projects / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Charon specific strongswan.conf options generalized.
[strongswan.git] / src / libhydra / plugins / kernel_netlink / kernel_netlink_net.c
1 /*
2 * Copyright (C) 2008 Tobias Brunner
3 * Copyright (C) 2005-2008 Martin Willi
4 * Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 /*
18 * Copyright (C) 2010 secunet Security Networks AG
19 * Copyright (C) 2010 Thomas Egerer
20 *
21 * Permission is hereby granted, free of charge, to any person obtaining a copy
22 * of this software and associated documentation files (the "Software"), to deal
23 * in the Software without restriction, including without limitation the rights
24 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
25 * copies of the Software, and to permit persons to whom the Software is
26 * furnished to do so, subject to the following conditions:
27 *
28 * The above copyright notice and this permission notice shall be included in
29 * all copies or substantial portions of the Software.
30 *
31 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
32 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
33 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
34 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
35 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
36 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
37 * THE SOFTWARE.
38 */
39
40 #include <sys/socket.h>
41 #include <linux/netlink.h>
42 #include <linux/rtnetlink.h>
43 #include <unistd.h>
44 #include <errno.h>
45 #include <net/if.h>
46
47 #include "kernel_netlink_net.h"
48 #include "kernel_netlink_shared.h"
49
50 #include <hydra.h>
51 #include <debug.h>
52 #include <threading/thread.h>
53 #include <threading/condvar.h>
54 #include <threading/mutex.h>
55 #include <utils/linked_list.h>
56 #include <processing/jobs/callback_job.h>
57
58 /** delay before firing roam events (ms) */
59 #define ROAM_DELAY 100
60
61 typedef struct addr_entry_t addr_entry_t;
62
63 /**
64 * IP address in an inface_entry_t
65 */
66 struct addr_entry_t {
67
68 /** The ip address */
69 host_t *ip;
70
71 /** virtual IP managed by us */
72 bool virtual;
73
74 /** scope of the address */
75 u_char scope;
76
77 /** Number of times this IP is used, if virtual */
78 u_int refcount;
79 };
80
81 /**
82 * destroy a addr_entry_t object
83 */
84 static void addr_entry_destroy(addr_entry_t *this)
85 {
86 this->ip->destroy(this->ip);
87 free(this);
88 }
89
90 typedef struct iface_entry_t iface_entry_t;
91
92 /**
93 * A network interface on this system, containing addr_entry_t's
94 */
95 struct iface_entry_t {
96
97 /** interface index */
98 int ifindex;
99
100 /** name of the interface */
101 char ifname[IFNAMSIZ];
102
103 /** interface flags, as in netdevice(7) SIOCGIFFLAGS */
104 u_int flags;
105
106 /** list of addresses as host_t */
107 linked_list_t *addrs;
108 };
109
110 /**
111 * destroy an interface entry
112 */
113 static void iface_entry_destroy(iface_entry_t *this)
114 {
115 this->addrs->destroy_function(this->addrs, (void*)addr_entry_destroy);
116 free(this);
117 }
118
119 typedef struct private_kernel_netlink_net_t private_kernel_netlink_net_t;
120
121 /**
122 * Private variables and functions of kernel_netlink_net class.
123 */
124 struct private_kernel_netlink_net_t {
125 /**
126 * Public part of the kernel_netlink_net_t object.
127 */
128 kernel_netlink_net_t public;
129
130 /**
131 * mutex to lock access to various lists
132 */
133 mutex_t *mutex;
134
135 /**
136 * condition variable to signal virtual IP add/removal
137 */
138 condvar_t *condvar;
139
140 /**
141 * Cached list of interfaces and its addresses (iface_entry_t)
142 */
143 linked_list_t *ifaces;
144
145 /**
146 * job receiving netlink events
147 */
148 callback_job_t *job;
149
150 /**
151 * netlink rt socket (routing)
152 */
153 netlink_socket_t *socket;
154
155 /**
156 * Netlink rt socket to receive address change events
157 */
158 int socket_events;
159
160 /**
161 * time of the last roam event
162 */
163 timeval_t last_roam;
164
165 /**
166 * routing table to install routes
167 */
168 int routing_table;
169
170 /**
171 * priority of used routing table
172 */
173 int routing_table_prio;
174
175 /**
176 * whether to react to RTM_NEWROUTE or RTM_DELROUTE events
177 */
178 bool process_route;
179
180 /**
181 * whether to actually install virtual IPs
182 */
183 bool install_virtual_ip;
184
185 /**
186 * list with routing tables to be excluded from route lookup
187 */
188 linked_list_t *rt_exclude;
189 };
190
191 /**
192 * get the refcount of a virtual ip
193 */
194 static int get_vip_refcount(private_kernel_netlink_net_t *this, host_t* ip)
195 {
196 iterator_t *ifaces, *addrs;
197 iface_entry_t *iface;
198 addr_entry_t *addr;
199 int refcount = 0;
200
201 ifaces = this->ifaces->create_iterator(this->ifaces, TRUE);
202 while (ifaces->iterate(ifaces, (void**)&iface))
203 {
204 addrs = iface->addrs->create_iterator(iface->addrs, TRUE);
205 while (addrs->iterate(addrs, (void**)&addr))
206 {
207 if (addr->virtual && (iface->flags & IFF_UP) &&
208 ip->ip_equals(ip, addr->ip))
209 {
210 refcount = addr->refcount;
211 break;
212 }
213 }
214 addrs->destroy(addrs);
215 if (refcount)
216 {
217 break;
218 }
219 }
220 ifaces->destroy(ifaces);
221
222 return refcount;
223 }
224
225 /**
226 * callback function that raises the delayed roam event
227 */
228 static job_requeue_t roam_event(uintptr_t address)
229 {
230 hydra->kernel_interface->roam(hydra->kernel_interface, address != 0);
231 return JOB_REQUEUE_NONE;
232 }
233
234 /**
235 * fire a roaming event. we delay it for a bit and fire only one event
236 * for multiple calls. otherwise we would create too many events.
