libhydra: Move kernel interface to libcharon
[strongswan.git] / src / libcharon / plugins / kernel_pfroute / kernel_pfroute_net.c
1 /*
2 * Copyright (C) 2009-2013 Tobias Brunner
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include <sys/types.h>
17 #include <sys/socket.h>
18 #include <net/if.h>
19 #include <net/if_dl.h>
20 #include <ifaddrs.h>
21 #include <net/route.h>
22 #include <unistd.h>
23 #include <errno.h>
24
25 #include "kernel_pfroute_net.h"
26
27 #include <daemon.h>
28 #include <utils/debug.h>
29 #include <networking/host.h>
30 #include <networking/tun_device.h>
31 #include <threading/thread.h>
32 #include <threading/mutex.h>
33 #include <threading/condvar.h>
34 #include <threading/rwlock.h>
35 #include <threading/spinlock.h>
36 #include <collections/hashtable.h>
37 #include <collections/linked_list.h>
38 #include <processing/jobs/callback_job.h>
39
40 #ifndef HAVE_STRUCT_SOCKADDR_SA_LEN
41 #error Cannot compile this plugin on systems where 'struct sockaddr' has no sa_len member.
42 #endif
43
44 /** properly align sockaddrs */
45 #ifdef __APPLE__
46 /* Apple always uses 4 bytes */
47 #define SA_ALIGN 4
48 #else
49 /* while on other platforms like FreeBSD it depends on the architecture */
50 #define SA_ALIGN sizeof(long)
51 #endif
52 #define SA_LEN(len) ((len) > 0 ? (((len)+SA_ALIGN-1) & ~(SA_ALIGN-1)) : SA_ALIGN)
53
54 /** delay before firing roam events (ms) */
55 #define ROAM_DELAY 100
56
57 /** delay before reinstalling routes (ms) */
58 #define ROUTE_DELAY 100
59
60 typedef struct addr_entry_t addr_entry_t;
61
62 /**
63 * IP address in an inface_entry_t
64 */
65 struct addr_entry_t {
66
67 /** The ip address */
68 host_t *ip;
69
70 /** virtual IP managed by us */
71 bool virtual;
72 };
73
74 /**
75 * destroy a addr_entry_t object
76 */
77 static void addr_entry_destroy(addr_entry_t *this)
78 {
79 this->ip->destroy(this->ip);
80 free(this);
81 }
82
83 typedef struct iface_entry_t iface_entry_t;
84
85 /**
86 * A network interface on this system, containing addr_entry_t's
87 */
88 struct iface_entry_t {
89
90 /** interface index */
91 int ifindex;
92
93 /** name of the interface */
94 char ifname[IFNAMSIZ];
95
96 /** interface flags, as in netdevice(7) SIOCGIFFLAGS */
97 u_int flags;
98
99 /** list of addresses as host_t */
100 linked_list_t *addrs;
101
102 /** TRUE if usable by config */
103 bool usable;
104 };
105
106 /**
107 * destroy an interface entry
108 */
109 static void iface_entry_destroy(iface_entry_t *this)
110 {
111 this->addrs->destroy_function(this->addrs, (void*)addr_entry_destroy);
112 free(this);
113 }
114
115 /**
116 * check if an interface is up
117 */
118 static inline bool iface_entry_up(iface_entry_t *iface)
119 {
120 return (iface->flags & IFF_UP) == IFF_UP;
121 }
122
123 /**
124 * check if an interface is up and usable
125 */
126 static inline bool iface_entry_up_and_usable(iface_entry_t *iface)
127 {
128 return iface->usable && iface_entry_up(iface);
129 }
130
131 typedef struct addr_map_entry_t addr_map_entry_t;
132
133 /**
134 * Entry that maps an IP address to an interface entry
135 */
136 struct addr_map_entry_t {
137 /** The IP address */
138 host_t *ip;
139
140 /** The address entry for this IP address */
141 addr_entry_t *addr;
142
143 /** The interface this address is installed on */
144 iface_entry_t *iface;
145 };
146
147 /**
148 * Hash a addr_map_entry_t object, all entries with the same IP address
149 * are stored in the same bucket
150 */
151 static u_int addr_map_entry_hash(addr_map_entry_t *this)
152 {
153 return chunk_hash(this->ip->get_address(this->ip));
154 }
155
156 /**
157 * Compare two addr_map_entry_t objects, two entries are equal if they are
158 * installed on the same interface
159 */
160 static bool addr_map_entry_equals(addr_map_entry_t *a, addr_map_entry_t *b)
161 {
162 return a->iface->ifindex == b->iface->ifindex &&
163 a->ip->ip_equals(a->ip, b->ip);
164 }
165
166 /**
167 * Used with get_match this finds an address entry if it is installed on
168 * an up and usable interface
169 */
170 static bool addr_map_entry_match_up_and_usable(addr_map_entry_t *a,
171 addr_map_entry_t *b)
172 {
173 return !b->addr->virtual && iface_entry_up_and_usable(b->iface) &&
174 a->ip->ip_equals(a->ip, b->ip);
175 }
176
177 /**
178 * Used with get_match this finds an address entry if it is installed as virtual
179 * IP address
180 */
181 static bool addr_map_entry_match_virtual(addr_map_entry_t *a, addr_map_entry_t *b)
182 {
183 return b->addr->virtual && a->ip->ip_equals(a->ip, b->ip);
184 }
185
186 /**
187 * Used with get_match this finds an address entry if it is installed on
188 * any active local interface
189 */
190 static bool addr_map_entry_match_up(addr_map_entry_t *a, addr_map_entry_t *b)
191 {
192 return !b->addr->virtual && iface_entry_up(b->iface) &&
193 a->ip->ip_equals(a->ip, b->ip);
194 }
195
196 typedef struct route_entry_t route_entry_t;
197
198 /**
199 * Installed routing entry
200 */
201 struct route_entry_t {
202 /** Name of the interface the route is bound to */
203 char *if_name;
204
205 /** Gateway for this route */
206 host_t *gateway;
207
208 /** Destination net */
209 chunk_t dst_net;
210
211 /** Destination net prefixlen */
212 u_int8_t prefixlen;
213 };
214
215 /**
216 * Clone a route_entry_t object.
217 */
218 static route_entry_t *route_entry_clone(route_entry_t *this)
219 {
220 route_entry_t *route;
221
222 INIT(route,
223 .if_name = strdup(this->if_name),
224 .gateway = this->gateway ? this->gateway->clone(this->gateway) : NULL,
225 .dst_net = chunk_clone(this->dst_net),
226 .prefixlen = this->prefixlen,
227 );
228 return route;
229 }
230
231 /**
232 * Destroy a route_entry_t object
233 */
234 static void route_entry_destroy(route_entry_t *this)
235 {
236 free(this->if_name);
237 DESTROY_IF(this->gateway);
238 chunk_free(&this->dst_net);
239 free(this);
240 }
241
242 /**
243 * Hash a route_entry_t object
244 */
245 static u_int route_entry_hash(route_entry_t *this)
246 {
247 return chunk_hash_inc(chunk_from_thing(this->prefixlen),
248 chunk_hash(this->dst_net));
249 }
250
251 /**
252 * Compare two route_entry_t objects
253 */
254 static bool route_entry_equals(route_entry_t *a, route_entry_t *b)
255 {
256 if (a->if_name && b->if_name && streq(a->if_name, b->if_name) &&
257 chunk_equals(a->dst_net, b->dst_net) && a->prefixlen == b->prefixlen)
258 {
259 return (!a->gateway && !b->gateway) || (a->gateway && b->gateway &&
260 a->gateway->ip_equals(a->gateway, b->gateway));
261 }
262 return FALSE;
263 }
264
265 typedef struct net_change_t net_change_t;
266
267 /**
268 * Queued network changes
269 */
270 struct net_change_t {
271 /** Name of the interface that got activated (or an IP appeared on) */
272 char *if_name;
273 };
274
275 /**
276 * Destroy a net_change_t object
277 */
278 static void net_change_destroy(net_change_t *this)
279 {
280 free(this->if_name);
281 free(this);
282 }
283
284 /**
285 * Hash a net_change_t object
286 */
287 static u_int net_change_hash(net_change_t *this)
288 {
289 return chunk_hash(chunk_create(this->if_name, strlen(this->if_name)));
290 }
291
292 /**
293 * Compare two net_change_t objects
294 */
295 static bool net_change_equals(net_change_t *a, net_change_t *b)
296 {
297 return streq(a->if_name, b->if_name);
298 }
299
300 typedef struct private_kernel_pfroute_net_t private_kernel_pfroute_net_t;
301
302 /**
303 * Private variables and functions of kernel_pfroute class.
