]> git.ipfire.org Git - thirdparty/strongswan.git/blame - src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c
projects / thirdparty / strongswan.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
kernel-pfroute: Implement roam event handling like in the kernel-netlink plugin
[thirdparty/strongswan.git] / src / libhydra / plugins / kernel_pfroute / kernel_pfroute_net.c
CommitLineData
d24a74c5 1/*
0745f846 2 * Copyright (C) 2009-2013 Tobias Brunner
d24a74c5
TB		 3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
d24a74c5
TB		 14 */
15
16#include <sys/types.h>
17#include <sys/socket.h>
18#include <net/if.h>
272bcac8 19#include <net/if_dl.h>
d24a74c5
TB		 20#include <ifaddrs.h>
21#include <net/route.h>
22#include <unistd.h>
d24a74c5
TB		 23#include <errno.h>
24
25#include "kernel_pfroute_net.h"
26
c5f7146b 27#include <hydra.h>
f05b4272 28#include <utils/debug.h>
2e7cc07e 29#include <networking/host.h>
2a2d7a4d 30#include <networking/tun_device.h>
4a5a5dd2 31#include <threading/thread.h>
eba64cef 32#include <threading/mutex.h>
3a7f4b5c 33#include <threading/condvar.h>
bdf36dac 34#include <threading/rwlock.h>
55da01f3 35#include <threading/spinlock.h>
12642a68
TB		 36#include <collections/hashtable.h>
37#include <collections/linked_list.h>
d24a74c5 38#include <processing/jobs/callback_job.h>
d24a74c5
TB		 39
40#ifndef HAVE_STRUCT_SOCKADDR_SA_LEN
41#error Cannot compile this plugin on systems where 'struct sockaddr' has no sa_len member.
42#endif
43
aa33d2e6 44/** properly align sockaddrs */
4b3fea3d
TB		 45#ifdef __APPLE__
46/* Apple always uses 4 bytes */
aa33d2e6 47#define SA_ALIGN 4
4b3fea3d
TB		 48#else
49/* while on other platforms like FreeBSD it depends on the architecture */
50#define SA_ALIGN sizeof(long)
51#endif
aa33d2e6
TB		 52#define SA_LEN(len) ((len) > 0 ? (((len)+SA_ALIGN-1) & ~(SA_ALIGN-1)) : SA_ALIGN)
53
ba26508d 54/** delay before firing roam events (ms) */
d24a74c5
TB		 55#define ROAM_DELAY 100
56
0745f846
TB		 57/** delay before reinstalling routes (ms) */
58#define ROUTE_DELAY 100
59
d24a74c5
TB		 60typedef struct addr_entry_t addr_entry_t;
61
62/**
63 * IP address in an inface_entry_t
64 */
65struct addr_entry_t {
7daf5226 66
d24a74c5
TB		 67 /** The ip address */
68 host_t *ip;
7daf5226 69
d24a74c5
TB		 70 /** virtual IP managed by us */
71 bool virtual;
d24a74c5
TB		 72};
73
74/**
75 * destroy a addr_entry_t object
76 */
77static void addr_entry_destroy(addr_entry_t *this)
78{
79 this->ip->destroy(this->ip);
80 free(this);
81}
82
83typedef struct iface_entry_t iface_entry_t;
84
85/**
86 * A network interface on this system, containing addr_entry_t's
87 */
88struct iface_entry_t {
7daf5226 89
d24a74c5
TB		 90 /** interface index */
91 int ifindex;
7daf5226 92
d24a74c5
TB		 93 /** name of the interface */
94 char ifname[IFNAMSIZ];
7daf5226 95
d24a74c5
TB		 96 /** interface flags, as in netdevice(7) SIOCGIFFLAGS */
97 u_int flags;
7daf5226 98
d24a74c5
TB		 99 /** list of addresses as host_t */
100 linked_list_t *addrs;
940e1b0f
TB		 101
102 /** TRUE if usable by config */
103 bool usable;
d24a74c5
TB		 104};
105
106/**
107 * destroy an interface entry
108 */
109static void iface_entry_destroy(iface_entry_t *this)
110{
111 this->addrs->destroy_function(this->addrs, (void*)addr_entry_destroy);
112 free(this);
113}
114
1f97e1aa
TB		 115/**
116 * check if an interface is up
117 */
118static inline bool iface_entry_up(iface_entry_t *iface)
119{
120 return (iface->flags & IFF_UP) == IFF_UP;
121}
122
940e1b0f
TB		 123/**
124 * check if an interface is up and usable
125 */
126static inline bool iface_entry_up_and_usable(iface_entry_t *iface)
127{
1f97e1aa
TB		 128 return iface->usable && iface_entry_up(iface);
129}
130
131typedef struct addr_map_entry_t addr_map_entry_t;
132
133/**
134 * Entry that maps an IP address to an interface entry
135 */
136struct addr_map_entry_t {
137 /** The IP address */
138 host_t *ip;
139
e9c1ca02
TB		 140 /** The address entry for this IP address */
141 addr_entry_t *addr;
142
1f97e1aa
TB		 143 /** The interface this address is installed on */
144 iface_entry_t *iface;
145};
146
147/**
148 * Hash a addr_map_entry_t object, all entries with the same IP address
149 * are stored in the same bucket
150 */
151static u_int addr_map_entry_hash(addr_map_entry_t *this)
152{
153 return chunk_hash(this->ip->get_address(this->ip));
154}
155
156/**
157 * Compare two addr_map_entry_t objects, two entries are equal if they are
158 * installed on the same interface
159 */
160static bool addr_map_entry_equals(addr_map_entry_t *a, addr_map_entry_t *b)
161{
162 return a->iface->ifindex == b->iface->ifindex &&
163 a->ip->ip_equals(a->ip, b->ip);
940e1b0f
TB		 164}
165
1f97e1aa
TB		 166/**
167 * Used with get_match this finds an address entry if it is installed on
168 * an up and usable interface
169 */
170static bool addr_map_entry_match_up_and_usable(addr_map_entry_t *a,
171 addr_map_entry_t *b)
172{
e9c1ca02
TB		 173 return !b->addr->virtual && iface_entry_up_and_usable(b->iface) &&
174 a->ip->ip_equals(a->ip, b->ip);
1f97e1aa
TB		 175}
176
5310f485
TB		 177/**
178 * Used with get_match this finds an address entry if it is installed as virtual
179 * IP address
180 */
181static bool addr_map_entry_match_virtual(addr_map_entry_t *a, addr_map_entry_t *b)
182{
183 return b->addr->virtual && a->ip->ip_equals(a->ip, b->ip);
184}
185
1f97e1aa
TB		 186/**
187 * Used with get_match this finds an address entry if it is installed on
188 * any active local interface
189 */
190static bool addr_map_entry_match_up(addr_map_entry_t *a, addr_map_entry_t *b)
191{
e9c1ca02
TB		 192 return !b->addr->virtual && iface_entry_up(b->iface) &&
193 a->ip->ip_equals(a->ip, b->ip);
1f97e1aa 194}
d24a74c5 195
0745f846
TB		 196typedef struct route_entry_t route_entry_t;
197
198/**
199 * Installed routing entry
200 */
201struct route_entry_t {
202 /** Name of the interface the route is bound to */
203 char *if_name;
204
205 /** Gateway for this route */
206 host_t *gateway;
207
208 /** Destination net */
209 chunk_t dst_net;
210
211 /** Destination net prefixlen */
212 u_int8_t prefixlen;
213};
214
215/**
216 * Clone a route_entry_t object.
