projects / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Made create_endpoint_notify_create() private.
[strongswan.git] / src / libhydra / plugins / kernel_netlink / kernel_netlink_net.c
1 /*
2 * Copyright (C) 2008 Tobias Brunner
3 * Copyright (C) 2005-2008 Martin Willi
4 * Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 /*
18 * Copyright (C) 2010 secunet Security Networks AG
19 * Copyright (C) 2010 Thomas Egerer
20 *
21 * Permission is hereby granted, free of charge, to any person obtaining a copy
22 * of this software and associated documentation files (the "Software"), to deal
23 * in the Software without restriction, including without limitation the rights
24 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
25 * copies of the Software, and to permit persons to whom the Software is
26 * furnished to do so, subject to the following conditions:
27 *
28 * The above copyright notice and this permission notice shall be included in
29 * all copies or substantial portions of the Software.
30 *
31 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
32 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
33 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
34 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
35 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
36 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
37 * THE SOFTWARE.
38 */
39
40 #include <sys/socket.h>
41 #include <linux/netlink.h>
42 #include <linux/rtnetlink.h>
43 #include <unistd.h>
44 #include <errno.h>
45 #include <net/if.h>
46
47 #include "kernel_netlink_net.h"
48 #include "kernel_netlink_shared.h"
49
50 #include <hydra.h>
51 #include <debug.h>
52 #include <threading/thread.h>
53 #include <threading/condvar.h>
54 #include <threading/mutex.h>
55 #include <utils/linked_list.h>
56 #include <processing/jobs/callback_job.h>
57
58 /** delay before firing roam events (ms) */
59 #define ROAM_DELAY 100
60
61 typedef struct addr_entry_t addr_entry_t;
62
63 /**
64 * IP address in an inface_entry_t
65 */
66 struct addr_entry_t {
67
68 /** The ip address */
69 host_t *ip;
70
71 /** virtual IP managed by us */
72 bool virtual;
73
74 /** scope of the address */
75 u_char scope;
76
77 /** Number of times this IP is used, if virtual */
78 u_int refcount;
79 };
80
81 /**
82 * destroy a addr_entry_t object
83 */
84 static void addr_entry_destroy(addr_entry_t *this)
85 {
86 this->ip->destroy(this->ip);
87 free(this);
88 }
89
90 typedef struct iface_entry_t iface_entry_t;
91
92 /**
93 * A network interface on this system, containing addr_entry_t's
94 */
95 struct iface_entry_t {
96
97 /** interface index */
98 int ifindex;
99
100 /** name of the interface */
101 char ifname[IFNAMSIZ];
102
103 /** interface flags, as in netdevice(7) SIOCGIFFLAGS */
104 u_int flags;
105
106 /** list of addresses as host_t */
107 linked_list_t *addrs;
108 };
109
110 /**
111 * destroy an interface entry
112 */
113 static void iface_entry_destroy(iface_entry_t *this)
114 {
115 this->addrs->destroy_function(this->addrs, (void*)addr_entry_destroy);
116 free(this);
117 }
118
119 typedef struct private_kernel_netlink_net_t private_kernel_netlink_net_t;
120
121 /**
122 * Private variables and functions of kernel_netlink_net class.
123 */
124 struct private_kernel_netlink_net_t {
125 /**
126 * Public part of the kernel_netlink_net_t object.
127 */
128 kernel_netlink_net_t public;
129
130 /**
131 * mutex to lock access to various lists
132 */
133 mutex_t *mutex;
134
135 /**
136 * condition variable to signal virtual IP add/removal
137 */
138 condvar_t *condvar;
139
140 /**
141 * Cached list of interfaces and its addresses (iface_entry_t)
142 */
143 linked_list_t *ifaces;
144
145 /**
146 * job receiving netlink events
147 */
148 callback_job_t *job;
149
150 /**
151 * netlink rt socket (routing)
152 */
153 netlink_socket_t *socket;
154
155 /**
156 * Netlink rt socket to receive address change events
157 */
158 int socket_events;
159
160 /**
161 * time of the last roam event
162 */
163 timeval_t last_roam;
164
165 /**
166 * routing table to install routes
167 */
168 int routing_table;
169
170 /**
171 * priority of used routing table
172 */
173 int routing_table_prio;
174
175 /**
176 * whether to react to RTM_NEWROUTE or RTM_DELROUTE events
177 */
178 bool process_route;
179
180 /**
181 * whether to actually install virtual IPs
182 */
183 bool install_virtual_ip;
184
185 /**
186 * list with routing tables to be excluded from route lookup
187 */
188 linked_list_t *rt_exclude;
189 };
190
191 /**
192 * get the refcount of a virtual ip
193 */
194 static int get_vip_refcount(private_kernel_netlink_net_t *this, host_t* ip)
195 {
196 enumerator_t *ifaces, *addrs;
197 iface_entry_t *iface;
198 addr_entry_t *addr;
199 int refcount = 0;
200
201 ifaces = this->ifaces->create_enumerator(this->ifaces);
202 while (ifaces->enumerate(ifaces, (void**)&iface))
203 {
204 addrs = iface->addrs->create_enumerator(iface->addrs);
205 while (addrs->enumerate(addrs, (void**)&addr))
206 {
207 if (addr->virtual && (iface->flags & IFF_UP) &&
208 ip->ip_equals(ip, addr->ip))
209 {
210 refcount = addr->refcount;
211 break;
212 }
213 }
214 addrs->destroy(addrs);
215 if (refcount)
216 {
217 break;
218 }
219 }
220 ifaces->destroy(ifaces);
221
222 return refcount;
223 }
224
225 /**
226 * get the first non-virtual ip address on the given interface.
227 * returned host is a clone, has to be freed by caller.
228 */
229 static host_t *get_interface_address(private_kernel_netlink_net_t *this,
230 int ifindex, int family)
231 {
232 enumerator_t *ifaces, *addrs;
233 iface_entry_t *iface;
234 addr_entry_t *addr;
235 host_t *ip = NULL;
236
237 this->mutex->lock(this->mutex);
238 ifaces = this->ifaces->create_enumerator(this->ifaces);
239 while (ifaces->enumerate(ifaces, &iface))
240 {
241 if (iface->ifindex == ifindex)
242 {
243 addrs = iface->addrs->create_enumerator(iface->addrs);
244 while (addrs->enumerate(addrs, &addr))
245 {
246 if (!addr->virtual && addr->ip->get_family(addr->ip) == family)
247 {
248 ip = addr->ip->clone(addr->ip);
249 break;
250 }
251 }
252 addrs->destroy(addrs);
253 break;
254 }
255 }
256 ifaces->destroy(ifaces);
257 this->mutex->unlock(this->mutex);
258 return ip;
259 }
260
261 /**
262 * callback function that raises the delayed roam event
263 */
264 static job_requeue_t roam_event(uintptr_t address)
265 {
266 hydra->kernel_interface->roam(hydra->kernel_interface, address != 0);
267 return JOB_REQUEUE_NONE;
268 }
269
270 /**
271 * fire a roaming event. we delay it for a bit and fire only one event
272 * for multiple calls. otherwise we would create too many events.
