starter: Drop support for %defaultroute.
authorTobias Brunner <tobias@strongswan.org>
Mon, 14 May 2012 10:17:50 +0000 (12:17 +0200)
committerTobias Brunner <tobias@strongswan.org>
Mon, 11 Jun 2012 15:33:29 +0000 (17:33 +0200)
man/ipsec.conf.5.in
src/starter/Android.mk
src/starter/Makefile.am
src/starter/cmp.c
src/starter/cmp.h
src/starter/confread.c
src/starter/confread.h
src/starter/interfaces.c [deleted file]
src/starter/interfaces.h [deleted file]
src/starter/starter.c

index 63e25c8..0385a02 100644 (file)
@@ -451,24 +451,10 @@ Relevant only locally, other end need not agree on it.
 synonym for
 .BR lifetime .
 .TP
-.BR left " = <ip address> | <fqdn> | %defaultroute | " %any
+.BR left " = <ip address> | <fqdn> | " %any
 (required)
 the IP address of the left participant's public-network interface
 or one of several magic values.
-If it is
-.BR %defaultroute ,
-.B left
-will be filled in automatically with the local address
-of the default-route interface (as determined at IPsec startup time and
-during configuration update).
-Either
-.B left
-or
-.B right
-may be
-.BR %defaultroute ,
-but not both.
-
 The value
 .B %any
 for the local endpoint signifies an address to be filled in (by automatic
@@ -644,7 +630,7 @@ to 4500 if a NAT is detected or MOBIKE is enabled. Specifying a local IKE port
 different from the default additionally requires a socket implementation that
 listens to this port.
 .TP
-.BR leftnexthop " = %direct | %defaultroute | <ip address> | <fqdn>"
+.BR leftnexthop " = %direct | <ip address> | <fqdn>"
 this parameter is usually not needed any more because the NETKEY IPsec stack
 does not require explicit routing entries for the traffic to be tunneled. If
 .B leftsourceip
index c1cb27e..960d85a 100644 (file)
@@ -5,7 +5,7 @@ include $(CLEAR_VARS)
 LOCAL_SRC_FILES := \
 parser.c lexer.c ipsec-parser.h netkey.c args.h netkey.h \
 starterwhack.c starterwhack.h starterstroke.c invokepluto.c confread.c \
-starterstroke.h interfaces.c invokepluto.h confread.h interfaces.h args.c \
+starterstroke.h invokepluto.h confread.h args.c \
 keywords.c files.h keywords.h cmp.c starter.c cmp.h invokecharon.c \
 invokecharon.h klips.c klips.h
 
index 9a45120..185edbb 100644 (file)
@@ -2,7 +2,7 @@ ipsec_PROGRAMS = starter
 starter_SOURCES = \
 parser.y lexer.l ipsec-parser.h netkey.c args.h netkey.h \
 starterwhack.c starterwhack.h starterstroke.c invokepluto.c confread.c \
-starterstroke.h interfaces.c invokepluto.h confread.h interfaces.h args.c \
+starterstroke.h invokepluto.h confread.h args.c \
 keywords.c files.h keywords.h cmp.c starter.c cmp.h invokecharon.c \
 invokecharon.h klips.c klips.h
 
index 0727cf5..0072e3e 100644 (file)
@@ -21,7 +21,6 @@
 
 #include "confread.h"
 #include "args.h"
-#include "interfaces.h"
 #include "cmp.h"
 
 #define VARCMP(obj) if (c1->obj != c2->obj) return FALSE
@@ -105,11 +104,3 @@ starter_cmp_pluto(starter_config_t *c1, starter_config_t *c2)
 
        return cmp_args(KW_PLUTO_FIRST, KW_PLUTO_LAST, (char *)c1, (char *)c2);
 }
-
-bool
-starter_cmp_defaultroute(defaultroute_t *d1, defaultroute_t *d2)
-{
-       if ((d1 == NULL) || (d2 == NULL))
-               return FALSE;
-       return memcmp(d1, d2, sizeof(defaultroute_t)) == 0;
-}
index cda6e44..58c2ef8 100644 (file)
 #ifndef _STARTER_CMP_H_
 #define _STARTER_CMP_H_
 
-#include "interfaces.h"
-
 extern bool starter_cmp_conn(starter_conn_t *c1, starter_conn_t *c2);
 extern bool starter_cmp_ca(starter_ca_t *c1, starter_ca_t *c2);
 extern bool starter_cmp_klips(starter_config_t *c1, starter_config_t *c2);
 extern bool starter_cmp_pluto(starter_config_t *c1, starter_config_t *c2);
-extern bool starter_cmp_defaultroute(defaultroute_t *d1, defaultroute_t *d2);
 
