summaryrefslogtreecommitdiff
path: root/src/libhydra/plugins
diff options
context:
space:
mode:
Diffstat (limited to 'src/libhydra/plugins')
-rw-r--r--src/libhydra/plugins/attr/Makefile.am8
-rw-r--r--src/libhydra/plugins/attr/Makefile.in79
-rw-r--r--src/libhydra/plugins/attr/attr_plugin.c34
-rw-r--r--src/libhydra/plugins/attr/attr_provider.c17
-rw-r--r--src/libhydra/plugins/attr_sql/Makefile.am9
-rw-r--r--src/libhydra/plugins/attr_sql/Makefile.in76
-rw-r--r--src/libhydra/plugins/attr_sql/attr_sql_plugin.c77
-rw-r--r--src/libhydra/plugins/attr_sql/pool.c2
-rw-r--r--src/libhydra/plugins/attr_sql/pool_attributes.c2
-rw-r--r--src/libhydra/plugins/kernel_klips/Makefile.am8
-rw-r--r--src/libhydra/plugins/kernel_klips/Makefile.in74
-rw-r--r--src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c17
-rw-r--r--src/libhydra/plugins/kernel_netlink/Makefile.am14
-rw-r--r--src/libhydra/plugins/kernel_netlink/Makefile.in78
-rw-r--r--src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c82
-rw-r--r--src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c80
-rw-r--r--src/libhydra/plugins/kernel_netlink/kernel_netlink_plugin.c8
-rw-r--r--src/libhydra/plugins/kernel_pfkey/Makefile.am8
-rw-r--r--src/libhydra/plugins/kernel_pfkey/Makefile.in73
-rw-r--r--src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c465
-rw-r--r--src/libhydra/plugins/kernel_pfkey/kernel_pfkey_plugin.c6
-rw-r--r--src/libhydra/plugins/kernel_pfroute/Makefile.am8
-rw-r--r--src/libhydra/plugins/kernel_pfroute/Makefile.in73
-rw-r--r--src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c1209
-rw-r--r--src/libhydra/plugins/resolve/Makefile.am10
-rw-r--r--src/libhydra/plugins/resolve/Makefile.in78
-rw-r--r--src/libhydra/plugins/resolve/resolve_handler.c2
-rw-r--r--src/libhydra/plugins/resolve/resolve_plugin.c34
28 files changed, 2070 insertions, 561 deletions
diff --git a/src/libhydra/plugins/attr/Makefile.am b/src/libhydra/plugins/attr/Makefile.am
index fe0c39ebd..5989beae4 100644
--- a/src/libhydra/plugins/attr/Makefile.am
+++ b/src/libhydra/plugins/attr/Makefile.am
@@ -1,7 +1,9 @@
+AM_CPPFLAGS = \
+ -I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libhydra
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra
-
-AM_CFLAGS = -rdynamic
+AM_CFLAGS = \
+ -rdynamic
if MONOLITHIC
noinst_LTLIBRARIES = libstrongswan-attr.la
diff --git a/src/libhydra/plugins/attr/Makefile.in b/src/libhydra/plugins/attr/Makefile.in
index 113a66039..0d935ead3 100644
--- a/src/libhydra/plugins/attr/Makefile.in
+++ b/src/libhydra/plugins/attr/Makefile.in
@@ -62,7 +62,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/macros/with.m4 \
$(top_srcdir)/m4/macros/enable-disable.m4 \
$(top_srcdir)/m4/macros/add-plugin.m4 \
- $(top_srcdir)/configure.in
+ $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
mkinstalldirs = $(install_sh) -d
@@ -101,9 +101,13 @@ LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
libstrongswan_attr_la_LIBADD =
am_libstrongswan_attr_la_OBJECTS = attr_plugin.lo attr_provider.lo
libstrongswan_attr_la_OBJECTS = $(am_libstrongswan_attr_la_OBJECTS)
-libstrongswan_attr_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
- $(libstrongswan_attr_la_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_lt = $(am__v_lt_@AM_V@)
+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
+am__v_lt_0 = --silent
+libstrongswan_attr_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
+ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
+ $(AM_CFLAGS) $(CFLAGS) $(libstrongswan_attr_la_LDFLAGS) \
+ $(LDFLAGS) -o $@
@MONOLITHIC_FALSE@am_libstrongswan_attr_la_rpath = -rpath $(plugindir)
@MONOLITHIC_TRUE@am_libstrongswan_attr_la_rpath =
DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
@@ -112,13 +116,26 @@ am__depfiles_maybe = depfiles
am__mv = mv -f
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+ $(AM_CFLAGS) $(CFLAGS)
+AM_V_CC = $(am__v_CC_@AM_V@)
+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
+am__v_CC_0 = @echo " CC " $@;
+AM_V_at = $(am__v_at_@AM_V@)
+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
+am__v_at_0 = @
CCLD = $(CC)
-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
- $(LDFLAGS) -o $@
+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(AM_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_CCLD = $(am__v_CCLD_@AM_V@)
+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
+am__v_CCLD_0 = @echo " CCLD " $@;
+AM_V_GEN = $(am__v_GEN_@AM_V@)
+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
+am__v_GEN_0 = @echo " GEN " $@;
SOURCES = $(libstrongswan_attr_la_SOURCES)
DIST_SOURCES = $(libstrongswan_attr_la_SOURCES)
am__can_run_installinfo = \
@@ -132,6 +149,7 @@ DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
@@ -144,6 +162,8 @@ CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
CHECK_CFLAGS = @CHECK_CFLAGS@
CHECK_LIBS = @CHECK_LIBS@
+COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
+COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
CPPFLAGS = @CPPFLAGS@
CYGPATH_W = @CYGPATH_W@
@@ -159,6 +179,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
@@ -167,6 +188,7 @@ INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LCOV = @LCOV@
LD = @LD@
LDFLAGS = @LDFLAGS@
LEX = @LEX@
@@ -213,6 +235,7 @@ SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
SOCKLIB = @SOCKLIB@
STRIP = @STRIP@
+UNWINDLIB = @UNWINDLIB@
VERSION = @VERSION@
YACC = @YACC@
YFLAGS = @YFLAGS@
@@ -241,6 +264,7 @@ charon_natt_port = @charon_natt_port@
charon_plugins = @charon_plugins@
charon_udp_port = @charon_udp_port@
clearsilver_LIBS = @clearsilver_LIBS@
+cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
dbusservicedir = @dbusservicedir@
@@ -318,8 +342,13 @@ top_srcdir = @top_srcdir@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra
-AM_CFLAGS = -rdynamic
+AM_CPPFLAGS = \
+ -I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libhydra
+
+AM_CFLAGS = \
+ -rdynamic
+
@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-attr.la
@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-attr.la
libstrongswan_attr_la_SOURCES = \
@@ -403,7 +432,7 @@ clean-pluginLTLIBRARIES:
rm -f "$${dir}/so_locations"; \
done
libstrongswan-attr.la: $(libstrongswan_attr_la_OBJECTS) $(libstrongswan_attr_la_DEPENDENCIES) $(EXTRA_libstrongswan_attr_la_DEPENDENCIES)
- $(libstrongswan_attr_la_LINK) $(am_libstrongswan_attr_la_rpath) $(libstrongswan_attr_la_OBJECTS) $(libstrongswan_attr_la_LIBADD) $(LIBS)
+ $(AM_V_CCLD)$(libstrongswan_attr_la_LINK) $(am_libstrongswan_attr_la_rpath) $(libstrongswan_attr_la_OBJECTS) $(libstrongswan_attr_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -415,25 +444,25 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/attr_provider.Plo@am__quote@
.c.o:
-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $<
.c.obj:
-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
.c.lo:
-@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
mostlyclean-libtool:
-rm -f *.lo
diff --git a/src/libhydra/plugins/attr/attr_plugin.c b/src/libhydra/plugins/attr/attr_plugin.c
index cb14495af..72fcd6dff 100644
--- a/src/libhydra/plugins/attr/attr_plugin.c
+++ b/src/libhydra/plugins/attr/attr_plugin.c
@@ -42,6 +42,36 @@ METHOD(plugin_t, get_name, char*,
return "attr";
}
+/**
+ * Register provider
+ */
+static bool plugin_cb(private_attr_plugin_t *this,
+ plugin_feature_t *feature, bool reg, void *cb_data)
+{
+ if (reg)
+ {
+ hydra->attributes->add_provider(hydra->attributes,
+ &this->provider->provider);
+ }
+ else
+ {
+ hydra->attributes->remove_provider(hydra->attributes,
+ &this->provider->provider);
+ }
+ return TRUE;
+}
+
+METHOD(plugin_t, get_features, int,
+ private_attr_plugin_t *this, plugin_feature_t *features[])
+{
+ static plugin_feature_t f[] = {
+ PLUGIN_CALLBACK((plugin_feature_callback_t)plugin_cb, NULL),
+ PLUGIN_PROVIDE(CUSTOM, "attr"),
+ };
+ *features = f;
+ return countof(f);
+}
+
METHOD(plugin_t, reload, bool,
private_attr_plugin_t *this)
{
@@ -52,7 +82,6 @@ METHOD(plugin_t, reload, bool,
METHOD(plugin_t, destroy, void,
private_attr_plugin_t *this)
{
- hydra->attributes->remove_provider(hydra->attributes, &this->provider->provider);
this->provider->destroy(this->provider);
free(this);
}
@@ -68,14 +97,13 @@ plugin_t *attr_plugin_create()
.public = {
.plugin = {
.get_name = _get_name,
+ .get_features = _get_features,
.reload = _reload,
.destroy = _destroy,
},
},
.provider = attr_provider_create(),
);
- hydra->attributes->add_provider(hydra->attributes, &this->provider->provider);
return &this->public.plugin;
}
-
diff --git a/src/libhydra/plugins/attr/attr_provider.c b/src/libhydra/plugins/attr/attr_provider.c
index 329f317dd..1a2fa7f28 100644
--- a/src/libhydra/plugins/attr/attr_provider.c
+++ b/src/libhydra/plugins/attr/attr_provider.c
@@ -219,7 +219,7 @@ static void load_entries(private_attr_provider_t *this)
host = host_create_from_string(token, 0);
if (!host)
{
- if (!type)
+ if (mapped)
{
DBG1(DBG_CFG, "invalid host in key %s: %s", key, token);
continue;
@@ -252,9 +252,21 @@ static void load_entries(private_attr_provider_t *this)
}
}
host->destroy(host);
+ if (mapped)
+ {
+ switch (family)
+ {
+ case AF_INET:
+ type = mapped->v4;
+ break;
+ case AF_INET6:
+ type = mapped->v6;
+ break;
+ }
+ }
}
INIT(entry,
- .type = type ?: (family == AF_INET ? mapped->v4 : mapped->v6),
+ .type = type,
.value = data,
);
DBG2(DBG_CFG, "loaded attribute %N: %#B",
@@ -308,4 +320,3 @@ attr_provider_t *attr_provider_create(database_t *db)
return &this->public;
}
-
diff --git a/src/libhydra/plugins/attr_sql/Makefile.am b/src/libhydra/plugins/attr_sql/Makefile.am
index 7491debcd..4c369a2bd 100644
--- a/src/libhydra/plugins/attr_sql/Makefile.am
+++ b/src/libhydra/plugins/attr_sql/Makefile.am
@@ -1,9 +1,10 @@
-
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra
+AM_CPPFLAGS = \
+ -I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libhydra \
+ -DPLUGINS=\""${pool_plugins}\""
AM_CFLAGS = \
- -rdynamic \
- -DPLUGINS=\""${pool_plugins}\""
+ -rdynamic
if MONOLITHIC
noinst_LTLIBRARIES = libstrongswan-attr-sql.la
diff --git a/src/libhydra/plugins/attr_sql/Makefile.in b/src/libhydra/plugins/attr_sql/Makefile.in
index 0d7d55790..935740b28 100644
--- a/src/libhydra/plugins/attr_sql/Makefile.in
+++ b/src/libhydra/plugins/attr_sql/Makefile.in
@@ -64,7 +64,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/macros/with.m4 \
$(top_srcdir)/m4/macros/enable-disable.m4 \
$(top_srcdir)/m4/macros/add-plugin.m4 \
- $(top_srcdir)/configure.in
+ $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
mkinstalldirs = $(install_sh) -d
@@ -105,7 +105,10 @@ am_libstrongswan_attr_sql_la_OBJECTS = attr_sql_plugin.lo \
sql_attribute.lo
libstrongswan_attr_sql_la_OBJECTS = \
$(am_libstrongswan_attr_sql_la_OBJECTS)
-libstrongswan_attr_sql_la_LINK = $(LIBTOOL) --tag=CC \
+AM_V_lt = $(am__v_lt_@AM_V@)
+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
+am__v_lt_0 = --silent
+libstrongswan_attr_sql_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
$(AM_CFLAGS) $(CFLAGS) $(libstrongswan_attr_sql_la_LDFLAGS) \
$(LDFLAGS) -o $@
@@ -125,13 +128,26 @@ am__depfiles_maybe = depfiles
am__mv = mv -f
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+ $(AM_CFLAGS) $(CFLAGS)
+AM_V_CC = $(am__v_CC_@AM_V@)
+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
+am__v_CC_0 = @echo " CC " $@;
+AM_V_at = $(am__v_at_@AM_V@)
+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
+am__v_at_0 = @
CCLD = $(CC)
-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
- $(LDFLAGS) -o $@
+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(AM_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_CCLD = $(am__v_CCLD_@AM_V@)
+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
+am__v_CCLD_0 = @echo " CCLD " $@;
+AM_V_GEN = $(am__v_GEN_@AM_V@)
+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
+am__v_GEN_0 = @echo " GEN " $@;
SOURCES = $(libstrongswan_attr_sql_la_SOURCES) $(pool_SOURCES)
DIST_SOURCES = $(libstrongswan_attr_sql_la_SOURCES) $(pool_SOURCES)
am__can_run_installinfo = \
@@ -145,6 +161,7 @@ DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
@@ -157,6 +174,8 @@ CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
CHECK_CFLAGS = @CHECK_CFLAGS@
CHECK_LIBS = @CHECK_LIBS@
+COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
+COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
CPPFLAGS = @CPPFLAGS@
CYGPATH_W = @CYGPATH_W@
@@ -172,6 +191,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