237 */
238 static void fire_roam_event(private_kernel_netlink_net_t *this, bool address)
239 {
240 timeval_t now;
241 job_t *job;
242
243 time_monotonic(&now);
244 if (timercmp(&now, &this->last_roam, >))
245 {
246 now.tv_usec += ROAM_DELAY * 1000;
247 while (now.tv_usec > 1000000)
248 {
249 now.tv_sec++;
250 now.tv_usec -= 1000000;
251 }
252 this->last_roam = now;
253
254 job = (job_t*)callback_job_create((callback_job_cb_t)roam_event,
255 (void*)(uintptr_t)(address ? 1 : 0),
256 NULL, NULL);
257 lib->scheduler->schedule_job_ms(lib->scheduler, job, ROAM_DELAY);
258 }
259 }
260
261 /**
262 * process RTM_NEWLINK/RTM_DELLINK from kernel
263 */
264 static void process_link(private_kernel_netlink_net_t *this,
265 struct nlmsghdr *hdr, bool event)
266 {
267 struct ifinfomsg* msg = (struct ifinfomsg*)(NLMSG_DATA(hdr));
268 struct rtattr *rta = IFLA_RTA(msg);
269 size_t rtasize = IFLA_PAYLOAD (hdr);
270 enumerator_t *enumerator;
271 iface_entry_t *current, *entry = NULL;
272 char *name = NULL;
273 bool update = FALSE;
274
275 while(RTA_OK(rta, rtasize))
276 {
277 switch (rta->rta_type)
278 {
279 case IFLA_IFNAME:
280 name = RTA_DATA(rta);
281 break;
282 }
283 rta = RTA_NEXT(rta, rtasize);
284 }
285 if (!name)
286 {
287 name = "(unknown)";
288 }
289
290 this->mutex->lock(this->mutex);
291 switch (hdr->nlmsg_type)
292 {
293 case RTM_NEWLINK:
294 {
295 if (msg->ifi_flags & IFF_LOOPBACK)
296 { /* ignore loopback interfaces */
297 break;
298 }
299 enumerator = this->ifaces->create_enumerator(this->ifaces);
300 while (enumerator->enumerate(enumerator, &current))
301 {
302 if (current->ifindex == msg->ifi_index)
303 {
304 entry = current;
305 break;
306 }
307 }
308 enumerator->destroy(enumerator);
309 if (!entry)
310 {
311 entry = malloc_thing(iface_entry_t);
312 entry->ifindex = msg->ifi_index;
313 entry->flags = 0;
314 entry->addrs = linked_list_create();
315 this->ifaces->insert_last(this->ifaces, entry);
316 }
317 memcpy(entry->ifname, name, IFNAMSIZ);
318 entry->ifname[IFNAMSIZ-1] = '\0';
319 if (event)
320 {
321 if (!(entry->flags & IFF_UP) && (msg->ifi_flags & IFF_UP))
322 {
323 update = TRUE;
324 DBG1(DBG_KNL, "interface %s activated", name);
325 }
326 if ((entry->flags & IFF_UP) && !(msg->ifi_flags & IFF_UP))
327 {
328 update = TRUE;
329 DBG1(DBG_KNL, "interface %s deactivated", name);
330 }
331 }
332 entry->flags = msg->ifi_flags;
333 break;
334 }
335 case RTM_DELLINK:
336 {
337 enumerator = this->ifaces->create_enumerator(this->ifaces);
338 while (enumerator->enumerate(enumerator, &current))
339 {
340 if (current->ifindex == msg->ifi_index)
341 {
342 /* we do not remove it, as an address may be added to a
343 * "down" interface and we wan't to know that. */
344 current->flags = msg->ifi_flags;
345 break;
346 }
347 }
348 enumerator->destroy(enumerator);
349 break;
350 }
351 }
352 this->mutex->unlock(this->mutex);
353
354 /* send an update to all IKE_SAs */
355 if (update && event)
356 {
357 fire_roam_event(this, TRUE);
358 }
359 }
360
361 /**
362 * process RTM_NEWADDR/RTM_DELADDR from kernel
363 */
364 static void process_addr(private_kernel_netlink_net_t *this,
365 struct nlmsghdr *hdr, bool event)
366 {
367 struct ifaddrmsg* msg = (struct ifaddrmsg*)(NLMSG_DATA(hdr));
368 struct rtattr *rta = IFA_RTA(msg);
369 size_t rtasize = IFA_PAYLOAD (hdr);
370 host_t *host = NULL;
371 enumerator_t *ifaces, *addrs;
372 iface_entry_t *iface;
373 addr_entry_t *addr;
374 chunk_t local = chunk_empty, address = chunk_empty;
375 bool update = FALSE, found = FALSE, changed = FALSE;
376
377 while(RTA_OK(rta, rtasize))
378 {
379 switch (rta->rta_type)
380 {
381 case IFA_LOCAL:
382 local.ptr = RTA_DATA(rta);
383 local.len = RTA_PAYLOAD(rta);
384 break;
385 case IFA_ADDRESS:
386 address.ptr = RTA_DATA(rta);
387 address.len = RTA_PAYLOAD(rta);
388 break;
389 }
390 rta = RTA_NEXT(rta, rtasize);
391 }
392
393 /* For PPP interfaces, we need the IFA_LOCAL address,
394 * IFA_ADDRESS is the peers address. But IFA_LOCAL is
395 * not included in all cases (IPv6?), so fallback to IFA_ADDRESS. */
396 if (local.ptr)
397 {
398 host = host_create_from_chunk(msg->ifa_family, local, 0);
399 }
400 else if (address.ptr)
401 {
402 host = host_create_from_chunk(msg->ifa_family, address, 0);
403 }
404
405 if (host == NULL)
406 { /* bad family? */
407 return;
408 }
409
410 this->mutex->lock(this->mutex);
411 ifaces = this->ifaces->create_enumerator(this->ifaces);
412 while (ifaces->enumerate(ifaces, &iface))
413 {
414 if (iface->ifindex == msg->ifa_index)
415 {
416 addrs = iface->addrs->create_enumerator(iface->addrs);
417 while (addrs->enumerate(addrs, &addr))
418 {
419 if (host->ip_equals(host, addr->ip))
420 {
421 found = TRUE;
422 if (hdr->nlmsg_type == RTM_DELADDR)
423 {
424 iface->addrs->remove_at(iface->addrs, addrs);
425 if (!addr->virtual)
426 {
427 changed = TRUE;
428 DBG1(DBG_KNL, "%H disappeared from %s",
429 host, iface->ifname);
430 }
431 addr_entry_destroy(addr);
432 }
433 else if (hdr->nlmsg_type == RTM_NEWADDR && addr->virtual)
434 {