 #endif
 
index af7cc46..47afc55 100644 (file)
@@ -30,7 +30,6 @@
 #include "confread.h"
 #include "args.h"
 #include "files.h"
-#include "interfaces.h"
 
 /* strings containing a colon are interpreted as an IPv6 address */
 #define ip_version(string)     (strchr(string, '.') ? AF_INET : AF_INET6)
@@ -184,24 +183,7 @@ static void kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token,
        case KW_HOST:
                free(end->host);
                end->host = NULL;
-               if (streq(value, "%defaultroute"))
-               {
-                       if (cfg->defaultroute.defined)
-                       {
-                               end->addr    = cfg->defaultroute.addr;
-                               end->nexthop = cfg->defaultroute.nexthop;
-                       }
-                       else if (!cfg->defaultroute.supported)
-                       {
-                               DBG1(DBG_APP, "%%defaultroute not supported, fallback to %%any");
-                       }
-                       else
-                       {
-                               DBG1(DBG_APP, "# default route not known: %s=%s", name, value);
-                               goto err;
-                       }
-               }
-               else if (streq(value, "%any") || streq(value, "%any4"))
+               if (streq(value, "%any") || streq(value, "%any4"))
                {
                        anyaddr(conn->addr_family, &end->addr);
                }
@@ -355,19 +337,7 @@ static void kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token,
        switch (token)
        {
        case KW_NEXTHOP:
-               if (streq(value, "%defaultroute"))
-               {
-                       if (cfg->defaultroute.defined)
-                       {
-                               end->nexthop = cfg->defaultroute.nexthop;
-                       }
-                       else
-                       {
-                               DBG1(DBG_APP, "# default route not known: %s=%s", name, value);
-                               goto err;
-                       }
-               }
-               else if (streq(value, "%direct"))
+               if (streq(value, "%direct"))
                {
                        ugh = anyaddr(conn->addr_family, &end->nexthop);
                }
@@ -404,42 +374,25 @@ static void kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token,
                end->has_port_wildcard = has_port_wildcard;
                break;
        case KW_NATIP:
+       {
+               ip_address addr;
                if (end->sourceip)
                {
                        DBG1(DBG_APP, "# natip and sourceip cannot be defined at the same time");
                        goto err;
                }
-               if (streq(value, "%defaultroute"))
-               {
-                       char buf[64];
-
-                       if (cfg->defaultroute.defined)
-                       {
-                               addrtot(&cfg->defaultroute.addr, 0, buf, sizeof(buf));
-                               end->sourceip = clone_str(buf);
-                       }
-                       else
-                       {
-                               DBG1(DBG_APP, "# default route not known: %s=%s", name, value);
-                               goto err;
-                       }
-               }
-               else
+               conn->tunnel_addr_family = ip_version(value);
+               ugh = ttoaddr(value, 0, conn->tunnel_addr_family, &addr);
+               if (ugh != NULL)
                {
-                       ip_address addr;
-
-                       conn->tunnel_addr_family = ip_version(value);
-                       ugh = ttoaddr(value, 0, conn->tunnel_addr_family, &addr);
-                       if (ugh != NULL)
-                       {
-                               DBG1(DBG_APP, "# bad addr: %s=%s [%s]", name, value, ugh);
-                               goto err;
-                       }
-                       end->sourceip = clone_str(value);
+                       DBG1(DBG_APP, "# bad addr: %s=%s [%s]", name, value, ugh);
+                       goto err;
                }
+               end->sourceip = clone_str(value);
                end->has_natip = TRUE;
                conn->policy |= POLICY_TUNNEL;
                break;
+       }
        default:
                break;
        }
@@ -1053,9 +1006,6 @@ starter_config_t* confread_load(const char *file)
        /* set default values */
        default_values(cfg);
 
-       /* determine default route */
-       get_defaultroute(&cfg->defaultroute);
-
        /* load config setup section */
        load_setup(cfg, cfgp);
 
index 655c970..c142961 100644 (file)
 #ifndef _IPSEC_CONFREAD_H_
 #define _IPSEC_CONFREAD_H_
 
-#ifndef _FREESWAN_H
 #include <freeswan.h>
-#endif
+#include "../pluto/constants.h"
 
 #include "ipsec-parser.h"
-#include "interfaces.h"
 
 typedef enum {
                STARTUP_NO,
@@ -218,9 +216,6 @@ struct starter_config {
                                bool    hidetos;
                } setup;
 