217 */
218static route_entry_t *route_entry_clone(route_entry_t *this)
219{
220 route_entry_t *route;
221
222 INIT(route,
223 .if_name = strdup(this->if_name),
224 .gateway = this->gateway ? this->gateway->clone(this->gateway) : NULL,
225 .dst_net = chunk_clone(this->dst_net),
226 .prefixlen = this->prefixlen,
227 );
228 return route;
229}
230
231/**
232 * Destroy a route_entry_t object
233 */
234static void route_entry_destroy(route_entry_t *this)
235{
236 free(this->if_name);
237 DESTROY_IF(this->gateway);
238 chunk_free(&this->dst_net);
239 free(this);
240}
241
242/**
243 * Hash a route_entry_t object
244 */
245static u_int route_entry_hash(route_entry_t *this)
246{
247 return chunk_hash_inc(chunk_from_thing(this->prefixlen),
248 chunk_hash(this->dst_net));
249}
250
251/**
252 * Compare two route_entry_t objects
253 */
254static bool route_entry_equals(route_entry_t *a, route_entry_t *b)
255{
256 if (a->if_name && b->if_name && streq(a->if_name, b->if_name) &&
257 chunk_equals(a->dst_net, b->dst_net) && a->prefixlen == b->prefixlen)
258 {
259 return (!a->gateway && !b->gateway) || (a->gateway && b->gateway &&
260 a->gateway->ip_equals(a->gateway, b->gateway));
261 }
262 return FALSE;
263}
264
265typedef struct net_change_t net_change_t;
266
267/**
268 * Queued network changes
269 */
270struct net_change_t {
271 /** Name of the interface that got activated (or an IP appeared on) */
272 char *if_name;
273};
274
275/**
276 * Destroy a net_change_t object
277 */
278static void net_change_destroy(net_change_t *this)
279{
280 free(this->if_name);
281 free(this);
282}
283
284/**
285 * Hash a net_change_t object
286 */
287static u_int net_change_hash(net_change_t *this)
288{
289 return chunk_hash(chunk_create(this->if_name, strlen(this->if_name)));
290}
291
292/**
293 * Compare two net_change_t objects
294 */
295static bool net_change_equals(net_change_t *a, net_change_t *b)
296{
297 return streq(a->if_name, b->if_name);
298}
299
d24a74c5
TB		 300typedef struct private_kernel_pfroute_net_t private_kernel_pfroute_net_t;
301
302/**
303 * Private variables and functions of kernel_pfroute class.
304 */
305struct private_kernel_pfroute_net_t
306{
307 /**
308 * Public part of the kernel_pfroute_t object.
309 */
310 kernel_pfroute_net_t public;
7daf5226 311
d24a74c5 312 /**
bdf36dac 313 * lock to access lists and maps
d24a74c5 314 */
bdf36dac 315 rwlock_t *lock;
7daf5226 316
d24a74c5
TB		 317 /**
318 * Cached list of interfaces and their addresses (iface_entry_t)
319 */
320 linked_list_t *ifaces;
7daf5226 321
1f97e1aa
TB		 322 /**
323 * Map for IP addresses to iface_entry_t objects (addr_map_entry_t)
324 */
325 hashtable_t *addrs;
326
2a2d7a4d
MW		 327 /**
328 * List of tun devices we installed for virtual IPs
329 */
330 linked_list_t *tuns;
331
d24a74c5 332 /**
3a7f4b5c 333 * mutex to communicate exclusively with PF_KEY
d24a74c5 334 */
3a7f4b5c
MW		 335 mutex_t *mutex;
336
337 /**
338 * condvar to signal if PF_KEY query got a response
339 */
340 condvar_t *condvar;
341
0745f846
TB		 342 /**
343 * installed routes
344 */
345 hashtable_t *routes;
346
347 /**
348 * mutex for routes
349 */
350 mutex_t *routes_lock;
351
352 /**
353 * interface changes which may trigger route reinstallation
354 */
355 hashtable_t *net_changes;
356
357 /**
358 * mutex for route reinstallation triggers
359 */
360 mutex_t *net_changes_lock;
361
362 /**
363 * time of last route reinstallation
364 */
365 timeval_t last_route_reinstall;
366
3a7f4b5c
MW		 367 /**
368 * pid to send PF_ROUTE messages with
369 */
370 pid_t pid;
7daf5226 371
d24a74c5
TB		 372 /**
373 * PF_ROUTE socket to communicate with the kernel
374 */
375 int socket;
7daf5226 376
d24a74c5
TB		 377 /**
378 * sequence number for messages sent to the kernel
379 */
380 int seq;
7daf5226 381
3a7f4b5c
MW		 382 /**
383 * Sequence number a query is waiting for
384 */
385 int waiting_seq;
386
387 /**
388 * Allocated reply message from kernel
389 */
390 struct rt_msghdr *reply;
391
d24a74c5 392 /**
55da01f3 393 * earliest time of the next roam event
d24a74c5 394 */
55da01f3
TB		 395 timeval_t next_roam;
396
397 /**
398 * roam event due to address change
399 */
400 bool roam_address;
401
402 /**
403 * lock to check and update roam event time
404 */
405 spinlock_t *roam_lock;
baa6419e
TB		 406
407 /**
408 * Time in ms to wait for IP addresses to appear/disappear
409 */
410 int vip_wait;
d24a74c5
TB		 411};
412
0745f846
TB		 413
414/**
415 * Forward declaration
416 */
417static status_t manage_route(private_kernel_pfroute_net_t *this, int op,
418 chunk_t dst_net, u_int8_t prefixlen,
419 host_t *gateway, char *if_name);
420
421/**
422 * Clear the queued network changes.
423 */
424static void net_changes_clear(private_kernel_pfroute_net_t *this)
425{
426 enumerator_t *enumerator;
427 net_change_t *change;
428
429 enumerator = this->net_changes->create_enumerator(this->net_changes);
430 while (enumerator->enumerate(enumerator, NULL, (void**)&change))
431 {
432 this->net_changes->remove_at(this->net_changes, enumerator);
433 net_change_destroy(change);
434 }
435 enumerator->destroy(enumerator);
436}
437
438/**
439 * Act upon queued network changes.
440 */
441static job_requeue_t reinstall_routes(private_kernel_pfroute_net_t *this)
442{
443 enumerator_t *enumerator;
444 route_entry_t *route;
445
446 this->net_changes_lock->lock(this->net_changes_lock);
447 this->routes_lock->lock(this->routes_lock);
448
449 enumerator = this->routes->create_enumerator(this->routes);
450 while (enumerator->enumerate(enumerator, NULL, (void**)&route))
451 {
452 net_change_t *change, lookup = {
453 .if_name = route->if_name,
454 };
455 /* check if a change for the outgoing interface is queued */
456 change = this->net_changes->get(this->net_changes, &lookup);
457 if (change)
458 {
459 manage_route(this, RTM_ADD, route->dst_net, route->prefixlen,
460 route->gateway, route->if_name);
461 }
462 }
463 enumerator->destroy(enumerator);
464 this->routes_lock->unlock(this->routes_lock);
465
466 net_changes_clear(this);
467 this->net_changes_lock->unlock(this->net_changes_lock);
468 return JOB_REQUEUE_NONE;
469}
470
471/**
472 * Queue route reinstallation caused by network changes for a given interface.
473 *
474 * The route reinstallation is delayed for a while and only done once for
475 * several calls during this delay, in order to avoid doing it too often.
476 * The interface name is freed.
477 */
478static void queue_route_reinstall(private_kernel_pfroute_net_t *this,
479 char *if_name)
480{
481 net_change_t *update, *found;
482 timeval_t now;
483 job_t *job;
484
485 INIT(update,
486 .if_name = if_name
487 );
488
489 this->net_changes_lock->lock(this->net_changes_lock);
490 found = this->net_changes->put(this->net_changes, update, update);
491 if (found)
492 {
493 net_change_destroy(found);
494 }
495 time_monotonic(&now);
496 if (timercmp(&now, &this->last_route_reinstall, >))
497 {
498 timeval_add_ms(&now, ROUTE_DELAY);
499 this->last_route_reinstall = now;
500
501 job = (job_t*)callback_job_create((callback_job_cb_t)reinstall_routes,
502 this, NULL, NULL);
503 lib->scheduler->schedule_job_ms(lib->scheduler, job, ROUTE_DELAY);
504 }
505 this->net_changes_lock->unlock(this->net_changes_lock);
506}
507
1f97e1aa
TB		 508/**
509 * Add an address map entry
510 */
bfd2cc1c 511static void addr_map_entry_add(private_kernel_pfroute_net_t *this,
1f97e1aa
TB		 512 addr_entry_t *addr, iface_entry_t *iface)
513{
514 addr_map_entry_t *entry;
515
1f97e1aa
TB		 516 INIT(entry,
517 .ip = addr->ip,
e9c1ca02 518 .addr = addr,
1f97e1aa
TB		 519 .iface = iface,
520 );
521 entry = this->addrs->put(this->addrs, entry, entry);
522 free(entry);
523}
524
525/**
526 * Remove an address map entry (the argument order is a bit strange because
527 * it is also used with linked_list_t.invoke_function)
528 */
529static void addr_map_entry_remove(addr_entry_t *addr, iface_entry_t *iface,
bfd2cc1c 530 private_kernel_pfroute_net_t *this)
1f97e1aa
TB		 531{
532 addr_map_entry_t *entry, lookup = {
533 .ip = addr->ip,
e9c1ca02 534 .addr = addr,
1f97e1aa
TB		 535 .iface = iface,
536 };
537
1f97e1aa
TB		 538 entry = this->addrs->remove(this->addrs, &lookup);
539 free(entry);
540}
541
d24a74c5 542/**
ba26508d 543 * callback function that raises the delayed roam event
d24a74c5 544 */
55da01f3 545static job_requeue_t roam_event(private_kernel_pfroute_net_t *this)
ba26508d 546{
55da01f3
TB		 547 bool address;
548
549 this->roam_lock->lock(this->roam_lock);
550 address = this->roam_address;
551 this->roam_address = FALSE;
552 this->roam_lock->unlock(this->roam_lock);
553 hydra->kernel_interface->roam(hydra->kernel_interface, address);
ba26508d
TB		 554 return JOB_REQUEUE_NONE;
555}
556
557/**
558 * fire a roaming event. we delay it for a bit and fire only one event
559 * for multiple calls. otherwise we would create too many events.
