projects / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Make it easy to check if an address is locally usable via changed get_interface(...
[strongswan.git] / src / libhydra / plugins / kernel_pfroute / kernel_pfroute_net.c
1 /*
2 * Copyright (C) 2009-2012 Tobias Brunner
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include <sys/types.h>
17 #include <sys/socket.h>
18 #include <net/if.h>
19 #include <ifaddrs.h>
20 #include <net/route.h>
21 #include <unistd.h>
22 #include <errno.h>
23
24 #include "kernel_pfroute_net.h"
25
26 #include <hydra.h>
27 #include <debug.h>
28 #include <utils/host.h>
29 #include <threading/thread.h>
30 #include <threading/mutex.h>
31 #include <utils/linked_list.h>
32 #include <processing/jobs/callback_job.h>
33
34 #ifndef HAVE_STRUCT_SOCKADDR_SA_LEN
35 #error Cannot compile this plugin on systems where 'struct sockaddr' has no sa_len member.
36 #endif
37
38 /** delay before firing roam events (ms) */
39 #define ROAM_DELAY 100
40
41 /** buffer size for PF_ROUTE messages */
42 #define PFROUTE_BUFFER_SIZE 4096
43
44 typedef struct addr_entry_t addr_entry_t;
45
46 /**
47 * IP address in an inface_entry_t
48 */
49 struct addr_entry_t {
50
51 /** The ip address */
52 host_t *ip;
53
54 /** virtual IP managed by us */
55 bool virtual;
56
57 /** Number of times this IP is used, if virtual */
58 u_int refcount;
59 };
60
61 /**
62 * destroy a addr_entry_t object
63 */
64 static void addr_entry_destroy(addr_entry_t *this)
65 {
66 this->ip->destroy(this->ip);
67 free(this);
68 }
69
70 typedef struct iface_entry_t iface_entry_t;
71
72 /**
73 * A network interface on this system, containing addr_entry_t's
74 */
75 struct iface_entry_t {
76
77 /** interface index */
78 int ifindex;
79
80 /** name of the interface */
81 char ifname[IFNAMSIZ];
82
83 /** interface flags, as in netdevice(7) SIOCGIFFLAGS */
84 u_int flags;
85
86 /** list of addresses as host_t */
87 linked_list_t *addrs;
88 };
89
90 /**
91 * destroy an interface entry
92 */
93 static void iface_entry_destroy(iface_entry_t *this)
94 {
95 this->addrs->destroy_function(this->addrs, (void*)addr_entry_destroy);
96 free(this);
97 }
98
99
100 typedef struct private_kernel_pfroute_net_t private_kernel_pfroute_net_t;
101
102 /**
103 * Private variables and functions of kernel_pfroute class.
104 */
105 struct private_kernel_pfroute_net_t
106 {
107 /**
108 * Public part of the kernel_pfroute_t object.
109 */
110 kernel_pfroute_net_t public;
111
112 /**
113 * mutex to lock access to various lists
114 */
115 mutex_t *mutex;
116
117 /**
118 * Cached list of interfaces and their addresses (iface_entry_t)
119 */
120 linked_list_t *ifaces;
121
122 /**
123 * mutex to lock access to the PF_ROUTE socket
124 */
125 mutex_t *mutex_pfroute;
126
127 /**
128 * PF_ROUTE socket to communicate with the kernel
129 */
130 int socket;
131
132 /**
133 * PF_ROUTE socket to receive events
134 */
135 int socket_events;
136
137 /**
138 * sequence number for messages sent to the kernel
139 */
140 int seq;
141
142 /**
143 * time of last roam event
144 */
145 timeval_t last_roam;
146 };
147
148 /**
149 * callback function that raises the delayed roam event
150 */
151 static job_requeue_t roam_event(uintptr_t address)
152 {
153 hydra->kernel_interface->roam(hydra->kernel_interface, address != 0);
154 return JOB_REQUEUE_NONE;
155 }
156
157 /**
158 * fire a roaming event. we delay it for a bit and fire only one event
159 * for multiple calls. otherwise we would create too many events.
