]> git.ipfire.org Git - thirdparty/strongswan.git/blame - src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c
projects / thirdparty / strongswan.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
kernel-pfroute: Ignore virtual IPs in address map
[thirdparty/strongswan.git] / src / libhydra / plugins / kernel_pfroute / kernel_pfroute_net.c
CommitLineData
d24a74c5 1/*
0745f846 2 * Copyright (C) 2009-2013 Tobias Brunner
d24a74c5
TB		 3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
d24a74c5
TB		 14 */
15
16#include <sys/types.h>
17#include <sys/socket.h>
18#include <net/if.h>
272bcac8 19#include <net/if_dl.h>
d24a74c5
TB		 20#include <ifaddrs.h>
21#include <net/route.h>
22#include <unistd.h>
d24a74c5
TB		 23#include <errno.h>
24
25#include "kernel_pfroute_net.h"
26
c5f7146b 27#include <hydra.h>
f05b4272 28#include <utils/debug.h>
2e7cc07e 29#include <networking/host.h>
2a2d7a4d 30#include <networking/tun_device.h>
4a5a5dd2 31#include <threading/thread.h>
eba64cef 32#include <threading/mutex.h>
3a7f4b5c 33#include <threading/condvar.h>
bdf36dac 34#include <threading/rwlock.h>
12642a68
TB		 35#include <collections/hashtable.h>
36#include <collections/linked_list.h>
d24a74c5 37#include <processing/jobs/callback_job.h>
d24a74c5
TB		 38
39#ifndef HAVE_STRUCT_SOCKADDR_SA_LEN
40#error Cannot compile this plugin on systems where 'struct sockaddr' has no sa_len member.
41#endif
42
aa33d2e6 43/** properly align sockaddrs */
4b3fea3d
TB		 44#ifdef __APPLE__
45/* Apple always uses 4 bytes */
aa33d2e6 46#define SA_ALIGN 4
4b3fea3d
TB		 47#else
48/* while on other platforms like FreeBSD it depends on the architecture */
49#define SA_ALIGN sizeof(long)
50#endif
aa33d2e6
TB		 51#define SA_LEN(len) ((len) > 0 ? (((len)+SA_ALIGN-1) & ~(SA_ALIGN-1)) : SA_ALIGN)
52
ba26508d 53/** delay before firing roam events (ms) */
d24a74c5
TB		 54#define ROAM_DELAY 100
55
0745f846
TB		 56/** delay before reinstalling routes (ms) */
57#define ROUTE_DELAY 100
58
d24a74c5
TB		 59typedef struct addr_entry_t addr_entry_t;
60
61/**
62 * IP address in an inface_entry_t
63 */
64struct addr_entry_t {
7daf5226 65
d24a74c5
TB		 66 /** The ip address */
67 host_t *ip;
7daf5226 68
d24a74c5
TB		 69 /** virtual IP managed by us */
70 bool virtual;
d24a74c5
TB		 71};
72
73/**
74 * destroy a addr_entry_t object
75 */
76static void addr_entry_destroy(addr_entry_t *this)
77{
78 this->ip->destroy(this->ip);
79 free(this);
80}
81
82typedef struct iface_entry_t iface_entry_t;
83
84/**
85 * A network interface on this system, containing addr_entry_t's
86 */
87struct iface_entry_t {
7daf5226 88
d24a74c5
TB		 89 /** interface index */
90 int ifindex;
7daf5226 91
d24a74c5
TB		 92 /** name of the interface */
93 char ifname[IFNAMSIZ];
7daf5226 94
d24a74c5
TB		 95 /** interface flags, as in netdevice(7) SIOCGIFFLAGS */
96 u_int flags;
7daf5226 97
d24a74c5
TB		 98 /** list of addresses as host_t */
99 linked_list_t *addrs;
940e1b0f
TB		 100
101 /** TRUE if usable by config */
102 bool usable;
d24a74c5
TB		 103};
104
105/**
106 * destroy an interface entry
107 */
108static void iface_entry_destroy(iface_entry_t *this)
109{
110 this->addrs->destroy_function(this->addrs, (void*)addr_entry_destroy);
111 free(this);
112}
113
1f97e1aa
TB		 114/**
115 * check if an interface is up
116 */
117static inline bool iface_entry_up(iface_entry_t *iface)
118{
119 return (iface->flags & IFF_UP) == IFF_UP;
120}
121
940e1b0f
TB		 122/**
123 * check if an interface is up and usable
124 */
125static inline bool iface_entry_up_and_usable(iface_entry_t *iface)
126{
1f97e1aa
TB		 127 return iface->usable && iface_entry_up(iface);
128}
129
130typedef struct addr_map_entry_t addr_map_entry_t;
131
132/**
133 * Entry that maps an IP address to an interface entry
134 */
135struct addr_map_entry_t {
136 /** The IP address */
137 host_t *ip;
138
e9c1ca02
TB		 139 /** The address entry for this IP address */
140 addr_entry_t *addr;
141
1f97e1aa
TB		 142 /** The interface this address is installed on */
143 iface_entry_t *iface;
144};
145
146/**
147 * Hash a addr_map_entry_t object, all entries with the same IP address
148 * are stored in the same bucket
149 */
150static u_int addr_map_entry_hash(addr_map_entry_t *this)
151{
152 return chunk_hash(this->ip->get_address(this->ip));
153}
154
155/**
156 * Compare two addr_map_entry_t objects, two entries are equal if they are
157 * installed on the same interface
158 */
159static bool addr_map_entry_equals(addr_map_entry_t *a, addr_map_entry_t *b)
160{
161 return a->iface->ifindex == b->iface->ifindex &&
162 a->ip->ip_equals(a->ip, b->ip);
940e1b0f
TB		 163}
164
1f97e1aa
TB		 165/**
166 * Used with get_match this finds an address entry if it is installed on
167 * an up and usable interface
168 */
169static bool addr_map_entry_match_up_and_usable(addr_map_entry_t *a,
170 addr_map_entry_t *b)
171{
e9c1ca02
TB		 172 return !b->addr->virtual && iface_entry_up_and_usable(b->iface) &&
173 a->ip->ip_equals(a->ip, b->ip);
1f97e1aa
TB		 174}
175
176/**
177 * Used with get_match this finds an address entry if it is installed on
178 * any active local interface
179 */
180static bool addr_map_entry_match_up(addr_map_entry_t *a, addr_map_entry_t *b)
181{
e9c1ca02
TB		 182 return !b->addr->virtual && iface_entry_up(b->iface) &&
183 a->ip->ip_equals(a->ip, b->ip);
1f97e1aa 184}
d24a74c5 185
0745f846
TB		 186typedef struct route_entry_t route_entry_t;
187
188/**
189 * Installed routing entry
190 */
191struct route_entry_t {
192 /** Name of the interface the route is bound to */
193 char *if_name;
194
195 /** Gateway for this route */
196 host_t *gateway;
197
198 /** Destination net */
199 chunk_t dst_net;
200
201 /** Destination net prefixlen */
202 u_int8_t prefixlen;
203};
204
205/**
206 * Clone a route_entry_t object.
