libhydra: Move all kernel plugins to libcharon
[strongswan.git] / src / libcharon / plugins / kernel_netlink / kernel_netlink_shared.c
1 /*
2 * Copyright (C) 2014 Martin Willi
3 * Copyright (C) 2014 revosec AG
4 * Copyright (C) 2008 Tobias Brunner
5 * Hochschule fuer Technik Rapperswil
6 *
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 2 of the License, or (at your
10 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11 *
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15 * for more details.
16 */
17
18 #include <sys/socket.h>
19 #include <linux/netlink.h>
20 #include <linux/rtnetlink.h>
21 #include <linux/xfrm.h>
22 #include <errno.h>
23 #include <unistd.h>
24
25 #include "kernel_netlink_shared.h"
26
27 #include <utils/debug.h>
28 #include <threading/mutex.h>
29 #include <threading/condvar.h>
30 #include <collections/array.h>
31 #include <collections/hashtable.h>
32
33 typedef struct private_netlink_socket_t private_netlink_socket_t;
34
35 /**
36 * Private variables and functions of netlink_socket_t class.
37 */
38 struct private_netlink_socket_t {
39
40 /**
41 * public part of the netlink_socket_t object.
42 */
43 netlink_socket_t public;
44
45 /**
46 * mutex to lock access entries
47 */
48 mutex_t *mutex;
49
50 /**
51 * Netlink request entries currently active, uintptr_t seq => entry_t
52 */
53 hashtable_t *entries;
54
55 /**
56 * Current sequence number for Netlink requests
57 */
58 refcount_t seq;
59
60 /**
61 * netlink socket
62 */
63 int socket;
64
65 /**
66 * Netlink protocol
67 */
68 int protocol;
69
70 /**
71 * Enum names for Netlink messages
72 */
73 enum_name_t *names;
74
75 /**
76 * Timeout for Netlink replies, in ms
77 */
78 u_int timeout;
79
80 /**
81 * Number of times to repeat timed out queries
82 */
83 u_int retries;
84
85 /**
86 * Buffer size for received Netlink messages
87 */
88 u_int buflen;
89
90 /**
91 * Use parallel netlink queries
92 */
93 bool parallel;
94
95 /**
96 * Ignore errors potentially resulting from a retransmission
97 */
98 bool ignore_retransmit_errors;
99 };
100
101 /**
102 * #definable hook to simulate request message loss
103 */
104 #ifdef NETLINK_MSG_LOSS_HOOK
105 bool NETLINK_MSG_LOSS_HOOK(struct nlmsghdr *msg);
106 #define msg_loss_hook(msg) NETLINK_MSG_LOSS_HOOK(msg)
107 #else
108 #define msg_loss_hook(msg) FALSE
109 #endif
110
111 /**
112 * Request entry the answer for a waiting thread is collected in
113 */
114 typedef struct {
115 /** Condition variable thread is waiting */
116 condvar_t *condvar;
117 /** Array of hdrs in a multi-message response, as struct nlmsghdr* */
118 array_t *hdrs;
119 /** All response messages received? */
120 bool complete;
121 } entry_t;
122
123 /**
124 * Clean up a thread waiting entry
125 */
126 static void destroy_entry(entry_t *entry)
127 {
128 entry->condvar->destroy(entry->condvar);
129 array_destroy_function(entry->hdrs, (void*)free, NULL);
130 free(entry);
131 }
132
133 /**
134 * Write a Netlink message to socket
135 */
136 static bool write_msg(private_netlink_socket_t *this, struct nlmsghdr *msg)
137 {
138 struct sockaddr_nl addr = {
139 .nl_family = AF_NETLINK,
140 };
141 int len;
142
143 if (msg_loss_hook(msg))
144 {
145 return TRUE;
146 }
147
148 while (TRUE)
149 {
150 len = sendto(this->socket, msg, msg->nlmsg_len, 0,
151 (struct sockaddr*)&addr, sizeof(addr));
152 if (len != msg->nlmsg_len)
153 {
154 if (errno == EINTR)
155 {
156 continue;
157 }
158 DBG1(DBG_KNL, "netlink write error: %s", strerror(errno));
159 return FALSE;
160 }
161 return TRUE;
162 }
163 }
164
165 /**
166 * Read a single Netlink message from socket, return 0 on error, -1 on timeout
