libhydra: Move all kernel plugins to libcharon
[strongswan.git] / src / libcharon / plugins / kernel_pfroute / kernel_pfroute_net.c
1 /*
2 * Copyright (C) 2009-2013 Tobias Brunner
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include <sys/types.h>
17 #include <sys/socket.h>
18 #include <net/if.h>
19 #include <net/if_dl.h>
20 #include <ifaddrs.h>
21 #include <net/route.h>
22 #include <unistd.h>
23 #include <errno.h>
24
25 #include "kernel_pfroute_net.h"
26
27 #include <hydra.h>
28 #include <utils/debug.h>
29 #include <networking/host.h>
30 #include <networking/tun_device.h>
31 #include <threading/thread.h>
32 #include <threading/mutex.h>
33 #include <threading/condvar.h>
34 #include <threading/rwlock.h>
35 #include <threading/spinlock.h>
36 #include <collections/hashtable.h>
37 #include <collections/linked_list.h>
38 #include <processing/jobs/callback_job.h>
39
40 #ifndef HAVE_STRUCT_SOCKADDR_SA_LEN
41 #error Cannot compile this plugin on systems where 'struct sockaddr' has no sa_len member.
42 #endif
43
44 /** properly align sockaddrs */
45 #ifdef __APPLE__
46 /* Apple always uses 4 bytes */
47 #define SA_ALIGN 4
48 #else
49 /* while on other platforms like FreeBSD it depends on the architecture */
50 #define SA_ALIGN sizeof(long)
51 #endif
52 #define SA_LEN(len) ((len) > 0 ? (((len)+SA_ALIGN-1) & ~(SA_ALIGN-1)) : SA_ALIGN)
53
54 /** delay before firing roam events (ms) */
55 #define ROAM_DELAY 100
56
57 /** delay before reinstalling routes (ms) */
58 #define ROUTE_DELAY 100
59
60 typedef struct addr_entry_t addr_entry_t;
61
62 /**
63 * IP address in an inface_entry_t
64 */
65 struct addr_entry_t {
66
67 /** The ip address */
68 host_t *ip;
69
70 /** virtual IP managed by us */
71 bool virtual;
72 };
73
74 /**
75 * destroy a addr_entry_t object
76 */
77 static void addr_entry_destroy(addr_entry_t *this)
78 {
79 this->ip->destroy(this->ip);
80 free(this);
81 }
82
83 typedef struct iface_entry_t iface_entry_t;
84
85 /**
86 * A network interface on this system, containing addr_entry_t's
87 */
88 struct iface_entry_t {
89
90 /** interface index */
91 int ifindex;
92
93 /** name of the interface */
94 char ifname[IFNAMSIZ];
95
96 /** interface flags, as in netdevice(7) SIOCGIFFLAGS */
97 u_int flags;
98
99 /** list of addresses as host_t */
100 linked_list_t *addrs;
101
102 /** TRUE if usable by config */
103 bool usable;
104 };
105
106 /**
107 * destroy an interface entry
108 */
109 static void iface_entry_destroy(iface_entry_t *this)
110 {
111 this->addrs->destroy_function(this->addrs, (void*)addr_entry_destroy);
112 free(this);
113 }
114
115 /**
116 * check if an interface is up
117 */
118 static inline bool iface_entry_up(iface_entry_t *iface)
119 {
120 return (iface->flags & IFF_UP) == IFF_UP;
121 }
122
123 /**
124 * check if an interface is up and usable
125 */
126 static inline bool iface_entry_up_and_usable(iface_entry_t *iface)
127 {
128 return iface->usable && iface_entry_up(iface);
129 }
130
131 typedef struct addr_map_entry_t addr_map_entry_t;
132
133 /**
134 * Entry that maps an IP address to an interface entry
135 */
136 struct addr_map_entry_t {
137 /** The IP address */
138 host_t *ip;
139
140 /** The address entry for this IP address */
141 addr_entry_t *addr;
142
143 /** The interface this address is installed on */
144 iface_entry_t *iface;
145 };
146
147 /**
148 * Hash a addr_map_entry_t object, all entries with the same IP address
149 * are stored in the same bucket
150 */
151 static u_int addr_map_entry_hash(addr_map_entry_t *this)
152 {
153 return chunk_hash(this->ip->get_address(this->ip));
154 }
155
156 /**
157 * Compare two addr_map_entry_t objects, two entries are equal if they are
158 * installed on the same interface
159 */
160 static bool addr_map_entry_equals(addr_map_entry_t *a, addr_map_entry_t *b)
161 {
162 return a->iface->ifindex == b->iface->ifindex &&
163 a->ip->ip_equals(a->ip, b->ip);
164 }
165
166 /**
167 * Used with get_match this finds an address entry if it is installed on
168 * an up and usable interface
169 */
170 static bool addr_map_entry_match_up_and_usable(addr_map_entry_t *a,
171 addr_map_entry_t *b)
172 {
173 return !b->addr->virtual && iface_entry_up_and_usable(b->iface) &&
174 a->ip->ip_equals(a->ip, b->ip);
175 }
176
177 /**
178 * Used with get_match this finds an address entry if it is installed as virtual
179 * IP address
180 */
181 static bool addr_map_entry_match_virtual(addr_map_entry_t *a, addr_map_entry_t *b)
182 {
183 return b->addr->virtual && a->ip->ip_equals(a->ip, b->ip);
184 }
185
186 /**
187 * Used with get_match this finds an address entry if it is installed on
188 * any active local interface
189 */
190 static bool addr_map_entry_match_up(addr_map_entry_t *a, addr_map_entry_t *b)
191 {
192 return !b->addr->virtual && iface_entry_up(b->iface) &&
193 a->ip->ip_equals(a->ip, b->ip);
194 }
195
196 typedef struct route_entry_t route_entry_t;
197
198 /**
199 * Installed routing entry
200 */
201 struct route_entry_t {
202 /** Name of the interface the route is bound to */
203 char *if_name;
204
205 /** Gateway for this route */
206 host_t *gateway;
207
208 /** Destination net */
209 chunk_t dst_net;
210
211 /** Destination net prefixlen */
212 u_int8_t prefixlen;
213 };
214
215 /**
216 * Clone a route_entry_t object.
217 */
218 static route_entry_t *route_entry_clone(route_entry_t *this)
219 {
220 route_entry_t *route;
221
222 INIT(route,
223 .if_name = strdup(this->if_name),
224 .gateway = this->gateway ? this->gateway->clone(this->gateway) : NULL,
225 .dst_net = chunk_clone(this->dst_net),
226 .prefixlen = this->prefixlen,
227 );
228 return route;
229 }
230
231 /**
232 * Destroy a route_entry_t object
233 */
234 static void route_entry_destroy(route_entry_t *this)
235 {
236 free(this->if_name);
237 DESTROY_IF(this->gateway);
238 chunk_free(&this->dst_net);
239 free(this);
240 }
241
242 /**
243 * Hash a route_entry_t object
244 */
245 static u_int route_entry_hash(route_entry_t *this)
246 {
247 return chunk_hash_inc(chunk_from_thing(this->prefixlen),
248 chunk_hash(this->dst_net));
249 }
250
251 /**
252 * Compare two route_entry_t objects
253 */
254 static bool route_entry_equals(route_entry_t *a, route_entry_t *b)
255 {
256 if (a->if_name && b->if_name && streq(a->if_name, b->if_name) &&
257 chunk_equals(a->dst_net, b->dst_net) && a->prefixlen == b->prefixlen)
258 {
259 return (!a->gateway && !b->gateway) || (a->gateway && b->gateway &&
260 a->gateway->ip_equals(a->gateway, b->gateway));
261 }
262 return FALSE;
263 }
264
265 typedef struct net_change_t net_change_t;
266
267 /**
268 * Queued network changes
269 */
270 struct net_change_t {
271 /** Name of the interface that got activated (or an IP appeared on) */
272 char *if_name;
273 };
274
275 /**
276 * Destroy a net_change_t object
277 */
278 static void net_change_destroy(net_change_t *this)
279 {
280 free(this->if_name);
281 free(this);
282 }
283
284 /**
285 * Hash a net_change_t object
286 */
287 static u_int net_change_hash(net_change_t *this)
288 {
289 return chunk_hash(chunk_create(this->if_name, strlen(this->if_name)));
290 }
291
292 /**
293 * Compare two net_change_t objects
294 */
295 static bool net_change_equals(net_change_t *a, net_change_t *b)
296 {
297 return streq(a->if_name, b->if_name);
298 }
299
300 typedef struct private_kernel_pfroute_net_t private_kernel_pfroute_net_t;
301
302 /**
303 * Private variables and functions of kernel_pfroute class.