207 */
208static route_entry_t *route_entry_clone(route_entry_t *this)
209{
210 route_entry_t *route;
211
212 INIT(route,
213 .if_name = strdup(this->if_name),
214 .gateway = this->gateway ? this->gateway->clone(this->gateway) : NULL,
215 .dst_net = chunk_clone(this->dst_net),
216 .prefixlen = this->prefixlen,
217 );
218 return route;
219}
220
221/**
222 * Destroy a route_entry_t object
223 */
224static void route_entry_destroy(route_entry_t *this)
225{
226 free(this->if_name);
227 DESTROY_IF(this->gateway);
228 chunk_free(&this->dst_net);
229 free(this);
230}
231
232/**
233 * Hash a route_entry_t object
234 */
235static u_int route_entry_hash(route_entry_t *this)
236{
237 return chunk_hash_inc(chunk_from_thing(this->prefixlen),
238 chunk_hash(this->dst_net));
239}
240
241/**
242 * Compare two route_entry_t objects
243 */
244static bool route_entry_equals(route_entry_t *a, route_entry_t *b)
245{
246 if (a->if_name && b->if_name && streq(a->if_name, b->if_name) &&
247 chunk_equals(a->dst_net, b->dst_net) && a->prefixlen == b->prefixlen)
248 {
249 return (!a->gateway && !b->gateway) || (a->gateway && b->gateway &&
250 a->gateway->ip_equals(a->gateway, b->gateway));
251 }
252 return FALSE;
253}
254
255typedef struct net_change_t net_change_t;
256
257/**
258 * Queued network changes
259 */
260struct net_change_t {
261 /** Name of the interface that got activated (or an IP appeared on) */
262 char *if_name;
263};
264
265/**
266 * Destroy a net_change_t object
267 */
268static void net_change_destroy(net_change_t *this)
269{
270 free(this->if_name);
271 free(this);
272}
273
274/**
275 * Hash a net_change_t object
276 */
277static u_int net_change_hash(net_change_t *this)
278{
279 return chunk_hash(chunk_create(this->if_name, strlen(this->if_name)));
280}
281
282/**
283 * Compare two net_change_t objects
284 */
285static bool net_change_equals(net_change_t *a, net_change_t *b)
286{
287 return streq(a->if_name, b->if_name);
288}
289
d24a74c5
TB		 290typedef struct private_kernel_pfroute_net_t private_kernel_pfroute_net_t;
291
292/**
293 * Private variables and functions of kernel_pfroute class.
294 */
295struct private_kernel_pfroute_net_t
296{
297 /**
298 * Public part of the kernel_pfroute_t object.
299 */
300 kernel_pfroute_net_t public;
7daf5226 301
d24a74c5 302 /**
bdf36dac 303 * lock to access lists and maps
d24a74c5 304 */
bdf36dac 305 rwlock_t *lock;
7daf5226 306
d24a74c5
TB		 307 /**
308 * Cached list of interfaces and their addresses (iface_entry_t)
309 */
310 linked_list_t *ifaces;
7daf5226 311
1f97e1aa
TB		 312 /**
313 * Map for IP addresses to iface_entry_t objects (addr_map_entry_t)
314 */
315 hashtable_t *addrs;
316
2a2d7a4d
MW		 317 /**
318 * List of tun devices we installed for virtual IPs
319 */
320 linked_list_t *tuns;
321
d24a74c5 322 /**
3a7f4b5c 323 * mutex to communicate exclusively with PF_KEY
d24a74c5 324 */
3a7f4b5c
MW		 325 mutex_t *mutex;
326
327 /**
328 * condvar to signal if PF_KEY query got a response
329 */
330 condvar_t *condvar;
331
0745f846
TB		 332 /**
333 * installed routes
334 */
335 hashtable_t *routes;
336
337 /**
338 * mutex for routes
339 */
340 mutex_t *routes_lock;
341
342 /**
343 * interface changes which may trigger route reinstallation
344 */
345 hashtable_t *net_changes;
346
347 /**
348 * mutex for route reinstallation triggers
349 */
350 mutex_t *net_changes_lock;
351
352 /**
353 * time of last route reinstallation
354 */
355 timeval_t last_route_reinstall;
356
3a7f4b5c
MW		 357 /**
358 * pid to send PF_ROUTE messages with
359 */
360 pid_t pid;
7daf5226 361
d24a74c5
TB		 362 /**
363 * PF_ROUTE socket to communicate with the kernel
364 */
365 int socket;
7daf5226 366
d24a74c5
TB		 367 /**
368 * sequence number for messages sent to the kernel
369 */
370 int seq;
7daf5226 371
3a7f4b5c
MW		 372 /**
373 * Sequence number a query is waiting for
374 */
375 int waiting_seq;
376
377 /**
378 * Allocated reply message from kernel
379 */
380 struct rt_msghdr *reply;
381
d24a74c5 382 /**
ba26508d 383 * time of last roam event
d24a74c5 384 */
de578445 385 timeval_t last_roam;
baa6419e
TB		 386
387 /**
388 * Time in ms to wait for IP addresses to appear/disappear
389 */
390 int vip_wait;
d24a74c5
TB		 391};
392
0745f846
TB		 393
394/**
395 * Forward declaration
396 */
397static status_t manage_route(private_kernel_pfroute_net_t *this, int op,
398 chunk_t dst_net, u_int8_t prefixlen,
399 host_t *gateway, char *if_name);
400
401/**
402 * Clear the queued network changes.
403 */
404static void net_changes_clear(private_kernel_pfroute_net_t *this)
405{
406 enumerator_t *enumerator;
407 net_change_t *change;
408
409 enumerator = this->net_changes->create_enumerator(this->net_changes);
410 while (enumerator->enumerate(enumerator, NULL, (void**)&change))
411 {
412 this->net_changes->remove_at(this->net_changes, enumerator);
413 net_change_destroy(change);
414 }
415 enumerator->destroy(enumerator);
416}
417
418/**
419 * Act upon queued network changes.
420 */
421static job_requeue_t reinstall_routes(private_kernel_pfroute_net_t *this)
422{
423 enumerator_t *enumerator;
424 route_entry_t *route;
425
426 this->net_changes_lock->lock(this->net_changes_lock);
427 this->routes_lock->lock(this->routes_lock);
428
429 enumerator = this->routes->create_enumerator(this->routes);
430 while (enumerator->enumerate(enumerator, NULL, (void**)&route))
431 {
432 net_change_t *change, lookup = {
433 .if_name = route->if_name,
434 };
435 /* check if a change for the outgoing interface is queued */
436 change = this->net_changes->get(this->net_changes, &lookup);
437 if (change)
438 {
439 manage_route(this, RTM_ADD, route->dst_net, route->prefixlen,
440 route->gateway, route->if_name);
441 }
442 }
443 enumerator->destroy(enumerator);
444 this->routes_lock->unlock(this->routes_lock);
445
446 net_changes_clear(this);
447 this->net_changes_lock->unlock(this->net_changes_lock);
448 return JOB_REQUEUE_NONE;
449}
450
451/**
452 * Queue route reinstallation caused by network changes for a given interface.
453 *
454 * The route reinstallation is delayed for a while and only done once for
455 * several calls during this delay, in order to avoid doing it too often.
456 * The interface name is freed.
457 */
458static void queue_route_reinstall(private_kernel_pfroute_net_t *this,
459 char *if_name)
460{
461 net_change_t *update, *found;
462 timeval_t now;
463 job_t *job;
464
465 INIT(update,
466 .if_name = if_name
467 );
468
469 this->net_changes_lock->lock(this->net_changes_lock);
470 found = this->net_changes->put(this->net_changes, update, update);
471 if (found)
472 {
473 net_change_destroy(found);
474 }
475 time_monotonic(&now);
476 if (timercmp(&now, &this->last_route_reinstall, >))
477 {
478 timeval_add_ms(&now, ROUTE_DELAY);
479 this->last_route_reinstall = now;
480
481 job = (job_t*)callback_job_create((callback_job_cb_t)reinstall_routes,
482 this, NULL, NULL);
483 lib->scheduler->schedule_job_ms(lib->scheduler, job, ROUTE_DELAY);
484 }
485 this->net_changes_lock->unlock(this->net_changes_lock);
486}
487
1f97e1aa
TB		 488/**
489 * Add an address map entry
490 */
bfd2cc1c 491static void addr_map_entry_add(private_kernel_pfroute_net_t *this,
1f97e1aa
TB		 492 addr_entry_t *addr, iface_entry_t *iface)
493{
494 addr_map_entry_t *entry;
495
1f97e1aa
TB		 496 INIT(entry,
497 .ip = addr->ip,
e9c1ca02 498 .addr = addr,
1f97e1aa
TB		 499 .iface = iface,
500 );
501 entry = this->addrs->put(this->addrs, entry, entry);
502 free(entry);
503}
504
505/**
506 * Remove an address map entry (the argument order is a bit strange because
507 * it is also used with linked_list_t.invoke_function)
508 */
509static void addr_map_entry_remove(addr_entry_t *addr, iface_entry_t *iface,
bfd2cc1c 510 private_kernel_pfroute_net_t *this)
1f97e1aa
TB		 511{
512 addr_map_entry_t *entry, lookup = {
513 .ip = addr->ip,
e9c1ca02 514 .addr = addr,
1f97e1aa
TB		 515 .iface = iface,
516 };
517
1f97e1aa
TB		 518 entry = this->addrs->remove(this->addrs, &lookup);
519 free(entry);
520}
521
d24a74c5 522/**
ba26508d 523 * callback function that raises the delayed roam event
d24a74c5 524 */
ba26508d
TB		 525static job_requeue_t roam_event(uintptr_t address)
526{
f6659688 527 hydra->kernel_interface->roam(hydra->kernel_interface, address != 0);
ba26508d
TB		 528 return JOB_REQUEUE_NONE;
529}
530
531/**
532 * fire a roaming event. we delay it for a bit and fire only one event
533 * for multiple calls. otherwise we would create too many events.