560 */
561static void fire_roam_event(private_kernel_pfroute_net_t *this, bool address)
d24a74c5 562{
de578445 563 timeval_t now;
ba26508d 564 job_t *job;
7daf5226 565
de578445 566 time_monotonic(&now);
55da01f3
TB		 567 this->roam_lock->lock(this->roam_lock);
568 if (!timercmp(&now, &this->next_roam, >))
d24a74c5 569 {
55da01f3
TB		 570 this->roam_lock->unlock(this->roam_lock);
571 return;
d24a74c5 572 }
55da01f3
TB		 573 timeval_add_ms(&now, ROAM_DELAY);
574 this->next_roam = now;
575 this->roam_address |= address;
576 this->roam_lock->unlock(this->roam_lock);
577
578 job = (job_t*)callback_job_create((callback_job_cb_t)roam_event,
579 this, NULL, NULL);
580 lib->scheduler->schedule_job_ms(lib->scheduler, job, ROAM_DELAY);
d24a74c5
TB		 581}
582
b1c6b68e
MW		 583/**
584 * Data for enumerator over rtmsg sockaddrs
585 */
586typedef struct {
587 /** implements enumerator */
588 enumerator_t public;
589 /** copy of attribute bitfield */
590 int types;
591 /** bytes remaining in buffer */
592 int remaining;
593 /** next sockaddr to enumerate */
594 struct sockaddr *addr;
595} rt_enumerator_t;
596
597METHOD(enumerator_t, rt_enumerate, bool,
598 rt_enumerator_t *this, int *xtype, struct sockaddr **addr)
599{
600 int i, type;
601
602 if (this->remaining < sizeof(this->addr->sa_len) ||
603 this->remaining < this->addr->sa_len)
604 {
605 return FALSE;
606 }
607 for (i = 0; i < RTAX_MAX; i++)
608 {
609 type = (1 << i);
610 if (this->types & type)
611 {
612 this->types &= ~type;
613 *addr = this->addr;
614 *xtype = i;
aa33d2e6 615 this->remaining -= SA_LEN(this->addr->sa_len);
4b3fea3d
TB		 616 this->addr = (struct sockaddr*)((char*)this->addr +
617 SA_LEN(this->addr->sa_len));
b1c6b68e
MW		 618 return TRUE;
619 }
620 }
621 return FALSE;
622}
623
624/**
b308a979 625 * Create an enumerator over sockaddrs in rt/if messages
b1c6b68e 626 */
b308a979
TB		 627static enumerator_t *create_rt_enumerator(int types, int remaining,
628 struct sockaddr *addr)
b1c6b68e 629{
b1c6b68e
MW		 630 rt_enumerator_t *this;
631
632 INIT(this,
633 .public = {
634 .enumerate = (void*)_rt_enumerate,
635 .destroy = (void*)free,
636 },
b308a979
TB		 637 .types = types,
638 .remaining = remaining,
639 .addr = addr,
b1c6b68e
MW		 640 );
641 return &this->public;
642}
643
b308a979
TB		 644/**
645 * Create a safe enumerator over sockaddrs in rt_msghdr
646 */
647static enumerator_t *create_rtmsg_enumerator(struct rt_msghdr *hdr)
648{
649 return create_rt_enumerator(hdr->rtm_addrs, hdr->rtm_msglen - sizeof(*hdr),
650 (struct sockaddr *)(hdr + 1));
651}
652
653/**
654 * Create a safe enumerator over sockaddrs in ifa_msghdr
655 */
656static enumerator_t *create_ifamsg_enumerator(struct ifa_msghdr *hdr)
657{
658 return create_rt_enumerator(hdr->ifam_addrs, hdr->ifam_msglen - sizeof(*hdr),
659 (struct sockaddr *)(hdr + 1));
660}
661
d24a74c5
TB		 662/**
663 * Process an RTM_*ADDR message from the kernel
664 */
665static void process_addr(private_kernel_pfroute_net_t *this,
b1c6b68e 666 struct ifa_msghdr *ifa)
d24a74c5 667{
b1c6b68e 668 struct sockaddr *sockaddr;
d24a74c5
TB		 669 host_t *host = NULL;
670 enumerator_t *ifaces, *addrs;
671 iface_entry_t *iface;
672 addr_entry_t *addr;
673 bool found = FALSE, changed = FALSE, roam = FALSE;
b1c6b68e 674 enumerator_t *enumerator;
0745f846 675 char *ifname = NULL;
b1c6b68e 676 int type;
7daf5226 677
b308a979 678 enumerator = create_ifamsg_enumerator(ifa);
b1c6b68e 679 while (enumerator->enumerate(enumerator, &type, &sockaddr))
d24a74c5 680 {
b1c6b68e 681 if (type == RTAX_IFA)
d24a74c5 682 {
b1c6b68e
MW		 683 host = host_create_from_sockaddr(sockaddr);
684 break;
d24a74c5
TB		 685 }
686 }
b1c6b68e 687 enumerator->destroy(enumerator);
7daf5226 688
fae4d67a 689 if (!host || host->is_anyaddr(host))
d24a74c5 690 {
fae4d67a 691 DESTROY_IF(host);
d24a74c5
TB		 692 return;
693 }
7daf5226 694
bdf36dac 695 this->lock->write_lock(this->lock);
d24a74c5
TB		 696 ifaces = this->ifaces->create_enumerator(this->ifaces);
697 while (ifaces->enumerate(ifaces, &iface))
698 {
699 if (iface->ifindex == ifa->ifam_index)
700 {
701 addrs = iface->addrs->create_enumerator(iface->addrs);
702 while (addrs->enumerate(addrs, &addr))
703 {
704 if (host->ip_equals(host, addr->ip))
705 {
706 found = TRUE;
707 if (ifa->ifam_type == RTM_DELADDR)
708 {
709 iface->addrs->remove_at(iface->addrs, addrs);
940e1b0f 710 if (!addr->virtual && iface->usable)
d24a74c5
TB		 711 {
712 changed = TRUE;
713 DBG1(DBG_KNL, "%H disappeared from %s",
714 host, iface->ifname);
715 }
1f97e1aa 716 addr_map_entry_remove(addr, iface, this);
d24a74c5
TB		 717 addr_entry_destroy(addr);
718 }
d24a74c5
TB		 719 }
720 }
721 addrs->destroy(addrs);
7daf5226 722
d24a74c5
TB		 723 if (!found && ifa->ifam_type == RTM_NEWADDR)
724 {
9650bf3c
MW		 725 INIT(addr,
726 .ip = host->clone(host),
9650bf3c 727 );
d24a74c5 728 changed = TRUE;
0745f846 729 ifname = strdup(iface->ifname);
d24a74c5 730 iface->addrs->insert_last(iface->addrs, addr);
1f97e1aa 731 addr_map_entry_add(this, addr, iface);
940e1b0f
TB		 732 if (iface->usable)
733 {
734 DBG1(DBG_KNL, "%H appeared on %s", host, iface->ifname);
735 }
d24a74c5 736 }
7daf5226 737
940e1b0f 738 if (changed && iface_entry_up_and_usable(iface))
d24a74c5
TB		 739 {
740 roam = TRUE;
741 }
742 break;
743 }
744 }
745 ifaces->destroy(ifaces);
bdf36dac 746 this->lock->unlock(this->lock);
d24a74c5 747 host->destroy(host);
7daf5226 748
0745f846
TB		 749 if (roam && ifname)
750 {
751 queue_route_reinstall(this, ifname);
752 }
753 else
754 {
755 free(ifname);
756 }
757
d24a74c5
TB		 758 if (roam)
759 {
ba26508d 760 fire_roam_event(this, TRUE);
d24a74c5
TB		 761 }
762}
763
6e879a59
MW		 764/**
765 * Re-initialize address list of an interface if it changes state
766 */
767static void repopulate_iface(private_kernel_pfroute_net_t *this,
768 iface_entry_t *iface)
769{
770 struct ifaddrs *ifap, *ifa;
771 addr_entry_t *addr;
772
773 while (iface->addrs->remove_last(iface->addrs, (void**)&addr) == SUCCESS)
774 {
775 addr_map_entry_remove(addr, iface, this);
776 addr_entry_destroy(addr);
777 }
778
779 if (getifaddrs(&ifap) == 0)
780 {
781 for (ifa = ifap; ifa != NULL; ifa = ifa->ifa_next)
782 {
783 if (ifa->ifa_addr && streq(ifa->ifa_name, iface->ifname))
784 {
785 switch (ifa->ifa_addr->sa_family)
786 {
787 case AF_INET:
788 case AF_INET6:
789 INIT(addr,
790 .ip = host_create_from_sockaddr(ifa->ifa_addr),
6e879a59
MW		 791 );
792 iface->addrs->insert_last(iface->addrs, addr);
