]>
Commit | Line | Data |
---|---|---|
d24a74c5 | 1 | /* |
0745f846 | 2 | * Copyright (C) 2009-2013 Tobias Brunner |
d24a74c5 TB |
3 | * Hochschule fuer Technik Rapperswil |
4 | * | |
5 | * This program is free software; you can redistribute it and/or modify it | |
6 | * under the terms of the GNU General Public License as published by the | |
7 | * Free Software Foundation; either version 2 of the License, or (at your | |
8 | * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
9 | * | |
10 | * This program is distributed in the hope that it will be useful, but | |
11 | * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
12 | * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
13 | * for more details. | |
d24a74c5 TB |
14 | */ |
15 | ||
16 | #include <sys/types.h> | |
17 | #include <sys/socket.h> | |
18 | #include <net/if.h> | |
272bcac8 | 19 | #include <net/if_dl.h> |
d24a74c5 TB |
20 | #include <ifaddrs.h> |
21 | #include <net/route.h> | |
22 | #include <unistd.h> | |
d24a74c5 TB |
23 | #include <errno.h> |
24 | ||
25 | #include "kernel_pfroute_net.h" | |
26 | ||
c5f7146b | 27 | #include <hydra.h> |
f05b4272 | 28 | #include <utils/debug.h> |
2e7cc07e | 29 | #include <networking/host.h> |
2a2d7a4d | 30 | #include <networking/tun_device.h> |
4a5a5dd2 | 31 | #include <threading/thread.h> |
eba64cef | 32 | #include <threading/mutex.h> |
3a7f4b5c | 33 | #include <threading/condvar.h> |
bdf36dac | 34 | #include <threading/rwlock.h> |
55da01f3 | 35 | #include <threading/spinlock.h> |
12642a68 TB |
36 | #include <collections/hashtable.h> |
37 | #include <collections/linked_list.h> | |
d24a74c5 | 38 | #include <processing/jobs/callback_job.h> |
d24a74c5 TB |
39 | |
40 | #ifndef HAVE_STRUCT_SOCKADDR_SA_LEN | |
41 | #error Cannot compile this plugin on systems where 'struct sockaddr' has no sa_len member. | |
42 | #endif | |
43 | ||
aa33d2e6 | 44 | /** properly align sockaddrs */ |
4b3fea3d TB |
45 | #ifdef __APPLE__ |
46 | /* Apple always uses 4 bytes */ | |
aa33d2e6 | 47 | #define SA_ALIGN 4 |
4b3fea3d TB |
48 | #else |
49 | /* while on other platforms like FreeBSD it depends on the architecture */ | |
50 | #define SA_ALIGN sizeof(long) | |
51 | #endif | |
aa33d2e6 TB |
52 | #define SA_LEN(len) ((len) > 0 ? (((len)+SA_ALIGN-1) & ~(SA_ALIGN-1)) : SA_ALIGN) |
53 | ||
ba26508d | 54 | /** delay before firing roam events (ms) */ |
d24a74c5 TB |
55 | #define ROAM_DELAY 100 |
56 | ||
0745f846 TB |
57 | /** delay before reinstalling routes (ms) */ |
58 | #define ROUTE_DELAY 100 | |
59 | ||
d24a74c5 TB |
60 | typedef struct addr_entry_t addr_entry_t; |
61 | ||
62 | /** | |
63 | * IP address in an inface_entry_t | |
64 | */ | |
65 | struct addr_entry_t { | |
7daf5226 | 66 | |
d24a74c5 TB |
67 | /** The ip address */ |
68 | host_t *ip; | |
7daf5226 | 69 | |
d24a74c5 TB |
70 | /** virtual IP managed by us */ |
71 | bool virtual; | |
d24a74c5 TB |
72 | }; |
73 | ||
74 | /** | |
75 | * destroy a addr_entry_t object | |
76 | */ | |
77 | static void addr_entry_destroy(addr_entry_t *this) | |
78 | { | |
79 | this->ip->destroy(this->ip); | |
80 | free(this); | |
81 | } | |
82 | ||
83 | typedef struct iface_entry_t iface_entry_t; | |
84 | ||
85 | /** | |
86 | * A network interface on this system, containing addr_entry_t's | |
87 | */ | |
88 | struct iface_entry_t { | |
7daf5226 | 89 | |
d24a74c5 TB |
90 | /** interface index */ |
91 | int ifindex; | |
7daf5226 | 92 | |
d24a74c5 TB |
93 | /** name of the interface */ |
94 | char ifname[IFNAMSIZ]; | |
7daf5226 | 95 | |
d24a74c5 TB |
96 | /** interface flags, as in netdevice(7) SIOCGIFFLAGS */ |
97 | u_int flags; | |
7daf5226 | 98 | |
d24a74c5 TB |
99 | /** list of addresses as host_t */ |
100 | linked_list_t *addrs; | |
940e1b0f TB |
101 | |
102 | /** TRUE if usable by config */ | |
103 | bool usable; | |
d24a74c5 TB |
104 | }; |
105 | ||
106 | /** | |
107 | * destroy an interface entry | |
108 | */ | |
109 | static void iface_entry_destroy(iface_entry_t *this) | |
110 | { | |
111 | this->addrs->destroy_function(this->addrs, (void*)addr_entry_destroy); | |
112 | free(this); | |
113 | } | |
114 | ||
1f97e1aa TB |
115 | /** |
116 | * check if an interface is up | |
117 | */ | |
118 | static inline bool iface_entry_up(iface_entry_t *iface) | |
119 | { | |
120 | return (iface->flags & IFF_UP) == IFF_UP; | |
121 | } | |
122 | ||
940e1b0f TB |
123 | /** |
124 | * check if an interface is up and usable | |
125 | */ | |
126 | static inline bool iface_entry_up_and_usable(iface_entry_t *iface) | |
127 | { | |
1f97e1aa TB |
128 | return iface->usable && iface_entry_up(iface); |
129 | } | |
130 | ||
131 | typedef struct addr_map_entry_t addr_map_entry_t; | |
132 | ||
133 | /** | |
134 | * Entry that maps an IP address to an interface entry | |
135 | */ | |
136 | struct addr_map_entry_t { | |
137 | /** The IP address */ | |
138 | host_t *ip; | |
139 | ||
e9c1ca02 TB |
140 | /** The address entry for this IP address */ |
141 | addr_entry_t *addr; | |
142 | ||
1f97e1aa TB |
143 | /** The interface this address is installed on */ |
144 | iface_entry_t *iface; | |
145 | }; | |
146 | ||
147 | /** | |
148 | * Hash a addr_map_entry_t object, all entries with the same IP address | |
149 | * are stored in the same bucket | |
150 | */ | |
151 | static u_int addr_map_entry_hash(addr_map_entry_t *this) | |
152 | { | |
153 | return chunk_hash(this->ip->get_address(this->ip)); | |
154 | } | |
155 | ||
156 | /** | |
157 | * Compare two addr_map_entry_t objects, two entries are equal if they are | |
158 | * installed on the same interface | |
159 | */ | |
160 | static bool addr_map_entry_equals(addr_map_entry_t *a, addr_map_entry_t *b) | |
161 | { | |
162 | return a->iface->ifindex == b->iface->ifindex && | |
163 | a->ip->ip_equals(a->ip, b->ip); | |
940e1b0f TB |
164 | } |
165 | ||
1f97e1aa TB |
166 | /** |
167 | * Used with get_match this finds an address entry if it is installed on | |
168 | * an up and usable interface | |
169 | */ | |
170 | static bool addr_map_entry_match_up_and_usable(addr_map_entry_t *a, | |
171 | addr_map_entry_t *b) | |
172 | { | |
e9c1ca02 TB |
173 | return !b->addr->virtual && iface_entry_up_and_usable(b->iface) && |
174 | a->ip->ip_equals(a->ip, b->ip); | |
1f97e1aa TB |
175 | } |
176 | ||
5310f485 TB |
177 | /** |
178 | * Used with get_match this finds an address entry if it is installed as virtual | |
179 | * IP address | |
180 | */ | |
181 | static bool addr_map_entry_match_virtual(addr_map_entry_t *a, addr_map_entry_t *b) | |
182 | { | |
183 | return b->addr->virtual && a->ip->ip_equals(a->ip, b->ip); | |
184 | } | |
185 | ||
1f97e1aa TB |
186 | /** |
187 | * Used with get_match this finds an address entry if it is installed on | |
188 | * any active local interface | |
189 | */ | |
190 | static bool addr_map_entry_match_up(addr_map_entry_t *a, addr_map_entry_t *b) | |
191 | { | |
e9c1ca02 TB |
192 | return !b->addr->virtual && iface_entry_up(b->iface) && |
193 | a->ip->ip_equals(a->ip, b->ip); | |
1f97e1aa | 194 | } |
d24a74c5 | 195 | |
0745f846 TB |
196 | typedef struct route_entry_t route_entry_t; |
197 | ||
198 | /** | |
199 | * Installed routing entry | |
200 | */ | |
201 | struct route_entry_t { | |
202 | /** Name of the interface the route is bound to */ | |
203 | char *if_name; | |
204 | ||
205 | /** Gateway for this route */ | |
206 | host_t *gateway; | |
207 | ||
208 | /** Destination net */ | |
209 | chunk_t dst_net; | |
210 | ||
211 | /** Destination net prefixlen */ | |
212 | u_int8_t prefixlen; | |
213 | }; | |
214 | ||
215 | /** | |
216 | * Clone a route_entry_t object. | |
217 | */ | |
218 | static route_entry_t *route_entry_clone(route_entry_t *this) | |
219 | { | |
220 | route_entry_t *route; | |
221 | ||
222 | INIT(route, | |
223 | .if_name = strdup(this->if_name), | |
224 | .gateway = this->gateway ? this->gateway->clone(this->gateway) : NULL, | |
