Removed strayed code fragment
[strongswan.git] / src / charon / plugins / kernel_pfkey / kernel_pfkey_ipsec.c
index 57e3a92..8a7883c 100644 (file)
 #endif /*HAVE_NATT*/
 
 #include <unistd.h>
-#include <pthread.h>
+#include <time.h>
 #include <errno.h>
 
 #include "kernel_pfkey_ipsec.h"
 
 #include <daemon.h>
 #include <utils/host.h>
-#include <utils/mutex.h>
+#include <threading/thread.h>
+#include <threading/mutex.h>
 #include <processing/jobs/callback_job.h>
 #include <processing/jobs/acquire_job.h>
 #include <processing/jobs/migrate_job.h>
@@ -682,8 +683,8 @@ static traffic_selector_t* sadb_address2ts(struct sadb_address *address)
        host_t *host;
 
        /* The Linux 2.6 kernel does not set the protocol and port information
-     * in the src and dst sadb_address extensions of the SADB_ACQUIRE message.
-     */
+        * in the src and dst sadb_address extensions of the SADB_ACQUIRE message.
+        */
        host = host_create_from_sockaddr((sockaddr_t*)&address[1])      ;
        ts = traffic_selector_create_from_subnet(host, address->sadb_address_prefixlen,
                                address->sadb_address_proto, host->get_port(host));
@@ -1083,11 +1084,12 @@ static job_requeue_t receive_events(private_kernel_pfkey_ipsec_t *this)
 {
        unsigned char buf[PFKEY_BUFFER_SIZE];
        struct sadb_msg *msg = (struct sadb_msg*)buf;
-       int len, oldstate;
+       int len;
+       bool oldstate;
 
-       pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &oldstate);
+       oldstate = thread_cancelability(TRUE);
        len = recvfrom(this->socket_events, buf, sizeof(buf), 0, NULL, 0);
-       pthread_setcancelstate(oldstate, NULL);
+       thread_cancelability(oldstate);
 
        if (len < 0)
        {
@@ -1147,13 +1149,9 @@ static job_requeue_t receive_events(private_kernel_pfkey_ipsec_t *this)
        return JOB_REQUEUE_DIRECT;
 }
 
-/**
- * Implementation of kernel_interface_t.get_spi.
- */
-static status_t get_spi(private_kernel_pfkey_ipsec_t *this,
-                                               host_t *src, host_t *dst,
-                                               protocol_id_t protocol, u_int32_t reqid,
-                                               u_int32_t *spi)
+METHOD(kernel_ipsec_t, get_spi, status_t,
+       private_kernel_pfkey_ipsec_t *this, host_t *src, host_t *dst,
+       protocol_id_t protocol, u_int32_t reqid, u_int32_t *spi)
 {
        unsigned char request[PFKEY_BUFFER_SIZE];
        struct sadb_msg *msg, *out;
@@ -1210,27 +1208,19 @@ static status_t get_spi(private_kernel_pfkey_ipsec_t *this,
        return SUCCESS;
 }
 
-/**
- * Implementation of kernel_interface_t.get_cpi.
- */
-static status_t get_cpi(private_kernel_pfkey_ipsec_t *this,
-                                               host_t *src, host_t *dst,
-                                               u_int32_t reqid, u_int16_t *cpi)
+METHOD(kernel_ipsec_t, get_cpi, status_t,
+       private_kernel_pfkey_ipsec_t *this, host_t *src, host_t *dst,
+       u_int32_t reqid, u_int16_t *cpi)
 {
        return FAILED;
 }
 