160 */
161 static void fire_roam_event(private_kernel_pfroute_net_t *this, bool address)
162 {
163 timeval_t now;
164 job_t *job;
165
166 time_monotonic(&now);
167 if (timercmp(&now, &this->last_roam, >))
168 {
169 now.tv_usec += ROAM_DELAY * 1000;
170 while (now.tv_usec > 1000000)
171 {
172 now.tv_sec++;
173 now.tv_usec -= 1000000;
174 }
175 this->last_roam = now;
176
177 job = (job_t*)callback_job_create((callback_job_cb_t)roam_event,
178 (void*)(uintptr_t)(address ? 1 : 0),
179 NULL, NULL);
180 lib->scheduler->schedule_job_ms(lib->scheduler, job, ROAM_DELAY);
181 }
182 }
183
184 /**
185 * Process an RTM_*ADDR message from the kernel
186 */
187 static void process_addr(private_kernel_pfroute_net_t *this,
188 struct rt_msghdr *msg)
189 {
190 struct ifa_msghdr *ifa = (struct ifa_msghdr*)msg;
191 sockaddr_t *sockaddr = (sockaddr_t*)(ifa + 1);
192 host_t *host = NULL;
193 enumerator_t *ifaces, *addrs;
194 iface_entry_t *iface;
195 addr_entry_t *addr;
196 bool found = FALSE, changed = FALSE, roam = FALSE;
197 int i;
198
199 for (i = 1; i < (1 << RTAX_MAX); i <<= 1)
200 {
201 if (ifa->ifam_addrs & i)
202 {
203 if (RTA_IFA & i)
204 {
205 host = host_create_from_sockaddr(sockaddr);
206 break;
207 }
208 sockaddr = (sockaddr_t*)((char*)sockaddr + sockaddr->sa_len);
209 }
210 }
211
212 if (!host)
213 {
214 return;
215 }
216
217 this->mutex->lock(this->mutex);
218 ifaces = this->ifaces->create_enumerator(this->ifaces);
219 while (ifaces->enumerate(ifaces, &iface))
220 {
221 if (iface->ifindex == ifa->ifam_index)
222 {
223 addrs = iface->addrs->create_enumerator(iface->addrs);
224 while (addrs->enumerate(addrs, &addr))
225 {
226 if (host->ip_equals(host, addr->ip))
227 {
228 found = TRUE;
229 if (ifa->ifam_type == RTM_DELADDR)
230 {
231 iface->addrs->remove_at(iface->addrs, addrs);
232 if (!addr->virtual)
233 {
234 changed = TRUE;
235 DBG1(DBG_KNL, "%H disappeared from %s",
236 host, iface->ifname);
237 }
238 addr_entry_destroy(addr);
239 }
240 else if (ifa->ifam_type == RTM_NEWADDR && addr->virtual)
241 {
242 addr->refcount = 1;
243 }
244 }
245 }
246 addrs->destroy(addrs);
247
248 if (!found && ifa->ifam_type == RTM_NEWADDR)
249 {
250 changed = TRUE;
251 addr = malloc_thing(addr_entry_t);
252 addr->ip = host->clone(host);
253 addr->virtual = FALSE;
254 addr->refcount = 1;
255 iface->addrs->insert_last(iface->addrs, addr);
256 DBG1(DBG_KNL, "%H appeared on %s", host, iface->ifname);
257 }
258
259 if (changed && (iface->flags & IFF_UP))
260 {
261 roam = TRUE;
262 }
263 break;
264 }
265 }
266 ifaces->destroy(ifaces);
267 this->mutex->unlock(this->mutex);
268 host->destroy(host);
269
270 if (roam)
271 {
272 fire_roam_event(this, TRUE);
273 }
274 }
275
276 /**
277 * Process an RTM_IFINFO message from the kernel
278 */
279 static void process_link(private_kernel_pfroute_net_t *this,
280 struct rt_msghdr *hdr)
281 {
282 struct if_msghdr *msg = (struct if_msghdr*)hdr;
283 enumerator_t *enumerator;
284 iface_entry_t *iface;
285 bool roam = FALSE;
286
287 this->mutex->lock(this->mutex);
288 enumerator = this->ifaces->create_enumerator(this->ifaces);
289 while (enumerator->enumerate(enumerator, &iface))
290 {
291 if (iface->ifindex == msg->ifm_index)
292 {
293 if (!(iface->flags & IFF_UP) && (msg->ifm_flags & IFF_UP))
294 {
295 roam = TRUE;
296 DBG1(DBG_KNL, "interface %s activated", iface->ifname);