273 */
274 static void fire_roam_event(private_kernel_netlink_net_t *this, bool address)
275 {
276 timeval_t now;
277 job_t *job;
278
279 time_monotonic(&now);
280 if (timercmp(&now, &this->last_roam, >))
281 {
282 now.tv_usec += ROAM_DELAY * 1000;
283 while (now.tv_usec > 1000000)
284 {
285 now.tv_sec++;
286 now.tv_usec -= 1000000;
287 }
288 this->last_roam = now;
289
290 job = (job_t*)callback_job_create((callback_job_cb_t)roam_event,
291 (void*)(uintptr_t)(address ? 1 : 0),
292 NULL, NULL);
293 lib->scheduler->schedule_job_ms(lib->scheduler, job, ROAM_DELAY);
294 }
295 }
296
297 /**
298 * process RTM_NEWLINK/RTM_DELLINK from kernel
299 */
300 static void process_link(private_kernel_netlink_net_t *this,
301 struct nlmsghdr *hdr, bool event)
302 {
303 struct ifinfomsg* msg = (struct ifinfomsg*)(NLMSG_DATA(hdr));
304 struct rtattr *rta = IFLA_RTA(msg);
305 size_t rtasize = IFLA_PAYLOAD (hdr);
306 enumerator_t *enumerator;
307 iface_entry_t *current, *entry = NULL;
308 char *name = NULL;
309 bool update = FALSE;
310
311 while(RTA_OK(rta, rtasize))
312 {
313 switch (rta->rta_type)
314 {
315 case IFLA_IFNAME:
316 name = RTA_DATA(rta);
317 break;
318 }
319 rta = RTA_NEXT(rta, rtasize);
320 }
321 if (!name)
322 {
323 name = "(unknown)";
324 }
325
326 this->mutex->lock(this->mutex);
327 switch (hdr->nlmsg_type)
328 {
329 case RTM_NEWLINK:
330 {
331 if (msg->ifi_flags & IFF_LOOPBACK)
332 { /* ignore loopback interfaces */
333 break;
334 }
335 enumerator = this->ifaces->create_enumerator(this->ifaces);
336 while (enumerator->enumerate(enumerator, &current))
337 {
338 if (current->ifindex == msg->ifi_index)
339 {
340 entry = current;
341 break;
342 }
343 }
344 enumerator->destroy(enumerator);
345 if (!entry)
346 {
347 entry = malloc_thing(iface_entry_t);
348 entry->ifindex = msg->ifi_index;
349 entry->flags = 0;
350 entry->addrs = linked_list_create();
351 this->ifaces->insert_last(this->ifaces, entry);
352 }
353 strncpy(entry->ifname, name, IFNAMSIZ);
354 entry->ifname[IFNAMSIZ-1] = '\0';
355 if (event)
356 {
357 if (!(entry->flags & IFF_UP) && (msg->ifi_flags & IFF_UP))
358 {
359 update = TRUE;
360 DBG1(DBG_KNL, "interface %s activated", name);
361 }
362 if ((entry->flags & IFF_UP) && !(msg->ifi_flags & IFF_UP))
363 {
364 update = TRUE;
365 DBG1(DBG_KNL, "interface %s deactivated", name);
366 }
367 }
368 entry->flags = msg->ifi_flags;
369 break;
370 }
371 case RTM_DELLINK:
372 {
373 enumerator = this->ifaces->create_enumerator(this->ifaces);
374 while (enumerator->enumerate(enumerator, &current))
375 {
376 if (current->ifindex == msg->ifi_index)
377 {
378 /* we do not remove it, as an address may be added to a
379 * "down" interface and we wan't to know that. */
380 current->flags = msg->ifi_flags;
381 break;
382 }
383 }
384 enumerator->destroy(enumerator);
385 break;
386 }
387 }
388 this->mutex->unlock(this->mutex);
389
390 /* send an update to all IKE_SAs */
391 if (update && event)
392 {
393 fire_roam_event(this, TRUE);
394 }
395 }
396
397 /**
398 * process RTM_NEWADDR/RTM_DELADDR from kernel
399 */
400 static void process_addr(private_kernel_netlink_net_t *this,
401 struct nlmsghdr *hdr, bool event)
402 {
403 struct ifaddrmsg* msg = (struct ifaddrmsg*)(NLMSG_DATA(hdr));
404 struct rtattr *rta = IFA_RTA(msg);
405 size_t rtasize = IFA_PAYLOAD (hdr);
406 host_t *host = NULL;
407 enumerator_t *ifaces, *addrs;
408 iface_entry_t *iface;
409 addr_entry_t *addr;
410 chunk_t local = chunk_empty, address = chunk_empty;
411 bool update = FALSE, found = FALSE, changed = FALSE;
412
413 while(RTA_OK(rta, rtasize))
414 {
415 switch (rta->rta_type)
416 {
417 case IFA_LOCAL:
418 local.ptr = RTA_DATA(rta);
419 local.len = RTA_PAYLOAD(rta);
420 break;
421 case IFA_ADDRESS:
422 address.ptr = RTA_DATA(rta);
423 address.len = RTA_PAYLOAD(rta);
424 break;
425 }
426 rta = RTA_NEXT(rta, rtasize);
427 }
428
429 /* For PPP interfaces, we need the IFA_LOCAL address,
430 * IFA_ADDRESS is the peers address. But IFA_LOCAL is
431 * not included in all cases (IPv6?), so fallback to IFA_ADDRESS. */
432 if (local.ptr)
433 {
434 host = host_create_from_chunk(msg->ifa_family, local, 0);
435 }
436 else if (address.ptr)
437 {
438 host = host_create_from_chunk(msg->ifa_family, address, 0);
439 }
440
441 if (host == NULL)
442 { /* bad family? */
443 return;
444 }
445
446 this->mutex->lock(this->mutex);
447 ifaces = this->ifaces->create_enumerator(this->ifaces);
448 while (ifaces->enumerate(ifaces, &iface))
449 {
450 if (iface->ifindex == msg->ifa_index)
451 {
452 addrs = iface->addrs->create_enumerator(iface->addrs);
453 while (addrs->enumerate(addrs, &addr))
454 {
455 if (host->ip_equals(host, addr->ip))
456 {
457 found = TRUE;
458 if (hdr->nlmsg_type == RTM_DELADDR)
459 {