534 */
535static void fire_roam_event(private_kernel_pfroute_net_t *this, bool address)
d24a74c5 536{
de578445 537 timeval_t now;
ba26508d 538 job_t *job;
7daf5226 539
de578445
MW		 540 time_monotonic(&now);
541 if (timercmp(&now, &this->last_roam, >))
d24a74c5 542 {
eecd41e3 543 timeval_add_ms(&now, ROAM_DELAY);
de578445 544 this->last_roam = now;
ba26508d
TB		 545
546 job = (job_t*)callback_job_create((callback_job_cb_t)roam_event,
547 (void*)(uintptr_t)(address ? 1 : 0),
548 NULL, NULL);
bb381e26 549 lib->scheduler->schedule_job_ms(lib->scheduler, job, ROAM_DELAY);
d24a74c5
TB		 550 }
551}
552
b1c6b68e
MW		 553/**
554 * Data for enumerator over rtmsg sockaddrs
555 */
556typedef struct {
557 /** implements enumerator */
558 enumerator_t public;
559 /** copy of attribute bitfield */
560 int types;
561 /** bytes remaining in buffer */
562 int remaining;
563 /** next sockaddr to enumerate */
564 struct sockaddr *addr;
565} rt_enumerator_t;
566
567METHOD(enumerator_t, rt_enumerate, bool,
568 rt_enumerator_t *this, int *xtype, struct sockaddr **addr)
569{
570 int i, type;
571
572 if (this->remaining < sizeof(this->addr->sa_len) ||
573 this->remaining < this->addr->sa_len)
574 {
575 return FALSE;
576 }
577 for (i = 0; i < RTAX_MAX; i++)
578 {
579 type = (1 << i);
580 if (this->types & type)
581 {
582 this->types &= ~type;
583 *addr = this->addr;
584 *xtype = i;
aa33d2e6 585 this->remaining -= SA_LEN(this->addr->sa_len);
4b3fea3d
TB		 586 this->addr = (struct sockaddr*)((char*)this->addr +
587 SA_LEN(this->addr->sa_len));
b1c6b68e
MW		 588 return TRUE;
589 }
590 }
591 return FALSE;
592}
593
594/**
595 * Create a safe enumerator over sockaddrs in ifa/ifam/rt_msg
596 */
597static enumerator_t *create_rtmsg_enumerator(void *hdr, size_t hdrlen)
598{
599 struct rt_msghdr *rthdr = hdr;
600 rt_enumerator_t *this;
601
602 INIT(this,
603 .public = {
604 .enumerate = (void*)_rt_enumerate,
605 .destroy = (void*)free,
606 },
607 .types = rthdr->rtm_addrs,
608 .remaining = rthdr->rtm_msglen - hdrlen,
609 .addr = hdr + hdrlen,
610 );
611 return &this->public;
612}
613
d24a74c5
TB		 614/**
615 * Process an RTM_*ADDR message from the kernel
616 */
617static void process_addr(private_kernel_pfroute_net_t *this,
b1c6b68e 618 struct ifa_msghdr *ifa)
d24a74c5 619{
b1c6b68e 620 struct sockaddr *sockaddr;
d24a74c5
TB		 621 host_t *host = NULL;
622 enumerator_t *ifaces, *addrs;
623 iface_entry_t *iface;
624 addr_entry_t *addr;
625 bool found = FALSE, changed = FALSE, roam = FALSE;
b1c6b68e 626 enumerator_t *enumerator;
0745f846 627 char *ifname = NULL;
b1c6b68e 628 int type;
7daf5226 629
b1c6b68e
MW		 630 enumerator = create_rtmsg_enumerator(ifa, sizeof(*ifa));
631 while (enumerator->enumerate(enumerator, &type, &sockaddr))
d24a74c5 632 {
b1c6b68e 633 if (type == RTAX_IFA)
d24a74c5 634 {
b1c6b68e
MW		 635 host = host_create_from_sockaddr(sockaddr);
636 break;
d24a74c5
TB		 637 }
638 }
b1c6b68e 639 enumerator->destroy(enumerator);
7daf5226 640
d24a74c5
TB		 641 if (!host)
642 {
643 return;
644 }
7daf5226 645
bdf36dac 646 this->lock->write_lock(this->lock);
d24a74c5
TB		 647 ifaces = this->ifaces->create_enumerator(this->ifaces);
648 while (ifaces->enumerate(ifaces, &iface))
649 {
650 if (iface->ifindex == ifa->ifam_index)
651 {
652 addrs = iface->addrs->create_enumerator(iface->addrs);
653 while (addrs->enumerate(addrs, &addr))
654 {
655 if (host->ip_equals(host, addr->ip))
656 {
657 found = TRUE;
658 if (ifa->ifam_type == RTM_DELADDR)
659 {
660 iface->addrs->remove_at(iface->addrs, addrs);
940e1b0f 661 if (!addr->virtual && iface->usable)
d24a74c5
TB		 662 {
663 changed = TRUE;
664 DBG1(DBG_KNL, "%H disappeared from %s",
665 host, iface->ifname);
666 }
1f97e1aa 667 addr_map_entry_remove(addr, iface, this);
d24a74c5
TB		 668 addr_entry_destroy(addr);
669 }
d24a74c5
TB		 670 }
671 }
672 addrs->destroy(addrs);
7daf5226 673
d24a74c5
TB		 674 if (!found && ifa->ifam_type == RTM_NEWADDR)
675 {
9650bf3c
MW		 676 INIT(addr,
677 .ip = host->clone(host),
9650bf3c 678 );
d24a74c5 679 changed = TRUE;
0745f846 680 ifname = strdup(iface->ifname);
d24a74c5 681 iface->addrs->insert_last(iface->addrs, addr);
1f97e1aa 682 addr_map_entry_add(this, addr, iface);
940e1b0f
TB		 683 if (iface->usable)
684 {
685 DBG1(DBG_KNL, "%H appeared on %s", host, iface->ifname);
686 }
d24a74c5 687 }
7daf5226 688
940e1b0f 689 if (changed && iface_entry_up_and_usable(iface))
d24a74c5
TB		 690 {
691 roam = TRUE;
692 }
693 break;
694 }
695 }
696 ifaces->destroy(ifaces);
bdf36dac 697 this->lock->unlock(this->lock);
d24a74c5 698 host->destroy(host);
7daf5226 699
0745f846
TB		 700 if (roam && ifname)
701 {
702 queue_route_reinstall(this, ifname);
703 }
704 else
705 {
706 free(ifname);
707 }
708
d24a74c5
TB		 709 if (roam)
710 {
ba26508d 711 fire_roam_event(this, TRUE);
d24a74c5
TB		 712 }
713}
714
6e879a59
MW		 715/**
716 * Re-initialize address list of an interface if it changes state
717 */
718static void repopulate_iface(private_kernel_pfroute_net_t *this,
719 iface_entry_t *iface)
720{
721 struct ifaddrs *ifap, *ifa;
722 addr_entry_t *addr;
723
724 while (iface->addrs->remove_last(iface->addrs, (void**)&addr) == SUCCESS)
725 {
726 addr_map_entry_remove(addr, iface, this);
727 addr_entry_destroy(addr);
728 }
729
730 if (getifaddrs(&ifap) == 0)
731 {
732 for (ifa = ifap; ifa != NULL; ifa = ifa->ifa_next)
733 {
734 if (ifa->ifa_addr && streq(ifa->ifa_name, iface->ifname))
735 {
736 switch (ifa->ifa_addr->sa_family)
737 {
738 case AF_INET:
739 case AF_INET6:
740 INIT(addr,
741 .ip = host_create_from_sockaddr(ifa->ifa_addr),
6e879a59
MW		 742 );
743 iface->addrs->insert_last(iface->addrs, addr);
744 addr_map_entry_add(this, addr, iface);
745 break;
746 default:
747 break;
748 }
749 }
750 }
751 freeifaddrs(ifap);
752 }
753}
754
d24a74c5
TB		 755/**
756 * Process an RTM_IFINFO message from the kernel
757 */
758static void process_link(private_kernel_pfroute_net_t *this,
b1c6b68e 759 struct if_msghdr *msg)
d24a74c5 760{
d24a74c5
TB		 761 enumerator_t *enumerator;
762 iface_entry_t *iface;
0745f846 763 bool roam = FALSE, found = FALSE, update_routes = FALSE;
7daf5226 764
bdf36dac 765 this->lock->write_lock(this->lock);