435 addr->refcount = 1;
436 }
437 }
438 }
439 addrs->destroy(addrs);
440
441 if (hdr->nlmsg_type == RTM_NEWADDR)
442 {
443 if (!found)
444 {
445 found = TRUE;
446 changed = TRUE;
447 addr = malloc_thing(addr_entry_t);
448 addr->ip = host->clone(host);
449 addr->virtual = FALSE;
450 addr->refcount = 1;
451 addr->scope = msg->ifa_scope;
452
453 iface->addrs->insert_last(iface->addrs, addr);
454 if (event)
455 {
456 DBG1(DBG_KNL, "%H appeared on %s", host, iface->ifname);
457 }
458 }
459 }
460 if (found && (iface->flags & IFF_UP))
461 {
462 update = TRUE;
463 }
464 break;
465 }
466 }
467 ifaces->destroy(ifaces);
468 this->mutex->unlock(this->mutex);
469 host->destroy(host);
470
471 /* send an update to all IKE_SAs */
472 if (update && event && changed)
473 {
474 fire_roam_event(this, TRUE);
475 }
476 }
477
478 /**
479 * process RTM_NEWROUTE and RTM_DELROUTE from kernel
480 */
481 static void process_route(private_kernel_netlink_net_t *this, struct nlmsghdr *hdr)
482 {
483 struct rtmsg* msg = (struct rtmsg*)(NLMSG_DATA(hdr));
484 struct rtattr *rta = RTM_RTA(msg);
485 size_t rtasize = RTM_PAYLOAD(hdr);
486 host_t *host = NULL;
487
488 /* ignore routes added by us */
489 if (msg->rtm_table && msg->rtm_table == this->routing_table)
490 {
491 return;
492 }
493
494 while (RTA_OK(rta, rtasize))
495 {
496 switch (rta->rta_type)
497 {
498 case RTA_PREFSRC:
499 host = host_create_from_chunk(msg->rtm_family,
500 chunk_create(RTA_DATA(rta), RTA_PAYLOAD(rta)), 0);
501 break;
502 }
503 rta = RTA_NEXT(rta, rtasize);
504 }
505 if (host)
506 {
507 this->mutex->lock(this->mutex);
508 if (!get_vip_refcount(this, host))
509 { /* ignore routes added for virtual IPs */
510 fire_roam_event(this, FALSE);
511 }
512 this->mutex->unlock(this->mutex);
513 host->destroy(host);
514 }
515 }
516
517 /**
518 * Receives events from kernel
519 */
520 static job_requeue_t receive_events(private_kernel_netlink_net_t *this)
521 {
522 char response[1024];
523 struct nlmsghdr *hdr = (struct nlmsghdr*)response;
524 struct sockaddr_nl addr;
525 socklen_t addr_len = sizeof(addr);
526 int len;
527 bool oldstate;
528
529 oldstate = thread_cancelability(TRUE);
530 len = recvfrom(this->socket_events, response, sizeof(response), 0,
531 (struct sockaddr*)&addr, &addr_len);
532 thread_cancelability(oldstate);
533
534 if (len < 0)
535 {
536 switch (errno)
537 {
538 case EINTR:
539 /* interrupted, try again */
540 return JOB_REQUEUE_DIRECT;
541 case EAGAIN:
542 /* no data ready, select again */
543 return JOB_REQUEUE_DIRECT;
544 default:
545 DBG1(DBG_KNL, "unable to receive from rt event socket");
546 sleep(1);
547 return JOB_REQUEUE_FAIR;
548 }
549 }
550
551 if (addr.nl_pid != 0)
552 { /* not from kernel. not interested, try another one */
553 return JOB_REQUEUE_DIRECT;
554 }
555
556 while (NLMSG_OK(hdr, len))
557 {
558 /* looks good so far, dispatch netlink message */
559 switch (hdr->nlmsg_type)
560 {
561 case RTM_NEWADDR:
562 case RTM_DELADDR:
563 process_addr(this, hdr, TRUE);
564 this->condvar->broadcast(this->condvar);
565 break;
566 case RTM_NEWLINK:
567 case RTM_DELLINK:
568 process_link(this, hdr, TRUE);
569 this->condvar->broadcast(this->condvar);
570 break;
571 case RTM_NEWROUTE:
572 case RTM_DELROUTE:
573 if (this->process_route)
574 {
575 process_route(this, hdr);
576 }
577 break;
578 default:
579 break;
580 }
581 hdr = NLMSG_NEXT(hdr, len);
582 }
583 return JOB_REQUEUE_DIRECT;
584 }
585
586 /** enumerator over addresses */
587 typedef struct {
588 private_kernel_netlink_net_t* this;
589 /** whether to enumerate down interfaces */
590 bool include_down_ifaces;
591 /** whether to enumerate virtual ip addresses */
592 bool include_virtual_ips;
593 } address_enumerator_t;
594
595 /**
596 * cleanup function for address enumerator
597 */
598 static void address_enumerator_destroy(address_enumerator_t *data)
599 {
600 data->this->mutex->unlock(data->this->mutex);
601 free(data);
602 }
603
604 /**
605 * filter for addresses
606 */
607 static bool filter_addresses(address_enumerator_t *data, addr_entry_t** in, host_t** out)
608 {
609 if (!data->include_virtual_ips && (*in)->virtual)
610 { /* skip virtual interfaces added by us */
611 return FALSE;
612 }
613 if ((*in)->scope >= RT_SCOPE_LINK)
614 { /* skip addresses with a unusable scope */
615 return FALSE;
616 }
617 *out = (*in)->ip;
618 return TRUE;
619 }
620
621 /**
622 * enumerator constructor for interfaces
623 */
624 static enumerator_t *create_iface_enumerator(iface_entry_t *iface, address_enumerator_t *data)
625 {
626 return enumerator_create_filter(iface->addrs->create_enumerator(iface->addrs),
627 (void*)filter_addresses, data, NULL);
628 }
629
630 /**
631 * filter for interfaces
632 */
633 static bool filter_interfaces(address_enumerator_t *data, iface_entry_t** in, iface_entry_t** out)
634 {
635 if (!data->include_down_ifaces && !((*in)->flags & IFF_UP))
636 { /* skip interfaces not up */
637 return FALSE;
638 }
639 *out = *in;
640 return TRUE;
641 }
642
643 /**
