libhydra: Move kernel interface to libcharon
[strongswan.git] / src / libcharon / plugins / forecast / forecast_forwarder.c
1 /*
2 * Copyright (C) 2010-2014 Martin Willi
3 * Copyright (C) 2010-2014 revosec AG
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "forecast_forwarder.h"
17
18 #include <errno.h>
19 #include <unistd.h>
20 #include <netinet/ip.h>
21 #include <netinet/udp.h>
22 #include <linux/socket.h>
23 #include <netinet/if_ether.h>
24 #include <linux/if_packet.h>
25 #include <linux/filter.h>
26 #include <sys/ioctl.h>
27 #include <ifaddrs.h>
28 #include <net/if.h>
29
30 #include <daemon.h>
31 #include <threading/thread.h>
32 #include <processing/jobs/callback_job.h>
33
34 #define BOOTP_SERVER_PORT 67
35 #define BOOTP_CLIENT_PORT 68
36
37 typedef struct private_forecast_forwarder_t private_forecast_forwarder_t;
38 typedef struct private_kernel_listener_t private_kernel_listener_t;
39
40 /**
41 * Private data of registered kernel listener
42 */
43 struct private_kernel_listener_t {
44
45 /**
46 * Implements kernel_listener_t
47 */
48 kernel_listener_t listener;
49
50 /**
51 * Listener that knows active addresses
52 */
53 forecast_listener_t *fc;
54
55 /**
56 * current broadcast address of internal network
57 */
58 u_int32_t broadcast;
59
60 /**
61 * LAN interface index
62 */
63 int ifindex;
64
65 /**
66 * Packet socket
67 */
68 int pkt;
69
70 /**
71 * RAW socket
72 */
73 int raw;
74 };
75
76 /**
77 * Private data of an forecast_forwarder_t object.
78 */
79 struct private_forecast_forwarder_t {
80
81 /**
82 * Public forecast_forwarder_t interface.
83 */
84 forecast_forwarder_t public;
85
86 /**
87 * Public kernel_listener_t interface.
88 */
89 private_kernel_listener_t kernel;
90 };
91
92 /**
93 * Send a broadcast/multicast packet to a network
94 */
95 static void send_net(private_forecast_forwarder_t *this,
96 struct sockaddr_ll *addr, void *buf, size_t len)
97 {
98 if (sendto(this->kernel.pkt, buf, len, 0,
99 (struct sockaddr*)addr, sizeof(*addr)) != len)
100 {
101 DBG1(DBG_NET, "forecast send_net() failed: %s", strerror(errno));
102 }
103 }
104
105 /**
106 * Send a broadcast/multicast packet to a peer
107 */
108 static void send_peer(private_forecast_forwarder_t *this, u_int32_t dst,
109 void *buf, size_t len, int mark)
110 {
111 struct sockaddr_in addr = {
112 .sin_family = AF_INET,
113 .sin_addr.s_addr = dst,
114 };
115
116 if (setsockopt(this->kernel.raw, SOL_SOCKET, SO_MARK,
117 &mark, sizeof(mark)) != 0)
118 {
119 DBG1(DBG_NET, "forecast setting SO_MARK failed: %s", strerror(errno));
120 }
121 if (sendto(this->kernel.raw, buf, len, 0,
122 (struct sockaddr*)&addr, sizeof(addr)) != len)
123 {
124 DBG1(DBG_NET, "forecast send_peer() failed: %s", strerror(errno));
125 }
126 }
127
128 /**
129 * Check if an IP packet is BOOTP/DHCP
130 */
131 static bool is_bootp(void *buf, size_t len)
132 {
133 struct __attribute__((__packed__)) {
134 struct iphdr ip;
135 struct udphdr udp;
136 } *pkt = buf;
137
138 if (len > sizeof(*pkt))
139 {
140 if (ntohs(pkt->udp.source) == BOOTP_CLIENT_PORT &&
141 ntohs(pkt->udp.dest) == BOOTP_SERVER_PORT)
142 {
143 return TRUE;