@@ -180,6 +200,7 @@ INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LCOV = @LCOV@
LD = @LD@
LDFLAGS = @LDFLAGS@
LEX = @LEX@
@@ -226,6 +247,7 @@ SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
SOCKLIB = @SOCKLIB@
STRIP = @STRIP@
+UNWINDLIB = @UNWINDLIB@
VERSION = @VERSION@
YACC = @YACC@
YFLAGS = @YFLAGS@
@@ -254,6 +276,7 @@ charon_natt_port = @charon_natt_port@
charon_plugins = @charon_plugins@
charon_udp_port = @charon_udp_port@
clearsilver_LIBS = @clearsilver_LIBS@
+cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
dbusservicedir = @dbusservicedir@
@@ -331,11 +354,14 @@ top_srcdir = @top_srcdir@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra
-AM_CFLAGS = \
- -rdynamic \
+AM_CPPFLAGS = \
+ -I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libhydra \
-DPLUGINS=\""${pool_plugins}\""
+AM_CFLAGS = \
+ -rdynamic
+
@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-attr-sql.la
@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-attr-sql.la
libstrongswan_attr_sql_la_SOURCES = \
@@ -425,7 +451,7 @@ clean-pluginLTLIBRARIES:
rm -f "$${dir}/so_locations"; \
done
libstrongswan-attr-sql.la: $(libstrongswan_attr_sql_la_OBJECTS) $(libstrongswan_attr_sql_la_DEPENDENCIES) $(EXTRA_libstrongswan_attr_sql_la_DEPENDENCIES)
- $(libstrongswan_attr_sql_la_LINK) $(am_libstrongswan_attr_sql_la_rpath) $(libstrongswan_attr_sql_la_OBJECTS) $(libstrongswan_attr_sql_la_LIBADD) $(LIBS)
+ $(AM_V_CCLD)$(libstrongswan_attr_sql_la_LINK) $(am_libstrongswan_attr_sql_la_rpath) $(libstrongswan_attr_sql_la_OBJECTS) $(libstrongswan_attr_sql_la_LIBADD) $(LIBS)
install-ipsecPROGRAMS: $(ipsec_PROGRAMS)
@$(NORMAL_INSTALL)
@list='$(ipsec_PROGRAMS)'; test -n "$(ipsecdir)" || list=; \
@@ -474,7 +500,7 @@ clean-ipsecPROGRAMS:
rm -f $$list
pool$(EXEEXT): $(pool_OBJECTS) $(pool_DEPENDENCIES) $(EXTRA_pool_DEPENDENCIES)
@rm -f pool$(EXEEXT)
- $(LINK) $(pool_OBJECTS) $(pool_LDADD) $(LIBS)
+ $(AM_V_CCLD)$(LINK) $(pool_OBJECTS) $(pool_LDADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -489,25 +515,25 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sql_attribute.Plo@am__quote@
.c.o:
-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $<
.c.obj:
-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
.c.lo:
-@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
mostlyclean-libtool:
-rm -f *.lo
diff --git a/src/libhydra/plugins/attr_sql/attr_sql_plugin.c b/src/libhydra/plugins/attr_sql/attr_sql_plugin.c
index 69e6f7be6..702872c57 100644
--- a/src/libhydra/plugins/attr_sql/attr_sql_plugin.c
+++ b/src/libhydra/plugins/attr_sql/attr_sql_plugin.c
@@ -1,4 +1,5 @@
/*
+ * Copyright (C) 2013 Tobias Brunner
* Copyright (C) 2008 Martin Willi
* Hochschule fuer Technik Rapperswil
*
@@ -15,6 +16,7 @@
#include <hydra.h>
#include <utils/debug.h>
+#include <plugins/plugin_feature.h>
#include "attr_sql_plugin.h"
#include "sql_attribute.h"
@@ -48,12 +50,59 @@ METHOD(plugin_t, get_name, char*,
return "attr-sql";
}
+/**
+ * Connect to database
+ */
+static bool open_database(private_attr_sql_plugin_t *this,
+ plugin_feature_t *feature, bool reg, void *cb_data)
+{
+ if (reg)
+ {
+ char *uri;
+
+ uri = lib->settings->get_str(lib->settings,
+ "libhydra.plugins.attr-sql.database", NULL);
+ if (!uri)
+ {
+ DBG1(DBG_CFG, "attr-sql plugin: database URI not set");
+ return FALSE;
+ }
+
+ this->db = lib->db->create(lib->db, uri);
+ if (!this->db)
+ {
+ DBG1(DBG_CFG, "attr-sql plugin failed to connect to database");
+ return FALSE;
+ }
+ this->attribute = sql_attribute_create(this->db);
+ hydra->attributes->add_provider(hydra->attributes,
+ &this->attribute->provider);
+ }
+ else
+ {
+ hydra->attributes->remove_provider(hydra->attributes,
+ &this->attribute->provider);
+ this->attribute->destroy(this->attribute);
+ this->db->destroy(this->db);
+ }
+ return TRUE;
+}
+
+METHOD(plugin_t, get_features, int,
+ private_attr_sql_plugin_t *this, plugin_feature_t *features[])
+{
+ static plugin_feature_t f[] = {
+ PLUGIN_CALLBACK((plugin_feature_callback_t)open_database, NULL),
+ PLUGIN_PROVIDE(CUSTOM, "attr-sql"),
+ PLUGIN_DEPENDS(DATABASE, DB_ANY),
+ };
+ *features = f;
+ return countof(f);
+}
+
METHOD(plugin_t, destroy, void,
private_attr_sql_plugin_t *this)
{
- hydra->attributes->remove_provider(hydra->attributes, &this->attribute->provider);
- this->attribute->destroy(this->attribute);
- this->db->destroy(this->db);
free(this);
}
@@ -63,36 +112,16 @@ METHOD(plugin_t, destroy, void,
plugin_t *attr_sql_plugin_create()
{
private_attr_sql_plugin_t *this;
- char *uri;
-
- uri = lib->settings->get_str(lib->settings, "libhydra.plugins.attr-sql.database",
- NULL);
- if (!uri)
- {
- DBG1(DBG_CFG, "attr-sql plugin: database URI not set");
- return NULL;
- }
INIT(this,
.public = {
.plugin = {
.get_name = _get_name,
- .reload = (void*)return_false,
+ .get_features = _get_features,
.destroy = _destroy,
},
},
- .db = lib->db->create(lib->db, uri),
);
- if (!this->db)
- {
- DBG1(DBG_CFG, "attr-sql plugin failed to connect to database");
- free(this);
- return NULL;
- }
- this->attribute = sql_attribute_create(this->db);
- hydra->attributes->add_provider(hydra->attributes, &this->attribute->provider);
-
return &this->public.plugin;
}
-
diff --git a/src/libhydra/plugins/attr_sql/pool.c b/src/libhydra/plugins/attr_sql/pool.c
index 880af61dc..4e7c48e23 100644
--- a/src/libhydra/plugins/attr_sql/pool.c
+++ b/src/libhydra/plugins/attr_sql/pool.c
@@ -1260,7 +1260,7 @@ int main(int argc, char *argv[])
fprintf(stderr, "integrity check of pool failed\n");
exit(SS_RC_DAEMON_INTEGRITY);
}
- if (!lib->plugins->load(lib->plugins, NULL,
+ if (!lib->plugins->load(lib->plugins,
lib->settings->get_str(lib->settings, "pool.load", PLUGINS)))
{
exit(SS_RC_INITIALIZATION_FAILED);
diff --git a/src/libhydra/plugins/attr_sql/pool_attributes.c b/src/libhydra/plugins/attr_sql/pool_attributes.c
index 5dcfe85ed..1d1ba8f58 100644
--- a/src/libhydra/plugins/attr_sql/pool_attributes.c
+++ b/src/libhydra/plugins/attr_sql/pool_attributes.c
@@ -75,6 +75,7 @@ static const attr_info_t attr_info[] = {
{ "unity_def_domain", VALUE_STRING, UNITY_DEF_DOMAIN, 0 },
{ "unity_splitdns_name", VALUE_STRING, UNITY_SPLITDNS_NAME, 0 },
{ "unity_split_include", VALUE_SUBNET, UNITY_SPLIT_INCLUDE, 0 },
+ { "unity_split_exclude", VALUE_SUBNET, UNITY_LOCAL_LAN, 0 },
{ "unity_local_lan", VALUE_SUBNET, UNITY_LOCAL_LAN, 0 },
};
@@ -153,6 +154,7 @@ static bool parse_attributes(char *name, char *value, value_type_t *value_type,
memcpy(pos_addr, addr_chunk.ptr, 4);
memcpy(pos_addr + 4, mask_chunk.ptr, 4);
addr->destroy(addr);
+ addr = NULL;
mask->destroy(mask);
chunk_free(blob);
*blob = blob_next;
diff --git a/src/libhydra/plugins/kernel_klips/Makefile.am b/src/libhydra/plugins/kernel_klips/Makefile.am
index df639b255..1b98cab06 100644
--- a/src/libhydra/plugins/kernel_klips/Makefile.am
+++ b/src/libhydra/plugins/kernel_klips/Makefile.am
@@ -1,7 +1,9 @@
+AM_CPPFLAGS = \
+ -I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libhydra
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra
-
-AM_CFLAGS = -rdynamic
+AM_CFLAGS = \
+ -rdynamic
if MONOLITHIC
noinst_LTLIBRARIES = libstrongswan-kernel-klips.la
diff --git a/src/libhydra/plugins/kernel_klips/Makefile.in b/src/libhydra/plugins/kernel_klips/Makefile.in
index 5bc67de27..81208b5ca 100644
--- a/src/libhydra/plugins/kernel_klips/Makefile.in
+++ b/src/libhydra/plugins/kernel_klips/Makefile.in
@@ -62,7 +62,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/macros/with.m4 \
$(top_srcdir)/m4/macros/enable-disable.m4 \
$(top_srcdir)/m4/macros/add-plugin.m4 \
- $(top_srcdir)/configure.in
+ $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
mkinstalldirs = $(install_sh) -d
@@ -103,7 +103,10 @@ am_libstrongswan_kernel_klips_la_OBJECTS = kernel_klips_plugin.lo \
kernel_klips_ipsec.lo
libstrongswan_kernel_klips_la_OBJECTS = \
$(am_libstrongswan_kernel_klips_la_OBJECTS)
-libstrongswan_kernel_klips_la_LINK = $(LIBTOOL) --tag=CC \
+AM_V_lt = $(am__v_lt_@AM_V@)
+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
+am__v_lt_0 = --silent
+libstrongswan_kernel_klips_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
$(AM_CFLAGS) $(CFLAGS) \
$(libstrongswan_kernel_klips_la_LDFLAGS) $(LDFLAGS) -o $@
@@ -116,13 +119,26 @@ am__depfiles_maybe = depfiles
am__mv = mv -f
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+ $(AM_CFLAGS) $(CFLAGS)
+AM_V_CC = $(am__v_CC_@AM_V@)
+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
+am__v_CC_0 = @echo " CC " $@;
+AM_V_at = $(am__v_at_@AM_V@)
+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
+am__v_at_0 = @
CCLD = $(CC)
-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
- $(LDFLAGS) -o $@
+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(AM_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_CCLD = $(am__v_CCLD_@AM_V@)
+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
+am__v_CCLD_0 = @echo " CCLD " $@;
+AM_V_GEN = $(am__v_GEN_@AM_V@)
+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
+am__v_GEN_0 = @echo " GEN " $@;
SOURCES = $(libstrongswan_kernel_klips_la_SOURCES)
DIST_SOURCES = $(libstrongswan_kernel_klips_la_SOURCES)
am__can_run_installinfo = \
@@ -136,6 +152,7 @@ DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
@@ -148,6 +165,8 @@ CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
CHECK_CFLAGS = @CHECK_CFLAGS@
CHECK_LIBS = @CHECK_LIBS@
+COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
+COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
CPPFLAGS = @CPPFLAGS@
CYGPATH_W = @CYGPATH_W@
@@ -163,6 +182,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
@@ -171,6 +191,7 @@ INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LCOV = @LCOV@
LD = @LD@
LDFLAGS = @LDFLAGS@
LEX = @LEX@
@@ -217,6 +238,7 @@ SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
SOCKLIB = @SOCKLIB@
STRIP = @STRIP@
+UNWINDLIB = @UNWINDLIB@
VERSION = @VERSION@
YACC = @YACC@
YFLAGS = @YFLAGS@
@@ -245,6 +267,7 @@ charon_natt_port = @charon_natt_port@
charon_plugins = @charon_plugins@
charon_udp_port = @charon_udp_port@
clearsilver_LIBS = @clearsilver_LIBS@
+cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
dbusservicedir = @dbusservicedir@
@@ -322,8 +345,13 @@ top_srcdir = @top_srcdir@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra
-AM_CFLAGS = -rdynamic
+AM_CPPFLAGS = \
+ -I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libhydra
+
+AM_CFLAGS = \
+ -rdynamic
+
@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-kernel-klips.la
@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-kernel-klips.la
libstrongswan_kernel_klips_la_SOURCES = \
@@ -407,7 +435,7 @@ clean-pluginLTLIBRARIES:
rm -f "$${dir}/so_locations"; \
done
libstrongswan-kernel-klips.la: $(libstrongswan_kernel_klips_la_OBJECTS) $(libstrongswan_kernel_klips_la_DEPENDENCIES) $(EXTRA_libstrongswan_kernel_klips_la_DEPENDENCIES)
- $(libstrongswan_kernel_klips_la_LINK) $(am_libstrongswan_kernel_klips_la_rpath) $(libstrongswan_kernel_klips_la_OBJECTS) $(libstrongswan_kernel_klips_la_LIBADD) $(LIBS)
+ $(AM_V_CCLD)$(libstrongswan_kernel_klips_la_LINK) $(am_libstrongswan_kernel_klips_la_rpath) $(libstrongswan_kernel_klips_la_OBJECTS) $(libstrongswan_kernel_klips_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -419,25 +447,25 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kernel_klips_plugin.Plo@am__quote@
.c.o:
-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $<
.c.obj:
-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
.c.lo:
-@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
mostlyclean-libtool:
-rm -f *.lo
diff --git a/src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c b/src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c
index a120b3d00..82f80fd4c 100644
--- a/src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c
+++ b/src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c
@@ -78,7 +78,7 @@
/** this is the default number of ipsec devices */
#define DEFAULT_IPSEC_DEV_COUNT 4
/** TRUE if the given name matches an ipsec device */
-#define IS_IPSEC_DEV(name) (strneq((name), IPSEC_DEV_PREFIX, sizeof(IPSEC_DEV_PREFIX) - 1))
+#define IS_IPSEC_DEV(name) (strpfx((name), IPSEC_DEV_PREFIX))
/** the following stuff is from ipsec_tunnel.h */
struct ipsectunnelconf
@@ -1682,8 +1682,8 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
u_int8_t protocol, u_int32_t reqid, mark_t mark, u_int32_t tfc,
lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key,
u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode,
- u_int16_t ipcomp, u_int16_t cpi, bool encap, bool esn, bool inbound,
- traffic_selector_t *src_ts, traffic_selector_t *dst_ts)
+ u_int16_t ipcomp, u_int16_t cpi, bool initiator, bool encap, bool esn,
+ bool inbound, traffic_selector_t *src_ts, traffic_selector_t *dst_ts)
{
unsigned char request[PFKEY_BUFFER_SIZE];
struct sadb_msg *msg, *out;
@@ -1911,7 +1911,7 @@ METHOD(kernel_ipsec_t, update_sa, status_t,
METHOD(kernel_ipsec_t, query_sa, status_t,
private_kernel_klips_ipsec_t *this, host_t *src, host_t *dst,
u_int32_t spi, u_int8_t protocol, mark_t mark,
- u_int64_t *bytes, u_int64_t *packets)
+ u_int64_t *bytes, u_int64_t *packets, u_int32_t *time)
{
return NOT_SUPPORTED; /* TODO */
}
@@ -2022,7 +2022,7 @@ METHOD(kernel_ipsec_t, add_policy, status_t,
else
{
/* apply the new one, if we have no such policy */
- this->policies->insert_last(this->policies, policy);
+ this->policies->insert_first(this->policies, policy);
}
if (priority == POLICY_PRIORITY_ROUTED)
@@ -2088,7 +2088,8 @@ METHOD(kernel_ipsec_t, add_policy, status_t,
this->mutex->lock(this->mutex);
/* we try to find the policy again and install the route if needed */
- if (this->policies->find_last(this->policies, NULL, (void**)&policy) != SUCCESS)
+ if (this->policies->find_first(this->policies, NULL,
+ (void**)&policy) != SUCCESS)
{
this->mutex->unlock(this->mutex);
DBG2(DBG_KNL, "the policy %R === %R %N is already gone, ignoring",
@@ -2118,7 +2119,7 @@ METHOD(kernel_ipsec_t, add_policy, status_t,
this->install_routes)
{
hydra->kernel_interface->get_address_by_ts(hydra->kernel_interface,
- src_ts, &route->src_ip);
+ src_ts, &route->src_ip, NULL);
}
if (!route->src_ip)
@@ -2332,7 +2333,7 @@ METHOD(kernel_ipsec_t, query_policy, status_t,
while (fgets(line, sizeof(line), file))
{
- if (strneq(line, said, strlen(said)))
+ if (strpfx(line, said))
{
/* fine we found the correct line, now find the idle time */
u_int32_t idle_time;
diff --git a/src/libhydra/plugins/kernel_netlink/Makefile.am b/src/libhydra/plugins/kernel_netlink/Makefile.am
index 1ad379421..ad573523e 100644
--- a/src/libhydra/plugins/kernel_netlink/Makefile.am
+++ b/src/libhydra/plugins/kernel_netlink/Makefile.am
@@ -1,10 +1,12 @@
+AM_CPPFLAGS = \
+ -I${linux_headers} \
+ -I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libhydra \
+ -DROUTING_TABLE=${routing_table} \
+ -DROUTING_TABLE_PRIO=${routing_table_prio}
-INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan \
- -I$(top_srcdir)/src/libhydra
-
-AM_CFLAGS = -rdynamic \
--DROUTING_TABLE=${routing_table} \
--DROUTING_TABLE_PRIO=${routing_table_prio}
+AM_CFLAGS = \
+ -rdynamic
if MONOLITHIC
noinst_LTLIBRARIES = libstrongswan-kernel-netlink.la
diff --git a/src/libhydra/plugins/kernel_netlink/Makefile.in b/src/libhydra/plugins/kernel_netlink/Makefile.in
index 9702010bb..9cb988c8d 100644
--- a/src/libhydra/plugins/kernel_netlink/Makefile.in
+++ b/src/libhydra/plugins/kernel_netlink/Makefile.in
@@ -62,7 +62,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/macros/with.m4 \
$(top_srcdir)/m4/macros/enable-disable.m4 \
$(top_srcdir)/m4/macros/add-plugin.m4 \
- $(top_srcdir)/configure.in
+ $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
mkinstalldirs = $(install_sh) -d
@@ -104,7 +104,10 @@ am_libstrongswan_kernel_netlink_la_OBJECTS = kernel_netlink_plugin.lo \
kernel_netlink_shared.lo
libstrongswan_kernel_netlink_la_OBJECTS = \
$(am_libstrongswan_kernel_netlink_la_OBJECTS)
-libstrongswan_kernel_netlink_la_LINK = $(LIBTOOL) --tag=CC \
+AM_V_lt = $(am__v_lt_@AM_V@)
+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
+am__v_lt_0 = --silent
+libstrongswan_kernel_netlink_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
$(AM_CFLAGS) $(CFLAGS) \
$(libstrongswan_kernel_netlink_la_LDFLAGS) $(LDFLAGS) -o $@
@@ -117,13 +120,26 @@ am__depfiles_maybe = depfiles
am__mv = mv -f
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+ $(AM_CFLAGS) $(CFLAGS)
+AM_V_CC = $(am__v_CC_@AM_V@)
+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
+am__v_CC_0 = @echo " CC " $@;
+AM_V_at = $(am__v_at_@AM_V@)
+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
+am__v_at_0 = @
CCLD = $(CC)
-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
- $(LDFLAGS) -o $@
+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(AM_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_CCLD = $(am__v_CCLD_@AM_V@)
+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
+am__v_CCLD_0 = @echo " CCLD " $@;
+AM_V_GEN = $(am__v_GEN_@AM_V@)
+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
+am__v_GEN_0 = @echo " GEN " $@;
SOURCES = $(libstrongswan_kernel_netlink_la_SOURCES)
DIST_SOURCES = $(libstrongswan_kernel_netlink_la_SOURCES)
am__can_run_installinfo = \
@@ -137,6 +153,7 @@ DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
@@ -149,6 +166,8 @@ CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
CHECK_CFLAGS = @CHECK_CFLAGS@
CHECK_LIBS = @CHECK_LIBS@
+COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
+COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
CPPFLAGS = @CPPFLAGS@
CYGPATH_W = @CYGPATH_W@
@@ -164,6 +183,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
@@ -172,6 +192,7 @@ INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LCOV = @LCOV@
LD = @LD@
LDFLAGS = @LDFLAGS@
LEX = @LEX@
@@ -218,6 +239,7 @@ SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
SOCKLIB = @SOCKLIB@
STRIP = @STRIP@
+UNWINDLIB = @UNWINDLIB@
VERSION = @VERSION@
YACC = @YACC@
YFLAGS = @YFLAGS@
@@ -246,6 +268,7 @@ charon_natt_port = @charon_natt_port@
charon_plugins = @charon_plugins@
charon_udp_port = @charon_udp_port@
clearsilver_LIBS = @clearsilver_LIBS@
+cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
dbusservicedir = @dbusservicedir@
@@ -323,12 +346,15 @@ top_srcdir = @top_srcdir@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
-INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan \
- -I$(top_srcdir)/src/libhydra
+AM_CPPFLAGS = \
+ -I${linux_headers} \
+ -I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libhydra \
+ -DROUTING_TABLE=${routing_table} \
+ -DROUTING_TABLE_PRIO=${routing_table_prio}
-AM_CFLAGS = -rdynamic \
--DROUTING_TABLE=${routing_table} \
--DROUTING_TABLE_PRIO=${routing_table_prio}
+AM_CFLAGS = \
+ -rdynamic
@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-kernel-netlink.la
@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-kernel-netlink.la
@@ -415,7 +441,7 @@ clean-pluginLTLIBRARIES:
rm -f "$${dir}/so_locations"; \
done
libstrongswan-kernel-netlink.la: $(libstrongswan_kernel_netlink_la_OBJECTS) $(libstrongswan_kernel_netlink_la_DEPENDENCIES) $(EXTRA_libstrongswan_kernel_netlink_la_DEPENDENCIES)
- $(libstrongswan_kernel_netlink_la_LINK) $(am_libstrongswan_kernel_netlink_la_rpath) $(libstrongswan_kernel_netlink_la_OBJECTS) $(libstrongswan_kernel_netlink_la_LIBADD) $(LIBS)
+ $(AM_V_CCLD)$(libstrongswan_kernel_netlink_la_LINK) $(am_libstrongswan_kernel_netlink_la_rpath) $(libstrongswan_kernel_netlink_la_OBJECTS) $(libstrongswan_kernel_netlink_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -429,25 +455,25 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kernel_netlink_shared.Plo@am__quote@
.c.o:
-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $<
.c.obj:
-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
.c.lo:
-@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
mostlyclean-libtool:
-rm -f *.lo
diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
index 9b4ade533..b34fa149c 100644
--- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
+++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
@@ -37,11 +37,9 @@
#include <hydra.h>
#include <utils/debug.h>
-#include <threading/thread.h>
#include <threading/mutex.h>
#include <collections/hashtable.h>
#include <collections/linked_list.h>
-#include <processing/jobs/callback_job.h>
/** Required for Linux 2.6.26 kernel and later */
#ifndef XFRM_STATE_AF_UNSPEC
@@ -558,6 +556,9 @@ struct policy_entry_t {
/** List of SAs this policy is used by, ordered by priority */
linked_list_t *used_by;
+
+ /** reqid for this policy */
+ u_int32_t reqid;
};
/**
@@ -969,40 +970,37 @@ static void process_mapping(private_kernel_netlink_ipsec_t *this,
/**
* Receives events from kernel
*/
-static job_requeue_t receive_events(private_kernel_netlink_ipsec_t *this)
+static bool receive_events(private_kernel_netlink_ipsec_t *this, int fd,
+ watcher_event_t event)
{
char response[1024];
struct nlmsghdr *hdr = (struct nlmsghdr*)response;
struct sockaddr_nl addr;
socklen_t addr_len = sizeof(addr);
int len;
- bool oldstate;
-
- oldstate = thread_cancelability(TRUE);
- len = recvfrom(this->socket_xfrm_events, response, sizeof(response), 0,
- (struct sockaddr*)&addr, &addr_len);
- thread_cancelability(oldstate);
+ len = recvfrom(this->socket_xfrm_events, response, sizeof(response),
+ MSG_DONTWAIT, (struct sockaddr*)&addr, &addr_len);
if (len < 0)
{
switch (errno)
{
case EINTR:
/* interrupted, try again */
- return JOB_REQUEUE_DIRECT;
+ return TRUE;
case EAGAIN:
/* no data ready, select again */
- return JOB_REQUEUE_DIRECT;
+ return TRUE;
default:
DBG1(DBG_KNL, "unable to receive from xfrm event socket");
sleep(1);
- return JOB_REQUEUE_FAIR;
+ return TRUE;
}
}
if (addr.nl_pid != 0)
{ /* not from kernel. not interested, try another one */
- return JOB_REQUEUE_DIRECT;
+ return TRUE;
}
while (NLMSG_OK(hdr, len))
@@ -1028,7 +1026,7 @@ static job_requeue_t receive_events(private_kernel_netlink_ipsec_t *this)
}
hdr = NLMSG_NEXT(hdr, len);
}
- return JOB_REQUEUE_DIRECT;
+ return TRUE;
}
METHOD(kernel_ipsec_t, get_features, kernel_feature_t,
@@ -1170,7 +1168,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
u_int32_t spi, u_int8_t protocol, u_int32_t reqid, mark_t mark,
u_int32_t tfc, lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key,
u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, u_int16_t ipcomp,
- u_int16_t cpi, bool encap, bool esn, bool inbound,
+ u_int16_t cpi, bool initiator, bool encap, bool esn, bool inbound,
traffic_selector_t* src_ts, traffic_selector_t* dst_ts)
{
netlink_buf_t request;
@@ -1187,7 +1185,8 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
lifetime_cfg_t lft = {{0,0,0},{0,0,0},{0,0,0}};
add_sa(this, src, dst, htonl(ntohs(cpi)), IPPROTO_COMP, reqid, mark,
tfc, &lft, ENCR_UNDEFINED, chunk_empty, AUTH_UNDEFINED,
- chunk_empty, mode, ipcomp, 0, FALSE, FALSE, inbound, NULL, NULL);
+ chunk_empty, mode, ipcomp, 0, initiator, FALSE, FALSE, inbound,
+ NULL, NULL);
ipcomp = IPCOMP_NONE;
/* use transport mode ESP SA, IPComp uses tunnel mode */
mode = MODE_TRANSPORT;
@@ -1220,6 +1219,12 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
if(src_ts && dst_ts)
{
sa->sel = ts2selector(src_ts, dst_ts);
+ /* don't install proto/port on SA. This would break
+ * potential secondary SAs for the same address using a
+ * different prot/port. */
+ sa->sel.proto = 0;
+ sa->sel.dport = sa->sel.dport_mask = 0;
+ sa->sel.sport = sa->sel.sport_mask = 0;
}
break;
default:
@@ -1595,7 +1600,7 @@ static void get_replay_state(private_kernel_netlink_ipsec_t *this,
METHOD(kernel_ipsec_t, query_sa, status_t,
private_kernel_netlink_ipsec_t *this, host_t *src, host_t *dst,
u_int32_t spi, u_int8_t protocol, mark_t mark,
- u_int64_t *bytes, u_int64_t *packets)
+ u_int64_t *bytes, u_int64_t *packets, u_int32_t *time)
{
netlink_buf_t request;
struct nlmsghdr *out = NULL, *hdr;
@@ -1680,6 +1685,12 @@ METHOD(kernel_ipsec_t, query_sa, status_t,
{
*packets = sa->curlft.packets;
}
+ if (time)
+ { /* curlft contains an "use" time, but that contains a timestamp
+ * of the first use, not the last. Last use time must be queried
+ * on the policy on Linux */
+ *time = 0;
+ }
status = SUCCESS;
}
memwipe(out, len);
@@ -2041,7 +2052,7 @@ static status_t add_policy_internal(private_kernel_netlink_ipsec_t *this,
{
continue;
}
- tmpl->reqid = ipsec->cfg.reqid;
+ tmpl->reqid = policy->reqid;
tmpl->id.proto = protos[i].proto;
tmpl->aalgos = tmpl->ealgos = tmpl->calgos = ~0;
tmpl->mode = mode2kernel(proto_mode);
@@ -2049,7 +2060,7 @@ static status_t add_policy_internal(private_kernel_netlink_ipsec_t *this,
policy->direction != POLICY_OUT;
tmpl->family = ipsec->src->get_family(ipsec->src);
- if (proto_mode == MODE_TUNNEL)
+ if (proto_mode == MODE_TUNNEL || proto_mode == MODE_BEET)