304 */
305 struct private_kernel_pfroute_net_t
306 {
307 /**
308 * Public part of the kernel_pfroute_t object.
309 */
310 kernel_pfroute_net_t public;
311
312 /**
313 * lock to access lists and maps
314 */
315 rwlock_t *lock;
316
317 /**
318 * Cached list of interfaces and their addresses (iface_entry_t)
319 */
320 linked_list_t *ifaces;
321
322 /**
323 * Map for IP addresses to iface_entry_t objects (addr_map_entry_t)
324 */
325 hashtable_t *addrs;
326
327 /**
328 * List of tun devices we installed for virtual IPs
329 */
330 linked_list_t *tuns;
331
332 /**
333 * mutex to communicate exclusively with PF_KEY
334 */
335 mutex_t *mutex;
336
337 /**
338 * condvar to signal if PF_KEY query got a response
339 */
340 condvar_t *condvar;
341
342 /**
343 * installed routes
344 */
345 hashtable_t *routes;
346
347 /**
348 * mutex for routes
349 */
350 mutex_t *routes_lock;
351
352 /**
353 * interface changes which may trigger route reinstallation
354 */
355 hashtable_t *net_changes;
356
357 /**
358 * mutex for route reinstallation triggers
359 */
360 mutex_t *net_changes_lock;
361
362 /**
363 * time of last route reinstallation
364 */
365 timeval_t last_route_reinstall;
366
367 /**
368 * pid to send PF_ROUTE messages with
369 */
370 pid_t pid;
371
372 /**
373 * PF_ROUTE socket to communicate with the kernel
374 */
375 int socket;
376
377 /**
378 * sequence number for messages sent to the kernel
379 */
380 int seq;
381
382 /**
383 * Sequence number a query is waiting for
384 */
385 int waiting_seq;
386
387 /**
388 * Allocated reply message from kernel
389 */
390 struct rt_msghdr *reply;
391
392 /**
393 * earliest time of the next roam event
394 */
395 timeval_t next_roam;
396
397 /**
398 * roam event due to address change
399 */
400 bool roam_address;
401
402 /**
403 * lock to check and update roam event time
404 */
405 spinlock_t *roam_lock;
406
407 /**
408 * Time in ms to wait for IP addresses to appear/disappear
409 */
410 int vip_wait;
411
412 /**
413 * whether to actually install virtual IPs
414 */
415 bool install_virtual_ip;
416 };
417
418
419 /**
420 * Forward declaration
421 */
422 static status_t manage_route(private_kernel_pfroute_net_t *this, int op,
423 chunk_t dst_net, u_int8_t prefixlen,
424 host_t *gateway, char *if_name);
425
426 /**
427 * Clear the queued network changes.
428 */
429 static void net_changes_clear(private_kernel_pfroute_net_t *this)
430 {
431 enumerator_t *enumerator;
432 net_change_t *change;
433
434 enumerator = this->net_changes->create_enumerator(this->net_changes);
435 while (enumerator->enumerate(enumerator, NULL, (void**)&change))
436 {
437 this->net_changes->remove_at(this->net_changes, enumerator);
438 net_change_destroy(change);
439 }
440 enumerator->destroy(enumerator);
441 }
442
443 /**
444 * Act upon queued network changes.
445 */
446 static job_requeue_t reinstall_routes(private_kernel_pfroute_net_t *this)
447 {
448 enumerator_t *enumerator;
449 route_entry_t *route;
450
451 this->net_changes_lock->lock(this->net_changes_lock);
452 this->routes_lock->lock(this->routes_lock);
453
454 enumerator = this->routes->create_enumerator(this->routes);
455 while (enumerator->enumerate(enumerator, NULL, (void**)&route))
456 {
457 net_change_t *change, lookup = {
458 .if_name = route->if_name,
459 };
460 /* check if a change for the outgoing interface is queued */
461 change = this->net_changes->get(this->net_changes, &lookup);
462 if (change)
463 {
464 manage_route(this, RTM_ADD, route->dst_net, route->prefixlen,
465 route->gateway, route->if_name);
466 }
467 }
468 enumerator->destroy(enumerator);
469 this->routes_lock->unlock(this->routes_lock);
470
471 net_changes_clear(this);
472 this->net_changes_lock->unlock(this->net_changes_lock);
473 return JOB_REQUEUE_NONE;
474 }
475
476 /**
477 * Queue route reinstallation caused by network changes for a given interface.
478 *
479 * The route reinstallation is delayed for a while and only done once for
480 * several calls during this delay, in order to avoid doing it too often.
481 * The interface name is freed.
482 */
483 static void queue_route_reinstall(private_kernel_pfroute_net_t *this,
484 char *if_name)
485 {
486 net_change_t *update, *found;
487 timeval_t now;
488 job_t *job;
489
490 INIT(update,
491 .if_name = if_name
492 );
493
494 this->net_changes_lock->lock(this->net_changes_lock);
495 found = this->net_changes->put(this->net_changes, update, update);
496 if (found)
497 {
498 net_change_destroy(found);
499 }
500 time_monotonic(&now);
501 if (timercmp(&now, &this->last_route_reinstall, >))
502 {
503 timeval_add_ms(&now, ROUTE_DELAY);
504 this->last_route_reinstall = now;
505
506 job = (job_t*)callback_job_create((callback_job_cb_t)reinstall_routes,
507 this, NULL, NULL);
508 lib->scheduler->schedule_job_ms(lib->scheduler, job, ROUTE_DELAY);
509 }
510 this->net_changes_lock->unlock(this->net_changes_lock);
511 }
512
513 /**
514 * Add an address map entry
515 */
516 static void addr_map_entry_add(private_kernel_pfroute_net_t *this,
517 addr_entry_t *addr, iface_entry_t *iface)
518 {
519 addr_map_entry_t *entry;
520
521 INIT(entry,
522 .ip = addr->ip,
523 .addr = addr,
524 .iface = iface,
525 );
526 entry = this->addrs->put(this->addrs, entry, entry);
527 free(entry);
528 }
529
530 /**
531 * Remove an address map entry (the argument order is a bit strange because
532 * it is also used with linked_list_t.invoke_function)
533 */
534 static void addr_map_entry_remove(addr_entry_t *addr, iface_entry_t *iface,
535 private_kernel_pfroute_net_t *this)
536 {
537 addr_map_entry_t *entry, lookup = {
538 .ip = addr->ip,
539 .addr = addr,
540 .iface = iface,
541 };
542
543 entry = this->addrs->remove(this->addrs, &lookup);
544 free(entry);
545 }
546
547 /**
548 * callback function that raises the delayed roam event
549 */
550 static job_requeue_t roam_event(private_kernel_pfroute_net_t *this)
551 {
552 bool address;
553
554 this->roam_lock->lock(this->roam_lock);
555 address = this->roam_address;
556 this->roam_address = FALSE;
557 this->roam_lock->unlock(this->roam_lock);
558 hydra->kernel_interface->roam(hydra->kernel_interface, address);
559 return JOB_REQUEUE_NONE;
560 }
561
562 /**
563 * fire a roaming event. we delay it for a bit and fire only one event
564 * for multiple calls. otherwise we would create too many events.