144 }
145 if (ntohs(pkt->udp.source) == BOOTP_SERVER_PORT &&
146 ntohs(pkt->udp.dest) == BOOTP_CLIENT_PORT)
147 {
148 return TRUE;
149 }
150 }
151 return FALSE;
152 }
153
154 /**
155 * Broadcast/Multicast receiver
156 */
157 static bool receive_casts(private_forecast_forwarder_t *this)
158 {
159 struct __attribute__((packed)) {
160 struct iphdr hdr;
161 char data[2048];
162 } buf;
163 char *type;
164 ssize_t len;
165 u_int mark, origin = 0;
166 host_t *src, *dst;
167 traffic_selector_t *ts;
168 enumerator_t *enumerator;
169 struct sockaddr_ll addr;
170 socklen_t alen = sizeof(addr);
171 bool reinject;
172
173 len = recvfrom(this->kernel.pkt, &buf, sizeof(buf), MSG_DONTWAIT,
174 (struct sockaddr*)&addr, &alen);
175 if (len < 0)
176 {
177 if (errno != EAGAIN && errno != EWOULDBLOCK)
178 {
179 DBG1(DBG_NET, "receiving from forecast socket failed: %s",
180 strerror(errno));
181 }
182 return TRUE;
183 }
184 else if (len < sizeof(struct iphdr))
185 {
186 DBG1(DBG_NET, "received short forecast packet: %zd bytes", len);
187 return TRUE;
188 }
189 if (is_bootp(&buf, len))
190 { /* don't forward DHCP broadcasts */
191 return TRUE;
192 }
193
194 src = host_create_from_chunk(AF_INET, chunk_from_thing(buf.hdr.saddr), 0);
195 dst = host_create_from_chunk(AF_INET, chunk_from_thing(buf.hdr.daddr), 0);
196
197 /* create valid broadcast/multicast MAC to send out */
198 if (IN_MULTICAST(ntohl(buf.hdr.daddr)))
199 {
200 type = "multi";
201 ETHER_MAP_IP_MULTICAST(&buf.hdr.daddr, addr.sll_addr);
202 }
203 else
204 {
205 type = "broad";
206 memset(&addr.sll_addr, 0xFF, sizeof(addr.sll_addr));
207 }
208 DBG2(DBG_NET, "forecast intercepted packet: %H to %H", src, dst);
209
210 /* find mark of originating tunnel */
211 enumerator = this->kernel.fc->create_enumerator(this->kernel.fc, FALSE);
212 while (enumerator->enumerate(enumerator, &ts, &mark, &reinject))
213 {
214 if (ts->includes(ts, src))
215 {
216 origin = mark;
217 break;
218 }
219 }
220 enumerator->destroy(enumerator);
221
222 /* send packet over all tunnels, but not the packets origin */
223 enumerator = this->kernel.fc->create_enumerator(this->kernel.fc, FALSE);
224 while (enumerator->enumerate(enumerator, &ts, &mark, &reinject))
225 {
226 if (ts->includes(ts, dst))
227 {
228 if ((reinject && origin != mark) || origin == 0)
229 {
230 DBG2(DBG_NET, "forwarding a %H %scast from %H to peer %R (%u)",
231 dst, type, src, ts, mark);
232 send_peer(this, buf.hdr.daddr, &buf, len, mark);
233 }
234 }
235 }
236 enumerator->destroy(enumerator);
237
238 if (origin)
239 {
240 /* forward broadcast/multicast from client to network */
241 DBG2(DBG_NET, "forwarding a %H %scast from peer %H to internal network",
242 dst, type, src);
243 addr.sll_ifindex = this->kernel.ifindex;
244 send_net(this, &addr, &buf, len);
245 }
246
247 dst->destroy(dst);
248 src->destroy(src);
249
250 return TRUE;
251 }
252
253 /**
254 * Join a multicast group
255 */
256 static void join_group(private_kernel_listener_t *this, char *group,
257 struct sockaddr *addr)
258 {
259 struct sockaddr_in *in;
260 struct ip_mreqn mreq;
261 host_t *host;
262
263 host = host_create_from_string(group, 0);
