]>
Commit | Line | Data |
---|---|---|
d24a74c5 | 1 | /* |
05ca5655 | 2 | * Copyright (C) 2009-2012 Tobias Brunner |
d24a74c5 TB |
3 | * Hochschule fuer Technik Rapperswil |
4 | * | |
5 | * This program is free software; you can redistribute it and/or modify it | |
6 | * under the terms of the GNU General Public License as published by the | |
7 | * Free Software Foundation; either version 2 of the License, or (at your | |
8 | * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
9 | * | |
10 | * This program is distributed in the hope that it will be useful, but | |
11 | * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
12 | * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
13 | * for more details. | |
d24a74c5 TB |
14 | */ |
15 | ||
16 | #include <sys/types.h> | |
17 | #include <sys/socket.h> | |
18 | #include <net/if.h> | |
272bcac8 | 19 | #include <net/if_dl.h> |
d24a74c5 TB |
20 | #include <ifaddrs.h> |
21 | #include <net/route.h> | |
22 | #include <unistd.h> | |
d24a74c5 TB |
23 | #include <errno.h> |
24 | ||
25 | #include "kernel_pfroute_net.h" | |
26 | ||
c5f7146b | 27 | #include <hydra.h> |
f05b4272 | 28 | #include <utils/debug.h> |
2e7cc07e | 29 | #include <networking/host.h> |
2a2d7a4d | 30 | #include <networking/tun_device.h> |
4a5a5dd2 | 31 | #include <threading/thread.h> |
eba64cef | 32 | #include <threading/mutex.h> |
3a7f4b5c | 33 | #include <threading/condvar.h> |
bdf36dac | 34 | #include <threading/rwlock.h> |
12642a68 TB |
35 | #include <collections/hashtable.h> |
36 | #include <collections/linked_list.h> | |
d24a74c5 | 37 | #include <processing/jobs/callback_job.h> |
d24a74c5 TB |
38 | |
39 | #ifndef HAVE_STRUCT_SOCKADDR_SA_LEN | |
40 | #error Cannot compile this plugin on systems where 'struct sockaddr' has no sa_len member. | |
41 | #endif | |
42 | ||
ba26508d | 43 | /** delay before firing roam events (ms) */ |
d24a74c5 TB |
44 | #define ROAM_DELAY 100 |
45 | ||
d24a74c5 TB |
46 | typedef struct addr_entry_t addr_entry_t; |
47 | ||
48 | /** | |
49 | * IP address in an inface_entry_t | |
50 | */ | |
51 | struct addr_entry_t { | |
7daf5226 | 52 | |
d24a74c5 TB |
53 | /** The ip address */ |
54 | host_t *ip; | |
7daf5226 | 55 | |
d24a74c5 TB |
56 | /** virtual IP managed by us */ |
57 | bool virtual; | |
d24a74c5 TB |
58 | }; |
59 | ||
60 | /** | |
61 | * destroy a addr_entry_t object | |
62 | */ | |
63 | static void addr_entry_destroy(addr_entry_t *this) | |
64 | { | |
65 | this->ip->destroy(this->ip); | |
66 | free(this); | |
67 | } | |
68 | ||
69 | typedef struct iface_entry_t iface_entry_t; | |
70 | ||
71 | /** | |
72 | * A network interface on this system, containing addr_entry_t's | |
73 | */ | |
74 | struct iface_entry_t { | |
7daf5226 | 75 | |
d24a74c5 TB |
76 | /** interface index */ |
77 | int ifindex; | |
7daf5226 | 78 | |
d24a74c5 TB |
79 | /** name of the interface */ |
80 | char ifname[IFNAMSIZ]; | |
7daf5226 | 81 | |
d24a74c5 TB |
82 | /** interface flags, as in netdevice(7) SIOCGIFFLAGS */ |
83 | u_int flags; | |
7daf5226 | 84 | |
d24a74c5 TB |
85 | /** list of addresses as host_t */ |
86 | linked_list_t *addrs; | |
940e1b0f TB |
87 | |
88 | /** TRUE if usable by config */ | |
89 | bool usable; | |
d24a74c5 TB |
90 | }; |
91 | ||
92 | /** | |
93 | * destroy an interface entry | |
94 | */ | |
95 | static void iface_entry_destroy(iface_entry_t *this) | |
96 | { | |
97 | this->addrs->destroy_function(this->addrs, (void*)addr_entry_destroy); | |
98 | free(this); | |
99 | } | |
100 | ||
1f97e1aa TB |
101 | /** |
102 | * check if an interface is up | |
103 | */ | |
104 | static inline bool iface_entry_up(iface_entry_t *iface) | |
105 | { | |
106 | return (iface->flags & IFF_UP) == IFF_UP; | |
107 | } | |
108 | ||
940e1b0f TB |
109 | /** |
110 | * check if an interface is up and usable | |
111 | */ | |
112 | static inline bool iface_entry_up_and_usable(iface_entry_t *iface) | |
113 | { | |
1f97e1aa TB |
114 | return iface->usable && iface_entry_up(iface); |
115 | } | |
116 | ||
117 | typedef struct addr_map_entry_t addr_map_entry_t; | |
118 | ||
119 | /** | |
120 | * Entry that maps an IP address to an interface entry | |
121 | */ | |
122 | struct addr_map_entry_t { | |
123 | /** The IP address */ | |
124 | host_t *ip; | |
125 | ||
126 | /** The interface this address is installed on */ | |
127 | iface_entry_t *iface; | |
128 | }; | |
129 | ||
130 | /** | |
131 | * Hash a addr_map_entry_t object, all entries with the same IP address | |
132 | * are stored in the same bucket | |
133 | */ | |
134 | static u_int addr_map_entry_hash(addr_map_entry_t *this) | |
135 | { | |
136 | return chunk_hash(this->ip->get_address(this->ip)); | |
137 | } | |
138 | ||
139 | /** | |
140 | * Compare two addr_map_entry_t objects, two entries are equal if they are | |
141 | * installed on the same interface | |
142 | */ | |
143 | static bool addr_map_entry_equals(addr_map_entry_t *a, addr_map_entry_t *b) | |
144 | { | |
145 | return a->iface->ifindex == b->iface->ifindex && | |
146 | a->ip->ip_equals(a->ip, b->ip); | |
940e1b0f TB |
147 | } |
148 | ||
1f97e1aa TB |
149 | /** |
150 | * Used with get_match this finds an address entry if it is installed on | |
151 | * an up and usable interface | |
152 | */ | |
153 | static bool addr_map_entry_match_up_and_usable(addr_map_entry_t *a, | |
154 | addr_map_entry_t *b) | |
155 | { | |
156 | return iface_entry_up_and_usable(b->iface) && | |
157 | a->ip->ip_equals(a->ip, b->ip); | |
158 | } | |
159 | ||
160 | /** | |
161 | * Used with get_match this finds an address entry if it is installed on | |
162 | * any active local interface | |
163 | */ | |