460 iface->addrs->remove_at(iface->addrs, addrs);
461 if (!addr->virtual)
462 {
463 changed = TRUE;
464 DBG1(DBG_KNL, "%H disappeared from %s",
465 host, iface->ifname);
466 }
467 addr_entry_destroy(addr);
468 }
469 else if (hdr->nlmsg_type == RTM_NEWADDR && addr->virtual)
470 {
471 addr->refcount = 1;
472 }
473 }
474 }
475 addrs->destroy(addrs);
476
477 if (hdr->nlmsg_type == RTM_NEWADDR)
478 {
479 if (!found)
480 {
481 found = TRUE;
482 changed = TRUE;
483 addr = malloc_thing(addr_entry_t);
484 addr->ip = host->clone(host);
485 addr->virtual = FALSE;
486 addr->refcount = 1;
487 addr->scope = msg->ifa_scope;
488
489 iface->addrs->insert_last(iface->addrs, addr);
490 if (event)
491 {
492 DBG1(DBG_KNL, "%H appeared on %s", host, iface->ifname);
493 }
494 }
495 }
496 if (found && (iface->flags & IFF_UP))
497 {
498 update = TRUE;
499 }
500 break;
501 }
502 }
503 ifaces->destroy(ifaces);
504 this->mutex->unlock(this->mutex);
505 host->destroy(host);
506
507 /* send an update to all IKE_SAs */
508 if (update && event && changed)
509 {
510 fire_roam_event(this, TRUE);
511 }
512 }
513
514 /**
515 * process RTM_NEWROUTE and RTM_DELROUTE from kernel
516 */
517 static void process_route(private_kernel_netlink_net_t *this, struct nlmsghdr *hdr)
518 {
519 struct rtmsg* msg = (struct rtmsg*)(NLMSG_DATA(hdr));
520 struct rtattr *rta = RTM_RTA(msg);
521 size_t rtasize = RTM_PAYLOAD(hdr);
522 u_int32_t rta_oif = 0;
523 host_t *host = NULL;
524
525 /* ignore routes added by us or in the local routing table (local addrs) */
526 if (msg->rtm_table && (msg->rtm_table == this->routing_table ||
527 msg->rtm_table == RT_TABLE_LOCAL))
528 {
529 return;
530 }
531
532 while (RTA_OK(rta, rtasize))
533 {
534 switch (rta->rta_type)
535 {
536 case RTA_PREFSRC:
537 DESTROY_IF(host);
538 host = host_create_from_chunk(msg->rtm_family,
539 chunk_create(RTA_DATA(rta), RTA_PAYLOAD(rta)), 0);
540 break;
541 case RTA_OIF:
542 if (RTA_PAYLOAD(rta) == sizeof(rta_oif))
543 {
544 rta_oif = *(u_int32_t*)RTA_DATA(rta);
545 }
546 break;
547 }
548 rta = RTA_NEXT(rta, rtasize);
549 }
550 if (!host && rta_oif)
551 {
552 host = get_interface_address(this, rta_oif, msg->rtm_family);
553 }
554 if (host)
555 {
556 this->mutex->lock(this->mutex);
557 if (!get_vip_refcount(this, host))
558 { /* ignore routes added for virtual IPs */
559 fire_roam_event(this, FALSE);
560 }
561 this->mutex->unlock(this->mutex);
562 host->destroy(host);
563 }
564 }
565
566 /**
567 * Receives events from kernel
568 */
569 static job_requeue_t receive_events(private_kernel_netlink_net_t *this)
570 {
571 char response[1024];
572 struct nlmsghdr *hdr = (struct nlmsghdr*)response;
573 struct sockaddr_nl addr;
574 socklen_t addr_len = sizeof(addr);
575 int len;
576 bool oldstate;
577
578 oldstate = thread_cancelability(TRUE);
579 len = recvfrom(this->socket_events, response, sizeof(response), 0,
580 (struct sockaddr*)&addr, &addr_len);
581 thread_cancelability(oldstate);
582
583 if (len < 0)
584 {
585 switch (errno)
586 {
587 case EINTR:
588 /* interrupted, try again */
589 return JOB_REQUEUE_DIRECT;
590 case EAGAIN:
591 /* no data ready, select again */
592 return JOB_REQUEUE_DIRECT;
593 default:
594 DBG1(DBG_KNL, "unable to receive from rt event socket");
595 sleep(1);
596 return JOB_REQUEUE_FAIR;
597 }
598 }
599
600 if (addr.nl_pid != 0)
601 { /* not from kernel. not interested, try another one */
602 return JOB_REQUEUE_DIRECT;
603 }
604
605 while (NLMSG_OK(hdr, len))
606 {
607 /* looks good so far, dispatch netlink message */
608 switch (hdr->nlmsg_type)
609 {
610 case RTM_NEWADDR:
611 case RTM_DELADDR:
612 process_addr(this, hdr, TRUE);
613 this->condvar->broadcast(this->condvar);
614 break;
615 case RTM_NEWLINK:
616 case RTM_DELLINK:
617 process_link(this, hdr, TRUE);
618 this->condvar->broadcast(this->condvar);
619 break;
620 case RTM_NEWROUTE:
621 case RTM_DELROUTE:
622 if (this->process_route)
623 {
624 process_route(this, hdr);
625 }
626 break;
627 default:
628 break;
629 }
630 hdr = NLMSG_NEXT(hdr, len);
631 }
632 return JOB_REQUEUE_DIRECT;
633 }
634
635 /** enumerator over addresses */
636 typedef struct {
637 private_kernel_netlink_net_t* this;
638 /** whether to enumerate down interfaces */
639 bool include_down_ifaces;
640 /** whether to enumerate virtual ip addresses */
641 bool include_virtual_ips;
642 } address_enumerator_t;
643
644 /**
645 * cleanup function for address enumerator
646 */
647 static void address_enumerator_destroy(address_enumerator_t *data)
648 {
649 data->this->mutex->unlock(data->this->mutex);
650 free(data);
651 }
652
653 /**
654 * filter for addresses
655 */
656 static bool filter_addresses(address_enumerator_t *data,
657 addr_entry_t** in, host_t** out)
658 {
