]>
Commit | Line | Data |
---|---|---|
d24a74c5 | 1 | /* |
0745f846 | 2 | * Copyright (C) 2009-2013 Tobias Brunner |
d24a74c5 TB |
3 | * Hochschule fuer Technik Rapperswil |
4 | * | |
5 | * This program is free software; you can redistribute it and/or modify it | |
6 | * under the terms of the GNU General Public License as published by the | |
7 | * Free Software Foundation; either version 2 of the License, or (at your | |
8 | * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
9 | * | |
10 | * This program is distributed in the hope that it will be useful, but | |
11 | * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
12 | * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
13 | * for more details. | |
d24a74c5 TB |
14 | */ |
15 | ||
16 | #include <sys/types.h> | |
17 | #include <sys/socket.h> | |
18 | #include <net/if.h> | |
272bcac8 | 19 | #include <net/if_dl.h> |
d24a74c5 TB |
20 | #include <ifaddrs.h> |
21 | #include <net/route.h> | |
22 | #include <unistd.h> | |
d24a74c5 TB |
23 | #include <errno.h> |
24 | ||
25 | #include "kernel_pfroute_net.h" | |
26 | ||
c5f7146b | 27 | #include <hydra.h> |
f05b4272 | 28 | #include <utils/debug.h> |
2e7cc07e | 29 | #include <networking/host.h> |
2a2d7a4d | 30 | #include <networking/tun_device.h> |
4a5a5dd2 | 31 | #include <threading/thread.h> |
eba64cef | 32 | #include <threading/mutex.h> |
3a7f4b5c | 33 | #include <threading/condvar.h> |
bdf36dac | 34 | #include <threading/rwlock.h> |
12642a68 TB |
35 | #include <collections/hashtable.h> |
36 | #include <collections/linked_list.h> | |
d24a74c5 | 37 | #include <processing/jobs/callback_job.h> |
d24a74c5 TB |
38 | |
39 | #ifndef HAVE_STRUCT_SOCKADDR_SA_LEN | |
40 | #error Cannot compile this plugin on systems where 'struct sockaddr' has no sa_len member. | |
41 | #endif | |
42 | ||
aa33d2e6 | 43 | /** properly align sockaddrs */ |
4b3fea3d TB |
44 | #ifdef __APPLE__ |
45 | /* Apple always uses 4 bytes */ | |
aa33d2e6 | 46 | #define SA_ALIGN 4 |
4b3fea3d TB |
47 | #else |
48 | /* while on other platforms like FreeBSD it depends on the architecture */ | |
49 | #define SA_ALIGN sizeof(long) | |
50 | #endif | |
aa33d2e6 TB |
51 | #define SA_LEN(len) ((len) > 0 ? (((len)+SA_ALIGN-1) & ~(SA_ALIGN-1)) : SA_ALIGN) |
52 | ||
ba26508d | 53 | /** delay before firing roam events (ms) */ |
d24a74c5 TB |
54 | #define ROAM_DELAY 100 |
55 | ||
0745f846 TB |
56 | /** delay before reinstalling routes (ms) */ |
57 | #define ROUTE_DELAY 100 | |
58 | ||
d24a74c5 TB |
59 | typedef struct addr_entry_t addr_entry_t; |
60 | ||
61 | /** | |
62 | * IP address in an inface_entry_t | |
63 | */ | |
64 | struct addr_entry_t { | |
7daf5226 | 65 | |
d24a74c5 TB |
66 | /** The ip address */ |
67 | host_t *ip; | |
7daf5226 | 68 | |
d24a74c5 TB |
69 | /** virtual IP managed by us */ |
70 | bool virtual; | |
d24a74c5 TB |
71 | }; |
72 | ||
73 | /** | |
74 | * destroy a addr_entry_t object | |
75 | */ | |
76 | static void addr_entry_destroy(addr_entry_t *this) | |
77 | { | |
78 | this->ip->destroy(this->ip); | |
79 | free(this); | |
80 | } | |
81 | ||
82 | typedef struct iface_entry_t iface_entry_t; | |
83 | ||
84 | /** | |
85 | * A network interface on this system, containing addr_entry_t's | |
86 | */ | |
87 | struct iface_entry_t { | |
7daf5226 | 88 | |
d24a74c5 TB |
89 | /** interface index */ |
90 | int ifindex; | |
7daf5226 | 91 | |
d24a74c5 TB |
92 | /** name of the interface */ |
93 | char ifname[IFNAMSIZ]; | |
7daf5226 | 94 | |
d24a74c5 TB |
95 | /** interface flags, as in netdevice(7) SIOCGIFFLAGS */ |
96 | u_int flags; | |
7daf5226 | 97 | |
d24a74c5 TB |
98 | /** list of addresses as host_t */ |
99 | linked_list_t *addrs; | |
940e1b0f TB |
100 | |
101 | /** TRUE if usable by config */ | |
102 | bool usable; | |
d24a74c5 TB |
103 | }; |
104 | ||
105 | /** | |
106 | * destroy an interface entry | |
107 | */ | |
108 | static void iface_entry_destroy(iface_entry_t *this) | |
109 | { | |
110 | this->addrs->destroy_function(this->addrs, (void*)addr_entry_destroy); | |
111 | free(this); | |
112 | } | |
113 | ||
1f97e1aa TB |
114 | /** |
115 | * check if an interface is up | |
116 | */ | |
117 | static inline bool iface_entry_up(iface_entry_t *iface) | |
118 | { | |
119 | return (iface->flags & IFF_UP) == IFF_UP; | |
120 | } | |
121 | ||
940e1b0f TB |
122 | /** |
123 | * check if an interface is up and usable | |
124 | */ | |
125 | static inline bool iface_entry_up_and_usable(iface_entry_t *iface) | |
126 | { | |
1f97e1aa TB |
127 | return iface->usable && iface_entry_up(iface); |
128 | } | |
129 | ||
130 | typedef struct addr_map_entry_t addr_map_entry_t; | |
131 | ||
132 | /** | |
133 | * Entry that maps an IP address to an interface entry | |
134 | */ | |
135 | struct addr_map_entry_t { | |
136 | /** The IP address */ | |
137 | host_t *ip; | |
138 | ||
e9c1ca02 TB |
139 | /** The address entry for this IP address */ |
140 | addr_entry_t *addr; | |
141 | ||
1f97e1aa TB |
142 | /** The interface this address is installed on */ |
143 | iface_entry_t *iface; | |
144 | }; | |
145 | ||
146 | /** | |
147 | * Hash a addr_map_entry_t object, all entries with the same IP address | |
148 | * are stored in the same bucket | |
149 | */ | |
150 | static u_int addr_map_entry_hash(addr_map_entry_t *this) | |
151 | { | |
152 | return chunk_hash(this->ip->get_address(this->ip)); | |
153 | } | |
154 | ||
155 | /** | |
156 | * Compare two addr_map_entry_t objects, two entries are equal if they are | |
157 | * installed on the same interface | |
158 | */ | |
159 | static bool addr_map_entry_equals(addr_map_entry_t *a, addr_map_entry_t *b) | |
160 | { | |
161 | return a->iface->ifindex == b->iface->ifindex && | |
162 | a->ip->ip_equals(a->ip, b->ip); | |
940e1b0f TB |
163 | } |
164 | ||
1f97e1aa TB |
165 | /** |
166 | * Used with get_match this finds an address entry if it is installed on | |
167 | * an up and usable interface | |
168 | */ | |
169 | static bool addr_map_entry_match_up_and_usable(addr_map_entry_t *a, | |
170 | addr_map_entry_t *b) | |
171 | { | |
e9c1ca02 TB |
172 | return !b->addr->virtual && iface_entry_up_and_usable(b->iface) && |
173 | a->ip->ip_equals(a->ip, b->ip); | |
1f97e1aa TB |
174 | } |
175 | ||
176 | /** | |
177 | * Used with get_match this finds an address entry if it is installed on | |
178 | * any active local interface | |
179 | */ | |
180 | static bool addr_map_entry_match_up(addr_map_entry_t *a, addr_map_entry_t *b) | |
181 | { | |
e9c1ca02 TB |
182 | return !b->addr->virtual && iface_entry_up(b->iface) && |
183 | a->ip->ip_equals(a->ip, b->ip); | |
1f97e1aa | 184 | } |
d24a74c5 | 185 | |
0745f846 TB |
186 | typedef struct route_entry_t route_entry_t; |
187 | ||
188 | /** | |
189 | * Installed routing entry | |
190 | */ | |
191 | struct route_entry_t { | |
192 | /** Name of the interface the route is bound to */ | |
193 | char *if_name; | |
194 | ||
195 | /** Gateway for this route */ | |
196 | host_t *gateway; | |
197 | ||
198 | /** Destination net */ | |
199 | chunk_t dst_net; | |
200 | ||
201 | /** Destination net prefixlen */ | |
202 | u_int8_t prefixlen; | |
203 | }; | |
204 | ||
205 | /** | |
206 | * Clone a route_entry_t object. | |
207 | */ | |
208 | static route_entry_t *route_entry_clone(route_entry_t *this) | |
209 | { | |
210 | route_entry_t *route; | |
211 | ||
212 | INIT(route, | |
213 | .if_name = strdup(this->if_name), | |
214 | .gateway = this->gateway ? this->gateway->clone(this->gateway) : NULL, | |
215 | .dst_net = chunk_clone(this->dst_net), | |
216 | .prefixlen = this->prefixlen, | |
217 | ); | |