793 addr_map_entry_add(this, addr, iface);
794 break;
795 default:
796 break;
797 }
798 }
799 }
800 freeifaddrs(ifap);
801 }
802}
803
d24a74c5
TB		 804/**
805 * Process an RTM_IFINFO message from the kernel
806 */
807static void process_link(private_kernel_pfroute_net_t *this,
b1c6b68e 808 struct if_msghdr *msg)
d24a74c5 809{
d24a74c5
TB		 810 enumerator_t *enumerator;
811 iface_entry_t *iface;
0745f846 812 bool roam = FALSE, found = FALSE, update_routes = FALSE;
7daf5226 813
bdf36dac 814 this->lock->write_lock(this->lock);
d24a74c5
TB		 815 enumerator = this->ifaces->create_enumerator(this->ifaces);
816 while (enumerator->enumerate(enumerator, &iface))
817 {
818 if (iface->ifindex == msg->ifm_index)
819 {
940e1b0f 820 if (iface->usable)
d24a74c5 821 {
940e1b0f
TB		 822 if (!(iface->flags & IFF_UP) && (msg->ifm_flags & IFF_UP))
823 {
0745f846 824 roam = update_routes = TRUE;
940e1b0f
TB		 825 DBG1(DBG_KNL, "interface %s activated", iface->ifname);
826 }
827 else if ((iface->flags & IFF_UP) && !(msg->ifm_flags & IFF_UP))
828 {
829 roam = TRUE;
830 DBG1(DBG_KNL, "interface %s deactivated", iface->ifname);
831 }
d24a74c5
TB		 832 }
833 iface->flags = msg->ifm_flags;
6e879a59 834 repopulate_iface(this, iface);
0fd409db 835 found = TRUE;
d24a74c5
TB		 836 break;
837 }
838 }
839 enumerator->destroy(enumerator);
0fd409db
MW		 840
841 if (!found)
842 {
843 INIT(iface,
844 .ifindex = msg->ifm_index,
845 .flags = msg->ifm_flags,
846 .addrs = linked_list_create(),
847 );
848 if (if_indextoname(iface->ifindex, iface->ifname))
849 {
850 DBG1(DBG_KNL, "interface %s appeared", iface->ifname);
851 iface->usable = hydra->kernel_interface->is_interface_usable(
852 hydra->kernel_interface, iface->ifname);
6e879a59 853 repopulate_iface(this, iface);
0fd409db 854 this->ifaces->insert_last(this->ifaces, iface);
7b9c3fb4
TB		 855 if (iface->usable)
856 {
0745f846 857 roam = update_routes = TRUE;
7b9c3fb4 858 }
0fd409db
MW		 859 }
860 else
861 {
862 free(iface);
863 }
864 }
bdf36dac 865 this->lock->unlock(this->lock);
7daf5226 866
0745f846
TB		 867 if (update_routes)
868 {
869 queue_route_reinstall(this, strdup(iface->ifname));
870 }
871
d24a74c5
TB		 872 if (roam)
873 {
ba26508d 874 fire_roam_event(this, TRUE);
d24a74c5
TB		 875 }
876}
877
878/**
879 * Process an RTM_*ROUTE message from the kernel
880 */
881static void process_route(private_kernel_pfroute_net_t *this,
882 struct rt_msghdr *msg)
883{
884
885}
886
887/**
b1c6b68e 888 * Receives PF_ROUTE messages from kernel
d24a74c5 889 */
46666dd3
MW		 890static bool receive_events(private_kernel_pfroute_net_t *this, int fd,
891 watcher_event_t event)
d24a74c5 892{
b1c6b68e
MW		 893 struct {
894 union {
895 struct rt_msghdr rtm;
896 struct if_msghdr ifm;
897 struct ifa_msghdr ifam;
898 };
899 char buf[sizeof(struct sockaddr_storage) * RTAX_MAX];
900 } msg;
901 int len, hdrlen;
7daf5226 902
46666dd3 903 len = recv(this->socket, &msg, sizeof(msg), MSG_DONTWAIT);
d24a74c5
TB		 904 if (len < 0)
905 {
906 switch (errno)
907 {
908 case EINTR:
d24a74c5 909 case EAGAIN:
46666dd3 910 return TRUE;
d24a74c5
TB		 911 default:
912 DBG1(DBG_KNL, "unable to receive from PF_ROUTE event socket");
913 sleep(1);
46666dd3 914 return TRUE;
d24a74c5
TB		 915 }
916 }
7daf5226 917
b1c6b68e 918 if (len < offsetof(struct rt_msghdr, rtm_flags) || len < msg.rtm.rtm_msglen)
d24a74c5 919 {
b1c6b68e 920 DBG1(DBG_KNL, "received invalid PF_ROUTE message");
46666dd3 921 return TRUE;
d24a74c5 922 }
b1c6b68e
MW		 923 if (msg.rtm.rtm_version != RTM_VERSION)
924 {
925 DBG1(DBG_KNL, "received PF_ROUTE message with unsupported version: %d",
926 msg.rtm.rtm_version);
46666dd3 927 return TRUE;
b1c6b68e
MW		 928 }
929 switch (msg.rtm.rtm_type)
d24a74c5
TB		 930 {
931 case RTM_NEWADDR:
932 case RTM_DELADDR:
b1c6b68e 933 hdrlen = sizeof(msg.ifam);
d24a74c5
TB		 934 break;
935 case RTM_IFINFO:
b1c6b68e 936 hdrlen = sizeof(msg.ifm);
d24a74c5
TB		 937 break;
938 case RTM_ADD:
939 case RTM_DELETE:
b1c6b68e
MW		 940 case RTM_GET:
941 hdrlen = sizeof(msg.rtm);
942 break;
943 default:
46666dd3 944 return TRUE;
b1c6b68e
MW		 945 }
946 if (msg.rtm.rtm_msglen < hdrlen)
947 {
948 DBG1(DBG_KNL, "ignoring short PF_ROUTE message");
46666dd3 949 return TRUE;
b1c6b68e
MW		 950 }
951 switch (msg.rtm.rtm_type)
952 {
953 case RTM_NEWADDR:
954 case RTM_DELADDR:
955 process_addr(this, &msg.ifam);
956 break;
957 case RTM_IFINFO:
958 process_link(this, &msg.ifm);
959 break;
960 case RTM_ADD:
961 case RTM_DELETE:
962 process_route(this, &msg.rtm);
963 break;
d24a74c5
TB		 964 default:
965 break;
966 }
3a7f4b5c
MW		 967
968 this->mutex->lock(this->mutex);
969 if (msg.rtm.rtm_pid == this->pid && msg.rtm.rtm_seq == this->waiting_seq)
970 {
971 /* seems like the message someone is waiting for, deliver */
972 this->reply = realloc(this->reply, msg.rtm.rtm_msglen);
973 memcpy(this->reply, &msg, msg.rtm.rtm_msglen);
3a7f4b5c 974 }
2a2d7a4d 975 /* signal on any event, add_ip()/del_ip() might wait for it */
c9a323c1 976 this->condvar->broadcast(this->condvar);
3a7f4b5c
MW		 977 this->mutex->unlock(this->mutex);
978
46666dd3 979 return TRUE;
d24a74c5
TB		 980}
981
982
983/** enumerator over addresses */
984typedef struct {
985 private_kernel_pfroute_net_t* this;
4106aea8 986 /** which addresses to enumerate */
bfd2cc1c 987 kernel_address_type_t which;
d24a74c5
TB		 988} address_enumerator_t;
989
990/**
991 * cleanup function for address enumerator
992 */
993static void address_enumerator_destroy(address_enumerator_t *data)
994{
bdf36dac 995 data->this->lock->unlock(data->this->lock);
d24a74c5
TB		 996 free(data);
997}
998
999/**
1000 * filter for addresses
1001 */
e131f117
MW		 1002static bool filter_addresses(address_enumerator_t *data,
1003 addr_entry_t** in, host_t** out)
d24a74c5
TB		 1004{
1005 host_t *ip;
4106aea8 1006 if (!(data->which & ADDR_TYPE_VIRTUAL) && (*in)->virtual)
d24a74c5 1007 { /* skip virtual interfaces added by us */
1a2a8bff
MW		 1008 return FALSE;
1009 }
1010 if (!(data->which & ADDR_TYPE_REGULAR) && !(*in)->virtual)
1011 { /* address is regular, but not requested */
d24a74c5
TB		 1012 return FALSE;
1013 }
1014 ip = (*in)->ip;
1015 if (ip->get_family(ip) == AF_INET6)
1016 {
1017 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)ip->get_sockaddr(ip);
1018 if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr))
1019 { /* skip addresses with a unusable scope */
1020 return FALSE;
1021 }
1022 }
1023 *out = ip;
1024 return TRUE;
1025}
1026
