this->net_changes_lock->lock(this->net_changes_lock);
c732e220 410 found = this->net_changes->put(this->net_changes, update, update);
f834249c
TB		 411 if (found)
412 {
c732e220 413 net_change_destroy(found);
f834249c
TB		 414 }
415 time_monotonic(&now);
416 if (timercmp(&now, &this->last_route_reinstall, >))
417 {
418 now.tv_usec += ROUTE_DELAY * 1000;
419 while (now.tv_usec > 1000000)
420 {
421 now.tv_sec++;
422 now.tv_usec -= 1000000;
423 }
424 this->last_route_reinstall = now;
425
426 job = (job_t*)callback_job_create((callback_job_cb_t)reinstall_routes,
427 this, NULL, NULL);
428 lib->scheduler->schedule_job_ms(lib->scheduler, job, ROUTE_DELAY);
429 }
430 this->net_changes_lock->unlock(this->net_changes_lock);
431}
432
507f26f6
TB		 433/**
434 * get the refcount of a virtual ip
435 */
436static int get_vip_refcount(private_kernel_netlink_net_t *this, host_t* ip)
437{
e2630434 438 enumerator_t *ifaces, *addrs;
507f26f6
TB		 439 iface_entry_t *iface;
440 addr_entry_t *addr;
441 int refcount = 0;
7daf5226 442
e2630434
TB		 443 ifaces = this->ifaces->create_enumerator(this->ifaces);
444 while (ifaces->enumerate(ifaces, (void**)&iface))
507f26f6 445 {
e2630434
TB		 446 addrs = iface->addrs->create_enumerator(iface->addrs);
447 while (addrs->enumerate(addrs, (void**)&addr))
507f26f6
TB		 448 {
449 if (addr->virtual && (iface->flags & IFF_UP) &&
450 ip->ip_equals(ip, addr->ip))
451 {
452 refcount = addr->refcount;
453 break;
454 }
455 }
456 addrs->destroy(addrs);
457 if (refcount)
458 {
459 break;
460 }
461 }
462 ifaces->destroy(ifaces);
7daf5226 463
507f26f6
TB		 464 return refcount;
465}
466
29607690
TB		 467/**
468 * get the first non-virtual ip address on the given interface.
da6d86dd
TB		 469 * if a candidate address is given, we first search for that address and if not
470 * found return the address as above.
29607690
TB		 471 * returned host is a clone, has to be freed by caller.
472 */
473static host_t *get_interface_address(private_kernel_netlink_net_t *this,
da6d86dd 474 int ifindex, int family, host_t *candidate)
29607690
TB		 475{
476 enumerator_t *ifaces, *addrs;
477 iface_entry_t *iface;
478 addr_entry_t *addr;
479 host_t *ip = NULL;
480
481 this->mutex->lock(this->mutex);
482 ifaces = this->ifaces->create_enumerator(this->ifaces);
483 while (ifaces->enumerate(ifaces, &iface))
484 {
485 if (iface->ifindex == ifindex)
486 {
487 addrs = iface->addrs->create_enumerator(iface->addrs);
488 while (addrs->enumerate(addrs, &addr))
489 {
da6d86dd 490 if (addr->virtual)
29607690 491 {
da6d86dd
TB		 492 continue;
493 }
494 if (addr->ip->get_family(addr->ip) == family)
495 {
496 if (!candidate || candidate->ip_equals(candidate, addr->ip))
497 { /* stop at the first address if we don't search for a
498 * candidate or if the candidate matches */
499 ip = addr->ip;
500 break;
501 }
502 else if (!ip)
503 { /* store the first address as fallback if candidate is
504 * not found */
505 ip = addr->ip;
506 }
29607690
TB		 507 }
508 }
509 addrs->destroy(addrs);
510 break;
511 }
512 }
513 ifaces->destroy(ifaces);
da6d86dd
TB		 514 if (ip)
515 {
516 ip = ip->clone(ip);
517 }
29607690
TB		 518 this->mutex->unlock(this->mutex);
519 return ip;
520}
521
507f26f6 522/**
ba26508d 523 * callback function that raises the delayed roam event
507f26f6 524 */
ba26508d
TB		 525static job_requeue_t roam_event(uintptr_t address)
526{
f6659688 527 hydra->kernel_interface->roam(hydra->kernel_interface, address != 0);
ba26508d
TB		 528 return JOB_REQUEUE_NONE;
529}
530
531/**
532 * fire a roaming event. we delay it for a bit and fire only one event
533 * for multiple calls. otherwise we would create too many events.
534 */
535static void fire_roam_event(private_kernel_netlink_net_t *this, bool address)
507f26f6 536{
de578445 537 timeval_t now;
ba26508d 538 job_t *job;
7daf5226 539
de578445
MW		 540 time_monotonic(&now);
541 if (timercmp(&now, &this->last_roam, >))
507f26f6 542 {
de578445
MW		 543 now.tv_usec += ROAM_DELAY * 1000;
544 while (now.tv_usec > 1000000)
507f26f6 545 {
de578445
MW		 546 now.tv_sec++;
547 now.tv_usec -= 1000000;
507f26f6 548 }
de578445 549 this->last_roam = now;
ba26508d
TB		 550
551 job = (job_t*)callback_job_create((callback_job_cb_t)roam_event,
552 (void*)(uintptr_t)(address ? 1 : 0),
553 NULL, NULL);
bb381e26 554 lib->scheduler->schedule_job_ms(lib->scheduler, job, ROAM_DELAY);
507f26f6
TB		 555 }
556}
557
558/**
559 * process RTM_NEWLINK/RTM_DELLINK from kernel
560 */
561static void process_link(private_kernel_netlink_net_t *this,
562 struct nlmsghdr *hdr, bool event)
563{
564 struct ifinfomsg* msg = (struct ifinfomsg*)(NLMSG_DATA(hdr));
565 struct rtattr *rta = IFLA_RTA(msg);
566 size_t rtasize = IFLA_PAYLOAD (hdr);
e13389a7 567 enumerator_t *enumerator;
507f26f6
TB		 568 iface_entry_t *current, *entry = NULL;
569 char *name = NULL;
f834249c 570 bool update = FALSE, update_routes = FALSE;
7daf5226 571
f834249c 572 while (RTA_OK(rta, rtasize))
507f26f6
TB		 573 {
574 switch (rta->rta_type)
575 {
576 case IFLA_IFNAME:
577 name = RTA_DATA(rta);
578 break;
579 }
580 rta = RTA_NEXT(rta, rtasize);
581 }
582 if (!name)
583 {
584 name = "(unknown)";
585 }
7daf5226 586
3ac5a0db 587 this->mutex->lock(this->mutex);
507f26f6
TB		 588 switch (hdr->nlmsg_type)
589 {
590 case RTM_NEWLINK:
591 {
592 if (msg->ifi_flags & IFF_LOOPBACK)
593 { /* ignore loopback interfaces */
594 break;
595 }
e13389a7
MW		 596 enumerator = this->ifaces->create_enumerator(this->ifaces);
597 while (enumerator->enumerate(enumerator, &current))
507f26f6
TB		 598 {
599 if (current->ifindex == msg->ifi_index)
600 {
601 entry = current;
602 break;
603 }
604 }
e13389a7 605 enumerator->destroy(enumerator);
507f26f6
TB		 606 if (!entry)
607 {
608 entry = malloc_thing(iface_entry_t);
609 entry->ifindex = msg->ifi_index;
610 entry->flags = 0;
611 entry->addrs = linked_list_create();
612 this->ifaces->insert_last(this->ifaces, entry);
613 }
f526b35c 614 strncpy(entry->ifname, name, IFNAMSIZ);
507f26f6
TB		 615 entry->ifname[IFNAMSIZ-1] = '\0';
616 if (event)
617 {
618 if (!(entry->flags & IFF_UP) && (msg->ifi_flags & IFF_UP))
619 {
f834249c 620 update = update_routes = TRUE;
507f26f6
TB		 621 DBG1(DBG_KNL, "interface %s activated", name);
622 }
623 if ((entry->flags & IFF_UP) && !(msg->ifi_flags & IFF_UP))
624 {
625 update = TRUE;
626 DBG1(DBG_KNL, "interface %s deactivated", name);
627 }
628 }
629 entry->flags = msg->ifi_flags;
507f26f6
TB		 630 break;
631 }
632 case RTM_DELLINK:
633 {
e13389a7
MW		 634 enumerator = this->ifaces->create_enumerator(this->ifaces);
