]> git.ipfire.org Git - thirdparty/strongswan.git/blob - src/libcharon/kernel/kernel_interface.c
projects / thirdparty / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
kernel-interface: Consider interface ID when allocating reqids
[thirdparty/strongswan.git] / src / libcharon / kernel / kernel_interface.c
1 /*
2 * Copyright (C) 2008-2016 Tobias Brunner
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * Copyright (C) 2010 Martin Willi
6 * Copyright (C) 2010 revosec AG
7 *
8 * This program is free software; you can redistribute it and/or modify it
9 * under the terms of the GNU General Public License as published by the
10 * Free Software Foundation; either version 2 of the License, or (at your
11 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
12 *
13 * This program is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
15 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
16 * for more details.
17 */
18
19 /*
20 * Copyright (c) 2012 Nanoteq Pty Ltd
21 *
22 * Permission is hereby granted, free of charge, to any person obtaining a copy
23 * of this software and associated documentation files (the "Software"), to deal
24 * in the Software without restriction, including without limitation the rights
25 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
26 * copies of the Software, and to permit persons to whom the Software is
27 * furnished to do so, subject to the following conditions:
28 *
29 * The above copyright notice and this permission notice shall be included in
30 * all copies or substantial portions of the Software.
31 *
32 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
33 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
34 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
35 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
36 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
37 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
38 * THE SOFTWARE.
39 */
40
41 #include "kernel_interface.h"
42
43 #include <utils/debug.h>
44 #include <threading/mutex.h>
45 #include <collections/linked_list.h>
46 #include <collections/hashtable.h>
47 #include <collections/array.h>
48
49 typedef struct private_kernel_interface_t private_kernel_interface_t;
50
51 typedef struct kernel_algorithm_t kernel_algorithm_t;
52
53 /**
54 * Mapping of IKE algorithms to kernel-specific algorithm identifiers
55 */
56 struct kernel_algorithm_t {
57
58 /**
59 * Transform type of the algorithm
60 */
61 transform_type_t type;
62
63 /**
64 * Identifier specified in IKE
65 */
66 uint16_t ike;
67
68 /**
69 * Identifier as defined in pfkeyv2.h
70 */
71 uint16_t kernel;
72
73 /**
74 * Name of the algorithm in linux crypto API
75 */
76 char *name;
77 };
78
79 /**
80 * Private data of a kernel_interface_t object.
81 */
82 struct private_kernel_interface_t {
83
84 /**
85 * Public part of kernel_interface_t object.
86 */
87 kernel_interface_t public;
88
89 /**
90 * Registered IPsec constructor
91 */
92 kernel_ipsec_constructor_t ipsec_constructor;
93
94 /**
95 * Registered net constructor
96 */
97 kernel_net_constructor_t net_constructor;
98
99 /**
100 * ipsec interface
101 */
102 kernel_ipsec_t *ipsec;
103
104 /**
105 * network interface
106 */
107 kernel_net_t *net;
108
109 /**
110 * mutex for listeners
111 */
112 mutex_t *mutex;
113
114 /**
115 * list of registered listeners
116 */
117 linked_list_t *listeners;
118
119 /**
120 * Reqid entries indexed by reqids
121 */
122 hashtable_t *reqids;
123
124 /**
125 * Reqid entries indexed by traffic selectors
126 */
127 hashtable_t *reqids_by_ts;
128
129 /**
130 * mutex for algorithm mappings
131 */
132 mutex_t *mutex_algs;
133
134 /**
135 * List of algorithm mappings (kernel_algorithm_t*)
136 */
137 linked_list_t *algorithms;
138
139 /**
