projects / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Do not fire roam events based on local route changes.
[strongswan.git] / src / libhydra / plugins / kernel_netlink / kernel_netlink_net.c
1 /*
2 * Copyright (C) 2008 Tobias Brunner
3 * Copyright (C) 2005-2008 Martin Willi
4 * Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 /*
18 * Copyright (C) 2010 secunet Security Networks AG
19 * Copyright (C) 2010 Thomas Egerer
20 *
21 * Permission is hereby granted, free of charge, to any person obtaining a copy
22 * of this software and associated documentation files (the "Software"), to deal
23 * in the Software without restriction, including without limitation the rights
24 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
25 * copies of the Software, and to permit persons to whom the Software is
26 * furnished to do so, subject to the following conditions:
27 *
28 * The above copyright notice and this permission notice shall be included in
29 * all copies or substantial portions of the Software.
30 *
31 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
32 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
33 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
34 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
35 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
36 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
37 * THE SOFTWARE.
38 */
39
40 #include <sys/socket.h>
41 #include <linux/netlink.h>
42 #include <linux/rtnetlink.h>
43 #include <unistd.h>
44 #include <errno.h>
45 #include <net/if.h>
46
47 #include "kernel_netlink_net.h"
48 #include "kernel_netlink_shared.h"
49
50 #include <hydra.h>
51 #include <debug.h>
52 #include <threading/thread.h>
53 #include <threading/condvar.h>
54 #include <threading/mutex.h>
55 #include <utils/linked_list.h>
56 #include <processing/jobs/callback_job.h>
57
58 /** delay before firing roam events (ms) */
59 #define ROAM_DELAY 100
60
61 typedef struct addr_entry_t addr_entry_t;
62
63 /**
64 * IP address in an inface_entry_t
65 */
66 struct addr_entry_t {
67
68 /** The ip address */
69 host_t *ip;
70
71 /** virtual IP managed by us */
72 bool virtual;
73
74 /** scope of the address */
75 u_char scope;
76
77 /** Number of times this IP is used, if virtual */
78 u_int refcount;
79 };
80
81 /**
82 * destroy a addr_entry_t object
83 */
84 static void addr_entry_destroy(addr_entry_t *this)
85 {
86 this->ip->destroy(this->ip);
87 free(this);
88 }
89
90 typedef struct iface_entry_t iface_entry_t;
91
92 /**
93 * A network interface on this system, containing addr_entry_t's
94 */
95 struct iface_entry_t {
96
97 /** interface index */
98 int ifindex;
99
100 /** name of the interface */
101 char ifname[IFNAMSIZ];
102
103 /** interface flags, as in netdevice(7) SIOCGIFFLAGS */
104 u_int flags;
105
106 /** list of addresses as host_t */
107 linked_list_t *addrs;
108 };
109
110 /**
111 * destroy an interface entry
112 */
113 static void iface_entry_destroy(iface_entry_t *this)
114 {
115 this->addrs->destroy_function(this->addrs, (void*)addr_entry_destroy);
116 free(this);
117 }
118
119 typedef struct private_kernel_netlink_net_t private_kernel_netlink_net_t;
120
121 /**
122 * Private variables and functions of kernel_netlink_net class.
123 */
124 struct private_kernel_netlink_net_t {
125 /**
126 * Public part of the kernel_netlink_net_t object.
127 */
128 kernel_netlink_net_t public;
129
130 /**
131 * mutex to lock access to various lists
132 */
133 mutex_t *mutex;
134
135 /**
136 * condition variable to signal virtual IP add/removal
137 */
138 condvar_t *condvar;
139
140 /**
141 * Cached list of interfaces and its addresses (iface_entry_t)
142 */
143 linked_list_t *ifaces;
144
145 /**
146 * job receiving netlink events
147 */
148 callback_job_t *job;
149
150 /**
151 * netlink rt socket (routing)
152 */
153 netlink_socket_t *socket;
154
155 /**
156 * Netlink rt socket to receive address change events
157 */
158 int socket_events;
159
160 /**
161 * time of the last roam event
162 */
163 timeval_t last_roam;
164
165 /**
166 * routing table to install routes
167 */
168 int routing_table;
169
170 /**
171 * priority of used routing table
172 */
173 int routing_table_prio;
174
175 /**
176 * whether to react to RTM_NEWROUTE or RTM_DELROUTE events
177 */
178 bool process_route;
179
180 /**
181 * whether to actually install virtual IPs
182 */
183 bool install_virtual_ip;
184
185 /**
186 * list with routing tables to be excluded from route lookup
187 */
188 linked_list_t *rt_exclude;
189 };
190
191 /**
192 * get the refcount of a virtual ip
193 */
194 static int get_vip_refcount(private_kernel_netlink_net_t *this, host_t* ip)
195 {
196 iterator_t *ifaces, *addrs;
197 iface_entry_t *iface;
198 addr_entry_t *addr;
199 int refcount = 0;
200
201 ifaces = this->ifaces->create_iterator(this->ifaces, TRUE);
202 while (ifaces->iterate(ifaces, (void**)&iface))
203 {
204 addrs = iface->addrs->create_iterator(iface->addrs, TRUE);
205 while (addrs->iterate(addrs, (void**)&addr))
206 {
207 if (addr->virtual && (iface->flags & IFF_UP) &&
208 ip->ip_equals(ip, addr->ip))
209 {
210 refcount = addr->refcount;
211 break;
212 }
213 }
214 addrs->destroy(addrs);
215 if (refcount)
216 {
217 break;
218 }
219 }
220 ifaces->destroy(ifaces);
221
222 return refcount;
223 }
224
225 /**
226 * get the first non-virtual ip address on the given interface.
227 * returned host is a clone, has to be freed by caller.
228 */
229 static host_t *get_interface_address(private_kernel_netlink_net_t *this,
230 int ifindex, int family)
231 {
232 enumerator_t *ifaces, *addrs;
233 iface_entry_t *iface;
234 addr_entry_t *addr;
235 host_t *ip = NULL;
236
237 this->mutex->lock(this->mutex);
238 ifaces = this->ifaces->create_enumerator(this->ifaces);
239 while (ifaces->enumerate(ifaces, &iface))
240 {
241 if (iface->ifindex == ifindex)
242 {
243 addrs = iface->addrs->create_enumerator(iface->addrs);
244 while (addrs->enumerate(addrs, &addr))
245 {
246 if (!addr->virtual && addr->ip->get_family(addr->ip) == family)
247 {
248 ip = addr->ip->clone(addr->ip);
249 break;
250 }
251 }
252 addrs->destroy(addrs);
253 break;
254 }
255 }
256 ifaces->destroy(ifaces);
257 this->mutex->unlock(this->mutex);
258 return ip;
259 }
260
261 /**
262 * callback function that raises the delayed roam event
263 */
264 static job_requeue_t roam_event(uintptr_t address)
265 {
266 hydra->kernel_interface->roam(hydra->kernel_interface, address != 0);
267 return JOB_REQUEUE_NONE;
268 }
269
270 /**
271 * fire a roaming event. we delay it for a bit and fire only one event
272 * for multiple calls. otherwise we would create too many events.