635 while (enumerator->enumerate(enumerator, &current))
507f26f6
TB		 636 {
637 if (current->ifindex == msg->ifi_index)
638 {
7b218736
MP		 639 if (event)
640 {
641 update = TRUE;
642 DBG1(DBG_KNL, "interface %s deleted", current->ifname);
643 }
644 this->ifaces->remove_at(this->ifaces, enumerator);
645 iface_entry_destroy(current);
507f26f6
TB		 646 break;
647 }
648 }
e13389a7 649 enumerator->destroy(enumerator);
507f26f6
TB		 650 break;
651 }
652 }
3ac5a0db 653 this->mutex->unlock(this->mutex);
7daf5226 654
f834249c
TB		 655 if (update_routes && event)
656 {
c732e220 657 queue_route_reinstall(this, strdup(name));
f834249c
TB		 658 }
659
507f26f6
TB		 660 /* send an update to all IKE_SAs */
661 if (update && event)
662 {
ba26508d 663 fire_roam_event(this, TRUE);
507f26f6
TB		 664 }
665}
666
667/**
668 * process RTM_NEWADDR/RTM_DELADDR from kernel
669 */
670static void process_addr(private_kernel_netlink_net_t *this,
671 struct nlmsghdr *hdr, bool event)
672{
673 struct ifaddrmsg* msg = (struct ifaddrmsg*)(NLMSG_DATA(hdr));
674 struct rtattr *rta = IFA_RTA(msg);
675 size_t rtasize = IFA_PAYLOAD (hdr);
676 host_t *host = NULL;
e13389a7 677 enumerator_t *ifaces, *addrs;
507f26f6
TB		 678 iface_entry_t *iface;
679 addr_entry_t *addr;
680 chunk_t local = chunk_empty, address = chunk_empty;
f834249c 681 char *route_ifname = NULL;
507f26f6 682 bool update = FALSE, found = FALSE, changed = FALSE;
7daf5226 683
f834249c 684 while (RTA_OK(rta, rtasize))
507f26f6
TB		 685 {
686 switch (rta->rta_type)
687 {
688 case IFA_LOCAL:
689 local.ptr = RTA_DATA(rta);
690 local.len = RTA_PAYLOAD(rta);
691 break;
692 case IFA_ADDRESS:
693 address.ptr = RTA_DATA(rta);
694 address.len = RTA_PAYLOAD(rta);
695 break;
696 }
697 rta = RTA_NEXT(rta, rtasize);
698 }
7daf5226 699
507f26f6
TB		 700 /* For PPP interfaces, we need the IFA_LOCAL address,
701 * IFA_ADDRESS is the peers address. But IFA_LOCAL is
702 * not included in all cases (IPv6?), so fallback to IFA_ADDRESS. */
703 if (local.ptr)
704 {
705 host = host_create_from_chunk(msg->ifa_family, local, 0);
706 }
707 else if (address.ptr)
708 {
709 host = host_create_from_chunk(msg->ifa_family, address, 0);
710 }
7daf5226 711
507f26f6
TB		 712 if (host == NULL)
713 { /* bad family? */
714 return;
715 }
7daf5226 716
3ac5a0db 717 this->mutex->lock(this->mutex);
e13389a7
MW		 718 ifaces = this->ifaces->create_enumerator(this->ifaces);
719 while (ifaces->enumerate(ifaces, &iface))
507f26f6
TB		 720 {
721 if (iface->ifindex == msg->ifa_index)
722 {
e13389a7
MW		 723 addrs = iface->addrs->create_enumerator(iface->addrs);
724 while (addrs->enumerate(addrs, &addr))
507f26f6
TB		 725 {
726 if (host->ip_equals(host, addr->ip))
727 {
728 found = TRUE;
729 if (hdr->nlmsg_type == RTM_DELADDR)
730 {
e13389a7 731 iface->addrs->remove_at(iface->addrs, addrs);
507f26f6
TB		 732 if (!addr->virtual)
733 {
734 changed = TRUE;
735 DBG1(DBG_KNL, "%H disappeared from %s",
736 host, iface->ifname);
737 }
738 addr_entry_destroy(addr);
739 }
740 else if (hdr->nlmsg_type == RTM_NEWADDR && addr->virtual)
741 {
742 addr->refcount = 1;
743 }
744 }
745 }
746 addrs->destroy(addrs);
7daf5226 747
507f26f6
TB		 748 if (hdr->nlmsg_type == RTM_NEWADDR)
749 {
750 if (!found)
751 {
752 found = TRUE;
753 changed = TRUE;
f834249c 754 route_ifname = strdup(iface->ifname);
507f26f6
TB		 755 addr = malloc_thing(addr_entry_t);
756 addr->ip = host->clone(host);
757 addr->virtual = FALSE;
758 addr->refcount = 1;
759 addr->scope = msg->ifa_scope;
7daf5226 760
507f26f6
TB		 761 iface->addrs->insert_last(iface->addrs, addr);
762 if (event)
763 {
764 DBG1(DBG_KNL, "%H appeared on %s", host, iface->ifname);
765 }
766 }
767 }
768 if (found && (iface->flags & IFF_UP))
769 {
770 update = TRUE;
771 }
772 break;
773 }
774 }
775 ifaces->destroy(ifaces);
3ac5a0db 776 this->mutex->unlock(this->mutex);
f834249c
TB		 777
778 if (update && event && route_ifname)
779 {
c732e220 780 queue_route_reinstall(this, route_ifname);
f834249c
TB		 781 }
782 else
783 {
784 free(route_ifname);
785 }
507f26f6 786 host->destroy(host);
7daf5226 787
507f26f6
TB		 788 /* send an update to all IKE_SAs */
789 if (update && event && changed)
790 {
ba26508d 791 fire_roam_event(this, TRUE);
507f26f6
TB		 792 }
793}
794
795/**
796 * process RTM_NEWROUTE and RTM_DELROUTE from kernel
797 */
798static void process_route(private_kernel_netlink_net_t *this, struct nlmsghdr *hdr)
799{
800 struct rtmsg* msg = (struct rtmsg*)(NLMSG_DATA(hdr));
801 struct rtattr *rta = RTM_RTA(msg);
802 size_t rtasize = RTM_PAYLOAD(hdr);
29607690 803 u_int32_t rta_oif = 0;
507f26f6 804 host_t *host = NULL;
7daf5226 805
ec0c756d
TB		 806 /* ignore routes added by us or in the local routing table (local addrs) */
807 if (msg->rtm_table && (msg->rtm_table == this->routing_table ||
808 msg->rtm_table == RT_TABLE_LOCAL))
85be7e5b
MW		 809 {
810 return;
811 }
8ec51f83
TB		 812 else if (msg->rtm_flags & RTM_F_CLONED)
813 { /* ignore cached routes, seem to be created a lot for IPv6 */
814 return;
815 }
7daf5226 816
507f26f6
TB		 817 while (RTA_OK(rta, rtasize))
818 {
819 switch (rta->rta_type)
820 {
821 case RTA_PREFSRC:
862ef49f 822 DESTROY_IF(host);
507f26f6
TB		 823 host = host_create_from_chunk(msg->rtm_family,
824 chunk_create(RTA_DATA(rta), RTA_PAYLOAD(rta)), 0);
825 break;
29607690
TB		 826 case RTA_OIF:
827 if (RTA_PAYLOAD(rta) == sizeof(rta_oif))
828 {
829 rta_oif = *(u_int32_t*)RTA_DATA(rta);
830 }
831 break;
507f26f6
TB		 832 }
833 rta = RTA_NEXT(rta, rtasize);
834 }
29607690
TB		 835 if (!host && rta_oif)
836 {
da6d86dd 837 host = get_interface_address(this, rta_oif, msg->rtm_family, NULL);
29607690 838 }
507f26f6
TB		 839 if (host)
840 {
3ac5a0db 841 this->mutex->lock(this->mutex);
507f26f6
TB		 842 if (!get_vip_refcount(this, host))
843 { /* ignore routes added for virtual IPs */
ba26508d 844 fire_roam_event(this, FALSE);
507f26f6 845 }
3ac5a0db 846 this->mutex->unlock(this->mutex);
507f26f6
TB		 847 host->destroy(host);
848 }
849}
850
851/**
852 * Receives events from kernel
853 */
854static job_requeue_t receive_events(private_kernel_netlink_net_t *this)
855{
856 char response[1024];
857 struct nlmsghdr *hdr = (struct nlmsghdr*)response;
858 struct sockaddr_nl addr;
859 socklen_t addr_len = sizeof(addr);
4a5a5dd2
TB		 860 int len;
861 bool oldstate;
507f26f6 862
4a5a5dd2 863 oldstate = thread_cancelability(TRUE);
507f26f6
TB		 864 len = recvfrom(this->socket_events, response, sizeof(response), 0,
865 (struct sockaddr*)&addr, &addr_len);
4a5a5dd2 866 thread_cancelability(oldstate);
7daf5226 867