218 | return route; | |
219 | } | |
220 | ||
221 | /** | |
222 | * Destroy a route_entry_t object | |
223 | */ | |
224 | static void route_entry_destroy(route_entry_t *this) | |
225 | { | |
226 | free(this->if_name); | |
227 | DESTROY_IF(this->gateway); | |
228 | chunk_free(&this->dst_net); | |
229 | free(this); | |
230 | } | |
231 | ||
232 | /** | |
233 | * Hash a route_entry_t object | |
234 | */ | |
235 | static u_int route_entry_hash(route_entry_t *this) | |
236 | { | |
237 | return chunk_hash_inc(chunk_from_thing(this->prefixlen), | |
238 | chunk_hash(this->dst_net)); | |
239 | } | |
240 | ||
241 | /** | |
242 | * Compare two route_entry_t objects | |
243 | */ | |
244 | static bool route_entry_equals(route_entry_t *a, route_entry_t *b) | |
245 | { | |
246 | if (a->if_name && b->if_name && streq(a->if_name, b->if_name) && | |
247 | chunk_equals(a->dst_net, b->dst_net) && a->prefixlen == b->prefixlen) | |
248 | { | |
249 | return (!a->gateway && !b->gateway) || (a->gateway && b->gateway && | |
250 | a->gateway->ip_equals(a->gateway, b->gateway)); | |
251 | } | |
252 | return FALSE; | |
253 | } | |
254 | ||
255 | typedef struct net_change_t net_change_t; | |
256 | ||
257 | /** | |
258 | * Queued network changes | |
259 | */ | |
260 | struct net_change_t { | |
261 | /** Name of the interface that got activated (or an IP appeared on) */ | |
262 | char *if_name; | |
263 | }; | |
264 | ||
265 | /** | |
266 | * Destroy a net_change_t object | |
267 | */ | |
268 | static void net_change_destroy(net_change_t *this) | |
269 | { | |
270 | free(this->if_name); | |
271 | free(this); | |
272 | } | |
273 | ||
274 | /** | |
275 | * Hash a net_change_t object | |
276 | */ | |
277 | static u_int net_change_hash(net_change_t *this) | |
278 | { | |
279 | return chunk_hash(chunk_create(this->if_name, strlen(this->if_name))); | |
280 | } | |
281 | ||
282 | /** | |
283 | * Compare two net_change_t objects | |
284 | */ | |
285 | static bool net_change_equals(net_change_t *a, net_change_t *b) | |
286 | { | |
287 | return streq(a->if_name, b->if_name); | |
288 | } | |
289 | ||
d24a74c5 TB |
290 | typedef struct private_kernel_pfroute_net_t private_kernel_pfroute_net_t; |
291 | ||
292 | /** | |
293 | * Private variables and functions of kernel_pfroute class. | |
294 | */ | |
295 | struct private_kernel_pfroute_net_t | |
296 | { | |
297 | /** | |
298 | * Public part of the kernel_pfroute_t object. | |
299 | */ | |
300 | kernel_pfroute_net_t public; | |
7daf5226 | 301 | |
d24a74c5 | 302 | /** |
bdf36dac | 303 | * lock to access lists and maps |
d24a74c5 | 304 | */ |
bdf36dac | 305 | rwlock_t *lock; |
7daf5226 | 306 | |
d24a74c5 TB |
307 | /** |
308 | * Cached list of interfaces and their addresses (iface_entry_t) | |
309 | */ | |
310 | linked_list_t *ifaces; | |
7daf5226 | 311 | |
1f97e1aa TB |
312 | /** |
313 | * Map for IP addresses to iface_entry_t objects (addr_map_entry_t) | |
314 | */ | |
315 | hashtable_t *addrs; | |
316 | ||
2a2d7a4d MW |
317 | /** |
318 | * List of tun devices we installed for virtual IPs | |
319 | */ | |
320 | linked_list_t *tuns; | |
321 | ||
d24a74c5 | 322 | /** |
3a7f4b5c | 323 | * mutex to communicate exclusively with PF_KEY |
d24a74c5 | 324 | */ |
3a7f4b5c MW |
325 | mutex_t *mutex; |
326 | ||
327 | /** | |
328 | * condvar to signal if PF_KEY query got a response | |
329 | */ | |
330 | condvar_t *condvar; | |
331 | ||
0745f846 TB |
332 | /** |
333 | * installed routes | |
334 | */ | |
335 | hashtable_t *routes; | |
336 | ||
337 | /** | |
338 | * mutex for routes | |
339 | */ | |
340 | mutex_t *routes_lock; | |
341 | ||
342 | /** | |
343 | * interface changes which may trigger route reinstallation | |
344 | */ | |
345 | hashtable_t *net_changes; | |
346 | ||
347 | /** | |
348 | * mutex for route reinstallation triggers | |
349 | */ | |
350 | mutex_t *net_changes_lock; | |
351 | ||
352 | /** | |
353 | * time of last route reinstallation | |
354 | */ | |
355 | timeval_t last_route_reinstall; | |
356 | ||
3a7f4b5c MW |
357 | /** |
358 | * pid to send PF_ROUTE messages with | |
359 | */ | |
360 | pid_t pid; | |
7daf5226 | 361 | |
d24a74c5 TB |
362 | /** |
363 | * PF_ROUTE socket to communicate with the kernel | |
364 | */ | |
365 | int socket; | |
7daf5226 | 366 | |
d24a74c5 TB |
367 | /** |
368 | * sequence number for messages sent to the kernel | |
369 | */ | |
370 | int seq; | |
7daf5226 | 371 | |
3a7f4b5c MW |
372 | /** |
373 | * Sequence number a query is waiting for | |
374 | */ | |
375 | int waiting_seq; | |
376 | ||
377 | /** | |
378 | * Allocated reply message from kernel | |
379 | */ | |
380 | struct rt_msghdr *reply; | |
381 | ||
d24a74c5 | 382 | /** |
ba26508d | 383 | * time of last roam event |
d24a74c5 | 384 | */ |
de578445 | 385 | timeval_t last_roam; |
baa6419e TB |
386 | |
387 | /** | |
388 | * Time in ms to wait for IP addresses to appear/disappear | |
389 | */ | |
390 | int vip_wait; | |
d24a74c5 TB |
391 | }; |
392 | ||
0745f846 TB |
393 | |
394 | /** | |
395 | * Forward declaration | |
396 | */ | |
397 | static status_t manage_route(private_kernel_pfroute_net_t *this, int op, | |
398 | chunk_t dst_net, u_int8_t prefixlen, | |
399 | host_t *gateway, char *if_name); | |
400 | ||
401 | /** | |
402 | * Clear the queued network changes. | |
403 | */ | |
404 | static void net_changes_clear(private_kernel_pfroute_net_t *this) | |
405 | { | |
406 | enumerator_t *enumerator; | |
407 | net_change_t *change; | |
408 | ||
409 | enumerator = this->net_changes->create_enumerator(this->net_changes); | |
410 | while (enumerator->enumerate(enumerator, NULL, (void**)&change)) | |
411 | { | |
412 | this->net_changes->remove_at(this->net_changes, enumerator); | |
413 | net_change_destroy(change); | |
414 | } | |
415 | enumerator->destroy(enumerator); | |
416 | } | |
417 | ||
418 | /** | |
419 | * Act upon queued network changes. | |
420 | */ | |
421 | static job_requeue_t reinstall_routes(private_kernel_pfroute_net_t *this) | |
422 | { | |
423 | enumerator_t *enumerator; | |
424 | route_entry_t *route; | |
425 | ||
426 | this->net_changes_lock->lock(this->net_changes_lock); | |
427 | this->routes_lock->lock(this->routes_lock); | |
428 | ||
429 | enumerator = this->routes->create_enumerator(this->routes); | |
430 | while (enumerator->enumerate(enumerator, NULL, (void**)&route)) | |
431 | { | |
432 | net_change_t *change, lookup = { | |
433 | .if_name = route->if_name, | |
434 | }; | |
435 | /* check if a change for the outgoing interface is queued */ | |
436 | change = this->net_changes->get(this->net_changes, &lookup); | |
437 | if (change) | |
438 | { | |
439 | manage_route(this, RTM_ADD, route->dst_net, route->prefixlen, | |
440 | route->gateway, route->if_name); | |
441 | } | |
442 | } | |
443 | enumerator->destroy(enumerator); | |
444 | this->routes_lock->unlock(this->routes_lock); | |
445 | ||
446 | net_changes_clear(this); | |
447 | this->net_changes_lock->unlock(this->net_changes_lock); | |
448 | return JOB_REQUEUE_NONE; | |
449 | } | |
450 | ||
451 | /** | |
452 | * Queue route reinstallation caused by network changes for a given interface. | |
453 | * | |
454 | * The route reinstallation is delayed for a while and only done once for | |
455 | * several calls during this delay, in order to avoid doing it too often. | |
456 | * The interface name is freed. | |
457 | */ | |
458 | static void queue_route_reinstall(private_kernel_pfroute_net_t *this, | |
459 | char *if_name) | |
460 | { | |
461 | net_change_t *update, *found; | |
462 | timeval_t now; | |
463 | job_t *job; | |
464 | ||
465 | INIT(update, | |
