src/libcharon/plugins/lookip/lookip_listener.c

   1 /*
   2  * Copyright (C) 2012 Martin Willi
   3  *
   4  * Copyright (C) secunet Security Networks AG
   5  *
   6  * This program is free software; you can redistribute it and/or modify it
   7  * under the terms of the GNU General Public License as published by the
   8  * Free Software Foundation; either version 2 of the License, or (at your
   9  * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
  10  *
  11  * This program is distributed in the hope that it will be useful, but
  12  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  13  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * for more details.
  15  */
  16
  17 #include "lookip_listener.h"
  18
  19 #include <daemon.h>
  20 #include <collections/hashtable.h>
  21 #include <collections/linked_list.h>
  22 #include <threading/rwlock.h>
  23
  24 typedef struct private_lookip_listener_t private_lookip_listener_t;
  25
  26 /**
  27  * Private data of an lookip_listener_t object.
  28  */
  29 struct private_lookip_listener_t {
  30
  31         /**
  32          * Public lookip_listener_t interface.
  33          */
  34         lookip_listener_t public;
  35
  36         /**
  37          * Lock for hashtable
  38          */
  39         rwlock_t *lock;
  40
  41         /**
  42          * Hashtable with entries: host_t => entry_t
  43          */
  44         hashtable_t *entries;
  45
  46         /**
  47          * List of registered listeners
  48          */
  49         linked_list_t *listeners;
  50 };
  51
  52 /**
  53  * Listener entry
  54  */
  55 typedef struct {
  56         /** callback function */
  57         lookip_callback_t cb;
  58         /** user data for callback */
  59         void *user;
  60 } listener_entry_t;
  61
  62 /**
  63  * Hashtable entry
  64  */
  65 typedef struct {
  66         /** virtual IP, serves as lookup key */
  67         host_t *vip;
  68         /** peers external address */
  69         host_t *other;
  70         /** peer (EAP-)Identity */
  71         identification_t *id;
  72         /** associated connection name */
  73         char *name;
  74         /** IKE_SA unique identifier */
  75         u_int unique_id;
  76 } entry_t;
  77
  78 /**
  79  * Destroy a hashtable entry
  80  */
  81 static void entry_destroy(entry_t *entry)
  82 {
  83         entry->vip->destroy(entry->vip);
  84         entry->other->destroy(entry->other);
  85         entry->id->destroy(entry->id);
  86         free(entry->name);
  87         free(entry);
  88 }
  89
  90 /**
  91  * Hashtable hash function
  92  */
  93 static u_int hash(host_t *key)
  94 {
  95         return chunk_hash(key->get_address(key));
  96 }
  97
  98 /**
  99  * Hashtable equals function
 100  */
 101 static bool equals(host_t *a, host_t *b)
 102 {
 103         return a->ip_equals(a, b);
 104 }
 105
 106 /**
 107  * Compare callback that invokes up callback of all registered listeners
 108  */
 109 static bool notify_up(listener_entry_t *listener, entry_t *entry)
 110 {
 111         if (!listener->cb(listener->user, TRUE, entry->vip, entry->other,
 112                                           entry->id, entry->name, entry->unique_id))
 113         {
 114                 free(listener);
 115                 return TRUE;
 116         }
 117         return FALSE;
 118 }
 119
 120 /**
 121  * Compare callback that invokes down callback of all registered listeners
 122  */
 123 static bool notify_down(listener_entry_t *listener, entry_t *entry)
 124 {
 125         if (!listener->cb(listener->user, FALSE, entry->vip, entry->other,
 126                                           entry->id, entry->name, entry->unique_id))
 127         {
 128                 free(listener);
 129                 return TRUE;
 130         }
 131         return FALSE;
 132 }
 133
 134 /**
 135  * Add a new entry to the hashtable
 136  */
 137 static void add_entry(private_lookip_listener_t *this, ike_sa_t *ike_sa)
 138 {
 139         enumerator_t *enumerator;
 140         host_t *vip, *other;
 141         identification_t *id;
 142         entry_t *entry;
 143
 144         enumerator = ike_sa->create_virtual_ip_enumerator(ike_sa, FALSE);
 145         while (enumerator->enumerate(enumerator, &vip))
 146         {
 147                 other = ike_sa->get_other_host(ike_sa);
 148                 id = ike_sa->get_other_eap_id(ike_sa);
 149
 150                 INIT(entry,
 151                         .vip = vip->clone(vip),
 152                         .other = other->clone(other),
 153                         .id = id->clone(id),
 154                         .name = strdup(ike_sa->get_name(ike_sa)),
 155                         .unique_id = ike_sa->get_unique_id(ike_sa),
 156                 );
 157
 158                 this->lock->read_lock(this->lock);
 159                 this->listeners->remove(this->listeners, entry, (void*)notify_up);
 160                 this->lock->unlock(this->lock);
 161
 162                 this->lock->write_lock(this->lock);
 163                 entry = this->entries->put(this->entries, entry->vip, entry);
 164                 this->lock->unlock(this->lock);
 165                 if (entry)
 166                 {
 167                         entry_destroy(entry);
 168                 }
 169         }
 170         enumerator->destroy(enumerator);
 171 }
 172
 173 /**
 174  * Remove an entry from the hashtable
 175  */
 176 static void remove_entry(private_lookip_listener_t *this, ike_sa_t *ike_sa)
 177 {
 178         enumerator_t *enumerator;
 179         host_t *vip;
 180         entry_t *entry;
 181
 182         enumerator = ike_sa->create_virtual_ip_enumerator(ike_sa, FALSE);
 183         while (enumerator->enumerate(enumerator, &vip))
 184         {
 185                 this->lock->write_lock(this->lock);
 186                 entry = this->entries->remove(this->entries, vip);
 187                 this->lock->unlock(this->lock);