297 }
298 else if ((iface->flags & IFF_UP) && !(msg->ifm_flags & IFF_UP))
299 {
300 roam = TRUE;
301 DBG1(DBG_KNL, "interface %s deactivated", iface->ifname);
302 }
303 iface->flags = msg->ifm_flags;
304 break;
305 }
306 }
307 enumerator->destroy(enumerator);
308 this->mutex->unlock(this->mutex);
309
310 if (roam)
311 {
312 fire_roam_event(this, TRUE);
313 }
314 }
315
316 /**
317 * Process an RTM_*ROUTE message from the kernel
318 */
319 static void process_route(private_kernel_pfroute_net_t *this,
320 struct rt_msghdr *msg)
321 {
322
323 }
324
325 /**
326 * Receives events from kernel
327 */
328 static job_requeue_t receive_events(private_kernel_pfroute_net_t *this)
329 {
330 unsigned char buf[PFROUTE_BUFFER_SIZE];
331 struct rt_msghdr *msg = (struct rt_msghdr*)buf;
332 int len;
333 bool oldstate;
334
335 oldstate = thread_cancelability(TRUE);
336 len = recvfrom(this->socket_events, buf, sizeof(buf), 0, NULL, 0);
337 thread_cancelability(oldstate);
338
339 if (len < 0)
340 {
341 switch (errno)
342 {
343 case EINTR:
344 /* interrupted, try again */
345 return JOB_REQUEUE_DIRECT;
346 case EAGAIN:
347 /* no data ready, select again */
348 return JOB_REQUEUE_DIRECT;
349 default:
350 DBG1(DBG_KNL, "unable to receive from PF_ROUTE event socket");
351 sleep(1);
352 return JOB_REQUEUE_FAIR;
353 }
354 }
355
356 if (len < sizeof(msg->rtm_msglen) || len < msg->rtm_msglen ||
357 msg->rtm_version != RTM_VERSION)
358 {
359 DBG2(DBG_KNL, "received corrupted PF_ROUTE message");
360 return JOB_REQUEUE_DIRECT;
361 }
362
363 switch (msg->rtm_type)
364 {
365 case RTM_NEWADDR:
366 case RTM_DELADDR:
367 process_addr(this, msg);
368 break;
369 case RTM_IFINFO:
370 /*case RTM_IFANNOUNCE <- what about this*/
371 process_link(this, msg);
372 break;
373 case RTM_ADD:
374 case RTM_DELETE:
375 process_route(this, msg);
376 default:
377 break;
378 }
379
380 return JOB_REQUEUE_DIRECT;
381 }
382
383
384 /** enumerator over addresses */
385 typedef struct {
386 private_kernel_pfroute_net_t* this;
387 /** whether to enumerate down interfaces */
388 bool include_down_ifaces;
389 /** whether to enumerate virtual ip addresses */
390 bool include_virtual_ips;
391 /** whether to enumerate loopback interfaces */
392 bool include_loopback;
393 } address_enumerator_t;
394
395 /**
396 * cleanup function for address enumerator
397 */
398 static void address_enumerator_destroy(address_enumerator_t *data)
399 {
400 data->this->mutex->unlock(data->this->mutex);
401 free(data);
402 }
403
404 /**
405 * filter for addresses
406 */
407 static bool filter_addresses(address_enumerator_t *data,
408 addr_entry_t** in, host_t** out)
409 {
410 host_t *ip;
411 if (!data->include_virtual_ips && (*in)->virtual)
412 { /* skip virtual interfaces added by us */
413 return FALSE;
414 }
415 ip = (*in)->ip;
416 if (ip->get_family(ip) == AF_INET6)
417 {
418 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)ip->get_sockaddr(ip);
419 if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr))
420 { /* skip addresses with a unusable scope */
421 return FALSE;
422 }
423 }
424 *out = ip;
425 return TRUE;
426 }
427
428 /**
429 * enumerator constructor for interfaces
430 */
431 static enumerator_t *create_iface_enumerator(iface_entry_t *iface,
432 address_enumerator_t *data)
433 {
