projects / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Don't compare ports when comparing cached routes.
[strongswan.git] / src / libhydra / plugins / kernel_netlink / kernel_netlink_net.c
1 /*
2 * Copyright (C) 2008-2012 Tobias Brunner
3 * Copyright (C) 2005-2008 Martin Willi
4 * Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 /*
18 * Copyright (C) 2010 secunet Security Networks AG
19 * Copyright (C) 2010 Thomas Egerer
20 *
21 * Permission is hereby granted, free of charge, to any person obtaining a copy
22 * of this software and associated documentation files (the "Software"), to deal
23 * in the Software without restriction, including without limitation the rights
24 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
25 * copies of the Software, and to permit persons to whom the Software is
26 * furnished to do so, subject to the following conditions:
27 *
28 * The above copyright notice and this permission notice shall be included in
29 * all copies or substantial portions of the Software.
30 *
31 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
32 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
33 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
34 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
35 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
36 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
37 * THE SOFTWARE.
38 */
39
40 #include <sys/socket.h>
41 #include <linux/netlink.h>
42 #include <linux/rtnetlink.h>
43 #include <unistd.h>
44 #include <errno.h>
45 #include <net/if.h>
46
47 #include "kernel_netlink_net.h"
48 #include "kernel_netlink_shared.h"
49
50 #include <hydra.h>
51 #include <debug.h>
52 #include <threading/thread.h>
53 #include <threading/condvar.h>
54 #include <threading/mutex.h>
55 #include <utils/hashtable.h>
56 #include <utils/linked_list.h>
57 #include <processing/jobs/callback_job.h>
58
59 /** delay before firing roam events (ms) */
60 #define ROAM_DELAY 100
61
62 /** delay before reinstalling routes (ms) */
63 #define ROUTE_DELAY 100
64
65 typedef struct addr_entry_t addr_entry_t;
66
67 /**
68 * IP address in an inface_entry_t
69 */
70 struct addr_entry_t {
71
72 /** The ip address */
73 host_t *ip;
74
75 /** virtual IP managed by us */
76 bool virtual;
77
78 /** scope of the address */
79 u_char scope;
80
81 /** Number of times this IP is used, if virtual */
82 u_int refcount;
83 };
84
85 /**
86 * destroy a addr_entry_t object
87 */
88 static void addr_entry_destroy(addr_entry_t *this)
89 {
90 this->ip->destroy(this->ip);
91 free(this);
92 }
93
94 typedef struct iface_entry_t iface_entry_t;
95
96 /**
97 * A network interface on this system, containing addr_entry_t's
98 */
99 struct iface_entry_t {
100
101 /** interface index */
102 int ifindex;
103
104 /** name of the interface */
105 char ifname[IFNAMSIZ];
106
107 /** interface flags, as in netdevice(7) SIOCGIFFLAGS */
108 u_int flags;
109
110 /** list of addresses as host_t */
111 linked_list_t *addrs;
112 };
113
114 /**
115 * destroy an interface entry
116 */
117 static void iface_entry_destroy(iface_entry_t *this)
118 {
119 this->addrs->destroy_function(this->addrs, (void*)addr_entry_destroy);
120 free(this);
121 }
122
123 typedef struct route_entry_t route_entry_t;
124
125 /**
126 * Installed routing entry
127 */
128 struct route_entry_t {
129 /** Name of the interface the route is bound to */
130 char *if_name;
131
132 /** Source ip of the route */
133 host_t *src_ip;
134
135 /** Gateway for this route */
136 host_t *gateway;
137
138 /** Destination net */
139 chunk_t dst_net;
140
141 /** Destination net prefixlen */
142 u_int8_t prefixlen;
143 };
144
145 /**
146 * Clone a route_entry_t object.
147 */
148 static route_entry_t *route_entry_clone(route_entry_t *this)
149 {
150 route_entry_t *route;
151
152 INIT(route,
153 .if_name = strdup(this->if_name),
154 .src_ip = this->src_ip->clone(this->src_ip),
155 .gateway = this->gateway->clone(this->gateway),
156 .dst_net = chunk_clone(this->dst_net),
157 .prefixlen = this->prefixlen,
158 );
159 return route;
160 }
161
162 /**
163 * Destroy a route_entry_t object
164 */
165 static void route_entry_destroy(route_entry_t *this)
166 {
167 free(this->if_name);
168 DESTROY_IF(this->src_ip);
169 DESTROY_IF(this->gateway);
170 chunk_free(&this->dst_net);
171 free(this);
172 }
173
174 /**
175 * Hash a route_entry_t object
176 */
177 static u_int route_entry_hash(route_entry_t *this)
178 {
179 return chunk_hash_inc(chunk_from_thing(this->prefixlen),
180 chunk_hash(this->dst_net));
181 }
182
183 /**
184 * Compare two route_entry_t objects
185 */
186 static bool route_entry_equals(route_entry_t *a, route_entry_t *b)
187 {
188 return a->if_name && b->if_name && streq(a->if_name, b->if_name) &&
189 a->src_ip->ip_equals(a->src_ip, b->src_ip) &&
190 a->gateway->ip_equals(a->gateway, b->gateway) &&
191 chunk_equals(a->dst_net, b->dst_net) && a->prefixlen == b->prefixlen;
192 }
193
194 typedef struct net_change_t net_change_t;
195
196 /**
197 * Queued network changes
198 */
199 struct net_change_t {
200 /** Name of the interface that got activated (or an IP appeared on) */
201 char *if_name;
202 };
203
204 /**
205 * Destroy a net_change_t object
206 */
207 static void net_change_destroy(net_change_t *this)
208 {
209 free(this->if_name);
210 free(this);
211 }
212
213 /**
214 * Hash a net_change_t object
215 */
216 static u_int net_change_hash(net_change_t *this)
217 {
218 return chunk_hash(chunk_create(this->if_name, strlen(this->if_name)));
219 }
220
221 /**
222 * Compare two net_change_t objects
223 */
224 static bool net_change_equals(net_change_t *a, net_change_t *b)
225 {
226 return streq(a->if_name, b->if_name);
227 }
228
229 typedef struct private_kernel_netlink_net_t private_kernel_netlink_net_t;
230
231 /**
232 * Private variables and functions of kernel_netlink_net class.
233 */
234 struct private_kernel_netlink_net_t {
235 /**
236 * Public part of the kernel_netlink_net_t object.
237 */
238 kernel_netlink_net_t public;
239
240 /**
241 * mutex to lock access to various lists
242 */
243 mutex_t *mutex;
244
245 /**
246 * condition variable to signal virtual IP add/removal
247 */
248 condvar_t *condvar;
249
250 /**
251 * Cached list of interfaces and its addresses (iface_entry_t)
252 */
253 linked_list_t *ifaces;
254
255 /**
256 * job receiving netlink events
257 */
258 callback_job_t *job;
259
260 /**
261 * netlink rt socket (routing)
262 */
263 netlink_socket_t *socket;
264
265 /**
266 * Netlink rt socket to receive address change events
267 */
268 int socket_events;
269
270 /**
271 * time of the last roam event
272 */
273 timeval_t last_roam;
274
275 /**
276 * routing table to install routes
277 */
278 int routing_table;
279
280 /**
281 * priority of used routing table
282 */
283 int routing_table_prio;
284
285 /**
286 * installed routes
287 */
288 hashtable_t *routes;
289
290 /**
291 * interface changes which may trigger route reinstallation
292 */
293 hashtable_t *net_changes;
294
295 /**
296 * mutex for route reinstallation triggers
297 */
298 mutex_t *net_changes_lock;
299
300 /**
301 * time of last route reinstallation
302 */
303 timeval_t last_route_reinstall;
304
305 /**
306 * whether to react to RTM_NEWROUTE or RTM_DELROUTE events
307 */
308 bool process_route;
309
310 /**
311 * whether to actually install virtual IPs
312 */
313 bool install_virtual_ip;
314
315 /**
316 * list with routing tables to be excluded from route lookup
317 */
318 linked_list_t *rt_exclude;
319 };
320
321 /**
322 * Forward declaration
323 */
324 static status_t manage_srcroute(private_kernel_netlink_net_t *this,
325 int nlmsg_type, int flags, chunk_t dst_net,
326 u_int8_t prefixlen, host_t *gateway,
327 host_t *src_ip, char *if_name);
328
329 /**
330 * Clear the queued network changes.
