projects / strongswan.git / blob
? search:


9f40daeaabffb11b23cde8bffba0c5fc571f614d
[strongswan.git] / src / libcharon / plugins / kernel_pfroute / kernel_pfroute_net.c
1 /*
2 * Copyright (C) 2009 Tobias Brunner
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include <sys/types.h>
17 #include <sys/socket.h>
18 #include <net/if.h>
19 #include <ifaddrs.h>
20 #include <net/route.h>
21 #include <unistd.h>
22 #include <errno.h>
23
24 #include "kernel_pfroute_net.h"
25
26 #include <hydra.h>
27 #include <daemon.h>
28 #include <utils/host.h>
29 #include <threading/thread.h>
30 #include <threading/mutex.h>
31 #include <utils/linked_list.h>
32 #include <processing/jobs/callback_job.h>
33
34 #ifndef HAVE_STRUCT_SOCKADDR_SA_LEN
35 #error Cannot compile this plugin on systems where 'struct sockaddr' has no sa_len member.
36 #endif
37
38 /** delay before firing roam events (ms) */
39 #define ROAM_DELAY 100
40
41 /** buffer size for PF_ROUTE messages */
42 #define PFROUTE_BUFFER_SIZE 4096
43
44 typedef struct addr_entry_t addr_entry_t;
45
46 /**
47 * IP address in an inface_entry_t
48 */
49 struct addr_entry_t {
50
51 /** The ip address */
52 host_t *ip;
53
54 /** virtual IP managed by us */
55 bool virtual;
56
57 /** Number of times this IP is used, if virtual */
58 u_int refcount;
59 };
60
61 /**
62 * destroy a addr_entry_t object
63 */
64 static void addr_entry_destroy(addr_entry_t *this)
65 {
66 this->ip->destroy(this->ip);
67 free(this);
68 }
69
70 typedef struct iface_entry_t iface_entry_t;
71
72 /**
73 * A network interface on this system, containing addr_entry_t's
74 */
75 struct iface_entry_t {
76
77 /** interface index */
78 int ifindex;
79
80 /** name of the interface */
81 char ifname[IFNAMSIZ];
82
83 /** interface flags, as in netdevice(7) SIOCGIFFLAGS */
84 u_int flags;
85
86 /** list of addresses as host_t */
87 linked_list_t *addrs;
88 };
89
90 /**
91 * destroy an interface entry
92 */
93 static void iface_entry_destroy(iface_entry_t *this)
94 {
95 this->addrs->destroy_function(this->addrs, (void*)addr_entry_destroy);
96 free(this);
97 }
98
99
100 typedef struct private_kernel_pfroute_net_t private_kernel_pfroute_net_t;
101
102 /**
103 * Private variables and functions of kernel_pfroute class.
104 */
105 struct private_kernel_pfroute_net_t
106 {
107 /**
108 * Public part of the kernel_pfroute_t object.
109 */
110 kernel_pfroute_net_t public;
111
112 /**
113 * mutex to lock access to various lists
114 */
115 mutex_t *mutex;
116
117 /**
118 * Cached list of interfaces and their addresses (iface_entry_t)
119 */
120 linked_list_t *ifaces;
121
122 /**
123 * job receiving PF_ROUTE events
124 */
125 callback_job_t *job;
126
127 /**
128 * mutex to lock access to the PF_ROUTE socket
129 */
130 mutex_t *mutex_pfroute;
131
132 /**
133 * PF_ROUTE socket to communicate with the kernel
134 */
135 int socket;
136
137 /**
138 * PF_ROUTE socket to receive events
139 */
140 int socket_events;
141
142 /**
143 * sequence number for messages sent to the kernel
144 */
145 int seq;
146
147 /**
148 * time of last roam event
149 */
150 timeval_t last_roam;
151 };
152
153 /**
154 * callback function that raises the delayed roam event
155 */
156 static job_requeue_t roam_event(uintptr_t address)
157 {
158 charon->kernel_interface->roam(charon->kernel_interface, address != 0);
159 return JOB_REQUEUE_NONE;
160 }
161
162 /**
163 * fire a roaming event. we delay it for a bit and fire only one event
164 * for multiple calls. otherwise we would create too many events.