164 | static bool addr_map_entry_match_up(addr_map_entry_t *a, addr_map_entry_t *b) | |
165 | { | |
166 | return iface_entry_up(b->iface) && a->ip->ip_equals(a->ip, b->ip); | |
167 | } | |
d24a74c5 TB |
168 | |
169 | typedef struct private_kernel_pfroute_net_t private_kernel_pfroute_net_t; | |
170 | ||
171 | /** | |
172 | * Private variables and functions of kernel_pfroute class. | |
173 | */ | |
174 | struct private_kernel_pfroute_net_t | |
175 | { | |
176 | /** | |
177 | * Public part of the kernel_pfroute_t object. | |
178 | */ | |
179 | kernel_pfroute_net_t public; | |
7daf5226 | 180 | |
d24a74c5 | 181 | /** |
bdf36dac | 182 | * lock to access lists and maps |
d24a74c5 | 183 | */ |
bdf36dac | 184 | rwlock_t *lock; |
7daf5226 | 185 | |
d24a74c5 TB |
186 | /** |
187 | * Cached list of interfaces and their addresses (iface_entry_t) | |
188 | */ | |
189 | linked_list_t *ifaces; | |
7daf5226 | 190 | |
1f97e1aa TB |
191 | /** |
192 | * Map for IP addresses to iface_entry_t objects (addr_map_entry_t) | |
193 | */ | |
194 | hashtable_t *addrs; | |
195 | ||
2a2d7a4d MW |
196 | /** |
197 | * List of tun devices we installed for virtual IPs | |
198 | */ | |
199 | linked_list_t *tuns; | |
200 | ||
d24a74c5 | 201 | /** |
3a7f4b5c | 202 | * mutex to communicate exclusively with PF_KEY |
d24a74c5 | 203 | */ |
3a7f4b5c MW |
204 | mutex_t *mutex; |
205 | ||
206 | /** | |
207 | * condvar to signal if PF_KEY query got a response | |
208 | */ | |
209 | condvar_t *condvar; | |
210 | ||
211 | /** | |
212 | * pid to send PF_ROUTE messages with | |
213 | */ | |
214 | pid_t pid; | |
7daf5226 | 215 | |
d24a74c5 TB |
216 | /** |
217 | * PF_ROUTE socket to communicate with the kernel | |
218 | */ | |
219 | int socket; | |
7daf5226 | 220 | |
d24a74c5 TB |
221 | /** |
222 | * sequence number for messages sent to the kernel | |
223 | */ | |
224 | int seq; | |
7daf5226 | 225 | |
3a7f4b5c MW |
226 | /** |
227 | * Sequence number a query is waiting for | |
228 | */ | |
229 | int waiting_seq; | |
230 | ||
231 | /** | |
232 | * Allocated reply message from kernel | |
233 | */ | |
234 | struct rt_msghdr *reply; | |
235 | ||
d24a74c5 | 236 | /** |
ba26508d | 237 | * time of last roam event |
d24a74c5 | 238 | */ |
de578445 | 239 | timeval_t last_roam; |
d24a74c5 TB |
240 | }; |
241 | ||
1f97e1aa TB |
242 | /** |
243 | * Add an address map entry | |
244 | */ | |
bfd2cc1c | 245 | static void addr_map_entry_add(private_kernel_pfroute_net_t *this, |
1f97e1aa TB |
246 | addr_entry_t *addr, iface_entry_t *iface) |
247 | { | |
248 | addr_map_entry_t *entry; | |
249 | ||
250 | if (addr->virtual) | |
251 | { /* don't map virtual IPs */ | |
252 | return; | |
253 | } | |
254 | ||
255 | INIT(entry, | |
256 | .ip = addr->ip, | |
257 | .iface = iface, | |
258 | ); | |
259 | entry = this->addrs->put(this->addrs, entry, entry); | |
260 | free(entry); | |
261 | } | |
262 | ||
263 | /** | |
264 | * Remove an address map entry (the argument order is a bit strange because | |
265 | * it is also used with linked_list_t.invoke_function) | |
266 | */ | |
267 | static void addr_map_entry_remove(addr_entry_t *addr, iface_entry_t *iface, | |
bfd2cc1c | 268 | private_kernel_pfroute_net_t *this) |
1f97e1aa TB |
269 | { |
270 | addr_map_entry_t *entry, lookup = { | |
271 | .ip = addr->ip, | |
272 | .iface = iface, | |
273 | }; | |
274 | ||
275 | if (addr->virtual) | |
276 | { /* these are never mapped, but this check avoid problems if a virtual IP | |
277 | * equals a regular one */ | |
278 | return; | |
279 | } | |
280 | entry = this->addrs->remove(this->addrs, &lookup); | |
281 | free(entry); | |
282 | } | |
283 | ||
d24a74c5 | 284 | /** |
ba26508d | 285 | * callback function that raises the delayed roam event |
d24a74c5 | 286 | */ |
ba26508d TB |
287 | static job_requeue_t roam_event(uintptr_t address) |
288 | { | |
f6659688 | 289 | hydra->kernel_interface->roam(hydra->kernel_interface, address != 0); |
ba26508d TB |
290 | return JOB_REQUEUE_NONE; |
291 | } | |
292 | ||
293 | /** | |
294 | * fire a roaming event. we delay it for a bit and fire only one event | |
295 | * for multiple calls. otherwise we would create too many events. | |
296 | */ | |
297 | static void fire_roam_event(private_kernel_pfroute_net_t *this, bool address) | |
d24a74c5 | 298 | { |
de578445 | 299 | timeval_t now; |
ba26508d | 300 | job_t *job; |
7daf5226 | 301 | |
de578445 MW |
302 | time_monotonic(&now); |
303 | if (timercmp(&now, &this->last_roam, >)) | |
d24a74c5 | 304 | { |
eecd41e3 | 305 | timeval_add_ms(&now, ROAM_DELAY); |
de578445 | 306 | this->last_roam = now; |
ba26508d TB |
307 | |
308 | job = (job_t*)callback_job_create((callback_job_cb_t)roam_event, | |
309 | (void*)(uintptr_t)(address ? 1 : 0), | |
310 | NULL, NULL); | |
bb381e26 | 311 | lib->scheduler->schedule_job_ms(lib->scheduler, job, ROAM_DELAY); |
d24a74c5 TB |
312 | } |
313 | } | |
314 | ||
b1c6b68e MW |
315 | /** |
316 | * Data for enumerator over rtmsg sockaddrs | |
317 | */ | |
318 | typedef struct { | |
319 | /** implements enumerator */ | |
320 | enumerator_t public; | |
321 | /** copy of attribute bitfield */ | |
322 | int types; | |
323 | /** bytes remaining in buffer */ | |
324 | int remaining; | |
325 | /** next sockaddr to enumerate */ | |
326 | struct sockaddr *addr; | |
327 | } rt_enumerator_t; | |
328 | ||
329 | METHOD(enumerator_t, rt_enumerate, bool, | |
330 | rt_enumerator_t *this, int *xtype, struct sockaddr **addr) | |
331 | { | |
332 | int i, type; | |
333 | ||
334 | if (this->remaining < sizeof(this->addr->sa_len) || | |
335 | this->remaining < this->addr->sa_len) | |
336 | { | |
337 | return FALSE; | |
338 | } | |
