diff options
author | Yves-Alexis Perez <corsac@debian.org> | 2013-02-07 13:27:27 +0100 |
---|---|---|
committer | Yves-Alexis Perez <corsac@debian.org> | 2013-02-07 13:27:27 +0100 |
commit | 7585facf05d927eb6df3929ce09ed5e60d905437 (patch) | |
tree | e4d14b4dc180db20356b6b01ce0112f3a2d7897e /src/libhydra/plugins/kernel_netlink | |
parent | c1343b3278cdf99533b7902744d15969f9d6fdc1 (diff) | |
download | vyos-strongswan-7585facf05d927eb6df3929ce09ed5e60d905437.tar.gz vyos-strongswan-7585facf05d927eb6df3929ce09ed5e60d905437.zip |
Imported Upstream version 5.0.2
Diffstat (limited to 'src/libhydra/plugins/kernel_netlink')
4 files changed, 113 insertions, 51 deletions
diff --git a/src/libhydra/plugins/kernel_netlink/Makefile.in b/src/libhydra/plugins/kernel_netlink/Makefile.in index d0adb3b1e..f0b3c9cfc 100644 --- a/src/libhydra/plugins/kernel_netlink/Makefile.in +++ b/src/libhydra/plugins/kernel_netlink/Makefile.in @@ -1,9 +1,9 @@ -# Makefile.in generated by automake 1.11.1 from Makefile.am. +# Makefile.in generated by automake 1.11.3 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, -# Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software +# Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -73,6 +73,12 @@ am__nobase_list = $(am__nobase_strip_setup); \ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } am__installdirs = "$(DESTDIR)$(plugindir)" LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) libstrongswan_kernel_netlink_la_LIBADD = @@ -125,6 +131,7 @@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DLLIB = @DLLIB@ +DLLTOOL = @DLLTOOL@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ @@ -152,6 +159,7 @@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ MYSQLCFLAG = @MYSQLCFLAG@ MYSQLCONFIG = @MYSQLCONFIG@ @@ -179,6 +187,7 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ +RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -191,6 +200,7 @@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ @@ -244,7 +254,6 @@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -lt_ECHO = @lt_ECHO@ maemo_CFLAGS = @maemo_CFLAGS@ maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ @@ -381,7 +390,7 @@ clean-pluginLTLIBRARIES: echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done -libstrongswan-kernel-netlink.la: $(libstrongswan_kernel_netlink_la_OBJECTS) $(libstrongswan_kernel_netlink_la_DEPENDENCIES) +libstrongswan-kernel-netlink.la: $(libstrongswan_kernel_netlink_la_OBJECTS) $(libstrongswan_kernel_netlink_la_DEPENDENCIES) $(EXTRA_libstrongswan_kernel_netlink_la_DEPENDENCIES) $(libstrongswan_kernel_netlink_la_LINK) $(am_libstrongswan_kernel_netlink_la_rpath) $(libstrongswan_kernel_netlink_la_OBJECTS) $(libstrongswan_kernel_netlink_la_LIBADD) $(LIBS) mostlyclean-compile: @@ -521,10 +530,15 @@ install-am: all-am installcheck: installcheck-am install-strip: - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - `test -z '$(STRIP)' || \ - echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi mostlyclean-generic: clean-generic: diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c index 4f5b6600d..f9b2634a0 100644 --- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c +++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c @@ -36,11 +36,11 @@ #include "kernel_netlink_shared.h" #include <hydra.h> -#include <debug.h> +#include <utils/debug.h> #include <threading/thread.h> #include <threading/mutex.h> -#include <utils/hashtable.h> -#include <utils/linked_list.h> +#include <collections/hashtable.h> +#include <collections/linked_list.h> #include <processing/jobs/callback_job.h> /** Required for Linux 2.6.26 kernel and later */ @@ -1537,7 +1537,8 @@ failed: * Allocates into one the replay state structure we get from the kernel. */ static void get_replay_state(private_kernel_netlink_ipsec_t *this, - u_int32_t spi, u_int8_t protocol, host_t *dst, + u_int32_t spi, u_int8_t protocol, + host_t *dst, mark_t mark, struct xfrm_replay_state_esn **replay_esn, struct xfrm_replay_state **replay) { @@ -1566,6 +1567,24 @@ static void get_replay_state(private_kernel_netlink_ipsec_t *this, aevent_id->sa_id.proto = protocol; aevent_id->sa_id.family = dst->get_family(dst); + if (mark.value) + { + struct xfrm_mark *mrk; + struct rtattr *rthdr = XFRM_RTA(hdr, struct xfrm_aevent_id); + + rthdr->rta_type = XFRMA_MARK; + rthdr->rta_len = RTA_LENGTH(sizeof(struct