659 if (!data->include_virtual_ips && (*in)->virtual)
660 { /* skip virtual interfaces added by us */
661 return FALSE;
662 }
663 if ((*in)->scope >= RT_SCOPE_LINK)
664 { /* skip addresses with a unusable scope */
665 return FALSE;
666 }
667 *out = (*in)->ip;
668 return TRUE;
669 }
670
671 /**
672 * enumerator constructor for interfaces
673 */
674 static enumerator_t *create_iface_enumerator(iface_entry_t *iface,
675 address_enumerator_t *data)
676 {
677 return enumerator_create_filter(
678 iface->addrs->create_enumerator(iface->addrs),
679 (void*)filter_addresses, data, NULL);
680 }
681
682 /**
683 * filter for interfaces
684 */
685 static bool filter_interfaces(address_enumerator_t *data, iface_entry_t** in,
686 iface_entry_t** out)
687 {
688 if (!data->include_down_ifaces && !((*in)->flags & IFF_UP))
689 { /* skip interfaces not up */
690 return FALSE;
691 }
692 *out = *in;
693 return TRUE;
694 }
695
696 METHOD(kernel_net_t, create_address_enumerator, enumerator_t*,
697 private_kernel_netlink_net_t *this,
698 bool include_down_ifaces, bool include_virtual_ips)
699 {
700 address_enumerator_t *data = malloc_thing(address_enumerator_t);
701 data->this = this;
702 data->include_down_ifaces = include_down_ifaces;
703 data->include_virtual_ips = include_virtual_ips;
704
705 this->mutex->lock(this->mutex);
706 return enumerator_create_nested(
707 enumerator_create_filter(
708 this->ifaces->create_enumerator(this->ifaces),
709 (void*)filter_interfaces, data, NULL),
710 (void*)create_iface_enumerator, data,
711 (void*)address_enumerator_destroy);
712 }
713
714 METHOD(kernel_net_t, get_interface_name, char*,
715 private_kernel_netlink_net_t *this, host_t* ip)
716 {
717 enumerator_t *ifaces, *addrs;
718 iface_entry_t *iface;
719 addr_entry_t *addr;
720 char *name = NULL;
721
722 DBG2(DBG_KNL, "getting interface name for %H", ip);
723
724 this->mutex->lock(this->mutex);
725 ifaces = this->ifaces->create_enumerator(this->ifaces);
726 while (ifaces->enumerate(ifaces, &iface))
727 {
728 addrs = iface->addrs->create_enumerator(iface->addrs);
729 while (addrs->enumerate(addrs, &addr))
730 {
731 if (ip->ip_equals(ip, addr->ip))
732 {
733 name = strdup(iface->ifname);
734 break;
735 }
736 }
737 addrs->destroy(addrs);
738 if (name)
739 {
740 break;
741 }
742 }
743 ifaces->destroy(ifaces);
744 this->mutex->unlock(this->mutex);
745
746 if (name)
747 {
748 DBG2(DBG_KNL, "%H is on interface %s", ip, name);
749 }
750 else
751 {
752 DBG2(DBG_KNL, "%H is not a local address", ip);
753 }
754 return name;
755 }
756
757 /**
758 * get the index of an interface by name
759 */
760 static int get_interface_index(private_kernel_netlink_net_t *this, char* name)
761 {
762 enumerator_t *ifaces;
763 iface_entry_t *iface;
764 int ifindex = 0;
765
766 DBG2(DBG_KNL, "getting iface index for %s", name);
767
768 this->mutex->lock(this->mutex);
769 ifaces = this->ifaces->create_enumerator(this->ifaces);
770 while (ifaces->enumerate(ifaces, &iface))
771 {
772 if (streq(name, iface->ifname))
773 {
774 ifindex = iface->ifindex;
775 break;
776 }
777 }
778 ifaces->destroy(ifaces);
779 this->mutex->unlock(this->mutex);
780
781 if (ifindex == 0)
782 {
783 DBG1(DBG_KNL, "unable to get interface index for %s", name);
784 }
785 return ifindex;
786 }
787
788 /**
789 * Check if an interface with a given index is up
790 */
791 static bool is_interface_up(private_kernel_netlink_net_t *this, int index)
792 {
793 enumerator_t *ifaces;
794 iface_entry_t *iface;
795 /* default to TRUE for interface we do not monitor (e.g. lo) */
796 bool up = TRUE;
797
798 ifaces = this->ifaces->create_enumerator(this->ifaces);
799 while (ifaces->enumerate(ifaces, &iface))
800 {
801 if (iface->ifindex == index)
802 {
803 up = iface->flags & IFF_UP;
804 break;
805 }
806 }
807 ifaces->destroy(ifaces);
808 return up;
809 }
810
811 /**
812 * check if an address (chunk) addr is in subnet (net with net_len net bits)
813 */
814 static bool addr_in_subnet(chunk_t addr, chunk_t net, int net_len)
815 {
816 static const u_char mask[] = { 0x00, 0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe };
817 int byte = 0;
818
819 if (net_len == 0)
820 { /* any address matches a /0 network */
821 return TRUE;
822 }
823 if (addr.len != net.len || net_len > 8 * net.len )
824 {
825 return FALSE;
826 }
827 /* scan through all bytes in network order */
828 while (net_len > 0)
829 {
830 if (net_len < 8)
831 {
832 return (mask[net_len] & addr.ptr[byte]) == (mask[net_len] & net.ptr[byte]);
833 }
834 else
835 {
836 if (addr.ptr[byte] != net.ptr[byte])
837 {
838 return FALSE;
839 }
840 byte++;
841 net_len -= 8;
842 }
843 }
844 return TRUE;
845 }
846
847 /**
848 * Get a route: If "nexthop", the nexthop is returned. source addr otherwise.