{ /* only for tunnel mode */
host2xfrm(ipsec->src, &tmpl->saddr);
host2xfrm(ipsec->dst, &tmpl->id.daddr);
@@ -2102,7 +2113,7 @@ static status_t add_policy_internal(private_kernel_netlink_ipsec_t *this,
);
if (hydra->kernel_interface->get_address_by_ts(hydra->kernel_interface,
- fwd->dst_ts, &route->src_ip) == SUCCESS)
+ fwd->dst_ts, &route->src_ip, NULL) == SUCCESS)
{
/* get the nexthop to src (src as we are in POLICY_FWD) */
route->gateway = hydra->kernel_interface->get_nexthop(
@@ -2197,6 +2208,7 @@ METHOD(kernel_ipsec_t, add_policy, status_t,
.sel = ts2selector(src_ts, dst_ts),
.mark = mark.value & mark.mask,
.direction = direction,
+ .reqid = sa->reqid,
);
/* find the policy, which matches EXACTLY */
@@ -2204,6 +2216,16 @@ METHOD(kernel_ipsec_t, add_policy, status_t,
current = this->policies->get(this->policies, policy);
if (current)
{
+ if (current->reqid != sa->reqid)
+ {
+ DBG1(DBG_CFG, "unable to install policy %R === %R %N (mark "
+ "%u/0x%08x) for reqid %u, the same policy for reqid %u exists",
+ src_ts, dst_ts, policy_dir_names, direction,
+ mark.value, mark.mask, sa->reqid, current->reqid);
+ policy_entry_destroy(this, policy);
+ this->mutex->unlock(this->mutex);
+ return INVALID_STATE;
+ }
/* use existing policy */
DBG2(DBG_KNL, "policy %R === %R %N (mark %u/0x%08x) "
"already exists, increasing refcount",
@@ -2375,7 +2397,7 @@ METHOD(kernel_ipsec_t, del_policy, status_t,
/* find the policy */
this->mutex->lock(this->mutex);
current = this->policies->get(this->policies, &policy);
- if (!current)
+ if (!current || current->reqid != reqid)
{
if (mark.value)
{
@@ -2398,8 +2420,7 @@ METHOD(kernel_ipsec_t, del_policy, status_t,
enumerator = current->used_by->create_enumerator(current->used_by);
while (enumerator->enumerate(enumerator, (void**)&mapping))
{
- if (reqid == mapping->sa->cfg.reqid &&
- priority == mapping->priority)
+ if (priority == mapping->priority)
{
current->used_by->remove_at(current->used_by, enumerator);
policy_sa_destroy(mapping, &direction, this);
@@ -2579,6 +2600,7 @@ METHOD(kernel_ipsec_t, destroy, void,
if (this->socket_xfrm_events > 0)
{
+ lib->watcher->remove(lib->watcher, this->socket_xfrm_events);
close(this->socket_xfrm_events);
}
DESTROY_IF(this->socket_xfrm);
@@ -2638,13 +2660,7 @@ kernel_netlink_ipsec_t *kernel_netlink_ipsec_create()
this->replay_bmp = (this->replay_window + sizeof(u_int32_t) * 8 - 1) /
(sizeof(u_int32_t) * 8);
- if (streq(hydra->daemon, "pluto"))
- { /* no routes for pluto, they are installed via updown script */
- this->install_routes = FALSE;
- /* no policy history for pluto */
- this->policy_history = FALSE;
- }
- else if (streq(hydra->daemon, "starter"))
+ if (streq(hydra->daemon, "starter"))
{ /* starter has no threads, so we do not register for kernel events */
register_for_events = FALSE;
}
@@ -2687,10 +2703,8 @@ kernel_netlink_ipsec_t *kernel_netlink_ipsec_create()
destroy(this);
return NULL;
}
- lib->processor->queue_job(lib->processor,
- (job_t*)callback_job_create_with_prio(
- (callback_job_cb_t)receive_events, this, NULL,
- (callback_job_cancel_t)return_false, JOB_PRIO_CRITICAL));
+ lib->watcher->add(lib->watcher, this->socket_xfrm_events, WATCHER_READ,
+ (watcher_cb_t)receive_events, this);
}
return &this->public;
diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c
index 3e0725a35..e129ab131 100644
--- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c
+++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2008-2012 Tobias Brunner
+ * Copyright (C) 2008-2013 Tobias Brunner
* Copyright (C) 2005-2008 Martin Willi
* Hochschule fuer Technik Rapperswil
*
@@ -50,7 +50,6 @@
#include <hydra.h>
#include <utils/debug.h>
-#include <threading/thread.h>
#include <threading/mutex.h>
#include <threading/rwlock.h>
#include <threading/rwlock_condvar.h>
@@ -68,6 +67,14 @@
/** maximum recursion when searching for addresses in get_route() */
#define MAX_ROUTE_RECURSION 2
+#ifndef ROUTING_TABLE
+#define ROUTING_TABLE 0
+#endif
+
+#ifndef ROUTING_TABLE_PRIO
+#define ROUTING_TABLE_PRIO 0
+#endif
+
typedef struct addr_entry_t addr_entry_t;
/**
@@ -257,7 +264,7 @@ static route_entry_t *route_entry_clone(route_entry_t *this)
INIT(route,
.if_name = strdup(this->if_name),
.src_ip = this->src_ip->clone(this->src_ip),
- .gateway = this->gateway->clone(this->gateway),
+ .gateway = this->gateway ? this->gateway->clone(this->gateway) : NULL,
.dst_net = chunk_clone(this->dst_net),
.prefixlen = this->prefixlen,
);
@@ -290,10 +297,14 @@ static u_int route_entry_hash(route_entry_t *this)
*/
static bool route_entry_equals(route_entry_t *a, route_entry_t *b)
{
- return a->if_name && b->if_name && streq(a->if_name, b->if_name) &&
- a->src_ip->ip_equals(a->src_ip, b->src_ip) &&
- a->gateway->ip_equals(a->gateway, b->gateway) &&
- chunk_equals(a->dst_net, b->dst_net) && a->prefixlen == b->prefixlen;
+ if (a->if_name && b->if_name && streq(a->if_name, b->if_name) &&
+ a->src_ip->ip_equals(a->src_ip, b->src_ip) &&
+ chunk_equals(a->dst_net, b->dst_net) && a->prefixlen == b->prefixlen)
+ {
+ return (!a->gateway && !b->gateway) || (a->gateway && b->gateway &&
+ a->gateway->ip_equals(a->gateway, b->gateway));
+ }
+ return FALSE;
}
typedef struct net_change_t net_change_t;
@@ -428,6 +439,11 @@ struct private_kernel_netlink_net_t {
bool process_route;
/**
+ * whether to trigger roam events
+ */
+ bool roam_events;
+
+ /**
* whether to actually install virtual IPs
*/
bool install_virtual_ip;
@@ -695,6 +711,11 @@ static void fire_roam_event(private_kernel_netlink_net_t *this, bool address)
timeval_t now;
job_t *job;
+ if (!this->roam_events)
+ {
+ return;
+ }
+
time_monotonic(&now);
this->roam_lock->lock(this->roam_lock);
if (!timercmp(&now, &this->next_roam, >))
@@ -1057,40 +1078,37 @@ static void process_route(private_kernel_netlink_net_t *this, struct nlmsghdr *h
/**
* Receives events from kernel
*/
-static job_requeue_t receive_events(private_kernel_netlink_net_t *this)
+static bool receive_events(private_kernel_netlink_net_t *this, int fd,
+ watcher_event_t event)
{
char response[1024];
struct nlmsghdr *hdr = (struct nlmsghdr*)response;
struct sockaddr_nl addr;
socklen_t addr_len = sizeof(addr);
int len;
- bool oldstate;
-
- oldstate = thread_cancelability(TRUE);
- len = recvfrom(this->socket_events, response, sizeof(response), 0,
- (struct sockaddr*)&addr, &addr_len);
- thread_cancelability(oldstate);
+ len = recvfrom(this->socket_events, response, sizeof(response),
+ MSG_DONTWAIT, (struct sockaddr*)&addr, &addr_len);
if (len < 0)
{
switch (errno)
{
case EINTR:
/* interrupted, try again */
- return JOB_REQUEUE_DIRECT;
+ return TRUE;
case EAGAIN:
/* no data ready, select again */
- return JOB_REQUEUE_DIRECT;
+ return TRUE;
default:
DBG1(DBG_KNL, "unable to receive from rt event socket");
sleep(1);
- return JOB_REQUEUE_FAIR;
+ return TRUE;
}
}
if (addr.nl_pid != 0)
{ /* not from kernel. not interested, try another one */
- return JOB_REQUEUE_DIRECT;
+ return TRUE;
}
while (NLMSG_OK(hdr, len))
@@ -1118,7 +1136,7 @@ static job_requeue_t receive_events(private_kernel_netlink_net_t *this)
}
hdr = NLMSG_NEXT(hdr, len);
}
- return JOB_REQUEUE_DIRECT;
+ return TRUE;
}
/** enumerator over addresses */
@@ -1147,6 +1165,10 @@ static bool filter_addresses(address_enumerator_t *data,
{ /* skip virtual interfaces added by us */
return FALSE;
}
+ if (!(data->which & ADDR_TYPE_REGULAR) && !(*in)->refcount)
+ { /* address is regular, but not requested */
+ return FALSE;
+ }
if ((*in)->scope >= RT_SCOPE_LINK)
{ /* skip addresses with a unusable scope */
return FALSE;
@@ -1191,9 +1213,12 @@ static bool filter_interfaces(address_enumerator_t *data, iface_entry_t** in,
METHOD(kernel_net_t, create_address_enumerator, enumerator_t*,
private_kernel_netlink_net_t *this, kernel_address_type_t which)
{
- address_enumerator_t *data = malloc_thing(address_enumerator_t);
- data->this = this;
- data->which = which;
+ address_enumerator_t *data;
+
+ INIT(data,
+ .this = this,
+ .which = which,
+ );
this->lock->read_lock(this->lock);
return enumerator_create_nested(
@@ -1237,7 +1262,7 @@ METHOD(kernel_net_t, get_interface_name, bool,
if (name)
{
*name = strdup(entry->iface->ifname);
- DBG2(DBG_KNL, "virtual %H is on interface %s", ip, *name);
+ DBG2(DBG_KNL, "virtual IP %H is on interface %s", ip, *name);
}
this->lock->unlock(this->lock);
return TRUE;
@@ -2146,6 +2171,7 @@ METHOD(kernel_net_t, destroy, void,
}
if (this->socket_events > 0)
{
+ lib->watcher->remove(lib->watcher, this->socket_events);
close(this->socket_events);
}
enumerator = this->routes->create_enumerator(this->routes);
@@ -2227,6 +2253,8 @@ kernel_netlink_net_t *kernel_netlink_net_create()
"%s.install_virtual_ip", TRUE, hydra->daemon),
.install_virtual_ip_on = lib->settings->get_str(lib->settings,
"%s.install_virtual_ip_on", NULL, hydra->daemon),
+ .roam_events = lib->settings->get_bool(lib->settings,
+ "%s.plugins.kernel-netlink.roam_events", TRUE, hydra->daemon),
);
timerclear(&this->last_route_reinstall);
timerclear(&this->next_roam);
@@ -2283,10 +2311,8 @@ kernel_netlink_net_t *kernel_netlink_net_create()
return NULL;
}
- lib->processor->queue_job(lib->processor,
- (job_t*)callback_job_create_with_prio(
- (callback_job_cb_t)receive_events, this, NULL,
- (callback_job_cancel_t)return_false, JOB_PRIO_CRITICAL));
+ lib->watcher->add(lib->watcher, this->socket_events, WATCHER_READ,
+ (watcher_cb_t)receive_events, this);
}
if (init_address_list(this) != SUCCESS)
diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_plugin.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_plugin.c
index 0eb00dadf..8d5a0d5e8 100644
--- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_plugin.c
+++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_plugin.c
@@ -65,6 +65,14 @@ plugin_t *kernel_netlink_plugin_create()
{
private_kernel_netlink_plugin_t *this;
+ if (!lib->caps->keep(lib->caps, CAP_NET_ADMIN))
+ { /* required to bind/use XFRM sockets / create/modify routing tables, but
+ * not if only the read-only parts of kernel-netlink-net are used, so
+ * we don't fail here */
+ DBG1(DBG_KNL, "kernel-netlink plugin might require CAP_NET_ADMIN "
+ "capability");
+ }
+
INIT(this,
.public = {
.plugin = {
diff --git a/src/libhydra/plugins/kernel_pfkey/Makefile.am b/src/libhydra/plugins/kernel_pfkey/Makefile.am
index 1d1488a6b..bb5d0d7f7 100644
--- a/src/libhydra/plugins/kernel_pfkey/Makefile.am
+++ b/src/libhydra/plugins/kernel_pfkey/Makefile.am
@@ -1,8 +1,10 @@
-
-INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan \
+AM_CPPFLAGS = \
+ -I${linux_headers} \
+ -I$(top_srcdir)/src/libstrongswan \
-I$(top_srcdir)/src/libhydra
-AM_CFLAGS = -rdynamic
+AM_CFLAGS = \
+ -rdynamic
if MONOLITHIC
noinst_LTLIBRARIES = libstrongswan-kernel-pfkey.la
diff --git a/src/libhydra/plugins/kernel_pfkey/Makefile.in b/src/libhydra/plugins/kernel_pfkey/Makefile.in
index b00f74473..fd95afd09 100644
--- a/src/libhydra/plugins/kernel_pfkey/Makefile.in
+++ b/src/libhydra/plugins/kernel_pfkey/Makefile.in
@@ -62,7 +62,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/macros/with.m4 \
$(top_srcdir)/m4/macros/enable-disable.m4 \
$(top_srcdir)/m4/macros/add-plugin.m4 \
- $(top_srcdir)/configure.in
+ $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
mkinstalldirs = $(install_sh) -d
@@ -103,7 +103,10 @@ am_libstrongswan_kernel_pfkey_la_OBJECTS = kernel_pfkey_plugin.lo \
kernel_pfkey_ipsec.lo
libstrongswan_kernel_pfkey_la_OBJECTS = \
$(am_libstrongswan_kernel_pfkey_la_OBJECTS)
-libstrongswan_kernel_pfkey_la_LINK = $(LIBTOOL) --tag=CC \
+AM_V_lt = $(am__v_lt_@AM_V@)
+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
+am__v_lt_0 = --silent
+libstrongswan_kernel_pfkey_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
$(AM_CFLAGS) $(CFLAGS) \
$(libstrongswan_kernel_pfkey_la_LDFLAGS) $(LDFLAGS) -o $@
@@ -116,13 +119,26 @@ am__depfiles_maybe = depfiles
am__mv = mv -f
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+ $(AM_CFLAGS) $(CFLAGS)
+AM_V_CC = $(am__v_CC_@AM_V@)
+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
+am__v_CC_0 = @echo " CC " $@;
+AM_V_at = $(am__v_at_@AM_V@)
+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
+am__v_at_0 = @
CCLD = $(CC)
-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
- $(LDFLAGS) -o $@
+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(AM_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_CCLD = $(am__v_CCLD_@AM_V@)
+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