-/**
- * Implementation of kernel_interface_t.add_sa.
- */
-static status_t add_sa(private_kernel_pfkey_ipsec_t *this,
-                                          host_t *src, host_t *dst, u_int32_t spi,
-                                          protocol_id_t protocol, u_int32_t reqid,
-                                          lifetime_cfg_t *lifetime,
-                                          u_int16_t enc_alg, chunk_t enc_key,
-                                          u_int16_t int_alg, chunk_t int_key,
-                                          ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi,
-                                          bool encap, bool inbound)
+METHOD(kernel_ipsec_t, add_sa, status_t,
+       private_kernel_pfkey_ipsec_t *this, host_t *src, host_t *dst, u_int32_t spi,
+       protocol_id_t protocol, u_int32_t reqid, lifetime_cfg_t *lifetime,
+       u_int16_t enc_alg, chunk_t enc_key, u_int16_t int_alg, chunk_t int_key,
+       ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi, bool encap,
+       bool inbound, traffic_selector_t *src_ts, traffic_selector_t *dst_ts)
 {
        unsigned char request[PFKEY_BUFFER_SIZE];
        struct sadb_msg *msg, *out;
@@ -1371,14 +1361,10 @@ static status_t add_sa(private_kernel_pfkey_ipsec_t *this,
        return SUCCESS;
 }
 
-/**
- * Implementation of kernel_interface_t.update_sa.
- */
-static status_t update_sa(private_kernel_pfkey_ipsec_t *this,
-                                                 u_int32_t spi, protocol_id_t protocol, u_int16_t cpi,
-                                                 host_t *src, host_t *dst,
-                                                 host_t *new_src, host_t *new_dst,
-                                                 bool encap, bool new_encap)
+METHOD(kernel_ipsec_t, update_sa, status_t,
+       private_kernel_pfkey_ipsec_t *this, u_int32_t spi, protocol_id_t protocol,
+       u_int16_t cpi, host_t *src, host_t *dst, host_t *new_src, host_t *new_dst,
+       bool encap, bool new_encap)
 {
        unsigned char request[PFKEY_BUFFER_SIZE];
        struct sadb_msg *msg, *out;
@@ -1509,12 +1495,9 @@ static status_t update_sa(private_kernel_pfkey_ipsec_t *this,
        return SUCCESS;
 }
 
-/**
- * Implementation of kernel_interface_t.query_sa.
- */
-static status_t query_sa(private_kernel_pfkey_ipsec_t *this, host_t *src,
-                                                host_t *dst, u_int32_t spi, protocol_id_t protocol,
-                                                u_int64_t *bytes)
+METHOD(kernel_ipsec_t, query_sa, status_t,
+       private_kernel_pfkey_ipsec_t *this, host_t *src, host_t *dst,
+       u_int32_t spi, protocol_id_t protocol, u_int64_t *bytes)
 {
        unsigned char request[PFKEY_BUFFER_SIZE];
        struct sadb_msg *msg, *out;
@@ -1568,12 +1551,9 @@ static status_t query_sa(private_kernel_pfkey_ipsec_t *this, host_t *src,
        return SUCCESS;
 }
 
-/**
- * Implementation of kernel_interface_t.del_sa.
- */
-static status_t del_sa(private_kernel_pfkey_ipsec_t *this, host_t *src,
-                                          host_t *dst, u_int32_t spi, protocol_id_t protocol,
-                                          u_int16_t cpi)
+METHOD(kernel_ipsec_t, del_sa, status_t,
+       private_kernel_pfkey_ipsec_t *this, host_t *src, host_t *dst,
+       u_int32_t spi, protocol_id_t protocol, u_int16_t cpi)
 {
        unsigned char request[PFKEY_BUFFER_SIZE];
        struct sadb_msg *msg, *out;
@@ -1620,17 +1600,12 @@ static status_t del_sa(private_kernel_pfkey_ipsec_t *this, host_t *src,
        return SUCCESS;
 }
 
-/**
- * Implementation of kernel_interface_t.add_policy.
- */
-static status_t add_policy(private_kernel_pfkey_ipsec_t *this,
-                                                  host_t *src, host_t *dst,
-                                                  traffic_selector_t *src_ts,
-                                                  traffic_selector_t *dst_ts,
-                                                  policy_dir_t direction, u_int32_t spi,
-                                                  protocol_id_t protocol, u_int32_t reqid,
-                                                  ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi,
-                                                  bool routed)
+METHOD(kernel_ipsec_t, add_policy, status_t,
+       private_kernel_pfkey_ipsec_t *this, host_t *src, host_t *dst,
+       traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
+       policy_dir_t direction, u_int32_t spi, protocol_id_t protocol,
+       u_int32_t reqid, ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi,
+       bool routed)
 {
        unsigned char request[PFKEY_BUFFER_SIZE];
        struct sadb_msg *msg, *out;
@@ -1825,13 +1800,9 @@ static status_t add_policy(private_kernel_pfkey_ipsec_t *this,
        return SUCCESS;
 }
 