849 */
850 static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest,
851 bool nexthop, host_t *candidate)
852 {
853 netlink_buf_t request;
854 struct nlmsghdr *hdr, *out, *current;
855 struct rtmsg *msg;
856 chunk_t chunk;
857 size_t len;
858 int best = -1;
859 enumerator_t *enumerator;
860 host_t *src = NULL, *gtw = NULL;
861
862 DBG2(DBG_KNL, "getting address to reach %H", dest);
863
864 memset(&request, 0, sizeof(request));
865
866 hdr = (struct nlmsghdr*)request;
867 hdr->nlmsg_flags = NLM_F_REQUEST;
868 if (dest->get_family(dest) == AF_INET)
869 {
870 /* We dump all addresses for IPv4, as we want to ignore IPsec specific
871 * routes installed by us. But the kernel does not return source
872 * addresses in a IPv6 dump, so fall back to get() for v6 routes. */
873 hdr->nlmsg_flags |= NLM_F_ROOT | NLM_F_DUMP;
874 }
875 hdr->nlmsg_type = RTM_GETROUTE;
876 hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct rtmsg));
877
878 msg = (struct rtmsg*)NLMSG_DATA(hdr);
879 msg->rtm_family = dest->get_family(dest);
880 if (candidate)
881 {
882 chunk = candidate->get_address(candidate);
883 netlink_add_attribute(hdr, RTA_PREFSRC, chunk, sizeof(request));
884 }
885 chunk = dest->get_address(dest);
886 netlink_add_attribute(hdr, RTA_DST, chunk, sizeof(request));
887
888 if (this->socket->send(this->socket, hdr, &out, &len) != SUCCESS)
889 {
890 DBG1(DBG_KNL, "getting address to %H failed", dest);
891 return NULL;
892 }
893 this->mutex->lock(this->mutex);
894
895 for (current = out; NLMSG_OK(current, len);
896 current = NLMSG_NEXT(current, len))
897 {
898 switch (current->nlmsg_type)
899 {
900 case NLMSG_DONE:
901 break;
902 case RTM_NEWROUTE:
903 {
904 struct rtattr *rta;
905 size_t rtasize;
906 chunk_t rta_gtw, rta_src, rta_dst;
907 u_int32_t rta_oif = 0, rta_table;
908 host_t *new_src, *new_gtw;
909 bool cont = FALSE;
910 uintptr_t table;
911
912 rta_gtw = rta_src = rta_dst = chunk_empty;
913 msg = (struct rtmsg*)(NLMSG_DATA(current));
914 rta = RTM_RTA(msg);
915 rtasize = RTM_PAYLOAD(current);
916 rta_table = msg->rtm_table;
917 while (RTA_OK(rta, rtasize))
918 {
919 switch (rta->rta_type)
920 {
921 case RTA_PREFSRC:
922 rta_src = chunk_create(RTA_DATA(rta), RTA_PAYLOAD(rta));
923 break;
924 case RTA_GATEWAY:
925 rta_gtw = chunk_create(RTA_DATA(rta), RTA_PAYLOAD(rta));
926 break;
927 case RTA_DST:
928 rta_dst = chunk_create(RTA_DATA(rta), RTA_PAYLOAD(rta));
929 break;
930 case RTA_OIF:
931 if (RTA_PAYLOAD(rta) == sizeof(rta_oif))
932 {
933 rta_oif = *(u_int32_t*)RTA_DATA(rta);
934 }
935 break;
936 case RTA_TABLE:
937 if (RTA_PAYLOAD(rta) == sizeof(rta_table))
938 {
939 rta_table = *(u_int32_t*)RTA_DATA(rta);
940 }
941 break;
942 }
943 rta = RTA_NEXT(rta, rtasize);
944 }
945 if (msg->rtm_dst_len <= best)
946 { /* not better than a previous one */
947 continue;
948 }
949 enumerator = this->rt_exclude->create_enumerator(this->rt_exclude);
950 while (enumerator->enumerate(enumerator, &table))
951 {
952 if (table == rta_table)
953 {
954 cont = TRUE;
955 break;
956 }
957 }
958 enumerator->destroy(enumerator);
959 if (cont)
960 {
961 continue;
962 }
963 if (this->routing_table != 0 &&
964 rta_table == this->routing_table)
965 { /* route is from our own ipsec routing table */
966 continue;
967 }
968 if (rta_oif && !is_interface_up(this, rta_oif))
969 { /* interface is down */
970 continue;
971 }
972 if (!addr_in_subnet(chunk, rta_dst, msg->rtm_dst_len))
973 { /* route destination does not contain dest */
974 continue;
975 }
976
977 if (nexthop)
978 {
979 /* nexthop lookup, return gateway if any */
980 DESTROY_IF(gtw);
981 gtw = host_create_from_chunk(msg->rtm_family, rta_gtw, 0);
982 best = msg->rtm_dst_len;
983 continue;
984 }
985 if (rta_src.ptr)
986 { /* got a source address */
987 new_src = host_create_from_chunk(msg->rtm_family, rta_src, 0);
988 if (new_src)
989 {
990 if (get_vip_refcount(this, new_src))
991 { /* skip source address if it is installed by us */
992 new_src->destroy(new_src);
993 }
994 else
995 {
996 DESTROY_IF(src);
997 src = new_src;
998 best = msg->rtm_dst_len;
999 }
1000 }
1001 continue;
1002 }
1003 if (rta_oif)
1004 { /* no src or gtw, but an interface. Get address from it. */
1005 new_src = get_interface_address(this, rta_oif,
1006 msg->rtm_family);
1007 if (new_src)
1008 {
1009 DESTROY_IF(src);
1010 src = new_src;
1011 best = msg->rtm_dst_len;
1012 }
1013 continue;
1014 }
1015 if (rta_gtw.ptr)
1016 { /* no source, but a gateway. Lookup source to reach gtw. */
1017 new_gtw = host_create_from_chunk(msg->rtm_family, rta_gtw, 0);
1018 new_src = get_route(this, new_gtw, FALSE, candidate);
1019 new_gtw->destroy(new_gtw);
1020 if (new_src)
1021 {
1022 DESTROY_IF(src);
1023 src = new_src;
1024 best = msg->rtm_dst_len;
1025 }
1026 continue;
1027 }
1028 continue;
1029 }
1030 default:
1031 continue;
1032 }
1033 break;
1034 }
1035 free(out);
1036 this->mutex->unlock(this->mutex);
1037
1038 if (nexthop)
1039 {
1040 if (gtw)
1041 {
1042 return gtw;
1043 }
1044 return dest->clone(dest);
1045 }
1046 return src;
1047 }
1048
1049 METHOD(kernel_net_t, get_source_addr, host_t*,
1050 private_kernel_netlink_net_t *this, host_t *dest, host_t *src)
1051 {
1052 return get_route(this, dest, FALSE, src);
1053 }
1054
1055 METHOD(kernel_net_t, get_nexthop, host_t*,
1056 private_kernel_netlink_net_t *this, host_t *dest)
1057 {
1058 return get_route(this, dest, TRUE, NULL);
1059 }
1060
1061 /**
1062 * Manages the creation and deletion of ip addresses on an interface.
1063 * By setting the appropriate nlmsg_type, the ip will be set or unset.