+am__v_CCLD_0 = @echo " CCLD " $@;
+AM_V_GEN = $(am__v_GEN_@AM_V@)
+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
+am__v_GEN_0 = @echo " GEN " $@;
SOURCES = $(libstrongswan_kernel_pfkey_la_SOURCES)
DIST_SOURCES = $(libstrongswan_kernel_pfkey_la_SOURCES)
am__can_run_installinfo = \
@@ -136,6 +152,7 @@ DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
@@ -148,6 +165,8 @@ CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
CHECK_CFLAGS = @CHECK_CFLAGS@
CHECK_LIBS = @CHECK_LIBS@
+COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
+COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
CPPFLAGS = @CPPFLAGS@
CYGPATH_W = @CYGPATH_W@
@@ -163,6 +182,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
@@ -171,6 +191,7 @@ INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LCOV = @LCOV@
LD = @LD@
LDFLAGS = @LDFLAGS@
LEX = @LEX@
@@ -217,6 +238,7 @@ SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
SOCKLIB = @SOCKLIB@
STRIP = @STRIP@
+UNWINDLIB = @UNWINDLIB@
VERSION = @VERSION@
YACC = @YACC@
YFLAGS = @YFLAGS@
@@ -245,6 +267,7 @@ charon_natt_port = @charon_natt_port@
charon_plugins = @charon_plugins@
charon_udp_port = @charon_udp_port@
clearsilver_LIBS = @clearsilver_LIBS@
+cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
dbusservicedir = @dbusservicedir@
@@ -322,10 +345,14 @@ top_srcdir = @top_srcdir@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
-INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan \
+AM_CPPFLAGS = \
+ -I${linux_headers} \
+ -I$(top_srcdir)/src/libstrongswan \
-I$(top_srcdir)/src/libhydra
-AM_CFLAGS = -rdynamic
+AM_CFLAGS = \
+ -rdynamic
+
@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-kernel-pfkey.la
@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-kernel-pfkey.la
libstrongswan_kernel_pfkey_la_SOURCES = \
@@ -409,7 +436,7 @@ clean-pluginLTLIBRARIES:
rm -f "$${dir}/so_locations"; \
done
libstrongswan-kernel-pfkey.la: $(libstrongswan_kernel_pfkey_la_OBJECTS) $(libstrongswan_kernel_pfkey_la_DEPENDENCIES) $(EXTRA_libstrongswan_kernel_pfkey_la_DEPENDENCIES)
- $(libstrongswan_kernel_pfkey_la_LINK) $(am_libstrongswan_kernel_pfkey_la_rpath) $(libstrongswan_kernel_pfkey_la_OBJECTS) $(libstrongswan_kernel_pfkey_la_LIBADD) $(LIBS)
+ $(AM_V_CCLD)$(libstrongswan_kernel_pfkey_la_LINK) $(am_libstrongswan_kernel_pfkey_la_rpath) $(libstrongswan_kernel_pfkey_la_OBJECTS) $(libstrongswan_kernel_pfkey_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -421,25 +448,25 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kernel_pfkey_plugin.Plo@am__quote@
.c.o:
-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $<
.c.obj:
-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
.c.lo:
-@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
mostlyclean-libtool:
-rm -f *.lo
diff --git a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
index 2521af87d..668c581e1 100644
--- a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
+++ b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
@@ -62,9 +62,7 @@
#include <networking/host.h>
#include <collections/linked_list.h>
#include <collections/hashtable.h>
-#include <threading/thread.h>
#include <threading/mutex.h>
-#include <processing/jobs/callback_job.h>
/** non linux specific */
#ifndef IPPROTO_COMP
@@ -180,6 +178,11 @@ struct private_kernel_pfkey_ipsec_t
linked_list_t *policies;
/**
+ * List of exclude routes (exclude_route_t)
+ */
+ linked_list_t *excludes;
+
+ /**
* Hash table of IPsec SAs using policies (ipsec_sa_t)
*/
hashtable_t *sas;
@@ -210,6 +213,33 @@ struct private_kernel_pfkey_ipsec_t
int seq;
};
+typedef struct exclude_route_t exclude_route_t;
+
+/**
+ * Exclude route definition
+ */
+struct exclude_route_t {
+ /** destination address of exclude */
+ host_t *dst;
+ /** source address for route */
+ host_t *src;
+ /** nexthop exclude has been installed */
+ host_t *gtw;
+ /** references to this route */
+ int refs;
+};
+
+/**
+ * clean up a route exclude entry
+ */
+static void exclude_route_destroy(exclude_route_t *this)
+{
+ this->dst->destroy(this->dst);
+ this->src->destroy(this->src);
+ this->gtw->destroy(this->gtw);
+ free(this);
+}
+
typedef struct route_entry_t route_entry_t;
/**
@@ -230,6 +260,9 @@ struct route_entry_t {
/** destination net prefixlen */
u_int8_t prefixlen;
+
+ /** reference to exclude route, if any */
+ exclude_route_t *exclude;
};
/**
@@ -251,6 +284,7 @@ static bool route_entry_equals(route_entry_t *a, route_entry_t *b)
{
return a->if_name && b->if_name && streq(a->if_name, b->if_name) &&
a->src_ip->ip_equals(a->src_ip, b->src_ip) &&
+ a->gateway && b->gateway &&
a->gateway->ip_equals(a->gateway, b->gateway) &&
chunk_equals(a->dst_net, b->dst_net) && a->prefixlen == b->prefixlen;
}
@@ -339,7 +373,7 @@ static void ipsec_sa_destroy(private_kernel_pfkey_ipsec_t *this,
}
typedef struct policy_sa_t policy_sa_t;
-typedef struct policy_sa_fwd_t policy_sa_fwd_t;
+typedef struct policy_sa_in_t policy_sa_in_t;
/**
* Mapping between a policy and an IPsec SA.
@@ -356,10 +390,10 @@ struct policy_sa_t {
};
/**
- * For forward policies we also cache the traffic selectors in order to install
+ * For input policies we also cache the traffic selectors in order to install
* the route.
*/
-struct policy_sa_fwd_t {
+struct policy_sa_in_t {
/** Generic interface */
policy_sa_t generic;
@@ -371,7 +405,7 @@ struct policy_sa_fwd_t {
};
/**
- * Create a policy_sa(_fwd)_t object
+ * Create a policy_sa(_in)_t object
*/
static policy_sa_t *policy_sa_create(private_kernel_pfkey_ipsec_t *this,
policy_dir_t dir, policy_type_t type, host_t *src, host_t *dst,
@@ -379,14 +413,14 @@ static policy_sa_t *policy_sa_create(private_kernel_pfkey_ipsec_t *this,
{
policy_sa_t *policy;
- if (dir == POLICY_FWD)
+ if (dir == POLICY_IN)
{
- policy_sa_fwd_t *fwd;
- INIT(fwd,
+ policy_sa_in_t *in;
+ INIT(in,
.src_ts = src_ts->clone(src_ts),
.dst_ts = dst_ts->clone(dst_ts),
);
- policy = &fwd->generic;
+ policy = &in->generic;
}
else
{
@@ -398,16 +432,16 @@ static policy_sa_t *policy_sa_create(private_kernel_pfkey_ipsec_t *this,
}
/**
- * Destroy a policy_sa(_fwd)_t object
+ * Destroy a policy_sa(_in)_t object
*/
static void policy_sa_destroy(policy_sa_t *policy, policy_dir_t *dir,
private_kernel_pfkey_ipsec_t *this)
{
- if (*dir == POLICY_FWD)
+ if (*dir == POLICY_IN)
{
- policy_sa_fwd_t *fwd = (policy_sa_fwd_t*)policy;
- fwd->src_ts->destroy(fwd->src_ts);
- fwd->dst_ts->destroy(fwd->dst_ts);
+ policy_sa_in_t *in = (policy_sa_in_t*)policy;
+ in->src_ts->destroy(in->src_ts);
+ in->dst_ts->destroy(in->dst_ts);
}
ipsec_sa_destroy(this, policy->sa);
free(policy);
@@ -945,6 +979,10 @@ static traffic_selector_t* sadb_address2ts(struct sadb_address *address)
{
traffic_selector_t *ts;
host_t *host;
+ u_int8_t proto;
+
+ proto = address->sadb_address_proto;
+ proto = proto == IPSEC_PROTO_ANY ? 0 : proto;
/* The Linux 2.6 kernel does not set the protocol and port information
* in the src and dst sadb_address extensions of the SADB_ACQUIRE message.
@@ -952,8 +990,7 @@ static traffic_selector_t* sadb_address2ts(struct sadb_address *address)
host = host_create_from_sockaddr((sockaddr_t*)&address[1]);
ts = traffic_selector_create_from_subnet(host,
address->sadb_address_prefixlen,
- address->sadb_address_proto,
- host->get_port(host),
+ proto, host->get_port(host),
host->get_port(host) ?: 65535);
return ts;
}
@@ -1090,7 +1127,7 @@ static status_t pfkey_send_socket(private_kernel_pfkey_ipsec_t *this, int socket
}
if (msg->sadb_msg_seq != this->seq)
{
- DBG1(DBG_KNL, "received PF_KEY message with unexpected sequence "
+ DBG2(DBG_KNL, "received PF_KEY message with unexpected sequence "
"number, was %d expected %d", msg->sadb_msg_seq,
this->seq);
if (msg->sadb_msg_seq == 0)
@@ -1346,31 +1383,28 @@ static void process_mapping(private_kernel_pfkey_ipsec_t *this,
/**
* Receives events from kernel
*/
-static job_requeue_t receive_events(private_kernel_pfkey_ipsec_t *this)
+static bool receive_events(private_kernel_pfkey_ipsec_t *this, int fd,
+ watcher_event_t event)
{
unsigned char buf[PFKEY_BUFFER_SIZE];
struct sadb_msg *msg = (struct sadb_msg*)buf;
- bool oldstate;
int len;
- oldstate = thread_cancelability(TRUE);
- len = recvfrom(this->socket_events, buf, sizeof(buf), 0, NULL, 0);
- thread_cancelability(oldstate);
-
+ len = recvfrom(this->socket_events, buf, sizeof(buf), MSG_DONTWAIT, NULL, 0);
if (len < 0)
{
switch (errno)
{
case EINTR:
/* interrupted, try again */
- return JOB_REQUEUE_DIRECT;
+ return TRUE;
case EAGAIN:
/* no data ready, select again */
- return JOB_REQUEUE_DIRECT;
+ return TRUE;
default:
DBG1(DBG_KNL, "unable to receive from PF_KEY event socket");
sleep(1);
- return JOB_REQUEUE_FAIR;
+ return TRUE;
}
}
@@ -1378,17 +1412,17 @@ static job_requeue_t receive_events(private_kernel_pfkey_ipsec_t *this)
msg->sadb_msg_len < PFKEY_LEN(sizeof(struct sadb_msg)))
{
DBG2(DBG_KNL, "received corrupted PF_KEY message");
- return JOB_REQUEUE_DIRECT;
+ return TRUE;
}
if (msg->sadb_msg_pid != 0)
{ /* not from kernel. not interested, try another one */
- return JOB_REQUEUE_DIRECT;
+ return TRUE;
}
if (msg->sadb_msg_len > len / PFKEY_ALIGNMENT)
{
DBG1(DBG_KNL, "buffer was too small to receive the complete "
"PF_KEY message");
- return JOB_REQUEUE_DIRECT;
+ return TRUE;
}
switch (msg->sadb_msg_type)
@@ -1413,7 +1447,7 @@ static job_requeue_t receive_events(private_kernel_pfkey_ipsec_t *this)
break;
}
- return JOB_REQUEUE_DIRECT;
+ return TRUE;
}
METHOD(kernel_ipsec_t, get_spi, status_t,
@@ -1487,8 +1521,8 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
u_int8_t protocol, u_int32_t reqid, mark_t mark, u_int32_t tfc,
lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key,
u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode,
- u_int16_t ipcomp, u_int16_t cpi, bool encap, bool esn, bool inbound,
- traffic_selector_t *src_ts, traffic_selector_t *dst_ts)
+ u_int16_t ipcomp, u_int16_t cpi, bool initiator, bool encap, bool esn,
+ bool inbound, traffic_selector_t *src_ts, traffic_selector_t *dst_ts)
{
unsigned char request[PFKEY_BUFFER_SIZE];
struct sadb_msg *msg, *out;
@@ -1768,7 +1802,7 @@ METHOD(kernel_ipsec_t, update_sa, status_t,
METHOD(kernel_ipsec_t, query_sa, status_t,
private_kernel_pfkey_ipsec_t *this, host_t *src, host_t *dst,
u_int32_t spi, u_int8_t protocol, mark_t mark,
- u_int64_t *bytes, u_int64_t *packets)
+ u_int64_t *bytes, u_int64_t *packets, u_int32_t *time)
{
unsigned char request[PFKEY_BUFFER_SIZE];
struct sadb_msg *msg, *out;
@@ -1826,6 +1860,18 @@ METHOD(kernel_ipsec_t, query_sa, status_t,
/* not supported by PF_KEY */
*packets = 0;
}
+ if (time)
+ {
+#ifdef __APPLE__
+ /* OS X uses the "last" time of use in usetime */
+ *time = response.lft_current->sadb_lifetime_usetime;
+#else /* !__APPLE__ */
+ /* on Linux, sadb_lifetime_usetime is set to the "first" time of use,
+ * which is actually correct according to PF_KEY. We have to query
+ * policies for the last usetime. */
+ *time = 0;
+#endif /* !__APPLE__ */
+ }
free(out);
return SUCCESS;
@@ -1915,6 +1961,228 @@ METHOD(kernel_ipsec_t, flush_sas, status_t,
}
/**
+ * Add an explicit exclude route to a routing entry
+ */
+static void add_exclude_route(private_kernel_pfkey_ipsec_t *this,
+ route_entry_t *route, host_t *src, host_t *dst)
+{
+ enumerator_t *enumerator;
+ exclude_route_t *exclude;
+ host_t *gtw;
+
+ enumerator = this->excludes->create_enumerator(this->excludes);
+ while (enumerator->enumerate(enumerator, &exclude))
+ {
+ if (dst->ip_equals(dst, exclude->dst))
+ {
+ route->exclude = exclude;
+ exclude->refs++;
+ }
+ }
+ enumerator->destroy(enumerator);
+
+ if (!route->exclude)
+ {
+ DBG2(DBG_KNL, "installing new exclude route for %H src %H", dst, src);
+ gtw = hydra->kernel_interface->get_nexthop(hydra->kernel_interface,
+ dst, NULL);
+ if (gtw)
+ {
+ char *if_name = NULL;
+
+ if (hydra->kernel_interface->get_interface(
+ hydra->kernel_interface, src, &if_name) &&
+ hydra->kernel_interface->add_route(hydra->kernel_interface,
+ dst->get_address(dst),
+ dst->get_family(dst) == AF_INET ? 32 : 128,
+ gtw, src, if_name) == SUCCESS)
+ {
+ INIT(exclude,
+ .dst = dst->clone(dst),
+ .src = src->clone(src),
+ .gtw = gtw->clone(gtw),
+ .refs = 1,
+ );
+ route->exclude = exclude;
+ this->excludes->insert_last(this->excludes, exclude);
+ }
+ else
+ {
+ DBG1(DBG_KNL, "installing exclude route for %H failed", dst);
+ }
+ gtw->destroy(gtw);
+ free(if_name);
+ }