225 | .dst_net = chunk_clone(this->dst_net), | |
226 | .prefixlen = this->prefixlen, | |
227 | ); | |
228 | return route; | |
229 | } | |
230 | ||
231 | /** | |
232 | * Destroy a route_entry_t object | |
233 | */ | |
234 | static void route_entry_destroy(route_entry_t *this) | |
235 | { | |
236 | free(this->if_name); | |
237 | DESTROY_IF(this->gateway); | |
238 | chunk_free(&this->dst_net); | |
239 | free(this); | |
240 | } | |
241 | ||
242 | /** | |
243 | * Hash a route_entry_t object | |
244 | */ | |
245 | static u_int route_entry_hash(route_entry_t *this) | |
246 | { | |
247 | return chunk_hash_inc(chunk_from_thing(this->prefixlen), | |
248 | chunk_hash(this->dst_net)); | |
249 | } | |
250 | ||
251 | /** | |
252 | * Compare two route_entry_t objects | |
253 | */ | |
254 | static bool route_entry_equals(route_entry_t *a, route_entry_t *b) | |
255 | { | |
256 | if (a->if_name && b->if_name && streq(a->if_name, b->if_name) && | |
257 | chunk_equals(a->dst_net, b->dst_net) && a->prefixlen == b->prefixlen) | |
258 | { | |
259 | return (!a->gateway && !b->gateway) || (a->gateway && b->gateway && | |
260 | a->gateway->ip_equals(a->gateway, b->gateway)); | |
261 | } | |
262 | return FALSE; | |
263 | } | |
264 | ||
265 | typedef struct net_change_t net_change_t; | |
266 | ||
267 | /** | |
268 | * Queued network changes | |
269 | */ | |
270 | struct net_change_t { | |
271 | /** Name of the interface that got activated (or an IP appeared on) */ | |
272 | char *if_name; | |
273 | }; | |
274 | ||
275 | /** | |
276 | * Destroy a net_change_t object | |
277 | */ | |
278 | static void net_change_destroy(net_change_t *this) | |
279 | { | |
280 | free(this->if_name); | |
281 | free(this); | |
282 | } | |
283 | ||
284 | /** | |
285 | * Hash a net_change_t object | |
286 | */ | |
287 | static u_int net_change_hash(net_change_t *this) | |
288 | { | |
289 | return chunk_hash(chunk_create(this->if_name, strlen(this->if_name))); | |
290 | } | |
291 | ||
292 | /** | |
293 | * Compare two net_change_t objects | |
294 | */ | |
295 | static bool net_change_equals(net_change_t *a, net_change_t *b) | |
296 | { | |
297 | return streq(a->if_name, b->if_name); | |
298 | } | |
299 | ||
d24a74c5 TB |
300 | typedef struct private_kernel_pfroute_net_t private_kernel_pfroute_net_t; |
301 | ||
302 | /** | |
303 | * Private variables and functions of kernel_pfroute class. | |
304 | */ | |
305 | struct private_kernel_pfroute_net_t | |
306 | { | |
307 | /** | |
308 | * Public part of the kernel_pfroute_t object. | |
309 | */ | |
310 | kernel_pfroute_net_t public; | |
7daf5226 | 311 | |
d24a74c5 | 312 | /** |
bdf36dac | 313 | * lock to access lists and maps |
d24a74c5 | 314 | */ |
bdf36dac | 315 | rwlock_t *lock; |
7daf5226 | 316 | |
d24a74c5 TB |
317 | /** |
318 | * Cached list of interfaces and their addresses (iface_entry_t) | |
319 | */ | |
320 | linked_list_t *ifaces; | |
7daf5226 | 321 | |
1f97e1aa TB |
322 | /** |
323 | * Map for IP addresses to iface_entry_t objects (addr_map_entry_t) | |
324 | */ | |
325 | hashtable_t *addrs; | |
326 | ||
2a2d7a4d MW |
327 | /** |
328 | * List of tun devices we installed for virtual IPs | |
329 | */ | |
330 | linked_list_t *tuns; | |
331 | ||
d24a74c5 | 332 | /** |
3a7f4b5c | 333 | * mutex to communicate exclusively with PF_KEY |
d24a74c5 | 334 | */ |
3a7f4b5c MW |
335 | mutex_t *mutex; |
336 | ||
337 | /** | |
338 | * condvar to signal if PF_KEY query got a response | |
339 | */ | |
340 | condvar_t *condvar; | |
341 | ||
0745f846 TB |
342 | /** |
343 | * installed routes | |
344 | */ | |
345 | hashtable_t *routes; | |
346 | ||
347 | /** | |
348 | * mutex for routes | |
349 | */ | |
350 | mutex_t *routes_lock; | |
351 | ||
352 | /** | |
353 | * interface changes which may trigger route reinstallation | |
354 | */ | |
355 | hashtable_t *net_changes; | |
356 | ||
357 | /** | |
358 | * mutex for route reinstallation triggers | |
359 | */ | |
360 | mutex_t *net_changes_lock; | |
361 | ||
362 | /** | |
363 | * time of last route reinstallation | |
364 | */ | |
365 | timeval_t last_route_reinstall; | |
366 | ||
3a7f4b5c MW |
367 | /** |
368 | * pid to send PF_ROUTE messages with | |
369 | */ | |
370 | pid_t pid; | |
7daf5226 | 371 | |
d24a74c5 TB |
372 | /** |
373 | * PF_ROUTE socket to communicate with the kernel | |
374 | */ | |
375 | int socket; | |
7daf5226 | 376 | |
d24a74c5 TB |
377 | /** |
378 | * sequence number for messages sent to the kernel | |
379 | */ | |
380 | int seq; | |
7daf5226 | 381 | |
3a7f4b5c MW |
382 | /** |
383 | * Sequence number a query is waiting for | |
384 | */ | |
385 | int waiting_seq; | |
386 | ||
387 | /** | |
388 | * Allocated reply message from kernel | |
389 | */ | |
390 | struct rt_msghdr *reply; | |
391 | ||
d24a74c5 | 392 | /** |
55da01f3 | 393 | * earliest time of the next roam event |
d24a74c5 | 394 | */ |
55da01f3 TB |
395 | timeval_t next_roam; |
396 | ||
397 | /** | |
398 | * roam event due to address change | |
399 | */ | |
400 | bool roam_address; | |
401 | ||
402 | /** | |
403 | * lock to check and update roam event time | |
404 | */ | |
405 | spinlock_t *roam_lock; | |
baa6419e TB |
406 | |
407 | /** | |
408 | * Time in ms to wait for IP addresses to appear/disappear | |
409 | */ | |
410 | int vip_wait; | |
d24a74c5 TB |
411 | }; |
412 | ||
0745f846 TB |
413 | |
414 | /** | |
415 | * Forward declaration | |
416 | */ | |
417 | static status_t manage_route(private_kernel_pfroute_net_t *this, int op, | |
418 | chunk_t dst_net, u_int8_t prefixlen, | |
419 | host_t *gateway, char *if_name); | |
420 | ||
421 | /** | |
422 | * Clear the queued network changes. | |
423 | */ | |
424 | static void net_changes_clear(private_kernel_pfroute_net_t *this) | |
425 | { | |
426 | enumerator_t *enumerator; | |
427 | net_change_t *change; | |
428 | ||
429 | enumerator = this->net_changes->create_enumerator(this->net_changes); | |
430 | while (enumerator->enumerate(enumerator, NULL, (void**)&change)) | |
431 | { | |
432 | this->net_changes->remove_at(this->net_changes, enumerator); | |
433 | net_change_destroy(change); | |
434 | } | |
435 | enumerator->destroy(enumerator); | |
436 | } | |
437 | ||
438 | /** | |
439 | * Act upon queued network changes. | |
440 | */ | |
441 | static job_requeue_t reinstall_routes(private_kernel_pfroute_net_t *this) | |
442 | { | |
443 | enumerator_t *enumerator; | |
444 | route_entry_t *route; | |
445 | ||
446 | this->net_changes_lock->lock(this->net_changes_lock); | |
447 | this->routes_lock->lock(this->routes_lock); | |
448 | ||
449 | enumerator = this->routes->create_enumerator(this->routes); | |
450 | while (enumerator->enumerate(enumerator, NULL, (void**)&route)) | |
451 | { | |
452 | net_change_t *change, lookup = { | |
453 | .if_name = route->if_name, | |
454 | }; | |
455 | /* check if a change for the outgoing interface is queued */ | |
456 | change = this->net_changes->get(this->net_changes, &lookup); | |
457 | if (change) | |
458 | { | |
459 | manage_route(this, RTM_ADD, route->dst_net, route->prefixlen, | |
460 | route->gateway, route->if_name); | |
461 | } | |
462 | } | |
463 | enumerator->destroy(enumerator); | |
464 | this->routes_lock->unlock(this->routes_lock); | |
465 | ||
466 | net_changes_clear(this); | |
467 | this->net_changes_lock->unlock(this->net_changes_lock); | |
468 | return JOB_REQUEUE_NONE; | |
469 | } | |
470 | ||
471 | /** | |
472 | * Queue route reinstallation caused by network changes for a given interface. | |
473 | * | |
474 | * The route reinstallation is delayed for a while and only done once for | |
475 | * several calls during this delay, in order to avoid doing it too often. | |
476 | * The interface name is freed. | |
477 | */ | |
478 | static void queue_route_reinstall(private_kernel_pfroute_net_t *this, | |
479 | char *if_name) | |
480 | { | |
481 | net_change_t *update, *found; | |