331 */
332 static void net_changes_clear(private_kernel_netlink_net_t *this)
333 {
334 enumerator_t *enumerator;
335 net_change_t *change;
336
337 enumerator = this->net_changes->create_enumerator(this->net_changes);
338 while (enumerator->enumerate(enumerator, NULL, (void**)&change))
339 {
340 this->net_changes->remove_at(this->net_changes, enumerator);
341 net_change_destroy(change);
342 }
343 enumerator->destroy(enumerator);
344 }
345
346 /**
347 * Act upon queued network changes.
348 */
349 static job_requeue_t reinstall_routes(private_kernel_netlink_net_t *this)
350 {
351 enumerator_t *enumerator;
352 route_entry_t *route;
353
354 this->net_changes_lock->lock(this->net_changes_lock);
355 this->mutex->lock(this->mutex);
356
357 enumerator = this->routes->create_enumerator(this->routes);
358 while (enumerator->enumerate(enumerator, NULL, (void**)&route))
359 {
360 net_change_t *change, lookup = {
361 .if_name = route->if_name,
362 };
363 /* check if a change for the outgoing interface is queued */
364 change = this->net_changes->get(this->net_changes, &lookup);
365 if (!change)
366 { /* in case src_ip is not on the outgoing interface */
367 lookup.if_name = this->public.interface.get_interface(
368 &this->public.interface, route->src_ip);
369 if (lookup.if_name && !streq(lookup.if_name, route->if_name))
370 {
371 change = this->net_changes->get(this->net_changes, &lookup);
372 }
373 free(lookup.if_name);
374 }
375 if (change)
376 {
377 manage_srcroute(this, RTM_NEWROUTE, NLM_F_CREATE | NLM_F_EXCL,
378 route->dst_net, route->prefixlen, route->gateway,
379 route->src_ip, route->if_name);
380 }
381 }
382 enumerator->destroy(enumerator);
383 this->mutex->unlock(this->mutex);
384
385 net_changes_clear(this);
386 this->net_changes_lock->unlock(this->net_changes_lock);
387 return JOB_REQUEUE_NONE;
388 }
389
390 /**
391 * Queue route reinstallation caused by network changes for a given interface.
392 *
393 * The route reinstallation is delayed for a while and only done once for
394 * several calls during this delay, in order to avoid doing it too often.
395 * The interface name is freed.
396 */
397 static void queue_route_reinstall(private_kernel_netlink_net_t *this,
398 char *if_name)
399 {
400 net_change_t *update, *found;
401 timeval_t now;
402 job_t *job;
403
404 INIT(update,
405 .if_name = if_name
406 );
407
408 this->net_changes_lock->lock(this->net_changes_lock);
409 found = this->net_changes->put(this->net_changes, update, update);
410 if (found)
411 {
412 net_change_destroy(found);
413 }
414 time_monotonic(&now);
415 if (timercmp(&now, &this->last_route_reinstall, >))
416 {
417 now.tv_usec += ROUTE_DELAY * 1000;
418 while (now.tv_usec > 1000000)
419 {
420 now.tv_sec++;
421 now.tv_usec -= 1000000;
422 }
423 this->last_route_reinstall = now;
424
425 job = (job_t*)callback_job_create((callback_job_cb_t)reinstall_routes,
426 this, NULL, NULL);
427 lib->scheduler->schedule_job_ms(lib->scheduler, job, ROUTE_DELAY);
428 }
429 this->net_changes_lock->unlock(this->net_changes_lock);
430 }
431
432 /**
433 * get the refcount of a virtual ip
434 */
435 static int get_vip_refcount(private_kernel_netlink_net_t *this, host_t* ip)
436 {
437 enumerator_t *ifaces, *addrs;
438 iface_entry_t *iface;
439 addr_entry_t *addr;
440 int refcount = 0;
441
442 ifaces = this->ifaces->create_enumerator(this->ifaces);
443 while (ifaces->enumerate(ifaces, (void**)&iface))
444 {
445 addrs = iface->addrs->create_enumerator(iface->addrs);
446 while (addrs->enumerate(addrs, (void**)&addr))
447 {
448 if (addr->virtual && (iface->flags & IFF_UP) &&
449 ip->ip_equals(ip, addr->ip))
450 {
451 refcount = addr->refcount;
452 break;
453 }
454 }
455 addrs->destroy(addrs);
456 if (refcount)
457 {
458 break;
459 }
460 }
461 ifaces->destroy(ifaces);
462
463 return refcount;
464 }
465
466 /**
467 * get the first non-virtual ip address on the given interface.
468 * returned host is a clone, has to be freed by caller.
469 */
470 static host_t *get_interface_address(private_kernel_netlink_net_t *this,
471 int ifindex, int family)
472 {
473 enumerator_t *ifaces, *addrs;
474 iface_entry_t *iface;
475 addr_entry_t *addr;
476 host_t *ip = NULL;
477
478 this->mutex->lock(this->mutex);
479 ifaces = this->ifaces->create_enumerator(this->ifaces);
480 while (ifaces->enumerate(ifaces, &iface))
481 {
482 if (iface->ifindex == ifindex)
483 {
484 addrs = iface->addrs->create_enumerator(iface->addrs);
485 while (addrs->enumerate(addrs, &addr))
486 {
487 if (!addr->virtual && addr->ip->get_family(addr->ip) == family)
488 {
489 ip = addr->ip->clone(addr->ip);
490 break;
491 }
492 }
493 addrs->destroy(addrs);
494 break;
495 }
496 }
497 ifaces->destroy(ifaces);
498 this->mutex->unlock(this->mutex);
499 return ip;
500 }
501
502 /**
503 * callback function that raises the delayed roam event
504 */
505 static job_requeue_t roam_event(uintptr_t address)
506 {
507 hydra->kernel_interface->roam(hydra->kernel_interface, address != 0);
508 return JOB_REQUEUE_NONE;
509 }
510
511 /**
512 * fire a roaming event. we delay it for a bit and fire only one event
513 * for multiple calls. otherwise we would create too many events.
