fixed two bugs introduced by the stroke ip pool refactoring
[strongswan.git] / src / charon / plugins / stroke / stroke_attribute.c
1 /*
2 * Copyright (C) 2008 Martin Willi
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 *
15 * $Id$
16 */
17
18 #include "stroke_attribute.h"
19
20 #include <daemon.h>
21 #include <utils/linked_list.h>
22 #include <utils/hashtable.h>
23 #include <utils/mutex.h>
24
25 #define POOL_LIMIT (sizeof(uintptr_t)*8)
26
27 typedef struct private_stroke_attribute_t private_stroke_attribute_t;
28
29 /**
30 * private data of stroke_attribute
31 */
32 struct private_stroke_attribute_t {
33
34 /**
35 * public functions
36 */
37 stroke_attribute_t public;
38
39 /**
40 * list of pools, contains pool_t
41 */
42 linked_list_t *pools;
43
44 /**
45 * mutex to lock access to pools
46 */
47 mutex_t *mutex;
48 };
49
50 typedef struct {
51 /** name of the pool */
52 char *name;
53 /** base address of the pool */
54 host_t *base;
55 /** size of the pool */
56 int size;
57 /** next unused address */
58 int unused;
59 /** hashtable [identity => offset], for online leases */
60 hashtable_t *online;
61 /** hashtable [identity => offset], for offline leases */
62 hashtable_t *offline;
63 /** hashtable [identity => identity], handles identity references */
64 hashtable_t *ids;
65 } pool_t;
66
67 /**
68 * hashtable hash function for identities
69 */
70 static u_int id_hash(identification_t *id)
71 {
72 return chunk_hash(id->get_encoding(id));
73 }
74
75 /**
76 * hashtable equals function for identities
77 */
78 static bool id_equals(identification_t *a, identification_t *b)
79 {
80 return a->equals(a, b);
81 }
82
83 /**
84 * destroy a pool_t
85 */
86 static void pool_destroy(pool_t *this)
87 {
88 enumerator_t *enumerator;
89 identification_t *id;
90
91 enumerator = this->ids->create_enumerator(this->ids);
92 while (enumerator->enumerate(enumerator, &id, NULL))
93 {
94 id->destroy(id);
95 }
96 enumerator->destroy(enumerator);
97 this->ids->destroy(this->ids);
98 this->online->destroy(this->online);
99 this->offline->destroy(this->offline);
100 DESTROY_IF(this->base);
101 free(this->name);
102 free(this);
103 }
104
105 /**
106 * find a pool by name
107 */
108 static pool_t *find_pool(private_stroke_attribute_t *this, char *name)
109 {
110 enumerator_t *enumerator;
111 pool_t *current, *found = NULL;
112
113 enumerator = this->pools->create_enumerator(this->pools);
114 while (enumerator->enumerate(enumerator, &current))
115 {
116 if (streq(name, current->name))
117 {
118 found = current;
119 break;
120 }
121 }
122 enumerator->destroy(enumerator);
123 return found;
124 }
125
126 /**
127 * convert an pool offset to an address
128 */
129 host_t* offset2host(pool_t *pool, int offset)
130 {
131 chunk_t addr;
132 host_t *host;
133 u_int32_t *pos;
134
135 offset--;
136 if (offset > pool->size)
137 {
138 return NULL;
139 }
140
141 addr = chunk_clone(pool->base->get_address(pool->base));
142 if (pool->base->get_family(pool->base) == AF_INET6)
143 {
144 pos = (u_int32_t*)(addr.ptr + 12);
145 }
146 else
147 {
148 pos = (u_int32_t*)addr.ptr;
149 }
150 *pos = htonl(offset + ntohl(*pos));
151 host = host_create_from_chunk(pool->base->get_family(pool->base), addr, 0);
152 free(addr.ptr);
153 return host;
154 }
155
156 /**
157 * convert a host to a pool offset
158 */
159 int host2offset(pool_t *pool, host_t *addr)
160 {
161 chunk_t host, base;
162 u_int32_t hosti, basei;
163
164 if (addr->get_family(addr) != pool->base->get_family(pool->base))
165 {
166 return -1;
167 }
168 host = addr->get_address(addr);
169 base = pool->base->get_address(pool->base);
170 if (addr->get_family(addr) == AF_INET6)
171 {