339 | for (i = 0; i < RTAX_MAX; i++) | |
340 | { | |
341 | type = (1 << i); | |
342 | if (this->types & type) | |
343 | { | |
344 | this->types &= ~type; | |
345 | *addr = this->addr; | |
346 | *xtype = i; | |
347 | this->remaining -= this->addr->sa_len; | |
348 | this->addr = (void*)this->addr + this->addr->sa_len; | |
349 | return TRUE; | |
350 | } | |
351 | } | |
352 | return FALSE; | |
353 | } | |
354 | ||
355 | /** | |
356 | * Create a safe enumerator over sockaddrs in ifa/ifam/rt_msg | |
357 | */ | |
358 | static enumerator_t *create_rtmsg_enumerator(void *hdr, size_t hdrlen) | |
359 | { | |
360 | struct rt_msghdr *rthdr = hdr; | |
361 | rt_enumerator_t *this; | |
362 | ||
363 | INIT(this, | |
364 | .public = { | |
365 | .enumerate = (void*)_rt_enumerate, | |
366 | .destroy = (void*)free, | |
367 | }, | |
368 | .types = rthdr->rtm_addrs, | |
369 | .remaining = rthdr->rtm_msglen - hdrlen, | |
370 | .addr = hdr + hdrlen, | |
371 | ); | |
372 | return &this->public; | |
373 | } | |
374 | ||
d24a74c5 TB |
375 | /** |
376 | * Process an RTM_*ADDR message from the kernel | |
377 | */ | |
378 | static void process_addr(private_kernel_pfroute_net_t *this, | |
b1c6b68e | 379 | struct ifa_msghdr *ifa) |
d24a74c5 | 380 | { |
b1c6b68e | 381 | struct sockaddr *sockaddr; |
d24a74c5 TB |
382 | host_t *host = NULL; |
383 | enumerator_t *ifaces, *addrs; | |
384 | iface_entry_t *iface; | |
385 | addr_entry_t *addr; | |
386 | bool found = FALSE, changed = FALSE, roam = FALSE; | |
b1c6b68e MW |
387 | enumerator_t *enumerator; |
388 | int type; | |
7daf5226 | 389 | |
b1c6b68e MW |
390 | enumerator = create_rtmsg_enumerator(ifa, sizeof(*ifa)); |
391 | while (enumerator->enumerate(enumerator, &type, &sockaddr)) | |
d24a74c5 | 392 | { |
b1c6b68e | 393 | if (type == RTAX_IFA) |
d24a74c5 | 394 | { |
b1c6b68e MW |
395 | host = host_create_from_sockaddr(sockaddr); |
396 | break; | |
d24a74c5 TB |
397 | } |
398 | } | |
b1c6b68e | 399 | enumerator->destroy(enumerator); |
7daf5226 | 400 | |
d24a74c5 TB |
401 | if (!host) |
402 | { | |
403 | return; | |
404 | } | |
7daf5226 | 405 | |
bdf36dac | 406 | this->lock->write_lock(this->lock); |
d24a74c5 TB |
407 | ifaces = this->ifaces->create_enumerator(this->ifaces); |
408 | while (ifaces->enumerate(ifaces, &iface)) | |
409 | { | |
410 | if (iface->ifindex == ifa->ifam_index) | |
411 | { | |
412 | addrs = iface->addrs->create_enumerator(iface->addrs); | |
413 | while (addrs->enumerate(addrs, &addr)) | |
414 | { | |
415 | if (host->ip_equals(host, addr->ip)) | |
416 | { | |
417 | found = TRUE; | |
418 | if (ifa->ifam_type == RTM_DELADDR) | |
419 | { | |
420 | iface->addrs->remove_at(iface->addrs, addrs); | |
940e1b0f | 421 | if (!addr->virtual && iface->usable) |
d24a74c5 TB |
422 | { |
423 | changed = TRUE; | |
424 | DBG1(DBG_KNL, "%H disappeared from %s", | |
425 | host, iface->ifname); | |
426 | } | |
1f97e1aa | 427 | addr_map_entry_remove(addr, iface, this); |
d24a74c5 TB |
428 | addr_entry_destroy(addr); |
429 | } | |
d24a74c5 TB |
430 | } |
431 | } | |
432 | addrs->destroy(addrs); | |
7daf5226 | 433 | |
d24a74c5 TB |
434 | if (!found && ifa->ifam_type == RTM_NEWADDR) |
435 | { | |
9650bf3c MW |
436 | INIT(addr, |
437 | .ip = host->clone(host), | |
9650bf3c | 438 | ); |
d24a74c5 | 439 | changed = TRUE; |
d24a74c5 | 440 | iface->addrs->insert_last(iface->addrs, addr); |
1f97e1aa | 441 | addr_map_entry_add(this, addr, iface); |
940e1b0f TB |
442 | if (iface->usable) |
443 | { | |
444 | DBG1(DBG_KNL, "%H appeared on %s", host, iface->ifname); | |
445 | } | |
d24a74c5 | 446 | } |
7daf5226 | 447 | |
940e1b0f | 448 | if (changed && iface_entry_up_and_usable(iface)) |
d24a74c5 TB |
449 | { |
450 | roam = TRUE; | |
451 | } | |
452 | break; | |
453 | } | |
454 | } | |
455 | ifaces->destroy(ifaces); | |
bdf36dac | 456 | this->lock->unlock(this->lock); |
d24a74c5 | 457 | host->destroy(host); |
7daf5226 | 458 | |
d24a74c5 TB |
459 | if (roam) |
460 | { | |
ba26508d | 461 | fire_roam_event(this, TRUE); |
d24a74c5 TB |
462 | } |
463 | } | |
464 | ||
6e879a59 MW |
465 | /** |
466 | * Re-initialize address list of an interface if it changes state | |
467 | */ | |
468 | static void repopulate_iface(private_kernel_pfroute_net_t *this, | |
469 | iface_entry_t *iface) | |
470 | { | |
471 | struct ifaddrs *ifap, *ifa; | |
472 | addr_entry_t *addr; | |
473 | ||
474 | while (iface->addrs->remove_last(iface->addrs, (void**)&addr) == SUCCESS) | |
475 | { | |
476 | addr_map_entry_remove(addr, iface, this); | |
477 | addr_entry_destroy(addr); | |
478 | } | |
479 | ||
480 | if (getifaddrs(&ifap) == 0) | |
481 | { | |
482 | for (ifa = ifap; ifa != NULL; ifa = ifa->ifa_next) | |
483 | { | |
484 | if (ifa->ifa_addr && streq(ifa->ifa_name, iface->ifname)) | |
485 | { | |
486 | switch (ifa->ifa_addr->sa_family) | |
487 | { | |
488 | case AF_INET: | |
489 | case AF_INET6: | |
490 | INIT(addr, | |
491 | .ip = host_create_from_sockaddr(ifa->ifa_addr), | |
6e879a59 MW |
492 | ); |
493 | iface->addrs->insert_last(iface->addrs, addr); | |
494 | addr_map_entry_add(this, addr, iface); | |
495 | break; | |
496 | default: | |
497 | break; | |
498 | } | |
499 | } | |
500 | } | |
501 | freeifaddrs(ifap); | |
502 | } | |
503 | } | |
504 | ||
d24a74c5 TB |
505 | /** |
506 | * Process an RTM_IFINFO message from the kernel | |
507 | */ | |
508 | static void process_link(private_kernel_pfroute_net_t *this, | |
b1c6b68e | 509 | struct if_msghdr *msg) |
d24a74c5 | 510 | { |
d24a74c5 TB |
511 | enumerator_t *enumerator; |
512 | iface_entry_t *iface; | |
0fd409db | 513 | bool roam = FALSE, found = FALSE;; |
7daf5226 | 514 | |
