tun_device: Add warning if TUN devices are not supported by platform
[strongswan.git] / src / libstrongswan / networking / tun_device.c
1 /*
2 * Copyright (C) 2012 Tobias Brunner
3 * Copyright (C) 2012 Giuliano Grassi
4 * Copyright (C) 2012 Ralf Sager
5 * Hochschule fuer Technik Rapperswil
6 * Copyright (C) 2012 Martin Willi
7 *
8 * This program is free software; you can redistribute it and/or modify it
9 * under the terms of the GNU General Public License as published by the
10 * Free Software Foundation; either version 2 of the License, or (at your
11 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
12 *
13 * This program is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
15 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
16 * for more details.
17 */
18
19 #include <errno.h>
20 #include <fcntl.h>
21 #include <netinet/in.h>
22 #include <string.h>
23 #include <sys/ioctl.h>
24 #include <sys/types.h>
25 #include <sys/socket.h>
26 #include <sys/stat.h>
27 #include <unistd.h>
28 #include <net/if.h>
29
30 #include "tun_device.h"
31
32 #if !defined(__APPLE__) && !defined(__linux__) && !defined(HAVE_NET_IF_TUN_H)
33
34 #warning TUN devices are not supported!
35
36 tun_device_t *tun_device_create(const char *name_tmpl)
37 {
38 DBG1(DBG_LIB, "TUN devices are not supported");
39 return NULL;
40 }
41
42 #else /* TUN devices supported */
43
44 #ifdef __APPLE__
45 #include <net/if_utun.h>
46 #include <netinet/in_var.h>
47 #include <sys/kern_control.h>
48 #elif defined(__linux__)
49 #include <linux/if_tun.h>
50 #else
51 #include <net/if_tun.h>
52 #endif
53
54 #include <library.h>
55 #include <utils/debug.h>
56 #include <threading/thread.h>
57
58 #define TUN_DEFAULT_MTU 1500
59
60 typedef struct private_tun_device_t private_tun_device_t;
61
62 struct private_tun_device_t {
63
64 /**
65 * Public interface
66 */
67 tun_device_t public;
68
69 /**
70 * The TUN device's file descriptor
71 */
72 int tunfd;
73
74 /**
75 * Name of the TUN device
76 */
77 char if_name[IFNAMSIZ];
78
79 /**
80 * Socket used for ioctl() to set interface addr, ...
81 */
82 int sock;
83
84 /**
85 * The current MTU
86 */
87 int mtu;
88
89 /**
90 * Associated address
91 */
92 host_t *address;
93
94 /**
95 * Netmask for address
96 */
97 u_int8_t netmask;
98 };
99
100 METHOD(tun_device_t, set_address, bool,
101 private_tun_device_t *this, host_t *addr, u_int8_t netmask)
102 {
103 struct ifreq ifr;
104 host_t *mask;
105
106 memset(&ifr, 0, sizeof(ifr));
107 strncpy(ifr.ifr_name, this->if_name, IFNAMSIZ);
108 memcpy(&ifr.ifr_addr, addr->get_sockaddr(addr),
109 *addr->get_sockaddr_len(addr));
110
111 if (ioctl(this->sock, SIOCSIFADDR, &ifr) < 0)
112 {
113 DBG1(DBG_LIB, "failed to set address on %s: %s",
114 this->if_name, strerror(errno));
115 return FALSE;
116 }
117 #ifdef __APPLE__
118 if (ioctl(this->sock, SIOCSIFDSTADDR, &ifr) < 0)
119 {
120 DBG1(DBG_LIB, "failed to set dest address on %s: %s",
121 this->if_name, strerror(errno));
122 return FALSE;
123 }
124 #endif /* __APPLE__ */
125
126 mask = host_create_netmask(addr->get_family(addr), netmask);