466 | .if_name = if_name | |
467 | ); | |
468 | ||
469 | this->net_changes_lock->lock(this->net_changes_lock); | |
470 | found = this->net_changes->put(this->net_changes, update, update); | |
471 | if (found) | |
472 | { | |
473 | net_change_destroy(found); | |
474 | } | |
475 | time_monotonic(&now); | |
476 | if (timercmp(&now, &this->last_route_reinstall, >)) | |
477 | { | |
478 | timeval_add_ms(&now, ROUTE_DELAY); | |
479 | this->last_route_reinstall = now; | |
480 | ||
481 | job = (job_t*)callback_job_create((callback_job_cb_t)reinstall_routes, | |
482 | this, NULL, NULL); | |
483 | lib->scheduler->schedule_job_ms(lib->scheduler, job, ROUTE_DELAY); | |
484 | } | |
485 | this->net_changes_lock->unlock(this->net_changes_lock); | |
486 | } | |
487 | ||
1f97e1aa TB |
488 | /** |
489 | * Add an address map entry | |
490 | */ | |
bfd2cc1c | 491 | static void addr_map_entry_add(private_kernel_pfroute_net_t *this, |
1f97e1aa TB |
492 | addr_entry_t *addr, iface_entry_t *iface) |
493 | { | |
494 | addr_map_entry_t *entry; | |
495 | ||
1f97e1aa TB |
496 | INIT(entry, |
497 | .ip = addr->ip, | |
e9c1ca02 | 498 | .addr = addr, |
1f97e1aa TB |
499 | .iface = iface, |
500 | ); | |
501 | entry = this->addrs->put(this->addrs, entry, entry); | |
502 | free(entry); | |
503 | } | |
504 | ||
505 | /** | |
506 | * Remove an address map entry (the argument order is a bit strange because | |
507 | * it is also used with linked_list_t.invoke_function) | |
508 | */ | |
509 | static void addr_map_entry_remove(addr_entry_t *addr, iface_entry_t *iface, | |
bfd2cc1c | 510 | private_kernel_pfroute_net_t *this) |
1f97e1aa TB |
511 | { |
512 | addr_map_entry_t *entry, lookup = { | |
513 | .ip = addr->ip, | |
e9c1ca02 | 514 | .addr = addr, |
1f97e1aa TB |
515 | .iface = iface, |
516 | }; | |
517 | ||
1f97e1aa TB |
518 | entry = this->addrs->remove(this->addrs, &lookup); |
519 | free(entry); | |
520 | } | |
521 | ||
d24a74c5 | 522 | /** |
ba26508d | 523 | * callback function that raises the delayed roam event |
d24a74c5 | 524 | */ |
ba26508d TB |
525 | static job_requeue_t roam_event(uintptr_t address) |
526 | { | |
f6659688 | 527 | hydra->kernel_interface->roam(hydra->kernel_interface, address != 0); |
ba26508d TB |
528 | return JOB_REQUEUE_NONE; |
529 | } | |
530 | ||
531 | /** | |
532 | * fire a roaming event. we delay it for a bit and fire only one event | |
533 | * for multiple calls. otherwise we would create too many events. | |
534 | */ | |
535 | static void fire_roam_event(private_kernel_pfroute_net_t *this, bool address) | |
d24a74c5 | 536 | { |
de578445 | 537 | timeval_t now; |
ba26508d | 538 | job_t *job; |
7daf5226 | 539 | |
de578445 MW |
540 | time_monotonic(&now); |
541 | if (timercmp(&now, &this->last_roam, >)) | |
d24a74c5 | 542 | { |
eecd41e3 | 543 | timeval_add_ms(&now, ROAM_DELAY); |
de578445 | 544 | this->last_roam = now; |
ba26508d TB |
545 | |
546 | job = (job_t*)callback_job_create((callback_job_cb_t)roam_event, | |
547 | (void*)(uintptr_t)(address ? 1 : 0), | |
548 | NULL, NULL); | |
bb381e26 | 549 | lib->scheduler->schedule_job_ms(lib->scheduler, job, ROAM_DELAY); |
d24a74c5 TB |
550 | } |
551 | } | |
552 | ||
b1c6b68e MW |
553 | /** |
554 | * Data for enumerator over rtmsg sockaddrs | |
555 | */ | |
556 | typedef struct { | |
557 | /** implements enumerator */ | |
558 | enumerator_t public; | |
559 | /** copy of attribute bitfield */ | |
560 | int types; | |
561 | /** bytes remaining in buffer */ | |
562 | int remaining; | |
563 | /** next sockaddr to enumerate */ | |
564 | struct sockaddr *addr; | |
565 | } rt_enumerator_t; | |
566 | ||
567 | METHOD(enumerator_t, rt_enumerate, bool, | |
568 | rt_enumerator_t *this, int *xtype, struct sockaddr **addr) | |
569 | { | |
570 | int i, type; | |
571 | ||
572 | if (this->remaining < sizeof(this->addr->sa_len) || | |
573 | this->remaining < this->addr->sa_len) | |
574 | { | |
575 | return FALSE; | |
576 | } | |
577 | for (i = 0; i < RTAX_MAX; i++) | |
578 | { | |
579 | type = (1 << i); | |
580 | if (this->types & type) | |
581 | { | |
582 | this->types &= ~type; | |
583 | *addr = this->addr; | |
584 | *xtype = i; | |
aa33d2e6 | 585 | this->remaining -= SA_LEN(this->addr->sa_len); |
4b3fea3d TB |
586 | this->addr = (struct sockaddr*)((char*)this->addr + |
587 | SA_LEN(this->addr->sa_len)); | |
b1c6b68e MW |
588 | return TRUE; |
589 | } | |
590 | } | |
591 | return FALSE; | |
592 | } | |
593 | ||
594 | /** | |
595 | * Create a safe enumerator over sockaddrs in ifa/ifam/rt_msg | |
596 | */ | |
597 | static enumerator_t *create_rtmsg_enumerator(void *hdr, size_t hdrlen) | |
598 | { | |
599 | struct rt_msghdr *rthdr = hdr; | |
600 | rt_enumerator_t *this; | |
601 | ||
602 | INIT(this, | |
603 | .public = { | |
604 | .enumerate = (void*)_rt_enumerate, | |
605 | .destroy = (void*)free, | |
606 | }, | |
607 | .types = rthdr->rtm_addrs, | |
608 | .remaining = rthdr->rtm_msglen - hdrlen, | |
609 | .addr = hdr + hdrlen, | |
610 | ); | |
611 | return &this->public; | |
612 | } | |
613 | ||
d24a74c5 TB |
614 | /** |
615 | * Process an RTM_*ADDR message from the kernel | |
616 | */ | |
617 | static void process_addr(private_kernel_pfroute_net_t *this, | |
b1c6b68e | 618 | struct ifa_msghdr *ifa) |
d24a74c5 | 619 | { |
b1c6b68e | 620 | struct sockaddr *sockaddr; |
d24a74c5 TB |
621 | host_t *host = NULL; |
622 | enumerator_t *ifaces, *addrs; | |
623 | iface_entry_t *iface; | |
624 | addr_entry_t *addr; | |
625 | bool found = FALSE, changed = FALSE, roam = FALSE; | |
b1c6b68e | 626 | enumerator_t *enumerator; |
0745f846 | 627 | char *ifname = NULL; |
b1c6b68e | 628 | int type; |
7daf5226 | 629 | |
b1c6b68e MW |
630 | enumerator = create_rtmsg_enumerator(ifa, sizeof(*ifa)); |
631 | while (enumerator->enumerate(enumerator, &type, &sockaddr)) | |
d24a74c5 | 632 | { |
b1c6b68e | 633 | if (type == RTAX_IFA) |
d24a74c5 | 634 | { |
b1c6b68e MW |
635 | host = host_create_from_sockaddr(sockaddr); |
636 | break; | |
d24a74c5 TB |
637 | } |
638 | } | |
b1c6b68e | 639 | enumerator->destroy(enumerator); |
7daf5226 | 640 | |
d24a74c5 TB |
641 | if (!host) |
642 | { | |
643 | return; | |
644 | } | |
7daf5226 | 645 | |
bdf36dac | 646 | this->lock->write_lock(this->lock); |
d24a74c5 TB |
647 | ifaces = this->ifaces->create_enumerator(this->ifaces); |
648 | while (ifaces->enumerate(ifaces, &iface)) | |
649 | { | |
650 | if (iface->ifindex == ifa->ifam_index) | |
651 | { | |
652 | addrs = iface->addrs->create_enumerator(iface->addrs); | |
653 | while (addrs->enumerate(addrs, &addr)) | |
654 | { | |
655 | if (host->ip_equals(host, addr->ip)) | |
656 | { | |
657 | found = TRUE; | |
658 | if (ifa->ifam_type == RTM_DELADDR) | |
659 | { | |
660 | iface->addrs->remove_at(iface->addrs, addrs); | |
940e1b0f | 661 | if (!addr->virtual && iface->usable) |
d24a74c5 TB |
662 | { |
663 | changed = TRUE; | |
664 | DBG1(DBG_KNL, "%H disappeared from %s", | |
665 | host, iface->ifname); | |
666 | } | |
1f97e1aa | 667 | addr_map_entry_remove(addr, iface, this); |
d24a74c5 TB |
668 | addr_entry_destroy(addr); |
669 | } | |
d24a74c5 TB |
670 | } |
671 | } | |
672 | addrs->destroy(addrs); | |
7daf5226 | 673 | |
d24a74c5 TB |
674 | if (!found && ifa->ifam_type == RTM_NEWADDR) |
675 | { | |
9650bf3c MW |
676 | INIT(addr, |
677 | .ip = host->clone(host), | |
9650bf3c | 678 | ); |
d24a74c5 | 679 | changed = TRUE; |
0745f846 | 680 | ifname = strdup(iface->ifname); |
d24a74c5 | 681 | iface->addrs->insert_last(iface->addrs, addr); |
1f97e1aa | 682 | addr_map_entry_add(this, addr, iface); |
940e1b0f TB |
683 | if (iface->usable) |