482 | timeval_t now; | |
483 | job_t *job; | |
484 | ||
485 | INIT(update, | |
486 | .if_name = if_name | |
487 | ); | |
488 | ||
489 | this->net_changes_lock->lock(this->net_changes_lock); | |
490 | found = this->net_changes->put(this->net_changes, update, update); | |
491 | if (found) | |
492 | { | |
493 | net_change_destroy(found); | |
494 | } | |
495 | time_monotonic(&now); | |
496 | if (timercmp(&now, &this->last_route_reinstall, >)) | |
497 | { | |
498 | timeval_add_ms(&now, ROUTE_DELAY); | |
499 | this->last_route_reinstall = now; | |
500 | ||
501 | job = (job_t*)callback_job_create((callback_job_cb_t)reinstall_routes, | |
502 | this, NULL, NULL); | |
503 | lib->scheduler->schedule_job_ms(lib->scheduler, job, ROUTE_DELAY); | |
504 | } | |
505 | this->net_changes_lock->unlock(this->net_changes_lock); | |
506 | } | |
507 | ||
1f97e1aa TB |
508 | /** |
509 | * Add an address map entry | |
510 | */ | |
bfd2cc1c | 511 | static void addr_map_entry_add(private_kernel_pfroute_net_t *this, |
1f97e1aa TB |
512 | addr_entry_t *addr, iface_entry_t *iface) |
513 | { | |
514 | addr_map_entry_t *entry; | |
515 | ||
1f97e1aa TB |
516 | INIT(entry, |
517 | .ip = addr->ip, | |
e9c1ca02 | 518 | .addr = addr, |
1f97e1aa TB |
519 | .iface = iface, |
520 | ); | |
521 | entry = this->addrs->put(this->addrs, entry, entry); | |
522 | free(entry); | |
523 | } | |
524 | ||
525 | /** | |
526 | * Remove an address map entry (the argument order is a bit strange because | |
527 | * it is also used with linked_list_t.invoke_function) | |
528 | */ | |
529 | static void addr_map_entry_remove(addr_entry_t *addr, iface_entry_t *iface, | |
bfd2cc1c | 530 | private_kernel_pfroute_net_t *this) |
1f97e1aa TB |
531 | { |
532 | addr_map_entry_t *entry, lookup = { | |
533 | .ip = addr->ip, | |
e9c1ca02 | 534 | .addr = addr, |
1f97e1aa TB |
535 | .iface = iface, |
536 | }; | |
537 | ||
1f97e1aa TB |
538 | entry = this->addrs->remove(this->addrs, &lookup); |
539 | free(entry); | |
540 | } | |
541 | ||
d24a74c5 | 542 | /** |
ba26508d | 543 | * callback function that raises the delayed roam event |
d24a74c5 | 544 | */ |
55da01f3 | 545 | static job_requeue_t roam_event(private_kernel_pfroute_net_t *this) |
ba26508d | 546 | { |
55da01f3 TB |
547 | bool address; |
548 | ||
549 | this->roam_lock->lock(this->roam_lock); | |
550 | address = this->roam_address; | |
551 | this->roam_address = FALSE; | |
552 | this->roam_lock->unlock(this->roam_lock); | |
553 | hydra->kernel_interface->roam(hydra->kernel_interface, address); | |
ba26508d TB |
554 | return JOB_REQUEUE_NONE; |
555 | } | |
556 | ||
557 | /** | |
558 | * fire a roaming event. we delay it for a bit and fire only one event | |
559 | * for multiple calls. otherwise we would create too many events. | |
560 | */ | |
561 | static void fire_roam_event(private_kernel_pfroute_net_t *this, bool address) | |
d24a74c5 | 562 | { |
de578445 | 563 | timeval_t now; |
ba26508d | 564 | job_t *job; |
7daf5226 | 565 | |
de578445 | 566 | time_monotonic(&now); |
55da01f3 TB |
567 | this->roam_lock->lock(this->roam_lock); |
568 | if (!timercmp(&now, &this->next_roam, >)) | |
d24a74c5 | 569 | { |
55da01f3 TB |
570 | this->roam_lock->unlock(this->roam_lock); |
571 | return; | |
d24a74c5 | 572 | } |
55da01f3 TB |
573 | timeval_add_ms(&now, ROAM_DELAY); |
574 | this->next_roam = now; | |
575 | this->roam_address |= address; | |
576 | this->roam_lock->unlock(this->roam_lock); | |
577 | ||
578 | job = (job_t*)callback_job_create((callback_job_cb_t)roam_event, | |
579 | this, NULL, NULL); | |
580 | lib->scheduler->schedule_job_ms(lib->scheduler, job, ROAM_DELAY); | |
d24a74c5 TB |
581 | } |
582 | ||
b1c6b68e MW |
583 | /** |
584 | * Data for enumerator over rtmsg sockaddrs | |
585 | */ | |
586 | typedef struct { | |
587 | /** implements enumerator */ | |
588 | enumerator_t public; | |
589 | /** copy of attribute bitfield */ | |
590 | int types; | |
591 | /** bytes remaining in buffer */ | |
592 | int remaining; | |
593 | /** next sockaddr to enumerate */ | |
594 | struct sockaddr *addr; | |
595 | } rt_enumerator_t; | |
596 | ||
597 | METHOD(enumerator_t, rt_enumerate, bool, | |
598 | rt_enumerator_t *this, int *xtype, struct sockaddr **addr) | |
599 | { | |
600 | int i, type; | |
601 | ||
602 | if (this->remaining < sizeof(this->addr->sa_len) || | |
603 | this->remaining < this->addr->sa_len) | |
604 | { | |
605 | return FALSE; | |
606 | } | |
607 | for (i = 0; i < RTAX_MAX; i++) | |
608 | { | |
609 | type = (1 << i); | |
610 | if (this->types & type) | |
611 | { | |
612 | this->types &= ~type; | |
613 | *addr = this->addr; | |
614 | *xtype = i; | |
aa33d2e6 | 615 | this->remaining -= SA_LEN(this->addr->sa_len); |
4b3fea3d TB |
616 | this->addr = (struct sockaddr*)((char*)this->addr + |
617 | SA_LEN(this->addr->sa_len)); | |
b1c6b68e MW |
618 | return TRUE; |
619 | } | |
620 | } | |
621 | return FALSE; | |
622 | } | |
623 | ||
624 | /** | |
b308a979 | 625 | * Create an enumerator over sockaddrs in rt/if messages |
b1c6b68e | 626 | */ |
b308a979 TB |
627 | static enumerator_t *create_rt_enumerator(int types, int remaining, |
628 | struct sockaddr *addr) | |
b1c6b68e | 629 | { |
b1c6b68e MW |
630 | rt_enumerator_t *this; |
631 | ||
632 | INIT(this, | |
633 | .public = { | |
634 | .enumerate = (void*)_rt_enumerate, | |
635 | .destroy = (void*)free, | |
636 | }, | |
b308a979 TB |
637 | .types = types, |
638 | .remaining = remaining, | |
639 | .addr = addr, | |
b1c6b68e MW |
640 | ); |
641 | return &this->public; | |
642 | } | |
643 | ||
b308a979 TB |
644 | /** |
645 | * Create a safe enumerator over sockaddrs in rt_msghdr | |
646 | */ | |
647 | static enumerator_t *create_rtmsg_enumerator(struct rt_msghdr *hdr) | |
648 | { | |
649 | return create_rt_enumerator(hdr->rtm_addrs, hdr->rtm_msglen - sizeof(*hdr), | |
650 | (struct sockaddr *)(hdr + 1)); | |
651 | } | |
652 | ||
653 | /** | |
654 | * Create a safe enumerator over sockaddrs in ifa_msghdr | |
655 | */ | |
656 | static enumerator_t *create_ifamsg_enumerator(struct ifa_msghdr *hdr) | |
657 | { | |
658 | return create_rt_enumerator(hdr->ifam_addrs, hdr->ifam_msglen - sizeof(*hdr), | |
659 | (struct sockaddr *)(hdr + 1)); | |
660 | } | |
661 | ||
d24a74c5 TB |
662 | /** |
663 | * Process an RTM_*ADDR message from the kernel | |
664 | */ | |
665 | static void process_addr(private_kernel_pfroute_net_t *this, | |
b1c6b68e | 666 | struct ifa_msghdr *ifa) |
d24a74c5 | 667 | { |
b1c6b68e | 668 | struct sockaddr *sockaddr; |
d24a74c5 TB |
669 | host_t *host = NULL; |
670 | enumerator_t *ifaces, *addrs; | |
671 | iface_entry_t *iface; | |
672 | addr_entry_t *addr; | |
673 | bool found = FALSE, changed = FALSE, roam = FALSE; | |
b1c6b68e | 674 | enumerator_t *enumerator; |
0745f846 | 675 | char *ifname = NULL; |
b1c6b68e | 676 | int type; |
7daf5226 | 677 | |
b308a979 | 678 | enumerator = create_ifamsg_enumerator(ifa); |
b1c6b68e | 679 | while (enumerator->enumerate(enumerator, &type, &sockaddr)) |
d24a74c5 | 680 | { |
b1c6b68e | 681 | if (type == RTAX_IFA) |
d24a74c5 | 682 | { |
b1c6b68e MW |
683 | host = host_create_from_sockaddr(sockaddr); |
684 | break; | |
d24a74c5 TB |
685 | } |
686 | } | |
b1c6b68e | 687 | enumerator->destroy(enumerator); |
7daf5226 | 688 | |
fae4d67a | 689 | if (!host || host->is_anyaddr(host)) |
d24a74c5 | 690 | { |
fae4d67a | 691 | DESTROY_IF(host); |
d24a74c5 TB |
692 | return; |
693 | } | |
7daf5226 | 694 | |
bdf36dac | 695 | this->lock->write_lock(this->lock); |
d24a74c5 TB |
696 | ifaces = this->ifaces->create_enumerator(this->ifaces); |
697 | while (ifaces->enumerate(ifaces, &iface)) | |
698 | { | |
699 | if (iface->ifindex == ifa->ifam_index) | |
700 | { | |
701 | addrs = iface->addrs->create_enumerator(iface->addrs); | |
702 | while (addrs->enumerate(addrs, &addr)) | |
703 | { | |
704 | if (host->ip_equals(host, addr->ip)) | |
705 | { | |