507f26f6
TB		 868 if (len < 0)
869 {
870 switch (errno)
871 {
872 case EINTR:
873 /* interrupted, try again */
874 return JOB_REQUEUE_DIRECT;
875 case EAGAIN:
876 /* no data ready, select again */
877 return JOB_REQUEUE_DIRECT;
878 default:
879 DBG1(DBG_KNL, "unable to receive from rt event socket");
880 sleep(1);
881 return JOB_REQUEUE_FAIR;
882 }
883 }
7daf5226 884
507f26f6
TB		 885 if (addr.nl_pid != 0)
886 { /* not from kernel. not interested, try another one */
887 return JOB_REQUEUE_DIRECT;
888 }
7daf5226 889
507f26f6
TB		 890 while (NLMSG_OK(hdr, len))
891 {
892 /* looks good so far, dispatch netlink message */
893 switch (hdr->nlmsg_type)
894 {
895 case RTM_NEWADDR:
896 case RTM_DELADDR:
897 process_addr(this, hdr, TRUE);
3ac5a0db 898 this->condvar->broadcast(this->condvar);
507f26f6
TB		 899 break;
900 case RTM_NEWLINK:
901 case RTM_DELLINK:
902 process_link(this, hdr, TRUE);
3ac5a0db 903 this->condvar->broadcast(this->condvar);
507f26f6
TB		 904 break;
905 case RTM_NEWROUTE:
906 case RTM_DELROUTE:
907 if (this->process_route)
908 {
909 process_route(this, hdr);
910 }
911 break;
912 default:
913 break;
914 }
915 hdr = NLMSG_NEXT(hdr, len);
916 }
917 return JOB_REQUEUE_DIRECT;
918}
919
920/** enumerator over addresses */
921typedef struct {
922 private_kernel_netlink_net_t* this;
923 /** whether to enumerate down interfaces */
924 bool include_down_ifaces;
7daf5226 925 /** whether to enumerate virtual ip addresses */
507f26f6
TB		 926 bool include_virtual_ips;
927} address_enumerator_t;
928
929/**
930 * cleanup function for address enumerator
931 */
932static void address_enumerator_destroy(address_enumerator_t *data)
933{
3ac5a0db 934 data->this->mutex->unlock(data->this->mutex);
507f26f6
TB		 935 free(data);
936}
937
938/**
939 * filter for addresses
940 */
887abfb1
MW		 941static bool filter_addresses(address_enumerator_t *data,
942 addr_entry_t** in, host_t** out)
507f26f6
TB		 943{
944 if (!data->include_virtual_ips && (*in)->virtual)
945 { /* skip virtual interfaces added by us */
946 return FALSE;
947 }
948 if ((*in)->scope >= RT_SCOPE_LINK)
949 { /* skip addresses with a unusable scope */
950 return FALSE;
951 }
952 *out = (*in)->ip;
953 return TRUE;
954}
955
956/**
957 * enumerator constructor for interfaces
958 */
887abfb1
MW		 959static enumerator_t *create_iface_enumerator(iface_entry_t *iface,
960 address_enumerator_t *data)
507f26f6 961{
887abfb1
MW		 962 return enumerator_create_filter(
963 iface->addrs->create_enumerator(iface->addrs),
507f26f6
TB		 964 (void*)filter_addresses, data, NULL);
965}
966
967/**
968 * filter for interfaces
969 */
887abfb1
MW		 970static bool filter_interfaces(address_enumerator_t *data, iface_entry_t** in,
971 iface_entry_t** out)
507f26f6
TB		 972{
973 if (!data->include_down_ifaces && !((*in)->flags & IFF_UP))
974 { /* skip interfaces not up */
975 return FALSE;
976 }
977 *out = *in;
978 return TRUE;
979}
980
887abfb1
MW		 981METHOD(kernel_net_t, create_address_enumerator, enumerator_t*,
982 private_kernel_netlink_net_t *this,
983 bool include_down_ifaces, bool include_virtual_ips)
507f26f6
TB		 984{
985 address_enumerator_t *data = malloc_thing(address_enumerator_t);
986 data->this = this;
987 data->include_down_ifaces = include_down_ifaces;
988 data->include_virtual_ips = include_virtual_ips;
7daf5226 989
3ac5a0db 990 this->mutex->lock(this->mutex);
507f26f6 991 return enumerator_create_nested(
887abfb1
MW		 992 enumerator_create_filter(
993 this->ifaces->create_enumerator(this->ifaces),
994 (void*)filter_interfaces, data, NULL),
995 (void*)create_iface_enumerator, data,
996 (void*)address_enumerator_destroy);
507f26f6
TB		 997}
998
887abfb1
MW		 999METHOD(kernel_net_t, get_interface_name, char*,
1000 private_kernel_netlink_net_t *this, host_t* ip)
507f26f6 1001{
e13389a7 1002 enumerator_t *ifaces, *addrs;
507f26f6
TB		 1003 iface_entry_t *iface;
1004 addr_entry_t *addr;
1005 char *name = NULL;
7daf5226 1006
507f26f6 1007 DBG2(DBG_KNL, "getting interface name for %H", ip);
7daf5226 1008
3ac5a0db 1009 this->mutex->lock(this->mutex);
e13389a7
MW		 1010 ifaces = this->ifaces->create_enumerator(this->ifaces);
1011 while (ifaces->enumerate(ifaces, &iface))
507f26f6 1012 {
e13389a7
MW		 1013 addrs = iface->addrs->create_enumerator(iface->addrs);
1014 while (addrs->enumerate(addrs, &addr))
507f26f6
TB		 1015 {
1016 if (ip->ip_equals(ip, addr->ip))
1017 {
1018 name = strdup(iface->ifname);
1019 break;
1020 }
1021 }
1022 addrs->destroy(addrs);
1023 if (name)
1024 {
1025 break;
1026 }
1027 }
1028 ifaces->destroy(ifaces);
3ac5a0db 1029 this->mutex->unlock(this->mutex);
7daf5226 1030
507f26f6
TB		 1031 if (name)
1032 {
1033 DBG2(DBG_KNL, "%H is on interface %s", ip, name);
1034 }
1035 else
1036 {
1037 DBG2(DBG_KNL, "%H is not a local address", ip);
1038 }
1039 return name;
1040}
1041
1042/**
1043 * get the index of an interface by name
1044 */
1045static int get_interface_index(private_kernel_netlink_net_t *this, char* name)
1046{
e13389a7 1047 enumerator_t *ifaces;
507f26f6
TB		 1048 iface_entry_t *iface;
1049 int ifindex = 0;
7daf5226 1050
507f26f6 1051 DBG2(DBG_KNL, "getting iface index for %s", name);
7daf5226 1052
3ac5a0db 1053 this->mutex->lock(this->mutex);
e13389a7
MW		 1054 ifaces = this->ifaces->create_enumerator(this->ifaces);
1055 while (ifaces->enumerate(ifaces, &iface))
507f26f6
TB		 1056 {
1057 if (streq(name, iface->ifname))
1058 {
1059 ifindex = iface->ifindex;
1060 break;
1061 }
1062 }
1063 ifaces->destroy(ifaces);
3ac5a0db 1064 this->mutex->unlock(this->mutex);
507f26f6
TB		 1065
1066 if (ifindex == 0)
1067 {
1068 DBG1(DBG_KNL, "unable to get interface index for %s", name);
1069 }
1070 return ifindex;
1071}
1072
fb6c8591
MW		 1073/**
1074 * Check if an interface with a given index is up
1075 */
1076static bool is_interface_up(private_kernel_netlink_net_t *this, int index)
1077{
1078 enumerator_t *ifaces;
1079 iface_entry_t *iface;
32f59c56
MW		 1080 /* default to TRUE for interface we do not monitor (e.g. lo) */
1081 bool up = TRUE;
7daf5226 1082
fb6c8591
MW		 1083 ifaces = this->ifaces->create_enumerator(this->ifaces);
1084 while (ifaces->enumerate(ifaces, &iface))
1085 {
1086 if (iface->ifindex == index)
1087 {
1088 up = iface->flags & IFF_UP;
1089 break;
1090 }
1091 }
1092 ifaces->destroy(ifaces);
1093 return up;
1094}
1095
507f26f6
TB		 1096/**
1097 * check if an address (chunk) addr is in subnet (net with net_len net bits)
1098 */
1099static bool addr_in_subnet(chunk_t addr, chunk_t net, int net_len)
1100{
03d5f411