273 */
274 static void fire_roam_event(private_kernel_netlink_net_t *this, bool address)
275 {
276 timeval_t now;
277 job_t *job;
278
279 time_monotonic(&now);
280 if (timercmp(&now, &this->last_roam, >))
281 {
282 now.tv_usec += ROAM_DELAY * 1000;
283 while (now.tv_usec > 1000000)
284 {
285 now.tv_sec++;
286 now.tv_usec -= 1000000;
287 }
288 this->last_roam = now;
289
290 job = (job_t*)callback_job_create((callback_job_cb_t)roam_event,
291 (void*)(uintptr_t)(address ? 1 : 0),
292 NULL, NULL);
293 lib->scheduler->schedule_job_ms(lib->scheduler, job, ROAM_DELAY);
294 }
295 }
296
297 /**
298 * process RTM_NEWLINK/RTM_DELLINK from kernel
299 */
300 static void process_link(private_kernel_netlink_net_t *this,
301 struct nlmsghdr *hdr, bool event)
302 {
303 struct ifinfomsg* msg = (struct ifinfomsg*)(NLMSG_DATA(hdr));
304 struct rtattr *rta = IFLA_RTA(msg);
305 size_t rtasize = IFLA_PAYLOAD (hdr);
306 enumerator_t *enumerator;
307 iface_entry_t *current, *entry = NULL;
308 char *name = NULL;
309 bool update = FALSE;
310
311 while(RTA_OK(rta, rtasize))
312 {
313 switch (rta->rta_type)
314 {
315 case IFLA_IFNAME:
316 name = RTA_DATA(rta);
317 break;
318 }
319 rta = RTA_NEXT(rta, rtasize);
320 }
321 if (!name)
322 {
323 name = "(unknown)";
324 }
325
326 this->mutex->lock(this->mutex);
327 switch (hdr->nlmsg_type)
328 {
329 case RTM_NEWLINK:
330 {
331 if (msg->ifi_flags & IFF_LOOPBACK)
332 { /* ignore loopback interfaces */
333 break;
334 }
335 enumerator = this->ifaces->create_enumerator(this->ifaces);
336 while (enumerator->enumerate(enumerator, &current))
337 {
338 if (current->ifindex == msg->ifi_index)
339 {
340 entry = current;
341 break;
342 }
343 }
344 enumerator->destroy(enumerator);
345 if (!entry)
346 {
347 entry = malloc_thing(iface_entry_t);
348 entry->ifindex = msg->ifi_index;
349 entry->flags = 0;
350 entry->addrs = linked_list_create();
351 this->ifaces->insert_last(this->ifaces, entry);
352 }
353 memcpy(entry->ifname, name, IFNAMSIZ);
354 entry->ifname[IFNAMSIZ-1] = '\0';
355 if (event)
356 {
357 if (!(entry->flags & IFF_UP) && (msg->ifi_flags & IFF_UP))
358 {
359 update = TRUE;
360 DBG1(DBG_KNL, "interface %s activated", name);
361 }
362 if ((entry->flags & IFF_UP) && !(msg->ifi_flags & IFF_UP))
363 {
364 update = TRUE;
365 DBG1(DBG_KNL, "interface %s deactivated", name);
366 }
367 }
368 entry->flags = msg->ifi_flags;
369 break;
370 }
371 case RTM_DELLINK:
372 {
373 enumerator = this->ifaces->create_enumerator(this->ifaces);
374 while (enumerator->enumerate(enumerator, &current))
375 {
376 if (current->ifindex == msg->ifi_index)
377 {
378 /* we do not remove it, as an address may be added to a
379 * "down" interface and we wan't to know that. */
380 current->flags = msg->ifi_flags;
381 break;
382 }
383 }
384 enumerator->destroy(enumerator);
385 break;
386 }
387 }
388 this->mutex->unlock(this->mutex);
389
390 /* send an update to all IKE_SAs */
391 if (update && event)
392 {
393 fire_roam_event(this, TRUE);
394 }
395 }
396
397 /**
398 * process RTM_NEWADDR/RTM_DELADDR from kernel
399 */
400 static void process_addr(private_kernel_netlink_net_t *this,
401 struct nlmsghdr *hdr, bool event)
402 {
403 struct ifaddrmsg* msg = (struct ifaddrmsg*)(NLMSG_DATA(hdr));
404 struct rtattr *rta = IFA_RTA(msg);
405 size_t rtasize = IFA_PAYLOAD (hdr);
406 host_t *host = NULL;
407 enumerator_t *ifaces, *addrs;
408 iface_entry_t *iface;
409 addr_entry_t *addr;
410 chunk_t local = chunk_empty, address = chunk_empty;
411 bool update = FALSE, found = FALSE, changed = FALSE;
412
413 while(RTA_OK(rta, rtasize))
414 {
415 switch (rta->rta_type)
416 {
417 case IFA_LOCAL:
418 local.ptr = RTA_DATA(rta);
419 local.len = RTA_PAYLOAD(rta);
420 break;
421 case IFA_ADDRESS:
422 address.ptr = RTA_DATA(rta);
423 address.len = RTA_PAYLOAD(rta);
424 break;
425 }
426 rta = RTA_NEXT(rta, rtasize);
427 }
428
429 /* For PPP interfaces, we need the IFA_LOCAL address,
430 * IFA_ADDRESS is the peers address. But IFA_LOCAL is
431 * not included in all cases (IPv6?), so fallback to IFA_ADDRESS. */
432 if (local.ptr)
433 {
434 host = host_create_from_chunk(msg->ifa_family, local, 0);
435 }
436 else if (address.ptr)
437 {
438 host = host_create_from_chunk(msg->ifa_family, address, 0);
439 }
440
441 if (host == NULL)
442 { /* bad family? */
443 return;
444 }
445
446 this->mutex->lock(this->mutex);
447 ifaces = this->ifaces->create_enumerator(this->ifaces);
448 while (ifaces->enumerate(ifaces, &iface))
449 {
450 if (iface->ifindex == msg->ifa_index)
451 {
452 addrs = iface->addrs->create_enumerator(iface->addrs);
453 while (addrs->enumerate(addrs, &addr))
454 {
455 if (host->ip_equals(host, addr->ip))
456 {
457 found = TRUE;
458 if (hdr->nlmsg_type == RTM_DELADDR)
459 {