304 */
305 struct private_kernel_pfroute_net_t
306 {
307 /**
308 * Public part of the kernel_pfroute_t object.
309 */
310 kernel_pfroute_net_t public;
311
312 /**
313 * lock to access lists and maps
314 */
315 rwlock_t *lock;
316
317 /**
318 * Cached list of interfaces and their addresses (iface_entry_t)
319 */
320 linked_list_t *ifaces;
321
322 /**
323 * Map for IP addresses to iface_entry_t objects (addr_map_entry_t)
324 */
325 hashtable_t *addrs;
326
327 /**
328 * List of tun devices we installed for virtual IPs
329 */
330 linked_list_t *tuns;
331
332 /**
333 * mutex to communicate exclusively with PF_KEY
334 */
335 mutex_t *mutex;
336
337 /**
338 * condvar to signal if PF_KEY query got a response
339 */
340 condvar_t *condvar;
341
342 /**
343 * installed routes
344 */
345 hashtable_t *routes;
346
347 /**
348 * mutex for routes
349 */
350 mutex_t *routes_lock;
351
352 /**
353 * interface changes which may trigger route reinstallation
354 */
355 hashtable_t *net_changes;
356
357 /**
358 * mutex for route reinstallation triggers
359 */
360 mutex_t *net_changes_lock;
361
362 /**
363 * time of last route reinstallation
364 */
365 timeval_t last_route_reinstall;
366
367 /**
368 * pid to send PF_ROUTE messages with
369 */
370 pid_t pid;
371
372 /**
373 * PF_ROUTE socket to communicate with the kernel
374 */
375 int socket;
376
377 /**
378 * sequence number for messages sent to the kernel
379 */
380 int seq;
381
382 /**
383 * Sequence number a query is waiting for
384 */
385 int waiting_seq;
386
387 /**
388 * Allocated reply message from kernel
389 */
390 struct rt_msghdr *reply;
391
392 /**
393 * earliest time of the next roam event
394 */
395 timeval_t next_roam;
396
397 /**
398 * roam event due to address change
399 */
400 bool roam_address;
401
402 /**
403 * lock to check and update roam event time
404 */
405 spinlock_t *roam_lock;
406
407 /**
408 * Time in ms to wait for IP addresses to appear/disappear
409 */
410 int vip_wait;
411
412 /**
413 * whether to actually install virtual IPs
414 */
415 bool install_virtual_ip;
416 };
417
418
419 /**
420 * Forward declaration
421 */
422 static status_t manage_route(private_kernel_pfroute_net_t *this, int op,
423 chunk_t dst_net, u_int8_t prefixlen,
424 host_t *gateway, char *if_name);
425
426 /**
427 * Clear the queued network changes.
428 */
429 static void net_changes_clear(private_kernel_pfroute_net_t *this)
430 {
431 enumerator_t *enumerator;
432 net_change_t *change;
433
434 enumerator = this->net_changes->create_enumerator(this->net_changes);
435 while (enumerator->enumerate(enumerator, NULL, (void**)&change))
436 {
437 this->net_changes->remove_at(this->net_changes, enumerator);
438 net_change_destroy(change);
439 }
440 enumerator->destroy(enumerator);
441 }
442
443 /**
444 * Act upon queued network changes.
445 */
446 static job_requeue_t reinstall_routes(private_kernel_pfroute_net_t *this)
447 {
448 enumerator_t *enumerator;
449 route_entry_t *route;
450
451 this->net_changes_lock->lock(this->net_changes_lock);
452 this->routes_lock->lock(this->routes_lock);
453
454 enumerator = this->routes->create_enumerator(this->routes);
455 while (enumerator->enumerate(enumerator, NULL, (void**)&route))
456 {
457 net_change_t *change, lookup = {
458 .if_name = route->if_name,
459 };
460 /* check if a change for the outgoing interface is queued */
461 change = this->net_changes->get(this->net_changes, &lookup);
462 if (change)
463 {
464 manage_route(this, RTM_ADD, route->dst_net, route->prefixlen,
465 route->gateway, route->if_name);
466 }
467 }
468 enumerator->destroy(enumerator);
469 this->routes_lock->unlock(this->routes_lock);
470
471 net_changes_clear(this);
472 this->net_changes_lock->unlock(this->net_changes_lock);
473 return JOB_REQUEUE_NONE;
474 }
475
476 /**
477 * Queue route reinstallation caused by network changes for a given interface.
478 *
479 * The route reinstallation is delayed for a while and only done once for
480 * several calls during this delay, in order to avoid doing it too often.
481 * The interface name is freed.
482 */
483 static void queue_route_reinstall(private_kernel_pfroute_net_t *this,
484 char *if_name)
485 {
486 net_change_t *update, *found;
487 timeval_t now;
488 job_t *job;
489
490 INIT(update,
491 .if_name = if_name
492 );
493
494 this->net_changes_lock->lock(this->net_changes_lock);
495 found = this->net_changes->put(this->net_changes, update, update);
496 if (found)
497 {
498 net_change_destroy(found);
499 }
500 time_monotonic(&now);
501 if (timercmp(&now, &this->last_route_reinstall, >))
502 {
503 timeval_add_ms(&now, ROUTE_DELAY);
504 this->last_route_reinstall = now;
505
506 job = (job_t*)callback_job_create((callback_job_cb_t)reinstall_routes,
507 this, NULL, NULL);
508 lib->scheduler->schedule_job_ms(lib->scheduler, job, ROUTE_DELAY);
509 }
510 this->net_changes_lock->unlock(this->net_changes_lock);
511 }
512
513 /**
514 * Add an address map entry
515 */
516 static void addr_map_entry_add(private_kernel_pfroute_net_t *this,
517 addr_entry_t *addr, iface_entry_t *iface)
518 {
519 addr_map_entry_t *entry;
520
521 INIT(entry,
522 .ip = addr->ip,
523 .addr = addr,
524 .iface = iface,
525 );
526 entry = this->addrs->put(this->addrs, entry, entry);
527 free(entry);
528 }
529
530 /**
531 * Remove an address map entry (the argument order is a bit strange because
532 * it is also used with linked_list_t.invoke_function)
533 */
534 static void addr_map_entry_remove(addr_entry_t *addr, iface_entry_t *iface,
535 private_kernel_pfroute_net_t *this)
536 {
537 addr_map_entry_t *entry, lookup = {
538 .ip = addr->ip,
539 .addr = addr,
540 .iface = iface,
541 };
542
543 entry = this->addrs->remove(this->addrs, &lookup);
544 free(entry);
545 }
546
547 /**
548 * callback function that raises the delayed roam event
549 */
550 static job_requeue_t roam_event(private_kernel_pfroute_net_t *this)
551 {
552 bool address;
553
554 this->roam_lock->lock(this->roam_lock);
555 address = this->roam_address;
556 this->roam_address = FALSE;
557 this->roam_lock->unlock(this->roam_lock);
558 charon->kernel->roam(charon->kernel, address);
559 return JOB_REQUEUE_NONE;
560 }
561
562 /**
563 * fire a roaming event. we delay it for a bit and fire only one event
564 * for multiple calls. otherwise we would create too many events.