 188                 if (entry)
 189                 {
 190                         this->lock->read_lock(this->lock);
 191                         this->listeners->remove(this->listeners, entry, (void*)notify_down);
 192                         this->lock->unlock(this->lock);
 193
 194                         entry_destroy(entry);
 195                 }
 196         }
 197         enumerator->destroy(enumerator);
 198 }
 199
 200 METHOD(listener_t, message_hook, bool,
 201         private_lookip_listener_t *this, ike_sa_t *ike_sa,
 202         message_t *message, bool incoming, bool plain)
 203 {
 204         if (plain && ike_sa->get_state(ike_sa) == IKE_ESTABLISHED &&
 205                 !incoming && !message->get_request(message))
 206         {
 207                 if (ike_sa->get_version(ike_sa) == IKEV1 &&
 208                         message->get_exchange_type(message) == TRANSACTION)
 209                 {
 210                         add_entry(this, ike_sa);
 211                 }
 212                 if (ike_sa->get_version(ike_sa) == IKEV2 &&
 213                         message->get_exchange_type(message) == IKE_AUTH)
 214                 {
 215                         add_entry(this, ike_sa);
 216                 }
 217         }
 218         return TRUE;
 219 }
 220
 221 METHOD(listener_t, ike_updown, bool,
 222         private_lookip_listener_t *this, ike_sa_t *ike_sa, bool up)
 223 {
 224         if (!up)
 225         {
 226                 remove_entry(this, ike_sa);
 227         }
 228         return TRUE;
 229 }
 230
 231 METHOD(listener_t, ike_rekey, bool,
 232         private_lookip_listener_t *this, ike_sa_t *old, ike_sa_t *new)
 233 {
 234         /* During IKE_SA rekey, the unique identifier changes. Fire update events
 235          * and update the cached entry. During the invocation of this hook, the
 236          * virtual IPs have been migrated to new, hence remove that entry. */
 237         remove_entry(this, new);
 238         add_entry(this, new);
 239
 240         return TRUE;
 241 }
 242
 243 METHOD(lookip_listener_t, lookup, int,
 244         private_lookip_listener_t *this, host_t *vip,
 245         lookip_callback_t cb, void *user)
 246 {
 247         entry_t *entry;
 248         int matches = 0;
 249
 250         this->lock->read_lock(this->lock);
 251         if (vip)
 252         {
 253                 entry = this->entries->get(this->entries, vip);
 254                 if (entry)
 255                 {
 256                         cb(user, TRUE, entry->vip, entry->other, entry->id,
 257                            entry->name, entry->unique_id);
 258                         matches ++;
 259                 }
 260         }
 261         else
 262         {
 263                 enumerator_t *enumerator;
 264
 265                 enumerator = this->entries->create_enumerator(this->entries);
 266                 while (enumerator->enumerate(enumerator, &vip, &entry))
 267                 {
 268                         cb(user, TRUE, entry->vip, entry->other, entry->id,
 269                            entry->name, entry->unique_id);
 270                         matches++;
 271                 }
 272                 enumerator->destroy(enumerator);
 273         }
 274         this->lock->unlock(this->lock);
 275
 276         return matches;
 277 }
 278
 279 METHOD(lookip_listener_t, add_listener, void,
 280         private_lookip_listener_t *this, lookip_callback_t cb, void *user)
 281 {
 282         listener_entry_t *listener;
 283
 284         INIT(listener,
 285                 .cb = cb,
 286                 .user = user,
 287         );
 288
 289         this->lock->write_lock(this->lock);
 290         this->listeners->insert_last(this->listeners, listener);
 291         this->lock->unlock(this->lock);
 292 }
 293
 294 METHOD(lookip_listener_t, remove_listener, void,
 295         private_lookip_listener_t *this, void *user)
 296 {
 297         listener_entry_t *listener;
 298         enumerator_t *enumerator;
 299
 300         this->lock->write_lock(this->lock);
 301         enumerator = this->listeners->create_enumerator(this->listeners);
 302         while (enumerator->enumerate(enumerator, &listener))
 303         {
 304                 if (listener->user == user)
 305                 {
 306                         this->listeners->remove_at(this->listeners, enumerator);
 307                         free(listener);
 308                 }
 309         }
 310         enumerator->destroy(enumerator);
 311         this->lock->unlock(this->lock);
 312 }
 313
 314 METHOD(lookip_listener_t, destroy, void,
 315         private_lookip_listener_t *this)
 316 {
 317         this->listeners->destroy_function(this->listeners, free);
 318         this->entries->destroy(this->entries);
 319         this->lock->destroy(this->lock);
 320         free(this);
 321 }
 322
 323 /**
 324  * See header
 325  */
 326 lookip_listener_t *lookip_listener_create()
 327 {
 328         private_lookip_listener_t *this;
 329
 330         INIT(this,
 331                 .public = {
 332                         .listener = {
 333                                 .message = _message_hook,
 334                                 .ike_updown = _ike_updown,
 335                                 .ike_rekey = _ike_rekey,
 336                         },
 337                         .lookup = _lookup,
 338                         .add_listener = _add_listener,
 339                         .remove_listener = _remove_listener,
 340                         .destroy = _destroy,
 341                 },
 342                 .lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
 343                 .entries = hashtable_create((hashtable_hash_t)hash,
 344                                                                         (hashtable_equals_t)equals, 32),
 345                 .listeners = linked_list_create(),
 346         );
 347
 348         return &this->public;
 349 }