684 | { | |
685 | DBG1(DBG_KNL, "%H appeared on %s", host, iface->ifname); | |
686 | } | |
d24a74c5 | 687 | } |
7daf5226 | 688 | |
940e1b0f | 689 | if (changed && iface_entry_up_and_usable(iface)) |
d24a74c5 TB |
690 | { |
691 | roam = TRUE; | |
692 | } | |
693 | break; | |
694 | } | |
695 | } | |
696 | ifaces->destroy(ifaces); | |
bdf36dac | 697 | this->lock->unlock(this->lock); |
d24a74c5 | 698 | host->destroy(host); |
7daf5226 | 699 | |
0745f846 TB |
700 | if (roam && ifname) |
701 | { | |
702 | queue_route_reinstall(this, ifname); | |
703 | } | |
704 | else | |
705 | { | |
706 | free(ifname); | |
707 | } | |
708 | ||
d24a74c5 TB |
709 | if (roam) |
710 | { | |
ba26508d | 711 | fire_roam_event(this, TRUE); |
d24a74c5 TB |
712 | } |
713 | } | |
714 | ||
6e879a59 MW |
715 | /** |
716 | * Re-initialize address list of an interface if it changes state | |
717 | */ | |
718 | static void repopulate_iface(private_kernel_pfroute_net_t *this, | |
719 | iface_entry_t *iface) | |
720 | { | |
721 | struct ifaddrs *ifap, *ifa; | |
722 | addr_entry_t *addr; | |
723 | ||
724 | while (iface->addrs->remove_last(iface->addrs, (void**)&addr) == SUCCESS) | |
725 | { | |
726 | addr_map_entry_remove(addr, iface, this); | |
727 | addr_entry_destroy(addr); | |
728 | } | |
729 | ||
730 | if (getifaddrs(&ifap) == 0) | |
731 | { | |
732 | for (ifa = ifap; ifa != NULL; ifa = ifa->ifa_next) | |
733 | { | |
734 | if (ifa->ifa_addr && streq(ifa->ifa_name, iface->ifname)) | |
735 | { | |
736 | switch (ifa->ifa_addr->sa_family) | |
737 | { | |
738 | case AF_INET: | |
739 | case AF_INET6: | |
740 | INIT(addr, | |
741 | .ip = host_create_from_sockaddr(ifa->ifa_addr), | |
6e879a59 MW |
742 | ); |
743 | iface->addrs->insert_last(iface->addrs, addr); | |
744 | addr_map_entry_add(this, addr, iface); | |
745 | break; | |
746 | default: | |
747 | break; | |
748 | } | |
749 | } | |
750 | } | |
751 | freeifaddrs(ifap); | |
752 | } | |
753 | } | |
754 | ||
d24a74c5 TB |
755 | /** |
756 | * Process an RTM_IFINFO message from the kernel | |
757 | */ | |
758 | static void process_link(private_kernel_pfroute_net_t *this, | |
b1c6b68e | 759 | struct if_msghdr *msg) |
d24a74c5 | 760 | { |
d24a74c5 TB |
761 | enumerator_t *enumerator; |
762 | iface_entry_t *iface; | |
0745f846 | 763 | bool roam = FALSE, found = FALSE, update_routes = FALSE; |
7daf5226 | 764 | |
bdf36dac | 765 | this->lock->write_lock(this->lock); |
d24a74c5 TB |
766 | enumerator = this->ifaces->create_enumerator(this->ifaces); |
767 | while (enumerator->enumerate(enumerator, &iface)) | |
768 | { | |
769 | if (iface->ifindex == msg->ifm_index) | |
770 | { | |
940e1b0f | 771 | if (iface->usable) |
d24a74c5 | 772 | { |
940e1b0f TB |
773 | if (!(iface->flags & IFF_UP) && (msg->ifm_flags & IFF_UP)) |
774 | { | |
0745f846 | 775 | roam = update_routes = TRUE; |
940e1b0f TB |
776 | DBG1(DBG_KNL, "interface %s activated", iface->ifname); |
777 | } | |
778 | else if ((iface->flags & IFF_UP) && !(msg->ifm_flags & IFF_UP)) | |
779 | { | |
780 | roam = TRUE; | |
781 | DBG1(DBG_KNL, "interface %s deactivated", iface->ifname); | |
782 | } | |
d24a74c5 TB |
783 | } |
784 | iface->flags = msg->ifm_flags; | |
6e879a59 | 785 | repopulate_iface(this, iface); |
0fd409db | 786 | found = TRUE; |
d24a74c5 TB |
787 | break; |
788 | } | |
789 | } | |
790 | enumerator->destroy(enumerator); | |
0fd409db MW |
791 | |
792 | if (!found) | |
793 | { | |
794 | INIT(iface, | |
795 | .ifindex = msg->ifm_index, | |
796 | .flags = msg->ifm_flags, | |
797 | .addrs = linked_list_create(), | |
798 | ); | |
799 | if (if_indextoname(iface->ifindex, iface->ifname)) | |
800 | { | |
801 | DBG1(DBG_KNL, "interface %s appeared", iface->ifname); | |
802 | iface->usable = hydra->kernel_interface->is_interface_usable( | |
803 | hydra->kernel_interface, iface->ifname); | |
6e879a59 | 804 | repopulate_iface(this, iface); |
0fd409db | 805 | this->ifaces->insert_last(this->ifaces, iface); |
7b9c3fb4 TB |
806 | if (iface->usable) |
807 | { | |
0745f846 | 808 | roam = update_routes = TRUE; |
7b9c3fb4 | 809 | } |
0fd409db MW |
810 | } |
811 | else | |
812 | { | |
813 | free(iface); | |
814 | } | |
815 | } | |
bdf36dac | 816 | this->lock->unlock(this->lock); |
7daf5226 | 817 | |
0745f846 TB |
818 | if (update_routes) |
819 | { | |
820 | queue_route_reinstall(this, strdup(iface->ifname)); | |
821 | } | |
822 | ||
d24a74c5 TB |
823 | if (roam) |
824 | { | |
ba26508d | 825 | fire_roam_event(this, TRUE); |
d24a74c5 TB |
826 | } |
827 | } | |
828 | ||
829 | /** | |
830 | * Process an RTM_*ROUTE message from the kernel | |
831 | */ | |
832 | static void process_route(private_kernel_pfroute_net_t *this, | |
833 | struct rt_msghdr *msg) | |
834 | { | |
835 | ||
836 | } | |
837 | ||
838 | /** | |
b1c6b68e | 839 | * Receives PF_ROUTE messages from kernel |
d24a74c5 TB |
840 | */ |
841 | static job_requeue_t receive_events(private_kernel_pfroute_net_t *this) | |
842 | { | |
b1c6b68e MW |
843 | struct { |
844 | union { | |
845 | struct rt_msghdr rtm; | |
846 | struct if_msghdr ifm; | |
847 | struct ifa_msghdr ifam; | |
848 | }; | |
849 | char buf[sizeof(struct sockaddr_storage) * RTAX_MAX]; | |
850 | } msg; | |
851 | int len, hdrlen; | |
4a5a5dd2 | 852 | bool oldstate; |
7daf5226 | 853 | |
4a5a5dd2 | 854 | oldstate = thread_cancelability(TRUE); |
b1c6b68e | 855 | len = recv(this->socket, &msg, sizeof(msg), 0); |
4a5a5dd2 | 856 | thread_cancelability(oldstate); |
7daf5226 | 857 | |
d24a74c5 TB |
858 | if (len < 0) |
859 | { | |
860 | switch (errno) | |
861 | { | |
862 | case EINTR: | |
d24a74c5 | 863 | case EAGAIN: |
d24a74c5 TB |
864 | return JOB_REQUEUE_DIRECT; |
865 | default: | |
866 | DBG1(DBG_KNL, "unable to receive from PF_ROUTE event socket"); | |
867 | sleep(1); | |
868 | return JOB_REQUEUE_FAIR; | |
869 | } | |
870 | } | |
7daf5226 | 871 | |
b1c6b68e | 872 | if (len < offsetof(struct rt_msghdr, rtm_flags) || len < msg.rtm.rtm_msglen) |
d24a74c5 | 873 | { |
b1c6b68e | 874 | DBG1(DBG_KNL, "received invalid PF_ROUTE message"); |
d24a74c5 TB |
875 | return JOB_REQUEUE_DIRECT; |
876 | } | |
b1c6b68e MW |
877 | if (msg.rtm.rtm_version != RTM_VERSION) |
878 | { | |
879 | DBG1(DBG_KNL, "received PF_ROUTE message with unsupported version: %d", | |
880 | msg.rtm.rtm_version); | |
881 | return JOB_REQUEUE_DIRECT; | |
882 | } | |
883 | switch (msg.rtm.rtm_type) | |
d24a74c5 TB |
884 | { |
885 | case RTM_NEWADDR: | |
886 | case RTM_DELADDR: | |
b1c6b68e | 887 | hdrlen = sizeof(msg.ifam); |
d24a74c5 TB |
888 | break; |
889 | case RTM_IFINFO: | |
b1c6b68e | 890 | hdrlen = sizeof(msg.ifm); |
d24a74c5 TB |
891 | break; |
892 | case RTM_ADD: | |
893 | case RTM_DELETE: | |
b1c6b68e MW |
894 | case RTM_GET: |
895 | hdrlen = sizeof(msg.rtm); | |
896 | break; | |
897 | default: | |
898 | return JOB_REQUEUE_DIRECT; | |
899 | } | |
900 | if (msg.rtm.rtm_msglen < hdrlen) | |
901 | { | |
902 | DBG1(DBG_KNL, "ignoring short PF_ROUTE message"); | |
903 | return JOB_REQUEUE_DIRECT; | |
904 | } | |
905 | switch (msg.rtm.rtm_type) | |
906 | { | |
907 | case RTM_NEWADDR: | |
908 | case RTM_DELADDR: | |
909 | process_addr(this, &msg.ifam); | |
910 | break; | |
911 | case RTM_IFINFO: | |
912 | process_link(this, &msg.ifm); | |
913 | break; | |
914 | case RTM_ADD: | |
915 | case RTM_DELETE: | |
916 | process_route(this, &msg.rtm); | |
917 | break; | |
d24a74c5 TB |
918 | default: |
919 | break; | |
920 | } | |
3a7f4b5c MW |
921 | |
922 | this->mutex->lock(this->mutex); | |
923 | if (msg.rtm.rtm_pid == this->pid && msg.rtm.rtm_seq == this->waiting_seq) | |
924 | { | |