434 return enumerator_create_filter(iface->addrs->create_enumerator(iface->addrs),
435 (void*)filter_addresses, data, NULL);
436 }
437
438 /**
439 * filter for interfaces
440 */
441 static bool filter_interfaces(address_enumerator_t *data, iface_entry_t** in,
442 iface_entry_t** out)
443 {
444 if (!data->include_loopback && ((*in)->flags & IFF_LOOPBACK))
445 { /* ignore loopback devices */
446 return FALSE;
447 }
448 if (!data->include_down_ifaces && !((*in)->flags & IFF_UP))
449 { /* skip interfaces not up */
450 return FALSE;
451 }
452 *out = *in;
453 return TRUE;
454 }
455
456 METHOD(kernel_net_t, create_address_enumerator, enumerator_t*,
457 private_kernel_pfroute_net_t *this,
458 bool include_down_ifaces, bool include_virtual_ips, bool include_loopback)
459 {
460 address_enumerator_t *data = malloc_thing(address_enumerator_t);
461 data->this = this;
462 data->include_down_ifaces = include_down_ifaces;
463 data->include_virtual_ips = include_virtual_ips;
464 data->include_loopback = include_loopback;
465
466 this->mutex->lock(this->mutex);
467 return enumerator_create_nested(
468 enumerator_create_filter(
469 this->ifaces->create_enumerator(this->ifaces),
470 (void*)filter_interfaces, data, NULL),
471 (void*)create_iface_enumerator, data,
472 (void*)address_enumerator_destroy);
473 }
474
475 METHOD(kernel_net_t, get_interface_name, bool,
476 private_kernel_pfroute_net_t *this, host_t* ip, char **name)
477 {
478 enumerator_t *ifaces, *addrs;
479 iface_entry_t *iface;
480 addr_entry_t *addr;
481 bool found = FALSE;
482
483 this->mutex->lock(this->mutex);
484 ifaces = this->ifaces->create_enumerator(this->ifaces);
485 while (ifaces->enumerate(ifaces, &iface))
486 {
487 addrs = iface->addrs->create_enumerator(iface->addrs);
488 while (addrs->enumerate(addrs, &addr))
489 {
490 if (ip->ip_equals(ip, addr->ip))
491 {
492 found = TRUE;
493 if (name)
494 {
495 *name = strdup(iface->ifname);
496 }
497 break;
498 }
499 }
500 addrs->destroy(addrs);
501 if (found)
502 {
503 break;
504 }
505 }
506 ifaces->destroy(ifaces);
507 this->mutex->unlock(this->mutex);
508
509 if (!found)
510 {
511 DBG2(DBG_KNL, "%H is not a local address", ip);
512 }
513 else if (name)
514 {
515 DBG2(DBG_KNL, "%H is on interface %s", ip, *name);
516 }
517 return found;
518 }
519
520 METHOD(kernel_net_t, get_source_addr, host_t*,
521 private_kernel_pfroute_net_t *this, host_t *dest, host_t *src)
522 {
523 return NULL;
524 }
525
526 METHOD(kernel_net_t, get_nexthop, host_t*,
527 private_kernel_pfroute_net_t *this, host_t *dest, host_t *src)
528 {
529 return NULL;
530 }
531
532 METHOD(kernel_net_t, add_ip, status_t,
533 private_kernel_pfroute_net_t *this, host_t *virtual_ip, host_t *iface_ip)
534 {
535 return FAILED;
536 }
537
538 METHOD(kernel_net_t, del_ip, status_t,
539 private_kernel_pfroute_net_t *this, host_t *virtual_ip)
540 {
541 return FAILED;
542 }
543
544 METHOD(kernel_net_t, add_route, status_t,
545 private_kernel_pfroute_net_t *this, chunk_t dst_net, u_int8_t prefixlen,
546 host_t *gateway, host_t *src_ip, char *if_name)
547 {
548 return FAILED;
549 }
550
551 METHOD(kernel_net_t, del_route, status_t,
552 private_kernel_pfroute_net_t *this, chunk_t dst_net, u_int8_t prefixlen,
553 host_t *gateway, host_t *src_ip, char *if_name)
554 {
555 return FAILED;
556 }
557
558 /**
559 * Initialize a list of local addresses.
