07a3d4953650f387275ea442e1d28e7aa2cf6543
[strongswan.git] / src / libcharon / plugins / forecast / forecast_forwarder.c
1 /*
2 * Copyright (C) 2010-2014 Martin Willi
3 * Copyright (C) 2010-2014 revosec AG
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "forecast_forwarder.h"
17
18 #include <errno.h>
19 #include <unistd.h>
20 #include <netinet/ip.h>
21 #include <netinet/udp.h>
22 #include <linux/socket.h>
23 #include <netinet/if_ether.h>
24 #include <linux/if_packet.h>
25 #include <linux/filter.h>
26 #include <sys/ioctl.h>
27 #include <ifaddrs.h>
28 #include <net/if.h>
29
30 #include <hydra.h>
31 #include <daemon.h>
32 #include <threading/thread.h>
33 #include <processing/jobs/callback_job.h>
34
35 #define BOOTP_SERVER_PORT 67
36 #define BOOTP_CLIENT_PORT 68
37
38 typedef struct private_forecast_forwarder_t private_forecast_forwarder_t;
39 typedef struct private_kernel_listener_t private_kernel_listener_t;
40
41 /**
42 * Private data of registered kernel listener
43 */
44 struct private_kernel_listener_t {
45
46 /**
47 * Implements kernel_listener_t
48 */
49 kernel_listener_t listener;
50
51 /**
52 * Listener that knows active addresses
53 */
54 forecast_listener_t *fc;
55
56 /**
57 * current broadcast address of internal network
58 */
59 u_int32_t broadcast;
60
61 /**
62 * LAN interface index
63 */
64 int ifindex;
65
66 /**
67 * Packet socket
68 */
69 int pkt;
70
71 /**
72 * RAW socket
73 */
74 int raw;
75 };
76
77 /**
78 * Private data of an forecast_forwarder_t object.
79 */
80 struct private_forecast_forwarder_t {
81
82 /**
83 * Public forecast_forwarder_t interface.
84 */
85 forecast_forwarder_t public;
86
87 /**
88 * Public kernel_listener_t interface.
89 */
90 private_kernel_listener_t kernel;
91 };
92
93 /**
94 * Send a broadcast/multicast packet to a network
95 */
96 static void send_net(private_forecast_forwarder_t *this,
97 struct sockaddr_ll *addr, void *buf, size_t len)
98 {
99 if (sendto(this->kernel.pkt, buf, len, 0,
100 (struct sockaddr*)addr, sizeof(*addr)) != len)
101 {
102 DBG1(DBG_NET, "forecast send_net() failed: %s", strerror(errno));
103 }
104 }
105
106 /**
107 * Send a broadcast/multicast packet to a peer
108 */
109 static void send_peer(private_forecast_forwarder_t *this, u_int32_t dst,
110 void *buf, size_t len, int mark)
111 {
112 struct sockaddr_in addr = {
113 .sin_family = AF_INET,
114 .sin_addr.s_addr = dst,
115 };
116
117 if (setsockopt(this->kernel.raw, SOL_SOCKET, SO_MARK,
118 &mark, sizeof(mark)) != 0)
119 {
120 DBG1(DBG_NET, "forecast setting SO_MARK failed: %s", strerror(errno));
121 }
122 if (sendto(this->kernel.raw, buf, len, 0,
123 (struct sockaddr*)&addr, sizeof(addr)) != len)
124 {
125 DBG1(DBG_NET, "forecast send_peer() failed: %s", strerror(errno));
126 }
127 }
128
129 /**
130 * Check if an IP packet is BOOTP/DHCP
131 */
132 static bool is_bootp(void *buf, size_t len)
133 {
134 struct __attribute__((__packed__)) {
135 struct iphdr ip;
136 struct udphdr udp;
137 } *pkt = buf;
138
139 if (len > sizeof(*pkt))
140 {
141 if (ntohs(pkt->udp.source) == BOOTP_CLIENT_PORT &&
142 ntohs(pkt->udp.dest) == BOOTP_SERVER_PORT)
143 {
144 return TRUE;