460 iface->addrs->remove_at(iface->addrs, addrs);
461 if (!addr->virtual)
462 {
463 changed = TRUE;
464 DBG1(DBG_KNL, "%H disappeared from %s",
465 host, iface->ifname);
466 }
467 addr_entry_destroy(addr);
468 }
469 else if (hdr->nlmsg_type == RTM_NEWADDR && addr->virtual)
470 {
471 addr->refcount = 1;
472 }
473 }
474 }
475 addrs->destroy(addrs);
476
477 if (hdr->nlmsg_type == RTM_NEWADDR)
478 {
479 if (!found)
480 {
481 found = TRUE;
482 changed = TRUE;
483 addr = malloc_thing(addr_entry_t);
484 addr->ip = host->clone(host);
485 addr->virtual = FALSE;
486 addr->refcount = 1;
487 addr->scope = msg->ifa_scope;
488
489 iface->addrs->insert_last(iface->addrs, addr);
490 if (event)
491 {
492 DBG1(DBG_KNL, "%H appeared on %s", host, iface->ifname);
493 }
494 }
495 }
496 if (found && (iface->flags & IFF_UP))
497 {
498 update = TRUE;
499 }
500 break;
501 }
502 }
503 ifaces->destroy(ifaces);
504 this->mutex->unlock(this->mutex);
505 host->destroy(host);
506
507 /* send an update to all IKE_SAs */
508 if (update && event && changed)
509 {
510 fire_roam_event(this, TRUE);
511 }
512 }
513
514 /**
515 * process RTM_NEWROUTE and RTM_DELROUTE from kernel
516 */
517 static void process_route(private_kernel_netlink_net_t *this, struct nlmsghdr *hdr)
518 {
519 struct rtmsg* msg = (struct rtmsg*)(NLMSG_DATA(hdr));
520 struct rtattr *rta = RTM_RTA(msg);
521 size_t rtasize = RTM_PAYLOAD(hdr);
522 u_int32_t rta_oif = 0;
523 host_t *host = NULL;
524
525 /* ignore routes added by us or in the local routing table (local addrs) */
526 if (msg->rtm_table && (msg->rtm_table == this->routing_table ||
527 msg->rtm_table == RT_TABLE_LOCAL))
528 {
529 return;
530 }
531
532 while (RTA_OK(rta, rtasize))
533 {
534 switch (rta->rta_type)
535 {
536 case RTA_PREFSRC:
537 host = host_create_from_chunk(msg->rtm_family,
538 chunk_create(RTA_DATA(rta), RTA_PAYLOAD(rta)), 0);
539 break;
540 case RTA_OIF:
541 if (RTA_PAYLOAD(rta) == sizeof(rta_oif))
542 {
543 rta_oif = *(u_int32_t*)RTA_DATA(rta);
544 }
545 break;
546 }
547 rta = RTA_NEXT(rta, rtasize);
548 }
549 if (!host && rta_oif)
550 {
551 host = get_interface_address(this, rta_oif, msg->rtm_family);
552 }
553 if (host)
554 {
555 this->mutex->lock(this->mutex);
556 if (!get_vip_refcount(this, host))
557 { /* ignore routes added for virtual IPs */
558 fire_roam_event(this, FALSE);
559 }
560 this->mutex->unlock(this->mutex);
561 host->destroy(host);
562 }
563 }
564
565 /**
566 * Receives events from kernel
567 */
568 static job_requeue_t receive_events(private_kernel_netlink_net_t *this)
569 {
570 char response[1024];
571 struct nlmsghdr *hdr = (struct nlmsghdr*)response;
572 struct sockaddr_nl addr;
573 socklen_t addr_len = sizeof(addr);
574 int len;
575 bool oldstate;
576
577 oldstate = thread_cancelability(TRUE);
578 len = recvfrom(this->socket_events, response, sizeof(response), 0,
579 (struct sockaddr*)&addr, &addr_len);
580 thread_cancelability(oldstate);
581
582 if (len < 0)
583 {
584 switch (errno)
585 {
586 case EINTR:
587 /* interrupted, try again */
588 return JOB_REQUEUE_DIRECT;
589 case EAGAIN:
590 /* no data ready, select again */
591 return JOB_REQUEUE_DIRECT;
592 default:
593 DBG1(DBG_KNL, "unable to receive from rt event socket");
594 sleep(1);
595 return JOB_REQUEUE_FAIR;
596 }
597 }
598
599 if (addr.nl_pid != 0)
600 { /* not from kernel. not interested, try another one */
601 return JOB_REQUEUE_DIRECT;
602 }
603
604 while (NLMSG_OK(hdr, len))
605 {
606 /* looks good so far, dispatch netlink message */
607 switch (hdr->nlmsg_type)
608 {
609 case RTM_NEWADDR:
610 case RTM_DELADDR:
611 process_addr(this, hdr, TRUE);
612 this->condvar->broadcast(this->condvar);
613 break;
614 case RTM_NEWLINK:
615 case RTM_DELLINK:
616 process_link(this, hdr, TRUE);
617 this->condvar->broadcast(this->condvar);
618 break;
619 case RTM_NEWROUTE:
620 case RTM_DELROUTE:
621 if (this->process_route)
622 {
623 process_route(this, hdr);
624 }
625 break;
626 default:
627 break;
628 }
629 hdr = NLMSG_NEXT(hdr, len);
630 }
631 return JOB_REQUEUE_DIRECT;
632 }
633
634 /** enumerator over addresses */
635 typedef struct {
636 private_kernel_netlink_net_t* this;
637 /** whether to enumerate down interfaces */
638 bool include_down_ifaces;
639 /** whether to enumerate virtual ip addresses */
640 bool include_virtual_ips;
641 } address_enumerator_t;
642
643 /**
644 * cleanup function for address enumerator
645 */
646 static void address_enumerator_destroy(address_enumerator_t *data)
647 {
648 data->this->mutex->unlock(data->this->mutex);
649 free(data);
650 }
651
652 /**
653 * filter for addresses
654 */
655 static bool filter_addresses(address_enumerator_t *data, addr_entry_t** in, host_t** out)
656 {
657 if (!data->include_virtual_ips && (*in)->virtual)
