Adapted shunt manager to changed kernel interface (reqid in del_policy).
[strongswan.git] / src / libcharon / sa / shunt_manager.c
1 /*
2 * Copyright (C) 2011 Andreas Steffen
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "shunt_manager.h"
17
18 #include <hydra.h>
19 #include <daemon.h>
20 #include <threading/rwlock.h>
21 #include <utils/linked_list.h>
22
23
24 typedef struct private_shunt_manager_t private_shunt_manager_t;
25
26 /**
27 * Private data of an shunt_manager_t object.
28 */
29 struct private_shunt_manager_t {
30
31 /**
32 * Public shunt_manager_t interface.
33 */
34 shunt_manager_t public;
35
36 /**
37 * Installed shunts, as child_cfg_t
38 */
39 linked_list_t *shunts;
40 };
41
42 /**
43 * Install in and out shunt policies in the kernel
44 */
45 static bool install_shunt_policy(child_cfg_t *child)
46 {
47 enumerator_t *e_my_ts, *e_other_ts;
48 linked_list_t *my_ts_list, *other_ts_list;
49 traffic_selector_t *my_ts, *other_ts;
50 policy_type_t policy_type;
51 status_t status = SUCCESS;
52 ipsec_sa_cfg_t sa = { .mode = MODE_TRANSPORT };
53
54 policy_type = (child->get_mode(child) == MODE_PASS) ?
55 POLICY_PASS : POLICY_DROP;
56 my_ts_list = child->get_traffic_selectors(child, TRUE, NULL, NULL);
57 other_ts_list = child->get_traffic_selectors(child, FALSE, NULL, NULL);
58
59 /* enumerate pairs of traffic selectors */
60 e_my_ts = my_ts_list->create_enumerator(my_ts_list);
61 while (e_my_ts->enumerate(e_my_ts, &my_ts))
62 {
63 e_other_ts = other_ts_list->create_enumerator(other_ts_list);
64 while (e_other_ts->enumerate(e_other_ts, &other_ts))
65 {
66 /* install out policy */
67 status |= hydra->kernel_interface->add_policy(
68 hydra->kernel_interface, NULL, NULL,
69 my_ts, other_ts, POLICY_OUT, policy_type,
70 &sa, child->get_mark(child, FALSE), FALSE);
71
72 /* install in policy */
73 status |= hydra->kernel_interface->add_policy(
74 hydra->kernel_interface, NULL, NULL,
75 other_ts, my_ts, POLICY_IN, policy_type,
76 &sa, child->get_mark(child, TRUE), FALSE);
77
78 /* install forward policy */
79 status |= hydra->kernel_interface->add_policy(
80 hydra->kernel_interface, NULL, NULL,
81 other_ts, my_ts, POLICY_FWD, policy_type,
82 &sa, child->get_mark(child, TRUE), FALSE);
83 }
84 e_other_ts->destroy(e_other_ts);
85 }
86 e_my_ts->destroy(e_my_ts);
87
88 my_ts_list->destroy_offset(my_ts_list,
89 offsetof(traffic_selector_t, destroy));
90 other_ts_list->destroy_offset(other_ts_list,
91 offsetof(traffic_selector_t, destroy));
92
93 return status == SUCCESS;
94 }
95
96 METHOD(shunt_manager_t, install, bool,
97 private_shunt_manager_t *this, child_cfg_t *child)
98 {
99 enumerator_t *enumerator;
100 child_cfg_t *child_cfg;
101 bool found = FALSE;
102
103 /* check if not already installed */
104 enumerator = this->shunts->create_enumerator(this->shunts);
105 while (enumerator->enumerate(enumerator, &child_cfg))
106 {
107 if (streq(child_cfg->get_name(child_cfg), child->get_name(child)))
108 {
109 found = TRUE;
110 break;
111 }
112 }
113 enumerator->destroy(enumerator);
114
115 if (found)
116 {
117 DBG1(DBG_CFG, "shunt %N policy '%s' already installed",
118 ipsec_mode_names, child->get_mode(child), child->get_name(child));
119 return TRUE;
120 }
121 this->shunts->insert_last(this->shunts, child->get_ref(child));
122