d24a74c5
TB		 766 enumerator = this->ifaces->create_enumerator(this->ifaces);
767 while (enumerator->enumerate(enumerator, &iface))
768 {
769 if (iface->ifindex == msg->ifm_index)
770 {
940e1b0f 771 if (iface->usable)
d24a74c5 772 {
940e1b0f
TB		 773 if (!(iface->flags & IFF_UP) && (msg->ifm_flags & IFF_UP))
774 {
0745f846 775 roam = update_routes = TRUE;
940e1b0f
TB		 776 DBG1(DBG_KNL, "interface %s activated", iface->ifname);
777 }
778 else if ((iface->flags & IFF_UP) && !(msg->ifm_flags & IFF_UP))
779 {
780 roam = TRUE;
781 DBG1(DBG_KNL, "interface %s deactivated", iface->ifname);
782 }
d24a74c5
TB		 783 }
784 iface->flags = msg->ifm_flags;
6e879a59 785 repopulate_iface(this, iface);
0fd409db 786 found = TRUE;
d24a74c5
TB		 787 break;
788 }
789 }
790 enumerator->destroy(enumerator);
0fd409db
MW		 791
792 if (!found)
793 {
794 INIT(iface,
795 .ifindex = msg->ifm_index,
796 .flags = msg->ifm_flags,
797 .addrs = linked_list_create(),
798 );
799 if (if_indextoname(iface->ifindex, iface->ifname))
800 {
801 DBG1(DBG_KNL, "interface %s appeared", iface->ifname);
802 iface->usable = hydra->kernel_interface->is_interface_usable(
803 hydra->kernel_interface, iface->ifname);
6e879a59 804 repopulate_iface(this, iface);
0fd409db 805 this->ifaces->insert_last(this->ifaces, iface);
7b9c3fb4
TB		 806 if (iface->usable)
807 {
0745f846 808 roam = update_routes = TRUE;
7b9c3fb4 809 }
0fd409db
MW		 810 }
811 else
812 {
813 free(iface);
814 }
815 }
bdf36dac 816 this->lock->unlock(this->lock);
7daf5226 817
0745f846
TB		 818 if (update_routes)
819 {
820 queue_route_reinstall(this, strdup(iface->ifname));
821 }
822
d24a74c5
TB		 823 if (roam)
824 {
ba26508d 825 fire_roam_event(this, TRUE);
d24a74c5
TB		 826 }
827}
828
829/**
830 * Process an RTM_*ROUTE message from the kernel
831 */
832static void process_route(private_kernel_pfroute_net_t *this,
833 struct rt_msghdr *msg)
834{
835
836}
837
838/**
b1c6b68e 839 * Receives PF_ROUTE messages from kernel
d24a74c5
TB		 840 */
841static job_requeue_t receive_events(private_kernel_pfroute_net_t *this)
842{
b1c6b68e
MW		 843 struct {
844 union {
845 struct rt_msghdr rtm;
846 struct if_msghdr ifm;
847 struct ifa_msghdr ifam;
848 };
849 char buf[sizeof(struct sockaddr_storage) * RTAX_MAX];
850 } msg;
851 int len, hdrlen;
4a5a5dd2 852 bool oldstate;
7daf5226 853
4a5a5dd2 854 oldstate = thread_cancelability(TRUE);
b1c6b68e 855 len = recv(this->socket, &msg, sizeof(msg), 0);
4a5a5dd2 856 thread_cancelability(oldstate);
7daf5226 857
d24a74c5
TB		 858 if (len < 0)
859 {
860 switch (errno)
861 {
862 case EINTR:
d24a74c5 863 case EAGAIN:
d24a74c5
TB		 864 return JOB_REQUEUE_DIRECT;
865 default:
866 DBG1(DBG_KNL, "unable to receive from PF_ROUTE event socket");
867 sleep(1);
868 return JOB_REQUEUE_FAIR;
869 }
870 }
7daf5226 871
b1c6b68e 872 if (len < offsetof(struct rt_msghdr, rtm_flags) || len < msg.rtm.rtm_msglen)
d24a74c5 873 {
b1c6b68e 874 DBG1(DBG_KNL, "received invalid PF_ROUTE message");
d24a74c5
TB		 875 return JOB_REQUEUE_DIRECT;
876 }
b1c6b68e
MW		 877 if (msg.rtm.rtm_version != RTM_VERSION)
878 {
879 DBG1(DBG_KNL, "received PF_ROUTE message with unsupported version: %d",
880 msg.rtm.rtm_version);
881 return JOB_REQUEUE_DIRECT;
882 }
883 switch (msg.rtm.rtm_type)
d24a74c5
TB		 884 {
885 case RTM_NEWADDR:
886 case RTM_DELADDR:
b1c6b68e 887 hdrlen = sizeof(msg.ifam);
d24a74c5
TB		 888 break;
889 case RTM_IFINFO:
b1c6b68e 890 hdrlen = sizeof(msg.ifm);
d24a74c5
TB		 891 break;
892 case RTM_ADD:
893 case RTM_DELETE:
b1c6b68e
MW		 894 case RTM_GET:
895 hdrlen = sizeof(msg.rtm);
896 break;
897 default:
898 return JOB_REQUEUE_DIRECT;
899 }
900 if (msg.rtm.rtm_msglen < hdrlen)
901 {
902 DBG1(DBG_KNL, "ignoring short PF_ROUTE message");
903 return JOB_REQUEUE_DIRECT;
904 }
905 switch (msg.rtm.rtm_type)
906 {
907 case RTM_NEWADDR:
908 case RTM_DELADDR:
909 process_addr(this, &msg.ifam);
910 break;
911 case RTM_IFINFO:
912 process_link(this, &msg.ifm);
913 break;
914 case RTM_ADD:
915 case RTM_DELETE:
916 process_route(this, &msg.rtm);
917 break;
d24a74c5
TB		 918 default:
919 break;
920 }
3a7f4b5c
MW		 921
922 this->mutex->lock(this->mutex);
923 if (msg.rtm.rtm_pid == this->pid && msg.rtm.rtm_seq == this->waiting_seq)
924 {
925 /* seems like the message someone is waiting for, deliver */
926 this->reply = realloc(this->reply, msg.rtm.rtm_msglen);
927 memcpy(this->reply, &msg, msg.rtm.rtm_msglen);
3a7f4b5c 928 }
2a2d7a4d 929 /* signal on any event, add_ip()/del_ip() might wait for it */
c9a323c1 930 this->condvar->broadcast(this->condvar);
3a7f4b5c
MW		 931 this->mutex->unlock(this->mutex);
932
d24a74c5
TB		 933 return JOB_REQUEUE_DIRECT;
934}
935
936
937/** enumerator over addresses */
938typedef struct {
939 private_kernel_pfroute_net_t* this;
4106aea8 940 /** which addresses to enumerate */
bfd2cc1c 941 kernel_address_type_t which;
d24a74c5
TB		 942} address_enumerator_t;
943
944/**
945 * cleanup function for address enumerator
946 */
947static void address_enumerator_destroy(address_enumerator_t *data)
948{
bdf36dac 949 data->this->lock->unlock(data->this->lock);
d24a74c5
TB		 950 free(data);
951}
952
953/**
954 * filter for addresses
955 */
e131f117
MW		 956static bool filter_addresses(address_enumerator_t *data,
957 addr_entry_t** in, host_t** out)
d24a74c5
TB		 958{
959 host_t *ip;
4106aea8 960 if (!(data->which & ADDR_TYPE_VIRTUAL) && (*in)->virtual)
d24a74c5 961 { /* skip virtual interfaces added by us */
1a2a8bff
MW		 962 return FALSE;
963 }
964 if (!(data->which & ADDR_TYPE_REGULAR) && !(*in)->virtual)
965 { /* address is regular, but not requested */
d24a74c5
TB		 966 return FALSE;
967 }
968 ip = (*in)->ip;
969 if (ip->get_family(ip) == AF_INET6)
970 {
971 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)ip->get_sockaddr(ip);
972 if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr))
973 { /* skip addresses with a unusable scope */
974 return FALSE;
975 }
976 }
977 *out = ip;
978 return TRUE;
979}
980
981/**
982 * enumerator constructor for interfaces
983 */
e131f117
MW		 984static enumerator_t *create_iface_enumerator(iface_entry_t *iface,
985 address_enumerator_t *data)
d24a74c5
TB		 986{