-/**
- * Implementation of kernel_interface_t.query_policy.
- */
-static status_t query_policy(private_kernel_pfkey_ipsec_t *this,
-                                                        traffic_selector_t *src_ts,
-                                                        traffic_selector_t *dst_ts,
-                                                        policy_dir_t direction, u_int32_t *use_time)
+METHOD(kernel_ipsec_t, query_policy, status_t,
+       private_kernel_pfkey_ipsec_t *this, traffic_selector_t *src_ts,
+       traffic_selector_t *dst_ts, policy_dir_t direction, u_int32_t *use_time)
 {
        unsigned char request[PFKEY_BUFFER_SIZE];
        struct sadb_msg *msg, *out;
@@ -1932,13 +1903,9 @@ static status_t query_policy(private_kernel_pfkey_ipsec_t *this,
        return SUCCESS;
 }
 
-/**
- * Implementation of kernel_interface_t.del_policy.
- */
-static status_t del_policy(private_kernel_pfkey_ipsec_t *this,
-                                                  traffic_selector_t *src_ts,
-                                                  traffic_selector_t *dst_ts,
-                                                  policy_dir_t direction, bool unrouted)
+METHOD(kernel_ipsec_t, del_policy, status_t,
+       private_kernel_pfkey_ipsec_t *this, traffic_selector_t *src_ts,
+       traffic_selector_t *dst_ts, policy_dir_t direction, bool unrouted)
 {
        unsigned char request[PFKEY_BUFFER_SIZE];
        struct sadb_msg *msg, *out;
@@ -2046,7 +2013,8 @@ static status_t del_policy(private_kernel_pfkey_ipsec_t *this,
 /**
  * Register a socket for AQUIRE/EXPIRE messages
  */
-static status_t register_pfkey_socket(private_kernel_pfkey_ipsec_t *this, u_int8_t satype)
+static status_t register_pfkey_socket(private_kernel_pfkey_ipsec_t *this,
+                                                                         u_int8_t satype)
 {
        unsigned char request[PFKEY_BUFFER_SIZE];
        struct sadb_msg *msg, *out;
@@ -2076,77 +2044,71 @@ static status_t register_pfkey_socket(private_kernel_pfkey_ipsec_t *this, u_int8
        return SUCCESS;
 }
 
-/**
- * Implementation of kernel_interface_t.destroy.
- */
-static void destroy(private_kernel_pfkey_ipsec_t *this)
+METHOD(kernel_ipsec_t, bypass_socket, bool,
+       private_kernel_pfkey_ipsec_t *this, int fd, int family)
 {
-       this->job->cancel(this->job);
-       close(this->socket);
-       close(this->socket_events);
-       this->policies->destroy_function(this->policies, (void*)policy_entry_destroy);
-       this->mutex->destroy(this->mutex);
-       this->mutex_pfkey->destroy(this->mutex_pfkey);
-       free(this);
-}
+       struct sadb_x_policy policy;
+       u_int sol, ipsec_policy;
 
