capabilities: Some plugins don't actually require capabilities at runtime
[strongswan.git] / src / libcharon / plugins / kernel_libipsec / kernel_libipsec_plugin.c
index 9fa811d..56f5262 100644 (file)
 
 #include "kernel_libipsec_plugin.h"
 #include "kernel_libipsec_ipsec.h"
+#include "kernel_libipsec_router.h"
 
+#include <daemon.h>
 #include <ipsec.h>
 #include <networking/tun_device.h>
-#include <utils/debug.h>
 
 #define TUN_DEFAULT_MTU 1400
 
@@ -39,6 +40,10 @@ struct private_kernel_libipsec_plugin_t {
         */
        tun_device_t *tun;
 
+       /**
+        * Packet router
+        */
+       kernel_libipsec_router_t *router;
 };
 
 METHOD(plugin_t, get_name, char*,
@@ -47,12 +52,32 @@ METHOD(plugin_t, get_name, char*,
        return "kernel-libipsec";
 }
 
+/**
+ * Create the kernel_libipsec_router_t instance
+ */
+static bool create_router(private_kernel_libipsec_plugin_t *this,
+                                                 plugin_feature_t *feature, bool reg, void *arg)
+{
+       if (reg)
+       {       /* registers as packet handler etc. */
+               this->router = kernel_libipsec_router_create();
+       }
+       else
+       {
+               DESTROY_IF(this->router);
+       }
+       return TRUE;
+}
+
 METHOD(plugin_t, get_features, int,
        private_kernel_libipsec_plugin_t *this, plugin_feature_t *features[])
 {
        static plugin_feature_t f[] = {
                PLUGIN_CALLBACK(kernel_ipsec_register, kernel_libipsec_ipsec_create),
                        PLUGIN_PROVIDE(CUSTOM, "kernel-ipsec"),
+               PLUGIN_CALLBACK((plugin_feature_callback_t)create_router, NULL),
+                       PLUGIN_PROVIDE(CUSTOM, "kernel-libipsec-router"),
+                               PLUGIN_DEPENDS(CUSTOM, "libcharon-receiver"),
        };
        *features = f;
        return countof(f);
@@ -77,6 +102,13 @@ plugin_t *kernel_libipsec_plugin_create()
 {
        private_kernel_libipsec_plugin_t *this;
 
+       if (!lib->caps->check(lib->caps, CAP_NET_ADMIN))
+       {       /* required to create TUN devices */
+               DBG1(DBG_KNL, "kernel-libipsec plugin requires CAP_NET_ADMIN "
+                        "capability");
+               return NULL;
+       }
+
        INIT(this,
                .public = {
                        .plugin = {