projects / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Use a helper function to add milliseconds to timeval structs
[strongswan.git] / src / libhydra / plugins / kernel_netlink / kernel_netlink_net.c
1 /*
2 * Copyright (C) 2008-2012 Tobias Brunner
3 * Copyright (C) 2005-2008 Martin Willi
4 * Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 /*
18 * Copyright (C) 2010 secunet Security Networks AG
19 * Copyright (C) 2010 Thomas Egerer
20 *
21 * Permission is hereby granted, free of charge, to any person obtaining a copy
22 * of this software and associated documentation files (the "Software"), to deal
23 * in the Software without restriction, including without limitation the rights
24 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
25 * copies of the Software, and to permit persons to whom the Software is
26 * furnished to do so, subject to the following conditions:
27 *
28 * The above copyright notice and this permission notice shall be included in
29 * all copies or substantial portions of the Software.
30 *
31 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
32 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
33 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
34 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
35 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
36 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
37 * THE SOFTWARE.
38 */
39
40 #include <sys/socket.h>
41 #include <sys/utsname.h>
42 #include <linux/netlink.h>
43 #include <linux/rtnetlink.h>
44 #include <unistd.h>
45 #include <errno.h>
46 #include <net/if.h>
47
48 #include "kernel_netlink_net.h"
49 #include "kernel_netlink_shared.h"
50
51 #include <hydra.h>
52 #include <debug.h>
53 #include <threading/thread.h>
54 #include <threading/mutex.h>
55 #include <threading/rwlock.h>
56 #include <threading/rwlock_condvar.h>
57 #include <threading/spinlock.h>
58 #include <utils/hashtable.h>
59 #include <utils/linked_list.h>
60 #include <processing/jobs/callback_job.h>
61
62 /** delay before firing roam events (ms) */
63 #define ROAM_DELAY 100
64
65 /** delay before reinstalling routes (ms) */
66 #define ROUTE_DELAY 100
67
68 typedef struct addr_entry_t addr_entry_t;
69
70 /**
71 * IP address in an iface_entry_t
72 */
73 struct addr_entry_t {
74
75 /** the ip address */
76 host_t *ip;
77
78 /** scope of the address */
79 u_char scope;
80
81 /** number of times this IP is used, if virtual (i.e. managed by us) */
82 u_int refcount;
83
84 /** TRUE once it is installed, if virtual */
85 bool installed;
86 };
87
88 /**
89 * destroy a addr_entry_t object
90 */
91 static void addr_entry_destroy(addr_entry_t *this)
92 {
93 this->ip->destroy(this->ip);
94 free(this);
95 }
96
97 typedef struct iface_entry_t iface_entry_t;
98
99 /**
100 * A network interface on this system, containing addr_entry_t's
101 */
102 struct iface_entry_t {
103
104 /** interface index */
105 int ifindex;
106
107 /** name of the interface */
108 char ifname[IFNAMSIZ];
109
110 /** interface flags, as in netdevice(7) SIOCGIFFLAGS */
111 u_int flags;
112
113 /** list of addresses as host_t */
114 linked_list_t *addrs;
115
116 /** TRUE if usable by config */
117 bool usable;
118 };
119
120 /**
121 * destroy an interface entry
122 */
123 static void iface_entry_destroy(iface_entry_t *this)
124 {
125 this->addrs->destroy_function(this->addrs, (void*)addr_entry_destroy);
126 free(this);
127 }
128
129 /**
130 * find an interface entry by index
131 */
132 static bool iface_entry_by_index(iface_entry_t *this, int *ifindex)
133 {
134 return this->ifindex == *ifindex;
135 }
136
137 /**
138 * find an interface entry by name
139 */
140 static bool iface_entry_by_name(iface_entry_t *this, char *ifname)
141 {
142 return streq(this->ifname, ifname);
143 }
144
145 /**
146 * check if an interface is up
147 */
148 static inline bool iface_entry_up(iface_entry_t *iface)
149 {
150 return (iface->flags & IFF_UP) == IFF_UP;
151 }
152
153 /**
154 * check if an interface is up and usable
155 */
156 static inline bool iface_entry_up_and_usable(iface_entry_t *iface)
157 {
158 return iface->usable && iface_entry_up(iface);
159 }
160
161 typedef struct addr_map_entry_t addr_map_entry_t;
162
163 /**
164 * Entry that maps an IP address to an interface entry
165 */
166 struct addr_map_entry_t {
167 /** The IP address */
168 host_t *ip;
169
170 /** The address entry for this IP address */
171 addr_entry_t *addr;
172
173 /** The interface this address is installed on */
174 iface_entry_t *iface;
175 };
176
177 /**
178 * Hash a addr_map_entry_t object, all entries with the same IP address
179 * are stored in the same bucket
180 */
181 static u_int addr_map_entry_hash(addr_map_entry_t *this)
182 {
183 return chunk_hash(this->ip->get_address(this->ip));
184 }
185
186 /**
187 * Compare two addr_map_entry_t objects, two entries are equal if they are
188 * installed on the same interface
189 */
190 static bool addr_map_entry_equals(addr_map_entry_t *a, addr_map_entry_t *b)
191 {
192 return a->iface->ifindex == b->iface->ifindex &&
193 a->ip->ip_equals(a->ip, b->ip);
194 }
195
196 /**
197 * Used with get_match this finds an address entry if it is installed on
198 * an up and usable interface
199 */
200 static bool addr_map_entry_match_up_and_usable(addr_map_entry_t *a,
201 addr_map_entry_t *b)
202 {
203 return iface_entry_up_and_usable(b->iface) &&
204 a->ip->ip_equals(a->ip, b->ip);
205 }
206
207 /**
208 * Used with get_match this finds an address entry if it is installed on
209 * any active local interface
210 */
211 static bool addr_map_entry_match_up(addr_map_entry_t *a, addr_map_entry_t *b)
212 {
213 return iface_entry_up(b->iface) && a->ip->ip_equals(a->ip, b->ip);
214 }
215
216 /**
217 * Used with get_match this finds an address entry if it is installed on
218 * any local interface
219 */
220 static bool addr_map_entry_match(addr_map_entry_t *a, addr_map_entry_t *b)
221 {
222 return a->ip->ip_equals(a->ip, b->ip);
223 }
224
225 typedef struct route_entry_t route_entry_t;
226
227 /**
228 * Installed routing entry
229 */
230 struct route_entry_t {
231 /** Name of the interface the route is bound to */
232 char *if_name;
233
234 /** Source ip of the route */
235 host_t *src_ip;
236
237 /** Gateway for this route */
238 host_t *gateway;
239
240 /** Destination net */
241 chunk_t dst_net;
242
243 /** Destination net prefixlen */
244 u_int8_t prefixlen;
245 };
246
247 /**
248 * Clone a route_entry_t object.
249 */
250 static route_entry_t *route_entry_clone(route_entry_t *this)
251 {
252 route_entry_t *route;
253
254 INIT(route,
255 .if_name = strdup(this->if_name),
256 .src_ip = this->src_ip->clone(this->src_ip),
257 .gateway = this->gateway->clone(this->gateway),
258 .dst_net = chunk_clone(this->dst_net),
259 .prefixlen = this->prefixlen,
260 );
261 return route;
262 }
263
264 /**
265 * Destroy a route_entry_t object
266 */
267 static void route_entry_destroy(route_entry_t *this)
268 {
269 free(this->if_name);
270 DESTROY_IF(this->src_ip);
271 DESTROY_IF(this->gateway);
272 chunk_free(&this->dst_net);
273 free(this);
274 }
275
276 /**
277 * Hash a route_entry_t object
278 */
279 static u_int route_entry_hash(route_entry_t *this)
280 {
281 return chunk_hash_inc(chunk_from_thing(this->prefixlen),
282 chunk_hash(this->dst_net));
283 }
284
285 /**
286 * Compare two route_entry_t objects
287 */
288 static bool route_entry_equals(route_entry_t *a, route_entry_t *b)
289 {
290 return a->if_name && b->if_name && streq(a->if_name, b->if_name) &&
291 a->src_ip->ip_equals(a->src_ip, b->src_ip) &&
292 a->gateway->ip_equals(a->gateway, b->gateway) &&
293 chunk_equals(a->dst_net, b->dst_net) && a->prefixlen == b->prefixlen;
294 }
295
296 typedef struct net_change_t net_change_t;
297
298 /**
299 * Queued network changes
300 */
301 struct net_change_t {
302 /** Name of the interface that got activated (or an IP appeared on) */
303 char *if_name;
304 };
305
306 /**
307 * Destroy a net_change_t object
308 */
309 static void net_change_destroy(net_change_t *this)
310 {
311 free(this->if_name);
312 free(this);
313 }
314
315 /**
316 * Hash a net_change_t object
317 */
318 static u_int net_change_hash(net_change_t *this)
319 {
320 return chunk_hash(chunk_create(this->if_name, strlen(this->if_name)));
321 }
322
323 /**
324 * Compare two net_change_t objects
325 */
326 static bool net_change_equals(net_change_t *a, net_change_t *b)
327 {
328 return streq(a->if_name, b->if_name);
329 }
330
331 typedef struct private_kernel_netlink_net_t private_kernel_netlink_net_t;
332
333 /**
334 * Private variables and functions of kernel_netlink_net class.
335 */
336 struct private_kernel_netlink_net_t {
337 /**
338 * Public part of the kernel_netlink_net_t object.