AS		 1101 static const u_char mask[] = { 0x00, 0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe };
1102 int byte = 0;
7daf5226 1103
d1769942
MW		 1104 if (net_len == 0)
1105 { /* any address matches a /0 network */
1106 return TRUE;
1107 }
03d5f411 1108 if (addr.len != net.len || net_len > 8 * net.len )
507f26f6
TB		 1109 {
1110 return FALSE;
1111 }
03d5f411
AS		 1112 /* scan through all bytes in network order */
1113 while (net_len > 0)
507f26f6 1114 {
03d5f411 1115 if (net_len < 8)
507f26f6 1116 {
03d5f411
AS		 1117 return (mask[net_len] & addr.ptr[byte]) == (mask[net_len] & net.ptr[byte]);
1118 }
1119 else
1120 {
1121 if (addr.ptr[byte] != net.ptr[byte])
507f26f6
TB		 1122 {
1123 return FALSE;
1124 }
03d5f411
AS		 1125 byte++;
1126 net_len -= 8;
507f26f6
TB		 1127 }
1128 }
1129 return TRUE;
1130}
1131
1132/**
1133 * Get a route: If "nexthop", the nexthop is returned. source addr otherwise.
1134 */
1135static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest,
ce5b1708 1136 bool nexthop, host_t *candidate)
507f26f6 1137{
21bf86f7 1138 netlink_buf_t request;
507f26f6
TB		 1139 struct nlmsghdr *hdr, *out, *current;
1140 struct rtmsg *msg;
1141 chunk_t chunk;
1142 size_t len;
1143 int best = -1;
d266e895 1144 enumerator_t *enumerator;
507f26f6 1145 host_t *src = NULL, *gtw = NULL;
7daf5226 1146
507f26f6 1147 DBG2(DBG_KNL, "getting address to reach %H", dest);
7daf5226 1148
507f26f6
TB		 1149 memset(&request, 0, sizeof(request));
1150
1151 hdr = (struct nlmsghdr*)request;
5be75c2c 1152 hdr->nlmsg_flags = NLM_F_REQUEST;
7beb31aa
TB		 1153 if (dest->get_family(dest) == AF_INET || this->rta_prefsrc_for_ipv6 ||
1154 this->routing_table)
1155 { /* kernels prior to 3.0 do not support RTA_PREFSRC for IPv6 routes.
1156 * as we want to ignore routes with virtual IPs we cannot use DUMP
1157 * if these routes are not installed in a separate table */
5c1332bf 1158 hdr->nlmsg_flags |= NLM_F_DUMP;
5be75c2c 1159 }
507f26f6
TB		 1160 hdr->nlmsg_type = RTM_GETROUTE;
1161 hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct rtmsg));
1162
1163 msg = (struct rtmsg*)NLMSG_DATA(hdr);
1164 msg->rtm_family = dest->get_family(dest);
ce5b1708
MW		 1165 if (candidate)
1166 {
1167 chunk = candidate->get_address(candidate);
1168 netlink_add_attribute(hdr, RTA_PREFSRC, chunk, sizeof(request));
1169 }
d1769942
MW		 1170 chunk = dest->get_address(dest);
1171 netlink_add_attribute(hdr, RTA_DST, chunk, sizeof(request));
7daf5226 1172
507f26f6
TB		 1173 if (this->socket->send(this->socket, hdr, &out, &len) != SUCCESS)
1174 {
1175 DBG1(DBG_KNL, "getting address to %H failed", dest);
1176 return NULL;
1177 }
3ac5a0db 1178 this->mutex->lock(this->mutex);
36b7ba5e
MW		 1179
1180 for (current = out; NLMSG_OK(current, len);
1181 current = NLMSG_NEXT(current, len))
507f26f6 1182 {
da6d86dd
TB		 1183 if (!nexthop && candidate && src && src->ip_equals(src, candidate))
1184 { /* if we found a route that includes our preferred source address
1185 * we stop looking for any other routes. this is mainly for the
1186 * DUMP cases as there the RTA_PREFSRC attribute has no effect */
1187 break;
1188 }
1189
507f26f6
TB		 1190 switch (current->nlmsg_type)
1191 {
1192 case NLMSG_DONE:
1193 break;
1194 case RTM_NEWROUTE:
1195 {
1196 struct rtattr *rta;
1197 size_t rtasize;
1198 chunk_t rta_gtw, rta_src, rta_dst;
2e370a30 1199 u_int32_t rta_oif = 0, rta_table;
d1769942 1200 host_t *new_src, *new_gtw;
d266e895
TE		 1201 bool cont = FALSE;
1202 uintptr_t table;
7daf5226 1203
507f26f6
TB		 1204 rta_gtw = rta_src = rta_dst = chunk_empty;
1205 msg = (struct rtmsg*)(NLMSG_DATA(current));
1206 rta = RTM_RTA(msg);
1207 rtasize = RTM_PAYLOAD(current);
2e370a30 1208 rta_table = msg->rtm_table;
507f26f6
TB		 1209 while (RTA_OK(rta, rtasize))
1210 {
1211 switch (rta->rta_type)
1212 {
1213 case RTA_PREFSRC:
1214 rta_src = chunk_create(RTA_DATA(rta), RTA_PAYLOAD(rta));
1215 break;
1216 case RTA_GATEWAY:
1217 rta_gtw = chunk_create(RTA_DATA(rta), RTA_PAYLOAD(rta));
1218 break;
1219 case RTA_DST:
1220 rta_dst = chunk_create(RTA_DATA(rta), RTA_PAYLOAD(rta));
1221 break;
1222 case RTA_OIF:
1223 if (RTA_PAYLOAD(rta) == sizeof(rta_oif))
1224 {
1225 rta_oif = *(u_int32_t*)RTA_DATA(rta);
1226 }
1227 break;
439cb93c 1228#ifdef HAVE_RTA_TABLE
2e370a30
TB		 1229 case RTA_TABLE:
1230 if (RTA_PAYLOAD(rta) == sizeof(rta_table))
1231 {
1232 rta_table = *(u_int32_t*)RTA_DATA(rta);
1233 }
1234 break;
439cb93c 1235#endif /* HAVE_RTA_TABLE*/
507f26f6
TB		 1236 }
1237 rta = RTA_NEXT(rta, rtasize);
1238 }
cef0a811
TB		 1239 if (msg->rtm_dst_len < best ||
1240 msg->rtm_dst_len == best && (nexthop || !candidate))
1241 { /* not better than a previous one, but if a preferred source
1242 * address is specified, we still check equal routes */
36b7ba5e 1243 continue;
fb6c8591 1244 }
d266e895
TE		 1245 enumerator = this->rt_exclude->create_enumerator(this->rt_exclude);
1246 while (enumerator->enumerate(enumerator, &table))
1247 {
2e370a30 1248 if (table == rta_table)
d266e895
TE		 1249 {
1250 cont = TRUE;
1251 break;
1252 }
1253 }
1254 enumerator->destroy(enumerator);
1255 if (cont)
1256 {
1257 continue;
1258 }
fb6c8591 1259 if (this->routing_table != 0 &&
2e370a30 1260 rta_table == this->routing_table)
fb6c8591 1261 { /* route is from our own ipsec routing table */
36b7ba5e 1262 continue;
fb6c8591 1263 }
d1769942
MW		 1264 if (rta_oif && !is_interface_up(this, rta_oif))
1265 { /* interface is down */
36b7ba5e 1266 continue;
fb6c8591 1267 }
d1769942
MW		 1268 if (!addr_in_subnet(chunk, rta_dst, msg->rtm_dst_len))
1269 { /* route destination does not contain dest */
36b7ba5e 1270 continue;
fb6c8591 1271 }
7daf5226 1272
fb6c8591 1273 if (nexthop)
507f26f6 1274 {
4a03e85b
MW		 1275 /* nexthop lookup, return gateway if any */
1276 DESTROY_IF(gtw);
1277 gtw = host_create_from_chunk(msg->rtm_family, rta_gtw, 0);
1278 best = msg->rtm_dst_len;
36b7ba5e 1279 continue;
fb6c8591 1280 }
9d6b02d6
TB		 1281
1282 /* try to find an appropriate source address */
fb6c8591 1283 if (rta_src.ptr)
9d6b02d6
TB		 1284 { /* got a source address with the route */
1285 new_src = host_create_from_chunk(msg->rtm_family,
1286 rta_src, 0);
0406ed7a 1287 if (new_src)
d1769942 1288 {
0406ed7a 1289 if (get_vip_refcount(this, new_src))
9d6b02d6 1290 { /* skip route if it is installed by us */
0406ed7a 1291 new_src->destroy(new_src);
9d6b02d6 1292 continue;
0406ed7a 1293 }
9d6b02d6
TB		 1294 DESTROY_IF(src);
1295 src = new_src;
1296 if (candidate && !src->ip_equals(src, candidate) &&
1297 rta_oif)
1298 { /* this source does not match our preferred source.