925 | /* seems like the message someone is waiting for, deliver */ | |
926 | this->reply = realloc(this->reply, msg.rtm.rtm_msglen); | |
927 | memcpy(this->reply, &msg, msg.rtm.rtm_msglen); | |
3a7f4b5c | 928 | } |
2a2d7a4d | 929 | /* signal on any event, add_ip()/del_ip() might wait for it */ |
c9a323c1 | 930 | this->condvar->broadcast(this->condvar); |
3a7f4b5c MW |
931 | this->mutex->unlock(this->mutex); |
932 | ||
d24a74c5 TB |
933 | return JOB_REQUEUE_DIRECT; |
934 | } | |
935 | ||
936 | ||
937 | /** enumerator over addresses */ | |
938 | typedef struct { | |
939 | private_kernel_pfroute_net_t* this; | |
4106aea8 | 940 | /** which addresses to enumerate */ |
bfd2cc1c | 941 | kernel_address_type_t which; |
d24a74c5 TB |
942 | } address_enumerator_t; |
943 | ||
944 | /** | |
945 | * cleanup function for address enumerator | |
946 | */ | |
947 | static void address_enumerator_destroy(address_enumerator_t *data) | |
948 | { | |
bdf36dac | 949 | data->this->lock->unlock(data->this->lock); |
d24a74c5 TB |
950 | free(data); |
951 | } | |
952 | ||
953 | /** | |
954 | * filter for addresses | |
955 | */ | |
e131f117 MW |
956 | static bool filter_addresses(address_enumerator_t *data, |
957 | addr_entry_t** in, host_t** out) | |
d24a74c5 TB |
958 | { |
959 | host_t *ip; | |
4106aea8 | 960 | if (!(data->which & ADDR_TYPE_VIRTUAL) && (*in)->virtual) |
d24a74c5 | 961 | { /* skip virtual interfaces added by us */ |
1a2a8bff MW |
962 | return FALSE; |
963 | } | |
964 | if (!(data->which & ADDR_TYPE_REGULAR) && !(*in)->virtual) | |
965 | { /* address is regular, but not requested */ | |
d24a74c5 TB |
966 | return FALSE; |
967 | } | |
968 | ip = (*in)->ip; | |
969 | if (ip->get_family(ip) == AF_INET6) | |
970 | { | |
971 | struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)ip->get_sockaddr(ip); | |
972 | if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) | |
973 | { /* skip addresses with a unusable scope */ | |
974 | return FALSE; | |
975 | } | |
976 | } | |
977 | *out = ip; | |
978 | return TRUE; | |
979 | } | |
980 | ||
981 | /** | |
982 | * enumerator constructor for interfaces | |
983 | */ | |
e131f117 MW |
984 | static enumerator_t *create_iface_enumerator(iface_entry_t *iface, |
985 | address_enumerator_t *data) | |
d24a74c5 TB |
986 | { |
987 | return enumerator_create_filter(iface->addrs->create_enumerator(iface->addrs), | |
988 | (void*)filter_addresses, data, NULL); | |
989 | } | |
990 | ||
991 | /** | |
992 | * filter for interfaces | |
993 | */ | |
e131f117 MW |
994 | static bool filter_interfaces(address_enumerator_t *data, iface_entry_t** in, |
995 | iface_entry_t** out) | |
d24a74c5 | 996 | { |
4106aea8 | 997 | if (!(data->which & ADDR_TYPE_IGNORED) && !(*in)->usable) |
940e1b0f TB |
998 | { /* skip interfaces excluded by config */ |
999 | return FALSE; | |
1000 | } | |
4106aea8 | 1001 | if (!(data->which & ADDR_TYPE_LOOPBACK) && ((*in)->flags & IFF_LOOPBACK)) |
aed33805 TB |
1002 | { /* ignore loopback devices */ |
1003 | return FALSE; | |
1004 | } | |
4106aea8 TB |
1005 | if (!(data->which & ADDR_TYPE_DOWN) && !((*in)->flags & IFF_UP)) |
1006 | { /* skip interfaces not up */ | |
d24a74c5 TB |
1007 | return FALSE; |
1008 | } | |
1009 | *out = *in; | |
1010 | return TRUE; | |
1011 | } | |
1012 | ||
e131f117 | 1013 | METHOD(kernel_net_t, create_address_enumerator, enumerator_t*, |
bfd2cc1c | 1014 | private_kernel_pfroute_net_t *this, kernel_address_type_t which) |
d24a74c5 | 1015 | { |
9650bf3c MW |
1016 | address_enumerator_t *data; |
1017 | ||
1018 | INIT(data, | |
1019 | .this = this, | |
1020 | .which = which, | |
1021 | ); | |
d24a74c5 | 1022 | |
bdf36dac | 1023 | this->lock->read_lock(this->lock); |
d24a74c5 | 1024 | return enumerator_create_nested( |
e131f117 MW |
1025 | enumerator_create_filter( |
1026 | this->ifaces->create_enumerator(this->ifaces), | |
1027 | (void*)filter_interfaces, data, NULL), | |
1028 | (void*)create_iface_enumerator, data, | |
1029 | (void*)address_enumerator_destroy); | |
d24a74c5 TB |
1030 | } |
1031 | ||
580b768d MW |
1032 | METHOD(kernel_net_t, get_features, kernel_feature_t, |
1033 | private_kernel_pfroute_net_t *this) | |
1034 | { | |
1035 | return KERNEL_REQUIRE_EXCLUDE_ROUTE; | |
1036 | } | |
1037 | ||
9ba36c0f TB |
1038 | METHOD(kernel_net_t, get_interface_name, bool, |
1039 | private_kernel_pfroute_net_t *this, host_t* ip, char **name) | |
d24a74c5 | 1040 | { |
1f97e1aa TB |
1041 | addr_map_entry_t *entry, lookup = { |
1042 | .ip = ip, | |
1043 | }; | |
d24a74c5 | 1044 | |
645d7a5e TB |
1045 | if (ip->is_anyaddr(ip)) |
1046 | { | |
1047 | return FALSE; | |
1048 | } | |
bdf36dac | 1049 | this->lock->read_lock(this->lock); |
1f97e1aa TB |
1050 | /* first try to find it on an up and usable interface */ |
1051 | entry = this->addrs->get_match(this->addrs, &lookup, | |
1052 | (void*)addr_map_entry_match_up_and_usable); | |
1053 | if (entry) | |
d24a74c5 | 1054 | { |
1f97e1aa | 1055 | if (name) |
940e1b0f | 1056 | { |
1f97e1aa | 1057 | *name = strdup(entry->iface->ifname); |
940e1b0f TB |
1058 | DBG2(DBG_KNL, "%H is on interface %s", ip, *name); |
1059 | } | |
bdf36dac | 1060 | this->lock->unlock(this->lock); |
1f97e1aa | 1061 | return TRUE; |
d24a74c5 | 1062 | } |
1f97e1aa TB |
1063 | /* maybe it is installed on an ignored interface */ |
1064 | entry = this->addrs->get_match(this->addrs, &lookup, | |
1065 | (void*)addr_map_entry_match_up); | |
1066 | if (!entry) | |
1067 | { /* the address does not exist, is on a down interface */ | |
1068 | DBG2(DBG_KNL, "%H is not a local address or the interface is down", ip); | |
1069 | } | |
bdf36dac | 1070 | this->lock->unlock(this->lock); |
1f97e1aa | 1071 | return FALSE; |
d24a74c5 TB |
1072 | } |
1073 | ||
e131f117 | 1074 | METHOD(kernel_net_t, add_ip, status_t, |
2a2d7a4d | 1075 | private_kernel_pfroute_net_t *this, host_t *vip, int prefix, |
77b6f196 | 1076 | char *ifname) |
d24a74c5 | 1077 | { |
77b6f196 MW |
1078 | enumerator_t *ifaces, *addrs; |
1079 | iface_entry_t *iface; | |
1080 | addr_entry_t *addr; | |
2a2d7a4d MW |
1081 | tun_device_t *tun; |
1082 | bool timeout = FALSE; | |
1083 | ||
1084 | tun = tun_device_create(NULL); | |
1085 | if (!tun) | |
1086 | { | |
1087 | return FAILED; | |
1088 | } | |
1089 | if (prefix == -1) | |
1090 | { | |
1091 | prefix = vip->get_address(vip).len * 8; | |
1092 | } | |
93e4df37 | 1093 | if (!tun->up(tun) || !tun->set_address(tun, vip, prefix)) |
2a2d7a4d MW |
1094 | { |
1095 | tun->destroy(tun); | |
1096 | return FAILED; | |
1097 | } | |
1098 | ||
1099 | /* wait until address appears */ | |
1100 | this->mutex->lock(this->mutex); | |
1101 | while (!timeout && !get_interface_name(this, vip, NULL)) | |
1102 | { | |
baa6419e TB |
1103 | timeout = this->condvar->timed_wait(this->condvar, this->mutex, |
1104 | this->vip_wait); | |
2a2d7a4d MW |
1105 | } |
1106 | this->mutex->unlock(this->mutex); | |
1107 | if (timeout) | |
1108 | { | |
1109 | DBG1(DBG_KNL, "virtual IP %H did not appear on %s", | |
1110 | vip, tun->get_name(tun)); | |
1111 | tun->destroy(tun); | |
1112 | return FAILED; | |
1113 | } | |
1114 | ||
1115 | this->lock->write_lock(this->lock); | |
1116 | this->tuns->insert_last(this->tuns, tun); | |
77b6f196 MW |
1117 | |
1118 | ifaces = this->ifaces->create_enumerator(this->ifaces); | |
1119 | while (ifaces->enumerate(ifaces, &iface)) | |
1120 | { | |
1121 | if (streq(iface->ifname, tun->get_name(tun))) | |
1122 | { | |
1123 | addrs = iface->addrs->create_enumerator(iface->addrs); | |
1124 | while (addrs->enumerate(addrs, &addr)) | |
1125 | { | |
1126 | if (addr->ip->ip_equals(addr->ip, vip)) | |