339 */
340 kernel_netlink_net_t public;
341
342 /**
343 * lock to access various lists and maps
344 */
345 rwlock_t *lock;
346
347 /**
348 * condition variable to signal virtual IP add/removal
349 */
350 rwlock_condvar_t *condvar;
351
352 /**
353 * Cached list of interfaces and its addresses (iface_entry_t)
354 */
355 linked_list_t *ifaces;
356
357 /**
358 * Map for IP addresses to iface_entry_t objects (addr_map_entry_t)
359 */
360 hashtable_t *addrs;
361
362 /**
363 * Map for virtual IP addresses to iface_entry_t objects (addr_map_entry_t)
364 */
365 hashtable_t *vips;
366
367 /**
368 * netlink rt socket (routing)
369 */
370 netlink_socket_t *socket;
371
372 /**
373 * Netlink rt socket to receive address change events
374 */
375 int socket_events;
376
377 /**
378 * earliest time of the next roam event
379 */
380 timeval_t next_roam;
381
382 /**
383 * lock to check and update roam event time
384 */
385 spinlock_t *roam_lock;
386
387 /**
388 * routing table to install routes
389 */
390 int routing_table;
391
392 /**
393 * priority of used routing table
394 */
395 int routing_table_prio;
396
397 /**
398 * installed routes
399 */
400 hashtable_t *routes;
401
402 /**
403 * mutex for routes
404 */
405 mutex_t *routes_lock;
406
407 /**
408 * interface changes which may trigger route reinstallation
409 */
410 hashtable_t *net_changes;
411
412 /**
413 * mutex for route reinstallation triggers
414 */
415 mutex_t *net_changes_lock;
416
417 /**
418 * time of last route reinstallation
419 */
420 timeval_t last_route_reinstall;
421
422 /**
423 * whether to react to RTM_NEWROUTE or RTM_DELROUTE events
424 */
425 bool process_route;
426
427 /**
428 * whether to actually install virtual IPs
429 */
430 bool install_virtual_ip;
431
432 /**
433 * the name of the interface virtual IP addresses are installed on
434 */
435 char *install_virtual_ip_on;
436
437 /**
438 * whether preferred source addresses can be specified for IPv6 routes
439 */
440 bool rta_prefsrc_for_ipv6;
441
442 /**
443 * list with routing tables to be excluded from route lookup
444 */
445 linked_list_t *rt_exclude;
446 };
447
448 /**
449 * Forward declaration
450 */
451 static status_t manage_srcroute(private_kernel_netlink_net_t *this,
452 int nlmsg_type, int flags, chunk_t dst_net,
453 u_int8_t prefixlen, host_t *gateway,
454 host_t *src_ip, char *if_name);
455
456 /**
457 * Clear the queued network changes.
458 */
459 static void net_changes_clear(private_kernel_netlink_net_t *this)
460 {
461 enumerator_t *enumerator;
462 net_change_t *change;
463
464 enumerator = this->net_changes->create_enumerator(this->net_changes);
465 while (enumerator->enumerate(enumerator, NULL, (void**)&change))
466 {
467 this->net_changes->remove_at(this->net_changes, enumerator);
468 net_change_destroy(change);
469 }
470 enumerator->destroy(enumerator);
471 }
472
473 /**
474 * Act upon queued network changes.
475 */
476 static job_requeue_t reinstall_routes(private_kernel_netlink_net_t *this)
477 {
478 enumerator_t *enumerator;
479 route_entry_t *route;
480
481 this->net_changes_lock->lock(this->net_changes_lock);
482 this->routes_lock->lock(this->routes_lock);
483
484 enumerator = this->routes->create_enumerator(this->routes);
485 while (enumerator->enumerate(enumerator, NULL, (void**)&route))
486 {
487 net_change_t *change, lookup = {
488 .if_name = route->if_name,
489 };
490 /* check if a change for the outgoing interface is queued */
491 change = this->net_changes->get(this->net_changes, &lookup);
492 if (!change)
493 { /* in case src_ip is not on the outgoing interface */
494 if (this->public.interface.get_interface(&this->public.interface,
495 route->src_ip, &lookup.if_name))
496 {
497 if (!streq(lookup.if_name, route->if_name))
498 {
499 change = this->net_changes->get(this->net_changes, &lookup);
500 }
501 free(lookup.if_name);
502 }
503 }
504 if (change)
505 {
506 manage_srcroute(this, RTM_NEWROUTE, NLM_F_CREATE | NLM_F_EXCL,
507 route->dst_net, route->prefixlen, route->gateway,
508 route->src_ip, route->if_name);
509 }
510 }
511 enumerator->destroy(enumerator);
512 this->routes_lock->unlock(this->routes_lock);
513
514 net_changes_clear(this);
515 this->net_changes_lock->unlock(this->net_changes_lock);
516 return JOB_REQUEUE_NONE;
517 }
518
519 /**
520 * Queue route reinstallation caused by network changes for a given interface.
521 *
522 * The route reinstallation is delayed for a while and only done once for
523 * several calls during this delay, in order to avoid doing it too often.
524 * The interface name is freed.
525 */
526 static void queue_route_reinstall(private_kernel_netlink_net_t *this,
527 char *if_name)
528 {
529 net_change_t *update, *found;
530 timeval_t now;
531 job_t *job;
532
533 INIT(update,
534 .if_name = if_name
535 );
536
537 this->net_changes_lock->lock(this->net_changes_lock);
538 found = this->net_changes->put(this->net_changes, update, update);
539 if (found)
540 {
541 net_change_destroy(found);
542 }
543 time_monotonic(&now);
544 if (timercmp(&now, &this->last_route_reinstall, >))
545 {
546 timeval_add_ms(&now, ROUTE_DELAY);
547 this->last_route_reinstall = now;
548
549 job = (job_t*)callback_job_create((callback_job_cb_t)reinstall_routes,
550 this, NULL, NULL);
551 lib->scheduler->schedule_job_ms(lib->scheduler, job, ROUTE_DELAY);
552 }
553 this->net_changes_lock->unlock(this->net_changes_lock);
554 }
555
556 /**
557 * check if the given IP is known as virtual IP and currently installed
558 *
559 * this function will also return TRUE if the virtual IP entry disappeared.
560 * in that case the returned entry will be NULL.
561 *
562 * this->lock must be held when calling this function
563 */
564 static bool is_vip_installed_or_gone(private_kernel_netlink_net_t *this,
565 host_t *ip, addr_map_entry_t **entry)
566 {
567 addr_map_entry_t lookup = {
568 .ip = ip,
569 };
570
571 *entry = this->vips->get_match(this->vips, &lookup,
572 (void*)addr_map_entry_match);
573 if (*entry == NULL)
574 { /* the virtual IP disappeared */
575 return TRUE;
576 }
577 return (*entry)->addr->installed;
578 }
579
580 /**
581 * check if the given IP is known as virtual IP
582 *
583 * this->lock must be held when calling this function
584 */
585 static bool is_known_vip(private_kernel_netlink_net_t *this, host_t *ip)
586 {
587 addr_map_entry_t lookup = {
588 .ip = ip,
589 };
590
591 return this->vips->get_match(this->vips, &lookup,
592 (void*)addr_map_entry_match) != NULL;
593 }
594
595 /**
596 * Add an address map entry
597 */
598 static void addr_map_entry_add(hashtable_t *map, addr_entry_t *addr,
599 iface_entry_t *iface)
600 {
601 addr_map_entry_t *entry;
602
603 INIT(entry,
604 .ip = addr->ip,
605 .addr = addr,
606 .iface = iface,
607 );
608 entry = map->put(map, entry, entry);
609 free(entry);
610 }
611
612 /**
613 * Remove an address map entry
614 */
615 static void addr_map_entry_remove(hashtable_t *map, addr_entry_t *addr,
616 iface_entry_t *iface)
617 {
618 addr_map_entry_t *entry, lookup = {
619 .ip = addr->ip,
620 .addr = addr,
621 .iface = iface,
622 };
623
624 entry = map->remove(map, &lookup);
625 free(entry);
626 }
627
628 /**
629 * get the first non-virtual ip address on the given interface.
630 * if a candidate address is given, we first search for that address and if not
631 * found return the address as above.
632 * returned host is a clone, has to be freed by caller.
633 *
634 * this->lock must be held when calling this function
635 */
636 static host_t *get_interface_address(private_kernel_netlink_net_t *this,
637 int ifindex, int family, host_t *candidate)
638 {
639 iface_entry_t *iface;
640 enumerator_t *addrs;
641 addr_entry_t *addr;
642 host_t *ip = NULL;
643
644 if (this->ifaces->find_first(this->ifaces, (void*)iface_entry_by_index,
645 (void**)&iface, &ifindex) == SUCCESS)
646 {
647 if (iface->usable)
648 { /* only use interfaces not excluded by config */
649 addrs = iface->addrs->create_enumerator(iface->addrs);
650 while (addrs->enumerate(addrs, &addr))
651 {
652 if (addr->refcount)
653 { /* ignore virtual IP addresses */
654 continue;
655 }
656 if (addr->ip->get_family(addr->ip) == family)
657 {
658 if (!candidate || candidate->ip_equals(candidate, addr->ip))
659 { /* stop at the first address if we don't search for a
660 * candidate or if the candidate matches */
661 ip = addr->ip;
662 break;
663 }
664 else if (!ip)
665 { /* store the first address as fallback if candidate is
666 * not found */
667 ip = addr->ip;
668 }
669 }
670 }
671 addrs->destroy(addrs);
672 }
673 }
674 return ip ? ip->clone(ip) : NULL;
675 }
676
677 /**
678 * callback function that raises the delayed roam event
679 */
680 static job_requeue_t roam_event(uintptr_t address)
681 {
682 hydra->kernel_interface->roam(hydra->kernel_interface, address != 0);
683 return JOB_REQUEUE_NONE;
684 }
685
686 /**
687 * fire a roaming event. we delay it for a bit and fire only one event
688 * for multiple calls. otherwise we would create too many events.