xfrm_mark)); + hdr->nlmsg_len += RTA_ALIGN(rthdr->rta_len); + if (hdr->nlmsg_len > sizeof(request)) + { + return; + } + + mrk = (struct xfrm_mark*)RTA_DATA(rthdr); + mrk->v = mark.value; + mrk->m = mark.mask; + } + if (this->socket_xfrm->send(this->socket_xfrm, hdr, &out, &len) == SUCCESS) { hdr = out; @@ -1834,6 +1853,24 @@ METHOD(kernel_ipsec_t, update_sa, status_t, sa_id->proto = protocol; sa_id->family = dst->get_family(dst); + if (mark.value) + { + struct xfrm_mark *mrk; + struct rtattr *rthdr = XFRM_RTA(hdr, struct xfrm_usersa_id); + + rthdr->rta_type = XFRMA_MARK; + rthdr->rta_len = RTA_LENGTH(sizeof(struct xfrm_mark)); + hdr->nlmsg_len += RTA_ALIGN(rthdr->rta_len); + if (hdr->nlmsg_len > sizeof(request)) + { + return FAILED; + } + + mrk = (struct xfrm_mark*)RTA_DATA(rthdr); + mrk->v = mark.value; + mrk->m = mark.mask; + } + if (this->socket_xfrm->send(this->socket_xfrm, hdr, &out, &len) == SUCCESS) { hdr = out; @@ -1868,7 +1905,7 @@ METHOD(kernel_ipsec_t, update_sa, status_t, goto failed; } - get_replay_state(this, spi, protocol, dst, &replay_esn, &replay); + get_replay_state(this, spi, protocol, dst, mark, &replay_esn, &replay); /* delete the old SA (without affecting the IPComp SA) */ if (del_sa(this, src, dst, spi, protocol, 0, mark) != SUCCESS) diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c index 3f63a8496..e47887859 100644 --- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c +++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c @@ -49,14 +49,14 @@ #include "kernel_netlink_shared.h" #include <hydra.h> -#include <debug.h> +#include <utils/debug.h> #include <threading/thread.h> #include <threading/mutex.h> #include <threading/rwlock.h> #include <threading/rwlock_condvar.h> #include <threading/spinlock.h> -#include <utils/hashtable.h> -#include <utils/linked_list.h> +#include <collections/hashtable.h> +#include <collections/linked_list.h> #include <processing/jobs/callback_job.h> /** delay before firing roam events (ms) */ @@ -65,6 +65,9 @@ /** delay before reinstalling routes (ms) */ #define ROUTE_DELAY 100 +/** maximum recursion when searching for addresses in get_route() */ +#define MAX_ROUTE_RECURSION 2 + typedef struct addr_entry_t addr_entry_t; /** @@ -543,12 +546,7 @@ static void queue_route_reinstall(private_kernel_netlink_net_t *this, time_monotonic(&now); if (timercmp(&now, &this->last_route_reinstall, >)) { - now.tv_usec += ROUTE_DELAY * 1000; - while (now.tv_usec > 1000000) - { - now.tv_sec++; - now.tv_usec -= 1000000; - } + timeval_add_ms(&now, ROUTE_DELAY); this->last_route_reinstall = now; job = (job_t*)callback_job_create((callback_job_cb_t)reinstall_routes, @@ -704,12 +702,7 @@ static void fire_roam_event(private_kernel_netlink_net_t *this, bool address) this->roam_lock->unlock(this->roam_lock); return; } - now.tv_usec += ROAM_DELAY * 1000; - while (now.tv_usec > 1000000) - { - now.tv_sec++; - now.tv_usec -= 1000000; - } + timeval_add_ms(&now, ROAM_DELAY); this->next_roam = now; this->roam_lock->unlock(this->roam_lock); @@ -1236,6 +1229,19 @@ METHOD(kernel_net_t, get_interface_name, bool, this->lock->unlock(this->lock); return TRUE; } + /* in a second step, consider virtual IPs installed by us */ + entry = this->vips->get_match(this->vips, &lookup, + (void*)addr_map_entry_match_up_and_usable); + if (entry) + { + if (name) + { + *name = strdup(entry->iface->ifname); + DBG2(DBG_KNL, "virtual %H is on interface %s", ip, *name); + } + this->lock->unlock(this->lock); + return TRUE; + } /* maybe it is installed on an ignored interface */ entry = this->addrs->get_match(this->addrs, &lookup, (void*)addr_map_entry_match_up); @@ -1400,7 +1406,7 @@ static rt_entry_t *parse_route(struct nlmsghdr *hdr, rt_entry_t *route) * Get a route: If "nexthop", the nexthop is returned. source addr otherwise. */ static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest, - bool nexthop, host_t *candidate) + bool nexthop, host_t *candidate, u_int recursion) { netlink_buf_t request; struct nlmsghdr *hdr, *out, *current; @@ -1412,6 +1418,11 @@ static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest, enumerator_t *enumerator; host_t *addr = NULL; + if (recursion > MAX_ROUTE_RECURSION) + { + return NULL; + } + memset(&request, 0, sizeof(request)); hdr = (struct nlmsghdr*)request; @@ -1567,8 +1578,12 @@ static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest, host_t *gtw; gtw = host_create_from_chunk(msg->rtm_family, route->gtw, 0); - route->src_host = get_route(this, gtw, FALSE, candidate); - gtw->destroy(gtw); + if (gtw && !gtw->ip_equals(gtw, dest)) + { + route->src_host = get_route(this, gtw, FALSE, candidate, + recursion + 1); + } + DESTROY_IF(gtw); if (route->src_host) { /* more of the same */ if (!candidate || @@ -1607,7 +1622,7 @@ static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest, DBG2(DBG_KNL, "using %H as %s to reach %H", addr, nexthop ? "nexthop" : "address", dest); } - else + else if (!recursion) { DBG2(DBG_KNL, "no %s found to reach %H", nexthop ? "nexthop" : "address", dest); @@ -1618,13 +1633,13 @@ static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest, METHOD(kernel_net_t, get_source_addr, host_t*, private_kernel_netlink_net_t *this, host_t *dest, host_t *src) { - return get_route(this, dest, FALSE, src); + return get_route(this, dest, FALSE, src, 0); } METHOD(kernel_net_t, get_nexthop, host_t*, private_kernel_netlink_net_t *this, host_t *dest, host_t *src) { - return get_route(this, dest, TRUE, src); + return get_route(this, dest, TRUE, src, 0); } /** @@ -1632,7 +1647,7 @@ METHOD(kernel_net_t, get_nexthop, host_t*, * By setting the appropriate nlmsg_type, the ip will be set or unset. */ static status_t manage_ipaddr(private_kernel_netlink_net_t *this, int nlmsg_type, - int flags, int if_index, host_t *ip) + int flags, int if_index, host_t *ip, int prefix) { netlink_buf_t request; struct nlmsghdr *hdr; @@ -1651,7 +1666,7 @@ static status_t manage_ipaddr(private_kernel_netlink_net_t *this, int nlmsg_type msg = (struct ifaddrmsg*)NLMSG_DATA(hdr); msg->ifa_family = ip->get_family(ip); msg->ifa_flags = 0; - msg->ifa_prefixlen = 8 * chunk.len; + msg->ifa_prefixlen = prefix < 0 ? chunk.len * 8 : prefix; msg->ifa_scope = RT_SCOPE_UNIVERSE; msg->ifa_index = if_index; @@ -1661,7 +1676,8 @@ static status_t manage_ipaddr(private_kernel_netlink_net_t *this, int nlmsg_type } METHOD(kernel_net_t, add_ip, status_t, - private_kernel_netlink_net_t *this, host_t *virtual_ip, host_t *iface_ip) + private_kernel_netlink_net_t *this, host_t *virtual_ip, int prefix, + char *iface_name) { addr_map_entry_t *entry, lookup = { .ip = virtual_ip, @@ -1712,17 +1728,11 @@ METHOD(kernel_net_t, add_ip, status_t, this->ifaces->find_first(this->ifaces, (void*)iface_entry_by_name, (void**)&iface, this->install_virtual_ip_on) != SUCCESS) { - lookup.ip = iface_ip; - entry = this->addrs->get_match(this->addrs, &lookup, - (void*)addr_map_entry_match); - if (!entry) + if (this->ifaces->find_first(this->ifaces, (void*)iface_entry_by_name, + (void**)&iface, iface_name) != SUCCESS) { /* if we don't find the requested interface we just use the first */ this->ifaces->get_first(this->ifaces, (void**)&iface); } - else - { - iface = entry->iface; - } } if (iface) { @@ -1736,7 +1746,7 @@ METHOD(kernel_net_t, add_ip, status_t, iface->addrs->insert_last(iface->addrs, addr); addr_map_entry_add(this->vips, addr, iface); if (manage_ipaddr(this, RTM_NEWADDR, NLM_F_CREATE | NLM_F_EXCL, - iface->ifindex, virtual_ip) == SUCCESS) + iface->ifindex, virtual_ip, prefix) == SUCCESS) { while (!is_vip_installed_or_gone(this, virtual_ip, &entry)) { /* wait until address appears */ @@ -1761,7 +1771,8 @@ METHOD(kernel_net_t, add_ip, status_t, } METHOD(kernel_net_t, del_ip, status_t, - private_kernel_netlink_net_t *this, host_t *virtual_ip) + private_kernel_netlink_net_t *this, host_t *virtual_ip, int prefix, + bool wait) { addr_map_entry_t *entry, lookup = { .ip = virtual_ip, @@ -1800,8 +1811,8 @@ METHOD(kernel_net_t, del_ip, status_t, * until the entry is gone, also so we can wait below */ entry->addr->installed = FALSE; status = manage_ipaddr(this, RTM_DELADDR, 0, entry->iface->ifindex, - virtual_ip); - if (status == SUCCESS) + virtual_ip, prefix); + if (status == SUCCESS && wait) { /* wait until the address is really gone */ while (is_known_vip(this, virtual_ip)) { diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.c index 285f6c8b2..561e8529d 100644 --- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.c +++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.c @@ -21,7 +21,7 @@ #include "kernel_netlink_shared.h" -#include <debug.h> +#include <utils/debug.h> #include <threading/mutex.h> typedef struct private_netlink_socket_t private_netlink_socket_t; |