140 * List of interface names to include or exclude (char*), NULL if interfaces
141 * are not filtered
142 */
143 linked_list_t *ifaces_filter;
144
145 /**
146 * TRUE to exclude interfaces listed in ifaces_filter, FALSE to consider
147 * only those listed there
148 */
149 bool ifaces_exclude;
150 };
151
152 METHOD(kernel_interface_t, get_features, kernel_feature_t,
153 private_kernel_interface_t *this)
154 {
155 kernel_feature_t features = 0;
156
157 if (this->ipsec && this->ipsec->get_features)
158 {
159 features |= this->ipsec->get_features(this->ipsec);
160 }
161 if (this->net && this->net->get_features)
162 {
163 features |= this->net->get_features(this->net);
164 }
165 return features;
166 }
167
168 METHOD(kernel_interface_t, get_spi, status_t,
169 private_kernel_interface_t *this, host_t *src, host_t *dst,
170 uint8_t protocol, uint32_t *spi)
171 {
172 if (!this->ipsec)
173 {
174 return NOT_SUPPORTED;
175 }
176 return this->ipsec->get_spi(this->ipsec, src, dst, protocol, spi);
177 }
178
179 METHOD(kernel_interface_t, get_cpi, status_t,
180 private_kernel_interface_t *this, host_t *src, host_t *dst,
181 uint16_t *cpi)
182 {
183 if (!this->ipsec)
184 {
185 return NOT_SUPPORTED;
186 }
187 return this->ipsec->get_cpi(this->ipsec, src, dst, cpi);
188 }
189
190 /**
191 * Reqid mapping entry
192 */
193 typedef struct {
194 /** allocated reqid */
195 uint32_t reqid;
196 /** references to this entry */
197 u_int refs;
198 /** inbound mark used for SA */
199 mark_t mark_in;
200 /** outbound mark used for SA */
201 mark_t mark_out;
202 /** inbound interface ID used for SA */
203 uint32_t if_id_in;
204 /** outbound interface ID used for SA */
205 uint32_t if_id_out;
206 /** local traffic selectors */
207 array_t *local;
208 /** remote traffic selectors */
209 array_t *remote;
210 } reqid_entry_t;
211
212 /**
213 * Destroy a reqid mapping entry
214 */
215 static void reqid_entry_destroy(reqid_entry_t *entry)
216 {
217 array_destroy_offset(entry->local, offsetof(traffic_selector_t, destroy));
218 array_destroy_offset(entry->remote, offsetof(traffic_selector_t, destroy));
219 free(entry);
220 }
221
222 /**
223 * Hashtable hash function for reqid entries using reqid as key
224 */
225 static u_int hash_reqid(reqid_entry_t *entry)
226 {
227 return chunk_hash_inc(chunk_from_thing(entry->reqid),
228 chunk_hash_inc(chunk_from_thing(entry->mark_in),
229 chunk_hash_inc(chunk_from_thing(entry->mark_out),
230 chunk_hash_inc(chunk_from_thing(entry->if_id_in),
231 chunk_hash(chunk_from_thing(entry->if_id_out))))));
232 }
233
234 /**
235 * Hashtable equals function for reqid entries using reqid as key
236 */
237 static bool equals_reqid(reqid_entry_t *a, reqid_entry_t *b)
238 {
239 return a->reqid == b->reqid &&
240 a->mark_in.value == b->mark_in.value &&
241 a->mark_in.mask == b->mark_in.mask &&
242 a->mark_out.value == b->mark_out.value &&
243 a->mark_out.mask == b->mark_out.mask &&
244 a->if_id_in == b->if_id_in &&
245 a->if_id_out == b->if_id_out;
246 }
247
248 /**
249 * Hash an array of traffic selectors
250 */
251 static u_int hash_ts_array(array_t *array, u_int hash)
252 {
253 enumerator_t *enumerator;
254 traffic_selector_t *ts;
255
256 enumerator = array_create_enumerator(array);
257 while (enumerator->enumerate(enumerator, &ts))
258 {
259 hash = ts->hash(ts, hash);
260 }
261 enumerator->destroy(enumerator);
262
263 return hash;
264 }
265
266 /**
267 * Hashtable hash function for reqid entries using traffic selectors as key
268 */
269 static u_int hash_reqid_by_ts(reqid_entry_t *entry)
270 {
271 return hash_ts_array(entry->local, hash_ts_array(entry->remote,
272 chunk_hash_inc(chunk_from_thing(entry->mark_in),
273 chunk_hash_inc(chunk_from_thing(entry->mark_out),
274 chunk_hash_inc(chunk_from_thing(entry->if_id_in),