167 */
168 static ssize_t read_msg(private_netlink_socket_t *this,
169 char *buf, size_t buflen, bool block)
170 {
171 ssize_t len;
172
173 if (block)
174 {
175 fd_set set;
176 timeval_t tv = {};
177
178 FD_ZERO(&set);
179 FD_SET(this->socket, &set);
180 timeval_add_ms(&tv, this->timeout);
181
182 if (select(this->socket + 1, &set, NULL, NULL,
183 this->timeout ? &tv : NULL) <= 0)
184 {
185 return -1;
186 }
187 }
188 len = recv(this->socket, buf, buflen, MSG_TRUNC|(block ? 0 : MSG_DONTWAIT));
189 if (len > buflen)
190 {
191 DBG1(DBG_KNL, "netlink response exceeds buffer size");
192 return 0;
193 }
194 if (len < 0)
195 {
196 if (errno != EAGAIN && errno != EWOULDBLOCK && errno != EINTR)
197 {
198 DBG1(DBG_KNL, "netlink read error: %s", strerror(errno));
199 }
200 return 0;
201 }
202 return len;
203 }
204
205 /**
206 * Queue received response message
207 */
208 static bool queue(private_netlink_socket_t *this, struct nlmsghdr *buf)
209 {
210 struct nlmsghdr *hdr;
211 entry_t *entry;
212 uintptr_t seq;
213
214 seq = (uintptr_t)buf->nlmsg_seq;
215
216 this->mutex->lock(this->mutex);
217 entry = this->entries->get(this->entries, (void*)seq);
218 if (entry)
219 {
220 hdr = malloc(buf->nlmsg_len);
221 memcpy(hdr, buf, buf->nlmsg_len);
222 array_insert(entry->hdrs, ARRAY_TAIL, hdr);
223 if (hdr->nlmsg_type == NLMSG_DONE || !(hdr->nlmsg_flags & NLM_F_MULTI))
224 {
225 entry->complete = TRUE;
226 entry->condvar->signal(entry->condvar);
227 }
228 }
229 else
230 {
231 DBG1(DBG_KNL, "received unknown netlink seq %u, ignored", seq);
232 }
233 this->mutex->unlock(this->mutex);
234
235 return entry != NULL;
236 }
237
238 /**
239 * Read and queue response message, optionally blocking, returns TRUE on timeout
240 */
241 static bool read_and_queue(private_netlink_socket_t *this, bool block)
242 {
243 struct nlmsghdr *hdr;
244 char buf[this->buflen];
245 ssize_t len;
246
247 len = read_msg(this, buf, sizeof(buf), block);
248 if (len == -1)
249 {
250 return TRUE;
251 }
252 if (len)
253 {
254 hdr = (struct nlmsghdr*)buf;
255 while (NLMSG_OK(hdr, len))
256 {
257 if (!queue(this, hdr))
258 {
259 break;
260 }
261 hdr = NLMSG_NEXT(hdr, len);
262 }
263 }
264 return FALSE;
265 }
266
267 CALLBACK(watch, bool,
268 private_netlink_socket_t *this, int fd, watcher_event_t event)
269 {
270 if (event == WATCHER_READ)
271 {
272 read_and_queue(this, FALSE);
273 }
274 return TRUE;
275 }
276
277 /**
278 * Send a netlink request, try once
279 */
280 static status_t send_once(private_netlink_socket_t *this, struct nlmsghdr *in,
281 uintptr_t seq, struct nlmsghdr **out, size_t *out_len)
282 {
283 struct nlmsghdr *hdr;
284 chunk_t result = {};
285 entry_t *entry;
286
287 in->nlmsg_seq = seq;
288 in->nlmsg_pid = getpid();
289
290 if (this->names)
291 {
292 DBG3(DBG_KNL, "sending %N %u: %b", this->names, in->nlmsg_type,
293 (u_int)seq, in, in->nlmsg_len);
294 }
295
296 this->mutex->lock(this->mutex);
297 if (!write_msg(this, in))
298 {
299 this->mutex->unlock(this->mutex);
300 return FAILED;
301 }
302
303 INIT(entry,
304 .condvar = condvar_create(CONDVAR_TYPE_DEFAULT),
305 .hdrs = array_create(0, 0),
306 );
307 this->entries->put(this->entries, (void*)seq, entry);
308
309 while (!entry->complete)
310 {
311 if (this->parallel &&
312 lib->watcher->get_state(lib->watcher) == WATCHER_RUNNING)
313 {
314 if (this->timeout)
315 {
316 if (entry->condvar->timed_wait(entry->condvar, this->mutex,
317 this->timeout))
318 {
319 break;
320 }
321 }
322 else
323 {
324 entry->condvar->wait(entry->condvar, this->mutex);
325 }
326 }
327 else
328 { /* During (de-)initialization, no watcher thread is active.