706 | found = TRUE; | |
707 | if (ifa->ifam_type == RTM_DELADDR) | |
708 | { | |
709 | iface->addrs->remove_at(iface->addrs, addrs); | |
940e1b0f | 710 | if (!addr->virtual && iface->usable) |
d24a74c5 TB |
711 | { |
712 | changed = TRUE; | |
713 | DBG1(DBG_KNL, "%H disappeared from %s", | |
714 | host, iface->ifname); | |
715 | } | |
1f97e1aa | 716 | addr_map_entry_remove(addr, iface, this); |
d24a74c5 TB |
717 | addr_entry_destroy(addr); |
718 | } | |
d24a74c5 TB |
719 | } |
720 | } | |
721 | addrs->destroy(addrs); | |
7daf5226 | 722 | |
d24a74c5 TB |
723 | if (!found && ifa->ifam_type == RTM_NEWADDR) |
724 | { | |
9650bf3c MW |
725 | INIT(addr, |
726 | .ip = host->clone(host), | |
9650bf3c | 727 | ); |
d24a74c5 | 728 | changed = TRUE; |
0745f846 | 729 | ifname = strdup(iface->ifname); |
d24a74c5 | 730 | iface->addrs->insert_last(iface->addrs, addr); |
1f97e1aa | 731 | addr_map_entry_add(this, addr, iface); |
940e1b0f TB |
732 | if (iface->usable) |
733 | { | |
734 | DBG1(DBG_KNL, "%H appeared on %s", host, iface->ifname); | |
735 | } | |
d24a74c5 | 736 | } |
7daf5226 | 737 | |
940e1b0f | 738 | if (changed && iface_entry_up_and_usable(iface)) |
d24a74c5 TB |
739 | { |
740 | roam = TRUE; | |
741 | } | |
742 | break; | |
743 | } | |
744 | } | |
745 | ifaces->destroy(ifaces); | |
bdf36dac | 746 | this->lock->unlock(this->lock); |
d24a74c5 | 747 | host->destroy(host); |
7daf5226 | 748 | |
0745f846 TB |
749 | if (roam && ifname) |
750 | { | |
751 | queue_route_reinstall(this, ifname); | |
752 | } | |
753 | else | |
754 | { | |
755 | free(ifname); | |
756 | } | |
757 | ||
d24a74c5 TB |
758 | if (roam) |
759 | { | |
ba26508d | 760 | fire_roam_event(this, TRUE); |
d24a74c5 TB |
761 | } |
762 | } | |
763 | ||
6e879a59 MW |
764 | /** |
765 | * Re-initialize address list of an interface if it changes state | |
766 | */ | |
767 | static void repopulate_iface(private_kernel_pfroute_net_t *this, | |
768 | iface_entry_t *iface) | |
769 | { | |
770 | struct ifaddrs *ifap, *ifa; | |
771 | addr_entry_t *addr; | |
772 | ||
773 | while (iface->addrs->remove_last(iface->addrs, (void**)&addr) == SUCCESS) | |
774 | { | |
775 | addr_map_entry_remove(addr, iface, this); | |
776 | addr_entry_destroy(addr); | |
777 | } | |
778 | ||
779 | if (getifaddrs(&ifap) == 0) | |
780 | { | |
781 | for (ifa = ifap; ifa != NULL; ifa = ifa->ifa_next) | |
782 | { | |
783 | if (ifa->ifa_addr && streq(ifa->ifa_name, iface->ifname)) | |
784 | { | |
785 | switch (ifa->ifa_addr->sa_family) | |
786 | { | |
787 | case AF_INET: | |
788 | case AF_INET6: | |
789 | INIT(addr, | |
790 | .ip = host_create_from_sockaddr(ifa->ifa_addr), | |
6e879a59 MW |
791 | ); |
792 | iface->addrs->insert_last(iface->addrs, addr); | |
793 | addr_map_entry_add(this, addr, iface); | |
794 | break; | |
795 | default: | |
796 | break; | |
797 | } | |
798 | } | |
799 | } | |
800 | freeifaddrs(ifap); | |
801 | } | |
802 | } | |
803 | ||
d24a74c5 TB |
804 | /** |
805 | * Process an RTM_IFINFO message from the kernel | |
806 | */ | |
807 | static void process_link(private_kernel_pfroute_net_t *this, | |
b1c6b68e | 808 | struct if_msghdr *msg) |
d24a74c5 | 809 | { |
d24a74c5 TB |
810 | enumerator_t *enumerator; |
811 | iface_entry_t *iface; | |
0745f846 | 812 | bool roam = FALSE, found = FALSE, update_routes = FALSE; |
7daf5226 | 813 | |
bdf36dac | 814 | this->lock->write_lock(this->lock); |
d24a74c5 TB |
815 | enumerator = this->ifaces->create_enumerator(this->ifaces); |
816 | while (enumerator->enumerate(enumerator, &iface)) | |
817 | { | |
818 | if (iface->ifindex == msg->ifm_index) | |
819 | { | |
940e1b0f | 820 | if (iface->usable) |
d24a74c5 | 821 | { |
940e1b0f TB |
822 | if (!(iface->flags & IFF_UP) && (msg->ifm_flags & IFF_UP)) |
823 | { | |
0745f846 | 824 | roam = update_routes = TRUE; |
940e1b0f TB |
825 | DBG1(DBG_KNL, "interface %s activated", iface->ifname); |
826 | } | |
827 | else if ((iface->flags & IFF_UP) && !(msg->ifm_flags & IFF_UP)) | |
828 | { | |
829 | roam = TRUE; | |
830 | DBG1(DBG_KNL, "interface %s deactivated", iface->ifname); | |
831 | } | |
d24a74c5 TB |
832 | } |
833 | iface->flags = msg->ifm_flags; | |
6e879a59 | 834 | repopulate_iface(this, iface); |
0fd409db | 835 | found = TRUE; |
d24a74c5 TB |
836 | break; |
837 | } | |
838 | } | |
839 | enumerator->destroy(enumerator); | |
0fd409db MW |
840 | |
841 | if (!found) | |
842 | { | |
843 | INIT(iface, | |
844 | .ifindex = msg->ifm_index, | |
845 | .flags = msg->ifm_flags, | |
846 | .addrs = linked_list_create(), | |
847 | ); | |
848 | if (if_indextoname(iface->ifindex, iface->ifname)) | |
849 | { | |
850 | DBG1(DBG_KNL, "interface %s appeared", iface->ifname); | |
851 | iface->usable = hydra->kernel_interface->is_interface_usable( | |
852 | hydra->kernel_interface, iface->ifname); | |
6e879a59 | 853 | repopulate_iface(this, iface); |
0fd409db | 854 | this->ifaces->insert_last(this->ifaces, iface); |
7b9c3fb4 TB |
855 | if (iface->usable) |
856 | { | |
0745f846 | 857 | roam = update_routes = TRUE; |
7b9c3fb4 | 858 | } |
0fd409db MW |
859 | } |
860 | else | |
861 | { | |
862 | free(iface); | |
863 | } | |
864 | } | |
bdf36dac | 865 | this->lock->unlock(this->lock); |
7daf5226 | 866 | |
0745f846 TB |
867 | if (update_routes) |
868 | { | |
869 | queue_route_reinstall(this, strdup(iface->ifname)); | |
870 | } | |
871 | ||
d24a74c5 TB |
872 | if (roam) |
873 | { | |
ba26508d | 874 | fire_roam_event(this, TRUE); |
d24a74c5 TB |
875 | } |
876 | } | |
877 | ||
878 | /** | |
879 | * Process an RTM_*ROUTE message from the kernel | |
880 | */ | |
881 | static void process_route(private_kernel_pfroute_net_t *this, | |
882 | struct rt_msghdr *msg) | |
883 | { | |
884 | ||
885 | } | |
886 | ||
887 | /** | |
b1c6b68e | 888 | * Receives PF_ROUTE messages from kernel |
d24a74c5 | 889 | */ |
46666dd3 MW |
890 | static bool receive_events(private_kernel_pfroute_net_t *this, int fd, |
891 | watcher_event_t event) | |
d24a74c5 | 892 | { |
b1c6b68e MW |
893 | struct { |
894 | union { | |
895 | struct rt_msghdr rtm; | |
896 | struct if_msghdr ifm; | |
897 | struct ifa_msghdr ifam; | |
898 | }; | |
899 | char buf[sizeof(struct sockaddr_storage) * RTAX_MAX]; | |
900 | } msg; | |
901 | int len, hdrlen; | |
7daf5226 | 902 | |
46666dd3 | 903 | len = recv(this->socket, &msg, sizeof(msg), MSG_DONTWAIT); |
d24a74c5 TB |
904 | if (len < 0) |
905 | { | |
906 | switch (errno) | |
907 | { | |
908 | case EINTR: | |
d24a74c5 | 909 | case EAGAIN: |
46666dd3 | 910 | return TRUE; |
d24a74c5 TB |
911 | default: |
912 | DBG1(DBG_KNL, "unable to receive from PF_ROUTE event socket"); | |
913 | sleep(1); | |
46666dd3 | 914 | return TRUE; |
d24a74c5 TB |
915 | } |
916 | } | |
7daf5226 | 917 | |
b1c6b68e | 918 | if (len < offsetof(struct rt_msghdr, rtm_flags) || len < msg.rtm.rtm_msglen) |
d24a74c5 | 919 | { |
b1c6b68e | 920 | DBG1(DBG_KNL, "received invalid PF_ROUTE message"); |
46666dd3 | 921 | return TRUE; |
d24a74c5 | 922 | } |
b1c6b68e MW |
923 | if (msg.rtm.rtm_version != RTM_VERSION) |
924 | { | |
925 | DBG1(DBG_KNL, "received PF_ROUTE message with unsupported version: %d", | |
926 | msg.rtm.rtm_version); | |
46666dd3 | 927 | return TRUE; |
b1c6b68e MW |
928 | } |
929 | switch (msg.rtm.rtm_type) | |
d24a74c5 TB |
930 | { |
931 | case RTM_NEWADDR: | |
932 | case RTM_DELADDR: | |
b1c6b68e | 933 | hdrlen = sizeof(msg.ifam); |
d24a74c5 TB |
934 | break; |
935 | case RTM_IFINFO: | |
b1c6b68e | 936 | hdrlen = sizeof(msg.ifm); |
d24a74c5 TB |
937 | break; |
938 | case RTM_ADD: | |
939 | case RTM_DELETE: | |
b1c6b68e MW |
940 | case RTM_GET: |
941 | hdrlen = sizeof(msg.rtm); | |
942 | break; | |
943 | default: | |
46666dd3 | 944 | return TRUE; |
b1c6b68e MW |
945 | } |
946 | if (msg.rtm.rtm_msglen < hdrlen) | |
947 | { | |
948 | DBG1(DBG_KNL, "ignoring short PF_ROUTE message"); | |
46666dd3 | 949 | return TRUE; |
b1c6b68e MW |
950 | } |