565 */
566 static void fire_roam_event(private_kernel_pfroute_net_t *this, bool address)
567 {
568 timeval_t now;
569 job_t *job;
570
571 time_monotonic(&now);
572 this->roam_lock->lock(this->roam_lock);
573 this->roam_address |= address;
574 if (!timercmp(&now, &this->next_roam, >))
575 {
576 this->roam_lock->unlock(this->roam_lock);
577 return;
578 }
579 timeval_add_ms(&now, ROAM_DELAY);
580 this->next_roam = now;
581 this->roam_lock->unlock(this->roam_lock);
582
583 job = (job_t*)callback_job_create((callback_job_cb_t)roam_event,
584 this, NULL, NULL);
585 lib->scheduler->schedule_job_ms(lib->scheduler, job, ROAM_DELAY);
586 }
587
588 /**
589 * Data for enumerator over rtmsg sockaddrs
590 */
591 typedef struct {
592 /** implements enumerator */
593 enumerator_t public;
594 /** copy of attribute bitfield */
595 int types;
596 /** bytes remaining in buffer */
597 int remaining;
598 /** next sockaddr to enumerate */
599 struct sockaddr *addr;
600 } rt_enumerator_t;
601
602 METHOD(enumerator_t, rt_enumerate, bool,
603 rt_enumerator_t *this, int *xtype, struct sockaddr **addr)
604 {
605 int i, type;
606
607 if (this->remaining < sizeof(this->addr->sa_len) ||
608 this->remaining < this->addr->sa_len)
609 {
610 return FALSE;
611 }
612 for (i = 0; i < RTAX_MAX; i++)
613 {
614 type = (1 << i);
615 if (this->types & type)
616 {
617 this->types &= ~type;
618 *addr = this->addr;
619 *xtype = i;
620 this->remaining -= SA_LEN(this->addr->sa_len);
621 this->addr = (struct sockaddr*)((char*)this->addr +
622 SA_LEN(this->addr->sa_len));
623 return TRUE;
624 }
625 }
626 return FALSE;
627 }
628
629 /**
630 * Create an enumerator over sockaddrs in rt/if messages
631 */
632 static enumerator_t *create_rt_enumerator(int types, int remaining,
633 struct sockaddr *addr)
634 {
635 rt_enumerator_t *this;
636
637 INIT(this,
638 .public = {
639 .enumerate = (void*)_rt_enumerate,
640 .destroy = (void*)free,
641 },
642 .types = types,
643 .remaining = remaining,
644 .addr = addr,
645 );
646 return &this->public;
647 }
648
649 /**
650 * Create a safe enumerator over sockaddrs in rt_msghdr
651 */
652 static enumerator_t *create_rtmsg_enumerator(struct rt_msghdr *hdr)
653 {
654 return create_rt_enumerator(hdr->rtm_addrs, hdr->rtm_msglen - sizeof(*hdr),
655 (struct sockaddr *)(hdr + 1));
656 }
657
658 /**
659 * Create a safe enumerator over sockaddrs in ifa_msghdr
660 */
661 static enumerator_t *create_ifamsg_enumerator(struct ifa_msghdr *hdr)
662 {
663 return create_rt_enumerator(hdr->ifam_addrs, hdr->ifam_msglen - sizeof(*hdr),
664 (struct sockaddr *)(hdr + 1));
665 }
666
667 /**
668 * Process an RTM_*ADDR message from the kernel
669 */
670 static void process_addr(private_kernel_pfroute_net_t *this,
671 struct ifa_msghdr *ifa)
672 {
673 struct sockaddr *sockaddr;
674 host_t *host = NULL;
675 enumerator_t *ifaces, *addrs;
676 iface_entry_t *iface;
677 addr_entry_t *addr;
678 bool found = FALSE, changed = FALSE, roam = FALSE;
679 enumerator_t *enumerator;
680 char *ifname = NULL;
681 int type;
682
683 enumerator = create_ifamsg_enumerator(ifa);
684 while (enumerator->enumerate(enumerator, &type, &sockaddr))
685 {
686 if (type == RTAX_IFA)
687 {
688 host = host_create_from_sockaddr(sockaddr);
689 break;
690 }
691 }
692 enumerator->destroy(enumerator);
693
694 if (!host || host->is_anyaddr(host))
695 {
696 DESTROY_IF(host);
697 return;
698 }
699
700 this->lock->write_lock(this->lock);
701 ifaces = this->ifaces->create_enumerator(this->ifaces);
702 while (ifaces->enumerate(ifaces, &iface))
703 {
704 if (iface->ifindex == ifa->ifam_index)
705 {
706 addrs = iface->addrs->create_enumerator(iface->addrs);
707 while (addrs->enumerate(addrs, &addr))
708 {
709 if (host->ip_equals(host, addr->ip))
710 {
711 found = TRUE;
712 if (ifa->ifam_type == RTM_DELADDR)
713 {
714 iface->addrs->remove_at(iface->addrs, addrs);
715 if (!addr->virtual && iface->usable)
716 {
717 changed = TRUE;
718 DBG1(DBG_KNL, "%H disappeared from %s",
719 host, iface->ifname);
720 }
721 addr_map_entry_remove(addr, iface, this);
722 addr_entry_destroy(addr);
723 }
724 }
725 }
726 addrs->destroy(addrs);
727
728 if (!found && ifa->ifam_type == RTM_NEWADDR)
729 {
730 INIT(addr,
731 .ip = host->clone(host),
732 );
733 changed = TRUE;
734 ifname = strdup(iface->ifname);
735 iface->addrs->insert_last(iface->addrs, addr);
736 addr_map_entry_add(this, addr, iface);
737 if (iface->usable)
738 {
739 DBG1(DBG_KNL, "%H appeared on %s", host, iface->ifname);
740 }
741 }
742
743 if (changed && iface_entry_up_and_usable(iface))
744 {
745 roam = TRUE;
746 }
747 break;
748 }
749 }
750 ifaces->destroy(ifaces);
751 this->lock->unlock(this->lock);
752 host->destroy(host);
753
754 if (roam && ifname)
755 {
756 queue_route_reinstall(this, ifname);
757 }
758 else
759 {
760 free(ifname);
761 }
762
763 if (roam)
764 {
765 fire_roam_event(this, TRUE);
766 }
767 }
768
769 /**
770 * Re-initialize address list of an interface if it changes state
771 */
772 static void repopulate_iface(private_kernel_pfroute_net_t *this,
773 iface_entry_t *iface)
774 {
775 struct ifaddrs *ifap, *ifa;
776 addr_entry_t *addr;
777
778 while (iface->addrs->remove_last(iface->addrs, (void**)&addr) == SUCCESS)
779 {
780 addr_map_entry_remove(addr, iface, this);
781 addr_entry_destroy(addr);
782 }
783
784 if (getifaddrs(&ifap) == 0)
785 {
786 for (ifa = ifap; ifa != NULL; ifa = ifa->ifa_next)
787 {
788 if (ifa->ifa_addr && streq(ifa->ifa_name, iface->ifname))
789 {
790 switch (ifa->ifa_addr->sa_family)
791 {
792 case AF_INET:
793 case AF_INET6:
794 INIT(addr,
795 .ip = host_create_from_sockaddr(ifa->ifa_addr),
796 );
797 iface->addrs->insert_last(iface->addrs, addr);
798 addr_map_entry_add(this, addr, iface);
799 break;
800 default:
801 break;
802 }
803 }
804 }
805 freeifaddrs(ifap);
806 }
807 }
808
809 /**
810 * Process an RTM_IFINFO message from the kernel
811 */
812 static void process_link(private_kernel_pfroute_net_t *this,
813 struct if_msghdr *msg)
814 {
815 enumerator_t *enumerator;
816 iface_entry_t *iface;
817 bool roam = FALSE, found = FALSE, update_routes = FALSE;
818
819 this->lock->write_lock(this->lock);
820 enumerator = this->ifaces->create_enumerator(this->ifaces);
821 while (enumerator->enumerate(enumerator, &iface))
822 {