172 /* only look at last /32 block */
173 if (!memeq(host.ptr, base.ptr, 12))
174 {
175 return -1;
176 }
177 host = chunk_skip(host, 12);
178 base = chunk_skip(base, 12);
179 }
180 hosti = ntohl(*(u_int32_t*)(host.ptr));
181 basei = ntohl(*(u_int32_t*)(base.ptr));
182 if (hosti > basei + pool->size)
183 {
184 return -1;
185 }
186 return hosti - basei + 1;
187 }
188
189 /**
190 * Implementation of attribute_provider_t.acquire_address
191 */
192 static host_t* acquire_address(private_stroke_attribute_t *this,
193 char *name, identification_t *id,
194 auth_info_t *auth, host_t *requested)
195 {
196 pool_t *pool;
197 uintptr_t offset = 0;
198 enumerator_t *enumerator;
199 identification_t *old_id;
200
201 this->mutex->lock(this->mutex);
202 pool = find_pool(this, name);
203 while (pool)
204 {
205 /* handle %config case by mirroring requested address */
206 if (pool->size == 0)
207 {
208 this->mutex->unlock(this->mutex);
209 return requested->clone(requested);
210 }
211
212 /* check for a valid offline lease, refresh */
213 offset = (uintptr_t)pool->offline->remove(pool->offline, id);
214 if (offset)
215 {
216 id = pool->ids->get(pool->ids, id);
217 if (id)
218 {
219 DBG1(DBG_CFG, "reassigning offline lease to %D", id);
220 pool->online->put(pool->online, id, (void*)offset);
221 break;
222 }
223 }
224
225 /* check for a valid online lease, reassign */
226 offset = (uintptr_t)pool->online->get(pool->online, id);
227 if (offset && offset == host2offset(pool, requested))
228 {
229 DBG1(DBG_CFG, "reassigning online lease to %D", id);
230 break;
231 }
232
233 if (pool->unused < pool->size)
234 {
235 /* assigning offset, starting by 1. Handling 0 in hashtable
236 * is difficult. */
237 offset = ++pool->unused;
238 id = id->clone(id);
239 pool->ids->put(pool->ids, id, id);
240 pool->online->put(pool->online, id, (void*)offset);
241 DBG1(DBG_CFG, "assigning new lease to %D", id);
242 break;
243 }
244 /* no more addresses, replace the first found offline lease */
245 enumerator = pool->offline->create_enumerator(pool->offline);
246 if (enumerator->enumerate(enumerator, &old_id, &offset))
247 {
248 offset = (uintptr_t)pool->offline->remove(pool->offline, old_id);
249 if (offset)
250 {
251 /* destroy reference to old ID */
252 old_id = pool->ids->remove(pool->ids, old_id);
253 DBG1(DBG_CFG, "reassigning existing offline lease of %D to %D",
254 old_id, id);
255 if (old_id)
256 {
257 old_id->destroy(old_id);
258 }
259 id = id->clone(id);
260 pool->ids->put(pool->ids, id, id);
261 pool->online->put(pool->online, id, (void*)offset);
262 enumerator->destroy(enumerator);
263 break;
264 }
265 }
266 enumerator->destroy(enumerator);
267
268 DBG1(DBG_CFG, "pool %s is full, unable to assign address", pool);
269 break;
270 }
271 this->mutex->unlock(this->mutex);
272 if (offset)
273 {
274 return offset2host(pool, offset);
275 }
276 return NULL;
277 }
278
279 /**
280 * Implementation of attribute_provider_t.release_address
281 */
282 static bool release_address(private_stroke_attribute_t *this,
283 char *name, host_t *address, identification_t *id)
284 {
285 pool_t *pool;
286 bool found = FALSE;
287 uintptr_t offset;
288
289 this->mutex->lock(this->mutex);
290 pool = find_pool(this, name);
291 if (pool)
292 {
293 if (pool->size != 0)
294 {
295 offset = (uintptr_t)pool->online->remove(pool->online, id);
296 if (offset)
297 {
298 id = pool->ids->get(pool->ids, id);
299 if (id)
300 {
301 DBG1(DBG_CFG, "lease %H to %D went offline", address, id);
302 pool->offline->put(pool->offline, id, (void*)offset);
303 }
304 }
305 }
306 }
307 this->mutex->unlock(this->mutex);
308 return found;
309 }
310
311 /**
312 * Implementation of stroke_attribute_t.add_pool.