275 chunk_hash(chunk_from_thing(entry->if_id_out)))))));
276 }
277
278 /**
279 * Compare two array with traffic selectors for equality
280 */
281 static bool ts_array_equals(array_t *a, array_t *b)
282 {
283 traffic_selector_t *tsa, *tsb;
284 enumerator_t *ae, *be;
285 bool equal = TRUE;
286
287 if (array_count(a) != array_count(b))
288 {
289 return FALSE;
290 }
291
292 ae = array_create_enumerator(a);
293 be = array_create_enumerator(b);
294 while (equal && ae->enumerate(ae, &tsa) && be->enumerate(be, &tsb))
295 {
296 equal = tsa->equals(tsa, tsb);
297 }
298 ae->destroy(ae);
299 be->destroy(be);
300
301 return equal;
302 }
303
304 /**
305 * Hashtable equals function for reqid entries using traffic selectors as key
306 */
307 static bool equals_reqid_by_ts(reqid_entry_t *a, reqid_entry_t *b)
308 {
309 return ts_array_equals(a->local, b->local) &&
310 ts_array_equals(a->remote, b->remote) &&
311 a->mark_in.value == b->mark_in.value &&
312 a->mark_in.mask == b->mark_in.mask &&
313 a->mark_out.value == b->mark_out.value &&
314 a->mark_out.mask == b->mark_out.mask &&
315 a->if_id_in == b->if_id_in &&
316 a->if_id_out == b->if_id_out;
317 }
318
319 /**
320 * Create an array from copied traffic selector list items
321 */
322 static array_t *array_from_ts_list(linked_list_t *list)
323 {
324 enumerator_t *enumerator;
325 traffic_selector_t *ts;
326 array_t *array;
327
328 array = array_create(0, 0);
329
330 enumerator = list->create_enumerator(list);
331 while (enumerator->enumerate(enumerator, &ts))
332 {
333 array_insert(array, ARRAY_TAIL, ts->clone(ts));
334 }
335 enumerator->destroy(enumerator);
336
337 return array;
338 }
339
340 METHOD(kernel_interface_t, alloc_reqid, status_t,
341 private_kernel_interface_t *this,
342 linked_list_t *local_ts, linked_list_t *remote_ts,
343 mark_t mark_in, mark_t mark_out, uint32_t if_id_in, uint32_t if_id_out,
344 uint32_t *reqid)
345 {
346 static uint32_t counter = 0;
347 reqid_entry_t *entry = NULL, *tmpl;
348 status_t status = SUCCESS;
349
350 INIT(tmpl,
351 .local = array_from_ts_list(local_ts),
352 .remote = array_from_ts_list(remote_ts),
353 .mark_in = mark_in,
354 .mark_out = mark_out,
355 .if_id_in = if_id_in,
356 .if_id_out = if_id_out,
357 .reqid = *reqid,
358 );
359
360 this->mutex->lock(this->mutex);
361 if (tmpl->reqid)
362 {
363 /* search by reqid if given */
364 entry = this->reqids->get(this->reqids, tmpl);
365 }
366 if (entry)
367 {
368 /* we don't require a traffic selector match for explicit reqids,
369 * as we want to reuse a reqid for trap-triggered policies that
370 * got narrowed during negotiation. */
371 reqid_entry_destroy(tmpl);
372 }
373 else
374 {
375 /* search by traffic selectors */
376 entry = this->reqids_by_ts->get(this->reqids_by_ts, tmpl);
377 if (entry)
378 {
379 reqid_entry_destroy(tmpl);
380 }
381 else
382 {
383 /* none found, create a new entry, allocating a reqid */
384 entry = tmpl;
385 entry->reqid = ++counter;
386 this->reqids_by_ts->put(this->reqids_by_ts, entry, entry);
387 this->reqids->put(this->reqids, entry, entry);
388 }
389 *reqid = entry->reqid;
390 }
391 entry->refs++;
392 this->mutex->unlock(this->mutex);
393
394 return status;
395 }
396
397 METHOD(kernel_interface_t, release_reqid, status_t,
398 private_kernel_interface_t *this, uint32_t reqid,
399 mark_t mark_in, mark_t mark_out, uint32_t if_id_in, uint32_t if_id_out)
400 {
401 reqid_entry_t *entry, tmpl = {
402 .reqid = reqid,
403 .mark_in = mark_in,
404 .mark_out = mark_out,
405 .if_id_in = if_id_in,
406 .if_id_out = if_id_out,
407 };
408
409 this->mutex->lock(this->mutex);
410 entry = this->reqids->remove(this->reqids, &tmpl);
411 if (entry)
412 {
413 if (--entry->refs == 0)
414 {
415 entry = this->reqids_by_ts->remove(this->reqids_by_ts, entry);