987 return enumerator_create_filter(iface->addrs->create_enumerator(iface->addrs),
988 (void*)filter_addresses, data, NULL);
989}
990
991/**
992 * filter for interfaces
993 */
e131f117
MW		 994static bool filter_interfaces(address_enumerator_t *data, iface_entry_t** in,
995 iface_entry_t** out)
d24a74c5 996{
4106aea8 997 if (!(data->which & ADDR_TYPE_IGNORED) && !(*in)->usable)
940e1b0f
TB		 998 { /* skip interfaces excluded by config */
999 return FALSE;
1000 }
4106aea8 1001 if (!(data->which & ADDR_TYPE_LOOPBACK) && ((*in)->flags & IFF_LOOPBACK))
aed33805
TB		 1002 { /* ignore loopback devices */
1003 return FALSE;
1004 }
4106aea8
TB		 1005 if (!(data->which & ADDR_TYPE_DOWN) && !((*in)->flags & IFF_UP))
1006 { /* skip interfaces not up */
d24a74c5
TB		 1007 return FALSE;
1008 }
1009 *out = *in;
1010 return TRUE;
1011}
1012
e131f117 1013METHOD(kernel_net_t, create_address_enumerator, enumerator_t*,
bfd2cc1c 1014 private_kernel_pfroute_net_t *this, kernel_address_type_t which)
d24a74c5 1015{
9650bf3c
MW		 1016 address_enumerator_t *data;
1017
1018 INIT(data,
1019 .this = this,
1020 .which = which,
1021 );
d24a74c5 1022
bdf36dac 1023 this->lock->read_lock(this->lock);
d24a74c5 1024 return enumerator_create_nested(
e131f117
MW		 1025 enumerator_create_filter(
1026 this->ifaces->create_enumerator(this->ifaces),
1027 (void*)filter_interfaces, data, NULL),
1028 (void*)create_iface_enumerator, data,
1029 (void*)address_enumerator_destroy);
d24a74c5
TB		 1030}
1031
580b768d
MW		 1032METHOD(kernel_net_t, get_features, kernel_feature_t,
1033 private_kernel_pfroute_net_t *this)
1034{
1035 return KERNEL_REQUIRE_EXCLUDE_ROUTE;
1036}
1037
9ba36c0f
TB		 1038METHOD(kernel_net_t, get_interface_name, bool,
1039 private_kernel_pfroute_net_t *this, host_t* ip, char **name)
d24a74c5 1040{
1f97e1aa
TB		 1041 addr_map_entry_t *entry, lookup = {
1042 .ip = ip,
1043 };
d24a74c5 1044
645d7a5e
TB		 1045 if (ip->is_anyaddr(ip))
1046 {
1047 return FALSE;
1048 }
bdf36dac 1049 this->lock->read_lock(this->lock);
1f97e1aa
TB		 1050 /* first try to find it on an up and usable interface */
1051 entry = this->addrs->get_match(this->addrs, &lookup,
1052 (void*)addr_map_entry_match_up_and_usable);
1053 if (entry)
d24a74c5 1054 {
1f97e1aa 1055 if (name)
940e1b0f 1056 {
1f97e1aa 1057 *name = strdup(entry->iface->ifname);
940e1b0f
TB		 1058 DBG2(DBG_KNL, "%H is on interface %s", ip, *name);
1059 }
bdf36dac 1060 this->lock->unlock(this->lock);
1f97e1aa 1061 return TRUE;
d24a74c5 1062 }
1f97e1aa
TB		 1063 /* maybe it is installed on an ignored interface */
1064 entry = this->addrs->get_match(this->addrs, &lookup,
1065 (void*)addr_map_entry_match_up);
1066 if (!entry)
1067 { /* the address does not exist, is on a down interface */
1068 DBG2(DBG_KNL, "%H is not a local address or the interface is down", ip);
1069 }
bdf36dac 1070 this->lock->unlock(this->lock);
1f97e1aa 1071 return FALSE;
d24a74c5
TB		 1072}
1073
e131f117 1074METHOD(kernel_net_t, add_ip, status_t,
2a2d7a4d 1075 private_kernel_pfroute_net_t *this, host_t *vip, int prefix,
77b6f196 1076 char *ifname)
d24a74c5 1077{
77b6f196
MW		 1078 enumerator_t *ifaces, *addrs;
1079 iface_entry_t *iface;
1080 addr_entry_t *addr;
2a2d7a4d
MW		 1081 tun_device_t *tun;
1082 bool timeout = FALSE;
1083
1084 tun = tun_device_create(NULL);
1085 if (!tun)
1086 {
1087 return FAILED;
1088 }
1089 if (prefix == -1)
1090 {
1091 prefix = vip->get_address(vip).len * 8;
1092 }
93e4df37 1093 if (!tun->up(tun) || !tun->set_address(tun, vip, prefix))
2a2d7a4d
MW		 1094 {
1095 tun->destroy(tun);
1096 return FAILED;
1097 }
1098
1099 /* wait until address appears */
1100 this->mutex->lock(this->mutex);
1101 while (!timeout && !get_interface_name(this, vip, NULL))
1102 {
baa6419e
TB		 1103 timeout = this->condvar->timed_wait(this->condvar, this->mutex,
1104 this->vip_wait);
2a2d7a4d
MW		 1105 }
1106 this->mutex->unlock(this->mutex);
1107 if (timeout)
1108 {
1109 DBG1(DBG_KNL, "virtual IP %H did not appear on %s",
1110 vip, tun->get_name(tun));
1111 tun->destroy(tun);
1112 return FAILED;
1113 }
1114
1115 this->lock->write_lock(this->lock);
1116 this->tuns->insert_last(this->tuns, tun);
77b6f196
MW		 1117
1118 ifaces = this->ifaces->create_enumerator(this->ifaces);
1119 while (ifaces->enumerate(ifaces, &iface))
1120 {
1121 if (streq(iface->ifname, tun->get_name(tun)))
1122 {
1123 addrs = iface->addrs->create_enumerator(iface->addrs);
1124 while (addrs->enumerate(addrs, &addr))
1125 {
1126 if (addr->ip->ip_equals(addr->ip, vip))
1127 {
1128 addr->virtual = TRUE;
77b6f196
MW		 1129 }
1130 }
1131 addrs->destroy(addrs);
0745f846
TB		 1132 /* during IKEv1 reauthentication, children get moved from
1133 * old the new SA before the virtual IP is available. This
1134 * kills the route for our virtual IP, reinstall. */
1135 queue_route_reinstall(this, strdup(iface->ifname));
1136 break;
77b6f196
MW		 1137 }
1138 }
1139 ifaces->destroy(ifaces);
554c4276 1140 /* lets do this while holding the lock, thus preventing another thread
0745f846 1141 * from deleting the TUN device concurrently, hopefully listeners are quick
554c4276
TB		 1142 * and cause no deadlocks */
1143 hydra->kernel_interface->tun(hydra->kernel_interface, tun, TRUE);
2a2d7a4d
MW		 1144 this->lock->unlock(this->lock);
1145
1146 return SUCCESS;
d24a74c5
TB		 1147}
1148
e131f117 1149METHOD(kernel_net_t, del_ip, status_t,
2a2d7a4d 1150 private_kernel_pfroute_net_t *this, host_t *vip, int prefix,
d88597f0 1151 bool wait)
d24a74c5 1152{
2a2d7a4d
MW		 1153 enumerator_t *enumerator;
1154 tun_device_t *tun;
1155 host_t *addr;
1156 bool timeout = FALSE, found = FALSE;
1157
1158 this->lock->write_lock(this->lock);
1159 enumerator = this->tuns->create_enumerator(this->tuns);
1160 while (enumerator->enumerate(enumerator, &tun))
1161 {
1162 addr = tun->get_address(tun, NULL);
1163 if (addr && addr->ip_equals(addr, vip))
1164 {
1165 this->tuns->remove_at(this->tuns, enumerator);
554c4276
TB		 1166 hydra->kernel_interface->tun(hydra->kernel_interface, tun,
1167 FALSE);
2a2d7a4d
MW		 1168 tun->destroy(tun);
1169 found = TRUE;
1170 break;
1171 }
1172 }
1173 enumerator->destroy(enumerator);
1174 this->lock->unlock(this->lock);