514 */
515 static void fire_roam_event(private_kernel_netlink_net_t *this, bool address)
516 {
517 timeval_t now;
518 job_t *job;
519
520 time_monotonic(&now);
521 if (timercmp(&now, &this->last_roam, >))
522 {
523 now.tv_usec += ROAM_DELAY * 1000;
524 while (now.tv_usec > 1000000)
525 {
526 now.tv_sec++;
527 now.tv_usec -= 1000000;
528 }
529 this->last_roam = now;
530
531 job = (job_t*)callback_job_create((callback_job_cb_t)roam_event,
532 (void*)(uintptr_t)(address ? 1 : 0),
533 NULL, NULL);
534 lib->scheduler->schedule_job_ms(lib->scheduler, job, ROAM_DELAY);
535 }
536 }
537
538 /**
539 * process RTM_NEWLINK/RTM_DELLINK from kernel
540 */
541 static void process_link(private_kernel_netlink_net_t *this,
542 struct nlmsghdr *hdr, bool event)
543 {
544 struct ifinfomsg* msg = (struct ifinfomsg*)(NLMSG_DATA(hdr));
545 struct rtattr *rta = IFLA_RTA(msg);
546 size_t rtasize = IFLA_PAYLOAD (hdr);
547 enumerator_t *enumerator;
548 iface_entry_t *current, *entry = NULL;
549 char *name = NULL;
550 bool update = FALSE, update_routes = FALSE;
551
552 while (RTA_OK(rta, rtasize))
553 {
554 switch (rta->rta_type)
555 {
556 case IFLA_IFNAME:
557 name = RTA_DATA(rta);
558 break;
559 }
560 rta = RTA_NEXT(rta, rtasize);
561 }
562 if (!name)
563 {
564 name = "(unknown)";
565 }
566
567 this->mutex->lock(this->mutex);
568 switch (hdr->nlmsg_type)
569 {
570 case RTM_NEWLINK:
571 {
572 if (msg->ifi_flags & IFF_LOOPBACK)
573 { /* ignore loopback interfaces */
574 break;
575 }
576 enumerator = this->ifaces->create_enumerator(this->ifaces);
577 while (enumerator->enumerate(enumerator, &current))
578 {
579 if (current->ifindex == msg->ifi_index)
580 {
581 entry = current;
582 break;
583 }
584 }
585 enumerator->destroy(enumerator);
586 if (!entry)
587 {
588 entry = malloc_thing(iface_entry_t);
589 entry->ifindex = msg->ifi_index;
590 entry->flags = 0;
591 entry->addrs = linked_list_create();
592 this->ifaces->insert_last(this->ifaces, entry);
593 }
594 strncpy(entry->ifname, name, IFNAMSIZ);
595 entry->ifname[IFNAMSIZ-1] = '\0';
596 if (event)
597 {
598 if (!(entry->flags & IFF_UP) && (msg->ifi_flags & IFF_UP))
599 {
600 update = update_routes = TRUE;
601 DBG1(DBG_KNL, "interface %s activated", name);
602 }
603 if ((entry->flags & IFF_UP) && !(msg->ifi_flags & IFF_UP))
604 {
605 update = TRUE;
606 DBG1(DBG_KNL, "interface %s deactivated", name);
607 }
608 }
609 entry->flags = msg->ifi_flags;
610 break;
611 }
612 case RTM_DELLINK:
613 {
614 enumerator = this->ifaces->create_enumerator(this->ifaces);
615 while (enumerator->enumerate(enumerator, &current))
616 {
617 if (current->ifindex == msg->ifi_index)
618 {
619 if (event)
620 {
621 update = TRUE;
622 DBG1(DBG_KNL, "interface %s deleted", current->ifname);
623 }
624 this->ifaces->remove_at(this->ifaces, enumerator);
625 iface_entry_destroy(current);
626 break;
627 }
628 }
629 enumerator->destroy(enumerator);
630 break;
631 }
632 }
633 this->mutex->unlock(this->mutex);
634
635 if (update_routes && event)
636 {
637 queue_route_reinstall(this, strdup(name));
638 }
639
640 /* send an update to all IKE_SAs */
641 if (update && event)
642 {
643 fire_roam_event(this, TRUE);
644 }
645 }
646
647 /**
648 * process RTM_NEWADDR/RTM_DELADDR from kernel
649 */
650 static void process_addr(private_kernel_netlink_net_t *this,
651 struct nlmsghdr *hdr, bool event)
652 {
653 struct ifaddrmsg* msg = (struct ifaddrmsg*)(NLMSG_DATA(hdr));
654 struct rtattr *rta = IFA_RTA(msg);
655 size_t rtasize = IFA_PAYLOAD (hdr);
656 host_t *host = NULL;
657 enumerator_t *ifaces, *addrs;
658 iface_entry_t *iface;
659 addr_entry_t *addr;
660 chunk_t local = chunk_empty, address = chunk_empty;
661 char *route_ifname = NULL;
662 bool update = FALSE, found = FALSE, changed = FALSE;
663
664 while (RTA_OK(rta, rtasize))
665 {
666 switch (rta->rta_type)
667 {
668 case IFA_LOCAL:
669 local.ptr = RTA_DATA(rta);
670 local.len = RTA_PAYLOAD(rta);
671 break;
672 case IFA_ADDRESS:
673 address.ptr = RTA_DATA(rta);
674 address.len = RTA_PAYLOAD(rta);
675 break;
676 }
677 rta = RTA_NEXT(rta, rtasize);
678 }
679
680 /* For PPP interfaces, we need the IFA_LOCAL address,
681 * IFA_ADDRESS is the peers address. But IFA_LOCAL is
682 * not included in all cases (IPv6?), so fallback to IFA_ADDRESS. */
683 if (local.ptr)
684 {
685 host = host_create_from_chunk(msg->ifa_family, local, 0);
686 }
687 else if (address.ptr)
688 {
689 host = host_create_from_chunk(msg->ifa_family, address, 0);
690 }
691
692 if (host == NULL)
693 { /* bad family? */
694 return;
695 }
696
697 this->mutex->lock(this->mutex);
698 ifaces = this->ifaces->create_enumerator(this->ifaces);
699 while (ifaces->enumerate(ifaces, &iface))
700 {
701 if (iface->ifindex == msg->ifa_index)
702 {
703 addrs = iface->addrs->create_enumerator(iface->addrs);
704 while (addrs->enumerate(addrs, &addr))
705 {
706 if (host->ip_equals(host, addr->ip))
707 {
708 found = TRUE;
709 if (hdr->nlmsg_type == RTM_DELADDR)
710 {
711 iface->addrs->remove_at(iface->addrs, addrs);
712 if (!addr->virtual)
713 {
714 changed = TRUE;
715 DBG1(DBG_KNL, "%H disappeared from %s",
716 host, iface->ifname);
717 }
718 addr_entry_destroy(addr);
719 }
720 else if (hdr->nlmsg_type == RTM_NEWADDR && addr->virtual)
721 {
722 addr->refcount = 1;
723 }
724 }
725 }
726 addrs->destroy(addrs);
727
728 if (hdr->nlmsg_type == RTM_NEWADDR)
729 {
730 if (!found)
731 {
732 found = TRUE;
733 changed = TRUE;
734 route_ifname = strdup(iface->ifname);
735 addr = malloc_thing(addr_entry_t);
736 addr->ip = host->clone(host);
737 addr->virtual = FALSE;
738 addr->refcount = 1;
739 addr->scope = msg->ifa_scope;
740
741 iface->addrs->insert_last(iface->addrs, addr);
742 if (event)
743 {
744 DBG1(DBG_KNL, "%H appeared on %s", host, iface->ifname);
745 }
746 }
747 }
748 if (found && (iface->flags & IFF_UP))
749 {
750 update = TRUE;
751 }
752 break;
753 }
754 }
755 ifaces->destroy(ifaces);
756 this->mutex->unlock(this->mutex);
757
758 if (update && event && route_ifname)
759 {
760 queue_route_reinstall(this, route_ifname);
761 }
762 else
763 {
764 free(route_ifname);
765 }
766 host->destroy(host);
767
768 /* send an update to all IKE_SAs */
769 if (update && event && changed)
770 {
771 fire_roam_event(this, TRUE);
772 }
773 }
774
775 /**
776 * process RTM_NEWROUTE and RTM_DELROUTE from kernel
777 */
778 static void process_route(private_kernel_netlink_net_t *this, struct nlmsghdr *hdr)
779 {
780 struct rtmsg* msg = (struct rtmsg*)(NLMSG_DATA(hdr));
781 struct rtattr *rta = RTM_RTA(msg);
782 size_t rtasize = RTM_PAYLOAD(hdr);
783 u_int32_t rta_oif = 0;
784 host_t *host = NULL;
785
786 /* ignore routes added by us or in the local routing table (local addrs) */
787 if (msg->rtm_table && (msg->rtm_table == this->routing_table ||
788 msg->rtm_table == RT_TABLE_LOCAL))
789 {
790 return;
791 }
792
793 while (RTA_OK(rta, rtasize))
794 {
795 switch (rta->rta_type)
796 {
797 case RTA_PREFSRC:
798 DESTROY_IF(host);
799 host = host_create_from_chunk(msg->rtm_family,
800 chunk_create(RTA_DATA(rta), RTA_PAYLOAD(rta)), 0);
801 break;
802 case RTA_OIF:
803 if (RTA_PAYLOAD(rta) == sizeof(rta_oif))
804 {
805 rta_oif = *(u_int32_t*)RTA_DATA(rta);
806 }
807 break;
808 }
809 rta = RTA_NEXT(rta, rtasize);
810 }
811 if (!host && rta_oif)
812 {
813 host = get_interface_address(this, rta_oif, msg->rtm_family);
814 }
815 if (host)
816 {