bdf36dac | 515 | this->lock->write_lock(this->lock); |
d24a74c5 TB |
516 | enumerator = this->ifaces->create_enumerator(this->ifaces); |
517 | while (enumerator->enumerate(enumerator, &iface)) | |
518 | { | |
519 | if (iface->ifindex == msg->ifm_index) | |
520 | { | |
940e1b0f | 521 | if (iface->usable) |
d24a74c5 | 522 | { |
940e1b0f TB |
523 | if (!(iface->flags & IFF_UP) && (msg->ifm_flags & IFF_UP)) |
524 | { | |
525 | roam = TRUE; | |
526 | DBG1(DBG_KNL, "interface %s activated", iface->ifname); | |
527 | } | |
528 | else if ((iface->flags & IFF_UP) && !(msg->ifm_flags & IFF_UP)) | |
529 | { | |
530 | roam = TRUE; | |
531 | DBG1(DBG_KNL, "interface %s deactivated", iface->ifname); | |
532 | } | |
d24a74c5 TB |
533 | } |
534 | iface->flags = msg->ifm_flags; | |
6e879a59 | 535 | repopulate_iface(this, iface); |
0fd409db | 536 | found = TRUE; |
d24a74c5 TB |
537 | break; |
538 | } | |
539 | } | |
540 | enumerator->destroy(enumerator); | |
0fd409db MW |
541 | |
542 | if (!found) | |
543 | { | |
544 | INIT(iface, | |
545 | .ifindex = msg->ifm_index, | |
546 | .flags = msg->ifm_flags, | |
547 | .addrs = linked_list_create(), | |
548 | ); | |
549 | if (if_indextoname(iface->ifindex, iface->ifname)) | |
550 | { | |
551 | DBG1(DBG_KNL, "interface %s appeared", iface->ifname); | |
552 | iface->usable = hydra->kernel_interface->is_interface_usable( | |
553 | hydra->kernel_interface, iface->ifname); | |
6e879a59 | 554 | repopulate_iface(this, iface); |
0fd409db MW |
555 | this->ifaces->insert_last(this->ifaces, iface); |
556 | } | |
557 | else | |
558 | { | |
559 | free(iface); | |
560 | } | |
561 | } | |
bdf36dac | 562 | this->lock->unlock(this->lock); |
7daf5226 | 563 | |
d24a74c5 TB |
564 | if (roam) |
565 | { | |
ba26508d | 566 | fire_roam_event(this, TRUE); |
d24a74c5 TB |
567 | } |
568 | } | |
569 | ||
570 | /** | |
571 | * Process an RTM_*ROUTE message from the kernel | |
572 | */ | |
573 | static void process_route(private_kernel_pfroute_net_t *this, | |
574 | struct rt_msghdr *msg) | |
575 | { | |
576 | ||
577 | } | |
578 | ||
579 | /** | |
b1c6b68e | 580 | * Receives PF_ROUTE messages from kernel |
d24a74c5 TB |
581 | */ |
582 | static job_requeue_t receive_events(private_kernel_pfroute_net_t *this) | |
583 | { | |
b1c6b68e MW |
584 | struct { |
585 | union { | |
586 | struct rt_msghdr rtm; | |
587 | struct if_msghdr ifm; | |
588 | struct ifa_msghdr ifam; | |
589 | }; | |
590 | char buf[sizeof(struct sockaddr_storage) * RTAX_MAX]; | |
591 | } msg; | |
592 | int len, hdrlen; | |
4a5a5dd2 | 593 | bool oldstate; |
7daf5226 | 594 | |
4a5a5dd2 | 595 | oldstate = thread_cancelability(TRUE); |
b1c6b68e | 596 | len = recv(this->socket, &msg, sizeof(msg), 0); |
4a5a5dd2 | 597 | thread_cancelability(oldstate); |
7daf5226 | 598 | |
d24a74c5 TB |
599 | if (len < 0) |
600 | { | |
601 | switch (errno) | |
602 | { | |
603 | case EINTR: | |
d24a74c5 | 604 | case EAGAIN: |
d24a74c5 TB |
605 | return JOB_REQUEUE_DIRECT; |
606 | default: | |
607 | DBG1(DBG_KNL, "unable to receive from PF_ROUTE event socket"); | |
608 | sleep(1); | |
609 | return JOB_REQUEUE_FAIR; | |
610 | } | |
611 | } | |
7daf5226 | 612 | |
b1c6b68e | 613 | if (len < offsetof(struct rt_msghdr, rtm_flags) || len < msg.rtm.rtm_msglen) |
d24a74c5 | 614 | { |
b1c6b68e | 615 | DBG1(DBG_KNL, "received invalid PF_ROUTE message"); |
d24a74c5 TB |
616 | return JOB_REQUEUE_DIRECT; |
617 | } | |
b1c6b68e MW |
618 | if (msg.rtm.rtm_version != RTM_VERSION) |
619 | { | |
620 | DBG1(DBG_KNL, "received PF_ROUTE message with unsupported version: %d", | |
621 | msg.rtm.rtm_version); | |
622 | return JOB_REQUEUE_DIRECT; | |
623 | } | |
624 | switch (msg.rtm.rtm_type) | |
d24a74c5 TB |
625 | { |
626 | case RTM_NEWADDR: | |
627 | case RTM_DELADDR: | |
b1c6b68e | 628 | hdrlen = sizeof(msg.ifam); |
d24a74c5 TB |
629 | break; |
630 | case RTM_IFINFO: | |
b1c6b68e | 631 | hdrlen = sizeof(msg.ifm); |
d24a74c5 TB |
632 | break; |
633 | case RTM_ADD: | |
634 | case RTM_DELETE: | |
b1c6b68e MW |
635 | case RTM_GET: |
636 | hdrlen = sizeof(msg.rtm); | |
637 | break; | |
638 | default: | |
639 | return JOB_REQUEUE_DIRECT; | |
640 | } | |
641 | if (msg.rtm.rtm_msglen < hdrlen) | |
642 | { | |
643 | DBG1(DBG_KNL, "ignoring short PF_ROUTE message"); | |
644 | return JOB_REQUEUE_DIRECT; | |
645 | } | |
646 | switch (msg.rtm.rtm_type) | |
647 | { | |
648 | case RTM_NEWADDR: | |
649 | case RTM_DELADDR: | |
650 | process_addr(this, &msg.ifam); | |
651 | break; | |
652 | case RTM_IFINFO: | |
653 | process_link(this, &msg.ifm); | |
654 | break; | |
655 | case RTM_ADD: | |
656 | case RTM_DELETE: | |
657 | process_route(this, &msg.rtm); | |
658 | break; | |
d24a74c5 TB |
659 | default: |
660 | break; | |
661 | } | |
3a7f4b5c MW |
662 | |
663 | this->mutex->lock(this->mutex); | |
664 | if (msg.rtm.rtm_pid == this->pid && msg.rtm.rtm_seq == this->waiting_seq) | |
665 | { | |
666 | /* seems like the message someone is waiting for, deliver */ | |
667 | this->reply = realloc(this->reply, msg.rtm.rtm_msglen); | |
668 | memcpy(this->reply, &msg, msg.rtm.rtm_msglen); | |
3a7f4b5c | 669 | } |
2a2d7a4d MW |
670 | /* signal on any event, add_ip()/del_ip() might wait for it */ |
671 | this->condvar->signal(this->condvar); | |
3a7f4b5c MW |
672 | this->mutex->unlock(this->mutex); |
673 | ||
d24a74c5 TB |
674 | return JOB_REQUEUE_DIRECT; |
675 | } | |
676 | ||
677 | ||
678 | /** enumerator over addresses */ | |
679 | typedef struct { | |
680 | private_kernel_pfroute_net_t* this; | |
4106aea8 | 681 | /** which addresses to enumerate */ |
bfd2cc1c | 682 | kernel_address_type_t which; |
d24a74c5 TB |
683 | } address_enumerator_t; |