1175
1176 if (!found)
1177 {
1178 return NOT_FOUND;
1179 }
1180 /* wait until address disappears */
1181 if (wait)
1182 {
1183 this->mutex->lock(this->mutex);
1184 while (!timeout && get_interface_name(this, vip, NULL))
1185 {
baa6419e
TB		 1186 timeout = this->condvar->timed_wait(this->condvar, this->mutex,
1187 this->vip_wait);
2a2d7a4d
MW		 1188 }
1189 this->mutex->unlock(this->mutex);
1190 if (timeout)
1191 {
1192 DBG1(DBG_KNL, "virtual IP %H did not disappear from tun", vip);
1193 return FAILED;
1194 }
1195 }
1196 return SUCCESS;
d24a74c5
TB		 1197}
1198
272bcac8
MW		 1199/**
1200 * Append a sockaddr_in/in6 of given type to routing message
1201 */
1202static void add_rt_addr(struct rt_msghdr *hdr, int type, host_t *addr)
1203{
1204 if (addr)
1205 {
1206 int len;
1207
1208 len = *addr->get_sockaddr_len(addr);
1209 memcpy((char*)hdr + hdr->rtm_msglen, addr->get_sockaddr(addr), len);
aa33d2e6 1210 hdr->rtm_msglen += SA_LEN(len);
272bcac8
MW		 1211 hdr->rtm_addrs |= type;
1212 }
1213}
1214
1215/**
1216 * Append a subnet mask sockaddr using the given prefix to routing message
1217 */
1218static void add_rt_mask(struct rt_msghdr *hdr, int type, int family, int prefix)
1219{
1220 host_t *mask;
1221
1222 mask = host_create_netmask(family, prefix);
1223 if (mask)
1224 {
1225 add_rt_addr(hdr, type, mask);
1226 mask->destroy(mask);
1227 }
1228}
1229
1230/**
1231 * Append an interface name sockaddr_dl to routing message
1232 */
1233static void add_rt_ifname(struct rt_msghdr *hdr, int type, char *name)
1234{
1235 struct sockaddr_dl sdl = {
1236 .sdl_len = sizeof(struct sockaddr_dl),
1237 .sdl_family = AF_LINK,
1238 .sdl_nlen = strlen(name),
1239 };
1240
1241 if (strlen(name) <= sizeof(sdl.sdl_data))
1242 {
1243 memcpy(sdl.sdl_data, name, sdl.sdl_nlen);
1244 memcpy((char*)hdr + hdr->rtm_msglen, &sdl, sdl.sdl_len);
aa33d2e6 1245 hdr->rtm_msglen += SA_LEN(sdl.sdl_len);
272bcac8
MW		 1246 hdr->rtm_addrs |= type;
1247 }
1248}
1249
1250/**
1251 * Add or remove a route
1252 */
1253static status_t manage_route(private_kernel_pfroute_net_t *this, int op,
1254 chunk_t dst_net, u_int8_t prefixlen,
1255 host_t *gateway, char *if_name)
1256{
1257 struct {
1258 struct rt_msghdr hdr;
1259 char buf[sizeof(struct sockaddr_storage) * RTAX_MAX];
1260 } msg = {
1261 .hdr = {
1262 .rtm_version = RTM_VERSION,
1263 .rtm_type = op,
1264 .rtm_flags = RTF_UP | RTF_STATIC,
1265 .rtm_pid = this->pid,
e50b2053 1266 .rtm_seq = ref_get(&this->seq),
272bcac8
MW		 1267 },
1268 };
1269 host_t *dst;
1270 int type;
1271
12178303
MW		 1272 if (prefixlen == 0 && dst_net.len)
1273 {
1274 status_t status;
1275 chunk_t half;
1276
1277 half = chunk_clonea(dst_net);
1278 half.ptr[0] |= 0x80;
1279 prefixlen = 1;
1280 status = manage_route(this, op, half, prefixlen, gateway, if_name);
1281 if (status != SUCCESS)
1282 {
1283 return status;
1284 }
1285 }
1286
272bcac8
MW		 1287 dst = host_create_from_chunk(AF_UNSPEC, dst_net, 0);
1288 if (!dst)
1289 {
1290 return FAILED;
1291 }
1292
1293 if ((dst->get_family(dst) == AF_INET && prefixlen == 32) ||
1294 (dst->get_family(dst) == AF_INET6 && prefixlen == 128))
1295 {
1296 msg.hdr.rtm_flags |= RTF_HOST | RTF_GATEWAY;
1297 }
1298
1299 msg.hdr.rtm_msglen = sizeof(struct rt_msghdr);
1300 for (type = 0; type < RTAX_MAX; type++)
1301 {
1302 switch (type)
1303 {
1304 case RTAX_DST:
1305 add_rt_addr(&msg.hdr, RTA_DST, dst);
1306 break;
1307 case RTAX_NETMASK:
1308 if (!(msg.hdr.rtm_flags & RTF_HOST))
1309 {
1310 add_rt_mask(&msg.hdr, RTA_NETMASK,
1311 dst->get_family(dst), prefixlen);
1312 }
1313 break;
f58f8bf4 1314 case RTAX_IFP:
272bcac8
MW		 1315 if (if_name)
1316 {
f58f8bf4 1317 add_rt_ifname(&msg.hdr, RTA_IFP, if_name);
272bcac8 1318 }
f58f8bf4
TB		 1319 break;
1320 case RTAX_GATEWAY:
1321 if (gateway)
272bcac8
MW		 1322 {
1323 add_rt_addr(&msg.hdr, RTA_GATEWAY, gateway);
1324 }
1325 break;
1326 default:
1327 break;
1328 }
1329 }
1330 dst->destroy(dst);
1331
1332 if (send(this->socket, &msg, msg.hdr.rtm_msglen, 0) != msg.hdr.rtm_msglen)
1333 {
527663d6
TB		 1334 if (errno == EEXIST)
1335 {
1336 return ALREADY_DONE;
1337 }
272bcac8
MW		 1338 DBG1(DBG_KNL, "%s PF_ROUTE route failed: %s",
1339 op == RTM_ADD ? "adding" : "deleting", strerror(errno));
1340 return FAILED;
1341 }
1342 return SUCCESS;
1343}
1344
e131f117
MW		 1345METHOD(kernel_net_t, add_route, status_t,
1346 private_kernel_pfroute_net_t *this, chunk_t dst_net, u_int8_t prefixlen,
1347 host_t *gateway, host_t *src_ip, char *if_name)
d24a74c5 1348{
0745f846
TB		 1349 status_t status;
1350 route_entry_t *found, route = {
1351 .dst_net = dst_net,
1352 .prefixlen = prefixlen,
1353 .gateway = gateway,
1354 .if_name = if_name,
1355 };
1356
1357 this->routes_lock->lock(this->routes_lock);
1358 found = this->routes->get(this->routes, &route);
1359 if (found)
1360 {
1361 this->routes_lock->unlock(this->routes_lock);
1362 return ALREADY_DONE;
1363 }
1364 found = route_entry_clone(&route);
1365 this->routes->put(this->routes, found, found);
1366 status = manage_route(this, RTM_ADD, dst_net, prefixlen, gateway, if_name);
1367 this->routes_lock->unlock(this->routes_lock);
1368 return status;
d24a74c5
TB		 1369}
1370
e131f117
MW		 1371METHOD(kernel_net_t, del_route, status_t,
1372 private_kernel_pfroute_net_t *this, chunk_t dst_net, u_int8_t prefixlen,
1373 host_t *gateway, host_t *src_ip, char *if_name)
d24a74c5 1374{
0745f846
TB		 1375 status_t status;
1376 route_entry_t *found, route = {
1377 .dst_net = dst_net,
1378 .prefixlen = prefixlen,
1379 .gateway = gateway,
1380 .if_name = if_name,
1381 };
1382
1383 this->routes_lock->lock(this->routes_lock);
1384 found = this->routes->get(this->routes, &route);
1385 if (!found)
1386 {
1387 this->routes_lock->unlock(this->routes_lock);
1388 return NOT_FOUND;
1389 }
1390 this->routes->remove(this->routes, found);
1391 route_entry_destroy(found);
1392 status = manage_route(this, RTM_DELETE, dst_net, prefixlen, gateway,
1393 if_name);
1394 this->routes_lock->unlock(this->routes_lock);
1395 return status;
d24a74c5
TB		 1396}
1397
d6c17e96
TB		 1398/**
1399 * Do a route lookup for dest and return either the nexthop or the source
1400 * address.