951 | switch (msg.rtm.rtm_type) | |
952 | { | |
953 | case RTM_NEWADDR: | |
954 | case RTM_DELADDR: | |
955 | process_addr(this, &msg.ifam); | |
956 | break; | |
957 | case RTM_IFINFO: | |
958 | process_link(this, &msg.ifm); | |
959 | break; | |
960 | case RTM_ADD: | |
961 | case RTM_DELETE: | |
962 | process_route(this, &msg.rtm); | |
963 | break; | |
d24a74c5 TB |
964 | default: |
965 | break; | |
966 | } | |
3a7f4b5c MW |
967 | |
968 | this->mutex->lock(this->mutex); | |
969 | if (msg.rtm.rtm_pid == this->pid && msg.rtm.rtm_seq == this->waiting_seq) | |
970 | { | |
971 | /* seems like the message someone is waiting for, deliver */ | |
972 | this->reply = realloc(this->reply, msg.rtm.rtm_msglen); | |
973 | memcpy(this->reply, &msg, msg.rtm.rtm_msglen); | |
3a7f4b5c | 974 | } |
2a2d7a4d | 975 | /* signal on any event, add_ip()/del_ip() might wait for it */ |
c9a323c1 | 976 | this->condvar->broadcast(this->condvar); |
3a7f4b5c MW |
977 | this->mutex->unlock(this->mutex); |
978 | ||
46666dd3 | 979 | return TRUE; |
d24a74c5 TB |
980 | } |
981 | ||
982 | ||
983 | /** enumerator over addresses */ | |
984 | typedef struct { | |
985 | private_kernel_pfroute_net_t* this; | |
4106aea8 | 986 | /** which addresses to enumerate */ |
bfd2cc1c | 987 | kernel_address_type_t which; |
d24a74c5 TB |
988 | } address_enumerator_t; |
989 | ||
990 | /** | |
991 | * cleanup function for address enumerator | |
992 | */ | |
993 | static void address_enumerator_destroy(address_enumerator_t *data) | |
994 | { | |
bdf36dac | 995 | data->this->lock->unlock(data->this->lock); |
d24a74c5 TB |
996 | free(data); |
997 | } | |
998 | ||
999 | /** | |
1000 | * filter for addresses | |
1001 | */ | |
e131f117 MW |
1002 | static bool filter_addresses(address_enumerator_t *data, |
1003 | addr_entry_t** in, host_t** out) | |
d24a74c5 TB |
1004 | { |
1005 | host_t *ip; | |
4106aea8 | 1006 | if (!(data->which & ADDR_TYPE_VIRTUAL) && (*in)->virtual) |
d24a74c5 | 1007 | { /* skip virtual interfaces added by us */ |
1a2a8bff MW |
1008 | return FALSE; |
1009 | } | |
1010 | if (!(data->which & ADDR_TYPE_REGULAR) && !(*in)->virtual) | |
1011 | { /* address is regular, but not requested */ | |
d24a74c5 TB |
1012 | return FALSE; |
1013 | } | |
1014 | ip = (*in)->ip; | |
1015 | if (ip->get_family(ip) == AF_INET6) | |
1016 | { | |
1017 | struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)ip->get_sockaddr(ip); | |
1018 | if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) | |
1019 | { /* skip addresses with a unusable scope */ | |
1020 | return FALSE; | |
1021 | } | |
1022 | } | |
1023 | *out = ip; | |
1024 | return TRUE; | |
1025 | } | |
1026 | ||
1027 | /** | |
1028 | * enumerator constructor for interfaces | |
1029 | */ | |
e131f117 MW |
1030 | static enumerator_t *create_iface_enumerator(iface_entry_t *iface, |
1031 | address_enumerator_t *data) | |
d24a74c5 TB |
1032 | { |
1033 | return enumerator_create_filter(iface->addrs->create_enumerator(iface->addrs), | |
1034 | (void*)filter_addresses, data, NULL); | |
1035 | } | |
1036 | ||
1037 | /** | |
1038 | * filter for interfaces | |
1039 | */ | |
e131f117 MW |
1040 | static bool filter_interfaces(address_enumerator_t *data, iface_entry_t** in, |
1041 | iface_entry_t** out) | |
d24a74c5 | 1042 | { |
4106aea8 | 1043 | if (!(data->which & ADDR_TYPE_IGNORED) && !(*in)->usable) |
940e1b0f TB |
1044 | { /* skip interfaces excluded by config */ |
1045 | return FALSE; | |
1046 | } | |
4106aea8 | 1047 | if (!(data->which & ADDR_TYPE_LOOPBACK) && ((*in)->flags & IFF_LOOPBACK)) |
aed33805 TB |
1048 | { /* ignore loopback devices */ |
1049 | return FALSE; | |
1050 | } | |
4106aea8 TB |
1051 | if (!(data->which & ADDR_TYPE_DOWN) && !((*in)->flags & IFF_UP)) |
1052 | { /* skip interfaces not up */ | |
d24a74c5 TB |
1053 | return FALSE; |
1054 | } | |
1055 | *out = *in; | |
1056 | return TRUE; | |
1057 | } | |
1058 | ||
e131f117 | 1059 | METHOD(kernel_net_t, create_address_enumerator, enumerator_t*, |
bfd2cc1c | 1060 | private_kernel_pfroute_net_t *this, kernel_address_type_t which) |
d24a74c5 | 1061 | { |
9650bf3c MW |
1062 | address_enumerator_t *data; |
1063 | ||
1064 | INIT(data, | |
1065 | .this = this, | |
1066 | .which = which, | |
1067 | ); | |
d24a74c5 | 1068 | |
bdf36dac | 1069 | this->lock->read_lock(this->lock); |
d24a74c5 | 1070 | return enumerator_create_nested( |
e131f117 MW |
1071 | enumerator_create_filter( |
1072 | this->ifaces->create_enumerator(this->ifaces), | |
1073 | (void*)filter_interfaces, data, NULL), | |
1074 | (void*)create_iface_enumerator, data, | |
1075 | (void*)address_enumerator_destroy); | |
d24a74c5 TB |
1076 | } |
1077 | ||
580b768d MW |
1078 | METHOD(kernel_net_t, get_features, kernel_feature_t, |
1079 | private_kernel_pfroute_net_t *this) | |
1080 | { | |
1081 | return KERNEL_REQUIRE_EXCLUDE_ROUTE; | |
1082 | } | |
1083 | ||
9ba36c0f TB |
1084 | METHOD(kernel_net_t, get_interface_name, bool, |
1085 | private_kernel_pfroute_net_t *this, host_t* ip, char **name) | |
d24a74c5 | 1086 | { |
1f97e1aa TB |
1087 | addr_map_entry_t *entry, lookup = { |
1088 | .ip = ip, | |
1089 | }; | |
d24a74c5 | 1090 | |
645d7a5e TB |
1091 | if (ip->is_anyaddr(ip)) |
1092 | { | |
1093 | return FALSE; | |
1094 | } | |
bdf36dac | 1095 | this->lock->read_lock(this->lock); |
1f97e1aa TB |
1096 | /* first try to find it on an up and usable interface */ |
1097 | entry = this->addrs->get_match(this->addrs, &lookup, | |
1098 | (void*)addr_map_entry_match_up_and_usable); | |
1099 | if (entry) | |
d24a74c5 | 1100 | { |
1f97e1aa | 1101 | if (name) |
940e1b0f | 1102 | { |
1f97e1aa | 1103 | *name = strdup(entry->iface->ifname); |
940e1b0f TB |
1104 | DBG2(DBG_KNL, "%H is on interface %s", ip, *name); |
1105 | } | |
bdf36dac | 1106 | this->lock->unlock(this->lock); |
1f97e1aa | 1107 | return TRUE; |
d24a74c5 | 1108 | } |
5310f485 TB |
1109 | /* check if it is a virtual IP */ |
1110 | entry = this->addrs->get_match(this->addrs, &lookup, | |
1111 | (void*)addr_map_entry_match_virtual); | |
1112 | if (entry) | |
1113 | { | |
1114 | if (name) | |
1115 | { | |
1116 | *name = strdup(entry->iface->ifname); | |
1117 | DBG2(DBG_KNL, "virtual IP %H is on interface %s", ip, *name); | |
1118 | } | |
1119 | this->lock->unlock(this->lock); | |
1120 | return TRUE; | |
1121 | } | |
1f97e1aa TB |
1122 | /* maybe it is installed on an ignored interface */ |
1123 | entry = this->addrs->get_match(this->addrs, &lookup, | |
1124 | (void*)addr_map_entry_match_up); | |
1125 | if (!entry) | |
1126 | { /* the address does not exist, is on a down interface */ | |
1127 | DBG2(DBG_KNL, "%H is not a local address or the interface is down", ip); | |
1128 | } | |
bdf36dac | 1129 | this->lock->unlock(this->lock); |
1f97e1aa | 1130 | return FALSE; |
d24a74c5 TB |
1131 | } |
1132 | ||
e131f117 | 1133 | METHOD(kernel_net_t, add_ip, status_t, |
2a2d7a4d | 1134 | private_kernel_pfroute_net_t *this, host_t *vip, int prefix, |
77b6f196 | 1135 | char *ifname) |
d24a74c5 | 1136 | { |
77b6f196 MW |
1137 | enumerator_t *ifaces, *addrs; |
1138 | iface_entry_t *iface; | |
1139 | addr_entry_t *addr; | |
2a2d7a4d MW |
1140 | tun_device_t *tun; |
1141 | bool timeout = FALSE; | |
1142 | ||
1143 | tun = tun_device_create(NULL); | |
1144 | if (!tun) | |
1145 | { | |
1146 | return FAILED; | |
1147 | } | |
1148 | if (prefix == -1) | |
1149 | { | |
1150 | prefix = vip->get_address(vip).len * 8; | |
1151 | } | |
93e4df37 | 1152 | if (!tun->up(tun) || !tun->set_address(tun, vip, prefix)) |
2a2d7a4d MW |
1153 | { |
1154 | tun->destroy(tun); | |
1155 | return FAILED; | |
1156 | } | |
1157 | ||
1158 | /* wait until address appears */ | |
1159 | this->mutex->lock(this->mutex); | |
1160 | while (!timeout && !get_interface_name(this, vip, NULL)) | |
1161 | { | |
baa6419e TB |
1162 | timeout = this->condvar->timed_wait(this->condvar, this->mutex, |
1163 | this->vip_wait); | |