145 }
146 if (ntohs(pkt->udp.source) == BOOTP_SERVER_PORT &&
147 ntohs(pkt->udp.dest) == BOOTP_CLIENT_PORT)
148 {
149 return TRUE;
150 }
151 }
152 return FALSE;
153 }
154
155 /**
156 * Broadcast/Multicast receiver
157 */
158 static bool receive_casts(private_forecast_forwarder_t *this)
159 {
160 struct __attribute__((packed)) {
161 struct iphdr hdr;
162 char data[2048];
163 } buf;
164 char *type;
165 ssize_t len;
166 u_int mark, origin = 0;
167 host_t *src, *dst;
168 traffic_selector_t *ts;
169 enumerator_t *enumerator;
170 struct sockaddr_ll addr;
171 socklen_t alen = sizeof(addr);
172 bool reinject;
173
174 len = recvfrom(this->kernel.pkt, &buf, sizeof(buf), MSG_DONTWAIT,
175 (struct sockaddr*)&addr, &alen);
176 if (len < 0)
177 {
178 if (errno != EAGAIN && errno != EWOULDBLOCK)
179 {
180 DBG1(DBG_NET, "receiving from forecast socket failed: %s",
181 strerror(errno));
182 }
183 return TRUE;
184 }
185 else if (len < sizeof(struct iphdr))
186 {
187 DBG1(DBG_NET, "received short forecast packet: %zd bytes", len);
188 return TRUE;
189 }
190 if (is_bootp(&buf, len))
191 { /* don't forward DHCP broadcasts */
192 return TRUE;
193 }
194
195 src = host_create_from_chunk(AF_INET, chunk_from_thing(buf.hdr.saddr), 0);
196 dst = host_create_from_chunk(AF_INET, chunk_from_thing(buf.hdr.daddr), 0);
197
198 /* create valid broadcast/multicast MAC to send out */
199 if (IN_MULTICAST(ntohl(buf.hdr.daddr)))
200 {
201 type = "multi";
202 ETHER_MAP_IP_MULTICAST(&buf.hdr.daddr, addr.sll_addr);
203 }
204 else
205 {
206 type = "broad";
207 memset(&addr.sll_addr, 0xFF, sizeof(addr.sll_addr));
208 }
209 DBG2(DBG_NET, "forecast intercepted packet: %H to %H", src, dst);
210
211 /* find mark of originating tunnel */
212 enumerator = this->kernel.fc->create_enumerator(this->kernel.fc, FALSE);
213 while (enumerator->enumerate(enumerator, &ts, &mark, &reinject))
214 {
215 if (ts->includes(ts, src))
216 {
217 origin = mark;
218 break;
219 }
220 }
221 enumerator->destroy(enumerator);
222
223 /* send packet over all tunnels, but not the packets origin */
224 enumerator = this->kernel.fc->create_enumerator(this->kernel.fc, FALSE);
225 while (enumerator->enumerate(enumerator, &ts, &mark, &reinject))
226 {
227 if (ts->includes(ts, dst))
228 {
229 if ((reinject && origin != mark) || origin == 0)
230 {
231 DBG2(DBG_NET, "forwarding a %H %scast from %H to peer %R (%u)",
232 dst, type, src, ts, mark);
233 send_peer(this, buf.hdr.daddr, &buf, len, mark);
234 }
235 }
236 }
237 enumerator->destroy(enumerator);
238
239 if (origin)
240 {
241 /* forward broadcast/multicast from client to network */
242 DBG2(DBG_NET, "forwarding a %H %scast from peer %H to internal network",
243 dst, type, src);
244 addr.sll_ifindex = this->kernel.ifindex;
245 send_net(this, &addr, &buf, len);
246 }
247
248 dst->destroy(dst);
249 src->destroy(src);
250
251 return TRUE;
252 }
253
254 /**
255 * Join a multicast group
256 */
257 static void join_group(private_kernel_listener_t *this, char *group,
258 struct sockaddr *addr)
259 {
260 struct sockaddr_in *in;
261 struct ip_mreqn mreq;
262 host_t *host;
263
264 host = host_create_from_string(group, 0);