817 this->mutex->lock(this->mutex);
818 if (!get_vip_refcount(this, host))
819 { /* ignore routes added for virtual IPs */
820 fire_roam_event(this, FALSE);
821 }
822 this->mutex->unlock(this->mutex);
823 host->destroy(host);
824 }
825 }
826
827 /**
828 * Receives events from kernel
829 */
830 static job_requeue_t receive_events(private_kernel_netlink_net_t *this)
831 {
832 char response[1024];
833 struct nlmsghdr *hdr = (struct nlmsghdr*)response;
834 struct sockaddr_nl addr;
835 socklen_t addr_len = sizeof(addr);
836 int len;
837 bool oldstate;
838
839 oldstate = thread_cancelability(TRUE);
840 len = recvfrom(this->socket_events, response, sizeof(response), 0,
841 (struct sockaddr*)&addr, &addr_len);
842 thread_cancelability(oldstate);
843
844 if (len < 0)
845 {
846 switch (errno)
847 {
848 case EINTR:
849 /* interrupted, try again */
850 return JOB_REQUEUE_DIRECT;
851 case EAGAIN:
852 /* no data ready, select again */
853 return JOB_REQUEUE_DIRECT;
854 default:
855 DBG1(DBG_KNL, "unable to receive from rt event socket");
856 sleep(1);
857 return JOB_REQUEUE_FAIR;
858 }
859 }
860
861 if (addr.nl_pid != 0)
862 { /* not from kernel. not interested, try another one */
863 return JOB_REQUEUE_DIRECT;
864 }
865
866 while (NLMSG_OK(hdr, len))
867 {
868 /* looks good so far, dispatch netlink message */
869 switch (hdr->nlmsg_type)
870 {
871 case RTM_NEWADDR:
872 case RTM_DELADDR:
873 process_addr(this, hdr, TRUE);
874 this->condvar->broadcast(this->condvar);
875 break;
876 case RTM_NEWLINK:
877 case RTM_DELLINK:
878 process_link(this, hdr, TRUE);
879 this->condvar->broadcast(this->condvar);
880 break;
881 case RTM_NEWROUTE:
882 case RTM_DELROUTE:
883 if (this->process_route)
884 {
885 process_route(this, hdr);
886 }
887 break;
888 default:
889 break;
890 }
891 hdr = NLMSG_NEXT(hdr, len);
892 }
893 return JOB_REQUEUE_DIRECT;
894 }
895
896 /** enumerator over addresses */
897 typedef struct {
898 private_kernel_netlink_net_t* this;
899 /** whether to enumerate down interfaces */
900 bool include_down_ifaces;
901 /** whether to enumerate virtual ip addresses */
902 bool include_virtual_ips;
903 } address_enumerator_t;
904
905 /**
906 * cleanup function for address enumerator
907 */
908 static void address_enumerator_destroy(address_enumerator_t *data)
909 {
910 data->this->mutex->unlock(data->this->mutex);
911 free(data);
912 }
913
914 /**
915 * filter for addresses
916 */
917 static bool filter_addresses(address_enumerator_t *data,
918 addr_entry_t** in, host_t** out)
919 {
920 if (!data->include_virtual_ips && (*in)->virtual)
921 { /* skip virtual interfaces added by us */
922 return FALSE;
923 }
924 if ((*in)->scope >= RT_SCOPE_LINK)
925 { /* skip addresses with a unusable scope */
926 return FALSE;
927 }
928 *out = (*in)->ip;
929 return TRUE;
930 }
931
932 /**
933 * enumerator constructor for interfaces
934 */
935 static enumerator_t *create_iface_enumerator(iface_entry_t *iface,
936 address_enumerator_t *data)
937 {
938 return enumerator_create_filter(
939 iface->addrs->create_enumerator(iface->addrs),
940 (void*)filter_addresses, data, NULL);
941 }
942
943 /**
944 * filter for interfaces
945 */
946 static bool filter_interfaces(address_enumerator_t *data, iface_entry_t** in,
947 iface_entry_t** out)
948 {
949 if (!data->include_down_ifaces && !((*in)->flags & IFF_UP))
950 { /* skip interfaces not up */
951 return FALSE;
952 }
953 *out = *in;
954 return TRUE;
955 }
956
957 METHOD(kernel_net_t, create_address_enumerator, enumerator_t*,
958 private_kernel_netlink_net_t *this,
959 bool include_down_ifaces, bool include_virtual_ips)
960 {
961 address_enumerator_t *data = malloc_thing(address_enumerator_t);
962 data->this = this;
963 data->include_down_ifaces = include_down_ifaces;
964 data->include_virtual_ips = include_virtual_ips;
965
966 this->mutex->lock(this->mutex);
967 return enumerator_create_nested(
968 enumerator_create_filter(
969 this->ifaces->create_enumerator(this->ifaces),
970 (void*)filter_interfaces, data, NULL),
971 (void*)create_iface_enumerator, data,
972 (void*)address_enumerator_destroy);
973 }
974
975 METHOD(kernel_net_t, get_interface_name, char*,
976 private_kernel_netlink_net_t *this, host_t* ip)
977 {
978 enumerator_t *ifaces, *addrs;
979 iface_entry_t *iface;
980 addr_entry_t *addr;
981 char *name = NULL;
982
983 DBG2(DBG_KNL, "getting interface name for %H", ip);
984
985 this->mutex->lock(this->mutex);
986 ifaces = this->ifaces->create_enumerator(this->ifaces);
987 while (ifaces->enumerate(ifaces, &iface))
988 {
989 addrs = iface->addrs->create_enumerator(iface->addrs);
990 while (addrs->enumerate(addrs, &addr))
991 {
992 if (ip->ip_equals(ip, addr->ip))
993 {
994 name = strdup(iface->ifname);
995 break;
996 }
997 }
998 addrs->destroy(addrs);
999 if (name)
1000 {
1001 break;
1002 }
1003 }
1004 ifaces->destroy(ifaces);
1005 this->mutex->unlock(this->mutex);
1006
1007 if (name)
1008 {
1009 DBG2(DBG_KNL, "%H is on interface %s", ip, name);
1010 }
1011 else
1012 {
1013 DBG2(DBG_KNL, "%H is not a local address", ip);
1014 }
1015 return name;
1016 }
1017
1018 /**
1019 * get the index of an interface by name
1020 */
1021 static int get_interface_index(private_kernel_netlink_net_t *this, char* name)
1022 {
1023 enumerator_t *ifaces;
1024 iface_entry_t *iface;
1025 int ifindex = 0;
1026
1027 DBG2(DBG_KNL, "getting iface index for %s", name);
1028
1029 this->mutex->lock(this->mutex);
1030 ifaces = this->ifaces->create_enumerator(this->ifaces);
1031 while (ifaces->enumerate(ifaces, &iface))
1032 {
1033 if (streq(name, iface->ifname))
1034 {
1035 ifindex = iface->ifindex;
1036 break;
1037 }
1038 }
1039 ifaces->destroy(ifaces);
1040 this->mutex->unlock(this->mutex);
1041
1042 if (ifindex == 0)
1043 {
1044 DBG1(DBG_KNL, "unable to get interface index for %s", name);
1045 }
1046 return ifindex;
1047 }
1048
1049 /**
1050 * Check if an interface with a given index is up
1051 */
1052 static bool is_interface_up(private_kernel_netlink_net_t *this, int index)
1053 {
1054 enumerator_t *ifaces;
1055 iface_entry_t *iface;
1056 /* default to TRUE for interface we do not monitor (e.g. lo) */
1057 bool up = TRUE;
1058
1059 ifaces = this->ifaces->create_enumerator(this->ifaces);
1060 while (ifaces->enumerate(ifaces, &iface))
1061 {
1062 if (iface->ifindex == index)
1063 {
1064 up = iface->flags & IFF_UP;
1065 break;
1066 }
1067 }
1068 ifaces->destroy(ifaces);
1069 return up;
1070 }
1071
1072 /**
1073 * check if an address (chunk) addr is in subnet (net with net_len net bits)
1074 */
1075 static bool addr_in_subnet(chunk_t addr, chunk_t net, int net_len)
1076 {
1077 static const u_char mask[] = { 0x00, 0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe };
1078 int byte = 0;
1079
1080 if (net_len == 0)
1081 { /* any address matches a /0 network */
1082 return TRUE;
1083 }
1084 if (addr.len != net.len || net_len > 8 * net.len )
1085 {
1086 return FALSE;
1087 }
1088 /* scan through all bytes in network order */
1089 while (net_len > 0)
1090 {
1091 if (net_len < 8)
1092 {
1093 return (mask[net_len] & addr.ptr[byte]) == (mask[net_len] & net.ptr[byte]);
1094 }
1095 else
1096 {
1097 if (addr.ptr[byte] != net.ptr[byte])
1098 {
1099 return FALSE;
1100 }
1101 byte++;
1102 net_len -= 8;
1103 }
1104 }
1105 return TRUE;
1106 }
1107
1108 /**
1109 * Get a route: If "nexthop", the nexthop is returned. source addr otherwise.