658 { /* skip virtual interfaces added by us */
659 return FALSE;
660 }
661 if ((*in)->scope >= RT_SCOPE_LINK)
662 { /* skip addresses with a unusable scope */
663 return FALSE;
664 }
665 *out = (*in)->ip;
666 return TRUE;
667 }
668
669 /**
670 * enumerator constructor for interfaces
671 */
672 static enumerator_t *create_iface_enumerator(iface_entry_t *iface, address_enumerator_t *data)
673 {
674 return enumerator_create_filter(iface->addrs->create_enumerator(iface->addrs),
675 (void*)filter_addresses, data, NULL);
676 }
677
678 /**
679 * filter for interfaces
680 */
681 static bool filter_interfaces(address_enumerator_t *data, iface_entry_t** in, iface_entry_t** out)
682 {
683 if (!data->include_down_ifaces && !((*in)->flags & IFF_UP))
684 { /* skip interfaces not up */
685 return FALSE;
686 }
687 *out = *in;
688 return TRUE;
689 }
690
691 /**
692 * implementation of kernel_net_t.create_address_enumerator
693 */
694 static enumerator_t *create_address_enumerator(private_kernel_netlink_net_t *this,
695 bool include_down_ifaces, bool include_virtual_ips)
696 {
697 address_enumerator_t *data = malloc_thing(address_enumerator_t);
698 data->this = this;
699 data->include_down_ifaces = include_down_ifaces;
700 data->include_virtual_ips = include_virtual_ips;
701
702 this->mutex->lock(this->mutex);
703 return enumerator_create_nested(
704 enumerator_create_filter(this->ifaces->create_enumerator(this->ifaces),
705 (void*)filter_interfaces, data, NULL),
706 (void*)create_iface_enumerator, data, (void*)address_enumerator_destroy);
707 }
708
709 /**
710 * implementation of kernel_net_t.get_interface_name
711 */
712 static char *get_interface_name(private_kernel_netlink_net_t *this, host_t* ip)
713 {
714 enumerator_t *ifaces, *addrs;
715 iface_entry_t *iface;
716 addr_entry_t *addr;
717 char *name = NULL;
718
719 DBG2(DBG_KNL, "getting interface name for %H", ip);
720
721 this->mutex->lock(this->mutex);
722 ifaces = this->ifaces->create_enumerator(this->ifaces);
723 while (ifaces->enumerate(ifaces, &iface))
724 {
725 addrs = iface->addrs->create_enumerator(iface->addrs);
726 while (addrs->enumerate(addrs, &addr))
727 {
728 if (ip->ip_equals(ip, addr->ip))
729 {
730 name = strdup(iface->ifname);
731 break;
732 }
733 }
734 addrs->destroy(addrs);
735 if (name)
736 {
737 break;
738 }
739 }
740 ifaces->destroy(ifaces);
741 this->mutex->unlock(this->mutex);
742
743 if (name)
744 {
745 DBG2(DBG_KNL, "%H is on interface %s", ip, name);
746 }
747 else
748 {
749 DBG2(DBG_KNL, "%H is not a local address", ip);
750 }
751 return name;
752 }
753
754 /**
755 * get the index of an interface by name
756 */
757 static int get_interface_index(private_kernel_netlink_net_t *this, char* name)
758 {
759 enumerator_t *ifaces;
760 iface_entry_t *iface;
761 int ifindex = 0;
762
763 DBG2(DBG_KNL, "getting iface index for %s", name);
764
765 this->mutex->lock(this->mutex);
766 ifaces = this->ifaces->create_enumerator(this->ifaces);
767 while (ifaces->enumerate(ifaces, &iface))
768 {
769 if (streq(name, iface->ifname))
770 {
771 ifindex = iface->ifindex;
772 break;
773 }
774 }
775 ifaces->destroy(ifaces);
776 this->mutex->unlock(this->mutex);
777
778 if (ifindex == 0)
779 {
780 DBG1(DBG_KNL, "unable to get interface index for %s", name);
781 }
782 return ifindex;
783 }
784
785 /**
786 * Check if an interface with a given index is up
787 */
788 static bool is_interface_up(private_kernel_netlink_net_t *this, int index)
789 {
790 enumerator_t *ifaces;
791 iface_entry_t *iface;
792 /* default to TRUE for interface we do not monitor (e.g. lo) */
793 bool up = TRUE;
794
795 ifaces = this->ifaces->create_enumerator(this->ifaces);
796 while (ifaces->enumerate(ifaces, &iface))
797 {
798 if (iface->ifindex == index)
799 {
800 up = iface->flags & IFF_UP;
801 break;
802 }
803 }
804 ifaces->destroy(ifaces);
805 return up;
806 }
807
808 /**
809 * check if an address (chunk) addr is in subnet (net with net_len net bits)
810 */
811 static bool addr_in_subnet(chunk_t addr, chunk_t net, int net_len)
812 {
813 static const u_char mask[] = { 0x00, 0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe };
814 int byte = 0;
815
816 if (net_len == 0)
817 { /* any address matches a /0 network */
818 return TRUE;
819 }
820 if (addr.len != net.len || net_len > 8 * net.len )
821 {
822 return FALSE;
823 }
824 /* scan through all bytes in network order */
825 while (net_len > 0)
826 {
827 if (net_len < 8)
828 {
829 return (mask[net_len] & addr.ptr[byte]) == (mask[net_len] & net.ptr[byte]);
830 }
831 else
832 {
833 if (addr.ptr[byte] != net.ptr[byte])
834 {
835 return FALSE;
836 }
837 byte++;
838 net_len -= 8;
839 }
840 }
841 return TRUE;
842 }
843
844 /**
845 * Get a route: If "nexthop", the nexthop is returned. source addr otherwise.