1127 | { | |
1128 | addr->virtual = TRUE; | |
77b6f196 MW |
1129 | } |
1130 | } | |
1131 | addrs->destroy(addrs); | |
0745f846 TB |
1132 | /* during IKEv1 reauthentication, children get moved from |
1133 | * old the new SA before the virtual IP is available. This | |
1134 | * kills the route for our virtual IP, reinstall. */ | |
1135 | queue_route_reinstall(this, strdup(iface->ifname)); | |
1136 | break; | |
77b6f196 MW |
1137 | } |
1138 | } | |
1139 | ifaces->destroy(ifaces); | |
554c4276 | 1140 | /* lets do this while holding the lock, thus preventing another thread |
0745f846 | 1141 | * from deleting the TUN device concurrently, hopefully listeners are quick |
554c4276 TB |
1142 | * and cause no deadlocks */ |
1143 | hydra->kernel_interface->tun(hydra->kernel_interface, tun, TRUE); | |
2a2d7a4d MW |
1144 | this->lock->unlock(this->lock); |
1145 | ||
1146 | return SUCCESS; | |
d24a74c5 TB |
1147 | } |
1148 | ||
e131f117 | 1149 | METHOD(kernel_net_t, del_ip, status_t, |
2a2d7a4d | 1150 | private_kernel_pfroute_net_t *this, host_t *vip, int prefix, |
d88597f0 | 1151 | bool wait) |
d24a74c5 | 1152 | { |
2a2d7a4d MW |
1153 | enumerator_t *enumerator; |
1154 | tun_device_t *tun; | |
1155 | host_t *addr; | |
1156 | bool timeout = FALSE, found = FALSE; | |
1157 | ||
1158 | this->lock->write_lock(this->lock); | |
1159 | enumerator = this->tuns->create_enumerator(this->tuns); | |
1160 | while (enumerator->enumerate(enumerator, &tun)) | |
1161 | { | |
1162 | addr = tun->get_address(tun, NULL); | |
1163 | if (addr && addr->ip_equals(addr, vip)) | |
1164 | { | |
1165 | this->tuns->remove_at(this->tuns, enumerator); | |
554c4276 TB |
1166 | hydra->kernel_interface->tun(hydra->kernel_interface, tun, |
1167 | FALSE); | |
2a2d7a4d MW |
1168 | tun->destroy(tun); |
1169 | found = TRUE; | |
1170 | break; | |
1171 | } | |
1172 | } | |
1173 | enumerator->destroy(enumerator); | |
1174 | this->lock->unlock(this->lock); | |
1175 | ||
1176 | if (!found) | |
1177 | { | |
1178 | return NOT_FOUND; | |
1179 | } | |
1180 | /* wait until address disappears */ | |
1181 | if (wait) | |
1182 | { | |
1183 | this->mutex->lock(this->mutex); | |
1184 | while (!timeout && get_interface_name(this, vip, NULL)) | |
1185 | { | |
baa6419e TB |
1186 | timeout = this->condvar->timed_wait(this->condvar, this->mutex, |
1187 | this->vip_wait); | |
2a2d7a4d MW |
1188 | } |
1189 | this->mutex->unlock(this->mutex); | |
1190 | if (timeout) | |
1191 | { | |
1192 | DBG1(DBG_KNL, "virtual IP %H did not disappear from tun", vip); | |
1193 | return FAILED; | |
1194 | } | |
1195 | } | |
1196 | return SUCCESS; | |
d24a74c5 TB |
1197 | } |
1198 | ||
272bcac8 MW |
1199 | /** |
1200 | * Append a sockaddr_in/in6 of given type to routing message | |
1201 | */ | |
1202 | static void add_rt_addr(struct rt_msghdr *hdr, int type, host_t *addr) | |
1203 | { | |
1204 | if (addr) | |
1205 | { | |
1206 | int len; | |
1207 | ||
1208 | len = *addr->get_sockaddr_len(addr); | |
1209 | memcpy((char*)hdr + hdr->rtm_msglen, addr->get_sockaddr(addr), len); | |
aa33d2e6 | 1210 | hdr->rtm_msglen += SA_LEN(len); |
272bcac8 MW |
1211 | hdr->rtm_addrs |= type; |
1212 | } | |
1213 | } | |
1214 | ||
1215 | /** | |
1216 | * Append a subnet mask sockaddr using the given prefix to routing message | |
1217 | */ | |
1218 | static void add_rt_mask(struct rt_msghdr *hdr, int type, int family, int prefix) | |
1219 | { | |
1220 | host_t *mask; | |
1221 | ||
1222 | mask = host_create_netmask(family, prefix); | |
1223 | if (mask) | |
1224 | { | |
1225 | add_rt_addr(hdr, type, mask); | |
1226 | mask->destroy(mask); | |
1227 | } | |
1228 | } | |
1229 | ||
1230 | /** | |
1231 | * Append an interface name sockaddr_dl to routing message | |
1232 | */ | |
1233 | static void add_rt_ifname(struct rt_msghdr *hdr, int type, char *name) | |
1234 | { | |
1235 | struct sockaddr_dl sdl = { | |
1236 | .sdl_len = sizeof(struct sockaddr_dl), | |
1237 | .sdl_family = AF_LINK, | |
1238 | .sdl_nlen = strlen(name), | |
1239 | }; | |
1240 | ||
1241 | if (strlen(name) <= sizeof(sdl.sdl_data)) | |
1242 | { | |
1243 | memcpy(sdl.sdl_data, name, sdl.sdl_nlen); | |
1244 | memcpy((char*)hdr + hdr->rtm_msglen, &sdl, sdl.sdl_len); | |
aa33d2e6 | 1245 | hdr->rtm_msglen += SA_LEN(sdl.sdl_len); |
272bcac8 MW |
1246 | hdr->rtm_addrs |= type; |
1247 | } | |
1248 | } | |
1249 | ||
1250 | /** | |
1251 | * Add or remove a route | |
1252 | */ | |
1253 | static status_t manage_route(private_kernel_pfroute_net_t *this, int op, | |
1254 | chunk_t dst_net, u_int8_t prefixlen, | |
1255 | host_t *gateway, char *if_name) | |
1256 | { | |
1257 | struct { | |
1258 | struct rt_msghdr hdr; | |
1259 | char buf[sizeof(struct sockaddr_storage) * RTAX_MAX]; | |
1260 | } msg = { | |
1261 | .hdr = { | |
1262 | .rtm_version = RTM_VERSION, | |
1263 | .rtm_type = op, | |
1264 | .rtm_flags = RTF_UP | RTF_STATIC, | |
1265 | .rtm_pid = this->pid, | |
e50b2053 | 1266 | .rtm_seq = ref_get(&this->seq), |
272bcac8 MW |
1267 | }, |
1268 | }; | |
1269 | host_t *dst; | |
1270 | int type; | |
1271 | ||
12178303 MW |
1272 | if (prefixlen == 0 && dst_net.len) |
1273 | { | |
1274 | status_t status; | |
1275 | chunk_t half; | |
1276 | ||
1277 | half = chunk_clonea(dst_net); | |
1278 | half.ptr[0] |= 0x80; | |
1279 | prefixlen = 1; | |
1280 | status = manage_route(this, op, half, prefixlen, gateway, if_name); | |
1281 | if (status != SUCCESS) | |
1282 | { | |
1283 | return status; | |
1284 | } | |
1285 | } | |
1286 | ||
272bcac8 MW |
1287 | dst = host_create_from_chunk(AF_UNSPEC, dst_net, 0); |
1288 | if (!dst) | |
1289 | { | |
1290 | return FAILED; | |
1291 | } | |
1292 | ||
1293 | if ((dst->get_family(dst) == AF_INET && prefixlen == 32) || | |
1294 | (dst->get_family(dst) == AF_INET6 && prefixlen == 128)) | |
1295 | { | |
1296 | msg.hdr.rtm_flags |= RTF_HOST | RTF_GATEWAY; | |
1297 | } | |
1298 | ||
1299 | msg.hdr.rtm_msglen = sizeof(struct rt_msghdr); | |
1300 | for (type = 0; type < RTAX_MAX; type++) | |
1301 | { | |
1302 | switch (type) | |
1303 | { | |
1304 | case RTAX_DST: | |
1305 | add_rt_addr(&msg.hdr, RTA_DST, dst); | |
1306 | break; | |
1307 | case RTAX_NETMASK: | |
1308 | if (!(msg.hdr.rtm_flags & RTF_HOST)) | |
1309 | { | |
1310 | add_rt_mask(&msg.hdr, RTA_NETMASK, | |
1311 | dst->get_family(dst), prefixlen); | |
1312 | } | |
1313 | break; | |
f58f8bf4 | 1314 | case RTAX_IFP: |
272bcac8 MW |
1315 | if (if_name) |
1316 | { | |
f58f8bf4 | 1317 | add_rt_ifname(&msg.hdr, RTA_IFP, if_name); |
272bcac8 | 1318 | } |
f58f8bf4 TB |
1319 | break; |
1320 | case RTAX_GATEWAY: | |
1321 | if (gateway) | |
272bcac8 MW |
1322 | { |
1323 | add_rt_addr(&msg.hdr, RTA_GATEWAY, gateway); | |
1324 | } | |
1325 | break; | |
1326 | default: | |
1327 | break; | |
1328 | } | |
1329 | } | |
1330 | dst->destroy(dst); | |
1331 | ||
1332 | if (send(this->socket, &msg, msg.hdr.rtm_msglen, 0) != msg.hdr.rtm_msglen) | |
1333 | { | |
527663d6 TB |
1334 | if (errno == EEXIST) |
1335 | { | |
1336 | return ALREADY_DONE; | |
1337 | } | |
272bcac8 MW |
1338 | DBG1(DBG_KNL, "%s PF_ROUTE route failed: %s", |
1339 | op == RTM_ADD ? "adding" : "deleting", strerror(errno)); | |
1340 | return FAILED; | |
1341 | } | |
1342 | return SUCCESS; | |
1343 | } | |
1344 | ||
e131f117 MW |
1345 | METHOD(kernel_net_t, add_route, status_t, |
1346 | private_kernel_pfroute_net_t *this, chunk_t dst_net, u_int8_t prefixlen, | |
1347 | host_t *gateway, host_t *src_ip, char *if_name) | |
d24a74c5 | 1348 | { |
0745f846 TB |
1349 | status_t status; |
1350 | route_entry_t *found, route = { | |
1351 | .dst_net = dst_net, | |