1064 */
1065 static status_t manage_ipaddr(private_kernel_netlink_net_t *this, int nlmsg_type,
1066 int flags, int if_index, host_t *ip)
1067 {
1068 netlink_buf_t request;
1069 struct nlmsghdr *hdr;
1070 struct ifaddrmsg *msg;
1071 chunk_t chunk;
1072
1073 memset(&request, 0, sizeof(request));
1074
1075 chunk = ip->get_address(ip);
1076
1077 hdr = (struct nlmsghdr*)request;
1078 hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK | flags;
1079 hdr->nlmsg_type = nlmsg_type;
1080 hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct ifaddrmsg));
1081
1082 msg = (struct ifaddrmsg*)NLMSG_DATA(hdr);
1083 msg->ifa_family = ip->get_family(ip);
1084 msg->ifa_flags = 0;
1085 msg->ifa_prefixlen = 8 * chunk.len;
1086 msg->ifa_scope = RT_SCOPE_UNIVERSE;
1087 msg->ifa_index = if_index;
1088
1089 netlink_add_attribute(hdr, IFA_LOCAL, chunk, sizeof(request));
1090
1091 return this->socket->send_ack(this->socket, hdr);
1092 }
1093
1094 METHOD(kernel_net_t, add_ip, status_t,
1095 private_kernel_netlink_net_t *this, host_t *virtual_ip, host_t *iface_ip)
1096 {
1097 iface_entry_t *iface;
1098 addr_entry_t *addr;
1099 enumerator_t *addrs, *ifaces;
1100 int ifindex;
1101
1102 if (!this->install_virtual_ip)
1103 { /* disabled by config */
1104 return SUCCESS;
1105 }
1106
1107 DBG2(DBG_KNL, "adding virtual IP %H", virtual_ip);
1108
1109 this->mutex->lock(this->mutex);
1110 ifaces = this->ifaces->create_enumerator(this->ifaces);
1111 while (ifaces->enumerate(ifaces, &iface))
1112 {
1113 bool iface_found = FALSE;
1114
1115 addrs = iface->addrs->create_enumerator(iface->addrs);
1116 while (addrs->enumerate(addrs, &addr))
1117 {
1118 if (iface_ip->ip_equals(iface_ip, addr->ip))
1119 {
1120 iface_found = TRUE;
1121 }
1122 else if (virtual_ip->ip_equals(virtual_ip, addr->ip))
1123 {
1124 addr->refcount++;
1125 DBG2(DBG_KNL, "virtual IP %H already installed on %s",
1126 virtual_ip, iface->ifname);
1127 addrs->destroy(addrs);
1128 ifaces->destroy(ifaces);
1129 this->mutex->unlock(this->mutex);
1130 return SUCCESS;
1131 }
1132 }
1133 addrs->destroy(addrs);
1134
1135 if (iface_found)
1136 {
1137 ifindex = iface->ifindex;
1138 addr = malloc_thing(addr_entry_t);
1139 addr->ip = virtual_ip->clone(virtual_ip);
1140 addr->refcount = 0;
1141 addr->virtual = TRUE;
1142 addr->scope = RT_SCOPE_UNIVERSE;
1143 iface->addrs->insert_last(iface->addrs, addr);
1144
1145 if (manage_ipaddr(this, RTM_NEWADDR, NLM_F_CREATE | NLM_F_EXCL,
1146 ifindex, virtual_ip) == SUCCESS)
1147 {
1148 while (get_vip_refcount(this, virtual_ip) == 0)
1149 { /* wait until address appears */
1150 this->condvar->wait(this->condvar, this->mutex);
1151 }
1152 ifaces->destroy(ifaces);
1153 this->mutex->unlock(this->mutex);
1154 return SUCCESS;
1155 }
1156 ifaces->destroy(ifaces);
1157 this->mutex->unlock(this->mutex);
1158 DBG1(DBG_KNL, "adding virtual IP %H failed", virtual_ip);
1159 return FAILED;
1160 }
1161 }
1162 ifaces->destroy(ifaces);
1163 this->mutex->unlock(this->mutex);
1164
1165 DBG1(DBG_KNL, "interface address %H not found, unable to install"
1166 "virtual IP %H", iface_ip, virtual_ip);
1167 return FAILED;
1168 }
1169
1170 METHOD(kernel_net_t, del_ip, status_t,
1171 private_kernel_netlink_net_t *this, host_t *virtual_ip)
1172 {
1173 iface_entry_t *iface;
1174 addr_entry_t *addr;
1175 enumerator_t *addrs, *ifaces;
1176 status_t status;
1177 int ifindex;
1178
1179 if (!this->install_virtual_ip)
1180 { /* disabled by config */
1181 return SUCCESS;
1182 }
1183
1184 DBG2(DBG_KNL, "deleting virtual IP %H", virtual_ip);
1185
1186 this->mutex->lock(this->mutex);
1187 ifaces = this->ifaces->create_enumerator(this->ifaces);
1188 while (ifaces->enumerate(ifaces, &iface))
1189 {
1190 addrs = iface->addrs->create_enumerator(iface->addrs);
1191 while (addrs->enumerate(addrs, &addr))
1192 {
1193 if (virtual_ip->ip_equals(virtual_ip, addr->ip))
1194 {
1195 ifindex = iface->ifindex;
1196 if (addr->refcount == 1)
1197 {
1198 status = manage_ipaddr(this, RTM_DELADDR, 0,
1199 ifindex, virtual_ip);
1200 if (status == SUCCESS)
1201 { /* wait until the address is really gone */
1202 while (get_vip_refcount(this, virtual_ip) > 0)
1203 {
1204 this->condvar->wait(this->condvar, this->mutex);
1205 }
1206 }
1207 addrs->destroy(addrs);
1208 ifaces->destroy(ifaces);
1209 this->mutex->unlock(this->mutex);
1210 return status;
1211 }
1212 else
1213 {
1214 addr->refcount--;
1215 }
1216 DBG2(DBG_KNL, "virtual IP %H used by other SAs, not deleting",
1217 virtual_ip);
1218 addrs->destroy(addrs);
1219 ifaces->destroy(ifaces);
1220 this->mutex->unlock(this->mutex);
1221 return SUCCESS;
1222 }
1223 }
1224 addrs->destroy(addrs);
1225 }
1226 ifaces->destroy(ifaces);
1227 this->mutex->unlock(this->mutex);
1228
1229 DBG2(DBG_KNL, "virtual IP %H not cached, unable to delete", virtual_ip);
1230 return FAILED;
1231 }
1232
1233 /**
1234 * Manages source routes in the routing table.
1235 * By setting the appropriate nlmsg_type, the route gets added or removed.