846 */
847 static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest,
848 bool nexthop, host_t *candidate)
849 {
850 netlink_buf_t request;
851 struct nlmsghdr *hdr, *out, *current;
852 struct rtmsg *msg;
853 chunk_t chunk;
854 size_t len;
855 int best = -1;
856 enumerator_t *enumerator;
857 host_t *src = NULL, *gtw = NULL;
858
859 DBG2(DBG_KNL, "getting address to reach %H", dest);
860
861 memset(&request, 0, sizeof(request));
862
863 hdr = (struct nlmsghdr*)request;
864 hdr->nlmsg_flags = NLM_F_REQUEST;
865 if (dest->get_family(dest) == AF_INET)
866 {
867 /* We dump all addresses for IPv4, as we want to ignore IPsec specific
868 * routes installed by us. But the kernel does not return source
869 * addresses in a IPv6 dump, so fall back to get() for v6 routes. */
870 hdr->nlmsg_flags |= NLM_F_ROOT | NLM_F_DUMP;
871 }
872 hdr->nlmsg_type = RTM_GETROUTE;
873 hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct rtmsg));
874
875 msg = (struct rtmsg*)NLMSG_DATA(hdr);
876 msg->rtm_family = dest->get_family(dest);
877 if (candidate)
878 {
879 chunk = candidate->get_address(candidate);
880 netlink_add_attribute(hdr, RTA_PREFSRC, chunk, sizeof(request));
881 }
882 chunk = dest->get_address(dest);
883 netlink_add_attribute(hdr, RTA_DST, chunk, sizeof(request));
884
885 if (this->socket->send(this->socket, hdr, &out, &len) != SUCCESS)
886 {
887 DBG1(DBG_KNL, "getting address to %H failed", dest);
888 return NULL;
889 }
890 this->mutex->lock(this->mutex);
891
892 for (current = out; NLMSG_OK(current, len);
893 current = NLMSG_NEXT(current, len))
894 {
895 switch (current->nlmsg_type)
896 {
897 case NLMSG_DONE:
898 break;
899 case RTM_NEWROUTE:
900 {
901 struct rtattr *rta;
902 size_t rtasize;
903 chunk_t rta_gtw, rta_src, rta_dst;
904 u_int32_t rta_oif = 0;
905 host_t *new_src, *new_gtw;
906 bool cont = FALSE;
907 uintptr_t table;
908
909 rta_gtw = rta_src = rta_dst = chunk_empty;
910 msg = (struct rtmsg*)(NLMSG_DATA(current));
911 rta = RTM_RTA(msg);
912 rtasize = RTM_PAYLOAD(current);
913 while (RTA_OK(rta, rtasize))
914 {
915 switch (rta->rta_type)
916 {
917 case RTA_PREFSRC:
918 rta_src = chunk_create(RTA_DATA(rta), RTA_PAYLOAD(rta));
919 break;
920 case RTA_GATEWAY:
921 rta_gtw = chunk_create(RTA_DATA(rta), RTA_PAYLOAD(rta));
922 break;
923 case RTA_DST:
924 rta_dst = chunk_create(RTA_DATA(rta), RTA_PAYLOAD(rta));
925 break;
926 case RTA_OIF:
927 if (RTA_PAYLOAD(rta) == sizeof(rta_oif))
928 {
929 rta_oif = *(u_int32_t*)RTA_DATA(rta);
930 }
931 break;
932 }
933 rta = RTA_NEXT(rta, rtasize);
934 }
935 if (msg->rtm_dst_len <= best)
936 { /* not better than a previous one */
937 continue;
938 }
939 enumerator = this->rt_exclude->create_enumerator(this->rt_exclude);
940 while (enumerator->enumerate(enumerator, &table))
941 {
942 if (table == msg->rtm_table)
943 {
944 cont = TRUE;
945 break;
946 }
947 }
948 enumerator->destroy(enumerator);
949 if (cont)
950 {
951 continue;
952 }
953 if (this->routing_table != 0 &&
954 msg->rtm_table == this->routing_table)
955 { /* route is from our own ipsec routing table */
956 continue;
957 }
958 if (rta_oif && !is_interface_up(this, rta_oif))
959 { /* interface is down */
960 continue;
961 }
962 if (!addr_in_subnet(chunk, rta_dst, msg->rtm_dst_len))
963 { /* route destination does not contain dest */
964 continue;
965 }
966
967 if (nexthop)
968 {
969 /* nexthop lookup, return gateway if any */
970 DESTROY_IF(gtw);
971 gtw = host_create_from_chunk(msg->rtm_family, rta_gtw, 0);
972 best = msg->rtm_dst_len;
973 continue;
974 }
975 if (rta_src.ptr)
976 { /* got a source address */
977 new_src = host_create_from_chunk(msg->rtm_family, rta_src, 0);
978 if (new_src)
979 {
980 if (get_vip_refcount(this, new_src))
981 { /* skip source address if it is installed by us */
982 new_src->destroy(new_src);
983 }
984 else
985 {
986 DESTROY_IF(src);
987 src = new_src;
988 best = msg->rtm_dst_len;
989 }
990 }
991 continue;
992 }
993 if (rta_oif)
994 { /* no src or gtw, but an interface. Get address from it. */
995 new_src = get_interface_address(this, rta_oif,
996 msg->rtm_family);
997 if (new_src)
998 {
999 DESTROY_IF(src);
1000 src = new_src;
1001 best = msg->rtm_dst_len;
1002 }
1003 continue;
1004 }
1005 if (rta_gtw.ptr)
1006 { /* no source, but a gateway. Lookup source to reach gtw. */
1007 new_gtw = host_create_from_chunk(msg->rtm_family, rta_gtw, 0);
1008 new_src = get_route(this, new_gtw, FALSE, candidate);
1009 new_gtw->destroy(new_gtw);
1010 if (new_src)
1011 {
1012 DESTROY_IF(src);
1013 src = new_src;
1014 best = msg->rtm_dst_len;
1015 }
1016 continue;
1017 }
1018 continue;
1019 }
1020 default:
1021 continue;
1022 }
1023 break;
1024 }
1025 free(out);
1026 this->mutex->unlock(this->mutex);
1027
1028 if (nexthop)
1029 {
1030 if (gtw)
1031 {
1032 return gtw;
1033 }
1034 return dest->clone(dest);
1035 }
1036 return src;
1037 }
1038
1039 /**
1040 * Implementation of kernel_net_t.get_source_addr.
1041 */
1042 static host_t* get_source_addr(private_kernel_netlink_net_t *this,
1043 host_t *dest, host_t *src)
1044 {
1045 return get_route(this, dest, FALSE, src);
1046 }
1047
1048 /**
1049 * Implementation of kernel_net_t.get_nexthop.
1050 */
1051 static host_t* get_nexthop(private_kernel_netlink_net_t *this, host_t *dest)
1052 {
1053 return get_route(this, dest, TRUE, NULL);
1054 }
1055
1056 /**
1057 * Manages the creation and deletion of ip addresses on an interface.
1058 * By setting the appropriate nlmsg_type, the ip will be set or unset.
1059 */
1060 static status_t manage_ipaddr(private_kernel_netlink_net_t *this, int nlmsg_type,
1061 int flags, int if_index, host_t *ip)
1062 {
1063 netlink_buf_t request;
1064 struct nlmsghdr *hdr;
1065 struct ifaddrmsg *msg;
1066 chunk_t chunk;
1067
1068 memset(&request, 0, sizeof(request));
1069
1070 chunk = ip->get_address(ip);
1071
1072 hdr = (struct nlmsghdr*)request;
1073 hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK | flags;
1074 hdr->nlmsg_type = nlmsg_type;
1075 hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct ifaddrmsg));
1076
1077 msg = (struct ifaddrmsg*)NLMSG_DATA(hdr);
1078 msg->ifa_family = ip->get_family(ip);
1079 msg->ifa_flags = 0;
1080 msg->ifa_prefixlen = 8 * chunk.len;
1081 msg->ifa_scope = RT_SCOPE_UNIVERSE;
1082 msg->ifa_index = if_index;
1083
1084 netlink_add_attribute(hdr, IFA_LOCAL, chunk, sizeof(request));
1085
1086 return this->socket->send_ack(this->socket, hdr);
1087 }
1088
1089 /**
1090 * Implementation of kernel_net_t.add_ip.