+ else
+ {
+ DBG1(DBG_KNL, "gateway lookup for for %H failed", dst);
+ }
+ }
+}
+
+/**
+ * Remove an exclude route attached to a routing entry
+ */
+static void remove_exclude_route(private_kernel_pfkey_ipsec_t *this,
+ route_entry_t *route)
+{
+ if (route->exclude)
+ {
+ enumerator_t *enumerator;
+ exclude_route_t *exclude;
+ bool removed = FALSE;
+ host_t *dst;
+
+ enumerator = this->excludes->create_enumerator(this->excludes);
+ while (enumerator->enumerate(enumerator, &exclude))
+ {
+ if (route->exclude == exclude)
+ {
+ if (--exclude->refs == 0)
+ {
+ this->excludes->remove_at(this->excludes, enumerator);
+ removed = TRUE;
+ break;
+ }
+ }
+ }
+ enumerator->destroy(enumerator);
+
+ if (removed)
+ {
+ char *if_name = NULL;
+
+ dst = route->exclude->dst;
+ DBG2(DBG_KNL, "uninstalling exclude route for %H src %H",
+ dst, route->exclude->src);
+ if (hydra->kernel_interface->get_interface(
+ hydra->kernel_interface,
+ route->exclude->src, &if_name) &&
+ hydra->kernel_interface->del_route(hydra->kernel_interface,
+ dst->get_address(dst),
+ dst->get_family(dst) == AF_INET ? 32 : 128,
+ route->exclude->gtw, route->exclude->src,
+ if_name) != SUCCESS)
+ {
+ DBG1(DBG_KNL, "uninstalling exclude route for %H failed", dst);
+ }
+ exclude_route_destroy(route->exclude);
+ free(if_name);
+ }
+ route->exclude = NULL;
+ }
+}
+
+/**
+ * Try to install a route to the given inbound policy
+ */
+static bool install_route(private_kernel_pfkey_ipsec_t *this,
+ policy_entry_t *policy, policy_sa_in_t *in)
+{
+ route_entry_t *route, *old;
+ host_t *host, *src, *dst;
+ bool is_virtual;
+
+ if (hydra->kernel_interface->get_address_by_ts(hydra->kernel_interface,
+ in->dst_ts, &host, &is_virtual) != SUCCESS)
+ {
+ return FALSE;
+ }
+
+ /* switch src/dst, as we handle an IN policy */
+ src = in->generic.sa->dst;
+ dst = in->generic.sa->src;
+
+ INIT(route,
+ .prefixlen = policy->src.mask,
+ .src_ip = host,
+ .gateway = hydra->kernel_interface->get_nexthop(
+ hydra->kernel_interface, dst, src),
+ .dst_net = chunk_clone(policy->src.net->get_address(policy->src.net)),
+ );
+
+ /* if the IP is virtual, we install the route over the interface it has
+ * been installed on. Otherwise we use the interface we use for IKE, as
+ * this is required for example on Linux. */
+ if (is_virtual)
+ {
+ src = route->src_ip;
+ }
+
+ /* get interface for route, using source address */
+ if (!hydra->kernel_interface->get_interface(hydra->kernel_interface,
+ src, &route->if_name))
+ {
+ route_entry_destroy(route);
+ return FALSE;
+ }
+
+ if (policy->route)
+ {
+ old = policy->route;
+
+ if (route_entry_equals(old, route))
+ { /* such a route already exists */
+ route_entry_destroy(route);
+ return TRUE;
+ }
+ /* uninstall previously installed route */
+ if (hydra->kernel_interface->del_route(hydra->kernel_interface,
+ old->dst_net, old->prefixlen, old->gateway,
+ old->src_ip, old->if_name) != SUCCESS)
+ {
+ DBG1(DBG_KNL, "error uninstalling route installed with policy "
+ "%R === %R %N", in->src_ts, in->dst_ts,
+ policy_dir_names, policy->direction);
+ }
+ route_entry_destroy(old);
+ policy->route = NULL;
+ }
+
+ /* if remote traffic selector covers the IKE peer, add an exclude route */
+ if (hydra->kernel_interface->get_features(
+ hydra->kernel_interface) & KERNEL_REQUIRE_EXCLUDE_ROUTE)
+ {
+ if (in->src_ts->is_host(in->src_ts, dst))
+ {
+ DBG1(DBG_KNL, "can't install route for %R === %R %N, conflicts "
+ "with IKE traffic", in->src_ts, in->dst_ts, policy_dir_names,
+ policy->direction);
+ route_entry_destroy(route);
+ return FALSE;
+ }
+ if (in->src_ts->includes(in->src_ts, dst))
+ {
+ add_exclude_route(this, route, in->generic.sa->dst, dst);
+ }
+ }
+
+ DBG2(DBG_KNL, "installing route: %R via %H src %H dev %s",
+ in->src_ts, route->gateway, route->src_ip, route->if_name);
+
+ switch (hydra->kernel_interface->add_route(hydra->kernel_interface,
+ route->dst_net, route->prefixlen, route->gateway,
+ route->src_ip, route->if_name))
+ {
+ case ALREADY_DONE:
+ /* route exists, do not uninstall */
+ remove_exclude_route(this, route);
+ route_entry_destroy(route);
+ return TRUE;
+ case SUCCESS:
+ /* cache the installed route */
+ policy->route = route;
+ return TRUE;
+ default:
+ DBG1(DBG_KNL, "installing route failed: %R via %H src %H dev %s",
+ in->src_ts, route->gateway, route->src_ip, route->if_name);
+ remove_exclude_route(this, route);
+ route_entry_destroy(route);
+ return FALSE;
+ }
+}
+
+/**
* Add or update a policy in the kernel.
*
* Note: The mutex has to be locked when entering this function.
@@ -2010,8 +2278,8 @@ static status_t add_policy_internal(private_kernel_pfkey_ipsec_t *this,
/* we try to find the policy again and update the kernel index */
this->mutex->lock(this->mutex);
- if (this->policies->find_last(this->policies, NULL,
- (void**)&policy) != SUCCESS)
+ if (this->policies->find_first(this->policies, NULL,
+ (void**)&policy) != SUCCESS)
{
DBG2(DBG_KNL, "unable to update index, the policy is already gone, "
"ignoring");
@@ -2027,83 +2295,10 @@ static status_t add_policy_internal(private_kernel_pfkey_ipsec_t *this,
* - we are in tunnel mode
* - routing is not disabled via strongswan.conf
*/
- if (policy->direction == POLICY_FWD &&
+ if (policy->direction == POLICY_IN &&
ipsec->cfg.mode != MODE_TRANSPORT && this->install_routes)
{
- policy_sa_fwd_t *fwd = (policy_sa_fwd_t*)mapping;
- route_entry_t *route;
-
- INIT(route,
- .prefixlen = policy->src.mask,
- );
-
- if (hydra->kernel_interface->get_address_by_ts(hydra->kernel_interface,
- fwd->dst_ts, &route->src_ip) == SUCCESS)
- {
- /* get the nexthop to src (src as we are in POLICY_FWD).*/
- route->gateway = hydra->kernel_interface->get_nexthop(
- hydra->kernel_interface, ipsec->src,
- ipsec->dst);
- route->dst_net = chunk_clone(policy->src.net->get_address(
- policy->src.net));
-
- /* install route via outgoing interface */
- if (!hydra->kernel_interface->get_interface(hydra->kernel_interface,
- ipsec->dst, &route->if_name))
- {
- this->mutex->unlock(this->mutex);
- route_entry_destroy(route);
- return SUCCESS;
- }
-
- if (policy->route)
- {
- route_entry_t *old = policy->route;
- if (route_entry_equals(old, route))
- {
- this->mutex->unlock(this->mutex);
- route_entry_destroy(route);
- return SUCCESS;
- }
- /* uninstall previously installed route */
- if (hydra->kernel_interface->del_route(hydra->kernel_interface,
- old->dst_net, old->prefixlen, old->gateway,
- old->src_ip, old->if_name) != SUCCESS)
- {
- DBG1(DBG_KNL, "error uninstalling route installed with "
- "policy %R === %R %N", fwd->src_ts,
- fwd->dst_ts, policy_dir_names,
- policy->direction);
- }
- route_entry_destroy(old);
- policy->route = NULL;
- }
-
- DBG2(DBG_KNL, "installing route: %R via %H src %H dev %s",
- fwd->src_ts, route->gateway, route->src_ip, route->if_name);
- switch (hydra->kernel_interface->add_route(
- hydra->kernel_interface, route->dst_net,
- route->prefixlen, route->gateway,
- route->src_ip, route->if_name))
- {
- default:
- DBG1(DBG_KNL, "unable to install source route for %H",
- route->src_ip);
- /* FALL */
- case ALREADY_DONE:
- /* route exists, do not uninstall */
- route_entry_destroy(route);
- break;
- case SUCCESS:
- /* cache the installed route */
- policy->route = route;
- break;
- }
- }
- else
- {
- free(route);
- }
+ install_route(this, policy, (policy_sa_in_t*)mapping);
}
this->mutex->unlock(this->mutex);
return SUCCESS;
@@ -2141,7 +2336,7 @@ METHOD(kernel_ipsec_t, add_policy, status_t,
}
else
{ /* use the new one, if we have no such policy */
- this->policies->insert_last(this->policies, policy);
+ this->policies->insert_first(this->policies, policy);
policy->used_by = linked_list_create();
}
@@ -2269,7 +2464,7 @@ METHOD(kernel_ipsec_t, query_policy, status_t,
}
else if (response.lft_current == NULL)
{
- DBG1(DBG_KNL, "unable to query policy %R === %R %N: kernel reports no "
+ DBG2(DBG_KNL, "unable to query policy %R === %R %N: kernel reports no "
"use time", src_ts, dst_ts, policy_dir_names, direction);
free(out);
return FAILED;
@@ -2298,9 +2493,9 @@ METHOD(kernel_ipsec_t, del_policy, status_t,
struct sadb_msg *msg, *out;
struct sadb_x_policy *pol;
policy_entry_t *policy, *found = NULL;
- policy_sa_t *mapping;
+ policy_sa_t *mapping, *to_remove = NULL;
enumerator_t *enumerator;
- bool is_installed = TRUE;
+ bool first = TRUE, is_installed = TRUE;
u_int32_t priority;
size_t len;
@@ -2330,19 +2525,31 @@ METHOD(kernel_ipsec_t, del_policy, status_t,
policy_entry_destroy(policy, this);
policy = found;
- /* remove mapping to SA by reqid and priority */
+ /* remove mapping to SA by reqid and priority, if multiple match, which
+ * could happen when rekeying due to an address change, remove the oldest */
priority = get_priority(policy, prio);
enumerator = policy->used_by->create_enumerator(policy->used_by);
while (enumerator->enumerate(enumerator, (void**)&mapping))
{
if (reqid == mapping->sa->cfg.reqid && priority == mapping->priority)
{
- policy->used_by->remove_at(policy->used_by, enumerator);
+ to_remove = mapping;
+ is_installed = first;
+ }
+ else if (priority < mapping->priority)
+ {
break;
}
- is_installed = FALSE;
+ first = FALSE;
}
enumerator->destroy(enumerator);
+ if (!to_remove)
+ { /* sanity check */
+ this->mutex->unlock(this->mutex);
+ return SUCCESS;
+ }
+ policy->used_by->remove(policy->used_by, to_remove, NULL);
+ mapping = to_remove;
if (policy->used_by->get_count(policy->used_by) > 0)
{ /* policy is used by more SAs, keep in kernel */
@@ -2398,6 +2605,7 @@ METHOD(kernel_ipsec_t, del_policy, status_t,
"policy %R === %R %N", src_ts, dst_ts,
policy_dir_names, direction);
}
+ remove_exclude_route(this, route);
}
this->policies->remove(this->policies, found, NULL);
@@ -2548,8 +2756,10 @@ METHOD(kernel_ipsec_t, enable_udp_decap, bool,
return FALSE;
}
#else /* __APPLE__ */
- if (sysctlbyname("net.inet.ipsec.esp_port", NULL, NULL, &port,
- sizeof(port)) != 0)
+ int intport = port;
+
+ if (sysctlbyname("net.inet.ipsec.esp_port", NULL, NULL, &intport,
+ sizeof(intport)) != 0)
{
DBG1(DBG_KNL, "could not set net.inet.ipsec.esp_port to %d: %s",
port, strerror(errno));
@@ -2569,12 +2779,14 @@ METHOD(kernel_ipsec_t, destroy, void,
}
if (this->socket_events > 0)
{
+ lib->watcher->remove(lib->watcher, this->socket_events);
close(this->socket_events);
}
this->policies->invoke_function(this->policies,
(linked_list_invoke_t)policy_entry_destroy,
this);
this->policies->destroy(this->policies);
+ this->excludes->destroy(this->excludes);
this->sas->destroy(this->sas);
this->mutex->destroy(this->mutex);
this->mutex_pfkey->destroy(this->mutex_pfkey);
@@ -2609,6 +2821,7 @@ kernel_pfkey_ipsec_t *kernel_pfkey_ipsec_create()
},
},
.policies = linked_list_create(),
+ .excludes = linked_list_create(),
.sas = hashtable_create((hashtable_hash_t)ipsec_sa_hash,
(hashtable_equals_t)ipsec_sa_equals, 32),
.mutex = mutex_create(MUTEX_TYPE_DEFAULT),
@@ -2618,11 +2831,7 @@ kernel_pfkey_ipsec_t *kernel_pfkey_ipsec_create()
hydra->daemon),
);
- if (streq(hydra->daemon, "pluto"))
- { /* no routes for pluto, they are installed via updown script */
- this->install_routes = FALSE;
- }
- else if (streq(hydra->daemon, "starter"))
+ if (streq(hydra->daemon, "starter"))
{ /* starter has no threads, so we do not register for kernel events */
register_for_events = FALSE;
}
@@ -2656,10 +2865,8 @@ kernel_pfkey_ipsec_t *kernel_pfkey_ipsec_create()
return NULL;
}
- lib->processor->queue_job(lib->processor,
- (job_t*)callback_job_create_with_prio(
- (callback_job_cb_t)receive_events, this, NULL,
- (callback_job_cancel_t)return_false, JOB_PRIO_CRITICAL));
+ lib->watcher->add(lib->watcher, this->socket_events, WATCHER_READ,
+ (watcher_cb_t)receive_events, this);
}
return &this->public;
diff --git a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_plugin.c b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_plugin.c
index 894175402..61d576547 100644
--- a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_plugin.c
+++ b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_plugin.c
@@ -62,6 +62,12 @@ plugin_t *kernel_pfkey_plugin_create()
{
private_kernel_pfkey_plugin_t *this;
+ if (!lib->caps->check(lib->caps, CAP_NET_ADMIN))
+ { /* required to open PF_KEY sockets */
+ DBG1(DBG_KNL, "kernel-pfkey plugin requires CAP_NET_ADMIN capability");
+ return NULL;
+ }
+
INIT(this,
.public = {
.plugin = {
diff --git a/src/libhydra/plugins/kernel_pfroute/Makefile.am b/src/libhydra/plugins/kernel_pfroute/Makefile.am