165 */
166 static void fire_roam_event(private_kernel_pfroute_net_t *this, bool address)
167 {
168 timeval_t now;
169 job_t *job;
170
171 time_monotonic(&now);
172 if (timercmp(&now, &this->last_roam, >))
173 {
174 now.tv_usec += ROAM_DELAY * 1000;
175 while (now.tv_usec > 1000000)
176 {
177 now.tv_sec++;
178 now.tv_usec -= 1000000;
179 }
180 this->last_roam = now;
181
182 job = (job_t*)callback_job_create((callback_job_cb_t)roam_event,
183 (void*)(uintptr_t)(address ? 1 : 0),
184 NULL, NULL);
185 hydra->scheduler->schedule_job_ms(hydra->scheduler, job, ROAM_DELAY);
186 }
187 }
188
189 /**
190 * Process an RTM_*ADDR message from the kernel
191 */
192 static void process_addr(private_kernel_pfroute_net_t *this,
193 struct rt_msghdr *msg)
194 {
195 struct ifa_msghdr *ifa = (struct ifa_msghdr*)msg;
196 sockaddr_t *sockaddr = (sockaddr_t*)(ifa + 1);
197 host_t *host = NULL;
198 enumerator_t *ifaces, *addrs;
199 iface_entry_t *iface;
200 addr_entry_t *addr;
201 bool found = FALSE, changed = FALSE, roam = FALSE;
202 int i;
203
204 for (i = 1; i < (1 << RTAX_MAX); i <<= 1)
205 {
206 if (ifa->ifam_addrs & i)
207 {
208 if (RTA_IFA & i)
209 {
210 host = host_create_from_sockaddr(sockaddr);
211 break;
212 }
213 sockaddr = (sockaddr_t*)((char*)sockaddr + sockaddr->sa_len);
214 }
215 }
216
217 if (!host)
218 {
219 return;
220 }
221
222 this->mutex->lock(this->mutex);
223 ifaces = this->ifaces->create_enumerator(this->ifaces);
224 while (ifaces->enumerate(ifaces, &iface))
225 {
226 if (iface->ifindex == ifa->ifam_index)
227 {
228 addrs = iface->addrs->create_enumerator(iface->addrs);
229 while (addrs->enumerate(addrs, &addr))
230 {
231 if (host->ip_equals(host, addr->ip))
232 {
233 found = TRUE;
234 if (ifa->ifam_type == RTM_DELADDR)
235 {
236 iface->addrs->remove_at(iface->addrs, addrs);
237 if (!addr->virtual)
238 {
239 changed = TRUE;
240 DBG1(DBG_KNL, "%H disappeared from %s",
241 host, iface->ifname);
242 }
243 addr_entry_destroy(addr);
244 }
245 else if (ifa->ifam_type == RTM_NEWADDR && addr->virtual)
246 {
247 addr->refcount = 1;
248 }
249 }
250 }
251 addrs->destroy(addrs);
252
253 if (!found && ifa->ifam_type == RTM_NEWADDR)
254 {
255 changed = TRUE;
256 addr = malloc_thing(addr_entry_t);
257 addr->ip = host->clone(host);
258 addr->virtual = FALSE;
259 addr->refcount = 1;
260 iface->addrs->insert_last(iface->addrs, addr);
261 DBG1(DBG_KNL, "%H appeared on %s", host, iface->ifname);
262 }
263
264 if (changed && (iface->flags & IFF_UP))
265 {
266 roam = TRUE;
267 }
268 break;
269 }
270 }
271 ifaces->destroy(ifaces);
272 this->mutex->unlock(this->mutex);
273 host->destroy(host);
274
275 if (roam)
276 {
277 fire_roam_event(this, TRUE);
278 }
279 }
280
281 /**
282 * Process an RTM_IFINFO message from the kernel
283 */
284 static void process_link(private_kernel_pfroute_net_t *this,
285 struct rt_msghdr *hdr)
286 {
287 struct if_msghdr *msg = (struct if_msghdr*)hdr;
288 enumerator_t *enumerator;
289 iface_entry_t *iface;