2a2d7a4d MW |
1164 | } |
1165 | this->mutex->unlock(this->mutex); | |
1166 | if (timeout) | |
1167 | { | |
1168 | DBG1(DBG_KNL, "virtual IP %H did not appear on %s", | |
1169 | vip, tun->get_name(tun)); | |
1170 | tun->destroy(tun); | |
1171 | return FAILED; | |
1172 | } | |
1173 | ||
1174 | this->lock->write_lock(this->lock); | |
1175 | this->tuns->insert_last(this->tuns, tun); | |
77b6f196 MW |
1176 | |
1177 | ifaces = this->ifaces->create_enumerator(this->ifaces); | |
1178 | while (ifaces->enumerate(ifaces, &iface)) | |
1179 | { | |
1180 | if (streq(iface->ifname, tun->get_name(tun))) | |
1181 | { | |
1182 | addrs = iface->addrs->create_enumerator(iface->addrs); | |
1183 | while (addrs->enumerate(addrs, &addr)) | |
1184 | { | |
1185 | if (addr->ip->ip_equals(addr->ip, vip)) | |
1186 | { | |
1187 | addr->virtual = TRUE; | |
77b6f196 MW |
1188 | } |
1189 | } | |
1190 | addrs->destroy(addrs); | |
0745f846 TB |
1191 | /* during IKEv1 reauthentication, children get moved from |
1192 | * old the new SA before the virtual IP is available. This | |
1193 | * kills the route for our virtual IP, reinstall. */ | |
1194 | queue_route_reinstall(this, strdup(iface->ifname)); | |
1195 | break; | |
77b6f196 MW |
1196 | } |
1197 | } | |
1198 | ifaces->destroy(ifaces); | |
554c4276 | 1199 | /* lets do this while holding the lock, thus preventing another thread |
0745f846 | 1200 | * from deleting the TUN device concurrently, hopefully listeners are quick |
554c4276 TB |
1201 | * and cause no deadlocks */ |
1202 | hydra->kernel_interface->tun(hydra->kernel_interface, tun, TRUE); | |
2a2d7a4d MW |
1203 | this->lock->unlock(this->lock); |
1204 | ||
1205 | return SUCCESS; | |
d24a74c5 TB |
1206 | } |
1207 | ||
e131f117 | 1208 | METHOD(kernel_net_t, del_ip, status_t, |
2a2d7a4d | 1209 | private_kernel_pfroute_net_t *this, host_t *vip, int prefix, |
d88597f0 | 1210 | bool wait) |
d24a74c5 | 1211 | { |
2a2d7a4d MW |
1212 | enumerator_t *enumerator; |
1213 | tun_device_t *tun; | |
1214 | host_t *addr; | |
1215 | bool timeout = FALSE, found = FALSE; | |
1216 | ||
1217 | this->lock->write_lock(this->lock); | |
1218 | enumerator = this->tuns->create_enumerator(this->tuns); | |
1219 | while (enumerator->enumerate(enumerator, &tun)) | |
1220 | { | |
1221 | addr = tun->get_address(tun, NULL); | |
1222 | if (addr && addr->ip_equals(addr, vip)) | |
1223 | { | |
1224 | this->tuns->remove_at(this->tuns, enumerator); | |
554c4276 TB |
1225 | hydra->kernel_interface->tun(hydra->kernel_interface, tun, |
1226 | FALSE); | |
2a2d7a4d MW |
1227 | tun->destroy(tun); |
1228 | found = TRUE; | |
1229 | break; | |
1230 | } | |
1231 | } | |
1232 | enumerator->destroy(enumerator); | |
1233 | this->lock->unlock(this->lock); | |
1234 | ||
1235 | if (!found) | |
1236 | { | |
1237 | return NOT_FOUND; | |
1238 | } | |
1239 | /* wait until address disappears */ | |
1240 | if (wait) | |
1241 | { | |
1242 | this->mutex->lock(this->mutex); | |
1243 | while (!timeout && get_interface_name(this, vip, NULL)) | |
1244 | { | |
baa6419e TB |
1245 | timeout = this->condvar->timed_wait(this->condvar, this->mutex, |
1246 | this->vip_wait); | |
2a2d7a4d MW |
1247 | } |
1248 | this->mutex->unlock(this->mutex); | |
1249 | if (timeout) | |
1250 | { | |
1251 | DBG1(DBG_KNL, "virtual IP %H did not disappear from tun", vip); | |
1252 | return FAILED; | |
1253 | } | |
1254 | } | |
1255 | return SUCCESS; | |
d24a74c5 TB |
1256 | } |
1257 | ||
272bcac8 MW |
1258 | /** |
1259 | * Append a sockaddr_in/in6 of given type to routing message | |
1260 | */ | |
1261 | static void add_rt_addr(struct rt_msghdr *hdr, int type, host_t *addr) | |
1262 | { | |
1263 | if (addr) | |
1264 | { | |
1265 | int len; | |
1266 | ||
1267 | len = *addr->get_sockaddr_len(addr); | |
1268 | memcpy((char*)hdr + hdr->rtm_msglen, addr->get_sockaddr(addr), len); | |
aa33d2e6 | 1269 | hdr->rtm_msglen += SA_LEN(len); |
272bcac8 MW |
1270 | hdr->rtm_addrs |= type; |
1271 | } | |
1272 | } | |
1273 | ||
1274 | /** | |
1275 | * Append a subnet mask sockaddr using the given prefix to routing message | |
1276 | */ | |
1277 | static void add_rt_mask(struct rt_msghdr *hdr, int type, int family, int prefix) | |
1278 | { | |
1279 | host_t *mask; | |
1280 | ||
1281 | mask = host_create_netmask(family, prefix); | |
1282 | if (mask) | |
1283 | { | |
1284 | add_rt_addr(hdr, type, mask); | |
1285 | mask->destroy(mask); | |
1286 | } | |
1287 | } | |
1288 | ||
1289 | /** | |
1290 | * Append an interface name sockaddr_dl to routing message | |
1291 | */ | |
1292 | static void add_rt_ifname(struct rt_msghdr *hdr, int type, char *name) | |
1293 | { | |
1294 | struct sockaddr_dl sdl = { | |
1295 | .sdl_len = sizeof(struct sockaddr_dl), | |
1296 | .sdl_family = AF_LINK, | |
1297 | .sdl_nlen = strlen(name), | |
1298 | }; | |
1299 | ||
1300 | if (strlen(name) <= sizeof(sdl.sdl_data)) | |
1301 | { | |
1302 | memcpy(sdl.sdl_data, name, sdl.sdl_nlen); | |
1303 | memcpy((char*)hdr + hdr->rtm_msglen, &sdl, sdl.sdl_len); | |
aa33d2e6 | 1304 | hdr->rtm_msglen += SA_LEN(sdl.sdl_len); |
272bcac8 MW |
1305 | hdr->rtm_addrs |= type; |
1306 | } | |
1307 | } | |
1308 | ||
1309 | /** | |
1310 | * Add or remove a route | |
1311 | */ | |
1312 | static status_t manage_route(private_kernel_pfroute_net_t *this, int op, | |
1313 | chunk_t dst_net, u_int8_t prefixlen, | |
1314 | host_t *gateway, char *if_name) | |
1315 | { | |
1316 | struct { | |
1317 | struct rt_msghdr hdr; | |
1318 | char buf[sizeof(struct sockaddr_storage) * RTAX_MAX]; | |
1319 | } msg = { | |
1320 | .hdr = { | |
1321 | .rtm_version = RTM_VERSION, | |
1322 | .rtm_type = op, | |
1323 | .rtm_flags = RTF_UP | RTF_STATIC, | |
1324 | .rtm_pid = this->pid, | |
e50b2053 | 1325 | .rtm_seq = ref_get(&this->seq), |
272bcac8 MW |
1326 | }, |
1327 | }; | |
1328 | host_t *dst; | |
1329 | int type; | |
1330 | ||
12178303 MW |
1331 | if (prefixlen == 0 && dst_net.len) |
1332 | { | |
1333 | status_t status; | |
1334 | chunk_t half; | |
1335 | ||
1336 | half = chunk_clonea(dst_net); | |
1337 | half.ptr[0] |= 0x80; | |
1338 | prefixlen = 1; | |
1339 | status = manage_route(this, op, half, prefixlen, gateway, if_name); | |
1340 | if (status != SUCCESS) | |
1341 | { | |
1342 | return status; | |
1343 | } | |
1344 | } | |
1345 | ||
272bcac8 MW |
1346 | dst = host_create_from_chunk(AF_UNSPEC, dst_net, 0); |
1347 | if (!dst) | |
1348 | { | |
1349 | return FAILED; | |
1350 | } | |
1351 | ||
1352 | if ((dst->get_family(dst) == AF_INET && prefixlen == 32) || | |
1353 | (dst->get_family(dst) == AF_INET6 && prefixlen == 128)) | |
1354 | { | |
1355 | msg.hdr.rtm_flags |= RTF_HOST | RTF_GATEWAY; | |
1356 | } | |
1357 | ||
1358 | msg.hdr.rtm_msglen = sizeof(struct rt_msghdr); | |
1359 | for (type = 0; type < RTAX_MAX; type++) | |
1360 | { | |
1361 | switch (type) | |
1362 | { | |
1363 | case RTAX_DST: | |
1364 | add_rt_addr(&msg.hdr, RTA_DST, dst); | |
1365 | break; | |
1366 | case RTAX_NETMASK: | |
1367 | if (!(msg.hdr.rtm_flags & RTF_HOST)) | |
1368 | { | |
1369 | add_rt_mask(&msg.hdr, RTA_NETMASK, | |
1370 | dst->get_family(dst), prefixlen); | |
1371 | } | |
1372 | break; | |
f58f8bf4 | 1373 | case RTAX_IFP: |
272bcac8 MW |
1374 | if (if_name) |
1375 | { | |
f58f8bf4 | 1376 | add_rt_ifname(&msg.hdr, RTA_IFP, if_name); |
272bcac8 | 1377 | } |
f58f8bf4 TB |
1378 | break; |
1379 | case RTAX_GATEWAY: | |
1380 | if (gateway) | |
272bcac8 MW |
1381 | { |
1382 | add_rt_addr(&msg.hdr, RTA_GATEWAY, gateway); | |
1383 | } | |
1384 | break; | |
1385 | default: | |
1386 | break; | |
1387 | } | |
1388 | } | |
1389 | dst->destroy(dst); | |
1390 | ||
1391 | if (send(this->socket, &msg, msg.hdr.rtm_msglen, 0) != msg.hdr.rtm_msglen) | |
1392 | { | |
527663d6 TB |
1393 | if (errno == EEXIST) |
1394 | { | |
1395 | return ALREADY_DONE; | |
1396 | } | |
272bcac8 MW |
1397 | DBG1(DBG_KNL, "%s PF_ROUTE route failed: %s", |