416 if (entry)
417 {
418 reqid_entry_destroy(entry);
419 }
420 }
421 else
422 {
423 this->reqids->put(this->reqids, entry, entry);
424 }
425 }
426 this->mutex->unlock(this->mutex);
427
428 if (entry)
429 {
430 return SUCCESS;
431 }
432 return NOT_FOUND;
433 }
434
435 METHOD(kernel_interface_t, add_sa, status_t,
436 private_kernel_interface_t *this, kernel_ipsec_sa_id_t *id,
437 kernel_ipsec_add_sa_t *data)
438 {
439 if (!this->ipsec)
440 {
441 return NOT_SUPPORTED;
442 }
443 return this->ipsec->add_sa(this->ipsec, id, data);
444 }
445
446 METHOD(kernel_interface_t, update_sa, status_t,
447 private_kernel_interface_t *this, kernel_ipsec_sa_id_t *id,
448 kernel_ipsec_update_sa_t *data)
449 {
450 if (!this->ipsec)
451 {
452 return NOT_SUPPORTED;
453 }
454 return this->ipsec->update_sa(this->ipsec, id, data);
455 }
456
457 METHOD(kernel_interface_t, query_sa, status_t,
458 private_kernel_interface_t *this, kernel_ipsec_sa_id_t *id,
459 kernel_ipsec_query_sa_t *data, uint64_t *bytes, uint64_t *packets,
460 time_t *time)
461 {
462 if (!this->ipsec)
463 {
464 return NOT_SUPPORTED;
465 }
466 return this->ipsec->query_sa(this->ipsec, id, data, bytes, packets, time);
467 }
468
469 METHOD(kernel_interface_t, del_sa, status_t,
470 private_kernel_interface_t *this, kernel_ipsec_sa_id_t *id,
471 kernel_ipsec_del_sa_t *data)
472 {
473 if (!this->ipsec)
474 {
475 return NOT_SUPPORTED;
476 }
477 return this->ipsec->del_sa(this->ipsec, id, data);
478 }
479
480 METHOD(kernel_interface_t, flush_sas, status_t,
481 private_kernel_interface_t *this)
482 {
483 if (!this->ipsec)
484 {
485 return NOT_SUPPORTED;
486 }
487 return this->ipsec->flush_sas(this->ipsec);
488 }
489
490 METHOD(kernel_interface_t, add_policy, status_t,
491 private_kernel_interface_t *this, kernel_ipsec_policy_id_t *id,
492 kernel_ipsec_manage_policy_t *data)
493 {
494 if (!this->ipsec)
495 {
496 return NOT_SUPPORTED;
497 }
498 return this->ipsec->add_policy(this->ipsec, id, data);
499 }
500
501 METHOD(kernel_interface_t, query_policy, status_t,
502 private_kernel_interface_t *this, kernel_ipsec_policy_id_t *id,
503 kernel_ipsec_query_policy_t *data, time_t *use_time)
504 {
505 if (!this->ipsec)
506 {
507 return NOT_SUPPORTED;
508 }
509 return this->ipsec->query_policy(this->ipsec, id, data, use_time);
510 }
511
512 METHOD(kernel_interface_t, del_policy, status_t,
513 private_kernel_interface_t *this, kernel_ipsec_policy_id_t *id,
514 kernel_ipsec_manage_policy_t *data)
515 {
516 if (!this->ipsec)
517 {
518 return NOT_SUPPORTED;
519 }
520 return this->ipsec->del_policy(this->ipsec, id, data);
521 }
522
523 METHOD(kernel_interface_t, flush_policies, status_t,
524 private_kernel_interface_t *this)
525 {
526 if (!this->ipsec)
527 {
528 return NOT_SUPPORTED;
529 }
530 return this->ipsec->flush_policies(this->ipsec);
531 }
532
533 METHOD(kernel_interface_t, get_source_addr, host_t*,
534 private_kernel_interface_t *this, host_t *dest, host_t *src)
535 {
536 if (!this->net)
537 {
538 return NULL;
539 }
540 return this->net->get_source_addr(this->net, dest, src);
541 }
542
543 METHOD(kernel_interface_t, get_nexthop, host_t*,
544 private_kernel_interface_t *this, host_t *dest, int prefix, host_t *src,
545 char **iface)
546 {
547 if (!this->net)
548 {
549 return NULL;
550 }
551 return this->net->get_nexthop(this->net, dest, prefix, src, iface);
552 }
553
554 METHOD(kernel_interface_t, get_interface, bool,
555 private_kernel_interface_t *this, host_t *host, char **name)
556 {
557 if (!this->net)
558 {
559 return NULL;
560 }
561 return this->net->get_interface(this->net, host, name);
562 }
563
564 METHOD(kernel_interface_t, create_address_enumerator, enumerator_t*,
565 private_kernel_interface_t *this, kernel_address_type_t which)
566 {
567 if (!this->net)