1110 */
1111 static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest,
1112 bool nexthop, host_t *candidate)
1113 {
1114 netlink_buf_t request;
1115 struct nlmsghdr *hdr, *out, *current;
1116 struct rtmsg *msg;
1117 chunk_t chunk;
1118 size_t len;
1119 int best = -1;
1120 enumerator_t *enumerator;
1121 host_t *src = NULL, *gtw = NULL;
1122
1123 DBG2(DBG_KNL, "getting address to reach %H", dest);
1124
1125 memset(&request, 0, sizeof(request));
1126
1127 hdr = (struct nlmsghdr*)request;
1128 hdr->nlmsg_flags = NLM_F_REQUEST;
1129 if (dest->get_family(dest) == AF_INET)
1130 {
1131 /* We dump all addresses for IPv4, as we want to ignore IPsec specific
1132 * routes installed by us. But the kernel does not return source
1133 * addresses in a IPv6 dump, so fall back to get() for v6 routes. */
1134 hdr->nlmsg_flags |= NLM_F_ROOT | NLM_F_DUMP;
1135 }
1136 hdr->nlmsg_type = RTM_GETROUTE;
1137 hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct rtmsg));
1138
1139 msg = (struct rtmsg*)NLMSG_DATA(hdr);
1140 msg->rtm_family = dest->get_family(dest);
1141 if (candidate)
1142 {
1143 chunk = candidate->get_address(candidate);
1144 netlink_add_attribute(hdr, RTA_PREFSRC, chunk, sizeof(request));
1145 }
1146 chunk = dest->get_address(dest);
1147 netlink_add_attribute(hdr, RTA_DST, chunk, sizeof(request));
1148
1149 if (this->socket->send(this->socket, hdr, &out, &len) != SUCCESS)
1150 {
1151 DBG1(DBG_KNL, "getting address to %H failed", dest);
1152 return NULL;
1153 }
1154 this->mutex->lock(this->mutex);
1155
1156 for (current = out; NLMSG_OK(current, len);
1157 current = NLMSG_NEXT(current, len))
1158 {
1159 switch (current->nlmsg_type)
1160 {
1161 case NLMSG_DONE:
1162 break;
1163 case RTM_NEWROUTE:
1164 {
1165 struct rtattr *rta;
1166 size_t rtasize;
1167 chunk_t rta_gtw, rta_src, rta_dst;
1168 u_int32_t rta_oif = 0, rta_table;
1169 host_t *new_src, *new_gtw;
1170 bool cont = FALSE;
1171 uintptr_t table;
1172
1173 rta_gtw = rta_src = rta_dst = chunk_empty;
1174 msg = (struct rtmsg*)(NLMSG_DATA(current));
1175 rta = RTM_RTA(msg);
1176 rtasize = RTM_PAYLOAD(current);
1177 rta_table = msg->rtm_table;
1178 while (RTA_OK(rta, rtasize))
1179 {
1180 switch (rta->rta_type)
1181 {
1182 case RTA_PREFSRC:
1183 rta_src = chunk_create(RTA_DATA(rta), RTA_PAYLOAD(rta));
1184 break;
1185 case RTA_GATEWAY:
1186 rta_gtw = chunk_create(RTA_DATA(rta), RTA_PAYLOAD(rta));
1187 break;
1188 case RTA_DST:
1189 rta_dst = chunk_create(RTA_DATA(rta), RTA_PAYLOAD(rta));
1190 break;
1191 case RTA_OIF:
1192 if (RTA_PAYLOAD(rta) == sizeof(rta_oif))
1193 {
1194 rta_oif = *(u_int32_t*)RTA_DATA(rta);
1195 }
1196 break;
1197 #ifdef HAVE_RTA_TABLE
1198 case RTA_TABLE:
1199 if (RTA_PAYLOAD(rta) == sizeof(rta_table))
1200 {
1201 rta_table = *(u_int32_t*)RTA_DATA(rta);
1202 }
1203 break;
1204 #endif /* HAVE_RTA_TABLE*/
1205 }
1206 rta = RTA_NEXT(rta, rtasize);
1207 }
1208 if (msg->rtm_dst_len <= best)
1209 { /* not better than a previous one */
1210 continue;
1211 }
1212 enumerator = this->rt_exclude->create_enumerator(this->rt_exclude);
1213 while (enumerator->enumerate(enumerator, &table))
1214 {
1215 if (table == rta_table)
1216 {
1217 cont = TRUE;
1218 break;
1219 }
1220 }
1221 enumerator->destroy(enumerator);
1222 if (cont)
1223 {
1224 continue;
1225 }
1226 if (this->routing_table != 0 &&
1227 rta_table == this->routing_table)
1228 { /* route is from our own ipsec routing table */
1229 continue;
1230 }
1231 if (rta_oif && !is_interface_up(this, rta_oif))
1232 { /* interface is down */
1233 continue;
1234 }
1235 if (!addr_in_subnet(chunk, rta_dst, msg->rtm_dst_len))
1236 { /* route destination does not contain dest */
1237 continue;
1238 }
1239
1240 if (nexthop)
1241 {
1242 /* nexthop lookup, return gateway if any */
1243 DESTROY_IF(gtw);
1244 gtw = host_create_from_chunk(msg->rtm_family, rta_gtw, 0);
1245 best = msg->rtm_dst_len;
1246 continue;
1247 }
1248 if (rta_src.ptr)
1249 { /* got a source address */
1250 new_src = host_create_from_chunk(msg->rtm_family, rta_src, 0);
1251 if (new_src)
1252 {
1253 if (get_vip_refcount(this, new_src))
1254 { /* skip source address if it is installed by us */
1255 new_src->destroy(new_src);
1256 }
1257 else
1258 {
1259 DESTROY_IF(src);
1260 src = new_src;
1261 best = msg->rtm_dst_len;
1262 }
1263 }
1264 continue;
1265 }
1266 if (rta_oif)
1267 { /* no src or gtw, but an interface. Get address from it. */
1268 new_src = get_interface_address(this, rta_oif,
1269 msg->rtm_family);
1270 if (new_src)
1271 {
1272 DESTROY_IF(src);
1273 src = new_src;
1274 best = msg->rtm_dst_len;
1275 }
1276 continue;
1277 }
1278 if (rta_gtw.ptr)
1279 { /* no source, but a gateway. Lookup source to reach gtw. */
1280 new_gtw = host_create_from_chunk(msg->rtm_family, rta_gtw, 0);
1281 new_src = get_route(this, new_gtw, FALSE, candidate);
1282 new_gtw->destroy(new_gtw);
1283 if (new_src)
1284 {
1285 DESTROY_IF(src);
1286 src = new_src;
1287 best = msg->rtm_dst_len;
1288 }
1289 continue;
1290 }
1291 continue;
1292 }
1293 default:
1294 continue;
1295 }
1296 break;
1297 }
1298 free(out);
1299 this->mutex->unlock(this->mutex);
1300
1301 if (nexthop)
1302 {
1303 if (gtw)
1304 {
1305 return gtw;
1306 }
1307 return dest->clone(dest);
1308 }
1309 return src;
1310 }
1311
1312 METHOD(kernel_net_t, get_source_addr, host_t*,
1313 private_kernel_netlink_net_t *this, host_t *dest, host_t *src)
1314 {
1315 return get_route(this, dest, FALSE, src);
1316 }
1317
1318 METHOD(kernel_net_t, get_nexthop, host_t*,
1319 private_kernel_netlink_net_t *this, host_t *dest)
1320 {
1321 return get_route(this, dest, TRUE, NULL);
1322 }
1323
1324 /**
1325 * Manages the creation and deletion of ip addresses on an interface.