1401 */
1402static host_t *get_route(private_kernel_pfroute_net_t *this, bool nexthop,
1403 host_t *dest, host_t *src)
9bc342ea
MW		 1404{
1405 struct {
1406 struct rt_msghdr hdr;
1407 char buf[sizeof(struct sockaddr_storage) * RTAX_MAX];
1408 } msg = {
1409 .hdr = {
1410 .rtm_version = RTM_VERSION,
1411 .rtm_type = RTM_GET,
1412 .rtm_pid = this->pid,
e50b2053 1413 .rtm_seq = ref_get(&this->seq),
9bc342ea
MW		 1414 },
1415 };
12488efa 1416 host_t *host = NULL;
9bc342ea
MW		 1417 enumerator_t *enumerator;
1418 struct sockaddr *addr;
dc8b083d 1419 bool failed = FALSE;
9bc342ea
MW		 1420 int type;
1421
dc8b083d 1422retry:
9bc342ea
MW		 1423 msg.hdr.rtm_msglen = sizeof(struct rt_msghdr);
1424 for (type = 0; type < RTAX_MAX; type++)
1425 {
1426 switch (type)
1427 {
1428 case RTAX_DST:
1429 add_rt_addr(&msg.hdr, RTA_DST, dest);
1430 break;
1431 case RTAX_IFA:
1432 add_rt_addr(&msg.hdr, RTA_IFA, src);
1433 break;
1c697ff1
TB		 1434 case RTAX_IFP:
1435 if (!nexthop)
1436 { /* add an empty IFP to ensure we get a source address */
1437 add_rt_ifname(&msg.hdr, RTA_IFP, "");
1438 }
1439 break;
9bc342ea
MW		 1440 default:
1441 break;
1442 }
1443 }
1444 this->mutex->lock(this->mutex);
1445
c9a323c1
MW		 1446 while (this->waiting_seq)
1447 {
1448 this->condvar->wait(this->condvar, this->mutex);
1449 }
9bc342ea
MW		 1450 this->waiting_seq = msg.hdr.rtm_seq;
1451 if (send(this->socket, &msg, msg.hdr.rtm_msglen, 0) == msg.hdr.rtm_msglen)
1452 {
1453 while (TRUE)
1454 {
1455 if (this->condvar->timed_wait(this->condvar, this->mutex, 1000))
1456 { /* timed out? */
1457 break;
1458 }
1459 if (this->reply->rtm_msglen < sizeof(*this->reply) ||
1460 msg.hdr.rtm_seq != this->reply->rtm_seq)
1461 {
1462 continue;
1463 }
1464 enumerator = create_rtmsg_enumerator(this->reply,
1465 sizeof(*this->reply));
1466 while (enumerator->enumerate(enumerator, &type, &addr))
1467 {
12488efa 1468 if (nexthop)
b0629f7d 1469 {
12488efa
TB		 1470 if (type == RTAX_DST && this->reply->rtm_flags & RTF_HOST)
1471 { /* probably a cloned/cached direct route, only use that
1472 * as fallback if no gateway is found */
1473 host = host ?: host_create_from_sockaddr(addr);
1474 }
1475 if (type == RTAX_GATEWAY)
1476 { /* could actually be a MAC address */
1477 host_t *gtw = host_create_from_sockaddr(addr);
1478 if (gtw)
1479 {
1480 DESTROY_IF(host);
1481 host = gtw;
1482 }
1483 }
34b0ad06 1484 }
12488efa 1485 else
d6c17e96 1486 {
12488efa 1487 if (type == RTAX_IFA)
b0629f7d 1488 {
12488efa 1489 host = host_create_from_sockaddr(addr);
b0629f7d 1490 }
9bc342ea
MW		 1491 }
1492 }
1493 enumerator->destroy(enumerator);
1494 break;
1495 }
1496 }
1497 else
1498 {
dc8b083d 1499 failed = TRUE;
9bc342ea 1500 }
c9a323c1
MW		 1501 /* signal completion of query to a waiting thread */
1502 this->waiting_seq = 0;
1503 this->condvar->signal(this->condvar);
9bc342ea
MW		 1504 this->mutex->unlock(this->mutex);
1505
dc8b083d
TB		 1506 if (failed)
1507 {
1508 if (src)
1509 { /* the given source address might be gone, try again without */
1510 src = NULL;
e50b2053 1511 msg.hdr.rtm_seq = ref_get(&this->seq);
dc8b083d
TB		 1512 msg.hdr.rtm_addrs = 0;
1513 memset(msg.buf, sizeof(msg.buf), 0);
1514 goto retry;
1515 }
1516 DBG1(DBG_KNL, "PF_ROUTE lookup failed: %s", strerror(errno));
1517 }
cb082d15 1518 if (!host)
b0629f7d 1519 {
cb082d15
TB		 1520 return NULL;
1521 }
1522 if (!nexthop)
1523 { /* make sure the source address is not virtual and usable */
1524 addr_entry_t *entry, lookup = {
1525 .ip = host,
1526 };
1527
1528 this->lock->read_lock(this->lock);
1529 entry = this->addrs->get_match(this->addrs, &lookup,
1530 (void*)addr_map_entry_match_up_and_usable);
1531 this->lock->unlock(this->lock);
1532 if (!entry)
1533 {
1534 host->destroy(host);
1535 return NULL;
1536 }
b0629f7d 1537 }
cb082d15
TB		 1538 DBG2(DBG_KNL, "using %H as %s to reach %H", host,
1539 nexthop ? "nexthop" : "address", dest);
d6c17e96
TB		 1540 return host;
1541}
1542
1543METHOD(kernel_net_t, get_source_addr, host_t*,
1544 private_kernel_pfroute_net_t *this, host_t *dest, host_t *src)
1545{
1546 return get_route(this, FALSE, dest, src);
1547}
1548
1549METHOD(kernel_net_t, get_nexthop, host_t*,
1550 private_kernel_pfroute_net_t *this, host_t *dest, host_t *src)
1551{
1552 return get_route(this, TRUE, dest, src);
9bc342ea
MW		 1553}
1554
d24a74c5
TB		 1555/**
1556 * Initialize a list of local addresses.