568 {
569 return enumerator_create_empty();
570 }
571 return this->net->create_address_enumerator(this->net, which);
572 }
573
574 METHOD(kernel_interface_t, create_local_subnet_enumerator, enumerator_t*,
575 private_kernel_interface_t *this)
576 {
577 if (!this->net || !this->net->create_local_subnet_enumerator)
578 {
579 return enumerator_create_empty();
580 }
581 return this->net->create_local_subnet_enumerator(this->net);
582 }
583
584 METHOD(kernel_interface_t, add_ip, status_t,
585 private_kernel_interface_t *this, host_t *virtual_ip, int prefix,
586 char *iface)
587 {
588 if (!this->net)
589 {
590 return NOT_SUPPORTED;
591 }
592 return this->net->add_ip(this->net, virtual_ip, prefix, iface);
593 }
594
595 METHOD(kernel_interface_t, del_ip, status_t,
596 private_kernel_interface_t *this, host_t *virtual_ip, int prefix, bool wait)
597 {
598 if (!this->net)
599 {
600 return NOT_SUPPORTED;
601 }
602 return this->net->del_ip(this->net, virtual_ip, prefix, wait);
603 }
604
605 METHOD(kernel_interface_t, add_route, status_t,
606 private_kernel_interface_t *this, chunk_t dst_net,
607 uint8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name)
608 {
609 if (!this->net)
610 {
611 return NOT_SUPPORTED;
612 }
613 return this->net->add_route(this->net, dst_net, prefixlen, gateway,
614 src_ip, if_name);
615 }
616
617 METHOD(kernel_interface_t, del_route, status_t,
618 private_kernel_interface_t *this, chunk_t dst_net,
619 uint8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name)
620 {
621 if (!this->net)
622 {
623 return NOT_SUPPORTED;
624 }
625 return this->net->del_route(this->net, dst_net, prefixlen, gateway,
626 src_ip, if_name);
627 }
628
629 METHOD(kernel_interface_t, bypass_socket, bool,
630 private_kernel_interface_t *this, int fd, int family)
631 {
632 if (!this->ipsec)
633 {
634 return FALSE;
635 }
636 return this->ipsec->bypass_socket(this->ipsec, fd, family);
637 }
638
639 METHOD(kernel_interface_t, enable_udp_decap, bool,
640 private_kernel_interface_t *this, int fd, int family, uint16_t port)
641 {
642 if (!this->ipsec)
643 {
644 return FALSE;
645 }
646 return this->ipsec->enable_udp_decap(this->ipsec, fd, family, port);
647 }
648
649 METHOD(kernel_interface_t, is_interface_usable, bool,
650 private_kernel_interface_t *this, const char *iface)
651 {
652 if (!this->ifaces_filter)
653 {
654 return TRUE;
655 }
656 return this->ifaces_filter->find_first(this->ifaces_filter,
657 linked_list_match_str, NULL, iface) != this->ifaces_exclude;
658 }
659
660 METHOD(kernel_interface_t, all_interfaces_usable, bool,
661 private_kernel_interface_t *this)
662 {
663 return !this->ifaces_filter;
664 }
665
666 METHOD(kernel_interface_t, get_address_by_ts, status_t,
667 private_kernel_interface_t *this, traffic_selector_t *ts,
668 host_t **ip, bool *vip)
669 {
670 enumerator_t *addrs;
671 host_t *host;
672 int family;
673 bool found = FALSE;
674
675 DBG2(DBG_KNL, "getting a local address in traffic selector %R", ts);
676
677 /* if we have a family which includes localhost, we do not
678 * search for an IP, we use the default */
679 family = ts->get_type(ts) == TS_IPV4_ADDR_RANGE ? AF_INET : AF_INET6;
680
681 if (family == AF_INET)
682 {
683 host = host_create_from_string("127.0.0.1", 0);
684 }
685 else
686 {
687 host = host_create_from_string("::1", 0);
688 }
689
690 if (ts->includes(ts, host))
691 {
692 *ip = host_create_any(family);
693 if (vip)
694 {
695 *vip = FALSE;
696 }
697 host->destroy(host);
698 DBG2(DBG_KNL, "using host %H", *ip);
699 return SUCCESS;
700 }
701 host->destroy(host);
702
703 /* try virtual IPs only first (on all interfaces) */
704 addrs = create_address_enumerator(this,
705 ADDR_TYPE_ALL ^ ADDR_TYPE_REGULAR);
706 while (addrs->enumerate(addrs, (void**)&host))
707 {