644 * implementation of kernel_net_t.create_address_enumerator
645 */
646 static enumerator_t *create_address_enumerator(private_kernel_netlink_net_t *this,
647 bool include_down_ifaces, bool include_virtual_ips)
648 {
649 address_enumerator_t *data = malloc_thing(address_enumerator_t);
650 data->this = this;
651 data->include_down_ifaces = include_down_ifaces;
652 data->include_virtual_ips = include_virtual_ips;
653
654 this->mutex->lock(this->mutex);
655 return enumerator_create_nested(
656 enumerator_create_filter(this->ifaces->create_enumerator(this->ifaces),
657 (void*)filter_interfaces, data, NULL),
658 (void*)create_iface_enumerator, data, (void*)address_enumerator_destroy);
659 }
660
661 /**
662 * implementation of kernel_net_t.get_interface_name
663 */
664 static char *get_interface_name(private_kernel_netlink_net_t *this, host_t* ip)
665 {
666 enumerator_t *ifaces, *addrs;
667 iface_entry_t *iface;
668 addr_entry_t *addr;
669 char *name = NULL;
670
671 DBG2(DBG_KNL, "getting interface name for %H", ip);
672
673 this->mutex->lock(this->mutex);
674 ifaces = this->ifaces->create_enumerator(this->ifaces);
675 while (ifaces->enumerate(ifaces, &iface))
676 {
677 addrs = iface->addrs->create_enumerator(iface->addrs);
678 while (addrs->enumerate(addrs, &addr))
679 {
680 if (ip->ip_equals(ip, addr->ip))
681 {
682 name = strdup(iface->ifname);
683 break;
684 }
685 }
686 addrs->destroy(addrs);
687 if (name)
688 {
689 break;
690 }
691 }
692 ifaces->destroy(ifaces);
693 this->mutex->unlock(this->mutex);
694
695 if (name)
696 {
697 DBG2(DBG_KNL, "%H is on interface %s", ip, name);
698 }
699 else
700 {
701 DBG2(DBG_KNL, "%H is not a local address", ip);
702 }
703 return name;
704 }
705
706 /**
707 * get the index of an interface by name
708 */
709 static int get_interface_index(private_kernel_netlink_net_t *this, char* name)
710 {
711 enumerator_t *ifaces;
712 iface_entry_t *iface;
713 int ifindex = 0;
714
715 DBG2(DBG_KNL, "getting iface index for %s", name);
716
717 this->mutex->lock(this->mutex);
718 ifaces = this->ifaces->create_enumerator(this->ifaces);
719 while (ifaces->enumerate(ifaces, &iface))
720 {
721 if (streq(name, iface->ifname))
722 {
723 ifindex = iface->ifindex;
724 break;
725 }
726 }
727 ifaces->destroy(ifaces);
728 this->mutex->unlock(this->mutex);
729
730 if (ifindex == 0)
731 {
732 DBG1(DBG_KNL, "unable to get interface index for %s", name);
733 }
734 return ifindex;
735 }
736
737 /**
738 * Check if an interface with a given index is up
739 */
740 static bool is_interface_up(private_kernel_netlink_net_t *this, int index)
741 {
742 enumerator_t *ifaces;
743 iface_entry_t *iface;
744 /* default to TRUE for interface we do not monitor (e.g. lo) */
745 bool up = TRUE;
746
747 ifaces = this->ifaces->create_enumerator(this->ifaces);
748 while (ifaces->enumerate(ifaces, &iface))
749 {
750 if (iface->ifindex == index)
751 {
752 up = iface->flags & IFF_UP;
753 break;
754 }
755 }
756 ifaces->destroy(ifaces);
757 return up;
758 }
759
760 /**
761 * check if an address (chunk) addr is in subnet (net with net_len net bits)
762 */
763 static bool addr_in_subnet(chunk_t addr, chunk_t net, int net_len)
764 {
765 static const u_char mask[] = { 0x00, 0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe };
766 int byte = 0;
767
768 if (net_len == 0)
769 { /* any address matches a /0 network */
770 return TRUE;
771 }
772 if (addr.len != net.len || net_len > 8 * net.len )
773 {
774 return FALSE;
775 }
776 /* scan through all bytes in network order */
777 while (net_len > 0)
778 {
779 if (net_len < 8)
780 {
781 return (mask[net_len] & addr.ptr[byte]) == (mask[net_len] & net.ptr[byte]);
782 }
783 else
784 {
785 if (addr.ptr[byte] != net.ptr[byte])
786 {
787 return FALSE;
788 }
789 byte++;
790 net_len -= 8;
791 }
792 }
793 return TRUE;
794 }
795
796 /**
797 * Get a route: If "nexthop", the nexthop is returned. source addr otherwise.
798 */
799 static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest,
800 bool nexthop, host_t *candidate)
801 {
802 netlink_buf_t request;
803 struct nlmsghdr *hdr, *out, *current;
804 struct rtmsg *msg;
805 chunk_t chunk;
806 size_t len;
807 int best = -1;
808 enumerator_t *enumerator;
809 host_t *src = NULL, *gtw = NULL;
810
811 DBG2(DBG_KNL, "getting address to reach %H", dest);
812
813 memset(&request, 0, sizeof(request));
814
815 hdr = (struct nlmsghdr*)request;
816 hdr->nlmsg_flags = NLM_F_REQUEST;
817 if (dest->get_family(dest) == AF_INET)
818 {
819 /* We dump all addresses for IPv4, as we want to ignore IPsec specific
820 * routes installed by us. But the kernel does not return source
821 * addresses in a IPv6 dump, so fall back to get() for v6 routes. */
822 hdr->nlmsg_flags |= NLM_F_ROOT | NLM_F_DUMP;
823 }
824 hdr->nlmsg_type = RTM_GETROUTE;
825 hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct rtmsg));
826
827 msg = (struct rtmsg*)NLMSG_DATA(hdr);
828 msg->rtm_family = dest->get_family(dest);
829 if (candidate)
830 {
831 chunk = candidate->get_address(candidate);