689 */
690 static void fire_roam_event(private_kernel_netlink_net_t *this, bool address)
691 {
692 timeval_t now;
693 job_t *job;
694
695 time_monotonic(&now);
696 this->roam_lock->lock(this->roam_lock);
697 if (!timercmp(&now, &this->next_roam, >))
698 {
699 this->roam_lock->unlock(this->roam_lock);
700 return;
701 }
702 timeval_add_ms(&now, ROAM_DELAY);
703 this->next_roam = now;
704 this->roam_lock->unlock(this->roam_lock);
705
706 job = (job_t*)callback_job_create((callback_job_cb_t)roam_event,
707 (void*)(uintptr_t)(address ? 1 : 0),
708 NULL, NULL);
709 lib->scheduler->schedule_job_ms(lib->scheduler, job, ROAM_DELAY);
710 }
711
712 /**
713 * check if an interface with a given index is up and usable
714 *
715 * this->lock must be locked when calling this function
716 */
717 static bool is_interface_up_and_usable(private_kernel_netlink_net_t *this,
718 int index)
719 {
720 iface_entry_t *iface;
721
722 if (this->ifaces->find_first(this->ifaces, (void*)iface_entry_by_index,
723 (void**)&iface, &index) == SUCCESS)
724 {
725 return iface_entry_up_and_usable(iface);
726 }
727 return FALSE;
728 }
729
730 /**
731 * unregister the current addr_entry_t from the hashtable it is stored in
732 *
733 * this->lock must be locked when calling this function
734 */
735 static void addr_entry_unregister(addr_entry_t *addr, iface_entry_t *iface,
736 private_kernel_netlink_net_t *this)
737 {
738 if (addr->refcount)
739 {
740 addr_map_entry_remove(this->vips, addr, iface);
741 this->condvar->broadcast(this->condvar);
742 return;
743 }
744 addr_map_entry_remove(this->addrs, addr, iface);
745 }
746
747 /**
748 * process RTM_NEWLINK/RTM_DELLINK from kernel
749 */
750 static void process_link(private_kernel_netlink_net_t *this,
751 struct nlmsghdr *hdr, bool event)
752 {
753 struct ifinfomsg* msg = (struct ifinfomsg*)(NLMSG_DATA(hdr));
754 struct rtattr *rta = IFLA_RTA(msg);
755 size_t rtasize = IFLA_PAYLOAD (hdr);
756 enumerator_t *enumerator;
757 iface_entry_t *current, *entry = NULL;
758 char *name = NULL;
759 bool update = FALSE, update_routes = FALSE;
760
761 while (RTA_OK(rta, rtasize))
762 {
763 switch (rta->rta_type)
764 {
765 case IFLA_IFNAME:
766 name = RTA_DATA(rta);
767 break;
768 }
769 rta = RTA_NEXT(rta, rtasize);
770 }
771 if (!name)
772 {
773 name = "(unknown)";
774 }
775
776 this->lock->write_lock(this->lock);
777 switch (hdr->nlmsg_type)
778 {
779 case RTM_NEWLINK:
780 {
781 if (this->ifaces->find_first(this->ifaces,
782 (void*)iface_entry_by_index, (void**)&entry,
783 &msg->ifi_index) != SUCCESS)
784 {
785 INIT(entry,
786 .ifindex = msg->ifi_index,
787 .addrs = linked_list_create(),
788 .usable = hydra->kernel_interface->is_interface_usable(
789 hydra->kernel_interface, name),
790 );
791 this->ifaces->insert_last(this->ifaces, entry);
792 }
793 strncpy(entry->ifname, name, IFNAMSIZ);
794 entry->ifname[IFNAMSIZ-1] = '\0';
795 if (event && entry->usable)
796 {
797 if (!(entry->flags & IFF_UP) && (msg->ifi_flags & IFF_UP))
798 {
799 update = update_routes = TRUE;
800 DBG1(DBG_KNL, "interface %s activated", name);
801 }
802 if ((entry->flags & IFF_UP) && !(msg->ifi_flags & IFF_UP))
803 {
804 update = TRUE;
805 DBG1(DBG_KNL, "interface %s deactivated", name);
806 }
807 }
808 entry->flags = msg->ifi_flags;
809 break;
810 }
811 case RTM_DELLINK:
812 {
813 enumerator = this->ifaces->create_enumerator(this->ifaces);
814 while (enumerator->enumerate(enumerator, &current))
815 {
816 if (current->ifindex == msg->ifi_index)
817 {
818 if (event && current->usable)
819 {
820 update = TRUE;
821 DBG1(DBG_KNL, "interface %s deleted", current->ifname);
822 }
823 /* TODO: move virtual IPs installed on this interface to
824 * another interface? */
825 this->ifaces->remove_at(this->ifaces, enumerator);
826 current->addrs->invoke_function(current->addrs,
827 (void*)addr_entry_unregister, current, this);
828 iface_entry_destroy(current);
829 break;
830 }
831 }
832 enumerator->destroy(enumerator);
833 break;
834 }
835 }
836 this->lock->unlock(this->lock);
837
838 if (update_routes && event)
839 {
840 queue_route_reinstall(this, strdup(name));
841 }
842
843 if (update && event)
844 {
845 fire_roam_event(this, TRUE);
846 }
847 }
848
849 /**
850 * process RTM_NEWADDR/RTM_DELADDR from kernel
851 */
852 static void process_addr(private_kernel_netlink_net_t *this,
853 struct nlmsghdr *hdr, bool event)
854 {
855 struct ifaddrmsg* msg = (struct ifaddrmsg*)(NLMSG_DATA(hdr));
856 struct rtattr *rta = IFA_RTA(msg);
857 size_t rtasize = IFA_PAYLOAD (hdr);
858 host_t *host = NULL;
859 iface_entry_t *iface;
860 chunk_t local = chunk_empty, address = chunk_empty;
861 char *route_ifname = NULL;
862 bool update = FALSE, found = FALSE, changed = FALSE;
863
864 while (RTA_OK(rta, rtasize))
865 {
866 switch (rta->rta_type)
867 {
868 case IFA_LOCAL:
869 local.ptr = RTA_DATA(rta);
870 local.len = RTA_PAYLOAD(rta);
871 break;
872 case IFA_ADDRESS:
873 address.ptr = RTA_DATA(rta);
874 address.len = RTA_PAYLOAD(rta);
875 break;
876 }
877 rta = RTA_NEXT(rta, rtasize);
878 }
879
880 /* For PPP interfaces, we need the IFA_LOCAL address,
881 * IFA_ADDRESS is the peers address. But IFA_LOCAL is
882 * not included in all cases (IPv6?), so fallback to IFA_ADDRESS. */
883 if (local.ptr)
884 {
885 host = host_create_from_chunk(msg->ifa_family, local, 0);
886 }
887 else if (address.ptr)
888 {
889 host = host_create_from_chunk(msg->ifa_family, address, 0);
890 }
891
892 if (host == NULL)
893 { /* bad family? */
894 return;
895 }
896
897 this->lock->write_lock(this->lock);
898 if (this->ifaces->find_first(this->ifaces, (void*)iface_entry_by_index,
899 (void**)&iface, &msg->ifa_index) == SUCCESS)
900 {
901 addr_map_entry_t *entry, lookup = {
902 .ip = host,
903 .iface = iface,
904 };
905 addr_entry_t *addr;
906
907 entry = this->vips->get(this->vips, &lookup);
908 if (entry)
909 {
910 if (hdr->nlmsg_type == RTM_NEWADDR)
911 { /* mark as installed and signal waiting threads */
912 entry->addr->installed = TRUE;
913 }
914 else
915 { /* the address was already marked as uninstalled */
916 addr = entry->addr;
917 iface->addrs->remove(iface->addrs, addr, NULL);
918 addr_map_entry_remove(this->vips, addr, iface);
919 addr_entry_destroy(addr);
920 }
921 /* no roam events etc. for virtual IPs */
922 this->condvar->broadcast(this->condvar);
923 this->lock->unlock(this->lock);
924 host->destroy(host);
925 return;
926 }
927 entry = this->addrs->get(this->addrs, &lookup);
928 if (entry)
929 {
930 if (hdr->nlmsg_type == RTM_DELADDR)
931 {
932 found = TRUE;
933 addr = entry->addr;
934 iface->addrs->remove(iface->addrs, addr, NULL);
935 if (iface->usable)
936 {
937 changed = TRUE;
938 DBG1(DBG_KNL, "%H disappeared from %s", host,
939 iface->ifname);
940 }
941 addr_map_entry_remove(this->addrs, addr, iface);
942 addr_entry_destroy(addr);
943 }
944 }
945 else
946 {
947 if (hdr->nlmsg_type == RTM_NEWADDR)
948 {
949 found = TRUE;
950 changed = TRUE;
951 route_ifname = strdup(iface->ifname);
952 INIT(addr,
953 .ip = host->clone(host),
954 .scope = msg->ifa_scope,
955 );
956 iface->addrs->insert_last(iface->addrs, addr);
957 addr_map_entry_add(this->addrs, addr, iface);
958 if (event && iface->usable)
959 {
960 DBG1(DBG_KNL, "%H appeared on %s", host, iface->ifname);
961 }
962 }
963 }
964 if (found && (iface->flags & IFF_UP))
965 {
966 update = TRUE;
967 }
968 if (!iface->usable)
969 { /* ignore events for interfaces excluded by config */
970 update = changed = FALSE;
971 }
972 }
973 this->lock->unlock(this->lock);
974
975 if (update && event && route_ifname)
976 {
977 queue_route_reinstall(this, route_ifname);
978 }
979 else
980 {
981 free(route_ifname);
982 }
983 host->destroy(host);
984
985 /* send an update to all IKE_SAs */
986 if (update && event && changed)
987 {
988 fire_roam_event(this, TRUE);
989 }
990 }
991
992 /**
993 * process RTM_NEWROUTE and RTM_DELROUTE from kernel
994 */
995 static void process_route(private_kernel_netlink_net_t *this, struct nlmsghdr *hdr)
996 {
997 struct rtmsg* msg = (struct rtmsg*)(NLMSG_DATA(hdr));
998 struct rtattr *rta = RTM_RTA(msg);
999 size_t rtasize = RTM_PAYLOAD(hdr);
1000 u_int32_t rta_oif = 0;
1001 host_t *host = NULL;
1002
1003 /* ignore routes added by us or in the local routing table (local addrs) */
1004 if (msg->rtm_table && (msg->rtm_table == this->routing_table ||
1005 msg->rtm_table == RT_TABLE_LOCAL))