1299 * but maybe it is assigned to the same iface */
1300 new_src = get_interface_address(this, rta_oif,
1301 msg->rtm_family,
1302 candidate);
1303 if (new_src &&
1304 new_src->ip_equals(new_src, candidate))
1305 {
1306 DESTROY_IF(src);
1307 src = new_src;
1308 }
1309 else
1310 {
1311 DESTROY_IF(new_src);
1312 }
0406ed7a 1313 }
9d6b02d6 1314 best = msg->rtm_dst_len;
507f26f6 1315 }
36b7ba5e 1316 continue;
fb6c8591 1317 }
0ac6d2e6 1318 if (rta_oif)
9d6b02d6 1319 { /* no src, but an interface - get address from it */
0ac6d2e6 1320 new_src = get_interface_address(this, rta_oif,
da6d86dd 1321 msg->rtm_family, candidate);
0ac6d2e6
TB		 1322 if (new_src)
1323 {
1324 DESTROY_IF(src);
1325 src = new_src;
1326 best = msg->rtm_dst_len;
1327 }
1328 continue;
1329 }
d1769942 1330 if (rta_gtw.ptr)
9d6b02d6 1331 { /* no src, but a gateway - lookup src to reach gtw */
d1769942
MW		 1332 new_gtw = host_create_from_chunk(msg->rtm_family, rta_gtw, 0);
1333 new_src = get_route(this, new_gtw, FALSE, candidate);
1334 new_gtw->destroy(new_gtw);
1335 if (new_src)
507f26f6 1336 {
d1769942
MW		 1337 DESTROY_IF(src);
1338 src = new_src;
1339 best = msg->rtm_dst_len;
507f26f6 1340 }
36b7ba5e 1341 continue;
507f26f6 1342 }
36b7ba5e 1343 continue;
507f26f6
TB		 1344 }
1345 default:
507f26f6
TB		 1346 continue;
1347 }
1348 break;
1349 }
1350 free(out);
3ac5a0db 1351 this->mutex->unlock(this->mutex);
7daf5226 1352
507f26f6
TB		 1353 if (nexthop)
1354 {
1355 if (gtw)
1356 {
1357 return gtw;
1358 }
1359 return dest->clone(dest);
1360 }
1361 return src;
1362}
1363
887abfb1
MW		 1364METHOD(kernel_net_t, get_source_addr, host_t*,
1365 private_kernel_netlink_net_t *this, host_t *dest, host_t *src)
507f26f6 1366{
ce5b1708 1367 return get_route(this, dest, FALSE, src);
507f26f6
TB		 1368}
1369
887abfb1
MW		 1370METHOD(kernel_net_t, get_nexthop, host_t*,
1371 private_kernel_netlink_net_t *this, host_t *dest)
507f26f6 1372{
ce5b1708 1373 return get_route(this, dest, TRUE, NULL);
507f26f6
TB		 1374}
1375
1376/**
1377 * Manages the creation and deletion of ip addresses on an interface.
1378 * By setting the appropriate nlmsg_type, the ip will be set or unset.
1379 */
1380static status_t manage_ipaddr(private_kernel_netlink_net_t *this, int nlmsg_type,
1381 int flags, int if_index, host_t *ip)
1382{
21bf86f7 1383 netlink_buf_t request;
507f26f6
TB		 1384 struct nlmsghdr *hdr;
1385 struct ifaddrmsg *msg;
1386 chunk_t chunk;
7daf5226 1387
507f26f6 1388 memset(&request, 0, sizeof(request));
7daf5226 1389
507f26f6 1390 chunk = ip->get_address(ip);
7daf5226 1391
323f9f99 1392 hdr = (struct nlmsghdr*)request;
507f26f6 1393 hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK | flags;
7daf5226 1394 hdr->nlmsg_type = nlmsg_type;
507f26f6 1395 hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct ifaddrmsg));
7daf5226 1396
507f26f6 1397 msg = (struct ifaddrmsg*)NLMSG_DATA(hdr);
323f9f99
MW		 1398 msg->ifa_family = ip->get_family(ip);
1399 msg->ifa_flags = 0;
1400 msg->ifa_prefixlen = 8 * chunk.len;
1401 msg->ifa_scope = RT_SCOPE_UNIVERSE;
1402 msg->ifa_index = if_index;
7daf5226 1403
507f26f6
TB		 1404 netlink_add_attribute(hdr, IFA_LOCAL, chunk, sizeof(request));
1405
1406 return this->socket->send_ack(this->socket, hdr);
1407}
1408
887abfb1
MW		 1409METHOD(kernel_net_t, add_ip, status_t,
1410 private_kernel_netlink_net_t *this, host_t *virtual_ip, host_t *iface_ip)
507f26f6
TB		 1411{
1412 iface_entry_t *iface;
1413 addr_entry_t *addr;
e13389a7 1414 enumerator_t *addrs, *ifaces;
507f26f6 1415 int ifindex;
7daf5226 1416
9474a0d9
MW		 1417 if (!this->install_virtual_ip)
1418 { /* disabled by config */
1419 return SUCCESS;
1420 }
7daf5226 1421
507f26f6 1422 DBG2(DBG_KNL, "adding virtual IP %H", virtual_ip);
7daf5226 1423
3ac5a0db 1424 this->mutex->lock(this->mutex);
e13389a7
MW		 1425 ifaces = this->ifaces->create_enumerator(this->ifaces);
1426 while (ifaces->enumerate(ifaces, &iface))
507f26f6
TB		 1427 {
1428 bool iface_found = FALSE;
7daf5226 1429
e13389a7
MW		 1430 addrs = iface->addrs->create_enumerator(iface->addrs);
1431 while (addrs->enumerate(addrs, &addr))
507f26f6
TB		 1432 {
1433 if (iface_ip->ip_equals(iface_ip, addr->ip))
1434 {
1435 iface_found = TRUE;
1436 }
1437 else if (virtual_ip->ip_equals(virtual_ip, addr->ip))
1438 {
1439 addr->refcount++;
1440 DBG2(DBG_KNL, "virtual IP %H already installed on %s",
1441 virtual_ip, iface->ifname);
1442 addrs->destroy(addrs);
1443 ifaces->destroy(ifaces);
3ac5a0db 1444 this->mutex->unlock(this->mutex);
507f26f6
TB		 1445 return SUCCESS;
1446 }
1447 }
1448 addrs->destroy(addrs);
7daf5226 1449
507f26f6
TB		 1450 if (iface_found)
1451 {
1452 ifindex = iface->ifindex;
1453 addr = malloc_thing(addr_entry_t);
1454 addr->ip = virtual_ip->clone(virtual_ip);
1455 addr->refcount = 0;
1456 addr->virtual = TRUE;
1457 addr->scope = RT_SCOPE_UNIVERSE;
1458 iface->addrs->insert_last(iface->addrs, addr);
7daf5226 1459
507f26f6
TB		 1460 if (manage_ipaddr(this, RTM_NEWADDR, NLM_F_CREATE | NLM_F_EXCL,
1461 ifindex, virtual_ip) == SUCCESS)
1462 {
1463 while (get_vip_refcount(this, virtual_ip) == 0)
1464 { /* wait until address appears */
3ac5a0db 1465 this->condvar->wait(this->condvar, this->mutex);
507f26f6
TB		 1466 }
1467 ifaces->destroy(ifaces);
3ac5a0db 1468 this->mutex->unlock(this->mutex);
507f26f6
TB		 1469 return SUCCESS;
1470 }
1471 ifaces->destroy(ifaces);
3ac5a0db 1472 this->mutex->unlock(this->mutex);
507f26f6
TB		 1473 DBG1(DBG_KNL, "adding virtual IP %H failed", virtual_ip);
1474 return FAILED;
1475 }
1476 }
1477 ifaces->destroy(ifaces);
3ac5a0db 1478 this->mutex->unlock(this->mutex);
7daf5226 1479
507f26f6
TB		 1480 DBG1(DBG_KNL, "interface address %H not found, unable to install"
1481 "virtual IP %H", iface_ip, virtual_ip);
1482 return FAILED;
1483}
1484
887abfb1
MW		 1485METHOD(kernel_net_t, del_ip, status_t,
1486 private_kernel_netlink_net_t *this, host_t *virtual_ip)
507f26f6
TB		 1487{
1488 iface_entry_t *iface;
1489 addr_entry_t *addr;
e13389a7 1490 enumerator_t *addrs, *ifaces;