832 netlink_add_attribute(hdr, RTA_PREFSRC, chunk, sizeof(request));
833 }
834 chunk = dest->get_address(dest);
835 netlink_add_attribute(hdr, RTA_DST, chunk, sizeof(request));
836
837 if (this->socket->send(this->socket, hdr, &out, &len) != SUCCESS)
838 {
839 DBG1(DBG_KNL, "getting address to %H failed", dest);
840 return NULL;
841 }
842 this->mutex->lock(this->mutex);
843
844 for (current = out; NLMSG_OK(current, len);
845 current = NLMSG_NEXT(current, len))
846 {
847 switch (current->nlmsg_type)
848 {
849 case NLMSG_DONE:
850 break;
851 case RTM_NEWROUTE:
852 {
853 struct rtattr *rta;
854 size_t rtasize;
855 chunk_t rta_gtw, rta_src, rta_dst;
856 u_int32_t rta_oif = 0;
857 host_t *new_src, *new_gtw;
858 bool cont = FALSE;
859 uintptr_t table;
860
861 rta_gtw = rta_src = rta_dst = chunk_empty;
862 msg = (struct rtmsg*)(NLMSG_DATA(current));
863 rta = RTM_RTA(msg);
864 rtasize = RTM_PAYLOAD(current);
865 while (RTA_OK(rta, rtasize))
866 {
867 switch (rta->rta_type)
868 {
869 case RTA_PREFSRC:
870 rta_src = chunk_create(RTA_DATA(rta), RTA_PAYLOAD(rta));
871 break;
872 case RTA_GATEWAY:
873 rta_gtw = chunk_create(RTA_DATA(rta), RTA_PAYLOAD(rta));
874 break;
875 case RTA_DST:
876 rta_dst = chunk_create(RTA_DATA(rta), RTA_PAYLOAD(rta));
877 break;
878 case RTA_OIF:
879 if (RTA_PAYLOAD(rta) == sizeof(rta_oif))
880 {
881 rta_oif = *(u_int32_t*)RTA_DATA(rta);
882 }
883 break;
884 }
885 rta = RTA_NEXT(rta, rtasize);
886 }
887 if (msg->rtm_dst_len <= best)
888 { /* not better than a previous one */
889 continue;
890 }
891 enumerator = this->rt_exclude->create_enumerator(this->rt_exclude);
892 while (enumerator->enumerate(enumerator, &table))
893 {
894 if (table == msg->rtm_table)
895 {
896 cont = TRUE;
897 break;
898 }
899 }
900 enumerator->destroy(enumerator);
901 if (cont)
902 {
903 continue;
904 }
905 if (this->routing_table != 0 &&
906 msg->rtm_table == this->routing_table)
907 { /* route is from our own ipsec routing table */
908 continue;
909 }
910 if (rta_oif && !is_interface_up(this, rta_oif))
911 { /* interface is down */
912 continue;
913 }
914 if (!addr_in_subnet(chunk, rta_dst, msg->rtm_dst_len))
915 { /* route destination does not contain dest */
916 continue;
917 }
918
919 if (nexthop)
920 {
921 /* nexthop lookup, return gateway if any */
922 DESTROY_IF(gtw);
923 gtw = host_create_from_chunk(msg->rtm_family, rta_gtw, 0);
924 best = msg->rtm_dst_len;
925 continue;
926 }
927 if (rta_src.ptr)
928 {
929 /* got a source address */
930 new_src = host_create_from_chunk(msg->rtm_family, rta_src, 0);
931 if (new_src)
932 {
933 if (get_vip_refcount(this, new_src))
934 { /* skip source address if it is installed by us */
935 new_src->destroy(new_src);
936 }
937 else
938 {
939 DESTROY_IF(src);
940 src = new_src;
941 best = msg->rtm_dst_len;
942 }
943 }
944 continue;
945 }
946 if (rta_gtw.ptr)
947 { /* no source, but a gateway. Lookup source to reach gtw. */
948 new_gtw = host_create_from_chunk(msg->rtm_family, rta_gtw, 0);
949 new_src = get_route(this, new_gtw, FALSE, candidate);
950 new_gtw->destroy(new_gtw);
951 if (new_src)
952 {
953 DESTROY_IF(src);
954 src = new_src;
955 best = msg->rtm_dst_len;
956 }
957 continue;
958 }
959 continue;
960 }
961 default:
962 continue;
963 }
964 break;
965 }
966 free(out);
967 this->mutex->unlock(this->mutex);
968
969 if (nexthop)
970 {
971 if (gtw)
972 {
973 return gtw;
974 }
975 return dest->clone(dest);
976 }
977 return src;
978 }
979
980 /**
981 * Implementation of kernel_net_t.get_source_addr.
982 */
983 static host_t* get_source_addr(private_kernel_netlink_net_t *this,
984 host_t *dest, host_t *src)
985 {
986 return get_route(this, dest, FALSE, src);
987 }
988
989 /**
990 * Implementation of kernel_net_t.get_nexthop.
991 */
992 static host_t* get_nexthop(private_kernel_netlink_net_t *this, host_t *dest)
993 {
994 return get_route(this, dest, TRUE, NULL);
995 }
996
997 /**
998 * Manages the creation and deletion of ip addresses on an interface.
999 * By setting the appropriate nlmsg_type, the ip will be set or unset.
1000 */
1001 static status_t manage_ipaddr(private_kernel_netlink_net_t *this, int nlmsg_type,
1002 int flags, int if_index, host_t *ip)
1003 {
1004 netlink_buf_t request;
1005 struct nlmsghdr *hdr;
1006 struct ifaddrmsg *msg;
1007 chunk_t chunk;
1008
1009 memset(&request, 0, sizeof(request));
1010
1011 chunk = ip->get_address(ip);
1012
1013 hdr = (struct nlmsghdr*)request;
1014 hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK | flags;
1015 hdr->nlmsg_type = nlmsg_type;
1016 hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct ifaddrmsg));
1017
1018 msg = (struct ifaddrmsg*)NLMSG_DATA(hdr);
1019 msg->ifa_family = ip->get_family(ip);
1020 msg->ifa_flags = 0;
1021 msg->ifa_prefixlen = 8 * chunk.len;
1022 msg->ifa_scope = RT_SCOPE_UNIVERSE;
1023 msg->ifa_index = if_index;
1024
1025 netlink_add_attribute(hdr, IFA_LOCAL, chunk, sizeof(request));
1026
1027 return this->socket->send_ack(this->socket, hdr);
1028 }
1029
1030 /**
1031 * Implementation of kernel_net_t.add_ip.