1236 */
1237 static status_t manage_srcroute(private_kernel_netlink_net_t *this, int nlmsg_type,
1238 int flags, chunk_t dst_net, u_int8_t prefixlen,
1239 host_t *gateway, host_t *src_ip, char *if_name)
1240 {
1241 netlink_buf_t request;
1242 struct nlmsghdr *hdr;
1243 struct rtmsg *msg;
1244 int ifindex;
1245 chunk_t chunk;
1246
1247 /* if route is 0.0.0.0/0, we can't install it, as it would
1248 * overwrite the default route. Instead, we add two routes:
1249 * 0.0.0.0/1 and 128.0.0.0/1 */
1250 if (this->routing_table == 0 && prefixlen == 0)
1251 {
1252 chunk_t half_net;
1253 u_int8_t half_prefixlen;
1254 status_t status;
1255
1256 half_net = chunk_alloca(dst_net.len);
1257 memset(half_net.ptr, 0, half_net.len);
1258 half_prefixlen = 1;
1259
1260 status = manage_srcroute(this, nlmsg_type, flags, half_net, half_prefixlen,
1261 gateway, src_ip, if_name);
1262 half_net.ptr[0] |= 0x80;
1263 status = manage_srcroute(this, nlmsg_type, flags, half_net, half_prefixlen,
1264 gateway, src_ip, if_name);
1265 return status;
1266 }
1267
1268 memset(&request, 0, sizeof(request));
1269
1270 hdr = (struct nlmsghdr*)request;
1271 hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK | flags;
1272 hdr->nlmsg_type = nlmsg_type;
1273 hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct rtmsg));
1274
1275 msg = (struct rtmsg*)NLMSG_DATA(hdr);
1276 msg->rtm_family = src_ip->get_family(src_ip);
1277 msg->rtm_dst_len = prefixlen;
1278 msg->rtm_table = this->routing_table;
1279 msg->rtm_protocol = RTPROT_STATIC;
1280 msg->rtm_type = RTN_UNICAST;
1281 msg->rtm_scope = RT_SCOPE_UNIVERSE;
1282
1283 netlink_add_attribute(hdr, RTA_DST, dst_net, sizeof(request));
1284 chunk = src_ip->get_address(src_ip);
1285 netlink_add_attribute(hdr, RTA_PREFSRC, chunk, sizeof(request));
1286 if (gateway && gateway->get_family(gateway) == src_ip->get_family(src_ip))
1287 {
1288 chunk = gateway->get_address(gateway);
1289 netlink_add_attribute(hdr, RTA_GATEWAY, chunk, sizeof(request));
1290 }
1291 ifindex = get_interface_index(this, if_name);
1292 chunk.ptr = (char*)&ifindex;
1293 chunk.len = sizeof(ifindex);
1294 netlink_add_attribute(hdr, RTA_OIF, chunk, sizeof(request));
1295
1296 return this->socket->send_ack(this->socket, hdr);
1297 }
1298
1299 METHOD(kernel_net_t, add_route, status_t,
1300 private_kernel_netlink_net_t *this, chunk_t dst_net, u_int8_t prefixlen,
1301 host_t *gateway, host_t *src_ip, char *if_name)
1302 {
1303 return manage_srcroute(this, RTM_NEWROUTE, NLM_F_CREATE | NLM_F_EXCL,
1304 dst_net, prefixlen, gateway, src_ip, if_name);
1305 }
1306
1307 METHOD(kernel_net_t, del_route, status_t,
1308 private_kernel_netlink_net_t *this, chunk_t dst_net, u_int8_t prefixlen,
1309 host_t *gateway, host_t *src_ip, char *if_name)
1310 {
1311 return manage_srcroute(this, RTM_DELROUTE, 0, dst_net, prefixlen,
1312 gateway, src_ip, if_name);
1313 }
1314
1315 /**
1316 * Initialize a list of local addresses.
1317 */
1318 static status_t init_address_list(private_kernel_netlink_net_t *this)
1319 {
1320 netlink_buf_t request;
1321 struct nlmsghdr *out, *current, *in;
1322 struct rtgenmsg *msg;
1323 size_t len;
1324 enumerator_t *ifaces, *addrs;
1325 iface_entry_t *iface;
1326 addr_entry_t *addr;
1327
1328 DBG1(DBG_KNL, "listening on interfaces:");
1329
1330 memset(&request, 0, sizeof(request));
1331
1332 in = (struct nlmsghdr*)&request;
1333 in->nlmsg_len = NLMSG_LENGTH(sizeof(struct rtgenmsg));
1334 in->nlmsg_flags = NLM_F_REQUEST | NLM_F_MATCH | NLM_F_ROOT;
1335 msg = (struct rtgenmsg*)NLMSG_DATA(in);
1336 msg->rtgen_family = AF_UNSPEC;
1337
1338 /* get all links */
1339 in->nlmsg_type = RTM_GETLINK;
1340 if (this->socket->send(this->socket, in, &out, &len) != SUCCESS)
1341 {
1342 return FAILED;
1343 }
1344 current = out;
1345 while (NLMSG_OK(current, len))
1346 {
1347 switch (current->nlmsg_type)
1348 {
1349 case NLMSG_DONE:
1350 break;
1351 case RTM_NEWLINK:
1352 process_link(this, current, FALSE);
1353 /* fall through */
1354 default:
1355 current = NLMSG_NEXT(current, len);
1356 continue;
1357 }
1358 break;
1359 }
1360 free(out);
1361
1362 /* get all interface addresses */
1363 in->nlmsg_type = RTM_GETADDR;
1364 if (this->socket->send(this->socket, in, &out, &len) != SUCCESS)
1365 {
1366 return FAILED;
1367 }
1368 current = out;
1369 while (NLMSG_OK(current, len))
1370 {
1371 switch (current->nlmsg_type)
1372 {
1373 case NLMSG_DONE:
1374 break;
1375 case RTM_NEWADDR:
1376 process_addr(this, current, FALSE);
1377 /* fall through */
1378 default:
1379 current = NLMSG_NEXT(current, len);
1380 continue;
1381 }
1382 break;
1383 }
1384 free(out);
1385
1386 this->mutex->lock(this->mutex);
1387 ifaces = this->ifaces->create_enumerator(this->ifaces);
1388 while (ifaces->enumerate(ifaces, &iface))
1389 {
1390 if (iface->flags & IFF_UP)
1391 {
1392 DBG1(DBG_KNL, " %s", iface->ifname);
1393 addrs = iface->addrs->create_enumerator(iface->addrs);
1394 while (addrs->enumerate(addrs, (void**)&addr))
1395 {
1396 DBG1(DBG_KNL, " %H", addr->ip);
1397 }
1398 addrs->destroy(addrs);
1399 }
1400 }
1401 ifaces->destroy(ifaces);
1402 this->mutex->unlock(this->mutex);
1403 return SUCCESS;
1404 }
1405
1406 /**
1407 * create or delete a rule to use our routing table