313 */
314 static void add_pool(private_stroke_attribute_t *this, stroke_msg_t *msg)
315 {
316 if (msg->add_conn.other.sourceip_size)
317 {
318 pool_t *pool;
319
320 pool = malloc_thing(pool_t);
321 pool->base = NULL;
322 pool->size = 0;
323 pool->unused = 0;
324 pool->name = strdup(msg->add_conn.name);
325 pool->online = hashtable_create((hashtable_hash_t)id_hash,
326 (hashtable_equals_t)id_equals, 16);
327 pool->offline = hashtable_create((hashtable_hash_t)id_hash,
328 (hashtable_equals_t)id_equals, 16);
329 pool->ids = hashtable_create((hashtable_hash_t)id_hash,
330 (hashtable_equals_t)id_equals, 16);
331
332 /* if %config, add an empty pool, otherwise */
333 if (msg->add_conn.other.sourceip)
334 {
335 u_int32_t bits;
336 int family;
337
338 DBG1(DBG_CFG, "adding virtual IP address pool '%s': %s/%d",
339 msg->add_conn.name, msg->add_conn.other.sourceip,
340 msg->add_conn.other.sourceip_size);
341
342 pool->base = host_create_from_string(msg->add_conn.other.sourceip, 0);
343 if (!pool->base)
344 {
345 pool_destroy(pool);
346 DBG1(DBG_CFG, "virtual IP address invalid, discarded");
347 return;
348 }
349 family = pool->base->get_family(pool->base);
350 bits = (family == AF_INET ? 32 : 128) - msg->add_conn.other.sourceip_size;
351 if (bits > POOL_LIMIT)
352 {
353 bits = POOL_LIMIT;
354 DBG1(DBG_CFG, "virtual IP pool to large, limiting to %s/%d",
355 msg->add_conn.other.sourceip,
356 (family == AF_INET ? 32 : 128) - bits);
357 }
358 pool->size = 1 << (bits);
359
360 if (pool->size > 2)
361 { /* do not use first and last addresses of a block */
362 pool->unused++;
363 pool->size--;
364 }
365 }
366 this->mutex->lock(this->mutex);
367 this->pools->insert_last(this->pools, pool);
368 this->mutex->unlock(this->mutex);
369 }
370 }
371
372 /**
373 * Implementation of stroke_attribute_t.del_pool.
374 */
375 static void del_pool(private_stroke_attribute_t *this, stroke_msg_t *msg)
376 {
377 enumerator_t *enumerator;
378 pool_t *pool;
379
380 this->mutex->lock(this->mutex);
381 enumerator = this->pools->create_enumerator(this->pools);
382 while (enumerator->enumerate(enumerator, &pool))
383 {
384 if (streq(msg->del_conn.name, pool->name))
385 {
386 this->pools->remove_at(this->pools, enumerator);
387 pool_destroy(pool);
388 break;
389 }
390 }
391 enumerator->destroy(enumerator);
392 this->mutex->unlock(this->mutex);
393 }
394
395 /**
396 * Pool enumerator filter function, converts pool_t to name, size, ...