823 if (iface->ifindex == msg->ifm_index)
824 {
825 if (iface->usable)
826 {
827 if (!(iface->flags & IFF_UP) && (msg->ifm_flags & IFF_UP))
828 {
829 roam = update_routes = TRUE;
830 DBG1(DBG_KNL, "interface %s activated", iface->ifname);
831 }
832 else if ((iface->flags & IFF_UP) && !(msg->ifm_flags & IFF_UP))
833 {
834 roam = TRUE;
835 DBG1(DBG_KNL, "interface %s deactivated", iface->ifname);
836 }
837 }
838 #ifdef __APPLE__
839 /* There seems to be a race condition on 10.10, where we get
840 * the RTM_IFINFO, but getifaddrs() does not return the virtual
841 * IP installed on a tun device, but we also don't get a
842 * RTM_NEWADDR. We therefore could miss the new address, letting
843 * virtual IP installation fail. Delaying getifaddrs() helps,
844 * but is obviously not a clean fix. */
845 usleep(50000);
846 #endif
847 iface->flags = msg->ifm_flags;
848 repopulate_iface(this, iface);
849 found = TRUE;
850 break;
851 }
852 }
853 enumerator->destroy(enumerator);
854
855 if (!found)
856 {
857 INIT(iface,
858 .ifindex = msg->ifm_index,
859 .flags = msg->ifm_flags,
860 .addrs = linked_list_create(),
861 );
862 if (if_indextoname(iface->ifindex, iface->ifname))
863 {
864 DBG1(DBG_KNL, "interface %s appeared", iface->ifname);
865 iface->usable = charon->kernel->is_interface_usable(charon->kernel,
866 iface->ifname);
867 repopulate_iface(this, iface);
868 this->ifaces->insert_last(this->ifaces, iface);
869 if (iface->usable)
870 {
871 roam = update_routes = TRUE;
872 }
873 }
874 else
875 {
876 free(iface);
877 }
878 }
879 this->lock->unlock(this->lock);
880
881 if (update_routes)
882 {
883 queue_route_reinstall(this, strdup(iface->ifname));
884 }
885
886 if (roam)
887 {
888 fire_roam_event(this, TRUE);
889 }
890 }
891
892 #ifdef HAVE_RTM_IFANNOUNCE
893
894 /**
895 * Process an RTM_IFANNOUNCE message from the kernel
896 */
897 static void process_announce(private_kernel_pfroute_net_t *this,
898 struct if_announcemsghdr *msg)
899 {
900 enumerator_t *enumerator;
901 iface_entry_t *iface;
902
903 if (msg->ifan_what != IFAN_DEPARTURE)
904 {
905 /* we handle new interfaces in process_link() */
906 return;
907 }
908
909 this->lock->write_lock(this->lock);
910 enumerator = this->ifaces->create_enumerator(this->ifaces);
911 while (enumerator->enumerate(enumerator, &iface))
912 {
913 if (iface->ifindex == msg->ifan_index)
914 {
915 DBG1(DBG_KNL, "interface %s disappeared", iface->ifname);
916 this->ifaces->remove_at(this->ifaces, enumerator);
917 iface_entry_destroy(iface);
918 break;
919 }
920 }
921 enumerator->destroy(enumerator);
922 this->lock->unlock(this->lock);
923 }
924
925 #endif /* HAVE_RTM_IFANNOUNCE */
926
927 /**
928 * Process an RTM_*ROUTE message from the kernel
929 */
930 static void process_route(private_kernel_pfroute_net_t *this,
931 struct rt_msghdr *msg)
932 {
933
934 }
935
936 /**
937 * Receives PF_ROUTE messages from kernel
938 */
939 static bool receive_events(private_kernel_pfroute_net_t *this, int fd,
940 watcher_event_t event)
941 {
942 struct {
943 union {
944 struct rt_msghdr rtm;
945 struct if_msghdr ifm;
946 struct ifa_msghdr ifam;
947 #ifdef HAVE_RTM_IFANNOUNCE
948 struct if_announcemsghdr ifanm;
949 #endif
950 };
951 char buf[sizeof(struct sockaddr_storage) * RTAX_MAX];
952 } msg;
953 int len, hdrlen;
954
955 len = recv(this->socket, &msg, sizeof(msg), MSG_DONTWAIT);
956 if (len < 0)
957 {
958 switch (errno)
959 {
960 case EINTR:
961 case EAGAIN:
962 return TRUE;
963 default:
964 DBG1(DBG_KNL, "unable to receive from PF_ROUTE event socket");
965 sleep(1);
966 return TRUE;
967 }
968 }
969
970 if (len < offsetof(struct rt_msghdr, rtm_flags) || len < msg.rtm.rtm_msglen)
971 {
972 DBG1(DBG_KNL, "received invalid PF_ROUTE message");
973 return TRUE;
974 }
975 if (msg.rtm.rtm_version != RTM_VERSION)
976 {
977 DBG1(DBG_KNL, "received PF_ROUTE message with unsupported version: %d",
978 msg.rtm.rtm_version);
979 return TRUE;
980 }
981 switch (msg.rtm.rtm_type)
982 {
983 case RTM_NEWADDR:
984 case RTM_DELADDR:
985 hdrlen = sizeof(msg.ifam);
986 break;
987 case RTM_IFINFO:
988 hdrlen = sizeof(msg.ifm);
989 break;
990 #ifdef HAVE_RTM_IFANNOUNCE
991 case RTM_IFANNOUNCE:
992 hdrlen = sizeof(msg.ifanm);
993 break;
994 #endif /* HAVE_RTM_IFANNOUNCE */
995 case RTM_ADD:
996 case RTM_DELETE:
997 case RTM_GET:
998 hdrlen = sizeof(msg.rtm);
999 break;
1000 default:
1001 return TRUE;
1002 }
1003 if (msg.rtm.rtm_msglen < hdrlen)
1004 {
1005 DBG1(DBG_KNL, "ignoring short PF_ROUTE message");
1006 return TRUE;
1007 }
1008 switch (msg.rtm.rtm_type)
1009 {
1010 case RTM_NEWADDR:
1011 case RTM_DELADDR:
1012 process_addr(this, &msg.ifam);
1013 break;
1014 case RTM_IFINFO:
1015 process_link(this, &msg.ifm);
1016 break;
1017 #ifdef HAVE_RTM_IFANNOUNCE
1018 case RTM_IFANNOUNCE:
1019 process_announce(this, &msg.ifanm);
1020 break;
1021 #endif /* HAVE_RTM_IFANNOUNCE */
1022 case RTM_ADD:
1023 case RTM_DELETE:
1024 process_route(this, &msg.rtm);
1025 break;
1026 default:
1027 break;
1028 }
1029
1030 this->mutex->lock(this->mutex);
1031 if (msg.rtm.rtm_pid == this->pid && msg.rtm.rtm_seq == this->waiting_seq)
1032 {
1033 /* seems like the message someone is waiting for, deliver */
1034 this->reply = realloc(this->reply, msg.rtm.rtm_msglen);
1035 memcpy(this->reply, &msg, msg.rtm.rtm_msglen);
1036 }
1037 /* signal on any event, add_ip()/del_ip() might wait for it */
1038 this->condvar->broadcast(this->condvar);
1039 this->mutex->unlock(this->mutex);
1040
1041 return TRUE;
1042 }
1043
1044
1045 /** enumerator over addresses */
1046 typedef struct {
1047 private_kernel_pfroute_net_t* this;
1048 /** which addresses to enumerate */
1049 kernel_address_type_t which;
1050 } address_enumerator_t;
1051
1052 /**
1053 * cleanup function for address enumerator
1054 */
1055 static void address_enumerator_destroy(address_enumerator_t *data)
1056 {
1057 data->this->lock->unlock(data->this->lock);
1058 free(data);
1059 }
1060
1061 /**
1062 * filter for addresses
1063 */
1064 static bool filter_addresses(address_enumerator_t *data,
1065 addr_entry_t** in, host_t** out)
1066 {
1067 host_t *ip;
1068 if (!(data->which & ADDR_TYPE_VIRTUAL) && (*in)->virtual)
1069 { /* skip virtual interfaces added by us */
1070 return FALSE;
1071 }