1408 */
1409 static status_t manage_rule(private_kernel_netlink_net_t *this, int nlmsg_type,
1410 int family, u_int32_t table, u_int32_t prio)
1411 {
1412 netlink_buf_t request;
1413 struct nlmsghdr *hdr;
1414 struct rtmsg *msg;
1415 chunk_t chunk;
1416
1417 memset(&request, 0, sizeof(request));
1418 hdr = (struct nlmsghdr*)request;
1419 hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK;
1420 hdr->nlmsg_type = nlmsg_type;
1421 if (nlmsg_type == RTM_NEWRULE)
1422 {
1423 hdr->nlmsg_flags |= NLM_F_CREATE | NLM_F_EXCL;
1424 }
1425 hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct rtmsg));
1426
1427 msg = (struct rtmsg*)NLMSG_DATA(hdr);
1428 msg->rtm_table = table;
1429 msg->rtm_family = family;
1430 msg->rtm_protocol = RTPROT_BOOT;
1431 msg->rtm_scope = RT_SCOPE_UNIVERSE;
1432 msg->rtm_type = RTN_UNICAST;
1433
1434 chunk = chunk_from_thing(prio);
1435 netlink_add_attribute(hdr, RTA_PRIORITY, chunk, sizeof(request));
1436
1437 return this->socket->send_ack(this->socket, hdr);
1438 }
1439
1440 METHOD(kernel_net_t, destroy, void,
1441 private_kernel_netlink_net_t *this)
1442 {
1443 if (this->routing_table)
1444 {
1445 manage_rule(this, RTM_DELRULE, AF_INET, this->routing_table,
1446 this->routing_table_prio);
1447 manage_rule(this, RTM_DELRULE, AF_INET6, this->routing_table,
1448 this->routing_table_prio);
1449 }
1450 if (this->job)
1451 {
1452 this->job->cancel(this->job);
1453 }
1454 if (this->socket_events > 0)
1455 {
1456 close(this->socket_events);
1457 }
1458 DESTROY_IF(this->socket);
1459 this->ifaces->destroy_function(this->ifaces, (void*)iface_entry_destroy);
1460 this->rt_exclude->destroy(this->rt_exclude);
1461 this->condvar->destroy(this->condvar);
1462 this->mutex->destroy(this->mutex);
1463 free(this);
1464 }
1465
1466 /*
1467 * Described in header.
1468 */
1469 kernel_netlink_net_t *kernel_netlink_net_create()
1470 {
1471 private_kernel_netlink_net_t *this;
1472 struct sockaddr_nl addr;
1473 enumerator_t *enumerator;
1474 char *exclude;
1475
1476 INIT(this,
1477 .public = {
1478 .interface = {
1479 .get_interface = _get_interface_name,
1480 .create_address_enumerator = _create_address_enumerator,
1481 .get_source_addr = _get_source_addr,
1482 .get_nexthop = _get_nexthop,
1483 .add_ip = _add_ip,
1484 .del_ip = _del_ip,
1485 .add_route = _add_route,
1486 .del_route = _del_route,
1487 .destroy = _destroy,
1488 },
1489 },
1490 .socket = netlink_socket_create(NETLINK_ROUTE),
1491 .rt_exclude = linked_list_create(),
1492 .ifaces = linked_list_create(),
1493 .mutex = mutex_create(MUTEX_TYPE_RECURSIVE),
1494 .condvar = condvar_create(CONDVAR_TYPE_DEFAULT),
1495 .routing_table = lib->settings->get_int(lib->settings,
1496 "%s.routing_table", ROUTING_TABLE, hydra->daemon),
1497 .routing_table_prio = lib->settings->get_int(lib->settings,
1498 "%s.routing_table_prio", ROUTING_TABLE_PRIO, hydra->daemon),
1499 .process_route = lib->settings->get_bool(lib->settings,
1500 "%s.process_route", TRUE, hydra->daemon),
1501 .install_virtual_ip = lib->settings->get_bool(lib->settings,
1502 "%s.install_virtual_ip", TRUE, hydra->daemon),
1503 );
1504 timerclear(&this->last_roam);
1505
1506 exclude = lib->settings->get_str(lib->settings,
1507 "%s.ignore_routing_tables", NULL, hydra->daemon);
1508 if (exclude)
1509 {
1510 char *token;
1511 uintptr_t table;
1512
1513 enumerator = enumerator_create_token(exclude, " ", " ");
1514 while (enumerator->enumerate(enumerator, &token))
1515 {
1516 errno = 0;
1517 table = strtoul(token, NULL, 10);
1518
1519 if (errno == 0)
1520 {
1521 this->rt_exclude->insert_last(this->rt_exclude, (void*)table);
1522 }
1523 }
1524 enumerator->destroy(enumerator);
1525 }
1526
1527 memset(&addr, 0, sizeof(addr));
1528 addr.nl_family = AF_NETLINK;
1529
1530 /* create and bind RT socket for events (address/interface/route changes) */
1531 this->socket_events = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
1532 if (this->socket_events < 0)
1533 {
1534 DBG1(DBG_KNL, "unable to create RT event socket");
1535 destroy(this);
1536 return NULL;
1537 }
1538 addr.nl_groups = RTMGRP_IPV4_IFADDR | RTMGRP_IPV6_IFADDR |
1539 RTMGRP_IPV4_ROUTE | RTMGRP_IPV4_ROUTE | RTMGRP_LINK;
1540 if (bind(this->socket_events, (struct sockaddr*)&addr, sizeof(addr)))
1541 {
1542 DBG1(DBG_KNL, "unable to bind RT event socket");
1543 destroy(this);
1544 return NULL;
1545 }
1546
1547 this->job = callback_job_create_with_prio((callback_job_cb_t)receive_events,
1548 this, NULL, NULL, JOB_PRIO_CRITICAL);
1549 lib->processor->queue_job(lib->processor, (job_t*)this->job);
1550
1551 if (init_address_list(this) != SUCCESS)
1552 {
1553 DBG1(DBG_KNL, "unable to get interface list");
1554 destroy(this);
1555 return NULL;
1556 }
1557
1558 if (this->routing_table)
1559 {
1560 if (manage_rule(this, RTM_NEWRULE, AF_INET, this->routing_table,
1561 this->routing_table_prio) != SUCCESS)
1562 {
1563 DBG1(DBG_KNL, "unable to create IPv4 routing table rule");
1564 }
1565 if (manage_rule(this, RTM_NEWRULE, AF_INET6, this->routing_table,
1566 this->routing_table_prio) != SUCCESS)
1567 {
1568 DBG1(DBG_KNL, "unable to create IPv6 routing table rule");
1569 }
1570 }
1571
1572 return &this->public;
1573 }
strongSwan - IPsec VPN