1398 | op == RTM_ADD ? "adding" : "deleting", strerror(errno)); | |
1399 | return FAILED; | |
1400 | } | |
1401 | return SUCCESS; | |
1402 | } | |
1403 | ||
e131f117 MW |
1404 | METHOD(kernel_net_t, add_route, status_t, |
1405 | private_kernel_pfroute_net_t *this, chunk_t dst_net, u_int8_t prefixlen, | |
1406 | host_t *gateway, host_t *src_ip, char *if_name) | |
d24a74c5 | 1407 | { |
0745f846 TB |
1408 | status_t status; |
1409 | route_entry_t *found, route = { | |
1410 | .dst_net = dst_net, | |
1411 | .prefixlen = prefixlen, | |
1412 | .gateway = gateway, | |
1413 | .if_name = if_name, | |
1414 | }; | |
1415 | ||
1416 | this->routes_lock->lock(this->routes_lock); | |
1417 | found = this->routes->get(this->routes, &route); | |
1418 | if (found) | |
1419 | { | |
1420 | this->routes_lock->unlock(this->routes_lock); | |
1421 | return ALREADY_DONE; | |
1422 | } | |
1423 | found = route_entry_clone(&route); | |
1424 | this->routes->put(this->routes, found, found); | |
1425 | status = manage_route(this, RTM_ADD, dst_net, prefixlen, gateway, if_name); | |
1426 | this->routes_lock->unlock(this->routes_lock); | |
1427 | return status; | |
d24a74c5 TB |
1428 | } |
1429 | ||
e131f117 MW |
1430 | METHOD(kernel_net_t, del_route, status_t, |
1431 | private_kernel_pfroute_net_t *this, chunk_t dst_net, u_int8_t prefixlen, | |
1432 | host_t *gateway, host_t *src_ip, char *if_name) | |
d24a74c5 | 1433 | { |
0745f846 TB |
1434 | status_t status; |
1435 | route_entry_t *found, route = { | |
1436 | .dst_net = dst_net, | |
1437 | .prefixlen = prefixlen, | |
1438 | .gateway = gateway, | |
1439 | .if_name = if_name, | |
1440 | }; | |
1441 | ||
1442 | this->routes_lock->lock(this->routes_lock); | |
1443 | found = this->routes->get(this->routes, &route); | |
1444 | if (!found) | |
1445 | { | |
1446 | this->routes_lock->unlock(this->routes_lock); | |
1447 | return NOT_FOUND; | |
1448 | } | |
1449 | this->routes->remove(this->routes, found); | |
1450 | route_entry_destroy(found); | |
1451 | status = manage_route(this, RTM_DELETE, dst_net, prefixlen, gateway, | |
1452 | if_name); | |
1453 | this->routes_lock->unlock(this->routes_lock); | |
1454 | return status; | |
d24a74c5 TB |
1455 | } |
1456 | ||
d6c17e96 TB |
1457 | /** |
1458 | * Do a route lookup for dest and return either the nexthop or the source | |
1459 | * address. | |
1460 | */ | |
1461 | static host_t *get_route(private_kernel_pfroute_net_t *this, bool nexthop, | |
1462 | host_t *dest, host_t *src) | |
9bc342ea MW |
1463 | { |
1464 | struct { | |
1465 | struct rt_msghdr hdr; | |
1466 | char buf[sizeof(struct sockaddr_storage) * RTAX_MAX]; | |
1467 | } msg = { | |
1468 | .hdr = { | |
1469 | .rtm_version = RTM_VERSION, | |
1470 | .rtm_type = RTM_GET, | |
1471 | .rtm_pid = this->pid, | |
e50b2053 | 1472 | .rtm_seq = ref_get(&this->seq), |
9bc342ea MW |
1473 | }, |
1474 | }; | |
12488efa | 1475 | host_t *host = NULL; |
9bc342ea MW |
1476 | enumerator_t *enumerator; |
1477 | struct sockaddr *addr; | |
dc8b083d | 1478 | bool failed = FALSE; |
9bc342ea MW |
1479 | int type; |
1480 | ||
dc8b083d | 1481 | retry: |
9bc342ea MW |
1482 | msg.hdr.rtm_msglen = sizeof(struct rt_msghdr); |
1483 | for (type = 0; type < RTAX_MAX; type++) | |
1484 | { | |
1485 | switch (type) | |
1486 | { | |
1487 | case RTAX_DST: | |
1488 | add_rt_addr(&msg.hdr, RTA_DST, dest); | |
1489 | break; | |
1490 | case RTAX_IFA: | |
1491 | add_rt_addr(&msg.hdr, RTA_IFA, src); | |
1492 | break; | |
1c697ff1 TB |
1493 | case RTAX_IFP: |
1494 | if (!nexthop) | |
1495 | { /* add an empty IFP to ensure we get a source address */ | |
1496 | add_rt_ifname(&msg.hdr, RTA_IFP, ""); | |
1497 | } | |
1498 | break; | |
9bc342ea MW |
1499 | default: |
1500 | break; | |
1501 | } | |
1502 | } | |
1503 | this->mutex->lock(this->mutex); | |
1504 | ||
c9a323c1 MW |
1505 | while (this->waiting_seq) |
1506 | { | |
1507 | this->condvar->wait(this->condvar, this->mutex); | |
1508 | } | |
9bc342ea MW |
1509 | this->waiting_seq = msg.hdr.rtm_seq; |
1510 | if (send(this->socket, &msg, msg.hdr.rtm_msglen, 0) == msg.hdr.rtm_msglen) | |
1511 | { | |
1512 | while (TRUE) | |
1513 | { | |
1514 | if (this->condvar->timed_wait(this->condvar, this->mutex, 1000)) | |
1515 | { /* timed out? */ | |
1516 | break; | |
1517 | } | |
1518 | if (this->reply->rtm_msglen < sizeof(*this->reply) || | |
1519 | msg.hdr.rtm_seq != this->reply->rtm_seq) | |
1520 | { | |
1521 | continue; | |
1522 | } | |
b308a979 | 1523 | enumerator = create_rtmsg_enumerator(this->reply); |
9bc342ea MW |
1524 | while (enumerator->enumerate(enumerator, &type, &addr)) |
1525 | { | |
12488efa | 1526 | if (nexthop) |
b0629f7d | 1527 | { |
12488efa TB |
1528 | if (type == RTAX_DST && this->reply->rtm_flags & RTF_HOST) |
1529 | { /* probably a cloned/cached direct route, only use that | |
1530 | * as fallback if no gateway is found */ | |
1531 | host = host ?: host_create_from_sockaddr(addr); | |
1532 | } | |
1533 | if (type == RTAX_GATEWAY) | |
1534 | { /* could actually be a MAC address */ | |
1535 | host_t *gtw = host_create_from_sockaddr(addr); | |
1536 | if (gtw) | |
1537 | { | |
1538 | DESTROY_IF(host); | |
1539 | host = gtw; | |
1540 | } | |
1541 | } | |
34b0ad06 | 1542 | } |
12488efa | 1543 | else |
d6c17e96 | 1544 | { |
12488efa | 1545 | if (type == RTAX_IFA) |
b0629f7d | 1546 | { |
12488efa | 1547 | host = host_create_from_sockaddr(addr); |
b0629f7d | 1548 | } |
9bc342ea MW |
1549 | } |
1550 | } | |
1551 | enumerator->destroy(enumerator); | |
1552 | break; | |
1553 | } | |
1554 | } | |
1555 | else | |
1556 | { | |
dc8b083d | 1557 | failed = TRUE; |
9bc342ea | 1558 | } |
c9a323c1 MW |
1559 | /* signal completion of query to a waiting thread */ |
1560 | this->waiting_seq = 0; | |
1561 | this->condvar->signal(this->condvar); | |
9bc342ea MW |
1562 | this->mutex->unlock(this->mutex); |
1563 | ||
dc8b083d TB |
1564 | if (failed) |
1565 | { | |
1566 | if (src) | |
1567 | { /* the given source address might be gone, try again without */ | |
1568 | src = NULL; | |
e50b2053 | 1569 | msg.hdr.rtm_seq = ref_get(&this->seq); |
dc8b083d TB |
1570 | msg.hdr.rtm_addrs = 0; |
1571 | memset(msg.buf, sizeof(msg.buf), 0); | |
1572 | goto retry; | |
1573 | } | |
1574 | DBG1(DBG_KNL, "PF_ROUTE lookup failed: %s", strerror(errno)); | |
1575 | } | |
cb082d15 | 1576 | if (!host) |
b0629f7d | 1577 | { |
cb082d15 TB |
1578 | return NULL; |
1579 | } | |
1580 | if (!nexthop) | |
1581 | { /* make sure the source address is not virtual and usable */ | |
1582 | addr_entry_t *entry, lookup = { | |
1583 | .ip = host, | |
1584 | }; | |
1585 | ||
1586 | this->lock->read_lock(this->lock); | |
1587 | entry = this->addrs->get_match(this->addrs, &lookup, | |
1588 | (void*)addr_map_entry_match_up_and_usable); | |
1589 | this->lock->unlock(this->lock); | |
1590 | if (!entry) | |
1591 | { | |
1592 | host->destroy(host); | |
1593 | return NULL; | |
1594 | } | |
b0629f7d | 1595 | } |
cb082d15 TB |
1596 | DBG2(DBG_KNL, "using %H as %s to reach %H", host, |
1597 | nexthop ? "nexthop" : "address", dest); | |
d6c17e96 TB |
1598 | return host; |
1599 | } | |
1600 | ||
1601 | METHOD(kernel_net_t, get_source_addr, host_t*, | |
1602 | private_kernel_pfroute_net_t *this, host_t *dest, host_t *src) | |
1603 | { | |
1604 | return get_route(this, FALSE, dest, src); | |
1605 | } | |
1606 | ||
1607 | METHOD(kernel_net_t, get_nexthop, host_t*, | |
1608 | private_kernel_pfroute_net_t *this, host_t *dest, host_t *src) | |
1609 | { | |
1610 | return get_route(this, TRUE, dest, src); | |
9bc342ea MW |
1611 | } |
1612 | ||
d24a74c5 TB |
1613 | /** |
1614 | * Initialize a list of local addresses. | |
1615 | */ | |
1616 | static status_t init_address_list(private_kernel_pfroute_net_t *this) | |
1617 | { | |
1618 | struct ifaddrs *ifap, *ifa; | |
1619 | iface_entry_t *iface, *current; | |
1620 | addr_entry_t *addr; | |