1006 {
1007 return;
1008 }
1009 else if (msg->rtm_flags & RTM_F_CLONED)
1010 { /* ignore cached routes, seem to be created a lot for IPv6 */
1011 return;
1012 }
1013
1014 while (RTA_OK(rta, rtasize))
1015 {
1016 switch (rta->rta_type)
1017 {
1018 case RTA_PREFSRC:
1019 DESTROY_IF(host);
1020 host = host_create_from_chunk(msg->rtm_family,
1021 chunk_create(RTA_DATA(rta), RTA_PAYLOAD(rta)), 0);
1022 break;
1023 case RTA_OIF:
1024 if (RTA_PAYLOAD(rta) == sizeof(rta_oif))
1025 {
1026 rta_oif = *(u_int32_t*)RTA_DATA(rta);
1027 }
1028 break;
1029 }
1030 rta = RTA_NEXT(rta, rtasize);
1031 }
1032 this->lock->read_lock(this->lock);
1033 if (rta_oif && !is_interface_up_and_usable(this, rta_oif))
1034 { /* ignore route changes for interfaces that are ignored or down */
1035 this->lock->unlock(this->lock);
1036 DESTROY_IF(host);
1037 return;
1038 }
1039 if (!host && rta_oif)
1040 {
1041 host = get_interface_address(this, rta_oif, msg->rtm_family, NULL);
1042 }
1043 if (!host || is_known_vip(this, host))
1044 { /* ignore routes added for virtual IPs */
1045 this->lock->unlock(this->lock);
1046 DESTROY_IF(host);
1047 return;
1048 }
1049 this->lock->unlock(this->lock);
1050 fire_roam_event(this, FALSE);
1051 host->destroy(host);
1052 }
1053
1054 /**
1055 * Receives events from kernel
1056 */
1057 static job_requeue_t receive_events(private_kernel_netlink_net_t *this)
1058 {
1059 char response[1024];
1060 struct nlmsghdr *hdr = (struct nlmsghdr*)response;
1061 struct sockaddr_nl addr;
1062 socklen_t addr_len = sizeof(addr);
1063 int len;
1064 bool oldstate;
1065
1066 oldstate = thread_cancelability(TRUE);
1067 len = recvfrom(this->socket_events, response, sizeof(response), 0,
1068 (struct sockaddr*)&addr, &addr_len);
1069 thread_cancelability(oldstate);
1070
1071 if (len < 0)
1072 {
1073 switch (errno)
1074 {
1075 case EINTR:
1076 /* interrupted, try again */
1077 return JOB_REQUEUE_DIRECT;
1078 case EAGAIN:
1079 /* no data ready, select again */
1080 return JOB_REQUEUE_DIRECT;
1081 default:
1082 DBG1(DBG_KNL, "unable to receive from rt event socket");
1083 sleep(1);
1084 return JOB_REQUEUE_FAIR;
1085 }
1086 }
1087
1088 if (addr.nl_pid != 0)
1089 { /* not from kernel. not interested, try another one */
1090 return JOB_REQUEUE_DIRECT;
1091 }
1092
1093 while (NLMSG_OK(hdr, len))
1094 {
1095 /* looks good so far, dispatch netlink message */
1096 switch (hdr->nlmsg_type)
1097 {
1098 case RTM_NEWADDR:
1099 case RTM_DELADDR:
1100 process_addr(this, hdr, TRUE);
1101 break;
1102 case RTM_NEWLINK:
1103 case RTM_DELLINK:
1104 process_link(this, hdr, TRUE);
1105 break;
1106 case RTM_NEWROUTE:
1107 case RTM_DELROUTE:
1108 if (this->process_route)
1109 {
1110 process_route(this, hdr);
1111 }
1112 break;
1113 default:
1114 break;
1115 }
1116 hdr = NLMSG_NEXT(hdr, len);
1117 }
1118 return JOB_REQUEUE_DIRECT;
1119 }
1120
1121 /** enumerator over addresses */
1122 typedef struct {
1123 private_kernel_netlink_net_t* this;
1124 /** which addresses to enumerate */
1125 kernel_address_type_t which;
1126 } address_enumerator_t;
1127
1128 /**
1129 * cleanup function for address enumerator
1130 */
1131 static void address_enumerator_destroy(address_enumerator_t *data)
1132 {
1133 data->this->lock->unlock(data->this->lock);
1134 free(data);
1135 }
1136
1137 /**
1138 * filter for addresses
1139 */
1140 static bool filter_addresses(address_enumerator_t *data,
1141 addr_entry_t** in, host_t** out)
1142 {
1143 if (!(data->which & ADDR_TYPE_VIRTUAL) && (*in)->refcount)
1144 { /* skip virtual interfaces added by us */
1145 return FALSE;
1146 }
1147 if ((*in)->scope >= RT_SCOPE_LINK)
1148 { /* skip addresses with a unusable scope */
1149 return FALSE;
1150 }
1151 *out = (*in)->ip;
1152 return TRUE;
1153 }
1154
1155 /**
1156 * enumerator constructor for interfaces
1157 */
1158 static enumerator_t *create_iface_enumerator(iface_entry_t *iface,
1159 address_enumerator_t *data)
1160 {
1161 return enumerator_create_filter(
1162 iface->addrs->create_enumerator(iface->addrs),
1163 (void*)filter_addresses, data, NULL);
1164 }
1165
1166 /**
1167 * filter for interfaces
1168 */
1169 static bool filter_interfaces(address_enumerator_t *data, iface_entry_t** in,
1170 iface_entry_t** out)
1171 {
1172 if (!(data->which & ADDR_TYPE_IGNORED) && !(*in)->usable)
1173 { /* skip interfaces excluded by config */
1174 return FALSE;
1175 }
1176 if (!(data->which & ADDR_TYPE_LOOPBACK) && ((*in)->flags & IFF_LOOPBACK))
1177 { /* ignore loopback devices */
1178 return FALSE;
1179 }
1180 if (!(data->which & ADDR_TYPE_DOWN) && !((*in)->flags & IFF_UP))
1181 { /* skip interfaces not up */
1182 return FALSE;
1183 }
1184 *out = *in;
1185 return TRUE;
1186 }
1187
1188 METHOD(kernel_net_t, create_address_enumerator, enumerator_t*,
1189 private_kernel_netlink_net_t *this, kernel_address_type_t which)
1190 {
1191 address_enumerator_t *data = malloc_thing(address_enumerator_t);
1192 data->this = this;
1193 data->which = which;
1194
1195 this->lock->read_lock(this->lock);
1196 return enumerator_create_nested(
1197 enumerator_create_filter(
1198 this->ifaces->create_enumerator(this->ifaces),
1199 (void*)filter_interfaces, data, NULL),
1200 (void*)create_iface_enumerator, data,
1201 (void*)address_enumerator_destroy);
1202 }
1203
1204 METHOD(kernel_net_t, get_interface_name, bool,
1205 private_kernel_netlink_net_t *this, host_t* ip, char **name)
1206 {
1207 addr_map_entry_t *entry, lookup = {
1208 .ip = ip,
1209 };
1210
1211 if (ip->is_anyaddr(ip))
1212 {
1213 return FALSE;
1214 }
1215 this->lock->read_lock(this->lock);
1216 /* first try to find it on an up and usable interface */
1217 entry = this->addrs->get_match(this->addrs, &lookup,
1218 (void*)addr_map_entry_match_up_and_usable);
1219 if (entry)
1220 {
1221 if (name)
1222 {
1223 *name = strdup(entry->iface->ifname);
1224 DBG2(DBG_KNL, "%H is on interface %s", ip, *name);
1225 }
1226 this->lock->unlock(this->lock);
1227 return TRUE;
1228 }
1229 /* maybe it is installed on an ignored interface */
1230 entry = this->addrs->get_match(this->addrs, &lookup,
1231 (void*)addr_map_entry_match_up);
1232 if (!entry)
1233 {
1234 DBG2(DBG_KNL, "%H is not a local address or the interface is down", ip);
1235 }
1236 this->lock->unlock(this->lock);
1237 return FALSE;
1238 }
1239
1240 /**
1241 * get the index of an interface by name
1242 */
1243 static int get_interface_index(private_kernel_netlink_net_t *this, char* name)
1244 {
1245 iface_entry_t *iface;
1246 int ifindex = 0;
1247
1248 DBG2(DBG_KNL, "getting iface index for %s", name);
1249
1250 this->lock->read_lock(this->lock);
1251 if (this->ifaces->find_first(this->ifaces, (void*)iface_entry_by_name,
1252 (void**)&iface, name) == SUCCESS)
1253 {
1254 ifindex = iface->ifindex;
1255 }
1256 this->lock->unlock(this->lock);
1257
1258 if (ifindex == 0)
1259 {
1260 DBG1(DBG_KNL, "unable to get interface index for %s", name);
1261 }
1262 return ifindex;
1263 }
1264
1265 /**
1266 * check if an address (chunk) addr is in subnet (net with net_len net bits)
1267 */
1268 static bool addr_in_subnet(chunk_t addr, chunk_t net, int net_len)
1269 {
1270 static const u_char mask[] = { 0x00, 0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe };
1271 int byte = 0;
1272
1273 if (net_len == 0)
1274 { /* any address matches a /0 network */
1275 return TRUE;
1276 }
1277 if (addr.len != net.len || net_len > 8 * net.len )
1278 {
1279 return FALSE;
1280 }
1281 /* scan through all bytes in network order */
1282 while (net_len > 0)
1283 {
1284 if (net_len < 8)
1285 {
1286 return (mask[net_len] & addr.ptr[byte]) == (mask[net_len] & net.ptr[byte]);
1287 }
1288 else
1289 {
1290 if (addr.ptr[byte] != net.ptr[byte])
1291 {
1292 return FALSE;
1293 }
1294 byte++;
1295 net_len -= 8;
1296 }
1297 }
1298 return TRUE;
1299 }
1300
1301 /**
1302 * Store information about a route retrieved via RTNETLINK
1303 */
1304 typedef struct {
1305 chunk_t gtw;
1306 chunk_t src;
1307 chunk_t dst;
1308 host_t *src_host;
1309 u_int8_t dst_len;
1310 u_int32_t table;
1311 u_int32_t oif;
1312 } rt_entry_t;
1313
1314 /**
1315 * Free a route entry
1316 */
1317 static void rt_entry_destroy(rt_entry_t *this)
1318 {
1319 DESTROY_IF(this->src_host);
1320 free(this);
1321 }
1322
1323 /**
1324 * Parse route received with RTM_NEWROUTE. The given rt_entry_t object will be
1325 * reused if not NULL.