1326 * By setting the appropriate nlmsg_type, the ip will be set or unset.
1327 */
1328 static status_t manage_ipaddr(private_kernel_netlink_net_t *this, int nlmsg_type,
1329 int flags, int if_index, host_t *ip)
1330 {
1331 netlink_buf_t request;
1332 struct nlmsghdr *hdr;
1333 struct ifaddrmsg *msg;
1334 chunk_t chunk;
1335
1336 memset(&request, 0, sizeof(request));
1337
1338 chunk = ip->get_address(ip);
1339
1340 hdr = (struct nlmsghdr*)request;
1341 hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK | flags;
1342 hdr->nlmsg_type = nlmsg_type;
1343 hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct ifaddrmsg));
1344
1345 msg = (struct ifaddrmsg*)NLMSG_DATA(hdr);
1346 msg->ifa_family = ip->get_family(ip);
1347 msg->ifa_flags = 0;
1348 msg->ifa_prefixlen = 8 * chunk.len;
1349 msg->ifa_scope = RT_SCOPE_UNIVERSE;
1350 msg->ifa_index = if_index;
1351
1352 netlink_add_attribute(hdr, IFA_LOCAL, chunk, sizeof(request));
1353
1354 return this->socket->send_ack(this->socket, hdr);
1355 }
1356
1357 METHOD(kernel_net_t, add_ip, status_t,
1358 private_kernel_netlink_net_t *this, host_t *virtual_ip, host_t *iface_ip)
1359 {
1360 iface_entry_t *iface;
1361 addr_entry_t *addr;
1362 enumerator_t *addrs, *ifaces;
1363 int ifindex;
1364
1365 if (!this->install_virtual_ip)
1366 { /* disabled by config */
1367 return SUCCESS;
1368 }
1369
1370 DBG2(DBG_KNL, "adding virtual IP %H", virtual_ip);
1371
1372 this->mutex->lock(this->mutex);
1373 ifaces = this->ifaces->create_enumerator(this->ifaces);
1374 while (ifaces->enumerate(ifaces, &iface))
1375 {
1376 bool iface_found = FALSE;
1377
1378 addrs = iface->addrs->create_enumerator(iface->addrs);
1379 while (addrs->enumerate(addrs, &addr))
1380 {
1381 if (iface_ip->ip_equals(iface_ip, addr->ip))
1382 {
1383 iface_found = TRUE;
1384 }
1385 else if (virtual_ip->ip_equals(virtual_ip, addr->ip))
1386 {
1387 addr->refcount++;
1388 DBG2(DBG_KNL, "virtual IP %H already installed on %s",
1389 virtual_ip, iface->ifname);
1390 addrs->destroy(addrs);
1391 ifaces->destroy(ifaces);
1392 this->mutex->unlock(this->mutex);
1393 return SUCCESS;
1394 }
1395 }
1396 addrs->destroy(addrs);
1397
1398 if (iface_found)
1399 {
1400 ifindex = iface->ifindex;
1401 addr = malloc_thing(addr_entry_t);
1402 addr->ip = virtual_ip->clone(virtual_ip);
1403 addr->refcount = 0;
1404 addr->virtual = TRUE;
1405 addr->scope = RT_SCOPE_UNIVERSE;
1406 iface->addrs->insert_last(iface->addrs, addr);
1407
1408 if (manage_ipaddr(this, RTM_NEWADDR, NLM_F_CREATE | NLM_F_EXCL,
1409 ifindex, virtual_ip) == SUCCESS)
1410 {
1411 while (get_vip_refcount(this, virtual_ip) == 0)
1412 { /* wait until address appears */
1413 this->condvar->wait(this->condvar, this->mutex);
1414 }
1415 ifaces->destroy(ifaces);
1416 this->mutex->unlock(this->mutex);
1417 return SUCCESS;
1418 }
1419 ifaces->destroy(ifaces);
1420 this->mutex->unlock(this->mutex);
1421 DBG1(DBG_KNL, "adding virtual IP %H failed", virtual_ip);
1422 return FAILED;
1423 }
1424 }
1425 ifaces->destroy(ifaces);
1426 this->mutex->unlock(this->mutex);
1427
1428 DBG1(DBG_KNL, "interface address %H not found, unable to install"
1429 "virtual IP %H", iface_ip, virtual_ip);
1430 return FAILED;
1431 }
1432
1433 METHOD(kernel_net_t, del_ip, status_t,
1434 private_kernel_netlink_net_t *this, host_t *virtual_ip)
1435 {
1436 iface_entry_t *iface;
1437 addr_entry_t *addr;
1438 enumerator_t *addrs, *ifaces;
1439 status_t status;
1440 int ifindex;
1441
1442 if (!this->install_virtual_ip)
1443 { /* disabled by config */
1444 return SUCCESS;
1445 }
1446
1447 DBG2(DBG_KNL, "deleting virtual IP %H", virtual_ip);
1448
1449 this->mutex->lock(this->mutex);
1450 ifaces = this->ifaces->create_enumerator(this->ifaces);
1451 while (ifaces->enumerate(ifaces, &iface))
1452 {
1453 addrs = iface->addrs->create_enumerator(iface->addrs);
1454 while (addrs->enumerate(addrs, &addr))
1455 {
1456 if (virtual_ip->ip_equals(virtual_ip, addr->ip))
1457 {
1458 ifindex = iface->ifindex;
1459 if (addr->refcount == 1)
1460 {
1461 status = manage_ipaddr(this, RTM_DELADDR, 0,
1462 ifindex, virtual_ip);
1463 if (status == SUCCESS)
1464 { /* wait until the address is really gone */
1465 while (get_vip_refcount(this, virtual_ip) > 0)
1466 {
1467 this->condvar->wait(this->condvar, this->mutex);
1468 }
1469 }
1470 addrs->destroy(addrs);
1471 ifaces->destroy(ifaces);
1472 this->mutex->unlock(this->mutex);
1473 return status;
1474 }
1475 else
1476 {
1477 addr->refcount--;
1478 }
1479 DBG2(DBG_KNL, "virtual IP %H used by other SAs, not deleting",
1480 virtual_ip);
1481 addrs->destroy(addrs);
1482 ifaces->destroy(ifaces);
1483 this->mutex->unlock(this->mutex);
1484 return SUCCESS;
1485 }
1486 }
1487 addrs->destroy(addrs);
1488 }
1489 ifaces->destroy(ifaces);
1490 this->mutex->unlock(this->mutex);
1491
1492 DBG2(DBG_KNL, "virtual IP %H not cached, unable to delete", virtual_ip);
1493 return FAILED;
1494 }
1495
1496 /**
1497 * Manages source routes in the routing table.
1498 * By setting the appropriate nlmsg_type, the route gets added or removed.