684 | ||
685 | /** | |
686 | * cleanup function for address enumerator | |
687 | */ | |
688 | static void address_enumerator_destroy(address_enumerator_t *data) | |
689 | { | |
bdf36dac | 690 | data->this->lock->unlock(data->this->lock); |
d24a74c5 TB |
691 | free(data); |
692 | } | |
693 | ||
694 | /** | |
695 | * filter for addresses | |
696 | */ | |
e131f117 MW |
697 | static bool filter_addresses(address_enumerator_t *data, |
698 | addr_entry_t** in, host_t** out) | |
d24a74c5 TB |
699 | { |
700 | host_t *ip; | |
4106aea8 | 701 | if (!(data->which & ADDR_TYPE_VIRTUAL) && (*in)->virtual) |
d24a74c5 | 702 | { /* skip virtual interfaces added by us */ |
1a2a8bff MW |
703 | return FALSE; |
704 | } | |
705 | if (!(data->which & ADDR_TYPE_REGULAR) && !(*in)->virtual) | |
706 | { /* address is regular, but not requested */ | |
d24a74c5 TB |
707 | return FALSE; |
708 | } | |
709 | ip = (*in)->ip; | |
710 | if (ip->get_family(ip) == AF_INET6) | |
711 | { | |
712 | struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)ip->get_sockaddr(ip); | |
713 | if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) | |
714 | { /* skip addresses with a unusable scope */ | |
715 | return FALSE; | |
716 | } | |
717 | } | |
718 | *out = ip; | |
719 | return TRUE; | |
720 | } | |
721 | ||
722 | /** | |
723 | * enumerator constructor for interfaces | |
724 | */ | |
e131f117 MW |
725 | static enumerator_t *create_iface_enumerator(iface_entry_t *iface, |
726 | address_enumerator_t *data) | |
d24a74c5 TB |
727 | { |
728 | return enumerator_create_filter(iface->addrs->create_enumerator(iface->addrs), | |
729 | (void*)filter_addresses, data, NULL); | |
730 | } | |
731 | ||
732 | /** | |
733 | * filter for interfaces | |
734 | */ | |
e131f117 MW |
735 | static bool filter_interfaces(address_enumerator_t *data, iface_entry_t** in, |
736 | iface_entry_t** out) | |
d24a74c5 | 737 | { |
4106aea8 | 738 | if (!(data->which & ADDR_TYPE_IGNORED) && !(*in)->usable) |
940e1b0f TB |
739 | { /* skip interfaces excluded by config */ |
740 | return FALSE; | |
741 | } | |
4106aea8 | 742 | if (!(data->which & ADDR_TYPE_LOOPBACK) && ((*in)->flags & IFF_LOOPBACK)) |
aed33805 TB |
743 | { /* ignore loopback devices */ |
744 | return FALSE; | |
745 | } | |
4106aea8 TB |
746 | if (!(data->which & ADDR_TYPE_DOWN) && !((*in)->flags & IFF_UP)) |
747 | { /* skip interfaces not up */ | |
d24a74c5 TB |
748 | return FALSE; |
749 | } | |
750 | *out = *in; | |
751 | return TRUE; | |
752 | } | |
753 | ||
e131f117 | 754 | METHOD(kernel_net_t, create_address_enumerator, enumerator_t*, |
bfd2cc1c | 755 | private_kernel_pfroute_net_t *this, kernel_address_type_t which) |
d24a74c5 | 756 | { |
9650bf3c MW |
757 | address_enumerator_t *data; |
758 | ||
759 | INIT(data, | |
760 | .this = this, | |
761 | .which = which, | |
762 | ); | |
d24a74c5 | 763 | |
bdf36dac | 764 | this->lock->read_lock(this->lock); |
d24a74c5 | 765 | return enumerator_create_nested( |
e131f117 MW |
766 | enumerator_create_filter( |
767 | this->ifaces->create_enumerator(this->ifaces), | |
768 | (void*)filter_interfaces, data, NULL), | |
769 | (void*)create_iface_enumerator, data, | |
770 | (void*)address_enumerator_destroy); | |
d24a74c5 TB |
771 | } |
772 | ||
580b768d MW |
773 | METHOD(kernel_net_t, get_features, kernel_feature_t, |
774 | private_kernel_pfroute_net_t *this) | |
775 | { | |
776 | return KERNEL_REQUIRE_EXCLUDE_ROUTE; | |
777 | } | |
778 | ||
9ba36c0f TB |
779 | METHOD(kernel_net_t, get_interface_name, bool, |
780 | private_kernel_pfroute_net_t *this, host_t* ip, char **name) | |
d24a74c5 | 781 | { |
1f97e1aa TB |
782 | addr_map_entry_t *entry, lookup = { |
783 | .ip = ip, | |
784 | }; | |
d24a74c5 | 785 | |
645d7a5e TB |
786 | if (ip->is_anyaddr(ip)) |
787 | { | |
788 | return FALSE; | |
789 | } | |
bdf36dac | 790 | this->lock->read_lock(this->lock); |
1f97e1aa TB |
791 | /* first try to find it on an up and usable interface */ |
792 | entry = this->addrs->get_match(this->addrs, &lookup, | |
793 | (void*)addr_map_entry_match_up_and_usable); | |
794 | if (entry) | |
d24a74c5 | 795 | { |
1f97e1aa | 796 | if (name) |
940e1b0f | 797 | { |
1f97e1aa | 798 | *name = strdup(entry->iface->ifname); |
940e1b0f TB |
799 | DBG2(DBG_KNL, "%H is on interface %s", ip, *name); |
800 | } | |
bdf36dac | 801 | this->lock->unlock(this->lock); |
1f97e1aa | 802 | return TRUE; |
d24a74c5 | 803 | } |
1f97e1aa TB |
804 | /* maybe it is installed on an ignored interface */ |
805 | entry = this->addrs->get_match(this->addrs, &lookup, | |
806 | (void*)addr_map_entry_match_up); | |
807 | if (!entry) | |
808 | { /* the address does not exist, is on a down interface */ | |
809 | DBG2(DBG_KNL, "%H is not a local address or the interface is down", ip); | |
810 | } | |
bdf36dac | 811 | this->lock->unlock(this->lock); |
1f97e1aa | 812 | return FALSE; |
d24a74c5 TB |
813 | } |
814 | ||
e131f117 MW |
815 | METHOD(kernel_net_t, get_source_addr, host_t*, |
816 | private_kernel_pfroute_net_t *this, host_t *dest, host_t *src) | |
d24a74c5 TB |
817 | { |
818 | return NULL; | |
819 | } | |
820 | ||
e131f117 | 821 | METHOD(kernel_net_t, add_ip, status_t, |
2a2d7a4d | 822 | private_kernel_pfroute_net_t *this, host_t *vip, int prefix, |
77b6f196 | 823 | char *ifname) |
d24a74c5 | 824 | { |
77b6f196 MW |
825 | enumerator_t *ifaces, *addrs; |
826 | iface_entry_t *iface; | |
827 | addr_entry_t *addr; | |
2a2d7a4d MW |
828 | tun_device_t *tun; |
829 | bool timeout = FALSE; | |
830 | ||
831 | tun = tun_device_create(NULL); | |
832 | if (!tun) | |
833 | { | |
834 | return FAILED; | |
835 | } | |
836 | if (prefix == -1) | |
