changing UID/GID after startup of pluto/charon
[strongswan.git] / src / charon / kernel / kernel_interface.c
index e9cddcc..c68c504 100644 (file)
@@ -129,7 +129,7 @@ kernel_algorithm_t integrity_algs[] = {
        {AUTH_HMAC_SHA2_512_256,        "sha512",               512},
 /*     {AUTH_DES_MAC,                          "***",                  0}, */
 /*     {AUTH_KPDK_MD5,                         "***",                  0}, */
-/*     {AUTH_AES_XCBC_96,                      "***",                  0}, */
+       {AUTH_AES_XCBC_96,                      "xcbc(aes)",    128},
        {END_OF_LIST,                           NULL,                   0},
 };
 
@@ -171,6 +171,9 @@ struct route_entry_t {
 
        /** Source ip of the route */
        host_t *src_ip;
+       
+       /** gateway for this route */
+       host_t *gateway;
 
        /** Destination net */
        chunk_t dst_net;
@@ -185,6 +188,7 @@ struct route_entry_t {
 static void route_entry_destroy(route_entry_t *this)
 {
        this->src_ip->destroy(this->src_ip);
+       this->gateway->destroy(this->gateway);
        chunk_free(&this->dst_net);
        free(this);
 }
@@ -442,6 +446,9 @@ static void add_attribute(struct nlmsghdr *hdr, int rta_type, chunk_t data,
  */
 static void receive_events(private_kernel_interface_t *this)
 {
+       /* keep netlink capabilities only */
+       charon->drop_capabilities(charon, TRUE, TRUE, FALSE);
+
        while(TRUE) 
        {
                unsigned char response[512];
@@ -571,7 +578,7 @@ static status_t netlink_send(int socket, struct nlmsghdr *in,
                                continue;
                        }
                        pthread_mutex_unlock(&mutex);
-                       DBG1(DBG_KNL, "error sending to netlink socket: %m");
+                       DBG1(DBG_KNL, "error sending to netlink socket: %s", strerror(errno));
                        return FAILED;
                }
                break;
@@ -601,7 +608,7 @@ static status_t netlink_send(int socket, struct nlmsghdr *in,
                                /* interrupted, try again */
                                continue;
                        }
-                       DBG1(DBG_IKE, "error reading from netlink socket: %m");
+                       DBG1(DBG_IKE, "error reading from netlink socket: %s", strerror(errno));
                        pthread_mutex_unlock(&mutex);
                        return FAILED;
                }
@@ -1023,6 +1030,8 @@ static status_t manage_srcroute(private_kernel_interface_t *this, int nlmsg_type
        add_attribute(hdr, RTA_DST, route->dst_net, sizeof(request));
        chunk = route->src_ip->get_address(route->src_ip);
        add_attribute(hdr, RTA_PREFSRC, chunk, sizeof(request));
+       chunk = route->gateway->get_address(route->gateway);
+       add_attribute(hdr, RTA_GATEWAY, chunk, sizeof(request));
        chunk.ptr = (char*)&route->if_index;
        chunk.len = sizeof(route->if_index);
        add_attribute(hdr, RTA_OIF, chunk, sizeof(request));
@@ -1689,6 +1698,8 @@ static status_t add_policy(private_kernel_interface_t *this,
                policy->route = malloc_thing(route_entry_t);
                if (get_address_by_ts(this, dst_ts, &policy->route->src_ip) == SUCCESS)
                {
+                       policy->route->gateway = (direction == POLICY_IN) ? 
+                                                                               dst->clone(dst) : src->clone(src);
                        policy->route->if_index = get_interface_index(this, dst);
                        policy->route->dst_net = chunk_alloc(policy->sel.family == AF_INET ? 4 : 16);
                        memcpy(policy->route->dst_net.ptr, &policy->sel.saddr, policy->route->dst_net.len);