507f26f6
TB		 1491 status_t status;
1492 int ifindex;
7daf5226 1493
9474a0d9
MW		 1494 if (!this->install_virtual_ip)
1495 { /* disabled by config */
1496 return SUCCESS;
1497 }
7daf5226 1498
507f26f6 1499 DBG2(DBG_KNL, "deleting virtual IP %H", virtual_ip);
7daf5226 1500
3ac5a0db 1501 this->mutex->lock(this->mutex);
e13389a7
MW		 1502 ifaces = this->ifaces->create_enumerator(this->ifaces);
1503 while (ifaces->enumerate(ifaces, &iface))
507f26f6 1504 {
e13389a7
MW		 1505 addrs = iface->addrs->create_enumerator(iface->addrs);
1506 while (addrs->enumerate(addrs, &addr))
507f26f6
TB		 1507 {
1508 if (virtual_ip->ip_equals(virtual_ip, addr->ip))
1509 {
1510 ifindex = iface->ifindex;
1511 if (addr->refcount == 1)
1512 {
1513 status = manage_ipaddr(this, RTM_DELADDR, 0,
b9b8a98f 1514 ifindex, virtual_ip);
507f26f6
TB		 1515 if (status == SUCCESS)
1516 { /* wait until the address is really gone */
1517 while (get_vip_refcount(this, virtual_ip) > 0)
1518 {
3ac5a0db 1519 this->condvar->wait(this->condvar, this->mutex);
507f26f6
TB		 1520 }
1521 }
1522 addrs->destroy(addrs);
1523 ifaces->destroy(ifaces);
3ac5a0db 1524 this->mutex->unlock(this->mutex);
507f26f6
TB		 1525 return status;
1526 }
1527 else
1528 {
1529 addr->refcount--;
1530 }
1531 DBG2(DBG_KNL, "virtual IP %H used by other SAs, not deleting",
1532 virtual_ip);
1533 addrs->destroy(addrs);
1534 ifaces->destroy(ifaces);
3ac5a0db 1535 this->mutex->unlock(this->mutex);
507f26f6
TB		 1536 return SUCCESS;
1537 }
1538 }
1539 addrs->destroy(addrs);
1540 }
1541 ifaces->destroy(ifaces);
3ac5a0db 1542 this->mutex->unlock(this->mutex);
7daf5226 1543
507f26f6
TB		 1544 DBG2(DBG_KNL, "virtual IP %H not cached, unable to delete", virtual_ip);
1545 return FAILED;
1546}
1547
1548/**
1549 * Manages source routes in the routing table.
1550 * By setting the appropriate nlmsg_type, the route gets added or removed.
1551 */
74ba22c9
TB		 1552static status_t manage_srcroute(private_kernel_netlink_net_t *this,
1553 int nlmsg_type, int flags, chunk_t dst_net,
1554 u_int8_t prefixlen, host_t *gateway,
1555 host_t *src_ip, char *if_name)
507f26f6 1556{
21bf86f7 1557 netlink_buf_t request;
507f26f6
TB		 1558 struct nlmsghdr *hdr;
1559 struct rtmsg *msg;
1560 int ifindex;
1561 chunk_t chunk;
1562
1563 /* if route is 0.0.0.0/0, we can't install it, as it would
1564 * overwrite the default route. Instead, we add two routes:
1565 * 0.0.0.0/1 and 128.0.0.0/1 */
1566 if (this->routing_table == 0 && prefixlen == 0)
1567 {
1568 chunk_t half_net;
1569 u_int8_t half_prefixlen;
1570 status_t status;
7daf5226 1571
507f26f6
TB		 1572 half_net = chunk_alloca(dst_net.len);
1573 memset(half_net.ptr, 0, half_net.len);
1574 half_prefixlen = 1;
7daf5226 1575
507f26f6
TB		 1576 status = manage_srcroute(this, nlmsg_type, flags, half_net, half_prefixlen,
1577 gateway, src_ip, if_name);
1578 half_net.ptr[0] |= 0x80;
1579 status = manage_srcroute(this, nlmsg_type, flags, half_net, half_prefixlen,
1580 gateway, src_ip, if_name);
1581 return status;
1582 }
7daf5226 1583
507f26f6
TB		 1584 memset(&request, 0, sizeof(request));
1585
1586 hdr = (struct nlmsghdr*)request;
1587 hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK | flags;
1588 hdr->nlmsg_type = nlmsg_type;
1589 hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct rtmsg));
1590
1591 msg = (struct rtmsg*)NLMSG_DATA(hdr);
1592 msg->rtm_family = src_ip->get_family(src_ip);
1593 msg->rtm_dst_len = prefixlen;
1594 msg->rtm_table = this->routing_table;
1595 msg->rtm_protocol = RTPROT_STATIC;
1596 msg->rtm_type = RTN_UNICAST;
1597 msg->rtm_scope = RT_SCOPE_UNIVERSE;
7daf5226 1598
507f26f6
TB		 1599 netlink_add_attribute(hdr, RTA_DST, dst_net, sizeof(request));
1600 chunk = src_ip->get_address(src_ip);
1601 netlink_add_attribute(hdr, RTA_PREFSRC, chunk, sizeof(request));
5be75c2c
MW		 1602 if (gateway && gateway->get_family(gateway) == src_ip->get_family(src_ip))
1603 {
1604 chunk = gateway->get_address(gateway);
1605 netlink_add_attribute(hdr, RTA_GATEWAY, chunk, sizeof(request));
1606 }
507f26f6
TB		 1607 ifindex = get_interface_index(this, if_name);
1608 chunk.ptr = (char*)&ifindex;
1609 chunk.len = sizeof(ifindex);
1610 netlink_add_attribute(hdr, RTA_OIF, chunk, sizeof(request));
1611
1612 return this->socket->send_ack(this->socket, hdr);
1613}
1614
887abfb1
MW		 1615METHOD(kernel_net_t, add_route, status_t,
1616 private_kernel_netlink_net_t *this, chunk_t dst_net, u_int8_t prefixlen,
1617 host_t *gateway, host_t *src_ip, char *if_name)
507f26f6 1618{
74ba22c9
TB		 1619 status_t status;
1620 route_entry_t *found, route = {
1621 .dst_net = dst_net,
1622 .prefixlen = prefixlen,
1623 .gateway = gateway,
1624 .src_ip = src_ip,
1625 .if_name = if_name,
1626 };
1627
1628 this->mutex->lock(this->mutex);
1629 found = this->routes->get(this->routes, &route);
1630 if (found)
1631 {
1632 this->mutex->unlock(this->mutex);
1633 return ALREADY_DONE;
1634 }
1635 found = route_entry_clone(&route);
1636 this->routes->put(this->routes, found, found);
1637 status = manage_srcroute(this, RTM_NEWROUTE, NLM_F_CREATE | NLM_F_EXCL,
1638 dst_net, prefixlen, gateway, src_ip, if_name);
1639 this->mutex->unlock(this->mutex);
1640 return status;
507f26f6 1641}
7daf5226 1642
887abfb1
MW		 1643METHOD(kernel_net_t, del_route, status_t,
1644 private_kernel_netlink_net_t *this, chunk_t dst_net, u_int8_t prefixlen,
1645 host_t *gateway, host_t *src_ip, char *if_name)
507f26f6 1646{
74ba22c9
TB		 1647 status_t status;
1648 route_entry_t *found, route = {
1649 .dst_net = dst_net,
1650 .prefixlen = prefixlen,
1651 .gateway = gateway,
1652 .src_ip = src_ip,
1653 .if_name = if_name,
1654 };
1655
1656 this->mutex->lock(this->mutex);
1657 found = this->routes->get(this->routes, &route);
1658 if (!found)
1659 {
1660 this->mutex->unlock(this->mutex);
1661 return NOT_FOUND;
1662 }
1663 this->routes->remove(this->routes, found);
1664 route_entry_destroy(found);
1665 status = manage_srcroute(this, RTM_DELROUTE, 0, dst_net, prefixlen,
1666 gateway, src_ip, if_name);