1352 | .prefixlen = prefixlen, | |
1353 | .gateway = gateway, | |
1354 | .if_name = if_name, | |
1355 | }; | |
1356 | ||
1357 | this->routes_lock->lock(this->routes_lock); | |
1358 | found = this->routes->get(this->routes, &route); | |
1359 | if (found) | |
1360 | { | |
1361 | this->routes_lock->unlock(this->routes_lock); | |
1362 | return ALREADY_DONE; | |
1363 | } | |
1364 | found = route_entry_clone(&route); | |
1365 | this->routes->put(this->routes, found, found); | |
1366 | status = manage_route(this, RTM_ADD, dst_net, prefixlen, gateway, if_name); | |
1367 | this->routes_lock->unlock(this->routes_lock); | |
1368 | return status; | |
d24a74c5 TB |
1369 | } |
1370 | ||
e131f117 MW |
1371 | METHOD(kernel_net_t, del_route, status_t, |
1372 | private_kernel_pfroute_net_t *this, chunk_t dst_net, u_int8_t prefixlen, | |
1373 | host_t *gateway, host_t *src_ip, char *if_name) | |
d24a74c5 | 1374 | { |
0745f846 TB |
1375 | status_t status; |
1376 | route_entry_t *found, route = { | |
1377 | .dst_net = dst_net, | |
1378 | .prefixlen = prefixlen, | |
1379 | .gateway = gateway, | |
1380 | .if_name = if_name, | |
1381 | }; | |
1382 | ||
1383 | this->routes_lock->lock(this->routes_lock); | |
1384 | found = this->routes->get(this->routes, &route); | |
1385 | if (!found) | |
1386 | { | |
1387 | this->routes_lock->unlock(this->routes_lock); | |
1388 | return NOT_FOUND; | |
1389 | } | |
1390 | this->routes->remove(this->routes, found); | |
1391 | route_entry_destroy(found); | |
1392 | status = manage_route(this, RTM_DELETE, dst_net, prefixlen, gateway, | |
1393 | if_name); | |
1394 | this->routes_lock->unlock(this->routes_lock); | |
1395 | return status; | |
d24a74c5 TB |
1396 | } |
1397 | ||
d6c17e96 TB |
1398 | /** |
1399 | * Do a route lookup for dest and return either the nexthop or the source | |
1400 | * address. | |
1401 | */ | |
1402 | static host_t *get_route(private_kernel_pfroute_net_t *this, bool nexthop, | |
1403 | host_t *dest, host_t *src) | |
9bc342ea MW |
1404 | { |
1405 | struct { | |
1406 | struct rt_msghdr hdr; | |
1407 | char buf[sizeof(struct sockaddr_storage) * RTAX_MAX]; | |
1408 | } msg = { | |
1409 | .hdr = { | |
1410 | .rtm_version = RTM_VERSION, | |
1411 | .rtm_type = RTM_GET, | |
1412 | .rtm_pid = this->pid, | |
e50b2053 | 1413 | .rtm_seq = ref_get(&this->seq), |
9bc342ea MW |
1414 | }, |
1415 | }; | |
12488efa | 1416 | host_t *host = NULL; |
9bc342ea MW |
1417 | enumerator_t *enumerator; |
1418 | struct sockaddr *addr; | |
dc8b083d | 1419 | bool failed = FALSE; |
9bc342ea MW |
1420 | int type; |
1421 | ||
dc8b083d | 1422 | retry: |
9bc342ea MW |
1423 | msg.hdr.rtm_msglen = sizeof(struct rt_msghdr); |
1424 | for (type = 0; type < RTAX_MAX; type++) | |
1425 | { | |
1426 | switch (type) | |
1427 | { | |
1428 | case RTAX_DST: | |
1429 | add_rt_addr(&msg.hdr, RTA_DST, dest); | |
1430 | break; | |
1431 | case RTAX_IFA: | |
1432 | add_rt_addr(&msg.hdr, RTA_IFA, src); | |
1433 | break; | |
1c697ff1 TB |
1434 | case RTAX_IFP: |
1435 | if (!nexthop) | |
1436 | { /* add an empty IFP to ensure we get a source address */ | |
1437 | add_rt_ifname(&msg.hdr, RTA_IFP, ""); | |
1438 | } | |
1439 | break; | |
9bc342ea MW |
1440 | default: |
1441 | break; | |
1442 | } | |
1443 | } | |
1444 | this->mutex->lock(this->mutex); | |
1445 | ||
c9a323c1 MW |
1446 | while (this->waiting_seq) |
1447 | { | |
1448 | this->condvar->wait(this->condvar, this->mutex); | |
1449 | } | |
9bc342ea MW |
1450 | this->waiting_seq = msg.hdr.rtm_seq; |
1451 | if (send(this->socket, &msg, msg.hdr.rtm_msglen, 0) == msg.hdr.rtm_msglen) | |
1452 | { | |
1453 | while (TRUE) | |
1454 | { | |
1455 | if (this->condvar->timed_wait(this->condvar, this->mutex, 1000)) | |
1456 | { /* timed out? */ | |
1457 | break; | |
1458 | } | |
1459 | if (this->reply->rtm_msglen < sizeof(*this->reply) || | |
1460 | msg.hdr.rtm_seq != this->reply->rtm_seq) | |
1461 | { | |
1462 | continue; | |
1463 | } | |
1464 | enumerator = create_rtmsg_enumerator(this->reply, | |
1465 | sizeof(*this->reply)); | |
1466 | while (enumerator->enumerate(enumerator, &type, &addr)) | |
1467 | { | |
12488efa | 1468 | if (nexthop) |
b0629f7d | 1469 | { |
12488efa TB |
1470 | if (type == RTAX_DST && this->reply->rtm_flags & RTF_HOST) |
1471 | { /* probably a cloned/cached direct route, only use that | |
1472 | * as fallback if no gateway is found */ | |
1473 | host = host ?: host_create_from_sockaddr(addr); | |
1474 | } | |
1475 | if (type == RTAX_GATEWAY) | |
1476 | { /* could actually be a MAC address */ | |
1477 | host_t *gtw = host_create_from_sockaddr(addr); | |
1478 | if (gtw) | |
1479 | { | |
1480 | DESTROY_IF(host); | |
1481 | host = gtw; | |
1482 | } | |
1483 | } | |
34b0ad06 | 1484 | } |
12488efa | 1485 | else |
d6c17e96 | 1486 | { |
12488efa | 1487 | if (type == RTAX_IFA) |
b0629f7d | 1488 | { |
12488efa | 1489 | host = host_create_from_sockaddr(addr); |
b0629f7d | 1490 | } |
9bc342ea MW |
1491 | } |
1492 | } | |
1493 | enumerator->destroy(enumerator); | |
1494 | break; | |
1495 | } | |
1496 | } | |
1497 | else | |
1498 | { | |
dc8b083d | 1499 | failed = TRUE; |
9bc342ea | 1500 | } |
c9a323c1 MW |
1501 | /* signal completion of query to a waiting thread */ |
1502 | this->waiting_seq = 0; | |
1503 | this->condvar->signal(this->condvar); | |
9bc342ea MW |
1504 | this->mutex->unlock(this->mutex); |
1505 | ||
dc8b083d TB |
1506 | if (failed) |
1507 | { | |
1508 | if (src) | |
1509 | { /* the given source address might be gone, try again without */ | |
1510 | src = NULL; | |
e50b2053 | 1511 | msg.hdr.rtm_seq = ref_get(&this->seq); |
dc8b083d TB |
1512 | msg.hdr.rtm_addrs = 0; |
1513 | memset(msg.buf, sizeof(msg.buf), 0); | |
1514 | goto retry; | |
1515 | } | |
1516 | DBG1(DBG_KNL, "PF_ROUTE lookup failed: %s", strerror(errno)); | |
1517 | } | |
cb082d15 | 1518 | if (!host) |
b0629f7d | 1519 | { |
cb082d15 TB |
1520 | return NULL; |
1521 | } | |
1522 | if (!nexthop) | |
1523 | { /* make sure the source address is not virtual and usable */ | |
1524 | addr_entry_t *entry, lookup = { | |
1525 | .ip = host, | |
1526 | }; | |
1527 | ||
1528 | this->lock->read_lock(this->lock); | |
1529 | entry = this->addrs->get_match(this->addrs, &lookup, | |
1530 | (void*)addr_map_entry_match_up_and_usable); | |
1531 | this->lock->unlock(this->lock); | |
1532 | if (!entry) | |
1533 | { | |
1534 | host->destroy(host); | |
1535 | return NULL; | |
1536 | } | |
b0629f7d | 1537 | } |
cb082d15 TB |
1538 | DBG2(DBG_KNL, "using %H as %s to reach %H", host, |
1539 | nexthop ? "nexthop" : "address", dest); | |
d6c17e96 TB |
1540 | return host; |
1541 | } | |
1542 | ||
1543 | METHOD(kernel_net_t, get_source_addr, host_t*, | |
1544 | private_kernel_pfroute_net_t *this, host_t *dest, host_t *src) | |
1545 | { | |
1546 | return get_route(this, FALSE, dest, src); | |
1547 | } | |
1548 | ||
1549 | METHOD(kernel_net_t, get_nexthop, host_t*, | |
1550 | private_kernel_pfroute_net_t *this, host_t *dest, host_t *src) | |
1551 | { | |
1552 | return get_route(this, TRUE, dest, src); | |
9bc342ea MW |
1553 | } |
1554 | ||
d24a74c5 TB |
1555 | /** |
1556 | * Initialize a list of local addresses. | |
1557 | */ | |
1558 | static status_t init_address_list(private_kernel_pfroute_net_t *this) | |
1559 | { | |
1560 | struct ifaddrs *ifap, *ifa; | |
1561 | iface_entry_t *iface, *current; | |
1562 | addr_entry_t *addr; | |
1563 | enumerator_t *ifaces, *addrs; | |
7daf5226 | 1564 | |
31a0e24b | 1565 | DBG2(DBG_KNL, "known interfaces and IP addresses:"); |
7daf5226 | 1566 | |
d24a74c5 TB |
1567 | if (getifaddrs(&ifap) < 0) |