565 */
566 static void fire_roam_event(private_kernel_pfroute_net_t *this, bool address)
567 {
568 timeval_t now;
569 job_t *job;
570
571 time_monotonic(&now);
572 this->roam_lock->lock(this->roam_lock);
573 this->roam_address |= address;
574 if (!timercmp(&now, &this->next_roam, >))
575 {
576 this->roam_lock->unlock(this->roam_lock);
577 return;
578 }
579 timeval_add_ms(&now, ROAM_DELAY);
580 this->next_roam = now;
581 this->roam_lock->unlock(this->roam_lock);
582
583 job = (job_t*)callback_job_create((callback_job_cb_t)roam_event,
584 this, NULL, NULL);
585 lib->scheduler->schedule_job_ms(lib->scheduler, job, ROAM_DELAY);
586 }
587
588 /**
589 * Data for enumerator over rtmsg sockaddrs
590 */
591 typedef struct {
592 /** implements enumerator */
593 enumerator_t public;
594 /** copy of attribute bitfield */
595 int types;
596 /** bytes remaining in buffer */
597 int remaining;
598 /** next sockaddr to enumerate */
599 struct sockaddr *addr;
600 } rt_enumerator_t;
601
602 METHOD(enumerator_t, rt_enumerate, bool,
603 rt_enumerator_t *this, int *xtype, struct sockaddr **addr)
604 {
605 int i, type;
606
607 if (this->remaining < sizeof(this->addr->sa_len) ||
608 this->remaining < this->addr->sa_len)
609 {
610 return FALSE;
611 }
612 for (i = 0; i < RTAX_MAX; i++)
613 {
614 type = (1 << i);
615 if (this->types & type)
616 {
617 this->types &= ~type;
618 *addr = this->addr;
619 *xtype = i;
620 this->remaining -= SA_LEN(this->addr->sa_len);
621 this->addr = (struct sockaddr*)((char*)this->addr +
622 SA_LEN(this->addr->sa_len));
623 return TRUE;
624 }
625 }
626 return FALSE;
627 }
628
629 /**
630 * Create an enumerator over sockaddrs in rt/if messages
631 */
632 static enumerator_t *create_rt_enumerator(int types, int remaining,
633 struct sockaddr *addr)
634 {
635 rt_enumerator_t *this;
636
637 INIT(this,
638 .public = {
639 .enumerate = (void*)_rt_enumerate,
640 .destroy = (void*)free,
641 },
642 .types = types,
643 .remaining = remaining,
644 .addr = addr,
645 );
646 return &this->public;
647 }
648
649 /**
650 * Create a safe enumerator over sockaddrs in rt_msghdr
651 */
652 static enumerator_t *create_rtmsg_enumerator(struct rt_msghdr *hdr)
653 {
654 return create_rt_enumerator(hdr->rtm_addrs, hdr->rtm_msglen - sizeof(*hdr),
655 (struct sockaddr *)(hdr + 1));
656 }
657
658 /**
659 * Create a safe enumerator over sockaddrs in ifa_msghdr
660 */
661 static enumerator_t *create_ifamsg_enumerator(struct ifa_msghdr *hdr)
662 {
663 return create_rt_enumerator(hdr->ifam_addrs, hdr->ifam_msglen - sizeof(*hdr),
664 (struct sockaddr *)(hdr + 1));
665 }
666
667 /**
668 * Process an RTM_*ADDR message from the kernel
669 */
670 static void process_addr(private_kernel_pfroute_net_t *this,
671 struct ifa_msghdr *ifa)
672 {
673 struct sockaddr *sockaddr;
674 host_t *host = NULL;
675 enumerator_t *ifaces, *addrs;
676 iface_entry_t *iface;
677 addr_entry_t *addr;
678 bool found = FALSE, changed = FALSE, roam = FALSE;
679 enumerator_t *enumerator;
680 char *ifname = NULL;
681 int type;
682
683 enumerator = create_ifamsg_enumerator(ifa);
684 while (enumerator->enumerate(enumerator, &type, &sockaddr))
685 {
686 if (type == RTAX_IFA)
687 {
688 host = host_create_from_sockaddr(sockaddr);
689 break;
690 }
691 }
692 enumerator->destroy(enumerator);
693
694 if (!host || host->is_anyaddr(host))
695 {
696 DESTROY_IF(host);
697 return;
698 }
699
700 this->lock->write_lock(this->lock);
701 ifaces = this->ifaces->create_enumerator(this->ifaces);
702 while (ifaces->enumerate(ifaces, &iface))
703 {
704 if (iface->ifindex == ifa->ifam_index)
705 {
706 addrs = iface->addrs->create_enumerator(iface->addrs);
707 while (addrs->enumerate(addrs, &addr))
708 {
709 if (host->ip_equals(host, addr->ip))
710 {
711 found = TRUE;
712 if (ifa->ifam_type == RTM_DELADDR)
713 {
714 iface->addrs->remove_at(iface->addrs, addrs);
715 if (!addr->virtual && iface->usable)
716 {
717 changed = TRUE;
718 DBG1(DBG_KNL, "%H disappeared from %s",
719 host, iface->ifname);
720 }
721 addr_map_entry_remove(addr, iface, this);
722 addr_entry_destroy(addr);
723 }
724 }
725 }
726 addrs->destroy(addrs);
727
728 if (!found && ifa->ifam_type == RTM_NEWADDR)
729 {
730 INIT(addr,
731 .ip = host->clone(host),
732 );
733 changed = TRUE;
734 ifname = strdup(iface->ifname);
735 iface->addrs->insert_last(iface->addrs, addr);
736 addr_map_entry_add(this, addr, iface);
737 if (iface->usable)
738 {
739 DBG1(DBG_KNL, "%H appeared on %s", host, iface->ifname);
740 }
741 }
742
743 if (changed && iface_entry_up_and_usable(iface))
744 {
745 roam = TRUE;
746 }
747 break;
748 }
749 }
750 ifaces->destroy(ifaces);
751 this->lock->unlock(this->lock);
752 host->destroy(host);
753
754 if (roam && ifname)
755 {
756 queue_route_reinstall(this, ifname);
757 }
758 else
759 {
760 free(ifname);
761 }
762
763 if (roam)
764 {
765 fire_roam_event(this, TRUE);
766 }
767 }
768
769 /**
770 * Re-initialize address list of an interface if it changes state
771 */
772 static void repopulate_iface(private_kernel_pfroute_net_t *this,
773 iface_entry_t *iface)
774 {
775 struct ifaddrs *ifap, *ifa;
776 addr_entry_t *addr;
777
778 while (iface->addrs->remove_last(iface->addrs, (void**)&addr) == SUCCESS)
779 {
780 addr_map_entry_remove(addr, iface, this);
781 addr_entry_destroy(addr);
782 }
783
784 if (getifaddrs(&ifap) == 0)
785 {
786 for (ifa = ifap; ifa != NULL; ifa = ifa->ifa_next)
787 {
788 if (ifa->ifa_addr && streq(ifa->ifa_name, iface->ifname))
789 {
790 switch (ifa->ifa_addr->sa_family)
791 {
792 case AF_INET:
793 case AF_INET6:
794 INIT(addr,
795 .ip = host_create_from_sockaddr(ifa->ifa_addr),
796 );
797 iface->addrs->insert_last(iface->addrs, addr);
798 addr_map_entry_add(this, addr, iface);
799 break;
800 default:
801 break;
802 }
803 }
804 }
805 freeifaddrs(ifap);
806 }
807 }
808
809 /**
810 * Process an RTM_IFINFO message from the kernel
811 */
812 static void process_link(private_kernel_pfroute_net_t *this,
813 struct if_msghdr *msg)
814 {
815 enumerator_t *enumerator;
816 iface_entry_t *iface;
817 bool roam = FALSE, found = FALSE, update_routes = FALSE;
818
819 this->lock->write_lock(this->lock);
820 enumerator = this->ifaces->create_enumerator(this->ifaces);
821 while (enumerator->enumerate(enumerator, &iface))
822 {