1091 */
1092 static status_t add_ip(private_kernel_netlink_net_t *this,
1093 host_t *virtual_ip, host_t *iface_ip)
1094 {
1095 iface_entry_t *iface;
1096 addr_entry_t *addr;
1097 enumerator_t *addrs, *ifaces;
1098 int ifindex;
1099
1100 if (!this->install_virtual_ip)
1101 { /* disabled by config */
1102 return SUCCESS;
1103 }
1104
1105 DBG2(DBG_KNL, "adding virtual IP %H", virtual_ip);
1106
1107 this->mutex->lock(this->mutex);
1108 ifaces = this->ifaces->create_enumerator(this->ifaces);
1109 while (ifaces->enumerate(ifaces, &iface))
1110 {
1111 bool iface_found = FALSE;
1112
1113 addrs = iface->addrs->create_enumerator(iface->addrs);
1114 while (addrs->enumerate(addrs, &addr))
1115 {
1116 if (iface_ip->ip_equals(iface_ip, addr->ip))
1117 {
1118 iface_found = TRUE;
1119 }
1120 else if (virtual_ip->ip_equals(virtual_ip, addr->ip))
1121 {
1122 addr->refcount++;
1123 DBG2(DBG_KNL, "virtual IP %H already installed on %s",
1124 virtual_ip, iface->ifname);
1125 addrs->destroy(addrs);
1126 ifaces->destroy(ifaces);
1127 this->mutex->unlock(this->mutex);
1128 return SUCCESS;
1129 }
1130 }
1131 addrs->destroy(addrs);
1132
1133 if (iface_found)
1134 {
1135 ifindex = iface->ifindex;
1136 addr = malloc_thing(addr_entry_t);
1137 addr->ip = virtual_ip->clone(virtual_ip);
1138 addr->refcount = 0;
1139 addr->virtual = TRUE;
1140 addr->scope = RT_SCOPE_UNIVERSE;
1141 iface->addrs->insert_last(iface->addrs, addr);
1142
1143 if (manage_ipaddr(this, RTM_NEWADDR, NLM_F_CREATE | NLM_F_EXCL,
1144 ifindex, virtual_ip) == SUCCESS)
1145 {
1146 while (get_vip_refcount(this, virtual_ip) == 0)
1147 { /* wait until address appears */
1148 this->condvar->wait(this->condvar, this->mutex);
1149 }
1150 ifaces->destroy(ifaces);
1151 this->mutex->unlock(this->mutex);
1152 return SUCCESS;
1153 }
1154 ifaces->destroy(ifaces);
1155 this->mutex->unlock(this->mutex);
1156 DBG1(DBG_KNL, "adding virtual IP %H failed", virtual_ip);
1157 return FAILED;
1158 }
1159 }
1160 ifaces->destroy(ifaces);
1161 this->mutex->unlock(this->mutex);
1162
1163 DBG1(DBG_KNL, "interface address %H not found, unable to install"
1164 "virtual IP %H", iface_ip, virtual_ip);
1165 return FAILED;
1166 }
1167
1168 /**
1169 * Implementation of kernel_net_t.del_ip.
1170 */
1171 static status_t del_ip(private_kernel_netlink_net_t *this, host_t *virtual_ip)
1172 {
1173 iface_entry_t *iface;
1174 addr_entry_t *addr;
1175 enumerator_t *addrs, *ifaces;
1176 status_t status;
1177 int ifindex;
1178
1179 if (!this->install_virtual_ip)
1180 { /* disabled by config */
1181 return SUCCESS;
1182 }
1183
1184 DBG2(DBG_KNL, "deleting virtual IP %H", virtual_ip);
1185
1186 this->mutex->lock(this->mutex);
1187 ifaces = this->ifaces->create_enumerator(this->ifaces);
1188 while (ifaces->enumerate(ifaces, &iface))
1189 {
1190 addrs = iface->addrs->create_enumerator(iface->addrs);
1191 while (addrs->enumerate(addrs, &addr))
1192 {
1193 if (virtual_ip->ip_equals(virtual_ip, addr->ip))
1194 {
1195 ifindex = iface->ifindex;
1196 if (addr->refcount == 1)
1197 {
1198 status = manage_ipaddr(this, RTM_DELADDR, 0,
1199 ifindex, virtual_ip);
1200 if (status == SUCCESS)
1201 { /* wait until the address is really gone */
1202 while (get_vip_refcount(this, virtual_ip) > 0)
1203 {
1204 this->condvar->wait(this->condvar, this->mutex);
1205 }
1206 }
1207 addrs->destroy(addrs);
1208 ifaces->destroy(ifaces);
1209 this->mutex->unlock(this->mutex);
1210 return status;
1211 }
1212 else
1213 {
1214 addr->refcount--;
1215 }
1216 DBG2(DBG_KNL, "virtual IP %H used by other SAs, not deleting",
1217 virtual_ip);
1218 addrs->destroy(addrs);
1219 ifaces->destroy(ifaces);
1220 this->mutex->unlock(this->mutex);
1221 return SUCCESS;
1222 }
1223 }
1224 addrs->destroy(addrs);
1225 }
1226 ifaces->destroy(ifaces);
1227 this->mutex->unlock(this->mutex);
1228
1229 DBG2(DBG_KNL, "virtual IP %H not cached, unable to delete", virtual_ip);
1230 return FAILED;
1231 }
1232
1233 /**
1234 * Manages source routes in the routing table.
1235 * By setting the appropriate nlmsg_type, the route gets added or removed.