264 if (host)
265 {
266 memset(&mreq, 0, sizeof(mreq));
267 memcpy(&mreq.imr_multiaddr.s_addr, host->get_address(host).ptr, 4);
268 if (addr->sa_family == AF_INET)
269 {
270 in = (struct sockaddr_in*)addr;
271 memcpy(&mreq.imr_address, &in->sin_addr.s_addr,
272 sizeof(in->sin_addr.s_addr));
273 }
274 mreq.imr_ifindex = this->ifindex;
275 if (setsockopt(this->raw, IPPROTO_IP, IP_ADD_MEMBERSHIP,
276 &mreq, sizeof(mreq)) == -1)
277 {
278 if (errno != EADDRINUSE)
279 {
280 DBG1(DBG_NET, "forecast multicast join to %s failed: %s",
281 group, strerror(errno));
282 }
283 }
284 else
285 {
286 DBG2(DBG_NET, "forwarding multicast group %s", group);
287 }
288 host->destroy(host);
289 }
290 }
291
292 /**
293 * (Re-)Join all multicast groups we want to forward
294 */
295 static void join_groups(private_kernel_listener_t *this, struct sockaddr *addr)
296 {
297 enumerator_t *enumerator;
298 char *groups, *group;
299 static char *def =
300 "224.0.0.1," /* host multicast */
301 "224.0.0.22," /* IGMP */
302 "224.0.0.251," /* mDNS */
303 "224.0.0.252," /* LLMNR */
304 "239.255.255.250"; /* SSDP/WS-discovery */
305
306 groups = lib->settings->get_str(lib->settings,
307 "%s.plugins.forecast.groups", def, lib->ns);
308 DBG1(DBG_CFG, "joining forecast multicast groups: %s", groups);
309 enumerator = enumerator_create_token(groups, ",", " ");
310 while (enumerator->enumerate(enumerator, &group))
311 {
312 join_group(this, group, addr);
313 }
314 enumerator->destroy(enumerator);
315 }
316
317 /**
318 * Attach the socket filter to the socket
319 */
320 static bool attach_filter(int fd, u_int32_t broadcast)
321 {
322 struct sock_filter filter_code[] = {
323 /* destination address: is ... */
324 BPF_STMT(BPF_LD+BPF_W+BPF_ABS, offsetof(struct iphdr, daddr)),
325 /* broadcast, as received from the local network */
326 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, ntohl(broadcast), 4, 0),
327 /* broadcast, as Win7 sends them */
328 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, 0xFFFFFFFF, 3, 0),
329 /* any multicast, 224.0.0.0/4 */
330 BPF_STMT(BPF_ALU+BPF_AND+BPF_K, 0xF0000000),
331 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, 0xE0000000, 1, 0),
332 BPF_STMT(BPF_RET+BPF_K, 0),
333 BPF_STMT(BPF_LD+BPF_W+BPF_LEN, 0),
334 BPF_STMT(BPF_RET+BPF_A, 0),
335 };
336 struct sock_fprog filter = {
337 sizeof(filter_code) / sizeof(struct sock_filter),
338 filter_code,
339 };
340
341 if (setsockopt(fd, SOL_SOCKET, SO_ATTACH_FILTER,
342 &filter, sizeof(filter)) < 0)
343 {
344 DBG1(DBG_NET, "installing forecast PACKET socket filter failed: %s",
345 strerror(errno));
346 return FALSE;
347 }
348 return TRUE;
349 }
350
351 /**
352 * Get the interface index of an interface name
353 */
354 static int get_ifindex(private_kernel_listener_t *this, char *ifname)
355 {
356 struct ifreq ifr = {};
357
358 strncpy(ifr.ifr_name, ifname, IFNAMSIZ);
359 if (ioctl(this->raw, SIOCGIFINDEX, &ifr) == 0)
360 {
361 return ifr.ifr_ifindex;
362 }
363 return 0;
364 }
365
366 /**
367 * Set up the interface for broad/multicast forwarding
368 */
369 static void setup_interface(private_kernel_listener_t *this)