265 if (host)
266 {
267 memset(&mreq, 0, sizeof(mreq));
268 memcpy(&mreq.imr_multiaddr.s_addr, host->get_address(host).ptr, 4);
269 if (addr->sa_family == AF_INET)
270 {
271 in = (struct sockaddr_in*)addr;
272 memcpy(&mreq.imr_address, &in->sin_addr.s_addr,
273 sizeof(in->sin_addr.s_addr));
274 }
275 mreq.imr_ifindex = this->ifindex;
276 if (setsockopt(this->raw, IPPROTO_IP, IP_ADD_MEMBERSHIP,
277 &mreq, sizeof(mreq)) == -1)
278 {
279 if (errno != EADDRINUSE)
280 {
281 DBG1(DBG_NET, "forecast multicast join to %s failed: %s",
282 group, strerror(errno));
283 }
284 }
285 else
286 {
287 DBG2(DBG_NET, "forwarding multicast group %s", group);
288 }
289 host->destroy(host);
290 }
291 }
292
293 /**
294 * (Re-)Join all multicast groups we want to forward
295 */
296 static void join_groups(private_kernel_listener_t *this, struct sockaddr *addr)
297 {
298 enumerator_t *enumerator;
299 char *groups, *group;
300 static char *def =
301 "224.0.0.1," /* host multicast */
302 "224.0.0.22," /* IGMP */
303 "224.0.0.251," /* mDNS */
304 "224.0.0.252," /* LLMNR */
305 "239.255.255.250"; /* SSDP/WS-discovery */
306
307 groups = lib->settings->get_str(lib->settings,
308 "%s.plugins.forecast.groups", def, lib->ns);
309 DBG1(DBG_CFG, "joining forecast multicast groups: %s", groups);
310 enumerator = enumerator_create_token(groups, ",", " ");
311 while (enumerator->enumerate(enumerator, &group))
312 {
313 join_group(this, group, addr);
314 }
315 enumerator->destroy(enumerator);
316 }
317
318 /**
319 * Attach the socket filter to the socket
320 */
321 static bool attach_filter(int fd, u_int32_t broadcast)
322 {
323 struct sock_filter filter_code[] = {
324 /* destination address: is ... */
325 BPF_STMT(BPF_LD+BPF_W+BPF_ABS, offsetof(struct iphdr, daddr)),
326 /* broadcast, as received from the local network */
327 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, ntohl(broadcast), 4, 0),
328 /* broadcast, as Win7 sends them */
329 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, 0xFFFFFFFF, 3, 0),
330 /* any multicast, 224.0.0.0/4 */
331 BPF_STMT(BPF_ALU+BPF_AND+BPF_K, 0xF0000000),
332 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, 0xE0000000, 1, 0),
333 BPF_STMT(BPF_RET+BPF_K, 0),
334 BPF_STMT(BPF_LD+BPF_W+BPF_LEN, 0),
335 BPF_STMT(BPF_RET+BPF_A, 0),
336 };
337 struct sock_fprog filter = {
338 sizeof(filter_code) / sizeof(struct sock_filter),
339 filter_code,
340 };
341
342 if (setsockopt(fd, SOL_SOCKET, SO_ATTACH_FILTER,
343 &filter, sizeof(filter)) < 0)
344 {
345 DBG1(DBG_NET, "installing forecast PACKET socket filter failed: %s",
346 strerror(errno));
347 return FALSE;
348 }
349 return TRUE;
350 }
351
352 /**
353 * Get the interface index of an interface name
354 */
355 static int get_ifindex(private_kernel_listener_t *this, char *ifname)
356 {
357 struct ifreq ifr = {};
358
359 strncpy(ifr.ifr_name, ifname, IFNAMSIZ);
360 if (ioctl(this->raw, SIOCGIFINDEX, &ifr) == 0)
361 {
362 return ifr.ifr_ifindex;
363 }
364 return 0;
365 }
366
367 /**
368 * Set up the interface for broad/multicast forwarding
369 */
370 static void setup_interface(private_kernel_listener_t *this)
371 {