397 */
398 static bool pool_filter(void *mutex, pool_t **poolp, char **name,
399 void *d1, u_int *size, void *d2, u_int *online,
400 void *d3, u_int *offline)
401 {
402 pool_t *pool = *poolp;
403
404 *name = pool->name;
405 *size = pool->size;
406 *online = pool->online->get_count(pool->online);
407 *offline = pool->offline->get_count(pool->offline);
408 return TRUE;
409 }
410
411 /**
412 * Implementation of stroke_attribute_t.create_pool_enumerator
413 */
414 static enumerator_t* create_pool_enumerator(private_stroke_attribute_t *this)
415 {
416 this->mutex->lock(this->mutex);
417 return enumerator_create_filter(this->pools->create_enumerator(this->pools),
418 (void*)pool_filter,
419 this->mutex, (void*)this->mutex->unlock);
420 }
421
422 /**
423 * lease enumerator
424 */
425 typedef struct {
426 /** implemented enumerator interface */
427 enumerator_t public;
428 /** inner hash-table enumerator */
429 enumerator_t *inner;
430 /** enumerated pool */
431 pool_t *pool;
432 /** mutex to unlock on destruction */
433 mutex_t *mutex;
434 /** currently enumerated lease address */
435 host_t *current;
436 } lease_enumerator_t;
437
438 /**
439 * Implementation of lease_enumerator_t.enumerate
440 */
441 static bool lease_enumerate(lease_enumerator_t *this, identification_t **id_out,
442 host_t **addr_out, bool *online)
443 {
444 identification_t *id;
445 uintptr_t offset;
446
447 DESTROY_IF(this->current);
448 this->current = NULL;
449
450 if (this->inner->enumerate(this->inner, &id, NULL))
451 {
452 offset = (uintptr_t)this->pool->online->get(this->pool->online, id);
453 if (offset)
454 {
455 *id_out = id;
456 *addr_out = this->current = offset2host(this->pool, offset);
457 *online = TRUE;
458 return TRUE;
459 }
460 offset = (uintptr_t)this->pool->offline->get(this->pool->offline, id);
461 if (offset)
462 {
463 *id_out = id;
464 *addr_out = this->current = offset2host(this->pool, offset);
465 *online = FALSE;
466 return TRUE;
467 }
468 }
469 return FALSE;
470 }
471
472 /**
473 * Implementation of lease_enumerator_t.destroy
474 */
475 static void lease_enumerator_destroy(lease_enumerator_t *this)
476 {
477 DESTROY_IF(this->current);
478 this->inner->destroy(this->inner);
479 this->mutex->unlock(this->mutex);
480 free(this);
481 }
482
483 /**
484 * Implementation of stroke_attribute_t.create_lease_enumerator
485 */
486 static enumerator_t* create_lease_enumerator(private_stroke_attribute_t *this,
487 char *pool)
488 {
489 lease_enumerator_t *enumerator;
490
491 this->mutex->lock(this->mutex);
492 enumerator = malloc_thing(lease_enumerator_t);
493 enumerator->pool = find_pool(this, pool);
494 if (!enumerator->pool)
495 {
496 this->mutex->unlock(this->mutex);
497 free(enumerator);
498 return NULL;
499 }
500 enumerator->public.enumerate = (void*)lease_enumerate;
501 enumerator->public.destroy = (void*)lease_enumerator_destroy;
502 enumerator->inner = enumerator->pool->ids->create_enumerator(enumerator->pool->ids);
503 enumerator->mutex = this->mutex;
504 enumerator->current = NULL;
505 return &enumerator->public;
506 }
507
508 /**
509 * Implementation of stroke_attribute_t.destroy
510 */
511 static void destroy(private_stroke_attribute_t *this)
512 {
513 this->mutex->destroy(this->mutex);
514 this->pools->destroy_function(this->pools, (void*)pool_destroy);
515 free(this);
516 }
517
518 /*
519 * see header file
520 */
521 stroke_attribute_t *stroke_attribute_create()
522 {
523 private_stroke_attribute_t *this = malloc_thing(private_stroke_attribute_t);
524
525 this->public.provider.acquire_address = (host_t*(*)(attribute_provider_t *this, char*, identification_t *,auth_info_t *, host_t *))acquire_address;
526 this->public.provider.release_address = (bool(*)(attribute_provider_t *this, char*,host_t *, identification_t*))release_address;
527 this->public.add_pool = (void(*)(stroke_attribute_t*, stroke_msg_t *msg))add_pool;
528 this->public.del_pool = (void(*)(stroke_attribute_t*, stroke_msg_t *msg))del_pool;
529 this->public.create_pool_enumerator = (enumerator_t*(*)(stroke_attribute_t*))create_pool_enumerator;
530 this->public.create_lease_enumerator = (enumerator_t*(*)(stroke_attribute_t*, char *pool))create_lease_enumerator;
531 this->public.destroy = (void(*)(stroke_attribute_t*))destroy;
532
533 this->pools = linked_list_create();
534 this->mutex = mutex_create(MUTEX_RECURSIVE);
535
536 return &this->public;
537 }
538