290 bool roam = FALSE;
291
292 if (msg->ifm_flags & IFF_LOOPBACK)
293 { /* ignore loopback interfaces */
294 return;
295 }
296
297 this->mutex->lock(this->mutex);
298 enumerator = this->ifaces->create_enumerator(this->ifaces);
299 while (enumerator->enumerate(enumerator, &iface))
300 {
301 if (iface->ifindex == msg->ifm_index)
302 {
303 if (!(iface->flags & IFF_UP) && (msg->ifm_flags & IFF_UP))
304 {
305 roam = TRUE;
306 DBG1(DBG_KNL, "interface %s activated", iface->ifname);
307 }
308 else if ((iface->flags & IFF_UP) && !(msg->ifm_flags & IFF_UP))
309 {
310 roam = TRUE;
311 DBG1(DBG_KNL, "interface %s deactivated", iface->ifname);
312 }
313 iface->flags = msg->ifm_flags;
314 break;
315 }
316 }
317 enumerator->destroy(enumerator);
318 this->mutex->unlock(this->mutex);
319
320 if (roam)
321 {
322 fire_roam_event(this, TRUE);
323 }
324 }
325
326 /**
327 * Process an RTM_*ROUTE message from the kernel
328 */
329 static void process_route(private_kernel_pfroute_net_t *this,
330 struct rt_msghdr *msg)
331 {
332
333 }
334
335 /**
336 * Receives events from kernel
337 */
338 static job_requeue_t receive_events(private_kernel_pfroute_net_t *this)
339 {
340 unsigned char buf[PFROUTE_BUFFER_SIZE];
341 struct rt_msghdr *msg = (struct rt_msghdr*)buf;
342 int len;
343 bool oldstate;
344
345 oldstate = thread_cancelability(TRUE);
346 len = recvfrom(this->socket_events, buf, sizeof(buf), 0, NULL, 0);
347 thread_cancelability(oldstate);
348
349 if (len < 0)
350 {
351 switch (errno)
352 {
353 case EINTR:
354 /* interrupted, try again */
355 return JOB_REQUEUE_DIRECT;
356 case EAGAIN:
357 /* no data ready, select again */
358 return JOB_REQUEUE_DIRECT;
359 default:
360 DBG1(DBG_KNL, "unable to receive from PF_ROUTE event socket");
361 sleep(1);
362 return JOB_REQUEUE_FAIR;
363 }
364 }
365
366 if (len < sizeof(msg->rtm_msglen) || len < msg->rtm_msglen ||
367 msg->rtm_version != RTM_VERSION)
368 {
369 DBG2(DBG_KNL, "received corrupted PF_ROUTE message");
370 return JOB_REQUEUE_DIRECT;
371 }
372
373 switch (msg->rtm_type)
374 {
375 case RTM_NEWADDR:
376 case RTM_DELADDR:
377 process_addr(this, msg);
378 break;
379 case RTM_IFINFO:
380 /*case RTM_IFANNOUNCE <- what about this*/
381 process_link(this, msg);
382 break;
383 case RTM_ADD:
384 case RTM_DELETE:
385 process_route(this, msg);
386 default:
387 break;
388 }
389
390 return JOB_REQUEUE_DIRECT;
391 }
392
393
394 /** enumerator over addresses */
395 typedef struct {
396 private_kernel_pfroute_net_t* this;
397 /** whether to enumerate down interfaces */
398 bool include_down_ifaces;
399 /** whether to enumerate virtual ip addresses */
400 bool include_virtual_ips;
401 } address_enumerator_t;
402
403 /**
404 * cleanup function for address enumerator
405 */
406 static void address_enumerator_destroy(address_enumerator_t *data)
407 {
408 data->this->mutex->unlock(data->this->mutex);
409 free(data);
410 }
411
412 /**
413 * filter for addresses
414 */