823 if (iface->ifindex == msg->ifm_index)
824 {
825 if (iface->usable)
826 {
827 if (!(iface->flags & IFF_UP) && (msg->ifm_flags & IFF_UP))
828 {
829 roam = update_routes = TRUE;
830 DBG1(DBG_KNL, "interface %s activated", iface->ifname);
831 }
832 else if ((iface->flags & IFF_UP) && !(msg->ifm_flags & IFF_UP))
833 {
834 roam = TRUE;
835 DBG1(DBG_KNL, "interface %s deactivated", iface->ifname);
836 }
837 }
838 #ifdef __APPLE__
839 /* There seems to be a race condition on 10.10, where we get
840 * the RTM_IFINFO, but getifaddrs() does not return the virtual
841 * IP installed on a tun device, but we also don't get a
842 * RTM_NEWADDR. We therefore could miss the new address, letting
843 * virtual IP installation fail. Delaying getifaddrs() helps,
844 * but is obviously not a clean fix. */
845 usleep(50000);
846 #endif
847 iface->flags = msg->ifm_flags;
848 repopulate_iface(this, iface);
849 found = TRUE;
850 break;
851 }
852 }
853 enumerator->destroy(enumerator);
854
855 if (!found)
856 {
857 INIT(iface,
858 .ifindex = msg->ifm_index,
859 .flags = msg->ifm_flags,
860 .addrs = linked_list_create(),
861 );
862 if (if_indextoname(iface->ifindex, iface->ifname))
863 {
864 DBG1(DBG_KNL, "interface %s appeared", iface->ifname);
865 iface->usable = hydra->kernel_interface->is_interface_usable(
866 hydra->kernel_interface, iface->ifname);
867 repopulate_iface(this, iface);
868 this->ifaces->insert_last(this->ifaces, iface);
869 if (iface->usable)
870 {
871 roam = update_routes = TRUE;
872 }
873 }
874 else
875 {
876 free(iface);
877 }
878 }
879 this->lock->unlock(this->lock);
880
881 if (update_routes)
882 {
883 queue_route_reinstall(this, strdup(iface->ifname));
884 }
885
886 if (roam)
887 {
888 fire_roam_event(this, TRUE);
889 }
890 }
891
892 #ifdef HAVE_RTM_IFANNOUNCE
893
894 /**
895 * Process an RTM_IFANNOUNCE message from the kernel
896 */
897 static void process_announce(private_kernel_pfroute_net_t *this,
898 struct if_announcemsghdr *msg)
899 {
900 enumerator_t *enumerator;
901 iface_entry_t *iface;
902
903 if (msg->ifan_what != IFAN_DEPARTURE)
904 {
905 /* we handle new interfaces in process_link() */
906 return;
907 }
908
909 this->lock->write_lock(this->lock);
910 enumerator = this->ifaces->create_enumerator(this->ifaces);
911 while (enumerator->enumerate(enumerator, &iface))
912 {
913 if (iface->ifindex == msg->ifan_index)
914 {
915 DBG1(DBG_KNL, "interface %s disappeared", iface->ifname);
916 this->ifaces->remove_at(this->ifaces, enumerator);
917 iface_entry_destroy(iface);
918 break;
919 }
920 }
921 enumerator->destroy(enumerator);
922 this->lock->unlock(this->lock);
923 }
924
925 #endif /* HAVE_RTM_IFANNOUNCE */
926
927 /**
928 * Process an RTM_*ROUTE message from the kernel
929 */
930 static void process_route(private_kernel_pfroute_net_t *this,
931 struct rt_msghdr *msg)
932 {
933
934 }
935
936 /**
937 * Receives PF_ROUTE messages from kernel
938 */
939 static bool receive_events(private_kernel_pfroute_net_t *this, int fd,
940 watcher_event_t event)
941 {
942 struct {
943 union {
944 struct rt_msghdr rtm;
945 struct if_msghdr ifm;
946 struct ifa_msghdr ifam;
947 #ifdef HAVE_RTM_IFANNOUNCE
948 struct if_announcemsghdr ifanm;
949 #endif
950 };
951 char buf[sizeof(struct sockaddr_storage) * RTAX_MAX];
952 } msg;
953 int len, hdrlen;
954
955 len = recv(this->socket, &msg, sizeof(msg), MSG_DONTWAIT);
956 if (len < 0)
957 {
958 switch (errno)
959 {
960 case EINTR:
961 case EAGAIN:
962 return TRUE;
963 default:
964 DBG1(DBG_KNL, "unable to receive from PF_ROUTE event socket");
965 sleep(1);
966 return TRUE;
967 }
968 }
969
970 if (len < offsetof(struct rt_msghdr, rtm_flags) || len < msg.rtm.rtm_msglen)
971 {
972 DBG1(DBG_KNL, "received invalid PF_ROUTE message");
973 return TRUE;
974 }
975 if (msg.rtm.rtm_version != RTM_VERSION)
976 {
977 DBG1(DBG_KNL, "received PF_ROUTE message with unsupported version: %d",
978 msg.rtm.rtm_version);
979 return TRUE;
980 }
981 switch (msg.rtm.rtm_type)
982 {
983 case RTM_NEWADDR:
984 case RTM_DELADDR:
985 hdrlen = sizeof(msg.ifam);
986 break;
987 case RTM_IFINFO:
988 hdrlen = sizeof(msg.ifm);
989 break;
990 #ifdef HAVE_RTM_IFANNOUNCE
991 case RTM_IFANNOUNCE:
992 hdrlen = sizeof(msg.ifanm);
993 break;
994 #endif /* HAVE_RTM_IFANNOUNCE */
995 case RTM_ADD:
996 case RTM_DELETE:
997 case RTM_GET:
998 hdrlen = sizeof(msg.rtm);
999 break;
1000 default:
1001 return TRUE;
1002 }
1003 if (msg.rtm.rtm_msglen < hdrlen)
1004 {
1005 DBG1(DBG_KNL, "ignoring short PF_ROUTE message");
1006 return TRUE;
1007 }
1008 switch (msg.rtm.rtm_type)
1009 {
1010 case RTM_NEWADDR:
1011 case RTM_DELADDR:
1012 process_addr(this, &msg.ifam);
1013 break;
1014 case RTM_IFINFO:
1015 process_link(this, &msg.ifm);
1016 break;
1017 #ifdef HAVE_RTM_IFANNOUNCE
1018 case RTM_IFANNOUNCE:
1019 process_announce(this, &msg.ifanm);
1020 break;
1021 #endif /* HAVE_RTM_IFANNOUNCE */
1022 case RTM_ADD:
1023 case RTM_DELETE:
1024 process_route(this, &msg.rtm);
1025 break;
1026 default:
1027 break;
1028 }
1029
1030 this->mutex->lock(this->mutex);
1031 if (msg.rtm.rtm_pid == this->pid && msg.rtm.rtm_seq == this->waiting_seq)
1032 {
1033 /* seems like the message someone is waiting for, deliver */
1034 this->reply = realloc(this->reply, msg.rtm.rtm_msglen);
1035 memcpy(this->reply, &msg, msg.rtm.rtm_msglen);
1036 }
1037 /* signal on any event, add_ip()/del_ip() might wait for it */
1038 this->condvar->broadcast(this->condvar);
1039 this->mutex->unlock(this->mutex);
1040
1041 return TRUE;
1042 }
1043
1044
1045 /** enumerator over addresses */
1046 typedef struct {
1047 private_kernel_pfroute_net_t* this;
1048 /** which addresses to enumerate */
1049 kernel_address_type_t which;
1050 } address_enumerator_t;
1051
1052 /**
1053 * cleanup function for address enumerator
1054 */
1055 static void address_enumerator_destroy(address_enumerator_t *data)
1056 {
1057 data->this->lock->unlock(data->this->lock);
1058 free(data);
1059 }
1060
1061 /**
1062 * filter for addresses
1063 */
1064 static bool filter_addresses(address_enumerator_t *data,
1065 addr_entry_t** in, host_t** out)
1066 {
1067 host_t *ip;
1068 if (!(data->which & ADDR_TYPE_VIRTUAL) && (*in)->virtual)
1069 { /* skip virtual interfaces added by us */
1070 return FALSE;
1071 }