708 if (ts->includes(ts, host))
709 {
710 found = TRUE;
711 *ip = host->clone(host);
712 if (vip)
713 {
714 *vip = TRUE;
715 }
716 break;
717 }
718 }
719 addrs->destroy(addrs);
720
721 if (!found)
722 { /* then try the regular addresses (on all interfaces) */
723 addrs = create_address_enumerator(this,
724 ADDR_TYPE_ALL ^ ADDR_TYPE_VIRTUAL);
725 while (addrs->enumerate(addrs, (void**)&host))
726 {
727 if (ts->includes(ts, host))
728 {
729 found = TRUE;
730 *ip = host->clone(host);
731 if (vip)
732 {
733 *vip = FALSE;
734 }
735 break;
736 }
737 }
738 addrs->destroy(addrs);
739 }
740
741 if (!found)
742 {
743 DBG2(DBG_KNL, "no local address found in traffic selector %R", ts);
744 return FAILED;
745 }
746
747 DBG2(DBG_KNL, "using host %H", *ip);
748 return SUCCESS;
749 }
750
751
752 METHOD(kernel_interface_t, add_ipsec_interface, bool,
753 private_kernel_interface_t *this, kernel_ipsec_constructor_t constructor)
754 {
755 if (!this->ipsec)
756 {
757 this->ipsec_constructor = constructor;
758 this->ipsec = constructor();
759 return this->ipsec != NULL;
760 }
761 return FALSE;
762 }
763
764 METHOD(kernel_interface_t, remove_ipsec_interface, bool,
765 private_kernel_interface_t *this, kernel_ipsec_constructor_t constructor)
766 {
767 if (constructor == this->ipsec_constructor && this->ipsec)
768 {
769 this->ipsec->destroy(this->ipsec);
770 this->ipsec = NULL;
771 return TRUE;
772 }
773 return FALSE;
774 }
775
776 METHOD(kernel_interface_t, add_net_interface, bool,
777 private_kernel_interface_t *this, kernel_net_constructor_t constructor)
778 {
779 if (!this->net)
780 {
781 this->net_constructor = constructor;
782 this->net = constructor();
783 return this->net != NULL;
784 }
785 return FALSE;
786 }
787
788 METHOD(kernel_interface_t, remove_net_interface, bool,
789 private_kernel_interface_t *this, kernel_net_constructor_t constructor)
790 {
791 if (constructor == this->net_constructor && this->net)
792 {
793 this->net->destroy(this->net);
794 this->net = NULL;
795 return TRUE;
796 }
797 return FALSE;
798 }
799
800 METHOD(kernel_interface_t, add_listener, void,
801 private_kernel_interface_t *this, kernel_listener_t *listener)
802 {
803 this->mutex->lock(this->mutex);
804 this->listeners->insert_last(this->listeners, listener);
805 this->mutex->unlock(this->mutex);
806 }
807
808 METHOD(kernel_interface_t, remove_listener, void,
809 private_kernel_interface_t *this, kernel_listener_t *listener)
810 {
811 this->mutex->lock(this->mutex);
812 this->listeners->remove(this->listeners, listener, NULL);
813 this->mutex->unlock(this->mutex);
814 }
815
816 METHOD(kernel_interface_t, acquire, void,
817 private_kernel_interface_t *this, uint32_t reqid,
818 traffic_selector_t *src_ts, traffic_selector_t *dst_ts)
819 {
820 kernel_listener_t *listener;
821 enumerator_t *enumerator;
822 this->mutex->lock(this->mutex);
823 enumerator = this->listeners->create_enumerator(this->listeners);
824 while (enumerator->enumerate(enumerator, &listener))
825 {
826 if (listener->acquire &&
827 !listener->acquire(listener, reqid, src_ts, dst_ts))
828 {
829 this->listeners->remove_at(this->listeners, enumerator);
830 }
831 }
832 enumerator->destroy(enumerator);
833 this->mutex->unlock(this->mutex);
834 }
835
836 METHOD(kernel_interface_t, expire, void,
837 private_kernel_interface_t *this, uint8_t protocol, uint32_t spi,
838 host_t *dst, bool hard)
839 {
840 kernel_listener_t *listener;
841 enumerator_t *enumerator;
842
843 this->mutex->lock(this->mutex);
844 enumerator = this->listeners->create_enumerator(this->listeners);
845 while (enumerator->enumerate(enumerator, &listener))
846 {
847 if (listener->expire &&
848 !listener->expire(listener, protocol, spi, dst, hard))
849 {
850 this->listeners->remove_at(this->listeners, enumerator);