837 | { | |
838 | prefix = vip->get_address(vip).len * 8; | |
839 | } | |
840 | if (!tun->set_address(tun, vip, prefix) || !tun->up(tun)) | |
841 | { | |
842 | tun->destroy(tun); | |
843 | return FAILED; | |
844 | } | |
845 | ||
846 | /* wait until address appears */ | |
847 | this->mutex->lock(this->mutex); | |
848 | while (!timeout && !get_interface_name(this, vip, NULL)) | |
849 | { | |
850 | timeout = this->condvar->timed_wait(this->condvar, this->mutex, 1000); | |
851 | } | |
852 | this->mutex->unlock(this->mutex); | |
853 | if (timeout) | |
854 | { | |
855 | DBG1(DBG_KNL, "virtual IP %H did not appear on %s", | |
856 | vip, tun->get_name(tun)); | |
857 | tun->destroy(tun); | |
858 | return FAILED; | |
859 | } | |
860 | ||
861 | this->lock->write_lock(this->lock); | |
862 | this->tuns->insert_last(this->tuns, tun); | |
77b6f196 MW |
863 | |
864 | ifaces = this->ifaces->create_enumerator(this->ifaces); | |
865 | while (ifaces->enumerate(ifaces, &iface)) | |
866 | { | |
867 | if (streq(iface->ifname, tun->get_name(tun))) | |
868 | { | |
869 | addrs = iface->addrs->create_enumerator(iface->addrs); | |
870 | while (addrs->enumerate(addrs, &addr)) | |
871 | { | |
872 | if (addr->ip->ip_equals(addr->ip, vip)) | |
873 | { | |
874 | addr->virtual = TRUE; | |
77b6f196 MW |
875 | } |
876 | } | |
877 | addrs->destroy(addrs); | |
878 | } | |
879 | } | |
880 | ifaces->destroy(ifaces); | |
881 | ||
2a2d7a4d MW |
882 | this->lock->unlock(this->lock); |
883 | ||
884 | return SUCCESS; | |
d24a74c5 TB |
885 | } |
886 | ||
e131f117 | 887 | METHOD(kernel_net_t, del_ip, status_t, |
2a2d7a4d | 888 | private_kernel_pfroute_net_t *this, host_t *vip, int prefix, |
d88597f0 | 889 | bool wait) |
d24a74c5 | 890 | { |
2a2d7a4d MW |
891 | enumerator_t *enumerator; |
892 | tun_device_t *tun; | |
893 | host_t *addr; | |
894 | bool timeout = FALSE, found = FALSE; | |
895 | ||
896 | this->lock->write_lock(this->lock); | |
897 | enumerator = this->tuns->create_enumerator(this->tuns); | |
898 | while (enumerator->enumerate(enumerator, &tun)) | |
899 | { | |
900 | addr = tun->get_address(tun, NULL); | |
901 | if (addr && addr->ip_equals(addr, vip)) | |
902 | { | |
903 | this->tuns->remove_at(this->tuns, enumerator); | |
904 | tun->destroy(tun); | |
905 | found = TRUE; | |
906 | break; | |
907 | } | |
908 | } | |
909 | enumerator->destroy(enumerator); | |
910 | this->lock->unlock(this->lock); | |
911 | ||
912 | if (!found) | |
913 | { | |
914 | return NOT_FOUND; | |
915 | } | |
916 | /* wait until address disappears */ | |
917 | if (wait) | |
918 | { | |
919 | this->mutex->lock(this->mutex); | |
920 | while (!timeout && get_interface_name(this, vip, NULL)) | |
921 | { | |
922 | timeout = this->condvar->timed_wait(this->condvar, this->mutex, 1000); | |
923 | } | |
924 | this->mutex->unlock(this->mutex); | |
925 | if (timeout) | |
926 | { | |
927 | DBG1(DBG_KNL, "virtual IP %H did not disappear from tun", vip); | |
928 | return FAILED; | |
929 | } | |
930 | } | |
931 | return SUCCESS; | |
d24a74c5 TB |
932 | } |
933 | ||
272bcac8 MW |
934 | /** |
935 | * Append a sockaddr_in/in6 of given type to routing message | |
936 | */ | |
937 | static void add_rt_addr(struct rt_msghdr *hdr, int type, host_t *addr) | |
938 | { | |
939 | if (addr) | |
940 | { | |
941 | int len; | |
942 | ||
943 | len = *addr->get_sockaddr_len(addr); | |
944 | memcpy((char*)hdr + hdr->rtm_msglen, addr->get_sockaddr(addr), len); | |
945 | hdr->rtm_msglen += len; | |
946 | hdr->rtm_addrs |= type; | |
947 | } | |
948 | } | |
949 | ||
950 | /** | |
951 | * Append a subnet mask sockaddr using the given prefix to routing message | |
952 | */ | |
953 | static void add_rt_mask(struct rt_msghdr *hdr, int type, int family, int prefix) | |
954 | { | |
955 | host_t *mask; | |
956 | ||
957 | mask = host_create_netmask(family, prefix); | |
958 | if (mask) | |
959 | { | |
960 | add_rt_addr(hdr, type, mask); | |
961 | mask->destroy(mask); | |
962 | } | |
963 | } | |
964 | ||
965 | /** | |
966 | * Append an interface name sockaddr_dl to routing message | |
967 | */ | |
968 | static void add_rt_ifname(struct rt_msghdr *hdr, int type, char *name) | |
969 | { | |
970 | struct sockaddr_dl sdl = { | |
971 | .sdl_len = sizeof(struct sockaddr_dl), | |
972 | .sdl_family = AF_LINK, | |
973 | .sdl_nlen = strlen(name), | |
974 | }; | |
975 | ||
976 | if (strlen(name) <= sizeof(sdl.sdl_data)) | |
977 | { | |
978 | memcpy(sdl.sdl_data, name, sdl.sdl_nlen); | |
979 | memcpy((char*)hdr + hdr->rtm_msglen, &sdl, sdl.sdl_len); | |
980 | hdr->rtm_msglen += sdl.sdl_len; | |
981 | hdr->rtm_addrs |= type; | |
982 | } | |
983 | } | |
984 | ||
985 | /** | |
986 | * Add or remove a route | |
987 | */ | |
988 | static status_t manage_route(private_kernel_pfroute_net_t *this, int op, | |
989 | chunk_t dst_net, u_int8_t prefixlen, | |
990 | host_t *gateway, char *if_name) | |
991 | { | |
992 | struct { | |
993 | struct rt_msghdr hdr; | |
994 | char buf[sizeof(struct sockaddr_storage) * RTAX_MAX]; | |
995 | } msg = { | |
996 | .hdr = { | |
997 | .rtm_version = RTM_VERSION, | |
998 | .rtm_type = op, | |
999 | .rtm_flags = RTF_UP | RTF_STATIC, | |
1000 | .rtm_pid = this->pid, | |
1001 | .rtm_seq = ++this->seq, | |
1002 | }, | |
1003 | }; | |
1004 | host_t *dst; | |
1005 | int type; | |
1006 | ||
12178303 MW |
1007 | if (prefixlen == 0 && dst_net.len) |
1008 | { | |
1009 | status_t status; | |
1010 | chunk_t half; | |
1011 | ||
1012 | half = chunk_clonea(dst_net); | |
1013 | half.ptr[0] |= 0x80; | |
1014 | prefixlen = 1; | |
1015 | status = manage_route(this, op, half, prefixlen, gateway, if_name); | |
1016 | if (status != SUCCESS) | |