1568 | { | |
1569 | DBG1(DBG_KNL, " failed to get interfaces!"); | |
1570 | return FAILED; | |
1571 | } | |
7daf5226 | 1572 | |
d24a74c5 TB |
1573 | for (ifa = ifap; ifa != NULL; ifa = ifa->ifa_next) |
1574 | { | |
1575 | if (ifa->ifa_addr == NULL) | |
1576 | { | |
1577 | continue; | |
1578 | } | |
1579 | switch(ifa->ifa_addr->sa_family) | |
1580 | { | |
1581 | case AF_LINK: | |
1582 | case AF_INET: | |
1583 | case AF_INET6: | |
1584 | { | |
d24a74c5 TB |
1585 | iface = NULL; |
1586 | ifaces = this->ifaces->create_enumerator(this->ifaces); | |
1587 | while (ifaces->enumerate(ifaces, ¤t)) | |
1588 | { | |
1589 | if (streq(current->ifname, ifa->ifa_name)) | |
1590 | { | |
1591 | iface = current; | |
1592 | break; | |
1593 | } | |
1594 | } | |
1595 | ifaces->destroy(ifaces); | |
7daf5226 | 1596 | |
d24a74c5 TB |
1597 | if (!iface) |
1598 | { | |
9650bf3c MW |
1599 | INIT(iface, |
1600 | .ifindex = if_nametoindex(ifa->ifa_name), | |
1601 | .flags = ifa->ifa_flags, | |
1602 | .addrs = linked_list_create(), | |
1603 | .usable = hydra->kernel_interface->is_interface_usable( | |
1604 | hydra->kernel_interface, ifa->ifa_name), | |
1605 | ); | |
d24a74c5 | 1606 | memcpy(iface->ifname, ifa->ifa_name, IFNAMSIZ); |
d24a74c5 TB |
1607 | this->ifaces->insert_last(this->ifaces, iface); |
1608 | } | |
7daf5226 | 1609 | |
d24a74c5 TB |
1610 | if (ifa->ifa_addr->sa_family != AF_LINK) |
1611 | { | |
9650bf3c MW |
1612 | INIT(addr, |
1613 | .ip = host_create_from_sockaddr(ifa->ifa_addr), | |
9650bf3c | 1614 | ); |
d24a74c5 | 1615 | iface->addrs->insert_last(iface->addrs, addr); |
9845391a | 1616 | addr_map_entry_add(this, addr, iface); |
d24a74c5 TB |
1617 | } |
1618 | } | |
1619 | } | |
1620 | } | |
1621 | freeifaddrs(ifap); | |
7daf5226 | 1622 | |
d24a74c5 TB |
1623 | ifaces = this->ifaces->create_enumerator(this->ifaces); |
1624 | while (ifaces->enumerate(ifaces, &iface)) | |
1625 | { | |
940e1b0f | 1626 | if (iface->usable && iface->flags & IFF_UP) |
d24a74c5 | 1627 | { |
31a0e24b | 1628 | DBG2(DBG_KNL, " %s", iface->ifname); |
d24a74c5 TB |
1629 | addrs = iface->addrs->create_enumerator(iface->addrs); |
1630 | while (addrs->enumerate(addrs, (void**)&addr)) | |
1631 | { | |
31a0e24b | 1632 | DBG2(DBG_KNL, " %H", addr->ip); |
d24a74c5 TB |
1633 | } |
1634 | addrs->destroy(addrs); | |
1635 | } | |
1636 | } | |
1637 | ifaces->destroy(ifaces); | |
7daf5226 | 1638 | |
d24a74c5 TB |
1639 | return SUCCESS; |
1640 | } | |
1641 | ||
cce8f652 | 1642 | METHOD(kernel_net_t, destroy, void, |
e131f117 | 1643 | private_kernel_pfroute_net_t *this) |
d24a74c5 | 1644 | { |
1f97e1aa | 1645 | enumerator_t *enumerator; |
0745f846 | 1646 | route_entry_t *route; |
bfd2cc1c | 1647 | addr_entry_t *addr; |
1f97e1aa | 1648 | |
0745f846 TB |
1649 | enumerator = this->routes->create_enumerator(this->routes); |
1650 | while (enumerator->enumerate(enumerator, NULL, (void**)&route)) | |
1651 | { | |
1652 | manage_route(this, RTM_DELETE, route->dst_net, route->prefixlen, | |
1653 | route->gateway, route->if_name); | |
1654 | route_entry_destroy(route); | |
1655 | } | |
1656 | enumerator->destroy(enumerator); | |
1657 | this->routes->destroy(this->routes); | |
1658 | this->routes_lock->destroy(this->routes_lock); | |
1659 | ||
0e107f03 | 1660 | if (this->socket != -1) |
d6a27ec6 MW |
1661 | { |
1662 | close(this->socket); | |
1663 | } | |
0745f846 TB |
1664 | |
1665 | net_changes_clear(this); | |
1666 | this->net_changes->destroy(this->net_changes); | |
1667 | this->net_changes_lock->destroy(this->net_changes_lock); | |
1668 | ||
1f97e1aa TB |
1669 | enumerator = this->addrs->create_enumerator(this->addrs); |
1670 | while (enumerator->enumerate(enumerator, NULL, (void**)&addr)) | |
1671 | { | |
1672 | free(addr); | |
1673 | } | |
1674 | enumerator->destroy(enumerator); | |
1675 | this->addrs->destroy(this->addrs); | |
d24a74c5 | 1676 | this->ifaces->destroy_function(this->ifaces, (void*)iface_entry_destroy); |
2a2d7a4d | 1677 | this->tuns->destroy(this->tuns); |
bdf36dac | 1678 | this->lock->destroy(this->lock); |
3a7f4b5c MW |
1679 | this->mutex->destroy(this->mutex); |
1680 | this->condvar->destroy(this->condvar); | |
1681 | free(this->reply); | |
d24a74c5 TB |
1682 | free(this); |
1683 | } | |
1684 | ||
1685 | /* | |
1686 | * Described in header. | |
1687 | */ | |
1688 | kernel_pfroute_net_t *kernel_pfroute_net_create() | |
1689 | { | |
e131f117 MW |
1690 | private_kernel_pfroute_net_t *this; |
1691 | ||
1692 | INIT(this, | |
1693 | .public = { | |
1694 | .interface = { | |
580b768d | 1695 | .get_features = _get_features, |
e131f117 MW |
1696 | .get_interface = _get_interface_name, |
1697 | .create_address_enumerator = _create_address_enumerator, | |
1698 | .get_source_addr = _get_source_addr, | |
1699 | .get_nexthop = _get_nexthop, | |
1700 | .add_ip = _add_ip, | |
1701 | .del_ip = _del_ip, | |
1702 | .add_route = _add_route, | |
1703 | .del_route = _del_route, | |
1704 | .destroy = _destroy, | |
1705 | }, | |
1706 | }, | |
3a7f4b5c | 1707 | .pid = getpid(), |
e131f117 | 1708 | .ifaces = linked_list_create(), |
1f97e1aa TB |
1709 | .addrs = hashtable_create( |
1710 | (hashtable_hash_t)addr_map_entry_hash, | |
1711 | (hashtable_equals_t)addr_map_entry_equals, 16), | |
0745f846 TB |
1712 | .routes = hashtable_create((hashtable_hash_t)route_entry_hash, |
1713 | (hashtable_equals_t)route_entry_equals, 16), | |
1714 | .net_changes = hashtable_create( | |
1715 | (hashtable_hash_t)net_change_hash, | |
1716 | (hashtable_equals_t)net_change_equals, 16), | |
2a2d7a4d | 1717 | .tuns = linked_list_create(), |
bdf36dac | 1718 | .lock = rwlock_create(RWLOCK_TYPE_DEFAULT), |
3a7f4b5c MW |
1719 | .mutex = mutex_create(MUTEX_TYPE_DEFAULT), |
1720 | .condvar = condvar_create(CONDVAR_TYPE_DEFAULT), | |
0745f846 TB |
1721 | .routes_lock = mutex_create(MUTEX_TYPE_DEFAULT), |
1722 | .net_changes_lock = mutex_create(MUTEX_TYPE_DEFAULT), | |
baa6419e TB |
1723 | .vip_wait = lib->settings->get_int(lib->settings, |
1724 | "%s.plugins.kernel-pfroute.vip_wait", 1000, hydra->daemon), | |
e131f117 | 1725 | ); |
0745f846 TB |
1726 | timerclear(&this->last_route_reinstall); |
1727 | timerclear(&this->last_roam); | |
7daf5226 | 1728 | |
d24a74c5 TB |
1729 | /* create a PF_ROUTE socket to communicate with the kernel */ |
1730 | this->socket = socket(PF_ROUTE, SOCK_RAW, AF_UNSPEC); | |
0e107f03 | 1731 | if (this->socket == -1) |
d24a74c5 | 1732 | { |
d6a27ec6 MW |
1733 | DBG1(DBG_KNL, "unable to create PF_ROUTE socket"); |
1734 | destroy(this); | |
1735 | return NULL; | |
d24a74c5 | 1736 | } |
7daf5226 | 1737 | |
0e107f03 | 1738 | if (streq(hydra->daemon, "starter")) |
d24a74c5 | 1739 | { |
0e107f03 MW |
1740 | /* starter has no threads, so we do not register for kernel events */ |
1741 | if (shutdown(this->socket, SHUT_RD) != 0) | |
05ca5655 | 1742 | { |
0e107f03 MW |
1743 | DBG1(DBG_KNL, "closing read end of PF_ROUTE socket failed: %s", |
1744 | strerror(errno)); | |
05ca5655 | 1745 | } |
0e107f03 MW |
1746 | } |
1747 | else | |
1748 | { | |
26d77eb3 TB |
1749 | lib->processor->queue_job(lib->processor, |
1750 | (job_t*)callback_job_create_with_prio( | |
1751 | (callback_job_cb_t)receive_events, this, NULL, | |
1752 | (callback_job_cancel_t)return_false, JOB_PRIO_CRITICAL)); | |
05ca5655 | 1753 | } |
d24a74c5 TB |
1754 | if (init_address_list(this) != SUCCESS) |
1755 | { | |
d6a27ec6 MW |
1756 | DBG1(DBG_KNL, "unable to get interface list"); |
1757 | destroy(this); | |
1758 | return NULL; | |
d24a74c5 | 1759 | } |
7daf5226 | 1760 | |
d24a74c5 TB |
1761 | return &this->public; |
1762 | } |