1027/**
1028 * enumerator constructor for interfaces
1029 */
e131f117
MW		 1030static enumerator_t *create_iface_enumerator(iface_entry_t *iface,
1031 address_enumerator_t *data)
d24a74c5
TB		 1032{
1033 return enumerator_create_filter(iface->addrs->create_enumerator(iface->addrs),
1034 (void*)filter_addresses, data, NULL);
1035}
1036
1037/**
1038 * filter for interfaces
1039 */
e131f117
MW		 1040static bool filter_interfaces(address_enumerator_t *data, iface_entry_t** in,
1041 iface_entry_t** out)
d24a74c5 1042{
4106aea8 1043 if (!(data->which & ADDR_TYPE_IGNORED) && !(*in)->usable)
940e1b0f
TB		 1044 { /* skip interfaces excluded by config */
1045 return FALSE;
1046 }
4106aea8 1047 if (!(data->which & ADDR_TYPE_LOOPBACK) && ((*in)->flags & IFF_LOOPBACK))
aed33805
TB		 1048 { /* ignore loopback devices */
1049 return FALSE;
1050 }
4106aea8
TB		 1051 if (!(data->which & ADDR_TYPE_DOWN) && !((*in)->flags & IFF_UP))
1052 { /* skip interfaces not up */
d24a74c5
TB		 1053 return FALSE;
1054 }
1055 *out = *in;
1056 return TRUE;
1057}
1058
e131f117 1059METHOD(kernel_net_t, create_address_enumerator, enumerator_t*,
bfd2cc1c 1060 private_kernel_pfroute_net_t *this, kernel_address_type_t which)
d24a74c5 1061{
9650bf3c
MW		 1062 address_enumerator_t *data;
1063
1064 INIT(data,
1065 .this = this,
1066 .which = which,
1067 );
d24a74c5 1068
bdf36dac 1069 this->lock->read_lock(this->lock);
d24a74c5 1070 return enumerator_create_nested(
e131f117
MW		 1071 enumerator_create_filter(
1072 this->ifaces->create_enumerator(this->ifaces),
1073 (void*)filter_interfaces, data, NULL),
1074 (void*)create_iface_enumerator, data,
1075 (void*)address_enumerator_destroy);
d24a74c5
TB		 1076}
1077
580b768d
MW		 1078METHOD(kernel_net_t, get_features, kernel_feature_t,
1079 private_kernel_pfroute_net_t *this)
1080{
1081 return KERNEL_REQUIRE_EXCLUDE_ROUTE;
1082}
1083
9ba36c0f
TB		 1084METHOD(kernel_net_t, get_interface_name, bool,
1085 private_kernel_pfroute_net_t *this, host_t* ip, char **name)
d24a74c5 1086{
1f97e1aa
TB		 1087 addr_map_entry_t *entry, lookup = {
1088 .ip = ip,
1089 };
d24a74c5 1090
645d7a5e
TB		 1091 if (ip->is_anyaddr(ip))
1092 {
1093 return FALSE;
1094 }
bdf36dac 1095 this->lock->read_lock(this->lock);
1f97e1aa
TB		 1096 /* first try to find it on an up and usable interface */
1097 entry = this->addrs->get_match(this->addrs, &lookup,
1098 (void*)addr_map_entry_match_up_and_usable);
1099 if (entry)
d24a74c5 1100 {
1f97e1aa 1101 if (name)
940e1b0f 1102 {
1f97e1aa 1103 *name = strdup(entry->iface->ifname);
940e1b0f
TB		 1104 DBG2(DBG_KNL, "%H is on interface %s", ip, *name);
1105 }
bdf36dac 1106 this->lock->unlock(this->lock);
1f97e1aa 1107 return TRUE;
d24a74c5 1108 }
5310f485
TB		 1109 /* check if it is a virtual IP */
1110 entry = this->addrs->get_match(this->addrs, &lookup,
1111 (void*)addr_map_entry_match_virtual);
1112 if (entry)
1113 {
1114 if (name)
1115 {
1116 *name = strdup(entry->iface->ifname);
1117 DBG2(DBG_KNL, "virtual IP %H is on interface %s", ip, *name);
1118 }
1119 this->lock->unlock(this->lock);
1120 return TRUE;
1121 }
1f97e1aa
TB		 1122 /* maybe it is installed on an ignored interface */
1123 entry = this->addrs->get_match(this->addrs, &lookup,
1124 (void*)addr_map_entry_match_up);
1125 if (!entry)
1126 { /* the address does not exist, is on a down interface */
1127 DBG2(DBG_KNL, "%H is not a local address or the interface is down", ip);
1128 }
bdf36dac 1129 this->lock->unlock(this->lock);
1f97e1aa 1130 return FALSE;
d24a74c5
TB		 1131}
1132
e131f117 1133METHOD(kernel_net_t, add_ip, status_t,
2a2d7a4d 1134 private_kernel_pfroute_net_t *this, host_t *vip, int prefix,
77b6f196 1135 char *ifname)
d24a74c5 1136{
77b6f196
MW		 1137 enumerator_t *ifaces, *addrs;
1138 iface_entry_t *iface;
1139 addr_entry_t *addr;
2a2d7a4d
MW		 1140 tun_device_t *tun;
1141 bool timeout = FALSE;
1142
1143 tun = tun_device_create(NULL);
1144 if (!tun)
1145 {
1146 return FAILED;
1147 }
1148 if (prefix == -1)
1149 {
1150 prefix = vip->get_address(vip).len * 8;
1151 }
93e4df37 1152 if (!tun->up(tun) || !tun->set_address(tun, vip, prefix))
2a2d7a4d
MW		 1153 {
1154 tun->destroy(tun);
1155 return FAILED;
1156 }
1157
1158 /* wait until address appears */
1159 this->mutex->lock(this->mutex);
1160 while (!timeout && !get_interface_name(this, vip, NULL))
1161 {
baa6419e
TB		 1162 timeout = this->condvar->timed_wait(this->condvar, this->mutex,
1163 this->vip_wait);
2a2d7a4d
MW		 1164 }
1165 this->mutex->unlock(this->mutex);
1166 if (timeout)
1167 {
1168 DBG1(DBG_KNL, "virtual IP %H did not appear on %s",
1169 vip, tun->get_name(tun));
1170 tun->destroy(tun);
1171 return FAILED;
1172 }
1173
1174 this->lock->write_lock(this->lock);
1175 this->tuns->insert_last(this->tuns, tun);
77b6f196
MW		 1176
1177 ifaces = this->ifaces->create_enumerator(this->ifaces);
1178 while (ifaces->enumerate(ifaces, &iface))
1179 {
1180 if (streq(iface->ifname, tun->get_name(tun)))
1181 {
1182 addrs = iface->addrs->create_enumerator(iface->addrs);
1183 while (addrs->enumerate(addrs, &addr))
1184 {
1185 if (addr->ip->ip_equals(addr->ip, vip))
1186 {
1187 addr->virtual = TRUE;
77b6f196
MW		 1188 }
1189 }
1190 addrs->destroy(addrs);
0745f846
TB		 1191 /* during IKEv1 reauthentication, children get moved from
1192 * old the new SA before the virtual IP is available. This
1193 * kills the route for our virtual IP, reinstall. */
1194 queue_route_reinstall(this, strdup(iface->ifname));
1195 break;
77b6f196
MW		 1196 }
1197 }
1198 ifaces->destroy(ifaces);
554c4276 1199 /* lets do this while holding the lock, thus preventing another thread
0745f846 1200 * from deleting the TUN device concurrently, hopefully listeners are quick
554c4276
TB		 1201 * and cause no deadlocks */
1202 hydra->kernel_interface->tun(hydra->kernel_interface, tun, TRUE);
2a2d7a4d
MW		 1203 this->lock->unlock(this->lock);
1204
1205 return SUCCESS;
d24a74c5
TB		 1206}
1207
e131f117 1208METHOD(kernel_net_t, del_ip, status_t,
2a2d7a4d 1209 private_kernel_pfroute_net_t *this, host_t *vip, int prefix,
d88597f0 1210 bool wait)
d24a74c5 1211{
2a2d7a4d
MW		 1212 enumerator_t *enumerator;
1213 tun_device_t *tun;
1214 host_t *addr;
1215 bool timeout = FALSE, found = FALSE;
1216
1217 this->lock->write_lock(this->lock);
1218 enumerator = this->tuns->create_enumerator(this->tuns);
1219 while (enumerator->enumerate(enumerator, &tun))
1220 {
1221 addr = tun->get_address(tun, NULL);
1222 if (addr && addr->ip_equals(addr, vip))