-/**
- * Add bypass policies for IKE on the sockets of charon
- */
-static bool add_bypass_policies(private_kernel_pfkey_ipsec_t *this)
-{
-       int fd, family, port;
-       enumerator_t *sockets;
-       bool status = TRUE;
-
-       sockets = charon->socket->create_enumerator(charon->socket);
-       while (sockets->enumerate(sockets, &fd, &family, &port))
+       switch (family)
        {
-               struct sadb_x_policy policy;
-               u_int sol, ipsec_policy;
-
-               switch (family)
+               case AF_INET:
                {
-                       case AF_INET:
-                       {
-                               sol = SOL_IP;
-                               ipsec_policy = IP_IPSEC_POLICY;
-                               break;
-                       }
-                       case AF_INET6:
-                       {
-                               sol = SOL_IPV6;
-                               ipsec_policy = IPV6_IPSEC_POLICY;
-                               break;
-                       }
-                       default:
-                               continue;
-               }
-
-               memset(&policy, 0, sizeof(policy));
-               policy.sadb_x_policy_len = sizeof(policy) / sizeof(u_int64_t);
-               policy.sadb_x_policy_exttype = SADB_X_EXT_POLICY;
-               policy.sadb_x_policy_type = IPSEC_POLICY_BYPASS;
-
-               policy.sadb_x_policy_dir = IPSEC_DIR_OUTBOUND;
-               if (setsockopt(fd, sol, ipsec_policy, &policy, sizeof(policy)) < 0)
-               {
-                       DBG1(DBG_KNL, "unable to set IPSEC_POLICY on socket: %s",
-                                strerror(errno));
-                       status = FALSE;
+                       sol = SOL_IP;
+                       ipsec_policy = IP_IPSEC_POLICY;
                        break;
                }
-               policy.sadb_x_policy_dir = IPSEC_DIR_INBOUND;
-               if (setsockopt(fd, sol, ipsec_policy, &policy, sizeof(policy)) < 0)
+               case AF_INET6:
                {
-                       DBG1(DBG_KNL, "unable to set IPSEC_POLICY on socket: %s",
-                                strerror(errno));
-                       status = FALSE;
+                       sol = SOL_IPV6;
+                       ipsec_policy = IPV6_IPSEC_POLICY;
                        break;
                }
+               default:
+                       return FALSE;
+       }
+
+       memset(&policy, 0, sizeof(policy));
+       policy.sadb_x_policy_len = sizeof(policy) / sizeof(u_int64_t);
+       policy.sadb_x_policy_exttype = SADB_X_EXT_POLICY;
+       policy.sadb_x_policy_type = IPSEC_POLICY_BYPASS;
+
+       policy.sadb_x_policy_dir = IPSEC_DIR_OUTBOUND;
+       if (setsockopt(fd, sol, ipsec_policy, &policy, sizeof(policy)) < 0)
+       {
+               DBG1(DBG_KNL, "unable to set IPSEC_POLICY on socket: %s",
+                        strerror(errno));
+               return FALSE;
+       }
+       policy.sadb_x_policy_dir = IPSEC_DIR_INBOUND;
+       if (setsockopt(fd, sol, ipsec_policy, &policy, sizeof(policy)) < 0)
+       {
+               DBG1(DBG_KNL, "unable to set IPSEC_POLICY on socket: %s",
+                        strerror(errno));
+               return FALSE;
        }
-       sockets->destroy(sockets);
-       return status;
+       return TRUE;
+}
+
+METHOD(kernel_ipsec_t, destroy, void,
+       private_kernel_pfkey_ipsec_t *this)
+{
+       if (this->job)
+       {
+               this->job->cancel(this->job);
+       }
+       if (this->socket > 0)
+       {
+               close(this->socket);
+       }
+       if (this->socket_events > 0)
+       {
+               close(this->socket_events);
+       }
+       this->policies->destroy_function(this->policies, (void*)policy_entry_destroy);
+       this->mutex->destroy(this->mutex);
+       this->mutex_pfkey->destroy(this->mutex_pfkey);
+       free(this);
 }
 