1499 */
1500 static status_t manage_srcroute(private_kernel_netlink_net_t *this,
1501 int nlmsg_type, int flags, chunk_t dst_net,
1502 u_int8_t prefixlen, host_t *gateway,
1503 host_t *src_ip, char *if_name)
1504 {
1505 netlink_buf_t request;
1506 struct nlmsghdr *hdr;
1507 struct rtmsg *msg;
1508 int ifindex;
1509 chunk_t chunk;
1510
1511 /* if route is 0.0.0.0/0, we can't install it, as it would
1512 * overwrite the default route. Instead, we add two routes:
1513 * 0.0.0.0/1 and 128.0.0.0/1 */
1514 if (this->routing_table == 0 && prefixlen == 0)
1515 {
1516 chunk_t half_net;
1517 u_int8_t half_prefixlen;
1518 status_t status;
1519
1520 half_net = chunk_alloca(dst_net.len);
1521 memset(half_net.ptr, 0, half_net.len);
1522 half_prefixlen = 1;
1523
1524 status = manage_srcroute(this, nlmsg_type, flags, half_net, half_prefixlen,
1525 gateway, src_ip, if_name);
1526 half_net.ptr[0] |= 0x80;
1527 status = manage_srcroute(this, nlmsg_type, flags, half_net, half_prefixlen,
1528 gateway, src_ip, if_name);
1529 return status;
1530 }
1531
1532 memset(&request, 0, sizeof(request));
1533
1534 hdr = (struct nlmsghdr*)request;
1535 hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK | flags;
1536 hdr->nlmsg_type = nlmsg_type;
1537 hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct rtmsg));
1538
1539 msg = (struct rtmsg*)NLMSG_DATA(hdr);
1540 msg->rtm_family = src_ip->get_family(src_ip);
1541 msg->rtm_dst_len = prefixlen;
1542 msg->rtm_table = this->routing_table;
1543 msg->rtm_protocol = RTPROT_STATIC;
1544 msg->rtm_type = RTN_UNICAST;
1545 msg->rtm_scope = RT_SCOPE_UNIVERSE;
1546
1547 netlink_add_attribute(hdr, RTA_DST, dst_net, sizeof(request));
1548 chunk = src_ip->get_address(src_ip);
1549 netlink_add_attribute(hdr, RTA_PREFSRC, chunk, sizeof(request));
1550 if (gateway && gateway->get_family(gateway) == src_ip->get_family(src_ip))
1551 {
1552 chunk = gateway->get_address(gateway);
1553 netlink_add_attribute(hdr, RTA_GATEWAY, chunk, sizeof(request));
1554 }
1555 ifindex = get_interface_index(this, if_name);
1556 chunk.ptr = (char*)&ifindex;
1557 chunk.len = sizeof(ifindex);
1558 netlink_add_attribute(hdr, RTA_OIF, chunk, sizeof(request));
1559
1560 return this->socket->send_ack(this->socket, hdr);
1561 }
1562
1563 METHOD(kernel_net_t, add_route, status_t,
1564 private_kernel_netlink_net_t *this, chunk_t dst_net, u_int8_t prefixlen,
1565 host_t *gateway, host_t *src_ip, char *if_name)
1566 {
1567 status_t status;
1568 route_entry_t *found, route = {
1569 .dst_net = dst_net,
1570 .prefixlen = prefixlen,
1571 .gateway = gateway,
1572 .src_ip = src_ip,
1573 .if_name = if_name,
1574 };
1575
1576 this->mutex->lock(this->mutex);
1577 found = this->routes->get(this->routes, &route);
1578 if (found)
1579 {
1580 this->mutex->unlock(this->mutex);
1581 return ALREADY_DONE;
1582 }
1583 found = route_entry_clone(&route);
1584 this->routes->put(this->routes, found, found);
1585 status = manage_srcroute(this, RTM_NEWROUTE, NLM_F_CREATE | NLM_F_EXCL,
1586 dst_net, prefixlen, gateway, src_ip, if_name);
1587 this->mutex->unlock(this->mutex);
1588 return status;
1589 }
1590
1591 METHOD(kernel_net_t, del_route, status_t,
1592 private_kernel_netlink_net_t *this, chunk_t dst_net, u_int8_t prefixlen,
1593 host_t *gateway, host_t *src_ip, char *if_name)
1594 {
1595 status_t status;
1596 route_entry_t *found, route = {
1597 .dst_net = dst_net,
1598 .prefixlen = prefixlen,
1599 .gateway = gateway,
1600 .src_ip = src_ip,
1601 .if_name = if_name,
1602 };
1603
1604 this->mutex->lock(this->mutex);
1605 found = this->routes->get(this->routes, &route);
1606 if (!found)
1607 {
1608 this->mutex->unlock(this->mutex);
1609 return NOT_FOUND;
1610 }
1611 this->routes->remove(this->routes, found);
1612 route_entry_destroy(found);
1613 status = manage_srcroute(this, RTM_DELROUTE, 0, dst_net, prefixlen,
1614 gateway, src_ip, if_name);
1615 this->mutex->unlock(this->mutex);
1616 return status;
1617 }
1618
1619 /**
1620 * Initialize a list of local addresses.
1621 */
1622 static status_t init_address_list(private_kernel_netlink_net_t *this)
1623 {
1624 netlink_buf_t request;
1625 struct nlmsghdr *out, *current, *in;
1626 struct rtgenmsg *msg;
1627 size_t len;
1628 enumerator_t *ifaces, *addrs;
1629 iface_entry_t *iface;
1630 addr_entry_t *addr;
1631
1632 DBG1(DBG_KNL, "listening on interfaces:");
1633
1634 memset(&request, 0, sizeof(request));
1635
1636 in = (struct nlmsghdr*)&request;
1637 in->nlmsg_len = NLMSG_LENGTH(sizeof(struct rtgenmsg));
1638 in->nlmsg_flags = NLM_F_REQUEST | NLM_F_MATCH | NLM_F_ROOT;
1639 msg = (struct rtgenmsg*)NLMSG_DATA(in);
1640 msg->rtgen_family = AF_UNSPEC;
1641
1642 /* get all links */
1643 in->nlmsg_type = RTM_GETLINK;
1644 if (this->socket->send(this->socket, in, &out, &len) != SUCCESS)
1645 {
1646 return FAILED;
1647 }
1648 current = out;
1649 while (NLMSG_OK(current, len))
1650 {
1651 switch (current->nlmsg_type)
1652 {
1653 case NLMSG_DONE:
1654 break;
1655 case RTM_NEWLINK:
1656 process_link(this, current, FALSE);
1657 /* fall through */
1658 default:
1659 current = NLMSG_NEXT(current, len);
1660 continue;
1661 }
1662 break;
1663 }
1664 free(out);
1665
1666 /* get all interface addresses */
1667 in->nlmsg_type = RTM_GETADDR;
1668 if (this->socket->send(this->socket, in, &out, &len) != SUCCESS)
1669 {
1670 return FAILED;
1671 }
1672 current = out;
1673 while (NLMSG_OK(current, len))
1674 {
1675 switch (current->nlmsg_type)
1676 {
1677 case NLMSG_DONE:
1678 break;
1679 case RTM_NEWADDR:
1680 process_addr(this, current, FALSE);
1681 /* fall through */
1682 default:
1683 current = NLMSG_NEXT(current, len);
1684 continue;
1685 }
1686 break;
1687 }
1688 free(out);
1689
1690 this->mutex->lock(this->mutex);
1691 ifaces = this->ifaces->create_enumerator(this->ifaces);
1692 while (ifaces->enumerate(ifaces, &iface))
1693 {
1694 if (iface->flags & IFF_UP)
1695 {
1696 DBG1(DBG_KNL, " %s", iface->ifname);
1697 addrs = iface->addrs->create_enumerator(iface->addrs);
1698 while (addrs->enumerate(addrs, (void**)&addr))
1699 {
1700 DBG1(DBG_KNL, " %H", addr->ip);
1701 }
1702 addrs->destroy(addrs);
1703 }
1704 }
1705 ifaces->destroy(ifaces);
1706 this->mutex->unlock(this->mutex);
1707 return SUCCESS;
1708 }
1709
1710 /**
1711 * create or delete a rule to use our routing table
1712 */
1713 static status_t manage_rule(private_kernel_netlink_net_t *this, int nlmsg_type,