index df3109eb8..9d1621366 100644
--- a/src/libhydra/plugins/kernel_pfroute/Makefile.am
+++ b/src/libhydra/plugins/kernel_pfroute/Makefile.am
@@ -1,8 +1,10 @@
-
-INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan \
+AM_CPPFLAGS = \
+ -I${linux_headers} \
+ -I$(top_srcdir)/src/libstrongswan \
-I$(top_srcdir)/src/libhydra
-AM_CFLAGS = -rdynamic
+AM_CFLAGS = \
+ -rdynamic
if MONOLITHIC
noinst_LTLIBRARIES = libstrongswan-kernel-pfroute.la
diff --git a/src/libhydra/plugins/kernel_pfroute/Makefile.in b/src/libhydra/plugins/kernel_pfroute/Makefile.in
index a4895df2a..b0324ac18 100644
--- a/src/libhydra/plugins/kernel_pfroute/Makefile.in
+++ b/src/libhydra/plugins/kernel_pfroute/Makefile.in
@@ -62,7 +62,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/macros/with.m4 \
$(top_srcdir)/m4/macros/enable-disable.m4 \
$(top_srcdir)/m4/macros/add-plugin.m4 \
- $(top_srcdir)/configure.in
+ $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
mkinstalldirs = $(install_sh) -d
@@ -103,7 +103,10 @@ am_libstrongswan_kernel_pfroute_la_OBJECTS = kernel_pfroute_plugin.lo \
kernel_pfroute_net.lo
libstrongswan_kernel_pfroute_la_OBJECTS = \
$(am_libstrongswan_kernel_pfroute_la_OBJECTS)
-libstrongswan_kernel_pfroute_la_LINK = $(LIBTOOL) --tag=CC \
+AM_V_lt = $(am__v_lt_@AM_V@)
+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
+am__v_lt_0 = --silent
+libstrongswan_kernel_pfroute_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
$(AM_CFLAGS) $(CFLAGS) \
$(libstrongswan_kernel_pfroute_la_LDFLAGS) $(LDFLAGS) -o $@
@@ -116,13 +119,26 @@ am__depfiles_maybe = depfiles
am__mv = mv -f
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+ $(AM_CFLAGS) $(CFLAGS)
+AM_V_CC = $(am__v_CC_@AM_V@)
+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
+am__v_CC_0 = @echo " CC " $@;
+AM_V_at = $(am__v_at_@AM_V@)
+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
+am__v_at_0 = @
CCLD = $(CC)
-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
- $(LDFLAGS) -o $@
+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(AM_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_CCLD = $(am__v_CCLD_@AM_V@)
+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
+am__v_CCLD_0 = @echo " CCLD " $@;
+AM_V_GEN = $(am__v_GEN_@AM_V@)
+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
+am__v_GEN_0 = @echo " GEN " $@;
SOURCES = $(libstrongswan_kernel_pfroute_la_SOURCES)
DIST_SOURCES = $(libstrongswan_kernel_pfroute_la_SOURCES)
am__can_run_installinfo = \
@@ -136,6 +152,7 @@ DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
@@ -148,6 +165,8 @@ CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
CHECK_CFLAGS = @CHECK_CFLAGS@
CHECK_LIBS = @CHECK_LIBS@
+COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
+COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
CPPFLAGS = @CPPFLAGS@
CYGPATH_W = @CYGPATH_W@
@@ -163,6 +182,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
@@ -171,6 +191,7 @@ INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LCOV = @LCOV@
LD = @LD@
LDFLAGS = @LDFLAGS@
LEX = @LEX@
@@ -217,6 +238,7 @@ SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
SOCKLIB = @SOCKLIB@
STRIP = @STRIP@
+UNWINDLIB = @UNWINDLIB@
VERSION = @VERSION@
YACC = @YACC@
YFLAGS = @YFLAGS@
@@ -245,6 +267,7 @@ charon_natt_port = @charon_natt_port@
charon_plugins = @charon_plugins@
charon_udp_port = @charon_udp_port@
clearsilver_LIBS = @clearsilver_LIBS@
+cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
dbusservicedir = @dbusservicedir@
@@ -322,10 +345,14 @@ top_srcdir = @top_srcdir@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
-INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan \
+AM_CPPFLAGS = \
+ -I${linux_headers} \
+ -I$(top_srcdir)/src/libstrongswan \
-I$(top_srcdir)/src/libhydra
-AM_CFLAGS = -rdynamic
+AM_CFLAGS = \
+ -rdynamic
+
@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-kernel-pfroute.la
@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-kernel-pfroute.la
libstrongswan_kernel_pfroute_la_SOURCES = \
@@ -409,7 +436,7 @@ clean-pluginLTLIBRARIES:
rm -f "$${dir}/so_locations"; \
done
libstrongswan-kernel-pfroute.la: $(libstrongswan_kernel_pfroute_la_OBJECTS) $(libstrongswan_kernel_pfroute_la_DEPENDENCIES) $(EXTRA_libstrongswan_kernel_pfroute_la_DEPENDENCIES)
- $(libstrongswan_kernel_pfroute_la_LINK) $(am_libstrongswan_kernel_pfroute_la_rpath) $(libstrongswan_kernel_pfroute_la_OBJECTS) $(libstrongswan_kernel_pfroute_la_LIBADD) $(LIBS)
+ $(AM_V_CCLD)$(libstrongswan_kernel_pfroute_la_LINK) $(am_libstrongswan_kernel_pfroute_la_rpath) $(libstrongswan_kernel_pfroute_la_OBJECTS) $(libstrongswan_kernel_pfroute_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -421,25 +448,25 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kernel_pfroute_plugin.Plo@am__quote@
.c.o:
-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $<
.c.obj:
-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
.c.lo:
-@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
mostlyclean-libtool:
-rm -f *.lo
diff --git a/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c b/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c
index 7ac3e8a3c..976170c57 100644
--- a/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c
+++ b/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2009-2012 Tobias Brunner
+ * Copyright (C) 2009-2013 Tobias Brunner
* Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -16,6 +16,7 @@
#include <sys/types.h>
#include <sys/socket.h>
#include <net/if.h>
+#include <net/if_dl.h>
#include <ifaddrs.h>
#include <net/route.h>
#include <unistd.h>
@@ -26,8 +27,10 @@
#include <hydra.h>
#include <utils/debug.h>
#include <networking/host.h>
+#include <networking/tun_device.h>
#include <threading/thread.h>
#include <threading/mutex.h>
+#include <threading/condvar.h>
#include <threading/rwlock.h>
#include <collections/hashtable.h>
#include <collections/linked_list.h>
@@ -37,11 +40,21 @@
#error Cannot compile this plugin on systems where 'struct sockaddr' has no sa_len member.
#endif
+/** properly align sockaddrs */
+#ifdef __APPLE__
+/* Apple always uses 4 bytes */
+#define SA_ALIGN 4
+#else
+/* while on other platforms like FreeBSD it depends on the architecture */
+#define SA_ALIGN sizeof(long)
+#endif
+#define SA_LEN(len) ((len) > 0 ? (((len)+SA_ALIGN-1) & ~(SA_ALIGN-1)) : SA_ALIGN)
+
/** delay before firing roam events (ms) */
#define ROAM_DELAY 100
-/** buffer size for PF_ROUTE messages */
-#define PFROUTE_BUFFER_SIZE 4096
+/** delay before reinstalling routes (ms) */
+#define ROUTE_DELAY 100
typedef struct addr_entry_t addr_entry_t;
@@ -55,9 +68,6 @@ struct addr_entry_t {
/** virtual IP managed by us */
bool virtual;
-
- /** Number of times this IP is used, if virtual */
- u_int refcount;
};
/**
@@ -126,6 +136,9 @@ struct addr_map_entry_t {
/** The IP address */
host_t *ip;
+ /** The address entry for this IP address */
+ addr_entry_t *addr;
+
/** The interface this address is installed on */
iface_entry_t *iface;
};
@@ -156,8 +169,17 @@ static bool addr_map_entry_equals(addr_map_entry_t *a, addr_map_entry_t *b)
static bool addr_map_entry_match_up_and_usable(addr_map_entry_t *a,
addr_map_entry_t *b)
{
- return iface_entry_up_and_usable(b->iface) &&
- a->ip->ip_equals(a->ip, b->ip);
+ return !b->addr->virtual && iface_entry_up_and_usable(b->iface) &&
+ a->ip->ip_equals(a->ip, b->ip);
+}
+
+/**
+ * Used with get_match this finds an address entry if it is installed as virtual
+ * IP address
+ */
+static bool addr_map_entry_match_virtual(addr_map_entry_t *a, addr_map_entry_t *b)
+{
+ return b->addr->virtual && a->ip->ip_equals(a->ip, b->ip);
}
/**
@@ -166,7 +188,112 @@ static bool addr_map_entry_match_up_and_usable(addr_map_entry_t *a,
*/
static bool addr_map_entry_match_up(addr_map_entry_t *a, addr_map_entry_t *b)
{
- return iface_entry_up(b->iface) && a->ip->ip_equals(a->ip, b->ip);
+ return !b->addr->virtual && iface_entry_up(b->iface) &&
+ a->ip->ip_equals(a->ip, b->ip);
+}
+
+typedef struct route_entry_t route_entry_t;
+
+/**
+ * Installed routing entry
+ */
+struct route_entry_t {
+ /** Name of the interface the route is bound to */
+ char *if_name;
+
+ /** Gateway for this route */
+ host_t *gateway;
+
+ /** Destination net */
+ chunk_t dst_net;
+
+ /** Destination net prefixlen */
+ u_int8_t prefixlen;
+};
+
+/**
+ * Clone a route_entry_t object.
+ */
+static route_entry_t *route_entry_clone(route_entry_t *this)
+{
+ route_entry_t *route;
+
+ INIT(route,
+ .if_name = strdup(this->if_name),
+ .gateway = this->gateway ? this->gateway->clone(this->gateway) : NULL,
+ .dst_net = chunk_clone(this->dst_net),
+ .prefixlen = this->prefixlen,
+ );
+ return route;
+}
+
+/**
+ * Destroy a route_entry_t object
+ */
+static void route_entry_destroy(route_entry_t *this)
+{
+ free(this->if_name);
+ DESTROY_IF(this->gateway);
+ chunk_free(&this->dst_net);
+ free(this);
+}
+
+/**
+ * Hash a route_entry_t object
+ */
+static u_int route_entry_hash(route_entry_t *this)
+{
+ return chunk_hash_inc(chunk_from_thing(this->prefixlen),
+ chunk_hash(this->dst_net));
+}
+
+/**
+ * Compare two route_entry_t objects
+ */
+static bool route_entry_equals(route_entry_t *a, route_entry_t *b)
+{
+ if (a->if_name && b->if_name && streq(a->if_name, b->if_name) &&
+ chunk_equals(a->dst_net, b->dst_net) && a->prefixlen == b->prefixlen)
+ {
+ return (!a->gateway && !b->gateway) || (a->gateway && b->gateway &&
+ a->gateway->ip_equals(a->gateway, b->gateway));
+ }
+ return FALSE;
+}
+
+typedef struct net_change_t net_change_t;
+
+/**
+ * Queued network changes
+ */
+struct net_change_t {
+ /** Name of the interface that got activated (or an IP appeared on) */
+ char *if_name;
+};
+
+/**
+ * Destroy a net_change_t object
+ */
+static void net_change_destroy(net_change_t *this)
+{
+ free(this->if_name);
+ free(this);
+}
+
+/**
+ * Hash a net_change_t object
+ */
+static u_int net_change_hash(net_change_t *this)
+{
+ return chunk_hash(chunk_create(this->if_name, strlen(this->if_name)));
+}
+
+/**
+ * Compare two net_change_t objects
+ */
+static bool net_change_equals(net_change_t *a, net_change_t *b)
+{
+ return streq(a->if_name, b->if_name);
}
typedef struct private_kernel_pfroute_net_t private_kernel_pfroute_net_t;
@@ -197,19 +324,54 @@ struct private_kernel_pfroute_net_t
hashtable_t *addrs;
/**
- * mutex to lock access to the PF_ROUTE socket
+ * List of tun devices we installed for virtual IPs
*/
- mutex_t *mutex_pfroute;
+ linked_list_t *tuns;
/**
- * PF_ROUTE socket to communicate with the kernel
+ * mutex to communicate exclusively with PF_KEY
*/
- int socket;
+ mutex_t *mutex;
+
+ /**
+ * condvar to signal if PF_KEY query got a response
+ */
+ condvar_t *condvar;
+
+ /**
+ * installed routes
+ */
+ hashtable_t *routes;
+
+ /**
+ * mutex for routes
+ */
+ mutex_t *routes_lock;
+
+ /**
+ * interface changes which may trigger route reinstallation
+ */
+ hashtable_t *net_changes;
+
+ /**
+ * mutex for route reinstallation triggers
+ */
+ mutex_t *net_changes_lock;
+
+ /**
+ * time of last route reinstallation
+ */
+ timeval_t last_route_reinstall;
+
+ /**
+ * pid to send PF_ROUTE messages with
+ */
+ pid_t pid;
/**
- * PF_ROUTE socket to receive events
+ * PF_ROUTE socket to communicate with the kernel
*/
- int socket_events;
+ int socket;
/**
* sequence number for messages sent to the kernel
@@ -217,11 +379,121 @@ struct private_kernel_pfroute_net_t
int seq;
/**
+ * Sequence number a query is waiting for
+ */
+ int waiting_seq;
+
+ /**
+ * Allocated reply message from kernel
+ */
+ struct rt_msghdr *reply;
+
+ /**
* time of last roam event
*/
timeval_t last_roam;
+
+ /**
+ * Time in ms to wait for IP addresses to appear/disappear
+ */
+ int vip_wait;
};
+
+/**
+ * Forward declaration
+ */
+static status_t manage_route(private_kernel_pfroute_net_t *this, int op,
+ chunk_t dst_net, u_int8_t prefixlen,
+ host_t *gateway, char *if_name);
+
+/**
+ * Clear the queued network changes.
+ */
+static void net_changes_clear(private_kernel_pfroute_net_t *this)
+{
+ enumerator_t *enumerator;
+ net_change_t *change;
+
+ enumerator = this->net_changes->create_enumerator(this->net_changes);
+ while (enumerator->enumerate(enumerator, NULL, (void**)&change))
+ {
+ this->net_changes->remove_at(this->net_changes, enumerator);
+ net_change_destroy(change);
+ }
+ enumerator->destroy(enumerator);
+}
+
+/**
+ * Act upon queued network changes.