1621 | enumerator_t *ifaces, *addrs; | |
7daf5226 | 1622 | |
31a0e24b | 1623 | DBG2(DBG_KNL, "known interfaces and IP addresses:"); |
7daf5226 | 1624 | |
d24a74c5 TB |
1625 | if (getifaddrs(&ifap) < 0) |
1626 | { | |
1627 | DBG1(DBG_KNL, " failed to get interfaces!"); | |
1628 | return FAILED; | |
1629 | } | |
7daf5226 | 1630 | |
d24a74c5 TB |
1631 | for (ifa = ifap; ifa != NULL; ifa = ifa->ifa_next) |
1632 | { | |
1633 | if (ifa->ifa_addr == NULL) | |
1634 | { | |
1635 | continue; | |
1636 | } | |
1637 | switch(ifa->ifa_addr->sa_family) | |
1638 | { | |
1639 | case AF_LINK: | |
1640 | case AF_INET: | |
1641 | case AF_INET6: | |
1642 | { | |
d24a74c5 TB |
1643 | iface = NULL; |
1644 | ifaces = this->ifaces->create_enumerator(this->ifaces); | |
1645 | while (ifaces->enumerate(ifaces, ¤t)) | |
1646 | { | |
1647 | if (streq(current->ifname, ifa->ifa_name)) | |
1648 | { | |
1649 | iface = current; | |
1650 | break; | |
1651 | } | |
1652 | } | |
1653 | ifaces->destroy(ifaces); | |
7daf5226 | 1654 | |
d24a74c5 TB |
1655 | if (!iface) |
1656 | { | |
9650bf3c MW |
1657 | INIT(iface, |
1658 | .ifindex = if_nametoindex(ifa->ifa_name), | |
1659 | .flags = ifa->ifa_flags, | |
1660 | .addrs = linked_list_create(), | |
1661 | .usable = hydra->kernel_interface->is_interface_usable( | |
1662 | hydra->kernel_interface, ifa->ifa_name), | |
1663 | ); | |
d24a74c5 | 1664 | memcpy(iface->ifname, ifa->ifa_name, IFNAMSIZ); |
d24a74c5 TB |
1665 | this->ifaces->insert_last(this->ifaces, iface); |
1666 | } | |
7daf5226 | 1667 | |
d24a74c5 TB |
1668 | if (ifa->ifa_addr->sa_family != AF_LINK) |
1669 | { | |
9650bf3c MW |
1670 | INIT(addr, |
1671 | .ip = host_create_from_sockaddr(ifa->ifa_addr), | |
9650bf3c | 1672 | ); |
d24a74c5 | 1673 | iface->addrs->insert_last(iface->addrs, addr); |
9845391a | 1674 | addr_map_entry_add(this, addr, iface); |
d24a74c5 TB |
1675 | } |
1676 | } | |
1677 | } | |
1678 | } | |
1679 | freeifaddrs(ifap); | |
7daf5226 | 1680 | |
d24a74c5 TB |
1681 | ifaces = this->ifaces->create_enumerator(this->ifaces); |
1682 | while (ifaces->enumerate(ifaces, &iface)) | |
1683 | { | |
940e1b0f | 1684 | if (iface->usable && iface->flags & IFF_UP) |
d24a74c5 | 1685 | { |
31a0e24b | 1686 | DBG2(DBG_KNL, " %s", iface->ifname); |
d24a74c5 TB |
1687 | addrs = iface->addrs->create_enumerator(iface->addrs); |
1688 | while (addrs->enumerate(addrs, (void**)&addr)) | |
1689 | { | |
31a0e24b | 1690 | DBG2(DBG_KNL, " %H", addr->ip); |
d24a74c5 TB |
1691 | } |
1692 | addrs->destroy(addrs); | |
1693 | } | |
1694 | } | |
1695 | ifaces->destroy(ifaces); | |
7daf5226 | 1696 | |
d24a74c5 TB |
1697 | return SUCCESS; |
1698 | } | |
1699 | ||
cce8f652 | 1700 | METHOD(kernel_net_t, destroy, void, |
e131f117 | 1701 | private_kernel_pfroute_net_t *this) |
d24a74c5 | 1702 | { |
1f97e1aa | 1703 | enumerator_t *enumerator; |
0745f846 | 1704 | route_entry_t *route; |
bfd2cc1c | 1705 | addr_entry_t *addr; |
1f97e1aa | 1706 | |
0745f846 TB |
1707 | enumerator = this->routes->create_enumerator(this->routes); |
1708 | while (enumerator->enumerate(enumerator, NULL, (void**)&route)) | |
1709 | { | |
1710 | manage_route(this, RTM_DELETE, route->dst_net, route->prefixlen, | |
1711 | route->gateway, route->if_name); | |
1712 | route_entry_destroy(route); | |
1713 | } | |
1714 | enumerator->destroy(enumerator); | |
1715 | this->routes->destroy(this->routes); | |
1716 | this->routes_lock->destroy(this->routes_lock); | |
1717 | ||
0e107f03 | 1718 | if (this->socket != -1) |
d6a27ec6 | 1719 | { |
46666dd3 | 1720 | lib->watcher->remove(lib->watcher, this->socket); |
d6a27ec6 MW |
1721 | close(this->socket); |
1722 | } | |
0745f846 TB |
1723 | |
1724 | net_changes_clear(this); | |
1725 | this->net_changes->destroy(this->net_changes); | |
1726 | this->net_changes_lock->destroy(this->net_changes_lock); | |
1727 | ||
1f97e1aa TB |
1728 | enumerator = this->addrs->create_enumerator(this->addrs); |
1729 | while (enumerator->enumerate(enumerator, NULL, (void**)&addr)) | |
1730 | { | |
1731 | free(addr); | |
1732 | } | |
1733 | enumerator->destroy(enumerator); | |
1734 | this->addrs->destroy(this->addrs); | |
d24a74c5 | 1735 | this->ifaces->destroy_function(this->ifaces, (void*)iface_entry_destroy); |
2a2d7a4d | 1736 | this->tuns->destroy(this->tuns); |
bdf36dac | 1737 | this->lock->destroy(this->lock); |
3a7f4b5c MW |
1738 | this->mutex->destroy(this->mutex); |
1739 | this->condvar->destroy(this->condvar); | |
55da01f3 | 1740 | this->roam_lock->destroy(this->roam_lock); |
3a7f4b5c | 1741 | free(this->reply); |
d24a74c5 TB |
1742 | free(this); |
1743 | } | |
1744 | ||
1745 | /* | |
1746 | * Described in header. | |
1747 | */ | |
1748 | kernel_pfroute_net_t *kernel_pfroute_net_create() | |
1749 | { | |
e131f117 MW |
1750 | private_kernel_pfroute_net_t *this; |
1751 | ||
1752 | INIT(this, | |
1753 | .public = { | |
1754 | .interface = { | |
580b768d | 1755 | .get_features = _get_features, |
e131f117 MW |
1756 | .get_interface = _get_interface_name, |
1757 | .create_address_enumerator = _create_address_enumerator, | |
1758 | .get_source_addr = _get_source_addr, | |
1759 | .get_nexthop = _get_nexthop, | |
1760 | .add_ip = _add_ip, | |
1761 | .del_ip = _del_ip, | |
1762 | .add_route = _add_route, | |
1763 | .del_route = _del_route, | |
1764 | .destroy = _destroy, | |
1765 | }, | |
1766 | }, | |
3a7f4b5c | 1767 | .pid = getpid(), |
e131f117 | 1768 | .ifaces = linked_list_create(), |
1f97e1aa TB |
1769 | .addrs = hashtable_create( |
1770 | (hashtable_hash_t)addr_map_entry_hash, | |
1771 | (hashtable_equals_t)addr_map_entry_equals, 16), | |
0745f846 TB |
1772 | .routes = hashtable_create((hashtable_hash_t)route_entry_hash, |
1773 | (hashtable_equals_t)route_entry_equals, 16), | |
1774 | .net_changes = hashtable_create( | |
1775 | (hashtable_hash_t)net_change_hash, | |
1776 | (hashtable_equals_t)net_change_equals, 16), | |
2a2d7a4d | 1777 | .tuns = linked_list_create(), |
bdf36dac | 1778 | .lock = rwlock_create(RWLOCK_TYPE_DEFAULT), |
3a7f4b5c MW |
1779 | .mutex = mutex_create(MUTEX_TYPE_DEFAULT), |
1780 | .condvar = condvar_create(CONDVAR_TYPE_DEFAULT), | |
0745f846 TB |
1781 | .routes_lock = mutex_create(MUTEX_TYPE_DEFAULT), |
1782 | .net_changes_lock = mutex_create(MUTEX_TYPE_DEFAULT), | |
55da01f3 | 1783 | .roam_lock = spinlock_create(), |
baa6419e TB |
1784 | .vip_wait = lib->settings->get_int(lib->settings, |
1785 | "%s.plugins.kernel-pfroute.vip_wait", 1000, hydra->daemon), | |
e131f117 | 1786 | ); |
0745f846 | 1787 | timerclear(&this->last_route_reinstall); |
55da01f3 | 1788 | timerclear(&this->next_roam); |
7daf5226 | 1789 | |
d24a74c5 TB |
1790 | /* create a PF_ROUTE socket to communicate with the kernel */ |
1791 | this->socket = socket(PF_ROUTE, SOCK_RAW, AF_UNSPEC); | |
0e107f03 | 1792 | if (this->socket == -1) |
d24a74c5 | 1793 | { |
d6a27ec6 MW |
1794 | DBG1(DBG_KNL, "unable to create PF_ROUTE socket"); |
1795 | destroy(this); | |
1796 | return NULL; | |
d24a74c5 | 1797 | } |
7daf5226 | 1798 | |
0e107f03 | 1799 | if (streq(hydra->daemon, "starter")) |
d24a74c5 | 1800 | { |
0e107f03 MW |
1801 | /* starter has no threads, so we do not register for kernel events */ |
1802 | if (shutdown(this->socket, SHUT_RD) != 0) | |
05ca5655 | 1803 | { |
0e107f03 MW |
1804 | DBG1(DBG_KNL, "closing read end of PF_ROUTE socket failed: %s", |
1805 | strerror(errno)); | |
05ca5655 | 1806 | } |
0e107f03 MW |
1807 | } |
1808 | else | |
1809 | { | |
46666dd3 MW |
1810 | lib->watcher->add(lib->watcher, this->socket, WATCHER_READ, |
1811 | (watcher_cb_t)receive_events, this); | |
05ca5655 | 1812 | } |
d24a74c5 TB |
1813 | if (init_address_list(this) != SUCCESS) |
1814 | { | |
d6a27ec6 MW |
1815 | DBG1(DBG_KNL, "unable to get interface list"); |
1816 | destroy(this); | |
1817 | return NULL; | |
d24a74c5 | 1818 | } |
7daf5226 | 1819 | |
d24a74c5 TB |
1820 | return &this->public; |
1821 | } |