415 static bool filter_addresses(address_enumerator_t *data, addr_entry_t** in, host_t** out)
416 {
417 host_t *ip;
418 if (!data->include_virtual_ips && (*in)->virtual)
419 { /* skip virtual interfaces added by us */
420 return FALSE;
421 }
422 ip = (*in)->ip;
423 if (ip->get_family(ip) == AF_INET6)
424 {
425 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)ip->get_sockaddr(ip);
426 if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr))
427 { /* skip addresses with a unusable scope */
428 return FALSE;
429 }
430 }
431 *out = ip;
432 return TRUE;
433 }
434
435 /**
436 * enumerator constructor for interfaces
437 */
438 static enumerator_t *create_iface_enumerator(iface_entry_t *iface, address_enumerator_t *data)
439 {
440 return enumerator_create_filter(iface->addrs->create_enumerator(iface->addrs),
441 (void*)filter_addresses, data, NULL);
442 }
443
444 /**
445 * filter for interfaces
446 */
447 static bool filter_interfaces(address_enumerator_t *data, iface_entry_t** in, iface_entry_t** out)
448 {
449 if (!data->include_down_ifaces && !((*in)->flags & IFF_UP))
450 { /* skip interfaces not up */
451 return FALSE;
452 }
453 *out = *in;
454 return TRUE;
455 }
456
457 /**
458 * implementation of kernel_net_t.create_address_enumerator
459 */
460 static enumerator_t *create_address_enumerator(private_kernel_pfroute_net_t *this,
461 bool include_down_ifaces, bool include_virtual_ips)
462 {
463 address_enumerator_t *data = malloc_thing(address_enumerator_t);
464 data->this = this;
465 data->include_down_ifaces = include_down_ifaces;
466 data->include_virtual_ips = include_virtual_ips;
467
468 this->mutex->lock(this->mutex);
469 return enumerator_create_nested(
470 enumerator_create_filter(this->ifaces->create_enumerator(this->ifaces),
471 (void*)filter_interfaces, data, NULL),
472 (void*)create_iface_enumerator, data, (void*)address_enumerator_destroy);
473 }
474
475 /**
476 * implementation of kernel_net_t.get_interface_name
477 */
478 static char *get_interface_name(private_kernel_pfroute_net_t *this, host_t* ip)
479 {
480 enumerator_t *ifaces, *addrs;
481 iface_entry_t *iface;
482 addr_entry_t *addr;
483 char *name = NULL;
484
485 DBG2(DBG_KNL, "getting interface name for %H", ip);
486
487 this->mutex->lock(this->mutex);
488 ifaces = this->ifaces->create_enumerator(this->ifaces);
489 while (ifaces->enumerate(ifaces, &iface))
490 {
491 addrs = iface->addrs->create_enumerator(iface->addrs);
492 while (addrs->enumerate(addrs, &addr))
493 {
494 if (ip->ip_equals(ip, addr->ip))
495 {
496 name = strdup(iface->ifname);
497 break;
498 }
499 }
500 addrs->destroy(addrs);
501 if (name)
502 {
503 break;
504 }
505 }
506 ifaces->destroy(ifaces);
507 this->mutex->unlock(this->mutex);
508
509 if (name)
510 {
511 DBG2(DBG_KNL, "%H is on interface %s", ip, name);
512 }
513 else
514 {
515 DBG2(DBG_KNL, "%H is not a local address", ip);
516 }
517 return name;
518 }
519
520 /**
521 * Implementation of kernel_net_t.get_source_addr.