1714 int family, u_int32_t table, u_int32_t prio)
1715 {
1716 netlink_buf_t request;
1717 struct nlmsghdr *hdr;
1718 struct rtmsg *msg;
1719 chunk_t chunk;
1720
1721 memset(&request, 0, sizeof(request));
1722 hdr = (struct nlmsghdr*)request;
1723 hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK;
1724 hdr->nlmsg_type = nlmsg_type;
1725 if (nlmsg_type == RTM_NEWRULE)
1726 {
1727 hdr->nlmsg_flags |= NLM_F_CREATE | NLM_F_EXCL;
1728 }
1729 hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct rtmsg));
1730
1731 msg = (struct rtmsg*)NLMSG_DATA(hdr);
1732 msg->rtm_table = table;
1733 msg->rtm_family = family;
1734 msg->rtm_protocol = RTPROT_BOOT;
1735 msg->rtm_scope = RT_SCOPE_UNIVERSE;
1736 msg->rtm_type = RTN_UNICAST;
1737
1738 chunk = chunk_from_thing(prio);
1739 netlink_add_attribute(hdr, RTA_PRIORITY, chunk, sizeof(request));
1740
1741 return this->socket->send_ack(this->socket, hdr);
1742 }
1743
1744 METHOD(kernel_net_t, destroy, void,
1745 private_kernel_netlink_net_t *this)
1746 {
1747 enumerator_t *enumerator;
1748 route_entry_t *route;
1749
1750 if (this->routing_table)
1751 {
1752 manage_rule(this, RTM_DELRULE, AF_INET, this->routing_table,
1753 this->routing_table_prio);
1754 manage_rule(this, RTM_DELRULE, AF_INET6, this->routing_table,
1755 this->routing_table_prio);
1756 }
1757 if (this->job)
1758 {
1759 this->job->cancel(this->job);
1760 }
1761 if (this->socket_events > 0)
1762 {
1763 close(this->socket_events);
1764 }
1765 enumerator = this->routes->create_enumerator(this->routes);
1766 while (enumerator->enumerate(enumerator, NULL, (void**)&route))
1767 {
1768 manage_srcroute(this, RTM_DELROUTE, 0, route->dst_net, route->prefixlen,
1769 route->gateway, route->src_ip, route->if_name);
1770 route_entry_destroy(route);
1771 }
1772 enumerator->destroy(enumerator);
1773 this->routes->destroy(this->routes);
1774 DESTROY_IF(this->socket);
1775
1776 net_changes_clear(this);
1777 this->net_changes->destroy(this->net_changes);
1778 this->net_changes_lock->destroy(this->net_changes_lock);
1779
1780 this->ifaces->destroy_function(this->ifaces, (void*)iface_entry_destroy);
1781 this->rt_exclude->destroy(this->rt_exclude);
1782 this->condvar->destroy(this->condvar);
1783 this->mutex->destroy(this->mutex);
1784 free(this);
1785 }
1786
1787 /*
1788 * Described in header.
1789 */
1790 kernel_netlink_net_t *kernel_netlink_net_create()
1791 {
1792 private_kernel_netlink_net_t *this;
1793 enumerator_t *enumerator;
1794 bool register_for_events = TRUE;
1795 char *exclude;
1796
1797 INIT(this,
1798 .public = {
1799 .interface = {
1800 .get_interface = _get_interface_name,
1801 .create_address_enumerator = _create_address_enumerator,
1802 .get_source_addr = _get_source_addr,
1803 .get_nexthop = _get_nexthop,
1804 .add_ip = _add_ip,
1805 .del_ip = _del_ip,
1806 .add_route = _add_route,
1807 .del_route = _del_route,
1808 .destroy = _destroy,
1809 },
1810 },
1811 .socket = netlink_socket_create(NETLINK_ROUTE),
1812 .rt_exclude = linked_list_create(),
1813 .routes = hashtable_create((hashtable_hash_t)route_entry_hash,
1814 (hashtable_equals_t)route_entry_equals, 16),
1815 .net_changes = hashtable_create(
1816 (hashtable_hash_t)net_change_hash,
1817 (hashtable_equals_t)net_change_equals, 16),
1818 .net_changes_lock = mutex_create(MUTEX_TYPE_DEFAULT),
1819 .ifaces = linked_list_create(),
1820 .mutex = mutex_create(MUTEX_TYPE_RECURSIVE),
1821 .condvar = condvar_create(CONDVAR_TYPE_DEFAULT),
1822 .routing_table = lib->settings->get_int(lib->settings,
1823 "%s.routing_table", ROUTING_TABLE, hydra->daemon),
1824 .routing_table_prio = lib->settings->get_int(lib->settings,
1825 "%s.routing_table_prio", ROUTING_TABLE_PRIO, hydra->daemon),
1826 .process_route = lib->settings->get_bool(lib->settings,
1827 "%s.process_route", TRUE, hydra->daemon),
1828 .install_virtual_ip = lib->settings->get_bool(lib->settings,
1829 "%s.install_virtual_ip", TRUE, hydra->daemon),
1830 );
1831 timerclear(&this->last_route_reinstall);
1832 timerclear(&this->last_roam);
1833
1834 if (streq(hydra->daemon, "starter"))
1835 { /* starter has no threads, so we do not register for kernel events */
1836 register_for_events = FALSE;
1837 }
1838
1839 exclude = lib->settings->get_str(lib->settings,
1840 "%s.ignore_routing_tables", NULL, hydra->daemon);
1841 if (exclude)
1842 {
1843 char *token;
1844 uintptr_t table;
1845
1846 enumerator = enumerator_create_token(exclude, " ", " ");
1847 while (enumerator->enumerate(enumerator, &token))
1848 {
1849 errno = 0;
1850 table = strtoul(token, NULL, 10);
1851
1852 if (errno == 0)
1853 {
1854 this->rt_exclude->insert_last(this->rt_exclude, (void*)table);
1855 }
1856 }
1857 enumerator->destroy(enumerator);
1858 }
1859
1860 if (register_for_events)
1861 {
1862 struct sockaddr_nl addr;
1863
1864 memset(&addr, 0, sizeof(addr));
1865 addr.nl_family = AF_NETLINK;
1866
1867 /* create and bind RT socket for events (address/interface/route changes) */
1868 this->socket_events = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
1869 if (this->socket_events < 0)
1870 {
1871 DBG1(DBG_KNL, "unable to create RT event socket");
1872 destroy(this);
1873 return NULL;
1874 }
1875 addr.nl_groups = RTMGRP_IPV4_IFADDR | RTMGRP_IPV6_IFADDR |
1876 RTMGRP_IPV4_ROUTE | RTMGRP_IPV6_ROUTE | RTMGRP_LINK;
1877 if (bind(this->socket_events, (struct sockaddr*)&addr, sizeof(addr)))
1878 {
1879 DBG1(DBG_KNL, "unable to bind RT event socket");
1880 destroy(this);
1881 return NULL;
1882 }
1883
1884 this->job = callback_job_create_with_prio((callback_job_cb_t)receive_events,
1885 this, NULL, NULL, JOB_PRIO_CRITICAL);
1886 lib->processor->queue_job(lib->processor, (job_t*)this->job);
1887 }
1888
1889 if (init_address_list(this) != SUCCESS)
1890 {
1891 DBG1(DBG_KNL, "unable to get interface list");
1892 destroy(this);
1893 return NULL;
1894 }
1895
1896 if (this->routing_table)
1897 {
1898 if (manage_rule(this, RTM_NEWRULE, AF_INET, this->routing_table,
1899 this->routing_table_prio) != SUCCESS)
1900 {
1901 DBG1(DBG_KNL, "unable to create IPv4 routing table rule");
1902 }
1903 if (manage_rule(this, RTM_NEWRULE, AF_INET6, this->routing_table,
1904 this->routing_table_prio) != SUCCESS)
1905 {
1906 DBG1(DBG_KNL, "unable to create IPv6 routing table rule");
1907 }
1908 }
1909
1910 return &this->public;
1911 }
strongSwan - IPsec VPN