851 }
852 }
853 enumerator->destroy(enumerator);
854 this->mutex->unlock(this->mutex);
855 }
856
857 METHOD(kernel_interface_t, mapping, void,
858 private_kernel_interface_t *this, uint8_t protocol, uint32_t spi,
859 host_t *dst, host_t *remote)
860 {
861 kernel_listener_t *listener;
862 enumerator_t *enumerator;
863
864 this->mutex->lock(this->mutex);
865 enumerator = this->listeners->create_enumerator(this->listeners);
866 while (enumerator->enumerate(enumerator, &listener))
867 {
868 if (listener->mapping &&
869 !listener->mapping(listener, protocol, spi, dst, remote))
870 {
871 this->listeners->remove_at(this->listeners, enumerator);
872 }
873 }
874 enumerator->destroy(enumerator);
875 this->mutex->unlock(this->mutex);
876 }
877
878 METHOD(kernel_interface_t, migrate, void,
879 private_kernel_interface_t *this, uint32_t reqid,
880 traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
881 policy_dir_t direction, host_t *local, host_t *remote)
882 {
883 kernel_listener_t *listener;
884 enumerator_t *enumerator;
885 this->mutex->lock(this->mutex);
886 enumerator = this->listeners->create_enumerator(this->listeners);
887 while (enumerator->enumerate(enumerator, &listener))
888 {
889 if (listener->migrate &&
890 !listener->migrate(listener, reqid, src_ts, dst_ts, direction,
891 local, remote))
892 {
893 this->listeners->remove_at(this->listeners, enumerator);
894 }
895 }
896 enumerator->destroy(enumerator);
897 this->mutex->unlock(this->mutex);
898 }
899
900 static bool call_roam(kernel_listener_t *listener, bool *roam)
901 {
902 return listener->roam && !listener->roam(listener, *roam);
903 }
904
905 METHOD(kernel_interface_t, roam, void,
906 private_kernel_interface_t *this, bool address)
907 {
908 this->mutex->lock(this->mutex);
909 this->listeners->remove(this->listeners, &address, (void*)call_roam);
910 this->mutex->unlock(this->mutex);
911 }
912
913 METHOD(kernel_interface_t, tun, void,
914 private_kernel_interface_t *this, tun_device_t *tun, bool created)
915 {
916 kernel_listener_t *listener;
917 enumerator_t *enumerator;
918 this->mutex->lock(this->mutex);
919 enumerator = this->listeners->create_enumerator(this->listeners);
920 while (enumerator->enumerate(enumerator, &listener))
921 {
922 if (listener->tun &&
923 !listener->tun(listener, tun, created))
924 {
925 this->listeners->remove_at(this->listeners, enumerator);
926 }
927 }
928 enumerator->destroy(enumerator);
929 this->mutex->unlock(this->mutex);
930 }
931
932 METHOD(kernel_interface_t, register_algorithm, void,
933 private_kernel_interface_t *this, uint16_t alg_id, transform_type_t type,
934 uint16_t kernel_id, char *kernel_name)
935 {
936 kernel_algorithm_t *algorithm;
937
938 INIT(algorithm,
939 .type = type,
940 .ike = alg_id,
941 .kernel = kernel_id,
942 .name = strdup(kernel_name),
943 );
944
945 this->mutex_algs->lock(this->mutex_algs);
946 this->algorithms->insert_first(this->algorithms, algorithm);
947 this->mutex_algs->unlock(this->mutex_algs);
948 }
949
950 METHOD(kernel_interface_t, lookup_algorithm, bool,
951 private_kernel_interface_t *this, uint16_t alg_id, transform_type_t type,
952 uint16_t *kernel_id, char **kernel_name)
953 {
954 kernel_algorithm_t *algorithm;
955 enumerator_t *enumerator;
956 bool found = FALSE;
957
958 this->mutex_algs->lock(this->mutex_algs);
959 enumerator = this->algorithms->create_enumerator(this->algorithms);
960 while (enumerator->enumerate(enumerator, &algorithm))
961 {
962 if (algorithm->type == type && algorithm->ike == alg_id)
963 {
964 if (kernel_id)
965 {
966 *kernel_id = algorithm->kernel;
967 }
968 if (kernel_name)
969 {
970 *kernel_name = algorithm->name;
971 }
972 found = TRUE;
973 break;
974 }
975 }
976 enumerator->destroy(enumerator);
977 this->mutex_algs->unlock(this->mutex_algs);