1072 if (!(data->which & ADDR_TYPE_REGULAR) && !(*in)->virtual)
1073 { /* address is regular, but not requested */
1074 return FALSE;
1075 }
1076 ip = (*in)->ip;
1077 if (ip->get_family(ip) == AF_INET6)
1078 {
1079 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)ip->get_sockaddr(ip);
1080 if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr))
1081 { /* skip addresses with a unusable scope */
1082 return FALSE;
1083 }
1084 }
1085 *out = ip;
1086 return TRUE;
1087 }
1088
1089 /**
1090 * enumerator constructor for interfaces
1091 */
1092 static enumerator_t *create_iface_enumerator(iface_entry_t *iface,
1093 address_enumerator_t *data)
1094 {
1095 return enumerator_create_filter(iface->addrs->create_enumerator(iface->addrs),
1096 (void*)filter_addresses, data, NULL);
1097 }
1098
1099 /**
1100 * filter for interfaces
1101 */
1102 static bool filter_interfaces(address_enumerator_t *data, iface_entry_t** in,
1103 iface_entry_t** out)
1104 {
1105 if (!(data->which & ADDR_TYPE_IGNORED) && !(*in)->usable)
1106 { /* skip interfaces excluded by config */
1107 return FALSE;
1108 }
1109 if (!(data->which & ADDR_TYPE_LOOPBACK) && ((*in)->flags & IFF_LOOPBACK))
1110 { /* ignore loopback devices */
1111 return FALSE;
1112 }
1113 if (!(data->which & ADDR_TYPE_DOWN) && !((*in)->flags & IFF_UP))
1114 { /* skip interfaces not up */
1115 return FALSE;
1116 }
1117 *out = *in;
1118 return TRUE;
1119 }
1120
1121 METHOD(kernel_net_t, create_address_enumerator, enumerator_t*,
1122 private_kernel_pfroute_net_t *this, kernel_address_type_t which)
1123 {
1124 address_enumerator_t *data;
1125
1126 INIT(data,
1127 .this = this,
1128 .which = which,
1129 );
1130
1131 this->lock->read_lock(this->lock);
1132 return enumerator_create_nested(
1133 enumerator_create_filter(
1134 this->ifaces->create_enumerator(this->ifaces),
1135 (void*)filter_interfaces, data, NULL),
1136 (void*)create_iface_enumerator, data,
1137 (void*)address_enumerator_destroy);
1138 }
1139
1140 METHOD(kernel_net_t, get_features, kernel_feature_t,
1141 private_kernel_pfroute_net_t *this)
1142 {
1143 return KERNEL_REQUIRE_EXCLUDE_ROUTE;
1144 }
1145
1146 METHOD(kernel_net_t, get_interface_name, bool,
1147 private_kernel_pfroute_net_t *this, host_t* ip, char **name)
1148 {
1149 addr_map_entry_t *entry, lookup = {
1150 .ip = ip,
1151 };
1152
1153 if (ip->is_anyaddr(ip))
1154 {
1155 return FALSE;
1156 }
1157 this->lock->read_lock(this->lock);
1158 /* first try to find it on an up and usable interface */
1159 entry = this->addrs->get_match(this->addrs, &lookup,
1160 (void*)addr_map_entry_match_up_and_usable);
1161 if (entry)
1162 {
1163 if (name)
1164 {
1165 *name = strdup(entry->iface->ifname);
1166 DBG2(DBG_KNL, "%H is on interface %s", ip, *name);
1167 }
1168 this->lock->unlock(this->lock);
1169 return TRUE;
1170 }
1171 /* check if it is a virtual IP */
1172 entry = this->addrs->get_match(this->addrs, &lookup,
1173 (void*)addr_map_entry_match_virtual);
1174 if (entry)
1175 {
1176 if (name)
1177 {
1178 *name = strdup(entry->iface->ifname);
1179 DBG2(DBG_KNL, "virtual IP %H is on interface %s", ip, *name);
1180 }
1181 this->lock->unlock(this->lock);
1182 return TRUE;
1183 }
1184 /* maybe it is installed on an ignored interface */
1185 entry = this->addrs->get_match(this->addrs, &lookup,
1186 (void*)addr_map_entry_match_up);
1187 if (!entry)
1188 { /* the address does not exist, is on a down interface */
1189 DBG2(DBG_KNL, "%H is not a local address or the interface is down", ip);
1190 }
1191 this->lock->unlock(this->lock);
1192 return FALSE;
1193 }
1194
1195 METHOD(kernel_net_t, add_ip, status_t,
1196 private_kernel_pfroute_net_t *this, host_t *vip, int prefix,
1197 char *ifname)
1198 {
1199 enumerator_t *ifaces, *addrs;
1200 iface_entry_t *iface;
1201 addr_entry_t *addr;
1202 tun_device_t *tun;
1203 bool timeout = FALSE;
1204
1205 if (!this->install_virtual_ip)
1206 { /* disabled by config */
1207 return SUCCESS;
1208 }
1209
1210 tun = tun_device_create(NULL);
1211 if (!tun)
1212 {
1213 return FAILED;
1214 }
1215 if (prefix == -1)
1216 {
1217 prefix = vip->get_address(vip).len * 8;
1218 }
1219 if (!tun->up(tun) || !tun->set_address(tun, vip, prefix))
1220 {
1221 tun->destroy(tun);
1222 return FAILED;
1223 }
1224
1225 /* wait until address appears */
1226 this->mutex->lock(this->mutex);
1227 while (!timeout && !get_interface_name(this, vip, NULL))
1228 {
1229 timeout = this->condvar->timed_wait(this->condvar, this->mutex,
1230 this->vip_wait);
1231 }
1232 this->mutex->unlock(this->mutex);
1233 if (timeout)
1234 {
1235 DBG1(DBG_KNL, "virtual IP %H did not appear on %s",
1236 vip, tun->get_name(tun));
1237 tun->destroy(tun);
1238 return FAILED;
1239 }
1240
1241 this->lock->write_lock(this->lock);
1242 this->tuns->insert_last(this->tuns, tun);
1243
1244 ifaces = this->ifaces->create_enumerator(this->ifaces);
1245 while (ifaces->enumerate(ifaces, &iface))
1246 {
1247 if (streq(iface->ifname, tun->get_name(tun)))
1248 {
1249 addrs = iface->addrs->create_enumerator(iface->addrs);
1250 while (addrs->enumerate(addrs, &addr))
1251 {
1252 if (addr->ip->ip_equals(addr->ip, vip))
1253 {
1254 addr->virtual = TRUE;
1255 }
1256 }
1257 addrs->destroy(addrs);
1258 /* during IKEv1 reauthentication, children get moved from
1259 * old the new SA before the virtual IP is available. This
1260 * kills the route for our virtual IP, reinstall. */
1261 queue_route_reinstall(this, strdup(iface->ifname));
1262 break;
1263 }
1264 }
1265 ifaces->destroy(ifaces);
1266 /* lets do this while holding the lock, thus preventing another thread
1267 * from deleting the TUN device concurrently, hopefully listeners are quick
1268 * and cause no deadlocks */
1269 hydra->kernel_interface->tun(hydra->kernel_interface, tun, TRUE);
1270 this->lock->unlock(this->lock);
1271
1272 return SUCCESS;
1273 }
1274
1275 METHOD(kernel_net_t, del_ip, status_t,
1276 private_kernel_pfroute_net_t *this, host_t *vip, int prefix,
1277 bool wait)
1278 {
1279 enumerator_t *enumerator;
1280 tun_device_t *tun;
1281 host_t *addr;
1282 bool timeout = FALSE, found = FALSE;
1283
1284 if (!this->install_virtual_ip)
1285 { /* disabled by config */
1286 return SUCCESS;
1287 }
1288
1289 this->lock->write_lock(this->lock);
1290 enumerator = this->tuns->create_enumerator(this->tuns);