1032 */
1033 static status_t add_ip(private_kernel_netlink_net_t *this,
1034 host_t *virtual_ip, host_t *iface_ip)
1035 {
1036 iface_entry_t *iface;
1037 addr_entry_t *addr;
1038 enumerator_t *addrs, *ifaces;
1039 int ifindex;
1040
1041 if (!this->install_virtual_ip)
1042 { /* disabled by config */
1043 return SUCCESS;
1044 }
1045
1046 DBG2(DBG_KNL, "adding virtual IP %H", virtual_ip);
1047
1048 this->mutex->lock(this->mutex);
1049 ifaces = this->ifaces->create_enumerator(this->ifaces);
1050 while (ifaces->enumerate(ifaces, &iface))
1051 {
1052 bool iface_found = FALSE;
1053
1054 addrs = iface->addrs->create_enumerator(iface->addrs);
1055 while (addrs->enumerate(addrs, &addr))
1056 {
1057 if (iface_ip->ip_equals(iface_ip, addr->ip))
1058 {
1059 iface_found = TRUE;
1060 }
1061 else if (virtual_ip->ip_equals(virtual_ip, addr->ip))
1062 {
1063 addr->refcount++;
1064 DBG2(DBG_KNL, "virtual IP %H already installed on %s",
1065 virtual_ip, iface->ifname);
1066 addrs->destroy(addrs);
1067 ifaces->destroy(ifaces);
1068 this->mutex->unlock(this->mutex);
1069 return SUCCESS;
1070 }
1071 }
1072 addrs->destroy(addrs);
1073
1074 if (iface_found)
1075 {
1076 ifindex = iface->ifindex;
1077 addr = malloc_thing(addr_entry_t);
1078 addr->ip = virtual_ip->clone(virtual_ip);
1079 addr->refcount = 0;
1080 addr->virtual = TRUE;
1081 addr->scope = RT_SCOPE_UNIVERSE;
1082 iface->addrs->insert_last(iface->addrs, addr);
1083
1084 if (manage_ipaddr(this, RTM_NEWADDR, NLM_F_CREATE | NLM_F_EXCL,
1085 ifindex, virtual_ip) == SUCCESS)
1086 {
1087 while (get_vip_refcount(this, virtual_ip) == 0)
1088 { /* wait until address appears */
1089 this->condvar->wait(this->condvar, this->mutex);
1090 }
1091 ifaces->destroy(ifaces);
1092 this->mutex->unlock(this->mutex);
1093 return SUCCESS;
1094 }
1095 ifaces->destroy(ifaces);
1096 this->mutex->unlock(this->mutex);
1097 DBG1(DBG_KNL, "adding virtual IP %H failed", virtual_ip);
1098 return FAILED;
1099 }
1100 }
1101 ifaces->destroy(ifaces);
1102 this->mutex->unlock(this->mutex);
1103
1104 DBG1(DBG_KNL, "interface address %H not found, unable to install"
1105 "virtual IP %H", iface_ip, virtual_ip);
1106 return FAILED;
1107 }
1108
1109 /**
1110 * Implementation of kernel_net_t.del_ip.
1111 */
1112 static status_t del_ip(private_kernel_netlink_net_t *this, host_t *virtual_ip)
1113 {
1114 iface_entry_t *iface;
1115 addr_entry_t *addr;
1116 enumerator_t *addrs, *ifaces;
1117 status_t status;
1118 int ifindex;
1119
1120 if (!this->install_virtual_ip)
1121 { /* disabled by config */
1122 return SUCCESS;
1123 }
1124
1125 DBG2(DBG_KNL, "deleting virtual IP %H", virtual_ip);
1126
1127 this->mutex->lock(this->mutex);
1128 ifaces = this->ifaces->create_enumerator(this->ifaces);
1129 while (ifaces->enumerate(ifaces, &iface))
1130 {
1131 addrs = iface->addrs->create_enumerator(iface->addrs);
1132 while (addrs->enumerate(addrs, &addr))
1133 {
1134 if (virtual_ip->ip_equals(virtual_ip, addr->ip))
1135 {
1136 ifindex = iface->ifindex;
1137 if (addr->refcount == 1)
1138 {
1139 status = manage_ipaddr(this, RTM_DELADDR, 0,
1140 ifindex, virtual_ip);
1141 if (status == SUCCESS)
1142 { /* wait until the address is really gone */
1143 while (get_vip_refcount(this, virtual_ip) > 0)
1144 {
1145 this->condvar->wait(this->condvar, this->mutex);
1146 }
1147 }
1148 addrs->destroy(addrs);
1149 ifaces->destroy(ifaces);
1150 this->mutex->unlock(this->mutex);
1151 return status;
1152 }
1153 else
1154 {
1155 addr->refcount--;
1156 }
1157 DBG2(DBG_KNL, "virtual IP %H used by other SAs, not deleting",
1158 virtual_ip);
1159 addrs->destroy(addrs);
1160 ifaces->destroy(ifaces);
1161 this->mutex->unlock(this->mutex);
1162 return SUCCESS;
1163 }
1164 }
1165 addrs->destroy(addrs);
1166 }
1167 ifaces->destroy(ifaces);
1168 this->mutex->unlock(this->mutex);
1169
1170 DBG2(DBG_KNL, "virtual IP %H not cached, unable to delete", virtual_ip);
1171 return FAILED;
1172 }
1173
1174 /**
1175 * Manages source routes in the routing table.
1176 * By setting the appropriate nlmsg_type, the route gets added or removed.
1177 */
1178 static status_t manage_srcroute(private_kernel_netlink_net_t *this, int nlmsg_type,
1179 int flags, chunk_t dst_net, u_int8_t prefixlen,
1180 host_t *gateway, host_t *src_ip, char *if_name)
1181 {
1182 netlink_buf_t request;
1183 struct nlmsghdr *hdr;
1184 struct rtmsg *msg;
1185 int ifindex;
1186 chunk_t chunk;
1187
1188 /* if route is 0.0.0.0/0, we can't install it, as it would
1189 * overwrite the default route. Instead, we add two routes:
1190 * 0.0.0.0/1 and 128.0.0.0/1 */
1191 if (this->routing_table == 0 && prefixlen == 0)
1192 {
1193 chunk_t half_net;
1194 u_int8_t half_prefixlen;
1195 status_t status;
1196
1197 half_net = chunk_alloca(dst_net.len);
1198 memset(half_net.ptr, 0, half_net.len);
1199 half_prefixlen = 1;
1200
1201 status = manage_srcroute(this, nlmsg_type, flags, half_net, half_prefixlen,
1202 gateway, src_ip, if_name);
1203 half_net.ptr[0] |= 0x80;
1204 status = manage_srcroute(this, nlmsg_type, flags, half_net, half_prefixlen,
1205 gateway, src_ip, if_name);
1206 return status;
1207 }
1208
1209 memset(&request, 0, sizeof(request));
1210
1211 hdr = (struct nlmsghdr*)request;
1212 hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK | flags;
1213 hdr->nlmsg_type = nlmsg_type;
1214 hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct rtmsg));
1215
1216 msg = (struct rtmsg*)NLMSG_DATA(hdr);
1217 msg->rtm_family = src_ip->get_family(src_ip);
1218 msg->rtm_dst_len = prefixlen;
1219 msg->rtm_table = this->routing_table;
1220 msg->rtm_protocol = RTPROT_STATIC;
1221 msg->rtm_type = RTN_UNICAST;
1222 msg->rtm_scope = RT_SCOPE_UNIVERSE;
1223
1224 netlink_add_attribute(hdr, RTA_DST, dst_net, sizeof(request));
1225 chunk = src_ip->get_address(src_ip);
1226 netlink_add_attribute(hdr, RTA_PREFSRC, chunk, sizeof(request));
1227 if (gateway && gateway->get_family(gateway) == src_ip->get_family(src_ip))
1228 {
1229 chunk = gateway->get_address(gateway);
1230 netlink_add_attribute(hdr, RTA_GATEWAY, chunk, sizeof(request));
1231 }
1232 ifindex = get_interface_index(this, if_name);
1233 chunk.ptr = (char*)&ifindex;
1234 chunk.len = sizeof(ifindex);
1235 netlink_add_attribute(hdr, RTA_OIF, chunk, sizeof(request));
1236
1237 return this->socket->send_ack(this->socket, hdr);
1238 }
1239
1240 /**
1241 * Implementation of kernel_net_t.add_route.