372 struct ifaddrs *addrs, *current;
373 struct sockaddr_in *in;
374 host_t *host;
375 char *name;
376
377 name = lib->settings->get_str(lib->settings,
378 "%s.plugins.forecast.interface", NULL, lib->ns);
379 if (getifaddrs(&addrs) == 0)
380 {
381 for (current = addrs; current; current = current->ifa_next)
382 {
383 if (name && !streq(name, current->ifa_name))
384 {
385 continue;
386 }
387 if (current->ifa_flags & IFF_BROADCAST &&
388 current->ifa_broadaddr &&
389 current->ifa_broadaddr->sa_family == AF_INET)
390 {
391 DBG1(DBG_NET, "using forecast interface %s", current->ifa_name);
392 this->ifindex = get_ifindex(this, current->ifa_name);
393 in = (struct sockaddr_in*)current->ifa_broadaddr;
394 attach_filter(this->pkt, in->sin_addr.s_addr);
395 join_groups(this, current->ifa_addr);
396 host = host_create_from_sockaddr(current->ifa_broadaddr);
397 if (host)
398 {
399 this->fc->set_broadcast(this->fc, host);
400 host->destroy(host);
401 }
402 break;
403 }
404 }
405 }
406 freeifaddrs(addrs);
407 }
408
409 METHOD(kernel_listener_t, roam, bool,
410 private_kernel_listener_t *this, bool address)
411 {
412 if (address)
413 {
414 setup_interface(this);
415 }
416 return TRUE;
417 }
418
419 METHOD(forecast_forwarder_t, destroy, void,
420 private_forecast_forwarder_t *this)
421 {
422 if (this->kernel.raw != -1)
423 {
424 close(this->kernel.raw);
425 }
426 if (this->kernel.pkt != -1)
427 {
428 lib->watcher->remove(lib->watcher, this->kernel.pkt);
429 close(this->kernel.pkt);
430 }
431 hydra->kernel_interface->remove_listener(hydra->kernel_interface,
432 &this->kernel.listener);
433 free(this);
434 }
435
436 /**
437 * See header
438 */
439 forecast_forwarder_t *forecast_forwarder_create(forecast_listener_t *listener)
440 {
441 private_forecast_forwarder_t *this;
442 int on = 1;
443
444 INIT(this,
445 .public = {
446 .destroy = _destroy,
447 },
448 .kernel = {
449 .listener = {
450 .roam = _roam,
451 },
452 .raw = -1,
453 .pkt = -1,
454 .fc = listener,
455 },
456 );
457
458 this->kernel.pkt = socket(AF_PACKET, SOCK_DGRAM, htons(ETH_P_IP));
459 if (this->kernel.pkt == -1)
460 {
461 DBG1(DBG_NET, "opening PACKET socket failed: %s", strerror(errno));
462 destroy(this);
463 return NULL;
464 }
465 this->kernel.raw = socket(AF_INET, SOCK_RAW, IPPROTO_UDP);
466 if (this->kernel.raw == -1)
467 {
468 DBG1(DBG_NET, "opening RAW socket failed: %s", strerror(errno));
469 destroy(this);
470 return NULL;
471 }
472 if (setsockopt(this->kernel.raw, IPPROTO_IP, IP_HDRINCL,
473 &on, sizeof(on)) == -1)
474 {
475 DBG1(DBG_NET, "forecast socket HDRINCL failed: %s", strerror(errno));
476 destroy(this);
477 return NULL;
478 }
479 if (setsockopt(this->kernel.raw, SOL_SOCKET, SO_BROADCAST,
480 &on, sizeof(on)) == -1)
481 {
482 DBG1(DBG_NET, "forecast socket BROADCAST failed: %s", strerror(errno));
483 destroy(this);
484 return NULL;
485 }
486
487 setup_interface(&this->kernel);
488
489 hydra->kernel_interface->add_listener(hydra->kernel_interface,
490 &this->kernel.listener);
491
492 lib->watcher->add(lib->watcher, this->kernel.pkt, WATCHER_READ,
493 (watcher_cb_t)receive_casts, this);
494
495 return &this->public;
496 }