1667 this->mutex->unlock(this->mutex);
1668 return status;
507f26f6
TB		 1669}
1670
1671/**
1672 * Initialize a list of local addresses.
1673 */
1674static status_t init_address_list(private_kernel_netlink_net_t *this)
1675{
21bf86f7 1676 netlink_buf_t request;
507f26f6
TB		 1677 struct nlmsghdr *out, *current, *in;
1678 struct rtgenmsg *msg;
1679 size_t len;
e13389a7 1680 enumerator_t *ifaces, *addrs;
507f26f6
TB		 1681 iface_entry_t *iface;
1682 addr_entry_t *addr;
7daf5226 1683
31a0e24b 1684 DBG2(DBG_KNL, "known interfaces and IP addresses:");
7daf5226 1685
507f26f6
TB		 1686 memset(&request, 0, sizeof(request));
1687
1688 in = (struct nlmsghdr*)&request;
1689 in->nlmsg_len = NLMSG_LENGTH(sizeof(struct rtgenmsg));
1690 in->nlmsg_flags = NLM_F_REQUEST | NLM_F_MATCH | NLM_F_ROOT;
1691 msg = (struct rtgenmsg*)NLMSG_DATA(in);
1692 msg->rtgen_family = AF_UNSPEC;
7daf5226 1693
507f26f6
TB		 1694 /* get all links */
1695 in->nlmsg_type = RTM_GETLINK;
1696 if (this->socket->send(this->socket, in, &out, &len) != SUCCESS)
1697 {
1698 return FAILED;
1699 }
1700 current = out;
1701 while (NLMSG_OK(current, len))
1702 {
1703 switch (current->nlmsg_type)
1704 {
1705 case NLMSG_DONE:
1706 break;
1707 case RTM_NEWLINK:
1708 process_link(this, current, FALSE);
1709 /* fall through */
1710 default:
1711 current = NLMSG_NEXT(current, len);
1712 continue;
1713 }
1714 break;
1715 }
1716 free(out);
7daf5226 1717
507f26f6
TB		 1718 /* get all interface addresses */
1719 in->nlmsg_type = RTM_GETADDR;
1720 if (this->socket->send(this->socket, in, &out, &len) != SUCCESS)
1721 {
1722 return FAILED;
1723 }
1724 current = out;
1725 while (NLMSG_OK(current, len))
1726 {
1727 switch (current->nlmsg_type)
1728 {
1729 case NLMSG_DONE:
1730 break;
1731 case RTM_NEWADDR:
1732 process_addr(this, current, FALSE);
1733 /* fall through */
1734 default:
1735 current = NLMSG_NEXT(current, len);
1736 continue;
1737 }
1738 break;
1739 }
1740 free(out);
7daf5226 1741
3ac5a0db 1742 this->mutex->lock(this->mutex);
e13389a7
MW		 1743 ifaces = this->ifaces->create_enumerator(this->ifaces);
1744 while (ifaces->enumerate(ifaces, &iface))
507f26f6
TB		 1745 {
1746 if (iface->flags & IFF_UP)
1747 {
31a0e24b 1748 DBG2(DBG_KNL, " %s", iface->ifname);
e13389a7
MW		 1749 addrs = iface->addrs->create_enumerator(iface->addrs);
1750 while (addrs->enumerate(addrs, (void**)&addr))
507f26f6 1751 {
31a0e24b 1752 DBG2(DBG_KNL, " %H", addr->ip);
507f26f6
TB		 1753 }
1754 addrs->destroy(addrs);
1755 }
1756 }
1757 ifaces->destroy(ifaces);
3ac5a0db 1758 this->mutex->unlock(this->mutex);
507f26f6
TB		 1759 return SUCCESS;
1760}
1761
1762/**
1763 * create or delete a rule to use our routing table
1764 */
1765static status_t manage_rule(private_kernel_netlink_net_t *this, int nlmsg_type,
5be75c2c 1766 int family, u_int32_t table, u_int32_t prio)
507f26f6 1767{
21bf86f7 1768 netlink_buf_t request;
507f26f6
TB		 1769 struct nlmsghdr *hdr;
1770 struct rtmsg *msg;
1771 chunk_t chunk;
1772
7daf5226 1773 memset(&request, 0, sizeof(request));
507f26f6
TB		 1774 hdr = (struct nlmsghdr*)request;
1775 hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK;
7daf5226 1776 hdr->nlmsg_type = nlmsg_type;
507f26f6
TB		 1777 if (nlmsg_type == RTM_NEWRULE)
1778 {
1779 hdr->nlmsg_flags |= NLM_F_CREATE | NLM_F_EXCL;
1780 }
1781 hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct rtmsg));
1782
1783 msg = (struct rtmsg*)NLMSG_DATA(hdr);
1784 msg->rtm_table = table;
5be75c2c 1785 msg->rtm_family = family;
507f26f6
TB		 1786 msg->rtm_protocol = RTPROT_BOOT;
1787 msg->rtm_scope = RT_SCOPE_UNIVERSE;
1788 msg->rtm_type = RTN_UNICAST;
1789
1790 chunk = chunk_from_thing(prio);
1791 netlink_add_attribute(hdr, RTA_PRIORITY, chunk, sizeof(request));
1792
1793 return this->socket->send_ack(this->socket, hdr);
1794}
1795
7beb31aa
TB		 1796/**
1797 * check for kernel features (currently only via version number)
1798 */
1799static void check_kernel_features(private_kernel_netlink_net_t *this)
1800{
1801 struct utsname utsname;
1802 int a, b, c;
1803
1804 if (uname(&utsname) == 0)
1805 {
1806 switch(sscanf(utsname.release, "%d.%d.%d", &a, &b, &c))
1807 {
1808 case 3:
1809 if (a == 2)
1810 {
1811 DBG2(DBG_KNL, "detected Linux %d.%d.%d, no support for "
1812 "RTA_PREFSRC for IPv6 routes", a, b, c);
1813 break;
1814 }
1815 /* fall-through */
1816 case 2:
1817 /* only 3.x+ uses two part version numbers */
1818 this->rta_prefsrc_for_ipv6 = TRUE;
1819 break;
1820 default:
1821 break;
1822 }
1823 }
1824}
1825
887abfb1
MW		 1826METHOD(kernel_net_t, destroy, void,
1827 private_kernel_netlink_net_t *this)
507f26f6 1828{
74ba22c9
TB		 1829 enumerator_t *enumerator;
1830 route_entry_t *route;
1831
507f26f6
TB		 1832 if (this->routing_table)
1833 {
5be75c2c
MW		 1834 manage_rule(this, RTM_DELRULE, AF_INET, this->routing_table,
1835 this->routing_table_prio);
1836 manage_rule(this, RTM_DELRULE, AF_INET6, this->routing_table,
507f26f6
TB		 1837 this->routing_table_prio);
1838 }
d6a27ec6
MW		 1839 if (this->socket_events > 0)
1840 {
1841 close(this->socket_events);
1842 }
74ba22c9
TB		 1843 enumerator = this->routes->create_enumerator(this->routes);
1844 while (enumerator->enumerate(enumerator, NULL, (void**)&route))
1845 {
1846 manage_srcroute(this, RTM_DELROUTE, 0, route->dst_net, route->prefixlen,
1847 route->gateway, route->src_ip, route->if_name);
1848 route_entry_destroy(route);
1849 }
1850 enumerator->destroy(enumerator);
1851 this->routes->destroy(this->routes);
9e19cb91 1852 DESTROY_IF(this->socket);
74ba22c9 1853
f834249c
TB		 1854 net_changes_clear(this);
1855 this->net_changes->destroy(this->net_changes);
1856 this->net_changes_lock->destroy(this->net_changes_lock);
1857
507f26f6 1858 this->ifaces->destroy_function(this->ifaces, (void*)iface_entry_destroy);
d266e895 1859 this->rt_exclude->destroy(this->rt_exclude);
3ac5a0db
MW		 1860 this->condvar->destroy(this->condvar);
1861 this->mutex->destroy(this->mutex);
507f26f6
TB		 1862 free(this);
1863}
1864
1865/*
1866 * Described in header.