123 return install_shunt_policy(child);
124 }
125
126 /**
127 * Uninstall in and out shunt policies in the kernel
128 */
129 static void uninstall_shunt_policy(child_cfg_t *child)
130 {
131 enumerator_t *e_my_ts, *e_other_ts;
132 linked_list_t *my_ts_list, *other_ts_list;
133 traffic_selector_t *my_ts, *other_ts;
134 status_t status = SUCCESS;
135
136 my_ts_list = child->get_traffic_selectors(child, TRUE, NULL, NULL);
137 other_ts_list = child->get_traffic_selectors(child, FALSE, NULL, NULL);
138
139 /* enumerate pairs of traffic selectors */
140 e_my_ts = my_ts_list->create_enumerator(my_ts_list);
141 while (e_my_ts->enumerate(e_my_ts, &my_ts))
142 {
143 e_other_ts = other_ts_list->create_enumerator(other_ts_list);
144 while (e_other_ts->enumerate(e_other_ts, &other_ts))
145 {
146 /* uninstall out policy */
147 status |= hydra->kernel_interface->del_policy(
148 hydra->kernel_interface, my_ts, other_ts,
149 POLICY_OUT, 0, child->get_mark(child, FALSE),
150 FALSE);
151
152 /* uninstall in policy */
153 status |= hydra->kernel_interface->del_policy(
154 hydra->kernel_interface, other_ts, my_ts,
155 POLICY_IN, 0, child->get_mark(child, TRUE),
156 FALSE);
157
158 /* uninstall forward policy */
159 status |= hydra->kernel_interface->del_policy(
160 hydra->kernel_interface, other_ts, my_ts,
161 POLICY_FWD, 0, child->get_mark(child, TRUE),
162 FALSE);
163 }
164 e_other_ts->destroy(e_other_ts);
165 }
166 e_my_ts->destroy(e_my_ts);
167
168 my_ts_list->destroy_offset(my_ts_list,
169 offsetof(traffic_selector_t, destroy));
170 other_ts_list->destroy_offset(other_ts_list,
171 offsetof(traffic_selector_t, destroy));
172
173 if (status != SUCCESS)
174 {
175 DBG1(DBG_CFG, "uninstalling shunt %N 'policy %s' failed",
176 ipsec_mode_names, child->get_mode(child), child->get_name(child));
177 }
178 }
179
180 METHOD(shunt_manager_t, uninstall, bool,
181 private_shunt_manager_t *this, char *name)
182 {
183 enumerator_t *enumerator;
184 child_cfg_t *child, *found = NULL;
185
186 enumerator = this->shunts->create_enumerator(this->shunts);
187 while (enumerator->enumerate(enumerator, &child))
188 {
189 if (streq(name, child->get_name(child)))
190 {
191 this->shunts->remove_at(this->shunts, enumerator);
192 found = child;
193 break;
194 }
195 }
196 enumerator->destroy(enumerator);
197
198 if (!found)
199 {
200 return FALSE;
201 }
202 uninstall_shunt_policy(child);
203 return TRUE;
204 }
205
206 METHOD(shunt_manager_t, create_enumerator, enumerator_t*,
207 private_shunt_manager_t *this)
208 {
209 return this->shunts->create_enumerator(this->shunts);
210 }
211
212 METHOD(shunt_manager_t, destroy, void,
213 private_shunt_manager_t *this)
214 {
215 child_cfg_t *child;
216
217 while (this->shunts->remove_last(this->shunts, (void**)&child) == SUCCESS)
218 {
219 uninstall_shunt_policy(child);
220 child->destroy(child);
221 }
222 this->shunts->destroy(this->shunts);
223 free(this);
224 }
225
226 /**
227 * See header
228 */
229 shunt_manager_t *shunt_manager_create()
230 {
231 private_shunt_manager_t *this;
232
233 INIT(this,
234 .public = {
235 .install = _install,
236 .uninstall = _uninstall,
237 .create_enumerator = _create_enumerator,
238 .destroy = _destroy,
239 },
240 .shunts = linked_list_create(),
241 );
242
243 return &this->public;
244 }
245