1223 {
1224 this->tuns->remove_at(this->tuns, enumerator);
554c4276
TB		 1225 hydra->kernel_interface->tun(hydra->kernel_interface, tun,
1226 FALSE);
2a2d7a4d
MW		 1227 tun->destroy(tun);
1228 found = TRUE;
1229 break;
1230 }
1231 }
1232 enumerator->destroy(enumerator);
1233 this->lock->unlock(this->lock);
1234
1235 if (!found)
1236 {
1237 return NOT_FOUND;
1238 }
1239 /* wait until address disappears */
1240 if (wait)
1241 {
1242 this->mutex->lock(this->mutex);
1243 while (!timeout && get_interface_name(this, vip, NULL))
1244 {
baa6419e
TB		 1245 timeout = this->condvar->timed_wait(this->condvar, this->mutex,
1246 this->vip_wait);
2a2d7a4d
MW		 1247 }
1248 this->mutex->unlock(this->mutex);
1249 if (timeout)
1250 {
1251 DBG1(DBG_KNL, "virtual IP %H did not disappear from tun", vip);
1252 return FAILED;
1253 }
1254 }
1255 return SUCCESS;
d24a74c5
TB		 1256}
1257
272bcac8
MW		 1258/**
1259 * Append a sockaddr_in/in6 of given type to routing message
1260 */
1261static void add_rt_addr(struct rt_msghdr *hdr, int type, host_t *addr)
1262{
1263 if (addr)
1264 {
1265 int len;
1266
1267 len = *addr->get_sockaddr_len(addr);
1268 memcpy((char*)hdr + hdr->rtm_msglen, addr->get_sockaddr(addr), len);
aa33d2e6 1269 hdr->rtm_msglen += SA_LEN(len);
272bcac8
MW		 1270 hdr->rtm_addrs |= type;
1271 }
1272}
1273
1274/**
1275 * Append a subnet mask sockaddr using the given prefix to routing message
1276 */
1277static void add_rt_mask(struct rt_msghdr *hdr, int type, int family, int prefix)
1278{
1279 host_t *mask;
1280
1281 mask = host_create_netmask(family, prefix);
1282 if (mask)
1283 {
1284 add_rt_addr(hdr, type, mask);
1285 mask->destroy(mask);
1286 }
1287}
1288
1289/**
1290 * Append an interface name sockaddr_dl to routing message
1291 */
1292static void add_rt_ifname(struct rt_msghdr *hdr, int type, char *name)
1293{
1294 struct sockaddr_dl sdl = {
1295 .sdl_len = sizeof(struct sockaddr_dl),
1296 .sdl_family = AF_LINK,
1297 .sdl_nlen = strlen(name),
1298 };
1299
1300 if (strlen(name) <= sizeof(sdl.sdl_data))
1301 {
1302 memcpy(sdl.sdl_data, name, sdl.sdl_nlen);
1303 memcpy((char*)hdr + hdr->rtm_msglen, &sdl, sdl.sdl_len);
aa33d2e6 1304 hdr->rtm_msglen += SA_LEN(sdl.sdl_len);
272bcac8
MW		 1305 hdr->rtm_addrs |= type;
1306 }
1307}
1308
1309/**
1310 * Add or remove a route
1311 */
1312static status_t manage_route(private_kernel_pfroute_net_t *this, int op,
1313 chunk_t dst_net, u_int8_t prefixlen,
1314 host_t *gateway, char *if_name)
1315{
1316 struct {
1317 struct rt_msghdr hdr;
1318 char buf[sizeof(struct sockaddr_storage) * RTAX_MAX];
1319 } msg = {
1320 .hdr = {
1321 .rtm_version = RTM_VERSION,
1322 .rtm_type = op,
1323 .rtm_flags = RTF_UP | RTF_STATIC,
1324 .rtm_pid = this->pid,
e50b2053 1325 .rtm_seq = ref_get(&this->seq),
272bcac8
MW		 1326 },
1327 };
1328 host_t *dst;
1329 int type;
1330
12178303
MW		 1331 if (prefixlen == 0 && dst_net.len)
1332 {
1333 status_t status;
1334 chunk_t half;
1335
1336 half = chunk_clonea(dst_net);
1337 half.ptr[0] |= 0x80;
1338 prefixlen = 1;
1339 status = manage_route(this, op, half, prefixlen, gateway, if_name);
1340 if (status != SUCCESS)
1341 {
1342 return status;
1343 }
1344 }
1345
272bcac8
MW		 1346 dst = host_create_from_chunk(AF_UNSPEC, dst_net, 0);
1347 if (!dst)
1348 {
1349 return FAILED;
1350 }
1351
1352 if ((dst->get_family(dst) == AF_INET && prefixlen == 32) ||
1353 (dst->get_family(dst) == AF_INET6 && prefixlen == 128))
1354 {
1355 msg.hdr.rtm_flags |= RTF_HOST | RTF_GATEWAY;
1356 }
1357
1358 msg.hdr.rtm_msglen = sizeof(struct rt_msghdr);
1359 for (type = 0; type < RTAX_MAX; type++)
1360 {
1361 switch (type)
1362 {
1363 case RTAX_DST:
1364 add_rt_addr(&msg.hdr, RTA_DST, dst);
1365 break;
1366 case RTAX_NETMASK:
1367 if (!(msg.hdr.rtm_flags & RTF_HOST))
1368 {
1369 add_rt_mask(&msg.hdr, RTA_NETMASK,
1370 dst->get_family(dst), prefixlen);
1371 }
1372 break;
f58f8bf4 1373 case RTAX_IFP:
272bcac8
MW		 1374 if (if_name)
1375 {
f58f8bf4 1376 add_rt_ifname(&msg.hdr, RTA_IFP, if_name);
272bcac8 1377 }
f58f8bf4
TB		 1378 break;
1379 case RTAX_GATEWAY:
1380 if (gateway)
272bcac8
MW		 1381 {
1382 add_rt_addr(&msg.hdr, RTA_GATEWAY, gateway);
1383 }
1384 break;
1385 default:
1386 break;
1387 }
1388 }
1389 dst->destroy(dst);
1390
1391 if (send(this->socket, &msg, msg.hdr.rtm_msglen, 0) != msg.hdr.rtm_msglen)
1392 {
527663d6
TB		 1393 if (errno == EEXIST)
1394 {
1395 return ALREADY_DONE;
1396 }
272bcac8
MW		 1397 DBG1(DBG_KNL, "%s PF_ROUTE route failed: %s",
1398 op == RTM_ADD ? "adding" : "deleting", strerror(errno));
1399 return FAILED;
1400 }
1401 return SUCCESS;
1402}
1403
e131f117
MW		 1404METHOD(kernel_net_t, add_route, status_t,
1405 private_kernel_pfroute_net_t *this, chunk_t dst_net, u_int8_t prefixlen,
1406 host_t *gateway, host_t *src_ip, char *if_name)
d24a74c5 1407{
0745f846
TB		 1408 status_t status;
1409 route_entry_t *found, route = {
1410 .dst_net = dst_net,
1411 .prefixlen = prefixlen,
1412 .gateway = gateway,
1413 .if_name = if_name,
1414 };
1415
1416 this->routes_lock->lock(this->routes_lock);
1417 found = this->routes->get(this->routes, &route);
1418 if (found)
1419 {
1420 this->routes_lock->unlock(this->routes_lock);
1421 return ALREADY_DONE;
1422 }
1423 found = route_entry_clone(&route);
1424 this->routes->put(this->routes, found, found);
1425 status = manage_route(this, RTM_ADD, dst_net, prefixlen, gateway, if_name);
1426 this->routes_lock->unlock(this->routes_lock);
1427 return status;
d24a74c5
TB		 1428}
1429
e131f117
MW		 1430METHOD(kernel_net_t, del_route, status_t,
1431 private_kernel_pfroute_net_t *this, chunk_t dst_net, u_int8_t prefixlen,
1432 host_t *gateway, host_t *src_ip, char *if_name)
d24a74c5 1433{
0745f846
TB		 1434 status_t status;
1435 route_entry_t *found, route = {
1436 .dst_net = dst_net,
1437 .prefixlen = prefixlen,
1438 .gateway = gateway,
1439 .if_name = if_name,
1440 };
1441
1442 this->routes_lock->lock(this->routes_lock);
1443 found = this->routes->get(this->routes, &route);
1444 if (!found)
1445 {
1446 this->routes_lock->unlock(this->routes_lock);
1447 return NOT_FOUND;
1448 }
1449 this->routes->remove(this->routes, found);
1450 route_entry_destroy(found);
1451 status = manage_route(this, RTM_DELETE, dst_net, prefixlen, gateway,
1452 if_name);
1453 this->routes_lock->unlock(this->routes_lock);
1454 return status;
d24a74c5
TB		 1455}
1456
d6c17e96
TB		 1457/**
1458 * Do a route lookup for dest and return either the nexthop or the source
1459 * address.