1236 */
1237 static status_t manage_srcroute(private_kernel_netlink_net_t *this, int nlmsg_type,
1238 int flags, chunk_t dst_net, u_int8_t prefixlen,
1239 host_t *gateway, host_t *src_ip, char *if_name)
1240 {
1241 netlink_buf_t request;
1242 struct nlmsghdr *hdr;
1243 struct rtmsg *msg;
1244 int ifindex;
1245 chunk_t chunk;
1246
1247 /* if route is 0.0.0.0/0, we can't install it, as it would
1248 * overwrite the default route. Instead, we add two routes:
1249 * 0.0.0.0/1 and 128.0.0.0/1 */
1250 if (this->routing_table == 0 && prefixlen == 0)
1251 {
1252 chunk_t half_net;
1253 u_int8_t half_prefixlen;
1254 status_t status;
1255
1256 half_net = chunk_alloca(dst_net.len);
1257 memset(half_net.ptr, 0, half_net.len);
1258 half_prefixlen = 1;
1259
1260 status = manage_srcroute(this, nlmsg_type, flags, half_net, half_prefixlen,
1261 gateway, src_ip, if_name);
1262 half_net.ptr[0] |= 0x80;
1263 status = manage_srcroute(this, nlmsg_type, flags, half_net, half_prefixlen,
1264 gateway, src_ip, if_name);
1265 return status;
1266 }
1267
1268 memset(&request, 0, sizeof(request));
1269
1270 hdr = (struct nlmsghdr*)request;
1271 hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK | flags;
1272 hdr->nlmsg_type = nlmsg_type;
1273 hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct rtmsg));
1274
1275 msg = (struct rtmsg*)NLMSG_DATA(hdr);
1276 msg->rtm_family = src_ip->get_family(src_ip);
1277 msg->rtm_dst_len = prefixlen;
1278 msg->rtm_table = this->routing_table;
1279 msg->rtm_protocol = RTPROT_STATIC;
1280 msg->rtm_type = RTN_UNICAST;
1281 msg->rtm_scope = RT_SCOPE_UNIVERSE;
1282
1283 netlink_add_attribute(hdr, RTA_DST, dst_net, sizeof(request));
1284 chunk = src_ip->get_address(src_ip);
1285 netlink_add_attribute(hdr, RTA_PREFSRC, chunk, sizeof(request));
1286 if (gateway && gateway->get_family(gateway) == src_ip->get_family(src_ip))
1287 {
1288 chunk = gateway->get_address(gateway);
1289 netlink_add_attribute(hdr, RTA_GATEWAY, chunk, sizeof(request));
1290 }
1291 ifindex = get_interface_index(this, if_name);
1292 chunk.ptr = (char*)&ifindex;
1293 chunk.len = sizeof(ifindex);
1294 netlink_add_attribute(hdr, RTA_OIF, chunk, sizeof(request));
1295
1296 return this->socket->send_ack(this->socket, hdr);
1297 }
1298
1299 /**
1300 * Implementation of kernel_net_t.add_route.
1301 */
1302 static status_t add_route(private_kernel_netlink_net_t *this, chunk_t dst_net,
1303 u_int8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name)
1304 {
1305 return manage_srcroute(this, RTM_NEWROUTE, NLM_F_CREATE | NLM_F_EXCL,
1306 dst_net, prefixlen, gateway, src_ip, if_name);
1307 }
1308
1309 /**
1310 * Implementation of kernel_net_t.del_route.
1311 */
1312 static status_t del_route(private_kernel_netlink_net_t *this, chunk_t dst_net,
1313 u_int8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name)
1314 {
1315 return manage_srcroute(this, RTM_DELROUTE, 0, dst_net, prefixlen,
1316 gateway, src_ip, if_name);
1317 }
1318
1319 /**
1320 * Initialize a list of local addresses.
1321 */
1322 static status_t init_address_list(private_kernel_netlink_net_t *this)
1323 {
1324 netlink_buf_t request;
1325 struct nlmsghdr *out, *current, *in;
1326 struct rtgenmsg *msg;
1327 size_t len;
1328 enumerator_t *ifaces, *addrs;
1329 iface_entry_t *iface;
1330 addr_entry_t *addr;
1331
1332 DBG1(DBG_KNL, "listening on interfaces:");
1333
1334 memset(&request, 0, sizeof(request));
1335
1336 in = (struct nlmsghdr*)&request;
1337 in->nlmsg_len = NLMSG_LENGTH(sizeof(struct rtgenmsg));
1338 in->nlmsg_flags = NLM_F_REQUEST | NLM_F_MATCH | NLM_F_ROOT;
1339 msg = (struct rtgenmsg*)NLMSG_DATA(in);
1340 msg->rtgen_family = AF_UNSPEC;
1341
1342 /* get all links */
1343 in->nlmsg_type = RTM_GETLINK;
1344 if (this->socket->send(this->socket, in, &out, &len) != SUCCESS)
1345 {
1346 return FAILED;
1347 }
1348 current = out;
1349 while (NLMSG_OK(current, len))
1350 {
1351 switch (current->nlmsg_type)
1352 {
1353 case NLMSG_DONE:
1354 break;
1355 case RTM_NEWLINK:
1356 process_link(this, current, FALSE);
1357 /* fall through */
1358 default:
1359 current = NLMSG_NEXT(current, len);
1360 continue;
1361 }
1362 break;
1363 }
1364 free(out);
1365
1366 /* get all interface addresses */
1367 in->nlmsg_type = RTM_GETADDR;
1368 if (this->socket->send(this->socket, in, &out, &len) != SUCCESS)
1369 {
1370 return FAILED;
1371 }
1372 current = out;
1373 while (NLMSG_OK(current, len))
1374 {
1375 switch (current->nlmsg_type)
1376 {
1377 case NLMSG_DONE:
1378 break;
1379 case RTM_NEWADDR:
1380 process_addr(this, current, FALSE);
1381 /* fall through */
1382 default:
1383 current = NLMSG_NEXT(current, len);
1384 continue;
1385 }
1386 break;
1387 }
1388 free(out);
1389
1390 this->mutex->lock(this->mutex);
1391 ifaces = this->ifaces->create_enumerator(this->ifaces);
1392 while (ifaces->enumerate(ifaces, &iface))
1393 {
1394 if (iface->flags & IFF_UP)
1395 {
1396 DBG1(DBG_KNL, " %s", iface->ifname);
1397 addrs = iface->addrs->create_enumerator(iface->addrs);
1398 while (addrs->enumerate(addrs, (void**)&addr))
1399 {
1400 DBG1(DBG_KNL, " %H", addr->ip);
1401 }
1402 addrs->destroy(addrs);
1403 }
1404 }
1405 ifaces->destroy(ifaces);
1406 this->mutex->unlock(this->mutex);
1407 return SUCCESS;
1408 }
1409
1410 /**
1411 * create or delete a rule to use our routing table
1412 */
1413 static status_t manage_rule(private_kernel_netlink_net_t *this, int nlmsg_type,
1414 int family, u_int32_t table, u_int32_t prio)
1415 {
1416 netlink_buf_t request;
1417 struct nlmsghdr *hdr;
1418 struct rtmsg *msg;
1419 chunk_t chunk;
1420
1421 memset(&request, 0, sizeof(request));
1422 hdr = (struct nlmsghdr*)request;
1423 hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK;
1424 hdr->nlmsg_type = nlmsg_type;
1425 if (nlmsg_type == RTM_NEWRULE)
1426 {
1427 hdr->nlmsg_flags |= NLM_F_CREATE | NLM_F_EXCL;
1428 }
1429 hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct rtmsg));
1430
1431 msg = (struct rtmsg*)NLMSG_DATA(hdr);
1432 msg->rtm_table = table;
1433 msg->rtm_family = family;
1434 msg->rtm_protocol = RTPROT_BOOT;
1435 msg->rtm_scope = RT_SCOPE_UNIVERSE;
1436 msg->rtm_type = RTN_UNICAST;
1437
1438 chunk = chunk_from_thing(prio);
1439 netlink_add_attribute(hdr, RTA_PRIORITY, chunk, sizeof(request));
1440
1441 return this->socket->send_ack(this->socket, hdr);
1442 }
1443
1444 /**
1445 * Implementation of kernel_netlink_net_t.destroy.