1326 *
1327 * Returned chunks point to internal data of the Netlink message.
1328 */
1329 static rt_entry_t *parse_route(struct nlmsghdr *hdr, rt_entry_t *route)
1330 {
1331 struct rtattr *rta;
1332 struct rtmsg *msg;
1333 size_t rtasize;
1334
1335 msg = (struct rtmsg*)(NLMSG_DATA(hdr));
1336 rta = RTM_RTA(msg);
1337 rtasize = RTM_PAYLOAD(hdr);
1338
1339 if (route)
1340 {
1341 route->gtw = chunk_empty;
1342 route->src = chunk_empty;
1343 route->dst = chunk_empty;
1344 route->dst_len = msg->rtm_dst_len;
1345 route->table = msg->rtm_table;
1346 route->oif = 0;
1347 }
1348 else
1349 {
1350 INIT(route,
1351 .dst_len = msg->rtm_dst_len,
1352 .table = msg->rtm_table,
1353 );
1354 }
1355
1356 while (RTA_OK(rta, rtasize))
1357 {
1358 switch (rta->rta_type)
1359 {
1360 case RTA_PREFSRC:
1361 route->src = chunk_create(RTA_DATA(rta), RTA_PAYLOAD(rta));
1362 break;
1363 case RTA_GATEWAY:
1364 route->gtw = chunk_create(RTA_DATA(rta), RTA_PAYLOAD(rta));
1365 break;
1366 case RTA_DST:
1367 route->dst = chunk_create(RTA_DATA(rta), RTA_PAYLOAD(rta));
1368 break;
1369 case RTA_OIF:
1370 if (RTA_PAYLOAD(rta) == sizeof(route->oif))
1371 {
1372 route->oif = *(u_int32_t*)RTA_DATA(rta);
1373 }
1374 break;
1375 #ifdef HAVE_RTA_TABLE
1376 case RTA_TABLE:
1377 if (RTA_PAYLOAD(rta) == sizeof(route->table))
1378 {
1379 route->table = *(u_int32_t*)RTA_DATA(rta);
1380 }
1381 break;
1382 #endif /* HAVE_RTA_TABLE*/
1383 }
1384 rta = RTA_NEXT(rta, rtasize);
1385 }
1386 return route;
1387 }
1388
1389 /**
1390 * Get a route: If "nexthop", the nexthop is returned. source addr otherwise.
1391 */
1392 static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest,
1393 bool nexthop, host_t *candidate)
1394 {
1395 netlink_buf_t request;
1396 struct nlmsghdr *hdr, *out, *current;
1397 struct rtmsg *msg;
1398 chunk_t chunk;
1399 size_t len;
1400 linked_list_t *routes;
1401 rt_entry_t *route = NULL, *best = NULL;
1402 enumerator_t *enumerator;
1403 host_t *addr = NULL;
1404
1405 memset(&request, 0, sizeof(request));
1406
1407 hdr = (struct nlmsghdr*)request;
1408 hdr->nlmsg_flags = NLM_F_REQUEST;
1409 if (dest->get_family(dest) == AF_INET || this->rta_prefsrc_for_ipv6 ||
1410 this->routing_table)
1411 { /* kernels prior to 3.0 do not support RTA_PREFSRC for IPv6 routes.
1412 * as we want to ignore routes with virtual IPs we cannot use DUMP
1413 * if these routes are not installed in a separate table */
1414 hdr->nlmsg_flags |= NLM_F_DUMP;
1415 }
1416 hdr->nlmsg_type = RTM_GETROUTE;
1417 hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct rtmsg));
1418
1419 msg = (struct rtmsg*)NLMSG_DATA(hdr);
1420 msg->rtm_family = dest->get_family(dest);
1421 if (candidate)
1422 {
1423 chunk = candidate->get_address(candidate);
1424 netlink_add_attribute(hdr, RTA_PREFSRC, chunk, sizeof(request));
1425 }
1426 chunk = dest->get_address(dest);
1427 netlink_add_attribute(hdr, RTA_DST, chunk, sizeof(request));
1428
1429 if (this->socket->send(this->socket, hdr, &out, &len) != SUCCESS)
1430 {
1431 DBG2(DBG_KNL, "getting %s to reach %H failed",
1432 nexthop ? "nexthop" : "address", dest);
1433 return NULL;
1434 }
1435 routes = linked_list_create();
1436 this->lock->read_lock(this->lock);
1437
1438 for (current = out; NLMSG_OK(current, len);
1439 current = NLMSG_NEXT(current, len))
1440 {
1441 switch (current->nlmsg_type)
1442 {
1443 case NLMSG_DONE:
1444 break;
1445 case RTM_NEWROUTE:
1446 {
1447 rt_entry_t *other;
1448 uintptr_t table;
1449
1450 route = parse_route(current, route);
1451
1452 table = (uintptr_t)route->table;
1453 if (this->rt_exclude->find_first(this->rt_exclude, NULL,
1454 (void**)&table) == SUCCESS)
1455 { /* route is from an excluded routing table */
1456 continue;
1457 }
1458 if (this->routing_table != 0 &&
1459 route->table == this->routing_table)
1460 { /* route is from our own ipsec routing table */
1461 continue;
1462 }
1463 if (route->oif && !is_interface_up_and_usable(this, route->oif))
1464 { /* interface is down */
1465 continue;
1466 }
1467 if (!addr_in_subnet(chunk, route->dst, route->dst_len))
1468 { /* route destination does not contain dest */
1469 continue;
1470 }
1471 if (route->src.ptr)
1472 { /* verify source address, if any */
1473 host_t *src = host_create_from_chunk(msg->rtm_family,
1474 route->src, 0);
1475 if (src && is_known_vip(this, src))
1476 { /* ignore routes installed by us */
1477 src->destroy(src);
1478 continue;
1479 }
1480 route->src_host = src;
1481 }
1482 /* insert route, sorted by decreasing network prefix */
1483 enumerator = routes->create_enumerator(routes);
1484 while (enumerator->enumerate(enumerator, &other))
1485 {
1486 if (route->dst_len > other->dst_len)
1487 {
1488 break;
1489 }
1490 }
1491 routes->insert_before(routes, enumerator, route);
1492 enumerator->destroy(enumerator);
1493 route = NULL;
1494 continue;
1495 }
1496 default:
1497 continue;
1498 }
1499 break;
1500 }
1501 if (route)
1502 {
1503 rt_entry_destroy(route);
1504 }
1505
1506 /* now we have a list of routes matching dest, sorted by net prefix.