1242 */
1243 static status_t add_route(private_kernel_netlink_net_t *this, chunk_t dst_net,
1244 u_int8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name)
1245 {
1246 return manage_srcroute(this, RTM_NEWROUTE, NLM_F_CREATE | NLM_F_EXCL,
1247 dst_net, prefixlen, gateway, src_ip, if_name);
1248 }
1249
1250 /**
1251 * Implementation of kernel_net_t.del_route.
1252 */
1253 static status_t del_route(private_kernel_netlink_net_t *this, chunk_t dst_net,
1254 u_int8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name)
1255 {
1256 return manage_srcroute(this, RTM_DELROUTE, 0, dst_net, prefixlen,
1257 gateway, src_ip, if_name);
1258 }
1259
1260 /**
1261 * Initialize a list of local addresses.
1262 */
1263 static status_t init_address_list(private_kernel_netlink_net_t *this)
1264 {
1265 netlink_buf_t request;
1266 struct nlmsghdr *out, *current, *in;
1267 struct rtgenmsg *msg;
1268 size_t len;
1269 enumerator_t *ifaces, *addrs;
1270 iface_entry_t *iface;
1271 addr_entry_t *addr;
1272
1273 DBG1(DBG_KNL, "listening on interfaces:");
1274
1275 memset(&request, 0, sizeof(request));
1276
1277 in = (struct nlmsghdr*)&request;
1278 in->nlmsg_len = NLMSG_LENGTH(sizeof(struct rtgenmsg));
1279 in->nlmsg_flags = NLM_F_REQUEST | NLM_F_MATCH | NLM_F_ROOT;
1280 msg = (struct rtgenmsg*)NLMSG_DATA(in);
1281 msg->rtgen_family = AF_UNSPEC;
1282
1283 /* get all links */
1284 in->nlmsg_type = RTM_GETLINK;
1285 if (this->socket->send(this->socket, in, &out, &len) != SUCCESS)
1286 {
1287 return FAILED;
1288 }
1289 current = out;
1290 while (NLMSG_OK(current, len))
1291 {
1292 switch (current->nlmsg_type)
1293 {
1294 case NLMSG_DONE:
1295 break;
1296 case RTM_NEWLINK:
1297 process_link(this, current, FALSE);
1298 /* fall through */
1299 default:
1300 current = NLMSG_NEXT(current, len);
1301 continue;
1302 }
1303 break;
1304 }
1305 free(out);
1306
1307 /* get all interface addresses */
1308 in->nlmsg_type = RTM_GETADDR;
1309 if (this->socket->send(this->socket, in, &out, &len) != SUCCESS)
1310 {
1311 return FAILED;
1312 }
1313 current = out;
1314 while (NLMSG_OK(current, len))
1315 {
1316 switch (current->nlmsg_type)
1317 {
1318 case NLMSG_DONE:
1319 break;
1320 case RTM_NEWADDR:
1321 process_addr(this, current, FALSE);
1322 /* fall through */
1323 default:
1324 current = NLMSG_NEXT(current, len);
1325 continue;
1326 }
1327 break;
1328 }
1329 free(out);
1330
1331 this->mutex->lock(this->mutex);
1332 ifaces = this->ifaces->create_enumerator(this->ifaces);
1333 while (ifaces->enumerate(ifaces, &iface))
1334 {
1335 if (iface->flags & IFF_UP)
1336 {
1337 DBG1(DBG_KNL, " %s", iface->ifname);
1338 addrs = iface->addrs->create_enumerator(iface->addrs);
1339 while (addrs->enumerate(addrs, (void**)&addr))
1340 {
1341 DBG1(DBG_KNL, " %H", addr->ip);
1342 }
1343 addrs->destroy(addrs);
1344 }
1345 }
1346 ifaces->destroy(ifaces);
1347 this->mutex->unlock(this->mutex);
1348 return SUCCESS;
1349 }
1350
1351 /**
1352 * create or delete a rule to use our routing table
1353 */
1354 static status_t manage_rule(private_kernel_netlink_net_t *this, int nlmsg_type,
1355 int family, u_int32_t table, u_int32_t prio)
1356 {
1357 netlink_buf_t request;
1358 struct nlmsghdr *hdr;
1359 struct rtmsg *msg;
1360 chunk_t chunk;
1361
1362 memset(&request, 0, sizeof(request));
1363 hdr = (struct nlmsghdr*)request;
1364 hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK;
1365 hdr->nlmsg_type = nlmsg_type;
1366 if (nlmsg_type == RTM_NEWRULE)
1367 {
1368 hdr->nlmsg_flags |= NLM_F_CREATE | NLM_F_EXCL;
1369 }
1370 hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct rtmsg));
1371
1372 msg = (struct rtmsg*)NLMSG_DATA(hdr);
1373 msg->rtm_table = table;
1374 msg->rtm_family = family;
1375 msg->rtm_protocol = RTPROT_BOOT;
1376 msg->rtm_scope = RT_SCOPE_UNIVERSE;
1377 msg->rtm_type = RTN_UNICAST;
1378
1379 chunk = chunk_from_thing(prio);
1380 netlink_add_attribute(hdr, RTA_PRIORITY, chunk, sizeof(request));
1381
1382 return this->socket->send_ack(this->socket, hdr);
1383 }
1384
1385 /**
1386 * Implementation of kernel_netlink_net_t.destroy.