1460 */
1461static host_t *get_route(private_kernel_pfroute_net_t *this, bool nexthop,
1462 host_t *dest, host_t *src)
9bc342ea
MW		 1463{
1464 struct {
1465 struct rt_msghdr hdr;
1466 char buf[sizeof(struct sockaddr_storage) * RTAX_MAX];
1467 } msg = {
1468 .hdr = {
1469 .rtm_version = RTM_VERSION,
1470 .rtm_type = RTM_GET,
1471 .rtm_pid = this->pid,
e50b2053 1472 .rtm_seq = ref_get(&this->seq),
9bc342ea
MW		 1473 },
1474 };
12488efa 1475 host_t *host = NULL;
9bc342ea
MW		 1476 enumerator_t *enumerator;
1477 struct sockaddr *addr;
dc8b083d 1478 bool failed = FALSE;
9bc342ea
MW		 1479 int type;
1480
dc8b083d 1481retry:
9bc342ea
MW		 1482 msg.hdr.rtm_msglen = sizeof(struct rt_msghdr);
1483 for (type = 0; type < RTAX_MAX; type++)
1484 {
1485 switch (type)
1486 {
1487 case RTAX_DST:
1488 add_rt_addr(&msg.hdr, RTA_DST, dest);
1489 break;
1490 case RTAX_IFA:
1491 add_rt_addr(&msg.hdr, RTA_IFA, src);
1492 break;
1c697ff1
TB		 1493 case RTAX_IFP:
1494 if (!nexthop)
1495 { /* add an empty IFP to ensure we get a source address */
1496 add_rt_ifname(&msg.hdr, RTA_IFP, "");
1497 }
1498 break;
9bc342ea
MW		 1499 default:
1500 break;
1501 }
1502 }
1503 this->mutex->lock(this->mutex);
1504
c9a323c1
MW		 1505 while (this->waiting_seq)
1506 {
1507 this->condvar->wait(this->condvar, this->mutex);
1508 }
9bc342ea
MW		 1509 this->waiting_seq = msg.hdr.rtm_seq;
1510 if (send(this->socket, &msg, msg.hdr.rtm_msglen, 0) == msg.hdr.rtm_msglen)
1511 {
1512 while (TRUE)
1513 {
1514 if (this->condvar->timed_wait(this->condvar, this->mutex, 1000))
1515 { /* timed out? */
1516 break;
1517 }
1518 if (this->reply->rtm_msglen < sizeof(*this->reply) ||
1519 msg.hdr.rtm_seq != this->reply->rtm_seq)
1520 {
1521 continue;
1522 }
b308a979 1523 enumerator = create_rtmsg_enumerator(this->reply);
9bc342ea
MW		 1524 while (enumerator->enumerate(enumerator, &type, &addr))
1525 {
12488efa 1526 if (nexthop)
b0629f7d 1527 {
12488efa
TB		 1528 if (type == RTAX_DST && this->reply->rtm_flags & RTF_HOST)
1529 { /* probably a cloned/cached direct route, only use that
1530 * as fallback if no gateway is found */
1531 host = host ?: host_create_from_sockaddr(addr);
1532 }
1533 if (type == RTAX_GATEWAY)
1534 { /* could actually be a MAC address */
1535 host_t *gtw = host_create_from_sockaddr(addr);
1536 if (gtw)
1537 {
1538 DESTROY_IF(host);
1539 host = gtw;
1540 }
1541 }
34b0ad06 1542 }
12488efa 1543 else
d6c17e96 1544 {
12488efa 1545 if (type == RTAX_IFA)
b0629f7d 1546 {
12488efa 1547 host = host_create_from_sockaddr(addr);
b0629f7d 1548 }
9bc342ea
MW		 1549 }
1550 }
1551 enumerator->destroy(enumerator);
1552 break;
1553 }
1554 }
1555 else
1556 {
dc8b083d 1557 failed = TRUE;
9bc342ea 1558 }
c9a323c1
MW		 1559 /* signal completion of query to a waiting thread */
1560 this->waiting_seq = 0;
1561 this->condvar->signal(this->condvar);
9bc342ea
MW		 1562 this->mutex->unlock(this->mutex);
1563
dc8b083d
TB		 1564 if (failed)
1565 {
1566 if (src)
1567 { /* the given source address might be gone, try again without */
1568 src = NULL;
e50b2053 1569 msg.hdr.rtm_seq = ref_get(&this->seq);
dc8b083d
TB		 1570 msg.hdr.rtm_addrs = 0;
1571 memset(msg.buf, sizeof(msg.buf), 0);
1572 goto retry;
1573 }
1574 DBG1(DBG_KNL, "PF_ROUTE lookup failed: %s", strerror(errno));
1575 }
cb082d15 1576 if (!host)
b0629f7d 1577 {
cb082d15
TB		 1578 return NULL;
1579 }
1580 if (!nexthop)
1581 { /* make sure the source address is not virtual and usable */
1582 addr_entry_t *entry, lookup = {
1583 .ip = host,
1584 };
1585
1586 this->lock->read_lock(this->lock);
1587 entry = this->addrs->get_match(this->addrs, &lookup,
1588 (void*)addr_map_entry_match_up_and_usable);
1589 this->lock->unlock(this->lock);
1590 if (!entry)
1591 {
1592 host->destroy(host);
1593 return NULL;
1594 }
b0629f7d 1595 }
cb082d15
TB		 1596 DBG2(DBG_KNL, "using %H as %s to reach %H", host,
1597 nexthop ? "nexthop" : "address", dest);
d6c17e96
TB		 1598 return host;
1599}
1600
1601METHOD(kernel_net_t, get_source_addr, host_t*,
1602 private_kernel_pfroute_net_t *this, host_t *dest, host_t *src)
1603{
1604 return get_route(this, FALSE, dest, src);
1605}
1606
1607METHOD(kernel_net_t, get_nexthop, host_t*,
1608 private_kernel_pfroute_net_t *this, host_t *dest, host_t *src)
1609{
1610 return get_route(this, TRUE, dest, src);
9bc342ea
MW		 1611}
1612
d24a74c5
TB		 1613/**
1614 * Initialize a list of local addresses.