1291 while (enumerator->enumerate(enumerator, &tun))
1292 {
1293 addr = tun->get_address(tun, NULL);
1294 if (addr && addr->ip_equals(addr, vip))
1295 {
1296 this->tuns->remove_at(this->tuns, enumerator);
1297 hydra->kernel_interface->tun(hydra->kernel_interface, tun,
1298 FALSE);
1299 tun->destroy(tun);
1300 found = TRUE;
1301 break;
1302 }
1303 }
1304 enumerator->destroy(enumerator);
1305 this->lock->unlock(this->lock);
1306
1307 if (!found)
1308 {
1309 return NOT_FOUND;
1310 }
1311 /* wait until address disappears */
1312 if (wait)
1313 {
1314 this->mutex->lock(this->mutex);
1315 while (!timeout && get_interface_name(this, vip, NULL))
1316 {
1317 timeout = this->condvar->timed_wait(this->condvar, this->mutex,
1318 this->vip_wait);
1319 }
1320 this->mutex->unlock(this->mutex);
1321 if (timeout)
1322 {
1323 DBG1(DBG_KNL, "virtual IP %H did not disappear from tun", vip);
1324 return FAILED;
1325 }
1326 }
1327 return SUCCESS;
1328 }
1329
1330 /**
1331 * Append a sockaddr_in/in6 of given type to routing message
1332 */
1333 static void add_rt_addr(struct rt_msghdr *hdr, int type, host_t *addr)
1334 {
1335 if (addr)
1336 {
1337 int len;
1338
1339 len = *addr->get_sockaddr_len(addr);
1340 memcpy((char*)hdr + hdr->rtm_msglen, addr->get_sockaddr(addr), len);
1341 hdr->rtm_msglen += SA_LEN(len);
1342 hdr->rtm_addrs |= type;
1343 }
1344 }
1345
1346 /**
1347 * Append a subnet mask sockaddr using the given prefix to routing message
1348 */
1349 static void add_rt_mask(struct rt_msghdr *hdr, int type, int family, int prefix)
1350 {
1351 host_t *mask;
1352
1353 mask = host_create_netmask(family, prefix);
1354 if (mask)
1355 {
1356 add_rt_addr(hdr, type, mask);
1357 mask->destroy(mask);
1358 }
1359 }
1360
1361 /**
1362 * Append an interface name sockaddr_dl to routing message
1363 */
1364 static void add_rt_ifname(struct rt_msghdr *hdr, int type, char *name)
1365 {
1366 struct sockaddr_dl sdl = {
1367 .sdl_len = sizeof(struct sockaddr_dl),
1368 .sdl_family = AF_LINK,
1369 .sdl_nlen = strlen(name),
1370 };
1371
1372 if (strlen(name) <= sizeof(sdl.sdl_data))
1373 {
1374 memcpy(sdl.sdl_data, name, sdl.sdl_nlen);
1375 memcpy((char*)hdr + hdr->rtm_msglen, &sdl, sdl.sdl_len);
1376 hdr->rtm_msglen += SA_LEN(sdl.sdl_len);
1377 hdr->rtm_addrs |= type;
1378 }
1379 }
1380
1381 /**
1382 * Add or remove a route
1383 */
1384 static status_t manage_route(private_kernel_pfroute_net_t *this, int op,
1385 chunk_t dst_net, u_int8_t prefixlen,
1386 host_t *gateway, char *if_name)
1387 {
1388 struct {
1389 struct rt_msghdr hdr;
1390 char buf[sizeof(struct sockaddr_storage) * RTAX_MAX];
1391 } msg = {
1392 .hdr = {
1393 .rtm_version = RTM_VERSION,
1394 .rtm_type = op,
1395 .rtm_flags = RTF_UP | RTF_STATIC,
1396 .rtm_pid = this->pid,
1397 .rtm_seq = ref_get(&this->seq),
1398 },
1399 };
1400 host_t *dst;
1401 int type;
1402
1403 if (prefixlen == 0 && dst_net.len)
1404 {
1405 status_t status;
1406 chunk_t half;
1407
1408 half = chunk_clonea(dst_net);
1409 half.ptr[0] |= 0x80;
1410 prefixlen = 1;
1411 status = manage_route(this, op, half, prefixlen, gateway, if_name);
1412 if (status != SUCCESS)
1413 {
1414 return status;
1415 }
1416 }
1417
1418 dst = host_create_from_chunk(AF_UNSPEC, dst_net, 0);
1419 if (!dst)
1420 {
1421 return FAILED;
1422 }
1423
1424 if ((dst->get_family(dst) == AF_INET && prefixlen == 32) ||
1425 (dst->get_family(dst) == AF_INET6 && prefixlen == 128))
1426 {
1427 msg.hdr.rtm_flags |= RTF_HOST | RTF_GATEWAY;
1428 }
1429
1430 msg.hdr.rtm_msglen = sizeof(struct rt_msghdr);
1431 for (type = 0; type < RTAX_MAX; type++)
1432 {
1433 switch (type)
1434 {
1435 case RTAX_DST:
1436 add_rt_addr(&msg.hdr, RTA_DST, dst);
1437 break;
1438 case RTAX_NETMASK:
1439 if (!(msg.hdr.rtm_flags & RTF_HOST))
1440 {
1441 add_rt_mask(&msg.hdr, RTA_NETMASK,
1442 dst->get_family(dst), prefixlen);
1443 }
1444 break;
1445 case RTAX_IFP:
1446 if (if_name)
1447 {
1448 add_rt_ifname(&msg.hdr, RTA_IFP, if_name);
1449 }
1450 break;
1451 case RTAX_GATEWAY:
1452 if (gateway)
1453 {
1454 add_rt_addr(&msg.hdr, RTA_GATEWAY, gateway);
1455 }
1456 break;
1457 default:
1458 break;
1459 }
1460 }
1461 dst->destroy(dst);
1462
1463 if (send(this->socket, &msg, msg.hdr.rtm_msglen, 0) != msg.hdr.rtm_msglen)
1464 {
1465 if (errno == EEXIST)
1466 {
1467 return ALREADY_DONE;
1468 }
1469 DBG1(DBG_KNL, "%s PF_ROUTE route failed: %s",
1470 op == RTM_ADD ? "adding" : "deleting", strerror(errno));
1471 return FAILED;
1472 }
1473 return SUCCESS;
1474 }
1475
1476 METHOD(kernel_net_t, add_route, status_t,
1477 private_kernel_pfroute_net_t *this, chunk_t dst_net, u_int8_t prefixlen,
1478 host_t *gateway, host_t *src_ip, char *if_name)
1479 {
1480 status_t status;
1481 route_entry_t *found, route = {
1482 .dst_net = dst_net,
1483 .prefixlen = prefixlen,
1484 .gateway = gateway,
1485 .if_name = if_name,
1486 };
1487
1488 this->routes_lock->lock(this->routes_lock);
1489 found = this->routes->get(this->routes, &route);
1490 if (found)
1491 {
1492 this->routes_lock->unlock(this->routes_lock);
1493 return ALREADY_DONE;
1494 }
1495 status = manage_route(this, RTM_ADD, dst_net, prefixlen, gateway, if_name);
1496 if (status == SUCCESS)
1497 {
1498 found = route_entry_clone(&route);
1499 this->routes->put(this->routes, found, found);
1500 }
1501 this->routes_lock->unlock(this->routes_lock);
1502 return status;
1503 }
1504
1505 METHOD(kernel_net_t, del_route, status_t,
1506 private_kernel_pfroute_net_t *this, chunk_t dst_net, u_int8_t prefixlen,
1507 host_t *gateway, host_t *src_ip, char *if_name)
1508 {
1509 status_t status;
1510 route_entry_t *found, route = {
1511 .dst_net = dst_net,
1512 .prefixlen = prefixlen,
1513 .gateway = gateway,
1514 .if_name = if_name,
1515 };
1516
1517 this->routes_lock->lock(this->routes_lock);
1518 found = this->routes->get(this->routes, &route);
1519 if (!found)
1520 {
1521 this->routes_lock->unlock(this->routes_lock);
1522 return NOT_FOUND;
1523 }
1524 this->routes->remove(this->routes, found);
1525 route_entry_destroy(found);
1526 status = manage_route(this, RTM_DELETE, dst_net, prefixlen, gateway,
1527 if_name);
1528 this->routes_lock->unlock(this->routes_lock);
1529 return status;
1530 }
1531
1532 /**
1533 * Do a route lookup for dest and return either the nexthop or the source
1534 * address.