522 */
523 static host_t* get_source_addr(private_kernel_pfroute_net_t *this,
524 host_t *dest, host_t *src)
525 {
526 return NULL;
527 }
528
529 /**
530 * Implementation of kernel_net_t.get_nexthop.
531 */
532 static host_t* get_nexthop(private_kernel_pfroute_net_t *this, host_t *dest)
533 {
534 return NULL;
535 }
536
537 /**
538 * Implementation of kernel_net_t.add_ip.
539 */
540 static status_t add_ip(private_kernel_pfroute_net_t *this,
541 host_t *virtual_ip, host_t *iface_ip)
542 {
543 return FAILED;
544 }
545
546 /**
547 * Implementation of kernel_net_t.del_ip.
548 */
549 static status_t del_ip(private_kernel_pfroute_net_t *this, host_t *virtual_ip)
550 {
551 return FAILED;
552 }
553
554 /**
555 * Implementation of kernel_net_t.add_route.
556 */
557 static status_t add_route(private_kernel_pfroute_net_t *this, chunk_t dst_net,
558 u_int8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name)
559 {
560 return FAILED;
561 }
562
563 /**
564 * Implementation of kernel_net_t.del_route.
565 */
566 static status_t del_route(private_kernel_pfroute_net_t *this, chunk_t dst_net,
567 u_int8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name)
568 {
569 return FAILED;
570 }
571
572 /**
573 * Initialize a list of local addresses.
574 */
575 static status_t init_address_list(private_kernel_pfroute_net_t *this)
576 {
577 struct ifaddrs *ifap, *ifa;
578 iface_entry_t *iface, *current;
579 addr_entry_t *addr;
580 enumerator_t *ifaces, *addrs;
581
582 DBG1(DBG_KNL, "listening on interfaces:");
583
584 if (getifaddrs(&ifap) < 0)
585 {
586 DBG1(DBG_KNL, " failed to get interfaces!");
587 return FAILED;
588 }
589
590 for (ifa = ifap; ifa != NULL; ifa = ifa->ifa_next)
591 {
592 if (ifa->ifa_addr == NULL)
593 {
594 continue;
595 }
596 switch(ifa->ifa_addr->sa_family)
597 {
598 case AF_LINK:
599 case AF_INET:
600 case AF_INET6:
601 {
602 if (ifa->ifa_flags & IFF_LOOPBACK)
603 { /* ignore loopback interfaces */
604 continue;
605 }
606
607 iface = NULL;
608 ifaces = this->ifaces->create_enumerator(this->ifaces);
609 while (ifaces->enumerate(ifaces, &current))
610 {
611 if (streq(current->ifname, ifa->ifa_name))
612 {
613 iface = current;
614 break;
615 }
616 }
617 ifaces->destroy(ifaces);
618
619 if (!iface)
620 {
621 iface = malloc_thing(iface_entry_t);
622 memcpy(iface->ifname, ifa->ifa_name, IFNAMSIZ);
623 iface->ifindex = if_nametoindex(ifa->ifa_name);
624 iface->flags = ifa->ifa_flags;
625 iface->addrs = linked_list_create();
626 this->ifaces->insert_last(this->ifaces, iface);
627 }
628
629 if (ifa->ifa_addr->sa_family != AF_LINK)
630 {
631 addr = malloc_thing(addr_entry_t);
632 addr->ip = host_create_from_sockaddr(ifa->ifa_addr);
633 addr->virtual = FALSE;
634 addr->refcount = 1;
635 iface->addrs->insert_last(iface->addrs, addr);
636 }
637 }
638 }
639 }
640 freeifaddrs(ifap);
641
642 ifaces = this->ifaces->create_enumerator(this->ifaces);
643 while (ifaces->enumerate(ifaces, &iface))
644 {
645 if (iface->flags & IFF_UP)
646 {
647 DBG1(DBG_KNL, " %s", iface->ifname);
648 addrs = iface->addrs->create_enumerator(iface->addrs);
649 while (addrs->enumerate(addrs, (void**)&addr))
650 {
651 DBG1(DBG_KNL, " %H", addr->ip);
652 }
653 addrs->destroy(addrs);
654 }
655 }
656 ifaces->destroy(ifaces);
657
658 return SUCCESS;
659 }
660
661 /**
662 * Implementation of kernel_netlink_net_t.destroy.