329 * collect responses ourselves. */
330 if (read_and_queue(this, TRUE))
331 {
332 break;
333 }
334 }
335 }
336 this->entries->remove(this->entries, (void*)seq);
337
338 this->mutex->unlock(this->mutex);
339
340 if (!entry->complete)
341 { /* timeout */
342 destroy_entry(entry);
343 return OUT_OF_RES;
344 }
345
346 while (array_remove(entry->hdrs, ARRAY_HEAD, &hdr))
347 {
348 if (this->names)
349 {
350 DBG3(DBG_KNL, "received %N %u: %b", this->names, hdr->nlmsg_type,
351 hdr->nlmsg_seq, hdr, hdr->nlmsg_len);
352 }
353 result = chunk_cat("mm", result,
354 chunk_create((char*)hdr, hdr->nlmsg_len));
355 }
356 destroy_entry(entry);
357
358 *out_len = result.len;
359 *out = (struct nlmsghdr*)result.ptr;
360
361 return SUCCESS;
362 }
363
364 /**
365 * Ignore errors for message types that might have completed previously
366 */
367 static void ignore_retransmit_error(private_netlink_socket_t *this,
368 struct nlmsgerr *err, int type)
369 {
370 switch (err->error)
371 {
372 case -EEXIST:
373 switch (this->protocol)
374 {
375 case NETLINK_XFRM:
376 switch (type)
377 {
378 case XFRM_MSG_NEWPOLICY:
379 case XFRM_MSG_NEWSA:
380 err->error = 0;
381 break;
382 }
383 break;
384 case NETLINK_ROUTE:
385 switch (type)
386 {
387 case RTM_NEWADDR:
388 case RTM_NEWLINK:
389 case RTM_NEWNEIGH:
390 case RTM_NEWROUTE:
391 case RTM_NEWRULE:
392 err->error = 0;
393 break;
394 }
395 break;
396 }
397 break;
398 case -ENOENT:
399 switch (this->protocol)
400 {
401 case NETLINK_XFRM:
402 switch (type)
403 {
404 case XFRM_MSG_DELPOLICY:
405 case XFRM_MSG_DELSA:
406 err->error = 0;
407 break;
408 }
409 break;
410 case NETLINK_ROUTE:
411 switch (type)
412 {
413 case RTM_DELADDR:
414 case RTM_DELLINK:
415 case RTM_DELNEIGH:
416 case RTM_DELROUTE:
417 case RTM_DELRULE:
418 err->error = 0;
419 break;
420 }
421 break;
422 }
423 break;
424 }
425 }
426
427 METHOD(netlink_socket_t, netlink_send, status_t,
428 private_netlink_socket_t *this, struct nlmsghdr *in, struct nlmsghdr **out,
429 size_t *out_len)
430 {
431 uintptr_t seq;
432 u_int try;
433
434 seq = ref_get(&this->seq);
435
436 for (try = 0; try <= this->retries; ++try)
437 {
438 struct nlmsghdr *hdr;
439 status_t status;
440 size_t len;
441
442 if (try > 0)
443 {
444 DBG1(DBG_KNL, "retransmitting Netlink request (%u/%u)",
445 try, this->retries);
446 }
447 status = send_once(this, in, seq, &hdr, &len);
448 switch (status)
449 {
450 case SUCCESS:
451 break;
452 case OUT_OF_RES:
453 continue;
454 default:
455 return status;
456 }
457 if (hdr->nlmsg_type == NLMSG_ERROR)
458 {
459 struct nlmsgerr* err;
460
461 err = NLMSG_DATA(hdr);
462 if (err->error == -EBUSY)
463 {
464 free(hdr);
465 try--;
466 continue;
467 }
468 if (this->ignore_retransmit_errors && try > 0)
469 {
470 ignore_retransmit_error(this, err, in->nlmsg_type);
471 }
472 }
473 *out = hdr;
474 *out_len = len;
475 return SUCCESS;
476 }
477 DBG1(DBG_KNL, "Netlink request timed out after %u retransmits",
478 this->retries);
479 return OUT_OF_RES;
480 }
481
482 METHOD(netlink_socket_t, netlink_send_ack, status_t,
483 private_netlink_socket_t *this, struct nlmsghdr *in)
484 {
485 struct nlmsghdr *out, *hdr;
486 size_t len;
487
488 if (netlink_send(this, in, &out, &len) != SUCCESS)
489 {
490 return FAILED;
491 }
492 hdr = out;
493 while (NLMSG_OK(hdr, len))
494 {
495 switch (hdr->nlmsg_type)
496 {
497 case NLMSG_ERROR:
498 {
499 struct nlmsgerr* err = NLMSG_DATA(hdr);
500
501 if (err->error)
502 {
503 if (-err->error == EEXIST)
504 { /* do not report existing routes */
505 free(out);
506 return ALREADY_DONE;
507 }
508 if (-err->error == ESRCH)
509 { /* do not report missing entries */
510 free(out);
511 return NOT_FOUND;
512 }
513 DBG1(DBG_KNL, "received netlink error: %s (%d)",
514 strerror(-err->error), -err->error);
515 free(out);
516 return FAILED;
517 }
518 free(out);
519 return SUCCESS;
520 }
521 default:
522 hdr = NLMSG_NEXT(hdr, len);
523 continue;
524 case NLMSG_DONE:
525 break;
526 }
527 break;
528 }
529 DBG1(DBG_KNL, "netlink request not acknowledged");
530 free(out);
531 return FAILED;
532 }
533
534 METHOD(netlink_socket_t, destroy, void,
535 private_netlink_socket_t *this)
536 {
537 if (this->socket != -1)
538 {
539 if (this->parallel)
540 {
541 lib->watcher->remove(lib->watcher, this->socket);
542 }
543 close(this->socket);
544 }
545 this->entries->destroy(this->entries);
546 this->mutex->destroy(this->mutex);
547 free(this);
548 }
549
550 /**
551 * Described in header.