1017 | { | |
1018 | return status; | |
1019 | } | |
1020 | } | |
1021 | ||
272bcac8 MW |
1022 | dst = host_create_from_chunk(AF_UNSPEC, dst_net, 0); |
1023 | if (!dst) | |
1024 | { | |
1025 | return FAILED; | |
1026 | } | |
1027 | ||
1028 | if ((dst->get_family(dst) == AF_INET && prefixlen == 32) || | |
1029 | (dst->get_family(dst) == AF_INET6 && prefixlen == 128)) | |
1030 | { | |
1031 | msg.hdr.rtm_flags |= RTF_HOST | RTF_GATEWAY; | |
1032 | } | |
1033 | ||
1034 | msg.hdr.rtm_msglen = sizeof(struct rt_msghdr); | |
1035 | for (type = 0; type < RTAX_MAX; type++) | |
1036 | { | |
1037 | switch (type) | |
1038 | { | |
1039 | case RTAX_DST: | |
1040 | add_rt_addr(&msg.hdr, RTA_DST, dst); | |
1041 | break; | |
1042 | case RTAX_NETMASK: | |
1043 | if (!(msg.hdr.rtm_flags & RTF_HOST)) | |
1044 | { | |
1045 | add_rt_mask(&msg.hdr, RTA_NETMASK, | |
1046 | dst->get_family(dst), prefixlen); | |
1047 | } | |
1048 | break; | |
1049 | case RTAX_GATEWAY: | |
1050 | /* interface name seems to replace gateway on OS X */ | |
1051 | if (if_name) | |
1052 | { | |
1053 | add_rt_ifname(&msg.hdr, RTA_GATEWAY, if_name); | |
1054 | } | |
1055 | else if (gateway) | |
1056 | { | |
1057 | add_rt_addr(&msg.hdr, RTA_GATEWAY, gateway); | |
1058 | } | |
1059 | break; | |
1060 | default: | |
1061 | break; | |
1062 | } | |
1063 | } | |
1064 | dst->destroy(dst); | |
1065 | ||
1066 | if (send(this->socket, &msg, msg.hdr.rtm_msglen, 0) != msg.hdr.rtm_msglen) | |
1067 | { | |
1068 | DBG1(DBG_KNL, "%s PF_ROUTE route failed: %s", | |
1069 | op == RTM_ADD ? "adding" : "deleting", strerror(errno)); | |
1070 | return FAILED; | |
1071 | } | |
1072 | return SUCCESS; | |
1073 | } | |
1074 | ||
e131f117 MW |
1075 | METHOD(kernel_net_t, add_route, status_t, |
1076 | private_kernel_pfroute_net_t *this, chunk_t dst_net, u_int8_t prefixlen, | |
1077 | host_t *gateway, host_t *src_ip, char *if_name) | |
d24a74c5 | 1078 | { |
272bcac8 | 1079 | return manage_route(this, RTM_ADD, dst_net, prefixlen, gateway, if_name); |
d24a74c5 TB |
1080 | } |
1081 | ||
e131f117 MW |
1082 | METHOD(kernel_net_t, del_route, status_t, |
1083 | private_kernel_pfroute_net_t *this, chunk_t dst_net, u_int8_t prefixlen, | |
1084 | host_t *gateway, host_t *src_ip, char *if_name) | |
d24a74c5 | 1085 | { |
272bcac8 | 1086 | return manage_route(this, RTM_DELETE, dst_net, prefixlen, gateway, if_name); |
d24a74c5 TB |
1087 | } |
1088 | ||
9bc342ea MW |
1089 | METHOD(kernel_net_t, get_nexthop, host_t*, |
1090 | private_kernel_pfroute_net_t *this, host_t *dest, host_t *src) | |
1091 | { | |
1092 | struct { | |
1093 | struct rt_msghdr hdr; | |
1094 | char buf[sizeof(struct sockaddr_storage) * RTAX_MAX]; | |
1095 | } msg = { | |
1096 | .hdr = { | |
1097 | .rtm_version = RTM_VERSION, | |
1098 | .rtm_type = RTM_GET, | |
1099 | .rtm_pid = this->pid, | |
1100 | .rtm_seq = ++this->seq, | |
1101 | }, | |
1102 | }; | |
1103 | host_t *hop = NULL; | |
1104 | enumerator_t *enumerator; | |
1105 | struct sockaddr *addr; | |
1106 | int type; | |
1107 | ||
1108 | msg.hdr.rtm_msglen = sizeof(struct rt_msghdr); | |
1109 | for (type = 0; type < RTAX_MAX; type++) | |
1110 | { | |
1111 | switch (type) | |
1112 | { | |
1113 | case RTAX_DST: | |
1114 | add_rt_addr(&msg.hdr, RTA_DST, dest); | |
1115 | break; | |
1116 | case RTAX_IFA: | |
1117 | add_rt_addr(&msg.hdr, RTA_IFA, src); | |
1118 | break; | |
1119 | default: | |
1120 | break; | |
1121 | } | |
1122 | } | |
1123 | this->mutex->lock(this->mutex); | |
1124 | ||
1125 | this->waiting_seq = msg.hdr.rtm_seq; | |
1126 | if (send(this->socket, &msg, msg.hdr.rtm_msglen, 0) == msg.hdr.rtm_msglen) | |
1127 | { | |
1128 | while (TRUE) | |
1129 | { | |
1130 | if (this->condvar->timed_wait(this->condvar, this->mutex, 1000)) | |
1131 | { /* timed out? */ | |
1132 | break; | |
1133 | } | |
1134 | if (this->reply->rtm_msglen < sizeof(*this->reply) || | |
1135 | msg.hdr.rtm_seq != this->reply->rtm_seq) | |
1136 | { | |
1137 | continue; | |
1138 | } | |
1139 | enumerator = create_rtmsg_enumerator(this->reply, | |
1140 | sizeof(*this->reply)); | |
1141 | while (enumerator->enumerate(enumerator, &type, &addr)) | |
1142 | { | |
1143 | if (type == RTAX_GATEWAY) | |
1144 | { | |
1145 | hop = host_create_from_sockaddr(addr); | |
1146 | break; | |
1147 | } | |
1148 | } | |
1149 | enumerator->destroy(enumerator); | |
1150 | break; | |
1151 | } | |
1152 | } | |
1153 | else | |
1154 | { | |
1155 | DBG1(DBG_KNL, "PF_ROUTE lookup failed: %s", strerror(errno)); | |
1156 | } | |
1157 | this->mutex->unlock(this->mutex); | |
1158 | ||
1159 | return hop; | |
1160 | } | |
1161 | ||
d24a74c5 TB |
1162 | /** |
1163 | * Initialize a list of local addresses. | |
1164 | */ | |
1165 | static status_t init_address_list(private_kernel_pfroute_net_t *this) | |
1166 | { | |
1167 | struct ifaddrs *ifap, *ifa; | |
1168 | iface_entry_t *iface, *current; | |
1169 | addr_entry_t *addr; | |
1170 | enumerator_t *ifaces, *addrs; | |
7daf5226 | 1171 | |
31a0e24b | 1172 | DBG2(DBG_KNL, "known interfaces and IP addresses:"); |
7daf5226 | 1173 | |
d24a74c5 TB |
1174 | if (getifaddrs(&ifap) < 0) |
1175 | { | |
1176 | DBG1(DBG_KNL, " failed to get interfaces!"); | |
1177 | return FAILED; | |
1178 | } | |
7daf5226 | 1179 | |
d24a74c5 TB |
1180 | for (ifa = ifap; ifa != NULL; ifa = ifa->ifa_next) |
1181 | { | |
1182 | if (ifa->ifa_addr == NULL) | |
1183 | { | |
1184 | continue; | |
1185 | } | |
1186 | switch(ifa->ifa_addr->sa_family) | |
1187 | { | |
1188 | case AF_LINK: | |
1189 | case AF_INET: | |
1190 | case AF_INET6: | |
1191 | { | |
d24a74c5 TB |
1192 | iface = NULL; |
1193 | ifaces = this->ifaces->create_enumerator(this->ifaces); | |