1557 */
1558static status_t init_address_list(private_kernel_pfroute_net_t *this)
1559{
1560 struct ifaddrs *ifap, *ifa;
1561 iface_entry_t *iface, *current;
1562 addr_entry_t *addr;
1563 enumerator_t *ifaces, *addrs;
7daf5226 1564
31a0e24b 1565 DBG2(DBG_KNL, "known interfaces and IP addresses:");
7daf5226 1566
d24a74c5
TB		 1567 if (getifaddrs(&ifap) < 0)
1568 {
1569 DBG1(DBG_KNL, " failed to get interfaces!");
1570 return FAILED;
1571 }
7daf5226 1572
d24a74c5
TB		 1573 for (ifa = ifap; ifa != NULL; ifa = ifa->ifa_next)
1574 {
1575 if (ifa->ifa_addr == NULL)
1576 {
1577 continue;
1578 }
1579 switch(ifa->ifa_addr->sa_family)
1580 {
1581 case AF_LINK:
1582 case AF_INET:
1583 case AF_INET6:
1584 {
d24a74c5
TB		 1585 iface = NULL;
1586 ifaces = this->ifaces->create_enumerator(this->ifaces);
1587 while (ifaces->enumerate(ifaces, &current))
1588 {
1589 if (streq(current->ifname, ifa->ifa_name))
1590 {
1591 iface = current;
1592 break;
1593 }
1594 }
1595 ifaces->destroy(ifaces);
7daf5226 1596
d24a74c5
TB		 1597 if (!iface)
1598 {
9650bf3c
MW		 1599 INIT(iface,
1600 .ifindex = if_nametoindex(ifa->ifa_name),
1601 .flags = ifa->ifa_flags,
1602 .addrs = linked_list_create(),
1603 .usable = hydra->kernel_interface->is_interface_usable(
1604 hydra->kernel_interface, ifa->ifa_name),
1605 );
d24a74c5 1606 memcpy(iface->ifname, ifa->ifa_name, IFNAMSIZ);
d24a74c5
TB		 1607 this->ifaces->insert_last(this->ifaces, iface);
1608 }
7daf5226 1609
d24a74c5
TB		 1610 if (ifa->ifa_addr->sa_family != AF_LINK)
1611 {
9650bf3c
MW		 1612 INIT(addr,
1613 .ip = host_create_from_sockaddr(ifa->ifa_addr),
9650bf3c 1614 );
d24a74c5 1615 iface->addrs->insert_last(iface->addrs, addr);
9845391a 1616 addr_map_entry_add(this, addr, iface);
d24a74c5
TB		 1617 }
1618 }
1619 }
1620 }
1621 freeifaddrs(ifap);
7daf5226 1622
d24a74c5
TB		 1623 ifaces = this->ifaces->create_enumerator(this->ifaces);
1624 while (ifaces->enumerate(ifaces, &iface))
1625 {
940e1b0f 1626 if (iface->usable && iface->flags & IFF_UP)
d24a74c5 1627 {
31a0e24b 1628 DBG2(DBG_KNL, " %s", iface->ifname);
d24a74c5
TB		 1629 addrs = iface->addrs->create_enumerator(iface->addrs);
1630 while (addrs->enumerate(addrs, (void**)&addr))
1631 {
31a0e24b 1632 DBG2(DBG_KNL, " %H", addr->ip);
d24a74c5
TB		 1633 }
1634 addrs->destroy(addrs);
1635 }
1636 }
1637 ifaces->destroy(ifaces);
7daf5226 1638
d24a74c5
TB		 1639 return SUCCESS;
1640}
1641
cce8f652 1642METHOD(kernel_net_t, destroy, void,
e131f117 1643 private_kernel_pfroute_net_t *this)
d24a74c5 1644{
1f97e1aa 1645 enumerator_t *enumerator;
0745f846 1646 route_entry_t *route;
bfd2cc1c 1647 addr_entry_t *addr;
1f97e1aa 1648
0745f846
TB		 1649 enumerator = this->routes->create_enumerator(this->routes);
1650 while (enumerator->enumerate(enumerator, NULL, (void**)&route))
1651 {
1652 manage_route(this, RTM_DELETE, route->dst_net, route->prefixlen,
1653 route->gateway, route->if_name);
1654 route_entry_destroy(route);
1655 }
1656 enumerator->destroy(enumerator);
1657 this->routes->destroy(this->routes);
1658 this->routes_lock->destroy(this->routes_lock);
1659
0e107f03 1660 if (this->socket != -1)
d6a27ec6
MW		 1661 {
1662 close(this->socket);
1663 }
0745f846
TB		 1664
1665 net_changes_clear(this);
1666 this->net_changes->destroy(this->net_changes);
1667 this->net_changes_lock->destroy(this->net_changes_lock);
1668
1f97e1aa
TB		 1669 enumerator = this->addrs->create_enumerator(this->addrs);
1670 while (enumerator->enumerate(enumerator, NULL, (void**)&addr))
1671 {
1672 free(addr);
1673 }
1674 enumerator->destroy(enumerator);
1675 this->addrs->destroy(this->addrs);
d24a74c5 1676 this->ifaces->destroy_function(this->ifaces, (void*)iface_entry_destroy);
2a2d7a4d 1677 this->tuns->destroy(this->tuns);
bdf36dac 1678 this->lock->destroy(this->lock);
3a7f4b5c
MW		 1679 this->mutex->destroy(this->mutex);
1680 this->condvar->destroy(this->condvar);
1681 free(this->reply);
d24a74c5
TB		 1682 free(this);
1683}
1684
1685/*
1686 * Described in header.
1687 */
1688kernel_pfroute_net_t *kernel_pfroute_net_create()
1689{
e131f117
MW		 1690 private_kernel_pfroute_net_t *this;
1691
1692 INIT(this,
1693 .public = {
1694 .interface = {
580b768d 1695 .get_features = _get_features,
e131f117
MW		 1696 .get_interface = _get_interface_name,
1697 .create_address_enumerator = _create_address_enumerator,
1698 .get_source_addr = _get_source_addr,
1699 .get_nexthop = _get_nexthop,
1700 .add_ip = _add_ip,
1701 .del_ip = _del_ip,
1702 .add_route = _add_route,
1703 .del_route = _del_route,
1704 .destroy = _destroy,
1705 },
1706 },
3a7f4b5c 1707 .pid = getpid(),
e131f117 1708 .ifaces = linked_list_create(),
1f97e1aa
TB		 1709 .addrs = hashtable_create(
1710 (hashtable_hash_t)addr_map_entry_hash,
1711 (hashtable_equals_t)addr_map_entry_equals, 16),
0745f846
TB		 1712 .routes = hashtable_create((hashtable_hash_t)route_entry_hash,
1713 (hashtable_equals_t)route_entry_equals, 16),
1714 .net_changes = hashtable_create(
1715 (hashtable_hash_t)net_change_hash,
1716 (hashtable_equals_t)net_change_equals, 16),
2a2d7a4d 1717 .tuns = linked_list_create(),
bdf36dac 1718 .lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
3a7f4b5c
MW		 1719 .mutex = mutex_create(MUTEX_TYPE_DEFAULT),
1720 .condvar = condvar_create(CONDVAR_TYPE_DEFAULT),
0745f846
TB		 1721 .routes_lock = mutex_create(MUTEX_TYPE_DEFAULT),
1722 .net_changes_lock = mutex_create(MUTEX_TYPE_DEFAULT),
baa6419e
TB		 1723 .vip_wait = lib->settings->get_int(lib->settings,
1724 "%s.plugins.kernel-pfroute.vip_wait", 1000, hydra->daemon),
e131f117 1725 );
0745f846
TB		 1726 timerclear(&this->last_route_reinstall);
1727 timerclear(&this->last_roam);
7daf5226 1728
d24a74c5
TB		 1729 /* create a PF_ROUTE socket to communicate with the kernel */
1730 this->socket = socket(PF_ROUTE, SOCK_RAW, AF_UNSPEC);
0e107f03 1731 if (this->socket == -1)
d24a74c5 1732 {
d6a27ec6
MW		 1733 DBG1(DBG_KNL, "unable to create PF_ROUTE socket");
1734 destroy(this);
1735 return NULL;
d24a74c5 1736 }
7daf5226 1737
0e107f03 1738 if (streq(hydra->daemon, "starter"))
d24a74c5 1739 {
0e107f03
MW		 1740 /* starter has no threads, so we do not register for kernel events */
1741 if (shutdown(this->socket, SHUT_RD) != 0)
05ca5655 1742 {
0e107f03
MW		 1743 DBG1(DBG_KNL, "closing read end of PF_ROUTE socket failed: %s",
1744 strerror(errno));
05ca5655 1745 }
0e107f03
MW		 1746 }
1747 else
1748 {
26d77eb3
TB		 1749 lib->processor->queue_job(lib->processor,
1750 (job_t*)callback_job_create_with_prio(
1751 (callback_job_cb_t)receive_events, this, NULL,
1752 (callback_job_cancel_t)return_false, JOB_PRIO_CRITICAL));
05ca5655 1753 }
d24a74c5
TB		 1754 if (init_address_list(this) != SUCCESS)
1755 {
d6a27ec6
MW		 1756 DBG1(DBG_KNL, "unable to get interface list");
1757 destroy(this);
1758 return NULL;
d24a74c5 1759 }
7daf5226 1760
d24a74c5
TB		 1761 return &this->public;
1762}
Unnamed repository; edit this file 'description' to name the repository.