1072 if (!(data->which & ADDR_TYPE_REGULAR) && !(*in)->virtual)
1073 { /* address is regular, but not requested */
1074 return FALSE;
1075 }
1076 ip = (*in)->ip;
1077 if (ip->get_family(ip) == AF_INET6)
1078 {
1079 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)ip->get_sockaddr(ip);
1080 if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr))
1081 { /* skip addresses with a unusable scope */
1082 return FALSE;
1083 }
1084 }
1085 *out = ip;
1086 return TRUE;
1087 }
1088
1089 /**
1090 * enumerator constructor for interfaces
1091 */
1092 static enumerator_t *create_iface_enumerator(iface_entry_t *iface,
1093 address_enumerator_t *data)
1094 {
1095 return enumerator_create_filter(iface->addrs->create_enumerator(iface->addrs),
1096 (void*)filter_addresses, data, NULL);
1097 }
1098
1099 /**
1100 * filter for interfaces
1101 */
1102 static bool filter_interfaces(address_enumerator_t *data, iface_entry_t** in,
1103 iface_entry_t** out)
1104 {
1105 if (!(data->which & ADDR_TYPE_IGNORED) && !(*in)->usable)
1106 { /* skip interfaces excluded by config */
1107 return FALSE;
1108 }
1109 if (!(data->which & ADDR_TYPE_LOOPBACK) && ((*in)->flags & IFF_LOOPBACK))
1110 { /* ignore loopback devices */
1111 return FALSE;
1112 }
1113 if (!(data->which & ADDR_TYPE_DOWN) && !((*in)->flags & IFF_UP))
1114 { /* skip interfaces not up */
1115 return FALSE;
1116 }
1117 *out = *in;
1118 return TRUE;
1119 }
1120
1121 METHOD(kernel_net_t, create_address_enumerator, enumerator_t*,
1122 private_kernel_pfroute_net_t *this, kernel_address_type_t which)
1123 {
1124 address_enumerator_t *data;
1125
1126 INIT(data,
1127 .this = this,
1128 .which = which,
1129 );
1130
1131 this->lock->read_lock(this->lock);
1132 return enumerator_create_nested(
1133 enumerator_create_filter(
1134 this->ifaces->create_enumerator(this->ifaces),
1135 (void*)filter_interfaces, data, NULL),
1136 (void*)create_iface_enumerator, data,
1137 (void*)address_enumerator_destroy);
1138 }
1139
1140 METHOD(kernel_net_t, get_features, kernel_feature_t,
1141 private_kernel_pfroute_net_t *this)
1142 {
1143 return KERNEL_REQUIRE_EXCLUDE_ROUTE;
1144 }
1145
1146 METHOD(kernel_net_t, get_interface_name, bool,
1147 private_kernel_pfroute_net_t *this, host_t* ip, char **name)
1148 {
1149 addr_map_entry_t *entry, lookup = {
1150 .ip = ip,
1151 };
1152
1153 if (ip->is_anyaddr(ip))
1154 {
1155 return FALSE;
1156 }
1157 this->lock->read_lock(this->lock);
1158 /* first try to find it on an up and usable interface */
1159 entry = this->addrs->get_match(this->addrs, &lookup,
1160 (void*)addr_map_entry_match_up_and_usable);
1161 if (entry)
1162 {
1163 if (name)
1164 {
1165 *name = strdup(entry->iface->ifname);
1166 DBG2(DBG_KNL, "%H is on interface %s", ip, *name);
1167 }
1168 this->lock->unlock(this->lock);
1169 return TRUE;
1170 }
1171 /* check if it is a virtual IP */
1172 entry = this->addrs->get_match(this->addrs, &lookup,
1173 (void*)addr_map_entry_match_virtual);
1174 if (entry)
1175 {
1176 if (name)
1177 {
1178 *name = strdup(entry->iface->ifname);
1179 DBG2(DBG_KNL, "virtual IP %H is on interface %s", ip, *name);
1180 }
1181 this->lock->unlock(this->lock);
1182 return TRUE;
1183 }
1184 /* maybe it is installed on an ignored interface */
1185 entry = this->addrs->get_match(this->addrs, &lookup,
1186 (void*)addr_map_entry_match_up);
1187 if (!entry)
1188 { /* the address does not exist, is on a down interface */
1189 DBG2(DBG_KNL, "%H is not a local address or the interface is down", ip);
1190 }
1191 this->lock->unlock(this->lock);
1192 return FALSE;
1193 }
1194
1195 METHOD(kernel_net_t, add_ip, status_t,
1196 private_kernel_pfroute_net_t *this, host_t *vip, int prefix,
1197 char *ifname)
1198 {
1199 enumerator_t *ifaces, *addrs;
1200 iface_entry_t *iface;
1201 addr_entry_t *addr;
1202 tun_device_t *tun;
1203 bool timeout = FALSE;
1204
1205 if (!this->install_virtual_ip)
1206 { /* disabled by config */
1207 return SUCCESS;
1208 }
1209
1210 tun = tun_device_create(NULL);
1211 if (!tun)
1212 {
1213 return FAILED;
1214 }
1215 if (prefix == -1)
1216 {
1217 prefix = vip->get_address(vip).len * 8;
1218 }
1219 if (!tun->up(tun) || !tun->set_address(tun, vip, prefix))
1220 {
1221 tun->destroy(tun);
1222 return FAILED;
1223 }
1224
1225 /* wait until address appears */
1226 this->mutex->lock(this->mutex);
1227 while (!timeout && !get_interface_name(this, vip, NULL))
1228 {
1229 timeout = this->condvar->timed_wait(this->condvar, this->mutex,
1230 this->vip_wait);
1231 }
1232 this->mutex->unlock(this->mutex);
1233 if (timeout)
1234 {
1235 DBG1(DBG_KNL, "virtual IP %H did not appear on %s",
1236 vip, tun->get_name(tun));
1237 tun->destroy(tun);
1238 return FAILED;
1239 }
1240
1241 this->lock->write_lock(this->lock);
1242 this->tuns->insert_last(this->tuns, tun);
1243
1244 ifaces = this->ifaces->create_enumerator(this->ifaces);
1245 while (ifaces->enumerate(ifaces, &iface))
1246 {
1247 if (streq(iface->ifname, tun->get_name(tun)))
1248 {
1249 addrs = iface->addrs->create_enumerator(iface->addrs);
1250 while (addrs->enumerate(addrs, &addr))
1251 {
1252 if (addr->ip->ip_equals(addr->ip, vip))
1253 {
1254 addr->virtual = TRUE;
1255 }
1256 }
1257 addrs->destroy(addrs);
1258 /* during IKEv1 reauthentication, children get moved from
1259 * old the new SA before the virtual IP is available. This
1260 * kills the route for our virtual IP, reinstall. */
1261 queue_route_reinstall(this, strdup(iface->ifname));
1262 break;
1263 }
1264 }
1265 ifaces->destroy(ifaces);
1266 /* lets do this while holding the lock, thus preventing another thread
1267 * from deleting the TUN device concurrently, hopefully listeners are quick
1268 * and cause no deadlocks */
1269 charon->kernel->tun(charon->kernel, tun, TRUE);
1270 this->lock->unlock(this->lock);
1271
1272 return SUCCESS;
1273 }
1274
1275 METHOD(kernel_net_t, del_ip, status_t,
1276 private_kernel_pfroute_net_t *this, host_t *vip, int prefix,
1277 bool wait)
1278 {
1279 enumerator_t *enumerator;
1280 tun_device_t *tun;
1281 host_t *addr;
1282 bool timeout = FALSE, found = FALSE;
1283
1284 if (!this->install_virtual_ip)
1285 { /* disabled by config */
1286 return SUCCESS;
1287 }
1288
1289 this->lock->write_lock(this->lock);
1290 enumerator = this->tuns->create_enumerator(this->tuns);