127 if (!mask)
128 {
129 DBG1(DBG_LIB, "invalid netmask: %d", netmask);
130 return FALSE;
131 }
132 memcpy(&ifr.ifr_addr, mask->get_sockaddr(mask),
133 *mask->get_sockaddr_len(mask));
134 mask->destroy(mask);
135
136 if (ioctl(this->sock, SIOCSIFNETMASK, &ifr) < 0)
137 {
138 DBG1(DBG_LIB, "failed to set netmask on %s: %s",
139 this->if_name, strerror(errno));
140 return FALSE;
141 }
142 this->address = addr->clone(addr);
143 this->netmask = netmask;
144 return TRUE;
145 }
146
147 METHOD(tun_device_t, get_address, host_t*,
148 private_tun_device_t *this, u_int8_t *netmask)
149 {
150 if (netmask && this->address)
151 {
152 *netmask = this->netmask;
153 }
154 return this->address;
155 }
156
157 METHOD(tun_device_t, up, bool,
158 private_tun_device_t *this)
159 {
160 struct ifreq ifr;
161
162 memset(&ifr, 0, sizeof(ifr));
163 strncpy(ifr.ifr_name, this->if_name, IFNAMSIZ);
164
165 if (ioctl(this->sock, SIOCGIFFLAGS, &ifr) < 0)
166 {
167 DBG1(DBG_LIB, "failed to get interface flags for %s: %s", this->if_name,
168 strerror(errno));
169 return FALSE;
170 }
171
172 ifr.ifr_flags |= IFF_RUNNING | IFF_UP;
173
174 if (ioctl(this->sock, SIOCSIFFLAGS, &ifr) < 0)
175 {
176 DBG1(DBG_LIB, "failed to set interface flags on %s: %s", this->if_name,
177 strerror(errno));
178 return FALSE;
179 }
180 return TRUE;
181 }
182
183 METHOD(tun_device_t, set_mtu, bool,
184 private_tun_device_t *this, int mtu)
185 {
186 struct ifreq ifr;
187
188 memset(&ifr, 0, sizeof(ifr));
189 strncpy(ifr.ifr_name, this->if_name, IFNAMSIZ);
190 ifr.ifr_mtu = mtu;
191
192 if (ioctl(this->sock, SIOCSIFMTU, &ifr) < 0)
193 {
194 DBG1(DBG_LIB, "failed to set MTU on %s: %s", this->if_name,
195 strerror(errno));
196 return FALSE;
197 }
198 this->mtu = mtu;
199 return TRUE;
200 }
201
202 METHOD(tun_device_t, get_mtu, int,
203 private_tun_device_t *this)
204 {
205 struct ifreq ifr;
206
207 if (this->mtu > 0)
208 {
209 return this->mtu;
210 }
211
212 memset(&ifr, 0, sizeof(ifr));
213 strncpy(ifr.ifr_name, this->if_name, IFNAMSIZ);
214 this->mtu = TUN_DEFAULT_MTU;
215
216 if (ioctl(this->sock, SIOCGIFMTU, &ifr) == 0)
217 {
218 this->mtu = ifr.ifr_mtu;
219 }
220 return this->mtu;
221 }
222
223 METHOD(tun_device_t, get_name, char*,
224 private_tun_device_t *this)
225 {
226 return this->if_name;
227 }
228
229 METHOD(tun_device_t, get_fd, int,
230 private_tun_device_t *this)
231 {
232 return this->tunfd;
233 }
234
235 METHOD(tun_device_t, write_packet, bool,
236 private_tun_device_t *this, chunk_t packet)
237 {
238 ssize_t s;
239
240 #ifdef __APPLE__
241 /* UTUN's expect the packets to be prepended by a 32-bit protocol number
242 * instead of parsing the packet again, we assume IPv4 for now */
243 u_int32_t proto = htonl(AF_INET);
244 packet = chunk_cata("cc", chunk_from_thing(proto), packet);
245 #endif
246 s = write(this->tunfd, packet.ptr, packet.len);
247 if (s < 0)
248 {
249 DBG1(DBG_LIB, "failed to write packet to TUN device %s: %s",
250 this->if_name, strerror(errno));
251 return FALSE;
252 }
253 else if (s != packet.len)