-               /* information about the default route */
-               defaultroute_t defaultroute;
-
                /* number of encountered parsing errors */
                u_int err;
                u_int non_fatal_err;
diff --git a/src/starter/interfaces.c b/src/starter/interfaces.c
deleted file mode 100644 (file)
index 8d253ae..0000000
+++ /dev/null
@@ -1,212 +0,0 @@
-/* strongSwan IPsec interfaces management
- * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security
- *               2009 Heiko Hund - Astaro AG
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-#include <errno.h>
-
-#include <freeswan.h>
-
-#include <debug.h>
-#include <constants.h>
-#include <defs.h>
-
-#include "interfaces.h"
-#include "files.h"
-
-#ifdef START_PLUTO
-
-#include <sys/socket.h>
-#include <sys/ioctl.h>
-#include <linux/rtnetlink.h>
-#ifdef HAVE_SYS_SOCKIO_H
-#include <sys/sockio.h>
-#endif
-
-/*
- * Get the default route information via rtnetlink
- */
-void
-get_defaultroute(defaultroute_t *defaultroute)
-{
-       union {
-               struct {
-                       struct nlmsghdr nh;
-                       struct rtmsg    rt;
-               } m;
-               char buf[4096];
-       } rtu;
-
-       struct nlmsghdr *nh;
-       uint32_t best_metric = ~0;
-       ssize_t msglen;
-       int fd;
-
-       memset(&rtu, 0, sizeof(rtu));
-       rtu.m.nh.nlmsg_len = NLMSG_LENGTH(sizeof(rtu.m.rt));
-       rtu.m.nh.nlmsg_flags = NLM_F_REQUEST | NLM_F_DUMP;
-       rtu.m.nh.nlmsg_type = RTM_GETROUTE;
-       rtu.m.rt.rtm_family = AF_INET;
-       rtu.m.rt.rtm_table = RT_TABLE_UNSPEC;
-       rtu.m.rt.rtm_protocol = RTPROT_UNSPEC;
-       rtu.m.rt.rtm_type = RTN_UNICAST;
-
-       fd = socket(AF_NETLINK, SOCK_DGRAM, NETLINK_ROUTE);
-       if (fd == -1)
-       {
-               DBG1(DBG_APP, "could not create rtnetlink socket");
-               return;
-       }
-
-       if (send(fd, &rtu, rtu.m.nh.nlmsg_len, 0) == -1)
-       {
-               DBG1(DBG_APP, "could not write to rtnetlink socket");
-               close(fd);
-               return;
-       }
-
-       msglen = recv(fd, &rtu, sizeof(rtu), MSG_WAITALL);
-       if (msglen == -1)
-       {
-               DBG1(DBG_APP, "could not read from rtnetlink socket");
-               close(fd);
-               return;
-       }
-
-       close(fd);
-
-       for (nh = &rtu.m.nh; NLMSG_OK(nh, msglen); nh = NLMSG_NEXT(nh, msglen))
-       {
-               struct rtmsg *rt;
-               struct rtattr *rta;
-               uint32_t rtalen, metric = 0;
-               struct in_addr gw = { .s_addr = INADDR_ANY };
-               int iface_idx = -1;
-
-               if (nh->nlmsg_type == NLMSG_ERROR)
-               {
-                       DBG1(DBG_APP, "error from rtnetlink");
-                       return;
-               }
-
-               if (nh->nlmsg_type == NLMSG_DONE)
-                       break;
-
-               rt = NLMSG_DATA(nh);
-               if ( rt->rtm_dst_len != 0
-               ||  (rt->rtm_table != RT_TABLE_MAIN
-                 && rt->rtm_table != RT_TABLE_DEFAULT) )
-                       continue;
-
-               rta = RTM_RTA(rt);
-               rtalen = RTM_PAYLOAD(nh);
-               while ( RTA_OK(rta, rtalen) )
-               {
-                       switch (rta->rta_type)
-                       {
-                       case RTA_GATEWAY:
-                               gw = *(struct in_addr *) RTA_DATA(rta);
-                               break;
-                       case RTA_OIF:
-                               iface_idx = *(int *) RTA_DATA(rta);
-                               break;
-                       case RTA_PRIORITY:
-                               metric = *(uint32_t *) RTA_DATA(rta);
-                               break;
-                       }
-                       rta = RTA_NEXT(rta, rtalen);
-               }
-
-               if (metric < best_metric
-               &&  iface_idx != -1)
-               {
-                       struct ifreq req;
-
-                       fd = socket(AF_INET, SOCK_DGRAM, 0);
-                       if (fd < 0)
-                       {
-                               DBG1(DBG_APP, "could not open AF_INET socket");
-                               break;
-                       }
-                       memset(&req, 0, sizeof(req));
-                       req.ifr_ifindex = iface_idx;