1507 * we will look for source addresses for these routes and select the one
1508 * with the preferred source address, if possible */
1509 enumerator = routes->create_enumerator(routes);
1510 while (enumerator->enumerate(enumerator, &route))
1511 {
1512 if (route->src_host)
1513 { /* got a source address with the route, if no preferred source
1514 * is given or it matches we are done, as this is the best route */
1515 if (!candidate || candidate->ip_equals(candidate, route->src_host))
1516 {
1517 best = route;
1518 break;
1519 }
1520 else if (route->oif)
1521 { /* no match yet, maybe it is assigned to the same interface */
1522 host_t *src = get_interface_address(this, route->oif,
1523 msg->rtm_family, candidate);
1524 if (src && src->ip_equals(src, candidate))
1525 {
1526 route->src_host->destroy(route->src_host);
1527 route->src_host = src;
1528 best = route;
1529 break;
1530 }
1531 DESTROY_IF(src);
1532 }
1533 /* no luck yet with the source address. if this is the best (first)
1534 * route we store it as fallback in case we don't find a route with
1535 * the preferred source */
1536 best = best ?: route;
1537 continue;
1538 }
1539 if (route->oif)
1540 { /* no src, but an interface - get address from it */
1541 route->src_host = get_interface_address(this, route->oif,
1542 msg->rtm_family, candidate);
1543 if (route->src_host)
1544 { /* we handle this address the same as the one above */
1545 if (!candidate ||
1546 candidate->ip_equals(candidate, route->src_host))
1547 {
1548 best = route;
1549 break;
1550 }
1551 best = best ?: route;
1552 continue;
1553 }
1554 }
1555 if (route->gtw.ptr)
1556 { /* no src, no iface, but a gateway - lookup src to reach gtw */
1557 host_t *gtw;
1558
1559 gtw = host_create_from_chunk(msg->rtm_family, route->gtw, 0);
1560 route->src_host = get_route(this, gtw, FALSE, candidate);
1561 gtw->destroy(gtw);
1562 if (route->src_host)
1563 { /* more of the same */
1564 if (!candidate ||
1565 candidate->ip_equals(candidate, route->src_host))
1566 {
1567 best = route;
1568 break;
1569 }
1570 best = best ?: route;
1571 }
1572 }
1573 }
1574 enumerator->destroy(enumerator);
1575
1576 if (nexthop)
1577 { /* nexthop lookup, return gateway if any */
1578 if (best || routes->get_first(routes, (void**)&best) == SUCCESS)
1579 {
1580 addr = host_create_from_chunk(msg->rtm_family, best->gtw, 0);
1581 }
1582 addr = addr ?: dest->clone(dest);
1583 }
1584 else
1585 {
1586 if (best)
1587 {
1588 addr = best->src_host->clone(best->src_host);
1589 }
1590 }
1591 this->lock->unlock(this->lock);
1592 routes->destroy_function(routes, (void*)rt_entry_destroy);
1593 free(out);
1594
1595 if (addr)
1596 {
1597 DBG2(DBG_KNL, "using %H as %s to reach %H", addr,
1598 nexthop ? "nexthop" : "address", dest);
1599 }
1600 else
1601 {
1602 DBG2(DBG_KNL, "no %s found to reach %H",
1603 nexthop ? "nexthop" : "address", dest);
1604 }
1605 return addr;
1606 }
1607
1608 METHOD(kernel_net_t, get_source_addr, host_t*,
1609 private_kernel_netlink_net_t *this, host_t *dest, host_t *src)
1610 {
1611 return get_route(this, dest, FALSE, src);
1612 }
1613
1614 METHOD(kernel_net_t, get_nexthop, host_t*,
1615 private_kernel_netlink_net_t *this, host_t *dest, host_t *src)
1616 {
1617 return get_route(this, dest, TRUE, src);
1618 }
1619
1620 /**
1621 * Manages the creation and deletion of ip addresses on an interface.
1622 * By setting the appropriate nlmsg_type, the ip will be set or unset.
1623 */
1624 static status_t manage_ipaddr(private_kernel_netlink_net_t *this, int nlmsg_type,
1625 int flags, int if_index, host_t *ip)
1626 {
1627 netlink_buf_t request;
1628 struct nlmsghdr *hdr;
1629 struct ifaddrmsg *msg;
1630 chunk_t chunk;
1631
1632 memset(&request, 0, sizeof(request));
1633
1634 chunk = ip->get_address(ip);
1635
1636 hdr = (struct nlmsghdr*)request;
1637 hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK | flags;
1638 hdr->nlmsg_type = nlmsg_type;
1639 hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct ifaddrmsg));
1640
1641 msg = (struct ifaddrmsg*)NLMSG_DATA(hdr);
1642 msg->ifa_family = ip->get_family(ip);
1643 msg->ifa_flags = 0;
1644 msg->ifa_prefixlen = 8 * chunk.len;
1645 msg->ifa_scope = RT_SCOPE_UNIVERSE;
1646 msg->ifa_index = if_index;
1647
1648 netlink_add_attribute(hdr, IFA_LOCAL, chunk, sizeof(request));
1649
1650 return this->socket->send_ack(this->socket, hdr);
1651 }
1652
1653 METHOD(kernel_net_t, add_ip, status_t,
1654 private_kernel_netlink_net_t *this, host_t *virtual_ip, host_t *iface_ip)
1655 {
1656 addr_map_entry_t *entry, lookup = {
1657 .ip = virtual_ip,
1658 };
1659 iface_entry_t *iface = NULL;
1660
1661 if (!this->install_virtual_ip)
1662 { /* disabled by config */
1663 return SUCCESS;
1664 }
1665
1666 this->lock->write_lock(this->lock);
1667 /* the virtual IP might actually be installed as regular IP, in which case
1668 * we don't track it as virtual IP */
1669 entry = this->addrs->get_match(this->addrs, &lookup,
1670 (void*)addr_map_entry_match);
1671 if (!entry)
1672 { /* otherwise it might already be installed as virtual IP */
1673 entry = this->vips->get_match(this->vips, &lookup,
1674 (void*)addr_map_entry_match);
1675 if (entry)
1676 { /* the vip we found can be in one of three states: 1) installed and
1677 * ready, 2) just added by another thread, but not yet confirmed to
1678 * be installed by the kernel, 3) just deleted, but not yet gone.
1679 * Then while we wait below, several things could happen (as we
1680 * release the lock). For instance, the interface could disappear,
1681 * or the IP is finally deleted, and it reappears on a different
1682 * interface. All these cases are handled by the call below. */
1683 while (!is_vip_installed_or_gone(this, virtual_ip, &entry))
1684 {
1685 this->condvar->wait(this->condvar, this->lock);
1686 }
1687 if (entry)
1688 {
1689 entry->addr->refcount++;
1690 }
1691 }
1692 }
1693 if (entry)
1694 {
1695 DBG2(DBG_KNL, "virtual IP %H is already installed on %s", virtual_ip,
1696 entry->iface->ifname);
1697 this->lock->unlock(this->lock);
1698 return SUCCESS;
1699 }
1700 /* try to find the target interface, either by config or via src ip */
1701 if (!this->install_virtual_ip_on ||
1702 this->ifaces->find_first(this->ifaces, (void*)iface_entry_by_name,
1703 (void**)&iface, this->install_virtual_ip_on) != SUCCESS)
1704 {
1705 lookup.ip = iface_ip;
1706 entry = this->addrs->get_match(this->addrs, &lookup,
1707 (void*)addr_map_entry_match);
1708 if (!entry)
1709 { /* if we don't find the requested interface we just use the first */
1710 this->ifaces->get_first(this->ifaces, (void**)&iface);
1711 }
1712 else
1713 {
1714 iface = entry->iface;
1715 }
1716 }
1717 if (iface)
1718 {
1719 addr_entry_t *addr;
1720
1721 INIT(addr,
1722 .ip = virtual_ip->clone(virtual_ip),
1723 .refcount = 1,
1724 .scope = RT_SCOPE_UNIVERSE,
1725 );
1726 iface->addrs->insert_last(iface->addrs, addr);
1727 addr_map_entry_add(this->vips, addr, iface);
1728 if (manage_ipaddr(this, RTM_NEWADDR, NLM_F_CREATE | NLM_F_EXCL,
1729 iface->ifindex, virtual_ip) == SUCCESS)
1730 {
1731 while (!is_vip_installed_or_gone(this, virtual_ip, &entry))
1732 { /* wait until address appears */
1733 this->condvar->wait(this->condvar, this->lock);
1734 }
1735 if (entry)
1736 { /* we fail if the interface got deleted in the meantime */
1737 DBG2(DBG_KNL, "virtual IP %H installed on %s", virtual_ip,
1738 entry->iface->ifname);
1739 this->lock->unlock(this->lock);
1740 return SUCCESS;
1741 }
1742 }
1743 this->lock->unlock(this->lock);
1744 DBG1(DBG_KNL, "adding virtual IP %H failed", virtual_ip);
1745 return FAILED;
1746 }
1747 this->lock->unlock(this->lock);
1748 DBG1(DBG_KNL, "no interface available, unable to install virtual IP %H",
1749 virtual_ip);
1750 return FAILED;
1751 }
1752
1753 METHOD(kernel_net_t, del_ip, status_t,
1754 private_kernel_netlink_net_t *this, host_t *virtual_ip)
1755 {
1756 addr_map_entry_t *entry, lookup = {
1757 .ip = virtual_ip,
1758 };
1759
1760 if (!this->install_virtual_ip)
1761 { /* disabled by config */
1762 return SUCCESS;
1763 }
1764
1765 DBG2(DBG_KNL, "deleting virtual IP %H", virtual_ip);
1766
1767 this->lock->write_lock(this->lock);
1768 entry = this->vips->get_match(this->vips, &lookup,
1769 (void*)addr_map_entry_match);
1770 if (!entry)
1771 { /* we didn't install this IP as virtual IP */
1772 entry = this->addrs->get_match(this->addrs, &lookup,
1773 (void*)addr_map_entry_match);
1774 if (entry)
1775 {
1776 DBG2(DBG_KNL, "not deleting existing IP %H on %s", virtual_ip,
1777 entry->iface->ifname);
1778 this->lock->unlock(this->lock);
1779 return SUCCESS;
1780 }
1781 DBG2(DBG_KNL, "virtual IP %H not cached, unable to delete", virtual_ip);
1782 this->lock->unlock(this->lock);
1783 return FAILED;
1784 }
1785 if (entry->addr->refcount == 1)
1786 {
1787 status_t status;
1788
1789 /* we set this flag so that threads calling add_ip will block and wait
1790 * until the entry is gone, also so we can wait below */
1791 entry->addr->installed = FALSE;
1792 status = manage_ipaddr(this, RTM_DELADDR, 0, entry->iface->ifindex,
1793 virtual_ip);
1794 if (status == SUCCESS)
1795 { /* wait until the address is really gone */
1796 while (is_known_vip(this, virtual_ip))
1797 {
1798 this->condvar->wait(this->condvar, this->lock);
1799 }
1800 }
1801 this->lock->unlock(this->lock);
1802 return status;
1803 }
1804 else
1805 {
1806 entry->addr->refcount--;
1807 }
1808 DBG2(DBG_KNL, "virtual IP %H used by other SAs, not deleting",
1809 virtual_ip);
1810 this->lock->unlock(this->lock);
1811 return SUCCESS;
1812 }
1813
1814 /**
1815 * Manages source routes in the routing table.