1535 */
1536 static host_t *get_route(private_kernel_pfroute_net_t *this, bool nexthop,
1537 host_t *dest, host_t *src)
1538 {
1539 struct {
1540 struct rt_msghdr hdr;
1541 char buf[sizeof(struct sockaddr_storage) * RTAX_MAX];
1542 } msg = {
1543 .hdr = {
1544 .rtm_version = RTM_VERSION,
1545 .rtm_type = RTM_GET,
1546 .rtm_pid = this->pid,
1547 .rtm_seq = ref_get(&this->seq),
1548 },
1549 };
1550 host_t *host = NULL;
1551 enumerator_t *enumerator;
1552 struct sockaddr *addr;
1553 bool failed = FALSE;
1554 int type;
1555
1556 retry:
1557 msg.hdr.rtm_msglen = sizeof(struct rt_msghdr);
1558 for (type = 0; type < RTAX_MAX; type++)
1559 {
1560 switch (type)
1561 {
1562 case RTAX_DST:
1563 add_rt_addr(&msg.hdr, RTA_DST, dest);
1564 break;
1565 case RTAX_IFA:
1566 add_rt_addr(&msg.hdr, RTA_IFA, src);
1567 break;
1568 case RTAX_IFP:
1569 if (!nexthop)
1570 { /* add an empty IFP to ensure we get a source address */
1571 add_rt_ifname(&msg.hdr, RTA_IFP, "");
1572 }
1573 break;
1574 default:
1575 break;
1576 }
1577 }
1578 this->mutex->lock(this->mutex);
1579
1580 while (this->waiting_seq)
1581 {
1582 this->condvar->wait(this->condvar, this->mutex);
1583 }
1584 this->waiting_seq = msg.hdr.rtm_seq;
1585 if (send(this->socket, &msg, msg.hdr.rtm_msglen, 0) == msg.hdr.rtm_msglen)
1586 {
1587 while (TRUE)
1588 {
1589 if (this->condvar->timed_wait(this->condvar, this->mutex, 1000))
1590 { /* timed out? */
1591 break;
1592 }
1593 if (!this->reply)
1594 {
1595 continue;
1596 }
1597 enumerator = create_rtmsg_enumerator(this->reply);
1598 while (enumerator->enumerate(enumerator, &type, &addr))
1599 {
1600 if (nexthop)
1601 {
1602 if (type == RTAX_DST && this->reply->rtm_flags & RTF_HOST)
1603 { /* probably a cloned/cached direct route, only use that
1604 * as fallback if no gateway is found */
1605 host = host ?: host_create_from_sockaddr(addr);
1606 }
1607 if (type == RTAX_GATEWAY)
1608 { /* could actually be a MAC address */
1609 host_t *gtw = host_create_from_sockaddr(addr);
1610 if (gtw)
1611 {
1612 DESTROY_IF(host);
1613 host = gtw;
1614 }
1615 }
1616 }
1617 else
1618 {
1619 if (type == RTAX_IFA)
1620 {
1621 host = host_create_from_sockaddr(addr);
1622 }
1623 }
1624 }
1625 enumerator->destroy(enumerator);
1626 break;
1627 }
1628 }
1629 else
1630 {
1631 failed = TRUE;
1632 }
1633 free(this->reply);
1634 this->reply = NULL;
1635 /* signal completion of query to a waiting thread */
1636 this->waiting_seq = 0;
1637 this->condvar->signal(this->condvar);
1638 this->mutex->unlock(this->mutex);
1639
1640 if (failed)
1641 {
1642 if (src)
1643 { /* the given source address might be gone, try again without */
1644 src = NULL;
1645 msg.hdr.rtm_seq = ref_get(&this->seq);
1646 msg.hdr.rtm_addrs = 0;
1647 memset(msg.buf, 0, sizeof(msg.buf));
1648 goto retry;
1649 }
1650 DBG1(DBG_KNL, "PF_ROUTE lookup failed: %s", strerror(errno));
1651 }
1652 if (nexthop)
1653 {
1654 host = host ?: dest->clone(dest);
1655 }
1656 else
1657 { /* make sure the source address is not virtual and usable */
1658 addr_entry_t *entry, lookup = {
1659 .ip = host,
1660 };
1661
1662 if (!host)
1663 {
1664 return NULL;
1665 }
1666 this->lock->read_lock(this->lock);
1667 entry = this->addrs->get_match(this->addrs, &lookup,
1668 (void*)addr_map_entry_match_up_and_usable);
1669 this->lock->unlock(this->lock);
1670 if (!entry)
1671 {
1672 host->destroy(host);
1673 return NULL;
1674 }
1675 }
1676 DBG2(DBG_KNL, "using %H as %s to reach %H", host,
1677 nexthop ? "nexthop" : "address", dest);
1678 return host;
1679 }
1680
1681 METHOD(kernel_net_t, get_source_addr, host_t*,
1682 private_kernel_pfroute_net_t *this, host_t *dest, host_t *src)
1683 {
1684 return get_route(this, FALSE, dest, src);
1685 }
1686
1687 METHOD(kernel_net_t, get_nexthop, host_t*,
1688 private_kernel_pfroute_net_t *this, host_t *dest, int prefix, host_t *src)
1689 {
1690 return get_route(this, TRUE, dest, src);
1691 }
1692
1693 /**
1694 * Initialize a list of local addresses.