978 return found;
979 }
980
981 METHOD(kernel_interface_t, destroy, void,
982 private_kernel_interface_t *this)
983 {
984 kernel_algorithm_t *algorithm;
985
986 while (this->algorithms->remove_first(this->algorithms,
987 (void**)&algorithm) == SUCCESS)
988 {
989 free(algorithm->name);
990 free(algorithm);
991 }
992 this->algorithms->destroy(this->algorithms);
993 this->mutex_algs->destroy(this->mutex_algs);
994 DESTROY_IF(this->ipsec);
995 DESTROY_IF(this->net);
996 DESTROY_FUNCTION_IF(this->ifaces_filter, (void*)free);
997 this->reqids->destroy(this->reqids);
998 this->reqids_by_ts->destroy(this->reqids_by_ts);
999 this->listeners->destroy(this->listeners);
1000 this->mutex->destroy(this->mutex);
1001 free(this);
1002 }
1003
1004 /*
1005 * Described in header-file
1006 */
1007 kernel_interface_t *kernel_interface_create()
1008 {
1009 private_kernel_interface_t *this;
1010 char *ifaces;
1011
1012 INIT(this,
1013 .public = {
1014 .get_features = _get_features,
1015 .get_spi = _get_spi,
1016 .get_cpi = _get_cpi,
1017 .alloc_reqid = _alloc_reqid,
1018 .release_reqid = _release_reqid,
1019 .add_sa = _add_sa,
1020 .update_sa = _update_sa,
1021 .query_sa = _query_sa,
1022 .del_sa = _del_sa,
1023 .flush_sas = _flush_sas,
1024 .add_policy = _add_policy,
1025 .query_policy = _query_policy,
1026 .del_policy = _del_policy,
1027 .flush_policies = _flush_policies,
1028 .get_source_addr = _get_source_addr,
1029 .get_nexthop = _get_nexthop,
1030 .get_interface = _get_interface,
1031 .create_address_enumerator = _create_address_enumerator,
1032 .create_local_subnet_enumerator = _create_local_subnet_enumerator,
1033 .add_ip = _add_ip,
1034 .del_ip = _del_ip,
1035 .add_route = _add_route,
1036 .del_route = _del_route,
1037 .bypass_socket = _bypass_socket,
1038 .enable_udp_decap = _enable_udp_decap,
1039
1040 .is_interface_usable = _is_interface_usable,
1041 .all_interfaces_usable = _all_interfaces_usable,
1042 .get_address_by_ts = _get_address_by_ts,
1043 .add_ipsec_interface = _add_ipsec_interface,
1044 .remove_ipsec_interface = _remove_ipsec_interface,
1045 .add_net_interface = _add_net_interface,
1046 .remove_net_interface = _remove_net_interface,
1047
1048 .add_listener = _add_listener,
1049 .remove_listener = _remove_listener,
1050 .register_algorithm = _register_algorithm,
1051 .lookup_algorithm = _lookup_algorithm,
1052 .acquire = _acquire,
1053 .expire = _expire,
1054 .mapping = _mapping,
1055 .migrate = _migrate,
1056 .roam = _roam,
1057 .tun = _tun,
1058 .destroy = _destroy,
1059 },
1060 .mutex = mutex_create(MUTEX_TYPE_DEFAULT),
1061 .listeners = linked_list_create(),
1062 .mutex_algs = mutex_create(MUTEX_TYPE_DEFAULT),
1063 .algorithms = linked_list_create(),
1064 .reqids = hashtable_create((hashtable_hash_t)hash_reqid,
1065 (hashtable_equals_t)equals_reqid, 8),
1066 .reqids_by_ts = hashtable_create((hashtable_hash_t)hash_reqid_by_ts,
1067 (hashtable_equals_t)equals_reqid_by_ts, 8),
1068 );
1069
1070 ifaces = lib->settings->get_str(lib->settings,
1071 "%s.interfaces_use", NULL, lib->ns);
1072 if (!ifaces)
1073 {
1074 this->ifaces_exclude = TRUE;
1075 ifaces = lib->settings->get_str(lib->settings,
1076 "%s.interfaces_ignore", NULL, lib->ns);
1077 }
1078 if (ifaces)
1079 {
1080 enumerator_t *enumerator;
1081 char *iface;
1082
1083 enumerator = enumerator_create_token(ifaces, ",", " ");
1084 while (enumerator->enumerate(enumerator, &iface))
1085 {
1086 if (!this->ifaces_filter)
1087 {
1088 this->ifaces_filter = linked_list_create();
1089 }
1090 this->ifaces_filter->insert_last(this->ifaces_filter,
1091 strdup(iface));
1092 }
1093 enumerator->destroy(enumerator);
1094 }
1095
1096 return &this->public;
1097 }
Unnamed repository; edit this file 'description' to name the repository.