1816 * By setting the appropriate nlmsg_type, the route gets added or removed.
1817 */
1818 static status_t manage_srcroute(private_kernel_netlink_net_t *this,
1819 int nlmsg_type, int flags, chunk_t dst_net,
1820 u_int8_t prefixlen, host_t *gateway,
1821 host_t *src_ip, char *if_name)
1822 {
1823 netlink_buf_t request;
1824 struct nlmsghdr *hdr;
1825 struct rtmsg *msg;
1826 int ifindex;
1827 chunk_t chunk;
1828
1829 /* if route is 0.0.0.0/0, we can't install it, as it would
1830 * overwrite the default route. Instead, we add two routes:
1831 * 0.0.0.0/1 and 128.0.0.0/1 */
1832 if (this->routing_table == 0 && prefixlen == 0)
1833 {
1834 chunk_t half_net;
1835 u_int8_t half_prefixlen;
1836 status_t status;
1837
1838 half_net = chunk_alloca(dst_net.len);
1839 memset(half_net.ptr, 0, half_net.len);
1840 half_prefixlen = 1;
1841
1842 status = manage_srcroute(this, nlmsg_type, flags, half_net, half_prefixlen,
1843 gateway, src_ip, if_name);
1844 half_net.ptr[0] |= 0x80;
1845 status = manage_srcroute(this, nlmsg_type, flags, half_net, half_prefixlen,
1846 gateway, src_ip, if_name);
1847 return status;
1848 }
1849
1850 memset(&request, 0, sizeof(request));
1851
1852 hdr = (struct nlmsghdr*)request;
1853 hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK | flags;
1854 hdr->nlmsg_type = nlmsg_type;
1855 hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct rtmsg));
1856
1857 msg = (struct rtmsg*)NLMSG_DATA(hdr);
1858 msg->rtm_family = src_ip->get_family(src_ip);
1859 msg->rtm_dst_len = prefixlen;
1860 msg->rtm_table = this->routing_table;
1861 msg->rtm_protocol = RTPROT_STATIC;
1862 msg->rtm_type = RTN_UNICAST;
1863 msg->rtm_scope = RT_SCOPE_UNIVERSE;
1864
1865 netlink_add_attribute(hdr, RTA_DST, dst_net, sizeof(request));
1866 chunk = src_ip->get_address(src_ip);
1867 netlink_add_attribute(hdr, RTA_PREFSRC, chunk, sizeof(request));
1868 if (gateway && gateway->get_family(gateway) == src_ip->get_family(src_ip))
1869 {
1870 chunk = gateway->get_address(gateway);
1871 netlink_add_attribute(hdr, RTA_GATEWAY, chunk, sizeof(request));
1872 }
1873 ifindex = get_interface_index(this, if_name);
1874 chunk.ptr = (char*)&ifindex;
1875 chunk.len = sizeof(ifindex);
1876 netlink_add_attribute(hdr, RTA_OIF, chunk, sizeof(request));
1877
1878 return this->socket->send_ack(this->socket, hdr);
1879 }
1880
1881 METHOD(kernel_net_t, add_route, status_t,
1882 private_kernel_netlink_net_t *this, chunk_t dst_net, u_int8_t prefixlen,
1883 host_t *gateway, host_t *src_ip, char *if_name)
1884 {
1885 status_t status;
1886 route_entry_t *found, route = {
1887 .dst_net = dst_net,
1888 .prefixlen = prefixlen,
1889 .gateway = gateway,
1890 .src_ip = src_ip,
1891 .if_name = if_name,
1892 };
1893
1894 this->routes_lock->lock(this->routes_lock);
1895 found = this->routes->get(this->routes, &route);
1896 if (found)
1897 {
1898 this->routes_lock->unlock(this->routes_lock);
1899 return ALREADY_DONE;
1900 }
1901 found = route_entry_clone(&route);
1902 this->routes->put(this->routes, found, found);
1903 status = manage_srcroute(this, RTM_NEWROUTE, NLM_F_CREATE | NLM_F_EXCL,
1904 dst_net, prefixlen, gateway, src_ip, if_name);
1905 this->routes_lock->unlock(this->routes_lock);
1906 return status;
1907 }
1908
1909 METHOD(kernel_net_t, del_route, status_t,
1910 private_kernel_netlink_net_t *this, chunk_t dst_net, u_int8_t prefixlen,
1911 host_t *gateway, host_t *src_ip, char *if_name)
1912 {
1913 status_t status;
1914 route_entry_t *found, route = {
1915 .dst_net = dst_net,
1916 .prefixlen = prefixlen,
1917 .gateway = gateway,
1918 .src_ip = src_ip,
1919 .if_name = if_name,
1920 };
1921
1922 this->routes_lock->lock(this->routes_lock);
1923 found = this->routes->get(this->routes, &route);
1924 if (!found)
1925 {
1926 this->routes_lock->unlock(this->routes_lock);
1927 return NOT_FOUND;
1928 }
1929 this->routes->remove(this->routes, found);
1930 route_entry_destroy(found);
1931 status = manage_srcroute(this, RTM_DELROUTE, 0, dst_net, prefixlen,
1932 gateway, src_ip, if_name);
1933 this->routes_lock->unlock(this->routes_lock);
1934 return status;
1935 }
1936
1937 /**
1938 * Initialize a list of local addresses.
1939 */
1940 static status_t init_address_list(private_kernel_netlink_net_t *this)
1941 {
1942 netlink_buf_t request;
1943 struct nlmsghdr *out, *current, *in;
1944 struct rtgenmsg *msg;
1945 size_t len;
1946 enumerator_t *ifaces, *addrs;
1947 iface_entry_t *iface;
1948 addr_entry_t *addr;
1949
1950 DBG2(DBG_KNL, "known interfaces and IP addresses:");
1951
1952 memset(&request, 0, sizeof(request));
1953
1954 in = (struct nlmsghdr*)&request;
1955 in->nlmsg_len = NLMSG_LENGTH(sizeof(struct rtgenmsg));
1956 in->nlmsg_flags = NLM_F_REQUEST | NLM_F_MATCH | NLM_F_ROOT;
1957 msg = (struct rtgenmsg*)NLMSG_DATA(in);
1958 msg->rtgen_family = AF_UNSPEC;
1959
1960 /* get all links */
1961 in->nlmsg_type = RTM_GETLINK;
1962 if (this->socket->send(this->socket, in, &out, &len) != SUCCESS)
1963 {
1964 return FAILED;
1965 }
1966 current = out;
1967 while (NLMSG_OK(current, len))
1968 {
1969 switch (current->nlmsg_type)
1970 {
1971 case NLMSG_DONE:
1972 break;
1973 case RTM_NEWLINK:
1974 process_link(this, current, FALSE);
1975 /* fall through */
1976 default:
1977 current = NLMSG_NEXT(current, len);
1978 continue;
1979 }
1980 break;
1981 }
1982 free(out);
1983
1984 /* get all interface addresses */
1985 in->nlmsg_type = RTM_GETADDR;
1986 if (this->socket->send(this->socket, in, &out, &len) != SUCCESS)
1987 {
1988 return FAILED;
1989 }
1990 current = out;
1991 while (NLMSG_OK(current, len))
1992 {
1993 switch (current->nlmsg_type)
1994 {
1995 case NLMSG_DONE:
1996 break;
1997 case RTM_NEWADDR:
1998 process_addr(this, current, FALSE);
1999 /* fall through */
2000 default:
2001 current = NLMSG_NEXT(current, len);
2002 continue;
2003 }
2004 break;
2005 }
2006 free(out);
2007
2008 this->lock->read_lock(this->lock);
2009 ifaces = this->ifaces->create_enumerator(this->ifaces);
2010 while (ifaces->enumerate(ifaces, &iface))
2011 {
2012 if (iface_entry_up_and_usable(iface))
2013 {
2014 DBG2(DBG_KNL, " %s", iface->ifname);
2015 addrs = iface->addrs->create_enumerator(iface->addrs);
2016 while (addrs->enumerate(addrs, (void**)&addr))
2017 {
2018 DBG2(DBG_KNL, " %H", addr->ip);
2019 }
2020 addrs->destroy(addrs);
2021 }
2022 }
2023 ifaces->destroy(ifaces);
2024 this->lock->unlock(this->lock);
2025 return SUCCESS;
2026 }
2027
2028 /**
2029 * create or delete a rule to use our routing table
2030 */
2031 static status_t manage_rule(private_kernel_netlink_net_t *this, int nlmsg_type,
2032 int family, u_int32_t table, u_int32_t prio)
2033 {
2034 netlink_buf_t request;
2035 struct nlmsghdr *hdr;
2036 struct rtmsg *msg;
2037 chunk_t chunk;
2038
2039 memset(&request, 0, sizeof(request));
2040 hdr = (struct nlmsghdr*)request;
2041 hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK;
2042 hdr->nlmsg_type = nlmsg_type;
2043 if (nlmsg_type == RTM_NEWRULE)
2044 {
2045 hdr->nlmsg_flags |= NLM_F_CREATE | NLM_F_EXCL;
2046 }
2047 hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct rtmsg));
2048
2049 msg = (struct rtmsg*)NLMSG_DATA(hdr);
2050 msg->rtm_table = table;
2051 msg->rtm_family = family;
2052 msg->rtm_protocol = RTPROT_BOOT;
2053 msg->rtm_scope = RT_SCOPE_UNIVERSE;
2054 msg->rtm_type = RTN_UNICAST;