1615 */
1616static status_t init_address_list(private_kernel_pfroute_net_t *this)
1617{
1618 struct ifaddrs *ifap, *ifa;
1619 iface_entry_t *iface, *current;
1620 addr_entry_t *addr;
1621 enumerator_t *ifaces, *addrs;
7daf5226 1622
31a0e24b 1623 DBG2(DBG_KNL, "known interfaces and IP addresses:");
7daf5226 1624
d24a74c5
TB		 1625 if (getifaddrs(&ifap) < 0)
1626 {
1627 DBG1(DBG_KNL, " failed to get interfaces!");
1628 return FAILED;
1629 }
7daf5226 1630
d24a74c5
TB		 1631 for (ifa = ifap; ifa != NULL; ifa = ifa->ifa_next)
1632 {
1633 if (ifa->ifa_addr == NULL)
1634 {
1635 continue;
1636 }
1637 switch(ifa->ifa_addr->sa_family)
1638 {
1639 case AF_LINK:
1640 case AF_INET:
1641 case AF_INET6:
1642 {
d24a74c5
TB		 1643 iface = NULL;
1644 ifaces = this->ifaces->create_enumerator(this->ifaces);
1645 while (ifaces->enumerate(ifaces, &current))
1646 {
1647 if (streq(current->ifname, ifa->ifa_name))
1648 {
1649 iface = current;
1650 break;
1651 }
1652 }
1653 ifaces->destroy(ifaces);
7daf5226 1654
d24a74c5
TB		 1655 if (!iface)
1656 {
9650bf3c
MW		 1657 INIT(iface,
1658 .ifindex = if_nametoindex(ifa->ifa_name),
1659 .flags = ifa->ifa_flags,
1660 .addrs = linked_list_create(),
1661 .usable = hydra->kernel_interface->is_interface_usable(
1662 hydra->kernel_interface, ifa->ifa_name),
1663 );
d24a74c5 1664 memcpy(iface->ifname, ifa->ifa_name, IFNAMSIZ);
d24a74c5
TB		 1665 this->ifaces->insert_last(this->ifaces, iface);
1666 }
7daf5226 1667
d24a74c5
TB		 1668 if (ifa->ifa_addr->sa_family != AF_LINK)
1669 {
9650bf3c
MW		 1670 INIT(addr,
1671 .ip = host_create_from_sockaddr(ifa->ifa_addr),
9650bf3c 1672 );
d24a74c5 1673 iface->addrs->insert_last(iface->addrs, addr);
9845391a 1674 addr_map_entry_add(this, addr, iface);
d24a74c5
TB		 1675 }
1676 }
1677 }
1678 }
1679 freeifaddrs(ifap);
7daf5226 1680
d24a74c5
TB		 1681 ifaces = this->ifaces->create_enumerator(this->ifaces);
1682 while (ifaces->enumerate(ifaces, &iface))
1683 {
940e1b0f 1684 if (iface->usable && iface->flags & IFF_UP)
d24a74c5 1685 {
31a0e24b 1686 DBG2(DBG_KNL, " %s", iface->ifname);
d24a74c5
TB		 1687 addrs = iface->addrs->create_enumerator(iface->addrs);
1688 while (addrs->enumerate(addrs, (void**)&addr))
1689 {
31a0e24b 1690 DBG2(DBG_KNL, " %H", addr->ip);
d24a74c5
TB		 1691 }
1692 addrs->destroy(addrs);
1693 }
1694 }
1695 ifaces->destroy(ifaces);
7daf5226 1696
d24a74c5
TB		 1697 return SUCCESS;
1698}
1699
cce8f652 1700METHOD(kernel_net_t, destroy, void,
e131f117 1701 private_kernel_pfroute_net_t *this)
d24a74c5 1702{
1f97e1aa 1703 enumerator_t *enumerator;
0745f846 1704 route_entry_t *route;
bfd2cc1c 1705 addr_entry_t *addr;
1f97e1aa 1706
0745f846
TB		 1707 enumerator = this->routes->create_enumerator(this->routes);
1708 while (enumerator->enumerate(enumerator, NULL, (void**)&route))
1709 {
1710 manage_route(this, RTM_DELETE, route->dst_net, route->prefixlen,
1711 route->gateway, route->if_name);
1712 route_entry_destroy(route);
1713 }
1714 enumerator->destroy(enumerator);
1715 this->routes->destroy(this->routes);
1716 this->routes_lock->destroy(this->routes_lock);
1717
0e107f03 1718 if (this->socket != -1)
d6a27ec6 1719 {
46666dd3 1720 lib->watcher->remove(lib->watcher, this->socket);
d6a27ec6
MW		 1721 close(this->socket);
1722 }
0745f846
TB		 1723
1724 net_changes_clear(this);
1725 this->net_changes->destroy(this->net_changes);
1726 this->net_changes_lock->destroy(this->net_changes_lock);
1727
1f97e1aa
TB		 1728 enumerator = this->addrs->create_enumerator(this->addrs);
1729 while (enumerator->enumerate(enumerator, NULL, (void**)&addr))
1730 {
1731 free(addr);
1732 }
1733 enumerator->destroy(enumerator);
1734 this->addrs->destroy(this->addrs);
d24a74c5 1735 this->ifaces->destroy_function(this->ifaces, (void*)iface_entry_destroy);
2a2d7a4d 1736 this->tuns->destroy(this->tuns);
bdf36dac 1737 this->lock->destroy(this->lock);
3a7f4b5c
MW		 1738 this->mutex->destroy(this->mutex);
1739 this->condvar->destroy(this->condvar);
55da01f3 1740 this->roam_lock->destroy(this->roam_lock);
3a7f4b5c 1741 free(this->reply);
d24a74c5
TB		 1742 free(this);
1743}
1744
1745/*
1746 * Described in header.
1747 */
1748kernel_pfroute_net_t *kernel_pfroute_net_create()
1749{
e131f117
MW		 1750 private_kernel_pfroute_net_t *this;
1751
1752 INIT(this,
1753 .public = {
1754 .interface = {
580b768d 1755 .get_features = _get_features,
e131f117
MW		 1756 .get_interface = _get_interface_name,
1757 .create_address_enumerator = _create_address_enumerator,
1758 .get_source_addr = _get_source_addr,
1759 .get_nexthop = _get_nexthop,
1760 .add_ip = _add_ip,
1761 .del_ip = _del_ip,
1762 .add_route = _add_route,
1763 .del_route = _del_route,
1764 .destroy = _destroy,
1765 },
1766 },
3a7f4b5c 1767 .pid = getpid(),
e131f117 1768 .ifaces = linked_list_create(),
1f97e1aa
TB		 1769 .addrs = hashtable_create(
1770 (hashtable_hash_t)addr_map_entry_hash,
1771 (hashtable_equals_t)addr_map_entry_equals, 16),
0745f846
TB		 1772 .routes = hashtable_create((hashtable_hash_t)route_entry_hash,
1773 (hashtable_equals_t)route_entry_equals, 16),
1774 .net_changes = hashtable_create(
1775 (hashtable_hash_t)net_change_hash,
1776 (hashtable_equals_t)net_change_equals, 16),
2a2d7a4d 1777 .tuns = linked_list_create(),
bdf36dac 1778 .lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
3a7f4b5c
MW		 1779 .mutex = mutex_create(MUTEX_TYPE_DEFAULT),
1780 .condvar = condvar_create(CONDVAR_TYPE_DEFAULT),
0745f846
TB		 1781 .routes_lock = mutex_create(MUTEX_TYPE_DEFAULT),
1782 .net_changes_lock = mutex_create(MUTEX_TYPE_DEFAULT),
55da01f3 1783 .roam_lock = spinlock_create(),
baa6419e
TB		 1784 .vip_wait = lib->settings->get_int(lib->settings,
1785 "%s.plugins.kernel-pfroute.vip_wait", 1000, hydra->daemon),
e131f117 1786 );
0745f846 1787 timerclear(&this->last_route_reinstall);
55da01f3 1788 timerclear(&this->next_roam);
7daf5226 1789
d24a74c5
TB		 1790 /* create a PF_ROUTE socket to communicate with the kernel */
1791 this->socket = socket(PF_ROUTE, SOCK_RAW, AF_UNSPEC);
0e107f03 1792 if (this->socket == -1)
d24a74c5 1793 {
d6a27ec6
MW		 1794 DBG1(DBG_KNL, "unable to create PF_ROUTE socket");
1795 destroy(this);
1796 return NULL;
d24a74c5 1797 }
7daf5226 1798
0e107f03 1799 if (streq(hydra->daemon, "starter"))
d24a74c5 1800 {
0e107f03
MW		 1801 /* starter has no threads, so we do not register for kernel events */
1802 if (shutdown(this->socket, SHUT_RD) != 0)
05ca5655 1803 {
0e107f03
MW		 1804 DBG1(DBG_KNL, "closing read end of PF_ROUTE socket failed: %s",
1805 strerror(errno));
05ca5655 1806 }
0e107f03
MW		 1807 }
1808 else
1809 {
46666dd3
MW		 1810 lib->watcher->add(lib->watcher, this->socket, WATCHER_READ,
1811 (watcher_cb_t)receive_events, this);
05ca5655 1812 }
d24a74c5
TB		 1813 if (init_address_list(this) != SUCCESS)
1814 {
d6a27ec6
MW		 1815 DBG1(DBG_KNL, "unable to get interface list");
1816 destroy(this);
1817 return NULL;
d24a74c5 1818 }
7daf5226 1819
d24a74c5
TB		 1820 return &this->public;
1821}
Unnamed repository; edit this file 'description' to name the repository.