1291 while (enumerator->enumerate(enumerator, &tun))
1292 {
1293 addr = tun->get_address(tun, NULL);
1294 if (addr && addr->ip_equals(addr, vip))
1295 {
1296 this->tuns->remove_at(this->tuns, enumerator);
1297 charon->kernel->tun(charon->kernel, tun, FALSE);
1298 tun->destroy(tun);
1299 found = TRUE;
1300 break;
1301 }
1302 }
1303 enumerator->destroy(enumerator);
1304 this->lock->unlock(this->lock);
1305
1306 if (!found)
1307 {
1308 return NOT_FOUND;
1309 }
1310 /* wait until address disappears */
1311 if (wait)
1312 {
1313 this->mutex->lock(this->mutex);
1314 while (!timeout && get_interface_name(this, vip, NULL))
1315 {
1316 timeout = this->condvar->timed_wait(this->condvar, this->mutex,
1317 this->vip_wait);
1318 }
1319 this->mutex->unlock(this->mutex);
1320 if (timeout)
1321 {
1322 DBG1(DBG_KNL, "virtual IP %H did not disappear from tun", vip);
1323 return FAILED;
1324 }
1325 }
1326 return SUCCESS;
1327 }
1328
1329 /**
1330 * Append a sockaddr_in/in6 of given type to routing message
1331 */
1332 static void add_rt_addr(struct rt_msghdr *hdr, int type, host_t *addr)
1333 {
1334 if (addr)
1335 {
1336 int len;
1337
1338 len = *addr->get_sockaddr_len(addr);
1339 memcpy((char*)hdr + hdr->rtm_msglen, addr->get_sockaddr(addr), len);
1340 hdr->rtm_msglen += SA_LEN(len);
1341 hdr->rtm_addrs |= type;
1342 }
1343 }
1344
1345 /**
1346 * Append a subnet mask sockaddr using the given prefix to routing message
1347 */
1348 static void add_rt_mask(struct rt_msghdr *hdr, int type, int family, int prefix)
1349 {
1350 host_t *mask;
1351
1352 mask = host_create_netmask(family, prefix);
1353 if (mask)
1354 {
1355 add_rt_addr(hdr, type, mask);
1356 mask->destroy(mask);
1357 }
1358 }
1359
1360 /**
1361 * Append an interface name sockaddr_dl to routing message
1362 */
1363 static void add_rt_ifname(struct rt_msghdr *hdr, int type, char *name)
1364 {
1365 struct sockaddr_dl sdl = {
1366 .sdl_len = sizeof(struct sockaddr_dl),
1367 .sdl_family = AF_LINK,
1368 .sdl_nlen = strlen(name),
1369 };
1370
1371 if (strlen(name) <= sizeof(sdl.sdl_data))
1372 {
1373 memcpy(sdl.sdl_data, name, sdl.sdl_nlen);
1374 memcpy((char*)hdr + hdr->rtm_msglen, &sdl, sdl.sdl_len);
1375 hdr->rtm_msglen += SA_LEN(sdl.sdl_len);
1376 hdr->rtm_addrs |= type;
1377 }
1378 }
1379
1380 /**
1381 * Add or remove a route
1382 */
1383 static status_t manage_route(private_kernel_pfroute_net_t *this, int op,
1384 chunk_t dst_net, u_int8_t prefixlen,
1385 host_t *gateway, char *if_name)
1386 {
1387 struct {
1388 struct rt_msghdr hdr;
1389 char buf[sizeof(struct sockaddr_storage) * RTAX_MAX];
1390 } msg = {
1391 .hdr = {
1392 .rtm_version = RTM_VERSION,
1393 .rtm_type = op,
1394 .rtm_flags = RTF_UP | RTF_STATIC,
1395 .rtm_pid = this->pid,
1396 .rtm_seq = ref_get(&this->seq),
1397 },
1398 };
1399 host_t *dst;
1400 int type;
1401
1402 if (prefixlen == 0 && dst_net.len)
1403 {
1404 status_t status;
1405 chunk_t half;
1406
1407 half = chunk_clonea(dst_net);
1408 half.ptr[0] |= 0x80;
1409 prefixlen = 1;
1410 status = manage_route(this, op, half, prefixlen, gateway, if_name);
1411 if (status != SUCCESS)
1412 {
1413 return status;
1414 }
1415 }
1416
1417 dst = host_create_from_chunk(AF_UNSPEC, dst_net, 0);
1418 if (!dst)
1419 {
1420 return FAILED;
1421 }
1422
1423 if ((dst->get_family(dst) == AF_INET && prefixlen == 32) ||
1424 (dst->get_family(dst) == AF_INET6 && prefixlen == 128))
1425 {
1426 msg.hdr.rtm_flags |= RTF_HOST | RTF_GATEWAY;
1427 }
1428
1429 msg.hdr.rtm_msglen = sizeof(struct rt_msghdr);
1430 for (type = 0; type < RTAX_MAX; type++)
1431 {
1432 switch (type)
1433 {
1434 case RTAX_DST:
1435 add_rt_addr(&msg.hdr, RTA_DST, dst);
1436 break;
1437 case RTAX_NETMASK:
1438 if (!(msg.hdr.rtm_flags & RTF_HOST))
1439 {
1440 add_rt_mask(&msg.hdr, RTA_NETMASK,
1441 dst->get_family(dst), prefixlen);
1442 }
1443 break;
1444 case RTAX_IFP:
1445 if (if_name)
1446 {
1447 add_rt_ifname(&msg.hdr, RTA_IFP, if_name);
1448 }
1449 break;
1450 case RTAX_GATEWAY:
1451 if (gateway)
1452 {
1453 add_rt_addr(&msg.hdr, RTA_GATEWAY, gateway);
1454 }
1455 break;
1456 default:
1457 break;
1458 }
1459 }
1460 dst->destroy(dst);
1461
1462 if (send(this->socket, &msg, msg.hdr.rtm_msglen, 0) != msg.hdr.rtm_msglen)
1463 {
1464 if (errno == EEXIST)
1465 {
1466 return ALREADY_DONE;
1467 }
1468 DBG1(DBG_KNL, "%s PF_ROUTE route failed: %s",
1469 op == RTM_ADD ? "adding" : "deleting", strerror(errno));
1470 return FAILED;
1471 }
1472 return SUCCESS;
1473 }
1474
1475 METHOD(kernel_net_t, add_route, status_t,
1476 private_kernel_pfroute_net_t *this, chunk_t dst_net, u_int8_t prefixlen,
1477 host_t *gateway, host_t *src_ip, char *if_name)
1478 {
1479 status_t status;
1480 route_entry_t *found, route = {
1481 .dst_net = dst_net,
1482 .prefixlen = prefixlen,
1483 .gateway = gateway,
1484 .if_name = if_name,
1485 };
1486
1487 this->routes_lock->lock(this->routes_lock);
1488 found = this->routes->get(this->routes, &route);
1489 if (found)
1490 {
1491 this->routes_lock->unlock(this->routes_lock);
1492 return ALREADY_DONE;
1493 }
1494 status = manage_route(this, RTM_ADD, dst_net, prefixlen, gateway, if_name);
1495 if (status == SUCCESS)
1496 {
1497 found = route_entry_clone(&route);
1498 this->routes->put(this->routes, found, found);
1499 }
1500 this->routes_lock->unlock(this->routes_lock);
1501 return status;
1502 }
1503
1504 METHOD(kernel_net_t, del_route, status_t,
1505 private_kernel_pfroute_net_t *this, chunk_t dst_net, u_int8_t prefixlen,
1506 host_t *gateway, host_t *src_ip, char *if_name)
1507 {
1508 status_t status;
1509 route_entry_t *found, route = {
1510 .dst_net = dst_net,
1511 .prefixlen = prefixlen,
1512 .gateway = gateway,
1513 .if_name = if_name,
1514 };
1515
1516 this->routes_lock->lock(this->routes_lock);
1517 found = this->routes->get(this->routes, &route);
1518 if (!found)
1519 {
1520 this->routes_lock->unlock(this->routes_lock);
1521 return NOT_FOUND;
1522 }
1523 this->routes->remove(this->routes, found);
1524 route_entry_destroy(found);
1525 status = manage_route(this, RTM_DELETE, dst_net, prefixlen, gateway,
1526 if_name);
1527 this->routes_lock->unlock(this->routes_lock);
1528 return status;
1529 }
1530
1531 /**
1532 * Do a route lookup for dest and return either the nexthop or the source
1533 * address.