560 */
561 static status_t init_address_list(private_kernel_pfroute_net_t *this)
562 {
563 struct ifaddrs *ifap, *ifa;
564 iface_entry_t *iface, *current;
565 addr_entry_t *addr;
566 enumerator_t *ifaces, *addrs;
567
568 DBG2(DBG_KNL, "known interfaces and IP addresses:");
569
570 if (getifaddrs(&ifap) < 0)
571 {
572 DBG1(DBG_KNL, " failed to get interfaces!");
573 return FAILED;
574 }
575
576 for (ifa = ifap; ifa != NULL; ifa = ifa->ifa_next)
577 {
578 if (ifa->ifa_addr == NULL)
579 {
580 continue;
581 }
582 switch(ifa->ifa_addr->sa_family)
583 {
584 case AF_LINK:
585 case AF_INET:
586 case AF_INET6:
587 {
588 iface = NULL;
589 ifaces = this->ifaces->create_enumerator(this->ifaces);
590 while (ifaces->enumerate(ifaces, &current))
591 {
592 if (streq(current->ifname, ifa->ifa_name))
593 {
594 iface = current;
595 break;
596 }
597 }
598 ifaces->destroy(ifaces);
599
600 if (!iface)
601 {
602 iface = malloc_thing(iface_entry_t);
603 memcpy(iface->ifname, ifa->ifa_name, IFNAMSIZ);
604 iface->ifindex = if_nametoindex(ifa->ifa_name);
605 iface->flags = ifa->ifa_flags;
606 iface->addrs = linked_list_create();
607 this->ifaces->insert_last(this->ifaces, iface);
608 }
609
610 if (ifa->ifa_addr->sa_family != AF_LINK)
611 {
612 addr = malloc_thing(addr_entry_t);
613 addr->ip = host_create_from_sockaddr(ifa->ifa_addr);
614 addr->virtual = FALSE;
615 addr->refcount = 1;
616 iface->addrs->insert_last(iface->addrs, addr);
617 }
618 }
619 }
620 }
621 freeifaddrs(ifap);
622
623 ifaces = this->ifaces->create_enumerator(this->ifaces);
624 while (ifaces->enumerate(ifaces, &iface))
625 {
626 if (iface->flags & IFF_UP)
627 {
628 DBG2(DBG_KNL, " %s", iface->ifname);
629 addrs = iface->addrs->create_enumerator(iface->addrs);
630 while (addrs->enumerate(addrs, (void**)&addr))
631 {
632 DBG2(DBG_KNL, " %H", addr->ip);
633 }
634 addrs->destroy(addrs);
635 }
636 }
637 ifaces->destroy(ifaces);
638
639 return SUCCESS;
640 }
641
642 METHOD(kernel_net_t, destroy, void,
643 private_kernel_pfroute_net_t *this)
644 {
645 if (this->socket > 0)
646 {
647 close(this->socket);
648 }
649 if (this->socket_events)
650 {
651 close(this->socket_events);
652 }
653 this->ifaces->destroy_function(this->ifaces, (void*)iface_entry_destroy);
654 this->mutex->destroy(this->mutex);
655 this->mutex_pfroute->destroy(this->mutex_pfroute);
656 free(this);
657 }
658
659 /*
660 * Described in header.
661 */
662 kernel_pfroute_net_t *kernel_pfroute_net_create()
663 {
664 private_kernel_pfroute_net_t *this;
665 bool register_for_events = TRUE;
666
667 INIT(this,
668 .public = {
669 .interface = {
670 .get_interface = _get_interface_name,
671 .create_address_enumerator = _create_address_enumerator,
672 .get_source_addr = _get_source_addr,
673 .get_nexthop = _get_nexthop,
674 .add_ip = _add_ip,
675 .del_ip = _del_ip,
676 .add_route = _add_route,
677 .del_route = _del_route,
678 .destroy = _destroy,
679 },
680 },
681 .ifaces = linked_list_create(),
682 .mutex = mutex_create(MUTEX_TYPE_DEFAULT),
683 .mutex_pfroute = mutex_create(MUTEX_TYPE_DEFAULT),
684 );
685
686 if (streq(hydra->daemon, "starter"))
687 { /* starter has no threads, so we do not register for kernel events */
688 register_for_events = FALSE;
689 }
690
691 /* create a PF_ROUTE socket to communicate with the kernel */
692 this->socket = socket(PF_ROUTE, SOCK_RAW, AF_UNSPEC);
693 if (this->socket < 0)
694 {
695 DBG1(DBG_KNL, "unable to create PF_ROUTE socket");
696 destroy(this);
697 return NULL;
698 }
699
700 if (register_for_events)
701 {
702 /* create a PF_ROUTE socket to receive events */
703 this->socket_events = socket(PF_ROUTE, SOCK_RAW, AF_UNSPEC);
704 if (this->socket_events < 0)
705 {
706 DBG1(DBG_KNL, "unable to create PF_ROUTE event socket");
707 destroy(this);
708 return NULL;
709 }
710
711 lib->processor->queue_job(lib->processor,
712 (job_t*)callback_job_create_with_prio(
713 (callback_job_cb_t)receive_events, this, NULL,
714 (callback_job_cancel_t)return_false, JOB_PRIO_CRITICAL));
715 }
716
717 if (init_address_list(this) != SUCCESS)
718 {
719 DBG1(DBG_KNL, "unable to get interface list");
720 destroy(this);
721 return NULL;
722 }
723
724 return &this->public;
725 }
strongSwan - IPsec VPN