1867 */
1868kernel_netlink_net_t *kernel_netlink_net_create()
1869{
887abfb1 1870 private_kernel_netlink_net_t *this;
d266e895 1871 enumerator_t *enumerator;
05ca5655 1872 bool register_for_events = TRUE;
d266e895 1873 char *exclude;
7daf5226 1874
887abfb1
MW		 1875 INIT(this,
1876 .public = {
1877 .interface = {
1878 .get_interface = _get_interface_name,
1879 .create_address_enumerator = _create_address_enumerator,
1880 .get_source_addr = _get_source_addr,
1881 .get_nexthop = _get_nexthop,
1882 .add_ip = _add_ip,
1883 .del_ip = _del_ip,
1884 .add_route = _add_route,
1885 .del_route = _del_route,
1886 .destroy = _destroy,
1887 },
1888 },
1889 .socket = netlink_socket_create(NETLINK_ROUTE),
1890 .rt_exclude = linked_list_create(),
74ba22c9
TB		 1891 .routes = hashtable_create((hashtable_hash_t)route_entry_hash,
1892 (hashtable_equals_t)route_entry_equals, 16),
f834249c
TB		 1893 .net_changes = hashtable_create(
1894 (hashtable_hash_t)net_change_hash,
1895 (hashtable_equals_t)net_change_equals, 16),
1896 .net_changes_lock = mutex_create(MUTEX_TYPE_DEFAULT),
887abfb1
MW		 1897 .ifaces = linked_list_create(),
1898 .mutex = mutex_create(MUTEX_TYPE_RECURSIVE),
1899 .condvar = condvar_create(CONDVAR_TYPE_DEFAULT),
1900 .routing_table = lib->settings->get_int(lib->settings,
1901 "%s.routing_table", ROUTING_TABLE, hydra->daemon),
1902 .routing_table_prio = lib->settings->get_int(lib->settings,
1903 "%s.routing_table_prio", ROUTING_TABLE_PRIO, hydra->daemon),
1904 .process_route = lib->settings->get_bool(lib->settings,
1905 "%s.process_route", TRUE, hydra->daemon),
1906 .install_virtual_ip = lib->settings->get_bool(lib->settings,
1907 "%s.install_virtual_ip", TRUE, hydra->daemon),
1908 );
f834249c 1909 timerclear(&this->last_route_reinstall);
507f26f6 1910 timerclear(&this->last_roam);
887abfb1 1911
7beb31aa
TB		 1912 check_kernel_features(this);
1913
05ca5655
TB		 1914 if (streq(hydra->daemon, "starter"))
1915 { /* starter has no threads, so we do not register for kernel events */
1916 register_for_events = FALSE;
1917 }
1918
d266e895 1919 exclude = lib->settings->get_str(lib->settings,
06cdeac2 1920 "%s.ignore_routing_tables", NULL, hydra->daemon);
d266e895
TE		 1921 if (exclude)
1922 {
1923 char *token;
1924 uintptr_t table;
1925
1926 enumerator = enumerator_create_token(exclude, " ", " ");
1927 while (enumerator->enumerate(enumerator, &token))
1928 {
1929 errno = 0;
1930 table = strtoul(token, NULL, 10);
1931
1932 if (errno == 0)
1933 {
1934 this->rt_exclude->insert_last(this->rt_exclude, (void*)table);
1935 }
1936 }
1937 enumerator->destroy(enumerator);
1938 }
1939
05ca5655 1940 if (register_for_events)
507f26f6 1941 {
05ca5655
TB		 1942 struct sockaddr_nl addr;
1943
1944 memset(&addr, 0, sizeof(addr));
1945 addr.nl_family = AF_NETLINK;
7daf5226 1946
05ca5655
TB		 1947 /* create and bind RT socket for events (address/interface/route changes) */
1948 this->socket_events = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
1949 if (this->socket_events < 0)
1950 {
1951 DBG1(DBG_KNL, "unable to create RT event socket");
1952 destroy(this);
1953 return NULL;
1954 }
1955 addr.nl_groups = RTMGRP_IPV4_IFADDR | RTMGRP_IPV6_IFADDR |
1956 RTMGRP_IPV4_ROUTE | RTMGRP_IPV6_ROUTE | RTMGRP_LINK;
1957 if (bind(this->socket_events, (struct sockaddr*)&addr, sizeof(addr)))
1958 {
1959 DBG1(DBG_KNL, "unable to bind RT event socket");
1960 destroy(this);
1961 return NULL;
1962 }
1963
26d77eb3
TB		 1964 lib->processor->queue_job(lib->processor,
1965 (job_t*)callback_job_create_with_prio(
1966 (callback_job_cb_t)receive_events, this, NULL,
1967 (callback_job_cancel_t)return_false, JOB_PRIO_CRITICAL));
05ca5655 1968 }
7daf5226 1969
507f26f6
TB		 1970 if (init_address_list(this) != SUCCESS)
1971 {
d6a27ec6
MW		 1972 DBG1(DBG_KNL, "unable to get interface list");
1973 destroy(this);
1974 return NULL;
507f26f6 1975 }
7daf5226 1976
507f26f6
TB		 1977 if (this->routing_table)
1978 {
5be75c2c
MW		 1979 if (manage_rule(this, RTM_NEWRULE, AF_INET, this->routing_table,
1980 this->routing_table_prio) != SUCCESS)
1981 {
1982 DBG1(DBG_KNL, "unable to create IPv4 routing table rule");
1983 }
1984 if (manage_rule(this, RTM_NEWRULE, AF_INET6, this->routing_table,
507f26f6
TB		 1985 this->routing_table_prio) != SUCCESS)
1986 {
5be75c2c 1987 DBG1(DBG_KNL, "unable to create IPv6 routing table rule");
507f26f6
TB		 1988 }
1989 }
7daf5226 1990
507f26f6
TB		 1991 return &this->public;
1992}
Unnamed repository; edit this file 'description' to name the repository.