254 {
255 return FALSE;
256 }
257 return TRUE;
258 }
259
260 METHOD(tun_device_t, read_packet, bool,
261 private_tun_device_t *this, chunk_t *packet)
262 {
263 ssize_t len;
264 fd_set set;
265 bool old;
266
267 FD_ZERO(&set);
268 FD_SET(this->tunfd, &set);
269
270 old = thread_cancelability(TRUE);
271 len = select(this->tunfd + 1, &set, NULL, NULL, NULL);
272 thread_cancelability(old);
273
274 if (len < 0)
275 {
276 DBG1(DBG_LIB, "select on TUN device %s failed: %s", this->if_name,
277 strerror(errno));
278 return FALSE;
279 }
280 /* FIXME: this is quite expensive for lots of small packets, copy from
281 * local buffer instead? */
282 *packet = chunk_alloc(get_mtu(this));
283 len = read(this->tunfd, packet->ptr, packet->len);
284 if (len < 0)
285 {
286 DBG1(DBG_LIB, "reading from TUN device %s failed: %s", this->if_name,
287 strerror(errno));
288 chunk_free(packet);
289 return FALSE;
290 }
291 packet->len = len;
292 #ifdef __APPLE__
293 /* UTUN's prepend packets with a 32-bit protocol number */
294 packet->len -= sizeof(u_int32_t);
295 memmove(packet->ptr, packet->ptr + sizeof(u_int32_t), packet->len);
296 #endif
297 return TRUE;
298 }
299
300 METHOD(tun_device_t, destroy, void,
301 private_tun_device_t *this)
302 {
303 if (this->tunfd > 0)
304 {
305 close(this->tunfd);
306 #ifdef __FreeBSD__
307 /* tun(4) says the following: "These network interfaces persist until
308 * the if_tun.ko module is unloaded, or until removed with the
309 * ifconfig(8) command." So simply closing the FD is not enough. */
310 struct ifreq ifr;
311
312 memset(&ifr, 0, sizeof(ifr));
313 strncpy(ifr.ifr_name, this->if_name, IFNAMSIZ);
314 if (ioctl(this->sock, SIOCIFDESTROY, &ifr) < 0)
315 {
316 DBG1(DBG_LIB, "failed to destroy %s: %s", this->if_name,
317 strerror(errno));
318 }
319 #endif /* __FreeBSD__ */
320 }
321 if (this->sock > 0)
322 {
323 close(this->sock);
324 }
325 DESTROY_IF(this->address);
326 free(this);
327 }
328
329 /**
330 * Initialize the tun device
331 */
332 static bool init_tun(private_tun_device_t *this, const char *name_tmpl)
333 {
334 #ifdef __APPLE__
335
336 struct ctl_info info;
337 struct sockaddr_ctl addr;
338 socklen_t size = IFNAMSIZ;
339
340 memset(&info, 0, sizeof(info));
341 memset(&addr, 0, sizeof(addr));
342
343 this->tunfd = socket(PF_SYSTEM, SOCK_DGRAM, SYSPROTO_CONTROL);
344 if (this->tunfd < 0)
345 {
346 DBG1(DBG_LIB, "failed to open tundevice PF_SYSTEM socket: %s",
347 strerror(errno));
348 return FALSE;
349 }
350
351 /* get a control identifier for the utun kernel extension */
352 strncpy(info.ctl_name, UTUN_CONTROL_NAME, strlen(UTUN_CONTROL_NAME));
353 if (ioctl(this->tunfd, CTLIOCGINFO, &info) < 0)
354 {
355 DBG1(DBG_LIB, "failed to ioctl tundevice: %s", strerror(errno));
356 close(this->tunfd);
357 return FALSE;
358 }
359
360 addr.sc_id = info.ctl_id;
361 addr.sc_len = sizeof(addr);
362 addr.sc_family = AF_SYSTEM;
363 addr.ss_sysaddr = AF_SYS_CONTROL;
364 /* allocate identifier dynamically */
365 addr.sc_unit = 0;
366
367 if (connect(this->tunfd, (struct sockaddr*)&addr, sizeof(addr)) < 0)