1446 */
1447 static void destroy(private_kernel_netlink_net_t *this)
1448 {
1449 if (this->routing_table)
1450 {
1451 manage_rule(this, RTM_DELRULE, AF_INET, this->routing_table,
1452 this->routing_table_prio);
1453 manage_rule(this, RTM_DELRULE, AF_INET6, this->routing_table,
1454 this->routing_table_prio);
1455 }
1456 if (this->job)
1457 {
1458 this->job->cancel(this->job);
1459 }
1460 if (this->socket_events > 0)
1461 {
1462 close(this->socket_events);
1463 }
1464 DESTROY_IF(this->socket);
1465 this->ifaces->destroy_function(this->ifaces, (void*)iface_entry_destroy);
1466 this->rt_exclude->destroy(this->rt_exclude);
1467 this->condvar->destroy(this->condvar);
1468 this->mutex->destroy(this->mutex);
1469 free(this);
1470 }
1471
1472 /*
1473 * Described in header.
1474 */
1475 kernel_netlink_net_t *kernel_netlink_net_create()
1476 {
1477 private_kernel_netlink_net_t *this = malloc_thing(private_kernel_netlink_net_t);
1478 struct sockaddr_nl addr;
1479 enumerator_t *enumerator;
1480 char *exclude;
1481
1482 /* public functions */
1483 this->public.interface.get_interface = (char*(*)(kernel_net_t*,host_t*))get_interface_name;
1484 this->public.interface.create_address_enumerator = (enumerator_t*(*)(kernel_net_t*,bool,bool))create_address_enumerator;
1485 this->public.interface.get_source_addr = (host_t*(*)(kernel_net_t*, host_t *dest, host_t *src))get_source_addr;
1486 this->public.interface.get_nexthop = (host_t*(*)(kernel_net_t*, host_t *dest))get_nexthop;
1487 this->public.interface.add_ip = (status_t(*)(kernel_net_t*,host_t*,host_t*)) add_ip;
1488 this->public.interface.del_ip = (status_t(*)(kernel_net_t*,host_t*)) del_ip;
1489 this->public.interface.add_route = (status_t(*)(kernel_net_t*,chunk_t,u_int8_t,host_t*,host_t*,char*)) add_route;
1490 this->public.interface.del_route = (status_t(*)(kernel_net_t*,chunk_t,u_int8_t,host_t*,host_t*,char*)) del_route;
1491 this->public.interface.destroy = (void(*)(kernel_net_t*)) destroy;
1492
1493 /* private members */
1494 this->ifaces = linked_list_create();
1495 this->mutex = mutex_create(MUTEX_TYPE_RECURSIVE);
1496 this->condvar = condvar_create(CONDVAR_TYPE_DEFAULT);
1497 timerclear(&this->last_roam);
1498 this->routing_table = lib->settings->get_int(lib->settings,
1499 "%s.routing_table", ROUTING_TABLE, hydra->daemon);
1500 this->routing_table_prio = lib->settings->get_int(lib->settings,
1501 "%s.routing_table_prio", ROUTING_TABLE_PRIO, hydra->daemon);
1502 this->process_route = lib->settings->get_bool(lib->settings,
1503 "%s.process_route", TRUE, hydra->daemon);
1504 this->install_virtual_ip = lib->settings->get_bool(lib->settings,
1505 "%s.install_virtual_ip", TRUE, hydra->daemon);
1506
1507 this->rt_exclude = linked_list_create();
1508 exclude = lib->settings->get_str(lib->settings,
1509 "%s.ignore_routing_tables", NULL, hydra->daemon);
1510 if (exclude)
1511 {
1512 char *token;
1513 uintptr_t table;
1514
1515 enumerator = enumerator_create_token(exclude, " ", " ");
1516 while (enumerator->enumerate(enumerator, &token))
1517 {
1518 errno = 0;
1519 table = strtoul(token, NULL, 10);
1520
1521 if (errno == 0)
1522 {
1523 this->rt_exclude->insert_last(this->rt_exclude, (void*)table);
1524 }
1525 }
1526 enumerator->destroy(enumerator);
1527 }
1528
1529 this->socket = netlink_socket_create(NETLINK_ROUTE);
1530 this->job = NULL;
1531
1532 memset(&addr, 0, sizeof(addr));
1533 addr.nl_family = AF_NETLINK;
1534
1535 /* create and bind RT socket for events (address/interface/route changes) */
1536 this->socket_events = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
1537 if (this->socket_events < 0)
1538 {
1539 DBG1(DBG_KNL, "unable to create RT event socket");
1540 destroy(this);
1541 return NULL;
1542 }
1543 addr.nl_groups = RTMGRP_IPV4_IFADDR | RTMGRP_IPV6_IFADDR |
1544 RTMGRP_IPV4_ROUTE | RTMGRP_IPV4_ROUTE | RTMGRP_LINK;
1545 if (bind(this->socket_events, (struct sockaddr*)&addr, sizeof(addr)))
1546 {
1547 DBG1(DBG_KNL, "unable to bind RT event socket");
1548 destroy(this);
1549 return NULL;
1550 }
1551
1552 this->job = callback_job_create((callback_job_cb_t)receive_events,
1553 this, NULL, NULL);
1554 lib->processor->queue_job(lib->processor, (job_t*)this->job);
1555
1556 if (init_address_list(this) != SUCCESS)
1557 {
1558 DBG1(DBG_KNL, "unable to get interface list");
1559 destroy(this);
1560 return NULL;
1561 }
1562
1563 if (this->routing_table)
1564 {
1565 if (manage_rule(this, RTM_NEWRULE, AF_INET, this->routing_table,
1566 this->routing_table_prio) != SUCCESS)
1567 {
1568 DBG1(DBG_KNL, "unable to create IPv4 routing table rule");
1569 }
1570 if (manage_rule(this, RTM_NEWRULE, AF_INET6, this->routing_table,
1571 this->routing_table_prio) != SUCCESS)
1572 {
1573 DBG1(DBG_KNL, "unable to create IPv6 routing table rule");
1574 }
1575 }
1576
1577 return &this->public;
1578 }
strongSwan - IPsec VPN