370 {
371 struct ifaddrs *addrs, *current;
372 struct sockaddr_in *in;
373 host_t *host;
374 char *name;
375
376 name = lib->settings->get_str(lib->settings,
377 "%s.plugins.forecast.interface", NULL, lib->ns);
378 if (getifaddrs(&addrs) == 0)
379 {
380 for (current = addrs; current; current = current->ifa_next)
381 {
382 if (name && !streq(name, current->ifa_name))
383 {
384 continue;
385 }
386 if (current->ifa_flags & IFF_BROADCAST &&
387 current->ifa_broadaddr &&
388 current->ifa_broadaddr->sa_family == AF_INET)
389 {
390 DBG1(DBG_NET, "using forecast interface %s", current->ifa_name);
391 this->ifindex = get_ifindex(this, current->ifa_name);
392 in = (struct sockaddr_in*)current->ifa_broadaddr;
393 attach_filter(this->pkt, in->sin_addr.s_addr);
394 join_groups(this, current->ifa_addr);
395 host = host_create_from_sockaddr(current->ifa_broadaddr);
396 if (host)
397 {
398 this->fc->set_broadcast(this->fc, host);
399 host->destroy(host);
400 }
401 break;
402 }
403 }
404 }
405 freeifaddrs(addrs);
406 }
407
408 METHOD(kernel_listener_t, roam, bool,
409 private_kernel_listener_t *this, bool address)
410 {
411 if (address)
412 {
413 setup_interface(this);
414 }
415 return TRUE;
416 }
417
418 METHOD(forecast_forwarder_t, destroy, void,
419 private_forecast_forwarder_t *this)
420 {
421 if (this->kernel.raw != -1)
422 {
423 close(this->kernel.raw);
424 }
425 if (this->kernel.pkt != -1)
426 {
427 lib->watcher->remove(lib->watcher, this->kernel.pkt);
428 close(this->kernel.pkt);
429 }
430 charon->kernel->remove_listener(charon->kernel, &this->kernel.listener);
431 free(this);
432 }
433
434 /**
435 * See header
436 */
437 forecast_forwarder_t *forecast_forwarder_create(forecast_listener_t *listener)
438 {
439 private_forecast_forwarder_t *this;
440 int on = 1;
441
442 INIT(this,
443 .public = {
444 .destroy = _destroy,
445 },
446 .kernel = {
447 .listener = {
448 .roam = _roam,
449 },
450 .raw = -1,
451 .pkt = -1,
452 .fc = listener,
453 },
454 );
455
456 this->kernel.pkt = socket(AF_PACKET, SOCK_DGRAM, htons(ETH_P_IP));
457 if (this->kernel.pkt == -1)
458 {
459 DBG1(DBG_NET, "opening PACKET socket failed: %s", strerror(errno));
460 destroy(this);
461 return NULL;
462 }
463 this->kernel.raw = socket(AF_INET, SOCK_RAW, IPPROTO_UDP);
464 if (this->kernel.raw == -1)
465 {
466 DBG1(DBG_NET, "opening RAW socket failed: %s", strerror(errno));
467 destroy(this);
468 return NULL;
469 }
470 if (setsockopt(this->kernel.raw, IPPROTO_IP, IP_HDRINCL,
471 &on, sizeof(on)) == -1)
472 {
473 DBG1(DBG_NET, "forecast socket HDRINCL failed: %s", strerror(errno));
474 destroy(this);
475 return NULL;
476 }
477 if (setsockopt(this->kernel.raw, SOL_SOCKET, SO_BROADCAST,
478 &on, sizeof(on)) == -1)
479 {
480 DBG1(DBG_NET, "forecast socket BROADCAST failed: %s", strerror(errno));
481 destroy(this);
482 return NULL;
483 }
484
485 setup_interface(&this->kernel);
486
487 charon->kernel->add_listener(charon->kernel,
488 &this->kernel.listener);
489
490 lib->watcher->add(lib->watcher, this->kernel.pkt, WATCHER_READ,
491 (watcher_cb_t)receive_casts, this);
492
493 return &this->public;
494 }