1534 */
1535 static host_t *get_route(private_kernel_pfroute_net_t *this, bool nexthop,
1536 host_t *dest, host_t *src)
1537 {
1538 struct {
1539 struct rt_msghdr hdr;
1540 char buf[sizeof(struct sockaddr_storage) * RTAX_MAX];
1541 } msg = {
1542 .hdr = {
1543 .rtm_version = RTM_VERSION,
1544 .rtm_type = RTM_GET,
1545 .rtm_pid = this->pid,
1546 .rtm_seq = ref_get(&this->seq),
1547 },
1548 };
1549 host_t *host = NULL;
1550 enumerator_t *enumerator;
1551 struct sockaddr *addr;
1552 bool failed = FALSE;
1553 int type;
1554
1555 retry:
1556 msg.hdr.rtm_msglen = sizeof(struct rt_msghdr);
1557 for (type = 0; type < RTAX_MAX; type++)
1558 {
1559 switch (type)
1560 {
1561 case RTAX_DST:
1562 add_rt_addr(&msg.hdr, RTA_DST, dest);
1563 break;
1564 case RTAX_IFA:
1565 add_rt_addr(&msg.hdr, RTA_IFA, src);
1566 break;
1567 case RTAX_IFP:
1568 if (!nexthop)
1569 { /* add an empty IFP to ensure we get a source address */
1570 add_rt_ifname(&msg.hdr, RTA_IFP, "");
1571 }
1572 break;
1573 default:
1574 break;
1575 }
1576 }
1577 this->mutex->lock(this->mutex);
1578
1579 while (this->waiting_seq)
1580 {
1581 this->condvar->wait(this->condvar, this->mutex);
1582 }
1583 this->waiting_seq = msg.hdr.rtm_seq;
1584 if (send(this->socket, &msg, msg.hdr.rtm_msglen, 0) == msg.hdr.rtm_msglen)
1585 {
1586 while (TRUE)
1587 {
1588 if (this->condvar->timed_wait(this->condvar, this->mutex, 1000))
1589 { /* timed out? */
1590 break;
1591 }
1592 if (!this->reply)
1593 {
1594 continue;
1595 }
1596 enumerator = create_rtmsg_enumerator(this->reply);
1597 while (enumerator->enumerate(enumerator, &type, &addr))
1598 {
1599 if (nexthop)
1600 {
1601 if (type == RTAX_DST && this->reply->rtm_flags & RTF_HOST)
1602 { /* probably a cloned/cached direct route, only use that
1603 * as fallback if no gateway is found */
1604 host = host ?: host_create_from_sockaddr(addr);
1605 }
1606 if (type == RTAX_GATEWAY)
1607 { /* could actually be a MAC address */
1608 host_t *gtw = host_create_from_sockaddr(addr);
1609 if (gtw)
1610 {
1611 DESTROY_IF(host);
1612 host = gtw;
1613 }
1614 }
1615 }
1616 else
1617 {
1618 if (type == RTAX_IFA)
1619 {
1620 host = host_create_from_sockaddr(addr);
1621 }
1622 }
1623 }
1624 enumerator->destroy(enumerator);
1625 break;
1626 }
1627 }
1628 else
1629 {
1630 failed = TRUE;
1631 }
1632 free(this->reply);
1633 this->reply = NULL;
1634 /* signal completion of query to a waiting thread */
1635 this->waiting_seq = 0;
1636 this->condvar->signal(this->condvar);
1637 this->mutex->unlock(this->mutex);
1638
1639 if (failed)
1640 {
1641 if (src)
1642 { /* the given source address might be gone, try again without */
1643 src = NULL;
1644 msg.hdr.rtm_seq = ref_get(&this->seq);
1645 msg.hdr.rtm_addrs = 0;
1646 memset(msg.buf, 0, sizeof(msg.buf));
1647 goto retry;
1648 }
1649 DBG1(DBG_KNL, "PF_ROUTE lookup failed: %s", strerror(errno));
1650 }
1651 if (nexthop)
1652 {
1653 host = host ?: dest->clone(dest);
1654 }
1655 else
1656 { /* make sure the source address is not virtual and usable */
1657 addr_entry_t *entry, lookup = {
1658 .ip = host,
1659 };
1660
1661 if (!host)
1662 {
1663 return NULL;
1664 }
1665 this->lock->read_lock(this->lock);
1666 entry = this->addrs->get_match(this->addrs, &lookup,
1667 (void*)addr_map_entry_match_up_and_usable);
1668 this->lock->unlock(this->lock);
1669 if (!entry)
1670 {
1671 host->destroy(host);
1672 return NULL;
1673 }
1674 }
1675 DBG2(DBG_KNL, "using %H as %s to reach %H", host,
1676 nexthop ? "nexthop" : "address", dest);
1677 return host;
1678 }
1679
1680 METHOD(kernel_net_t, get_source_addr, host_t*,
1681 private_kernel_pfroute_net_t *this, host_t *dest, host_t *src)
1682 {
1683 return get_route(this, FALSE, dest, src);
1684 }
1685
1686 METHOD(kernel_net_t, get_nexthop, host_t*,
1687 private_kernel_pfroute_net_t *this, host_t *dest, int prefix, host_t *src)
1688 {
1689 return get_route(this, TRUE, dest, src);
1690 }
1691
1692 /**
1693 * Initialize a list of local addresses.
