projects / strongswan.git / blob
? search:


35c135a0a2ae77f1563bcab5600e46792057254c
[strongswan.git] / src / starter / interfaces.c
1 /* strongSwan IPsec interfaces management
2 * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security
3 * 2009 Heiko Hund - Astaro AG
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include <stdlib.h>
17 #include <string.h>
18 #include <unistd.h>
19 #include <errno.h>
20
21 #include <freeswan.h>
22
23 #include <constants.h>
24 #include <defs.h>
25 #include <log.h>
26
27 #include "interfaces.h"
28 #include "files.h"
29
30 #ifdef START_PLUTO
31
32 #include <sys/socket.h>
33 #include <sys/ioctl.h>
34 #include <linux/rtnetlink.h>
35 #ifdef HAVE_SYS_SOCKIO_H
36 #include <sys/sockio.h>
37 #endif
38
39 /*
40 * Get the default route information via rtnetlink
41 */
42 void
43 get_defaultroute(defaultroute_t *defaultroute)
44 {
45 union {
46 struct {
47 struct nlmsghdr nh;
48 struct rtmsg rt;
49 } m;
50 char buf[4096];
51 } rtu;
52
53 struct nlmsghdr *nh;
54 uint32_t best_metric = ~0;
55 ssize_t msglen;
56 int fd;
57
58 memset(&rtu, 0, sizeof(rtu));
59 rtu.m.nh.nlmsg_len = NLMSG_LENGTH(sizeof(rtu.m.rt));
60 rtu.m.nh.nlmsg_flags = NLM_F_REQUEST | NLM_F_DUMP;
61 rtu.m.nh.nlmsg_type = RTM_GETROUTE;
62 rtu.m.rt.rtm_family = AF_INET;
63 rtu.m.rt.rtm_table = RT_TABLE_UNSPEC;
64 rtu.m.rt.rtm_protocol = RTPROT_UNSPEC;
65 rtu.m.rt.rtm_type = RTN_UNICAST;
66
67 fd = socket(AF_NETLINK, SOCK_DGRAM, NETLINK_ROUTE);
68 if (fd == -1)
69 {
70 plog("could not create rtnetlink socket");
71 return;
72 }
73
74 if (send(fd, &rtu, rtu.m.nh.nlmsg_len, 0) == -1)
75 {
76 plog("could not write to rtnetlink socket");
77 close(fd);
78 return;
79 }
80
81 msglen = recv(fd, &rtu, sizeof(rtu), MSG_WAITALL);
82 if (msglen == -1)
83 {
84 plog("could not read from rtnetlink socket");
85 close(fd);
86 return;
87 }
88
89 close(fd);
90
91 for (nh = &rtu.m.nh; NLMSG_OK(nh, msglen); nh = NLMSG_NEXT(nh, msglen))
92 {
93 struct rtmsg *rt;
94 struct rtattr *rta;
95 uint32_t rtalen, metric = 0;
96 struct in_addr gw = { .s_addr = INADDR_ANY };
97 int iface_idx = -1;
98
99 if (nh->nlmsg_type == NLMSG_ERROR)
100 {
101 plog("error from rtnetlink");
102 return;
103 }
104
105 if (nh->nlmsg_type == NLMSG_DONE)
106 break;
107
108 rt = NLMSG_DATA(nh);
109 if ( rt->rtm_dst_len != 0
110 || (rt->rtm_table != RT_TABLE_MAIN
111 && rt->rtm_table != RT_TABLE_DEFAULT) )
112 continue;
113
114 rta = RTM_RTA(rt);
115 rtalen = RTM_PAYLOAD(nh);
116 while ( RTA_OK(rta, rtalen) )
117 {
118 switch (rta->rta_type)
119 {
120 case RTA_GATEWAY:
121 gw = *(struct in_addr *) RTA_DATA(rta);
122 break;
123 case RTA_OIF:
124 iface_idx = *(int *) RTA_DATA(rta);
125 break;
126 case RTA_PRIORITY:
127 metric = *(uint32_t *) RTA_DATA(rta);
128 break;
129 }
130 rta = RTA_NEXT(rta, rtalen);
131 }
132
133 if (metric < best_metric
134 && iface_idx != -1)
135 {
136 struct ifreq req;
137
138 fd = socket(AF_INET, SOCK_DGRAM, 0);
139 if (fd < 0)
140 {
141 plog("could not open AF_INET socket");
142 break;
143 }
144 memset(&req, 0, sizeof(req));
145 req.ifr_ifindex = iface_idx;
146 if (ioctl(fd, SIOCGIFNAME, &req) < 0 ||
147 ioctl(fd, SIOCGIFADDR, &req) < 0)
148 {
149 plog("could not read interface data, ignoring route");
150 close(fd);
151 break;
152 }
153
154 strncpy(defaultroute->iface, req.ifr_name, IFNAMSIZ);
155 defaultroute->iface[IFNAMSIZ-1] = '\0';
156 defaultroute->addr.u.v4 = *((struct sockaddr_in *) &req.ifr_addr);
157 defaultroute->nexthop.u.v4.sin_family = AF_INET;
158
159 if (gw.s_addr == INADDR_ANY)
160 {
161 if (ioctl(fd, SIOCGIFDSTADDR, &req) < 0 ||
162 ((struct sockaddr_in*) &req.ifr_dstaddr)->sin_addr.s_addr == INADDR_ANY)
163 {
164 DBG_log("Ignoring default route to device %s because we can't get it's destination",
165 req.ifr_name);
166 close(fd);
167 break;
168 }
169
170 defaultroute->nexthop.u.v4 = *((struct sockaddr_in *) &req.ifr_dstaddr);
171 }
172 else
173 defaultroute->nexthop.u.v4.sin_addr = gw;
174
175 close(fd);
176
177 DBG(DBG_CONTROL,
178 char addr[20];
179 char nexthop[20];
180 addrtot(&defaultroute->addr, 0, addr, sizeof(addr));
181 addrtot(&defaultroute->nexthop, 0, nexthop, sizeof(nexthop));
182
183 DBG_log(
184 ( !defaultroute->defined
185 ? "Default route found: iface=%s, addr=%s, nexthop=%s"
186 : "Better default route: iface=%s, addr=%s, nexthop=%s"
187 ), defaultroute->iface, addr, nexthop
188 )
189 );
190
191 best_metric = metric;
192 defaultroute->defined = TRUE;
193 }
194 }
195 defaultroute->supported = TRUE;
196
197 if (!defaultroute->defined)
198 plog("no default route - cannot cope with %%defaultroute!!!");
199 }
200
201 #else /* !START_PLUTO */
202
203 /**
204 * Pluto disabled, fall back to %any
205 */
206 void
207 get_defaultroute(defaultroute_t *defaultroute)
208 {
209 defaultroute->supported = FALSE;
210 }
211 #endif /* START_PLUTO */
212
strongSwan - IPsec VPN