1387 */
1388 static void destroy(private_kernel_netlink_net_t *this)
1389 {
1390 if (this->routing_table)
1391 {
1392 manage_rule(this, RTM_DELRULE, AF_INET, this->routing_table,
1393 this->routing_table_prio);
1394 manage_rule(this, RTM_DELRULE, AF_INET6, this->routing_table,
1395 this->routing_table_prio);
1396 }
1397 if (this->job)
1398 {
1399 this->job->cancel(this->job);
1400 }
1401 if (this->socket_events > 0)
1402 {
1403 close(this->socket_events);
1404 }
1405 DESTROY_IF(this->socket);
1406 this->ifaces->destroy_function(this->ifaces, (void*)iface_entry_destroy);
1407 this->rt_exclude->destroy(this->rt_exclude);
1408 this->condvar->destroy(this->condvar);
1409 this->mutex->destroy(this->mutex);
1410 free(this);
1411 }
1412
1413 /*
1414 * Described in header.
1415 */
1416 kernel_netlink_net_t *kernel_netlink_net_create()
1417 {
1418 private_kernel_netlink_net_t *this = malloc_thing(private_kernel_netlink_net_t);
1419 struct sockaddr_nl addr;
1420 enumerator_t *enumerator;
1421 char *exclude;
1422
1423 /* public functions */
1424 this->public.interface.get_interface = (char*(*)(kernel_net_t*,host_t*))get_interface_name;
1425 this->public.interface.create_address_enumerator = (enumerator_t*(*)(kernel_net_t*,bool,bool))create_address_enumerator;
1426 this->public.interface.get_source_addr = (host_t*(*)(kernel_net_t*, host_t *dest, host_t *src))get_source_addr;
1427 this->public.interface.get_nexthop = (host_t*(*)(kernel_net_t*, host_t *dest))get_nexthop;
1428 this->public.interface.add_ip = (status_t(*)(kernel_net_t*,host_t*,host_t*)) add_ip;
1429 this->public.interface.del_ip = (status_t(*)(kernel_net_t*,host_t*)) del_ip;
1430 this->public.interface.add_route = (status_t(*)(kernel_net_t*,chunk_t,u_int8_t,host_t*,host_t*,char*)) add_route;
1431 this->public.interface.del_route = (status_t(*)(kernel_net_t*,chunk_t,u_int8_t,host_t*,host_t*,char*)) del_route;
1432 this->public.interface.destroy = (void(*)(kernel_net_t*)) destroy;
1433
1434 /* private members */
1435 this->ifaces = linked_list_create();
1436 this->mutex = mutex_create(MUTEX_TYPE_RECURSIVE);
1437 this->condvar = condvar_create(CONDVAR_TYPE_DEFAULT);
1438 timerclear(&this->last_roam);
1439 this->routing_table = lib->settings->get_int(lib->settings,
1440 "%s.routing_table", ROUTING_TABLE, hydra->daemon);
1441 this->routing_table_prio = lib->settings->get_int(lib->settings,
1442 "%s.routing_table_prio", ROUTING_TABLE_PRIO, hydra->daemon);
1443 this->process_route = lib->settings->get_bool(lib->settings,
1444 "%s.process_route", TRUE, hydra->daemon);
1445 this->install_virtual_ip = lib->settings->get_bool(lib->settings,
1446 "%s.install_virtual_ip", TRUE, hydra->daemon);
1447
1448 this->rt_exclude = linked_list_create();
1449 exclude = lib->settings->get_str(lib->settings,
1450 "%s.ignore_routing_tables", NULL, hydra->daemon);
1451 if (exclude)
1452 {
1453 char *token;
1454 uintptr_t table;
1455
1456 enumerator = enumerator_create_token(exclude, " ", " ");
1457 while (enumerator->enumerate(enumerator, &token))
1458 {
1459 errno = 0;
1460 table = strtoul(token, NULL, 10);
1461
1462 if (errno == 0)
1463 {
1464 this->rt_exclude->insert_last(this->rt_exclude, (void*)table);
1465 }
1466 }
1467 enumerator->destroy(enumerator);
1468 }
1469
1470 this->socket = netlink_socket_create(NETLINK_ROUTE);
1471 this->job = NULL;
1472
1473 memset(&addr, 0, sizeof(addr));
1474 addr.nl_family = AF_NETLINK;
1475
1476 /* create and bind RT socket for events (address/interface/route changes) */
1477 this->socket_events = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
1478 if (this->socket_events < 0)
1479 {
1480 DBG1(DBG_KNL, "unable to create RT event socket");
1481 destroy(this);
1482 return NULL;
1483 }
1484 addr.nl_groups = RTMGRP_IPV4_IFADDR | RTMGRP_IPV6_IFADDR |
1485 RTMGRP_IPV4_ROUTE | RTMGRP_IPV4_ROUTE | RTMGRP_LINK;
1486 if (bind(this->socket_events, (struct sockaddr*)&addr, sizeof(addr)))
1487 {
1488 DBG1(DBG_KNL, "unable to bind RT event socket");
1489 destroy(this);
1490 return NULL;
1491 }
1492
1493 this->job = callback_job_create((callback_job_cb_t)receive_events,
1494 this, NULL, NULL);
1495 lib->processor->queue_job(lib->processor, (job_t*)this->job);
1496
1497 if (init_address_list(this) != SUCCESS)
1498 {
1499 DBG1(DBG_KNL, "unable to get interface list");
1500 destroy(this);
1501 return NULL;
1502 }
1503
1504 if (this->routing_table)
1505 {
1506 if (manage_rule(this, RTM_NEWRULE, AF_INET, this->routing_table,
1507 this->routing_table_prio) != SUCCESS)
1508 {
1509 DBG1(DBG_KNL, "unable to create IPv4 routing table rule");
1510 }
1511 if (manage_rule(this, RTM_NEWRULE, AF_INET6, this->routing_table,
1512 this->routing_table_prio) != SUCCESS)
1513 {
1514 DBG1(DBG_KNL, "unable to create IPv6 routing table rule");
1515 }
1516 }
1517
1518 return &this->public;
1519 }
strongSwan - IPsec VPN