1695 */
1696 static status_t init_address_list(private_kernel_pfroute_net_t *this)
1697 {
1698 struct ifaddrs *ifap, *ifa;
1699 iface_entry_t *iface, *current;
1700 addr_entry_t *addr;
1701 enumerator_t *ifaces, *addrs;
1702
1703 DBG2(DBG_KNL, "known interfaces and IP addresses:");
1704
1705 if (getifaddrs(&ifap) < 0)
1706 {
1707 DBG1(DBG_KNL, " failed to get interfaces!");
1708 return FAILED;
1709 }
1710
1711 for (ifa = ifap; ifa != NULL; ifa = ifa->ifa_next)
1712 {
1713 if (ifa->ifa_addr == NULL)
1714 {
1715 continue;
1716 }
1717 switch(ifa->ifa_addr->sa_family)
1718 {
1719 case AF_LINK:
1720 case AF_INET:
1721 case AF_INET6:
1722 {
1723 iface = NULL;
1724 ifaces = this->ifaces->create_enumerator(this->ifaces);
1725 while (ifaces->enumerate(ifaces, &current))
1726 {
1727 if (streq(current->ifname, ifa->ifa_name))
1728 {
1729 iface = current;
1730 break;
1731 }
1732 }
1733 ifaces->destroy(ifaces);
1734
1735 if (!iface)
1736 {
1737 INIT(iface,
1738 .ifindex = if_nametoindex(ifa->ifa_name),
1739 .flags = ifa->ifa_flags,
1740 .addrs = linked_list_create(),
1741 .usable = hydra->kernel_interface->is_interface_usable(
1742 hydra->kernel_interface, ifa->ifa_name),
1743 );
1744 memcpy(iface->ifname, ifa->ifa_name, IFNAMSIZ);
1745 this->ifaces->insert_last(this->ifaces, iface);
1746 }
1747
1748 if (ifa->ifa_addr->sa_family != AF_LINK)
1749 {
1750 INIT(addr,
1751 .ip = host_create_from_sockaddr(ifa->ifa_addr),
1752 );
1753 iface->addrs->insert_last(iface->addrs, addr);
1754 addr_map_entry_add(this, addr, iface);
1755 }
1756 }
1757 }
1758 }
1759 freeifaddrs(ifap);
1760
1761 ifaces = this->ifaces->create_enumerator(this->ifaces);
1762 while (ifaces->enumerate(ifaces, &iface))
1763 {
1764 if (iface->usable && iface->flags & IFF_UP)
1765 {
1766 DBG2(DBG_KNL, " %s", iface->ifname);
1767 addrs = iface->addrs->create_enumerator(iface->addrs);
1768 while (addrs->enumerate(addrs, (void**)&addr))
1769 {
1770 DBG2(DBG_KNL, " %H", addr->ip);
1771 }
1772 addrs->destroy(addrs);
1773 }
1774 }
1775 ifaces->destroy(ifaces);
1776
1777 return SUCCESS;
1778 }
1779
1780 METHOD(kernel_net_t, destroy, void,
1781 private_kernel_pfroute_net_t *this)
1782 {
1783 enumerator_t *enumerator;
1784 route_entry_t *route;
1785 addr_entry_t *addr;
1786
1787 enumerator = this->routes->create_enumerator(this->routes);
1788 while (enumerator->enumerate(enumerator, NULL, (void**)&route))
1789 {
1790 manage_route(this, RTM_DELETE, route->dst_net, route->prefixlen,
1791 route->gateway, route->if_name);
1792 route_entry_destroy(route);
1793 }
1794 enumerator->destroy(enumerator);
1795 this->routes->destroy(this->routes);
1796 this->routes_lock->destroy(this->routes_lock);
1797
1798 if (this->socket != -1)
1799 {
1800 lib->watcher->remove(lib->watcher, this->socket);
1801 close(this->socket);
1802 }
1803
1804 net_changes_clear(this);
1805 this->net_changes->destroy(this->net_changes);
1806 this->net_changes_lock->destroy(this->net_changes_lock);
1807
1808 enumerator = this->addrs->create_enumerator(this->addrs);
1809 while (enumerator->enumerate(enumerator, NULL, (void**)&addr))
1810 {
1811 free(addr);
1812 }
1813 enumerator->destroy(enumerator);
1814 this->addrs->destroy(this->addrs);
1815 this->ifaces->destroy_function(this->ifaces, (void*)iface_entry_destroy);
1816 this->tuns->destroy(this->tuns);
1817 this->lock->destroy(this->lock);
1818 this->mutex->destroy(this->mutex);
1819 this->condvar->destroy(this->condvar);
1820 this->roam_lock->destroy(this->roam_lock);
1821 free(this->reply);
1822 free(this);
1823 }
1824
1825 /*
1826 * Described in header.
1827 */
1828 kernel_pfroute_net_t *kernel_pfroute_net_create()
1829 {
1830 private_kernel_pfroute_net_t *this;
1831
1832 INIT(this,
1833 .public = {
1834 .interface = {
1835 .get_features = _get_features,
1836 .get_interface = _get_interface_name,
1837 .create_address_enumerator = _create_address_enumerator,
1838 .get_source_addr = _get_source_addr,
1839 .get_nexthop = _get_nexthop,
1840 .add_ip = _add_ip,
1841 .del_ip = _del_ip,
1842 .add_route = _add_route,
1843 .del_route = _del_route,
1844 .destroy = _destroy,
1845 },
1846 },
1847 .pid = getpid(),
1848 .ifaces = linked_list_create(),
1849 .addrs = hashtable_create(
1850 (hashtable_hash_t)addr_map_entry_hash,
1851 (hashtable_equals_t)addr_map_entry_equals, 16),
1852 .routes = hashtable_create((hashtable_hash_t)route_entry_hash,
1853 (hashtable_equals_t)route_entry_equals, 16),
1854 .net_changes = hashtable_create(
1855 (hashtable_hash_t)net_change_hash,
1856 (hashtable_equals_t)net_change_equals, 16),
1857 .tuns = linked_list_create(),
1858 .lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
1859 .mutex = mutex_create(MUTEX_TYPE_DEFAULT),
1860 .condvar = condvar_create(CONDVAR_TYPE_DEFAULT),
1861 .routes_lock = mutex_create(MUTEX_TYPE_DEFAULT),
1862 .net_changes_lock = mutex_create(MUTEX_TYPE_DEFAULT),
1863 .roam_lock = spinlock_create(),
1864 .vip_wait = lib->settings->get_int(lib->settings,
1865 "%s.plugins.kernel-pfroute.vip_wait", 1000, lib->ns),
1866 .install_virtual_ip = lib->settings->get_bool(lib->settings,
1867 "%s.install_virtual_ip", TRUE, lib->ns),
1868 );
1869 timerclear(&this->last_route_reinstall);
1870 timerclear(&this->next_roam);
1871
1872 /* create a PF_ROUTE socket to communicate with the kernel */
1873 this->socket = socket(PF_ROUTE, SOCK_RAW, AF_UNSPEC);
1874 if (this->socket == -1)
1875 {
1876 DBG1(DBG_KNL, "unable to create PF_ROUTE socket");
1877 destroy(this);
1878 return NULL;
1879 }
1880
1881 if (streq(lib->ns, "starter"))
1882 {
1883 /* starter has no threads, so we do not register for kernel events */
1884 if (shutdown(this->socket, SHUT_RD) != 0)
1885 {
1886 DBG1(DBG_KNL, "closing read end of PF_ROUTE socket failed: %s",
1887 strerror(errno));
1888 }
1889 }
1890 else
1891 {
1892 lib->watcher->add(lib->watcher, this->socket, WATCHER_READ,
1893 (watcher_cb_t)receive_events, this);
1894 }
1895 if (init_address_list(this) != SUCCESS)
1896 {
1897 DBG1(DBG_KNL, "unable to get interface list");
1898 destroy(this);
1899 return NULL;
1900 }
1901
1902 return &this->public;
1903 }