368 {
369 DBG1(DBG_LIB, "failed to connect tundevice: %s", strerror(errno));
370 close(this->tunfd);
371 return FALSE;
372 }
373 if (getsockopt(this->tunfd, SYSPROTO_CONTROL, UTUN_OPT_IFNAME,
374 this->if_name, &size) < 0)
375 {
376 DBG1(DBG_LIB, "getting tundevice name failed: %s", strerror(errno));
377 close(this->tunfd);
378 return FALSE;
379 }
380 return TRUE;
381
382 #elif defined(IFF_TUN)
383
384 struct ifreq ifr;
385
386 strncpy(this->if_name, name_tmpl ?: "tun%d", IFNAMSIZ);
387 this->if_name[IFNAMSIZ-1] = '\0';
388
389 this->tunfd = open("/dev/net/tun", O_RDWR);
390 if (this->tunfd < 0)
391 {
392 DBG1(DBG_LIB, "failed to open /dev/net/tun: %s", strerror(errno));
393 return FALSE;
394 }
395
396 memset(&ifr, 0, sizeof(ifr));
397
398 /* TUN device, no packet info */
399 ifr.ifr_flags = IFF_TUN | IFF_NO_PI;
400
401 strncpy(ifr.ifr_name, this->if_name, IFNAMSIZ);
402 if (ioctl(this->tunfd, TUNSETIFF, (void*)&ifr) < 0)
403 {
404 DBG1(DBG_LIB, "failed to configure TUN device: %s", strerror(errno));
405 close(this->tunfd);
406 return FALSE;
407 }
408 strncpy(this->if_name, ifr.ifr_name, IFNAMSIZ);
409 return TRUE;
410
411 #else /* !IFF_TUN */
412
413 /* this works on FreeBSD and might also work on Linux with older TUN
414 * driver versions (no IFF_TUN) */
415 char devname[IFNAMSIZ];
416 /* the same process is allowed to open a device again, but that's not what
417 * we want (unless we previously closed a device, which we don't know at
418 * this point). therefore, this counter is static so we don't accidentally
419 * open a device twice */
420 static int i = -1;
421
422 if (name_tmpl)
423 {
424 DBG1(DBG_LIB, "arbitrary naming of TUN devices is not supported");
425 }
426
427 for (; ++i < 256; )
428 {
429 snprintf(devname, IFNAMSIZ, "/dev/tun%d", i);
430 this->tunfd = open(devname, O_RDWR);
431 if (this->tunfd > 0)
432 { /* for ioctl(2) calls only the interface name is used */
433 snprintf(this->if_name, IFNAMSIZ, "tun%d", i);
434 break;
435 }
436 DBG1(DBG_LIB, "failed to open %s: %s", this->if_name, strerror(errno));
437 }
438 return this->tunfd > 0;
439
440 #endif /* !__APPLE__ */
441 }
442
443 /*
444 * Described in header
445 */
446 tun_device_t *tun_device_create(const char *name_tmpl)
447 {
448 private_tun_device_t *this;
449
450 INIT(this,
451 .public = {
452 .read_packet = _read_packet,
453 .write_packet = _write_packet,
454 .get_mtu = _get_mtu,
455 .set_mtu = _set_mtu,
456 .get_name = _get_name,
457 .get_fd = _get_fd,
458 .set_address = _set_address,
459 .get_address = _get_address,
460 .up = _up,
461 .destroy = _destroy,
462 },
463 .tunfd = -1,
464 .sock = -1,
465 );
466
467 if (!init_tun(this, name_tmpl))
468 {
469 free(this);
470 return NULL;
471 }
472 DBG1(DBG_LIB, "created TUN device: %s", this->if_name);
473
474 this->sock = socket(AF_INET, SOCK_DGRAM, 0);
475 if (this->sock < 0)
476 {
477 DBG1(DBG_LIB, "failed to open socket to configure TUN device");
478 destroy(this);
479 return NULL;
480 }
481 return &this->public;
482 }
483
484 #endif /* TUN devices supported */