-                       if (ioctl(fd, SIOCGIFNAME, &req) < 0 ||
-                               ioctl(fd, SIOCGIFADDR, &req) < 0)
-                       {
-                               DBG1(DBG_APP, "could not read interface data, ignoring route");
-                               close(fd);
-                               break;
-                       }
-
-                       strncpy(defaultroute->iface, req.ifr_name, IFNAMSIZ);
-                       defaultroute->iface[IFNAMSIZ-1] = '\0';
-                       defaultroute->addr.u.v4 = *((struct sockaddr_in *) &req.ifr_addr);
-                       defaultroute->nexthop.u.v4.sin_family = AF_INET;
-
-                       if (gw.s_addr == INADDR_ANY)
-                       {
-                               if (ioctl(fd, SIOCGIFDSTADDR, &req) < 0 ||
-                                       ((struct sockaddr_in*) &req.ifr_dstaddr)->sin_addr.s_addr == INADDR_ANY)
-                               {
-                                       DBG2(DBG_APP, "Ignoring default route to device %s because we can't get it's destination",
-                                                req.ifr_name);
-                                       close(fd);
-                                       break;
-                               }
-
-                               defaultroute->nexthop.u.v4 = *((struct sockaddr_in *) &req.ifr_dstaddr);
-                       }
-                       else
-                               defaultroute->nexthop.u.v4.sin_addr = gw;
-
-                       close(fd);
-
-                       {
-                               char addr[20];
-                               char nexthop[20];
-                               addrtot(&defaultroute->addr, 0, addr, sizeof(addr));
-                               addrtot(&defaultroute->nexthop, 0, nexthop, sizeof(nexthop));
-
-                               DBG2(DBG_APP,
-                                       ( !defaultroute->defined
-                                       ? "Default route found: iface=%s, addr=%s, nexthop=%s"
-                                       : "Better default route: iface=%s, addr=%s, nexthop=%s"
-                                       ), defaultroute->iface, addr, nexthop
-                               );
-                       }
-
-                       best_metric = metric;
-                       defaultroute->defined = TRUE;
-               }
-       }
-       defaultroute->supported = TRUE;
-
-       if (!defaultroute->defined)
-               DBG1(DBG_APP, "no default route - cannot cope with %%defaultroute!!!");
-}
-
-#else /* !START_PLUTO */
-
-/**
- * Pluto disabled, fall back to %any
- */
-void
-get_defaultroute(defaultroute_t *defaultroute)
-{
-       defaultroute->supported = FALSE;
-}
-#endif /* START_PLUTO */
-
diff --git a/src/starter/interfaces.h b/src/starter/interfaces.h
deleted file mode 100644 (file)
index ff8535f..0000000
+++ /dev/null
@@ -1,36 +0,0 @@
-/* strongSwan IPsec interfaces management
- * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#ifndef _STARTER_INTERFACES_H_
-#define _STARTER_INTERFACES_H_
-
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <net/if.h>
-
-#include "../pluto/constants.h"
-
-typedef struct {
-       bool defined;
-       bool supported;
-       char iface[IFNAMSIZ];
-       ip_address addr;
-       ip_address nexthop;
-} defaultroute_t;
-
-extern void get_defaultroute(defaultroute_t *defaultroute);
-
-
-#endif /* _STARTER_INTERFACES_H_ */
-
index aad2e7a..86cf52b 100644 (file)
@@ -49,7 +49,6 @@
 #include "netkey.h"
 #include "klips.h"
 #include "cmp.h"
-#include "interfaces.h"
 
 #ifndef LOG_AUTHPRIV
 #define LOG_AUTHPRIV LOG_AUTH
@@ -662,12 +661,6 @@ int main (int argc, char **argv)
                        if (new_cfg && (new_cfg->err + new_cfg->non_fatal_err == 0))
                        {
                                /* Switch to new config. New conn will be loaded below */
-                               if (!starter_cmp_defaultroute(&new_cfg->defaultroute
-                                                                  , &cfg->defaultroute))
-                               {
-                                       _action_ |= FLAG_ACTION_LISTEN;
-                               }
-
                                if (!starter_cmp_pluto(cfg, new_cfg))
                                {
                                        DBG1(DBG_APP, "Pluto has changed");