552 */
553 netlink_socket_t *netlink_socket_create(int protocol, enum_name_t *names,
554 bool parallel)
555 {
556 private_netlink_socket_t *this;
557 struct sockaddr_nl addr = {
558 .nl_family = AF_NETLINK,
559 };
560
561 INIT(this,
562 .public = {
563 .send = _netlink_send,
564 .send_ack = _netlink_send_ack,
565 .destroy = _destroy,
566 },
567 .seq = 200,
568 .mutex = mutex_create(MUTEX_TYPE_RECURSIVE),
569 .socket = socket(AF_NETLINK, SOCK_RAW, protocol),
570 .entries = hashtable_create(hashtable_hash_ptr, hashtable_equals_ptr, 4),
571 .protocol = protocol,
572 .names = names,
573 .buflen = lib->settings->get_int(lib->settings,
574 "%s.plugins.kernel-netlink.buflen", 0, lib->ns),
575 .timeout = lib->settings->get_int(lib->settings,
576 "%s.plugins.kernel-netlink.timeout", 0, lib->ns),
577 .retries = lib->settings->get_int(lib->settings,
578 "%s.plugins.kernel-netlink.retries", 0, lib->ns),
579 .ignore_retransmit_errors = lib->settings->get_bool(lib->settings,
580 "%s.plugins.kernel-netlink.ignore_retransmit_errors",
581 FALSE, lib->ns),
582 .parallel = parallel,
583 );
584
585 if (!this->buflen)
586 {
587 long pagesize = sysconf(_SC_PAGESIZE);
588 if (pagesize == -1)
589 {
590 pagesize = 4096;
591 }
592 /* base this on NLMSG_GOODSIZE */
593 this->buflen = min(pagesize, 8192);
594 }
595 if (this->socket == -1)
596 {
597 DBG1(DBG_KNL, "unable to create netlink socket");
598 destroy(this);
599 return NULL;
600 }
601 if (bind(this->socket, (struct sockaddr*)&addr, sizeof(addr)))
602 {
603 DBG1(DBG_KNL, "unable to bind netlink socket");
604 destroy(this);
605 return NULL;
606 }
607 if (this->parallel)
608 {
609 lib->watcher->add(lib->watcher, this->socket, WATCHER_READ, watch, this);
610 }
611
612 return &this->public;
613 }
614
615 /**
616 * Described in header.
617 */
618 void netlink_add_attribute(struct nlmsghdr *hdr, int rta_type, chunk_t data,
619 size_t buflen)
620 {
621 struct rtattr *rta;
622
623 if (NLMSG_ALIGN(hdr->nlmsg_len) + RTA_LENGTH(data.len) > buflen)
624 {
625 DBG1(DBG_KNL, "unable to add attribute, buffer too small");
626 return;
627 }
628
629 rta = (struct rtattr*)(((char*)hdr) + NLMSG_ALIGN(hdr->nlmsg_len));
630 rta->rta_type = rta_type;
631 rta->rta_len = RTA_LENGTH(data.len);
632 memcpy(RTA_DATA(rta), data.ptr, data.len);
633 hdr->nlmsg_len = NLMSG_ALIGN(hdr->nlmsg_len) + rta->rta_len;
634 }
635
636 /**
637 * Described in header.
638 */
639 void* netlink_reserve(struct nlmsghdr *hdr, int buflen, int type, int len)
640 {
641 struct rtattr *rta;
642
643 if (NLMSG_ALIGN(hdr->nlmsg_len) + RTA_LENGTH(len) > buflen)
644 {
645 DBG1(DBG_KNL, "unable to add attribute, buffer too small");
646 return NULL;
647 }
648
649 rta = ((void*)hdr) + NLMSG_ALIGN(hdr->nlmsg_len);
650 rta->rta_type = type;
651 rta->rta_len = RTA_LENGTH(len);
652 hdr->nlmsg_len = NLMSG_ALIGN(hdr->nlmsg_len) + rta->rta_len;
653
654 return RTA_DATA(rta);
655 }