2055
2056 chunk = chunk_from_thing(prio);
2057 netlink_add_attribute(hdr, RTA_PRIORITY, chunk, sizeof(request));
2058
2059 return this->socket->send_ack(this->socket, hdr);
2060 }
2061
2062 /**
2063 * check for kernel features (currently only via version number)
2064 */
2065 static void check_kernel_features(private_kernel_netlink_net_t *this)
2066 {
2067 struct utsname utsname;
2068 int a, b, c;
2069
2070 if (uname(&utsname) == 0)
2071 {
2072 switch(sscanf(utsname.release, "%d.%d.%d", &a, &b, &c))
2073 {
2074 case 3:
2075 if (a == 2)
2076 {
2077 DBG2(DBG_KNL, "detected Linux %d.%d.%d, no support for "
2078 "RTA_PREFSRC for IPv6 routes", a, b, c);
2079 break;
2080 }
2081 /* fall-through */
2082 case 2:
2083 /* only 3.x+ uses two part version numbers */
2084 this->rta_prefsrc_for_ipv6 = TRUE;
2085 break;
2086 default:
2087 break;
2088 }
2089 }
2090 }
2091
2092 /**
2093 * Destroy an address to iface map
2094 */
2095 static void addr_map_destroy(hashtable_t *map)
2096 {
2097 enumerator_t *enumerator;
2098 addr_map_entry_t *addr;
2099
2100 enumerator = map->create_enumerator(map);
2101 while (enumerator->enumerate(enumerator, NULL, (void**)&addr))
2102 {
2103 free(addr);
2104 }
2105 enumerator->destroy(enumerator);
2106 map->destroy(map);
2107 }
2108
2109 METHOD(kernel_net_t, destroy, void,
2110 private_kernel_netlink_net_t *this)
2111 {
2112 enumerator_t *enumerator;
2113 route_entry_t *route;
2114
2115 if (this->routing_table)
2116 {
2117 manage_rule(this, RTM_DELRULE, AF_INET, this->routing_table,
2118 this->routing_table_prio);
2119 manage_rule(this, RTM_DELRULE, AF_INET6, this->routing_table,
2120 this->routing_table_prio);
2121 }
2122 if (this->socket_events > 0)
2123 {
2124 close(this->socket_events);
2125 }
2126 enumerator = this->routes->create_enumerator(this->routes);
2127 while (enumerator->enumerate(enumerator, NULL, (void**)&route))
2128 {
2129 manage_srcroute(this, RTM_DELROUTE, 0, route->dst_net, route->prefixlen,
2130 route->gateway, route->src_ip, route->if_name);
2131 route_entry_destroy(route);
2132 }
2133 enumerator->destroy(enumerator);
2134 this->routes->destroy(this->routes);
2135 this->routes_lock->destroy(this->routes_lock);
2136 DESTROY_IF(this->socket);
2137
2138 net_changes_clear(this);
2139 this->net_changes->destroy(this->net_changes);
2140 this->net_changes_lock->destroy(this->net_changes_lock);
2141
2142 addr_map_destroy(this->addrs);
2143 addr_map_destroy(this->vips);
2144
2145 this->ifaces->destroy_function(this->ifaces, (void*)iface_entry_destroy);
2146 this->rt_exclude->destroy(this->rt_exclude);
2147 this->roam_lock->destroy(this->roam_lock);
2148 this->condvar->destroy(this->condvar);
2149 this->lock->destroy(this->lock);
2150 free(this);
2151 }
2152
2153 /*
2154 * Described in header.
2155 */
2156 kernel_netlink_net_t *kernel_netlink_net_create()
2157 {
2158 private_kernel_netlink_net_t *this;
2159 enumerator_t *enumerator;
2160 bool register_for_events = TRUE;
2161 char *exclude;
2162
2163 INIT(this,
2164 .public = {
2165 .interface = {
2166 .get_interface = _get_interface_name,
2167 .create_address_enumerator = _create_address_enumerator,
2168 .get_source_addr = _get_source_addr,
2169 .get_nexthop = _get_nexthop,
2170 .add_ip = _add_ip,
2171 .del_ip = _del_ip,
2172 .add_route = _add_route,
2173 .del_route = _del_route,
2174 .destroy = _destroy,
2175 },
2176 },
2177 .socket = netlink_socket_create(NETLINK_ROUTE),
2178 .rt_exclude = linked_list_create(),
2179 .routes = hashtable_create((hashtable_hash_t)route_entry_hash,
2180 (hashtable_equals_t)route_entry_equals, 16),
2181 .net_changes = hashtable_create(
2182 (hashtable_hash_t)net_change_hash,
2183 (hashtable_equals_t)net_change_equals, 16),
2184 .addrs = hashtable_create(
2185 (hashtable_hash_t)addr_map_entry_hash,
2186 (hashtable_equals_t)addr_map_entry_equals, 16),
2187 .vips = hashtable_create((hashtable_hash_t)addr_map_entry_hash,
2188 (hashtable_equals_t)addr_map_entry_equals, 16),
2189 .routes_lock = mutex_create(MUTEX_TYPE_DEFAULT),
2190 .net_changes_lock = mutex_create(MUTEX_TYPE_DEFAULT),
2191 .ifaces = linked_list_create(),
2192 .lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
2193 .condvar = rwlock_condvar_create(),
2194 .roam_lock = spinlock_create(),
2195 .routing_table = lib->settings->get_int(lib->settings,
2196 "%s.routing_table", ROUTING_TABLE, hydra->daemon),
2197 .routing_table_prio = lib->settings->get_int(lib->settings,
2198 "%s.routing_table_prio", ROUTING_TABLE_PRIO, hydra->daemon),
2199 .process_route = lib->settings->get_bool(lib->settings,
2200 "%s.process_route", TRUE, hydra->daemon),
2201 .install_virtual_ip = lib->settings->get_bool(lib->settings,
2202 "%s.install_virtual_ip", TRUE, hydra->daemon),
2203 .install_virtual_ip_on = lib->settings->get_str(lib->settings,
2204 "%s.install_virtual_ip_on", NULL, hydra->daemon),
2205 );
2206 timerclear(&this->last_route_reinstall);
2207 timerclear(&this->next_roam);
2208
2209 check_kernel_features(this);
2210
2211 if (streq(hydra->daemon, "starter"))
2212 { /* starter has no threads, so we do not register for kernel events */
2213 register_for_events = FALSE;
2214 }
2215
2216 exclude = lib->settings->get_str(lib->settings,
2217 "%s.ignore_routing_tables", NULL, hydra->daemon);
2218 if (exclude)
2219 {
2220 char *token;
2221 uintptr_t table;
2222
2223 enumerator = enumerator_create_token(exclude, " ", " ");
2224 while (enumerator->enumerate(enumerator, &token))
2225 {
2226 errno = 0;
2227 table = strtoul(token, NULL, 10);
2228
2229 if (errno == 0)
2230 {
2231 this->rt_exclude->insert_last(this->rt_exclude, (void*)table);
2232 }
2233 }
2234 enumerator->destroy(enumerator);
2235 }
2236
2237 if (register_for_events)
2238 {
2239 struct sockaddr_nl addr;
2240
2241 memset(&addr, 0, sizeof(addr));
2242 addr.nl_family = AF_NETLINK;
2243
2244 /* create and bind RT socket for events (address/interface/route changes) */
2245 this->socket_events = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
2246 if (this->socket_events < 0)
2247 {
2248 DBG1(DBG_KNL, "unable to create RT event socket");
2249 destroy(this);
2250 return NULL;
2251 }
2252 addr.nl_groups = RTMGRP_IPV4_IFADDR | RTMGRP_IPV6_IFADDR |
2253 RTMGRP_IPV4_ROUTE | RTMGRP_IPV6_ROUTE | RTMGRP_LINK;
2254 if (bind(this->socket_events, (struct sockaddr*)&addr, sizeof(addr)))
2255 {
2256 DBG1(DBG_KNL, "unable to bind RT event socket");
2257 destroy(this);
2258 return NULL;
2259 }
2260
2261 lib->processor->queue_job(lib->processor,
2262 (job_t*)callback_job_create_with_prio(
2263 (callback_job_cb_t)receive_events, this, NULL,
2264 (callback_job_cancel_t)return_false, JOB_PRIO_CRITICAL));
2265 }
2266
2267 if (init_address_list(this) != SUCCESS)
2268 {
2269 DBG1(DBG_KNL, "unable to get interface list");
2270 destroy(this);
2271 return NULL;
2272 }
2273
2274 if (this->routing_table)
2275 {
2276 if (manage_rule(this, RTM_NEWRULE, AF_INET, this->routing_table,
2277 this->routing_table_prio) != SUCCESS)
2278 {
2279 DBG1(DBG_KNL, "unable to create IPv4 routing table rule");
2280 }
2281 if (manage_rule(this, RTM_NEWRULE, AF_INET6, this->routing_table,
2282 this->routing_table_prio) != SUCCESS)
2283 {
2284 DBG1(DBG_KNL, "unable to create IPv6 routing table rule");
2285 }
2286 }
2287
2288 return &this->public;
2289 }
strongSwan - IPsec VPN