1194 | while (ifaces->enumerate(ifaces, ¤t)) | |
1195 | { | |
1196 | if (streq(current->ifname, ifa->ifa_name)) | |
1197 | { | |
1198 | iface = current; | |
1199 | break; | |
1200 | } | |
1201 | } | |
1202 | ifaces->destroy(ifaces); | |
7daf5226 | 1203 | |
d24a74c5 TB |
1204 | if (!iface) |
1205 | { | |
9650bf3c MW |
1206 | INIT(iface, |
1207 | .ifindex = if_nametoindex(ifa->ifa_name), | |
1208 | .flags = ifa->ifa_flags, | |
1209 | .addrs = linked_list_create(), | |
1210 | .usable = hydra->kernel_interface->is_interface_usable( | |
1211 | hydra->kernel_interface, ifa->ifa_name), | |
1212 | ); | |
d24a74c5 | 1213 | memcpy(iface->ifname, ifa->ifa_name, IFNAMSIZ); |
d24a74c5 TB |
1214 | this->ifaces->insert_last(this->ifaces, iface); |
1215 | } | |
7daf5226 | 1216 | |
d24a74c5 TB |
1217 | if (ifa->ifa_addr->sa_family != AF_LINK) |
1218 | { | |
9650bf3c MW |
1219 | INIT(addr, |
1220 | .ip = host_create_from_sockaddr(ifa->ifa_addr), | |
9650bf3c | 1221 | ); |
d24a74c5 | 1222 | iface->addrs->insert_last(iface->addrs, addr); |
9845391a | 1223 | addr_map_entry_add(this, addr, iface); |
d24a74c5 TB |
1224 | } |
1225 | } | |
1226 | } | |
1227 | } | |
1228 | freeifaddrs(ifap); | |
7daf5226 | 1229 | |
d24a74c5 TB |
1230 | ifaces = this->ifaces->create_enumerator(this->ifaces); |
1231 | while (ifaces->enumerate(ifaces, &iface)) | |
1232 | { | |
940e1b0f | 1233 | if (iface->usable && iface->flags & IFF_UP) |
d24a74c5 | 1234 | { |
31a0e24b | 1235 | DBG2(DBG_KNL, " %s", iface->ifname); |
d24a74c5 TB |
1236 | addrs = iface->addrs->create_enumerator(iface->addrs); |
1237 | while (addrs->enumerate(addrs, (void**)&addr)) | |
1238 | { | |
31a0e24b | 1239 | DBG2(DBG_KNL, " %H", addr->ip); |
d24a74c5 TB |
1240 | } |
1241 | addrs->destroy(addrs); | |
1242 | } | |
1243 | } | |
1244 | ifaces->destroy(ifaces); | |
7daf5226 | 1245 | |
d24a74c5 TB |
1246 | return SUCCESS; |
1247 | } | |
1248 | ||
cce8f652 | 1249 | METHOD(kernel_net_t, destroy, void, |
e131f117 | 1250 | private_kernel_pfroute_net_t *this) |
d24a74c5 | 1251 | { |
1f97e1aa | 1252 | enumerator_t *enumerator; |
bfd2cc1c | 1253 | addr_entry_t *addr; |
1f97e1aa | 1254 | |
0e107f03 | 1255 | if (this->socket != -1) |
d6a27ec6 MW |
1256 | { |
1257 | close(this->socket); | |
1258 | } | |
1f97e1aa TB |
1259 | enumerator = this->addrs->create_enumerator(this->addrs); |
1260 | while (enumerator->enumerate(enumerator, NULL, (void**)&addr)) | |
1261 | { | |
1262 | free(addr); | |
1263 | } | |
1264 | enumerator->destroy(enumerator); | |
1265 | this->addrs->destroy(this->addrs); | |
d24a74c5 | 1266 | this->ifaces->destroy_function(this->ifaces, (void*)iface_entry_destroy); |
2a2d7a4d | 1267 | this->tuns->destroy(this->tuns); |
bdf36dac | 1268 | this->lock->destroy(this->lock); |
3a7f4b5c MW |
1269 | this->mutex->destroy(this->mutex); |
1270 | this->condvar->destroy(this->condvar); | |
1271 | free(this->reply); | |
d24a74c5 TB |
1272 | free(this); |
1273 | } | |
1274 | ||
1275 | /* | |
1276 | * Described in header. | |
1277 | */ | |
1278 | kernel_pfroute_net_t *kernel_pfroute_net_create() | |
1279 | { | |
e131f117 MW |
1280 | private_kernel_pfroute_net_t *this; |
1281 | ||
1282 | INIT(this, | |
1283 | .public = { | |
1284 | .interface = { | |
580b768d | 1285 | .get_features = _get_features, |
e131f117 MW |
1286 | .get_interface = _get_interface_name, |
1287 | .create_address_enumerator = _create_address_enumerator, | |
1288 | .get_source_addr = _get_source_addr, | |
1289 | .get_nexthop = _get_nexthop, | |
1290 | .add_ip = _add_ip, | |
1291 | .del_ip = _del_ip, | |
1292 | .add_route = _add_route, | |
1293 | .del_route = _del_route, | |
1294 | .destroy = _destroy, | |
1295 | }, | |
1296 | }, | |
3a7f4b5c | 1297 | .pid = getpid(), |
e131f117 | 1298 | .ifaces = linked_list_create(), |
1f97e1aa TB |
1299 | .addrs = hashtable_create( |
1300 | (hashtable_hash_t)addr_map_entry_hash, | |
1301 | (hashtable_equals_t)addr_map_entry_equals, 16), | |
2a2d7a4d | 1302 | .tuns = linked_list_create(), |
bdf36dac | 1303 | .lock = rwlock_create(RWLOCK_TYPE_DEFAULT), |
3a7f4b5c MW |
1304 | .mutex = mutex_create(MUTEX_TYPE_DEFAULT), |
1305 | .condvar = condvar_create(CONDVAR_TYPE_DEFAULT), | |
e131f117 | 1306 | ); |
7daf5226 | 1307 | |
d24a74c5 TB |
1308 | /* create a PF_ROUTE socket to communicate with the kernel */ |
1309 | this->socket = socket(PF_ROUTE, SOCK_RAW, AF_UNSPEC); | |
0e107f03 | 1310 | if (this->socket == -1) |
d24a74c5 | 1311 | { |
d6a27ec6 MW |
1312 | DBG1(DBG_KNL, "unable to create PF_ROUTE socket"); |
1313 | destroy(this); | |
1314 | return NULL; | |
d24a74c5 | 1315 | } |
7daf5226 | 1316 | |
0e107f03 | 1317 | if (streq(hydra->daemon, "starter")) |
d24a74c5 | 1318 | { |
0e107f03 MW |
1319 | /* starter has no threads, so we do not register for kernel events */ |
1320 | if (shutdown(this->socket, SHUT_RD) != 0) | |
05ca5655 | 1321 | { |
0e107f03 MW |
1322 | DBG1(DBG_KNL, "closing read end of PF_ROUTE socket failed: %s", |
1323 | strerror(errno)); | |
05ca5655 | 1324 | } |
0e107f03 MW |
1325 | } |
1326 | else | |
1327 | { | |
26d77eb3 TB |
1328 | lib->processor->queue_job(lib->processor, |
1329 | (job_t*)callback_job_create_with_prio( | |
1330 | (callback_job_cb_t)receive_events, this, NULL, | |
1331 | (callback_job_cancel_t)return_false, JOB_PRIO_CRITICAL)); | |
05ca5655 | 1332 | } |
d24a74c5 TB |
1333 | if (init_address_list(this) != SUCCESS) |
1334 | { | |
d6a27ec6 MW |
1335 | DBG1(DBG_KNL, "unable to get interface list"); |
1336 | destroy(this); | |
1337 | return NULL; | |
d24a74c5 | 1338 | } |
7daf5226 | 1339 | |
d24a74c5 TB |
1340 | return &this->public; |
1341 | } |