1694 */
1695 static status_t init_address_list(private_kernel_pfroute_net_t *this)
1696 {
1697 struct ifaddrs *ifap, *ifa;
1698 iface_entry_t *iface, *current;
1699 addr_entry_t *addr;
1700 enumerator_t *ifaces, *addrs;
1701
1702 DBG2(DBG_KNL, "known interfaces and IP addresses:");
1703
1704 if (getifaddrs(&ifap) < 0)
1705 {
1706 DBG1(DBG_KNL, " failed to get interfaces!");
1707 return FAILED;
1708 }
1709
1710 for (ifa = ifap; ifa != NULL; ifa = ifa->ifa_next)
1711 {
1712 if (ifa->ifa_addr == NULL)
1713 {
1714 continue;
1715 }
1716 switch(ifa->ifa_addr->sa_family)
1717 {
1718 case AF_LINK:
1719 case AF_INET:
1720 case AF_INET6:
1721 {
1722 iface = NULL;
1723 ifaces = this->ifaces->create_enumerator(this->ifaces);
1724 while (ifaces->enumerate(ifaces, &current))
1725 {
1726 if (streq(current->ifname, ifa->ifa_name))
1727 {
1728 iface = current;
1729 break;
1730 }
1731 }
1732 ifaces->destroy(ifaces);
1733
1734 if (!iface)
1735 {
1736 INIT(iface,
1737 .ifindex = if_nametoindex(ifa->ifa_name),
1738 .flags = ifa->ifa_flags,
1739 .addrs = linked_list_create(),
1740 .usable = charon->kernel->is_interface_usable(
1741 charon->kernel, ifa->ifa_name),
1742 );
1743 memcpy(iface->ifname, ifa->ifa_name, IFNAMSIZ);
1744 this->ifaces->insert_last(this->ifaces, iface);
1745 }
1746
1747 if (ifa->ifa_addr->sa_family != AF_LINK)
1748 {
1749 INIT(addr,
1750 .ip = host_create_from_sockaddr(ifa->ifa_addr),
1751 );
1752 iface->addrs->insert_last(iface->addrs, addr);
1753 addr_map_entry_add(this, addr, iface);
1754 }
1755 }
1756 }
1757 }
1758 freeifaddrs(ifap);
1759
1760 ifaces = this->ifaces->create_enumerator(this->ifaces);
1761 while (ifaces->enumerate(ifaces, &iface))
1762 {
1763 if (iface->usable && iface->flags & IFF_UP)
1764 {
1765 DBG2(DBG_KNL, " %s", iface->ifname);
1766 addrs = iface->addrs->create_enumerator(iface->addrs);
1767 while (addrs->enumerate(addrs, (void**)&addr))
1768 {
1769 DBG2(DBG_KNL, " %H", addr->ip);
1770 }
1771 addrs->destroy(addrs);
1772 }
1773 }
1774 ifaces->destroy(ifaces);
1775
1776 return SUCCESS;
1777 }
1778
1779 METHOD(kernel_net_t, destroy, void,
1780 private_kernel_pfroute_net_t *this)
1781 {
1782 enumerator_t *enumerator;
1783 route_entry_t *route;
1784 addr_entry_t *addr;
1785
1786 enumerator = this->routes->create_enumerator(this->routes);
1787 while (enumerator->enumerate(enumerator, NULL, (void**)&route))
1788 {
1789 manage_route(this, RTM_DELETE, route->dst_net, route->prefixlen,
1790 route->gateway, route->if_name);
1791 route_entry_destroy(route);
1792 }
1793 enumerator->destroy(enumerator);
1794 this->routes->destroy(this->routes);
1795 this->routes_lock->destroy(this->routes_lock);
1796
1797 if (this->socket != -1)
1798 {
1799 lib->watcher->remove(lib->watcher, this->socket);
1800 close(this->socket);
1801 }
1802
1803 net_changes_clear(this);
1804 this->net_changes->destroy(this->net_changes);
1805 this->net_changes_lock->destroy(this->net_changes_lock);
1806
1807 enumerator = this->addrs->create_enumerator(this->addrs);
1808 while (enumerator->enumerate(enumerator, NULL, (void**)&addr))
1809 {
1810 free(addr);
1811 }
1812 enumerator->destroy(enumerator);
1813 this->addrs->destroy(this->addrs);
1814 this->ifaces->destroy_function(this->ifaces, (void*)iface_entry_destroy);
1815 this->tuns->destroy(this->tuns);
1816 this->lock->destroy(this->lock);
1817 this->mutex->destroy(this->mutex);
1818 this->condvar->destroy(this->condvar);
1819 this->roam_lock->destroy(this->roam_lock);
1820 free(this->reply);
1821 free(this);
1822 }
1823
1824 /*
1825 * Described in header.
1826 */
1827 kernel_pfroute_net_t *kernel_pfroute_net_create()
1828 {
1829 private_kernel_pfroute_net_t *this;
1830
1831 INIT(this,
1832 .public = {
1833 .interface = {
1834 .get_features = _get_features,
1835 .get_interface = _get_interface_name,
1836 .create_address_enumerator = _create_address_enumerator,
1837 .get_source_addr = _get_source_addr,
1838 .get_nexthop = _get_nexthop,
1839 .add_ip = _add_ip,
1840 .del_ip = _del_ip,
1841 .add_route = _add_route,
1842 .del_route = _del_route,
1843 .destroy = _destroy,
1844 },
1845 },
1846 .pid = getpid(),
1847 .ifaces = linked_list_create(),
1848 .addrs = hashtable_create(
1849 (hashtable_hash_t)addr_map_entry_hash,
1850 (hashtable_equals_t)addr_map_entry_equals, 16),
1851 .routes = hashtable_create((hashtable_hash_t)route_entry_hash,
1852 (hashtable_equals_t)route_entry_equals, 16),
1853 .net_changes = hashtable_create(
1854 (hashtable_hash_t)net_change_hash,
1855 (hashtable_equals_t)net_change_equals, 16),
1856 .tuns = linked_list_create(),
1857 .lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
1858 .mutex = mutex_create(MUTEX_TYPE_DEFAULT),
1859 .condvar = condvar_create(CONDVAR_TYPE_DEFAULT),
1860 .routes_lock = mutex_create(MUTEX_TYPE_DEFAULT),
1861 .net_changes_lock = mutex_create(MUTEX_TYPE_DEFAULT),
1862 .roam_lock = spinlock_create(),
1863 .vip_wait = lib->settings->get_int(lib->settings,
1864 "%s.plugins.kernel-pfroute.vip_wait", 1000, lib->ns),
1865 .install_virtual_ip = lib->settings->get_bool(lib->settings,
1866 "%s.install_virtual_ip", TRUE, lib->ns),
1867 );
1868 timerclear(&this->last_route_reinstall);
1869 timerclear(&this->next_roam);
1870
1871 /* create a PF_ROUTE socket to communicate with the kernel */
1872 this->socket = socket(PF_ROUTE, SOCK_RAW, AF_UNSPEC);
1873 if (this->socket == -1)
1874 {
1875 DBG1(DBG_KNL, "unable to create PF_ROUTE socket");
1876 destroy(this);
1877 return NULL;
1878 }
1879
1880 if (streq(lib->ns, "starter"))
1881 {
1882 /* starter has no threads, so we do not register for kernel events */
1883 if (shutdown(this->socket, SHUT_RD) != 0)
1884 {
1885 DBG1(DBG_KNL, "closing read end of PF_ROUTE socket failed: %s",
1886 strerror(errno));
1887 }
1888 }
1889 else
1890 {
1891 lib->watcher->add(lib->watcher, this->socket, WATCHER_READ,
1892 (watcher_cb_t)receive_events, this);
1893 }
1894 if (init_address_list(this) != SUCCESS)
1895 {
1896 DBG1(DBG_KNL, "unable to get interface list");
1897 destroy(this);
1898 return NULL;
1899 }
1900
1901 return &this->public;
1902 }