663 */
664 static void destroy(private_kernel_pfroute_net_t *this)
665 {
666 if (this->job)
667 {
668 this->job->cancel(this->job);
669 }
670 if (this->socket > 0)
671 {
672 close(this->socket);
673 }
674 if (this->socket_events)
675 {
676 close(this->socket_events);
677 }
678 this->ifaces->destroy_function(this->ifaces, (void*)iface_entry_destroy);
679 this->mutex->destroy(this->mutex);
680 this->mutex_pfroute->destroy(this->mutex_pfroute);
681 free(this);
682 }
683
684 /*
685 * Described in header.
686 */
687 kernel_pfroute_net_t *kernel_pfroute_net_create()
688 {
689 private_kernel_pfroute_net_t *this = malloc_thing(private_kernel_pfroute_net_t);
690
691 /* public functions */
692 this->public.interface.get_interface = (char*(*)(kernel_net_t*,host_t*))get_interface_name;
693 this->public.interface.create_address_enumerator = (enumerator_t*(*)(kernel_net_t*,bool,bool))create_address_enumerator;
694 this->public.interface.get_source_addr = (host_t*(*)(kernel_net_t*, host_t *dest, host_t *src))get_source_addr;
695 this->public.interface.get_nexthop = (host_t*(*)(kernel_net_t*, host_t *dest))get_nexthop;
696 this->public.interface.add_ip = (status_t(*)(kernel_net_t*,host_t*,host_t*)) add_ip;
697 this->public.interface.del_ip = (status_t(*)(kernel_net_t*,host_t*)) del_ip;
698 this->public.interface.add_route = (status_t(*)(kernel_net_t*,chunk_t,u_int8_t,host_t*,host_t*,char*)) add_route;
699 this->public.interface.del_route = (status_t(*)(kernel_net_t*,chunk_t,u_int8_t,host_t*,host_t*,char*)) del_route;
700
701 this->public.interface.destroy = (void(*)(kernel_net_t*)) destroy;
702
703 /* private members */
704 this->ifaces = linked_list_create();
705 this->mutex = mutex_create(MUTEX_TYPE_DEFAULT);
706 this->mutex_pfroute = mutex_create(MUTEX_TYPE_DEFAULT);
707
708 this->seq = 0;
709 this->socket_events = 0;
710 this->job = NULL;
711
712 /* create a PF_ROUTE socket to communicate with the kernel */
713 this->socket = socket(PF_ROUTE, SOCK_RAW, AF_UNSPEC);
714 if (this->socket < 0)
715 {
716 DBG1(DBG_KNL, "unable to create PF_ROUTE socket");
717 destroy(this);
718 return NULL;
719 }
720
721 /* create a PF_ROUTE socket to receive events */
722 this->socket_events = socket(PF_ROUTE, SOCK_RAW, AF_UNSPEC);
723 if (this->socket_events < 0)
724 {
725 DBG1(DBG_KNL, "unable to create PF_ROUTE event socket");
726 destroy(this);
727 return NULL;
728 }
729
730 this->job = callback_job_create((callback_job_cb_t)receive_events,
731 this, NULL, NULL);
732 hydra->processor->queue_job(hydra->processor, (job_t*)this->job);
733
734 if (init_address_list(this) != SUCCESS)
735 {
736 DBG1(DBG_KNL, "unable to get interface list");
737 destroy(this);
738 return NULL;
739 }
740
741 return &this->public;
742 }
strongSwan - IPsec VPN