 /*
@@ -2154,54 +2116,54 @@ static bool add_bypass_policies(private_kernel_pfkey_ipsec_t *this)
  */
 kernel_pfkey_ipsec_t *kernel_pfkey_ipsec_create()
 {
-       private_kernel_pfkey_ipsec_t *this = malloc_thing(private_kernel_pfkey_ipsec_t);
-
-       /* public functions */
-       this->public.interface.get_spi = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,protocol_id_t,u_int32_t,u_int32_t*))get_spi;
-       this->public.interface.get_cpi = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,u_int32_t,u_int16_t*))get_cpi;
-       this->public.interface.add_sa  = (status_t(*)(kernel_ipsec_t *,host_t*,host_t*,u_int32_t,protocol_id_t,u_int32_t,lifetime_cfg_t*,u_int16_t,chunk_t,u_int16_t,chunk_t,ipsec_mode_t,u_int16_t,u_int16_t,bool,bool))add_sa;
-       this->public.interface.update_sa = (status_t(*)(kernel_ipsec_t*,u_int32_t,protocol_id_t,u_int16_t,host_t*,host_t*,host_t*,host_t*,bool,bool))update_sa;
-       this->public.interface.query_sa = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,u_int32_t,protocol_id_t,u_int64_t*))query_sa;
-       this->public.interface.del_sa = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,u_int32_t,protocol_id_t,u_int16_t))del_sa;
-       this->public.interface.add_policy = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,u_int32_t,protocol_id_t,u_int32_t,ipsec_mode_t,u_int16_t,u_int16_t,bool))add_policy;
-       this->public.interface.query_policy = (status_t(*)(kernel_ipsec_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,u_int32_t*))query_policy;
-       this->public.interface.del_policy = (status_t(*)(kernel_ipsec_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,bool))del_policy;
-
-       this->public.interface.destroy = (void(*)(kernel_ipsec_t*)) destroy;
-
-       /* private members */
-       this->policies = linked_list_create();
-       this->mutex = mutex_create(MUTEX_TYPE_DEFAULT);
-       this->mutex_pfkey = mutex_create(MUTEX_TYPE_DEFAULT);
-       this->install_routes = lib->settings->get_bool(lib->settings,
-                                                                                               "charon.install_routes", TRUE);
-       this->seq = 0;
+       private_kernel_pfkey_ipsec_t *this;
+
+       INIT(this,
+               .public.interface = {
+                       .get_spi = _get_spi,
+                       .get_cpi = _get_cpi,
+                       .add_sa  = _add_sa,
+                       .update_sa = _update_sa,
+                       .query_sa = _query_sa,
+                       .del_sa = _del_sa,
+                       .add_policy = _add_policy,
+                       .query_policy = _query_policy,
+                       .del_policy = _del_policy,
+                       .bypass_socket = _bypass_socket,
+                       .destroy = _destroy,
+               },
+               .policies = linked_list_create(),
+               .mutex = mutex_create(MUTEX_TYPE_DEFAULT),
+               .mutex_pfkey = mutex_create(MUTEX_TYPE_DEFAULT),
+               .install_routes = lib->settings->get_bool(lib->settings,
+                                                                                               "charon.install_routes", TRUE),
+       );
 
        /* create a PF_KEY socket to communicate with the kernel */
        this->socket = socket(PF_KEY, SOCK_RAW, PF_KEY_V2);
        if (this->socket <= 0)
        {
-               charon->kill(charon, "unable to create PF_KEY socket");
+               DBG1(DBG_KNL, "unable to create PF_KEY socket");
+               destroy(this);
+               return NULL;
        }
 
        /* create a PF_KEY socket for ACQUIRE & EXPIRE */
        this->socket_events = socket(PF_KEY, SOCK_RAW, PF_KEY_V2);
        if (this->socket_events <= 0)
        {
-               charon->kill(charon, "unable to create PF_KEY event socket");
-       }
-
-       /* add bypass policies on the sockets used by charon */
-       if (!add_bypass_policies(this))
-       {
-               charon->kill(charon, "unable to add bypass policies on sockets");
+               DBG1(DBG_KNL, "unable to create PF_KEY event socket");
+               destroy(this);
+               return NULL;
        }
 
        /* register the event socket */
        if (register_pfkey_socket(this, SADB_SATYPE_ESP) != SUCCESS ||
                register_pfkey_socket(this, SADB_SATYPE_AH) != SUCCESS)
        {
-               charon->kill(charon, "unable to register PF_KEY event socket");
+               DBG1(DBG_KNL, "unable to register PF_KEY event socket");
+               destroy(this);
+               return NULL;
        }
 
        this->job = callback_job_create((callback_job_cb_t)receive_events,
@@ -2210,3 +2172,4 @@ kernel_pfkey_ipsec_t *kernel_pfkey_ipsec_create()
 
        return &this->public;
 }
+