+ */
+static job_requeue_t reinstall_routes(private_kernel_pfroute_net_t *this)
+{
+ enumerator_t *enumerator;
+ route_entry_t *route;
+
+ this->net_changes_lock->lock(this->net_changes_lock);
+ this->routes_lock->lock(this->routes_lock);
+
+ enumerator = this->routes->create_enumerator(this->routes);
+ while (enumerator->enumerate(enumerator, NULL, (void**)&route))
+ {
+ net_change_t *change, lookup = {
+ .if_name = route->if_name,
+ };
+ /* check if a change for the outgoing interface is queued */
+ change = this->net_changes->get(this->net_changes, &lookup);
+ if (change)
+ {
+ manage_route(this, RTM_ADD, route->dst_net, route->prefixlen,
+ route->gateway, route->if_name);
+ }
+ }
+ enumerator->destroy(enumerator);
+ this->routes_lock->unlock(this->routes_lock);
+
+ net_changes_clear(this);
+ this->net_changes_lock->unlock(this->net_changes_lock);
+ return JOB_REQUEUE_NONE;
+}
+
+/**
+ * Queue route reinstallation caused by network changes for a given interface.
+ *
+ * The route reinstallation is delayed for a while and only done once for
+ * several calls during this delay, in order to avoid doing it too often.
+ * The interface name is freed.
+ */
+static void queue_route_reinstall(private_kernel_pfroute_net_t *this,
+ char *if_name)
+{
+ net_change_t *update, *found;
+ timeval_t now;
+ job_t *job;
+
+ INIT(update,
+ .if_name = if_name
+ );
+
+ this->net_changes_lock->lock(this->net_changes_lock);
+ found = this->net_changes->put(this->net_changes, update, update);
+ if (found)
+ {
+ net_change_destroy(found);
+ }
+ time_monotonic(&now);
+ if (timercmp(&now, &this->last_route_reinstall, >))
+ {
+ timeval_add_ms(&now, ROUTE_DELAY);
+ this->last_route_reinstall = now;
+
+ job = (job_t*)callback_job_create((callback_job_cb_t)reinstall_routes,
+ this, NULL, NULL);
+ lib->scheduler->schedule_job_ms(lib->scheduler, job, ROUTE_DELAY);
+ }
+ this->net_changes_lock->unlock(this->net_changes_lock);
+}
+
/**
* Add an address map entry
*/
@@ -230,13 +502,9 @@ static void addr_map_entry_add(private_kernel_pfroute_net_t *this,
{
addr_map_entry_t *entry;
- if (addr->virtual)
- { /* don't map virtual IPs */
- return;
- }
-
INIT(entry,
.ip = addr->ip,
+ .addr = addr,
.iface = iface,
);
entry = this->addrs->put(this->addrs, entry, entry);
@@ -252,14 +520,10 @@ static void addr_map_entry_remove(addr_entry_t *addr, iface_entry_t *iface,
{
addr_map_entry_t *entry, lookup = {
.ip = addr->ip,
+ .addr = addr,
.iface = iface,
};
- if (addr->virtual)
- { /* these are never mapped, but this check avoid problems if a virtual IP
- * equals a regular one */
- return;
- }
entry = this->addrs->remove(this->addrs, &lookup);
free(entry);
}
@@ -296,35 +560,114 @@ static void fire_roam_event(private_kernel_pfroute_net_t *this, bool address)
}
/**
+ * Data for enumerator over rtmsg sockaddrs
+ */
+typedef struct {
+ /** implements enumerator */
+ enumerator_t public;
+ /** copy of attribute bitfield */
+ int types;
+ /** bytes remaining in buffer */
+ int remaining;
+ /** next sockaddr to enumerate */
+ struct sockaddr *addr;
+} rt_enumerator_t;
+
+METHOD(enumerator_t, rt_enumerate, bool,
+ rt_enumerator_t *this, int *xtype, struct sockaddr **addr)
+{
+ int i, type;
+
+ if (this->remaining < sizeof(this->addr->sa_len) ||
+ this->remaining < this->addr->sa_len)
+ {
+ return FALSE;
+ }
+ for (i = 0; i < RTAX_MAX; i++)
+ {
+ type = (1 << i);
+ if (this->types & type)
+ {
+ this->types &= ~type;
+ *addr = this->addr;
+ *xtype = i;
+ this->remaining -= SA_LEN(this->addr->sa_len);
+ this->addr = (struct sockaddr*)((char*)this->addr +
+ SA_LEN(this->addr->sa_len));
+ return TRUE;
+ }
+ }
+ return FALSE;
+}
+
+/**
+ * Create an enumerator over sockaddrs in rt/if messages
+ */
+static enumerator_t *create_rt_enumerator(int types, int remaining,
+ struct sockaddr *addr)
+{
+ rt_enumerator_t *this;
+
+ INIT(this,
+ .public = {
+ .enumerate = (void*)_rt_enumerate,
+ .destroy = (void*)free,
+ },
+ .types = types,
+ .remaining = remaining,
+ .addr = addr,
+ );
+ return &this->public;
+}
+
+/**
+ * Create a safe enumerator over sockaddrs in rt_msghdr
+ */
+static enumerator_t *create_rtmsg_enumerator(struct rt_msghdr *hdr)
+{
+ return create_rt_enumerator(hdr->rtm_addrs, hdr->rtm_msglen - sizeof(*hdr),
+ (struct sockaddr *)(hdr + 1));
+}
+
+/**
+ * Create a safe enumerator over sockaddrs in ifa_msghdr
+ */
+static enumerator_t *create_ifamsg_enumerator(struct ifa_msghdr *hdr)
+{
+ return create_rt_enumerator(hdr->ifam_addrs, hdr->ifam_msglen - sizeof(*hdr),
+ (struct sockaddr *)(hdr + 1));
+}
+
+/**
* Process an RTM_*ADDR message from the kernel
*/
static void process_addr(private_kernel_pfroute_net_t *this,
- struct rt_msghdr *msg)
+ struct ifa_msghdr *ifa)
{
- struct ifa_msghdr *ifa = (struct ifa_msghdr*)msg;
- sockaddr_t *sockaddr = (sockaddr_t*)(ifa + 1);
+ struct sockaddr *sockaddr;
host_t *host = NULL;
enumerator_t *ifaces, *addrs;
iface_entry_t *iface;
addr_entry_t *addr;
bool found = FALSE, changed = FALSE, roam = FALSE;
- int i;
+ enumerator_t *enumerator;
+ char *ifname = NULL;
+ int type;
- for (i = 1; i < (1 << RTAX_MAX); i <<= 1)
+ enumerator = create_ifamsg_enumerator(ifa);
+ while (enumerator->enumerate(enumerator, &type, &sockaddr))
{
- if (ifa->ifam_addrs & i)
+ if (type == RTAX_IFA)
{
- if (RTA_IFA & i)
- {
- host = host_create_from_sockaddr(sockaddr);
- break;
- }
- sockaddr = (sockaddr_t*)((char*)sockaddr + sockaddr->sa_len);
+ host = host_create_from_sockaddr(sockaddr);
+ break;
}
}
+ enumerator->destroy(enumerator);
- if (!host)
+ if (!host || host->is_anyaddr(host))
{
+ DESTROY_IF(host);
return;
}
@@ -352,21 +695,17 @@ static void process_addr(private_kernel_pfroute_net_t *this,
addr_map_entry_remove(addr, iface, this);
addr_entry_destroy(addr);
}
- else if (ifa->ifam_type == RTM_NEWADDR && addr->virtual)
- {
- addr->refcount = 1;
- }
}
}
addrs->destroy(addrs);
if (!found && ifa->ifam_type == RTM_NEWADDR)
{
+ INIT(addr,
+ .ip = host->clone(host),
+ );
changed = TRUE;
- addr = malloc_thing(addr_entry_t);
- addr->ip = host->clone(host);
- addr->virtual = FALSE;
- addr->refcount = 1;
+ ifname = strdup(iface->ifname);
iface->addrs->insert_last(iface->addrs, addr);
addr_map_entry_add(this, addr, iface);
if (iface->usable)
@@ -386,6 +725,15 @@ static void process_addr(private_kernel_pfroute_net_t *this,
this->lock->unlock(this->lock);
host->destroy(host);
+ if (roam && ifname)
+ {
+ queue_route_reinstall(this, ifname);
+ }
+ else
+ {
+ free(ifname);
+ }
+
if (roam)
{
fire_roam_event(this, TRUE);
@@ -393,15 +741,54 @@ static void process_addr(private_kernel_pfroute_net_t *this,
}
/**
+ * Re-initialize address list of an interface if it changes state
+ */
+static void repopulate_iface(private_kernel_pfroute_net_t *this,
+ iface_entry_t *iface)
+{
+ struct ifaddrs *ifap, *ifa;
+ addr_entry_t *addr;
+
+ while (iface->addrs->remove_last(iface->addrs, (void**)&addr) == SUCCESS)
+ {
+ addr_map_entry_remove(addr, iface, this);
+ addr_entry_destroy(addr);
+ }
+
+ if (getifaddrs(&ifap) == 0)
+ {
+ for (ifa = ifap; ifa != NULL; ifa = ifa->ifa_next)
+ {
+ if (ifa->ifa_addr && streq(ifa->ifa_name, iface->ifname))
+ {
+ switch (ifa->ifa_addr->sa_family)
+ {
+ case AF_INET:
+ case AF_INET6:
+ INIT(addr,
+ .ip = host_create_from_sockaddr(ifa->ifa_addr),
+ );
+ iface->addrs->insert_last(iface->addrs, addr);
+ addr_map_entry_add(this, addr, iface);
+ break;
+ default:
+ break;
+ }
+ }
+ }
+ freeifaddrs(ifap);
+ }
+}
+
+/**
* Process an RTM_IFINFO message from the kernel
*/
static void process_link(private_kernel_pfroute_net_t *this,
- struct rt_msghdr *hdr)
+ struct if_msghdr *msg)
{
- struct if_msghdr *msg = (struct if_msghdr*)hdr;
enumerator_t *enumerator;
iface_entry_t *iface;
- bool roam = FALSE;
+ bool roam = FALSE, found = FALSE, update_routes = FALSE;
this->lock->write_lock(this->lock);
enumerator = this->ifaces->create_enumerator(this->ifaces);
@@ -413,7 +800,7 @@ static void process_link(private_kernel_pfroute_net_t *this,
{
if (!(iface->flags & IFF_UP) && (msg->ifm_flags & IFF_UP))
{
- roam = TRUE;
+ roam = update_routes = TRUE;
DBG1(DBG_KNL, "interface %s activated", iface->ifname);
}
else if ((iface->flags & IFF_UP) && !(msg->ifm_flags & IFF_UP))
@@ -423,12 +810,44 @@ static void process_link(private_kernel_pfroute_net_t *this,
}
}
iface->flags = msg->ifm_flags;
+ repopulate_iface(this, iface);
+ found = TRUE;
break;
}
}
enumerator->destroy(enumerator);
+
+ if (!found)
+ {
+ INIT(iface,
+ .ifindex = msg->ifm_index,
+ .flags = msg->ifm_flags,
+ .addrs = linked_list_create(),
+ );
+ if (if_indextoname(iface->ifindex, iface->ifname))
+ {
+ DBG1(DBG_KNL, "interface %s appeared", iface->ifname);
+ iface->usable = hydra->kernel_interface->is_interface_usable(
+ hydra->kernel_interface, iface->ifname);
+ repopulate_iface(this, iface);
+ this->ifaces->insert_last(this->ifaces, iface);
+ if (iface->usable)
+ {
+ roam = update_routes = TRUE;
+ }
+ }
+ else
+ {
+ free(iface);
+ }
+ }
this->lock->unlock(this->lock);
+ if (update_routes)
+ {
+ queue_route_reinstall(this, strdup(iface->ifname));
+ }
+
if (roam)
{
fire_roam_event(this, TRUE);
@@ -445,61 +864,98 @@ static void process_route(private_kernel_pfroute_net_t *this,
}
/**
- * Receives events from kernel
+ * Receives PF_ROUTE messages from kernel
*/
-static job_requeue_t receive_events(private_kernel_pfroute_net_t *this)
+static bool receive_events(private_kernel_pfroute_net_t *this, int fd,
+ watcher_event_t event)
{
- unsigned char buf[PFROUTE_BUFFER_SIZE];
- struct rt_msghdr *msg = (struct rt_msghdr*)buf;
- int len;
- bool oldstate;
-
- oldstate = thread_cancelability(TRUE);
- len = recvfrom(this->socket_events, buf, sizeof(buf), 0, NULL, 0);
- thread_cancelability(oldstate);
-
+ struct {
+ union {
+ struct rt_msghdr rtm;
+ struct if_msghdr ifm;
+ struct ifa_msghdr ifam;
+ };
+ char buf[sizeof(struct sockaddr_storage) * RTAX_MAX];
+ } msg;
+ int len, hdrlen;
+
+ len = recv(this->socket, &msg, sizeof(msg), MSG_DONTWAIT);
if (len < 0)
{
switch (errno)
{
case EINTR:
- /* interrupted, try again */
- return JOB_REQUEUE_DIRECT;
case EAGAIN:
- /* no data ready, select again */
- return JOB_REQUEUE_DIRECT;
+ return TRUE;
default:
DBG1(DBG_KNL, "unable to receive from PF_ROUTE event socket");
sleep(1);
- return JOB_REQUEUE_FAIR;
+ return TRUE;
}
}
- if (len < sizeof(msg->rtm_msglen) || len < msg->rtm_msglen ||
- msg->rtm_version != RTM_VERSION)
+ if (len < offsetof(struct rt_msghdr, rtm_flags) || len < msg.rtm.rtm_msglen)
{
- DBG2(DBG_KNL, "received corrupted PF_ROUTE message");
- return JOB_REQUEUE_DIRECT;
+ DBG1(DBG_KNL, "received invalid PF_ROUTE message");
+ return TRUE;
}
-
- switch (msg->rtm_type)
+ if (msg.rtm.rtm_version != RTM_VERSION)
+ {
+ DBG1(DBG_KNL, "received PF_ROUTE message with unsupported version: %d",
+ msg.rtm.rtm_version);
+ return TRUE;
+ }
+ switch (msg.rtm.rtm_type)
{
case RTM_NEWADDR:
case RTM_DELADDR:
- process_addr(this, msg);
+ hdrlen = sizeof(msg.ifam);
break;
case RTM_IFINFO:
- /*case RTM_IFANNOUNCE <- what about this*/
- process_link(this, msg);
+ hdrlen = sizeof(msg.ifm);
break;
case RTM_ADD:
case RTM_DELETE:
- process_route(this, msg);
+ case RTM_GET:
+ hdrlen = sizeof(msg.rtm);
+ break;
default:
+ return TRUE;
+ }
+ if (msg.rtm.rtm_msglen < hdrlen)
+ {
+ DBG1(DBG_KNL, "ignoring short PF_ROUTE message");
+ return TRUE;
+ }
+ switch (msg.rtm.rtm_type)
+ {
+ case RTM_NEWADDR:
+ case RTM_DELADDR:
+ process_addr(this, &msg.ifam);
break;
+ case RTM_IFINFO:
+ process_link(this, &msg.ifm);
+ break;
+ case RTM_ADD:
+ case RTM_DELETE:
+ process_route(this, &msg.rtm);
+ break;
+ default:
+ break;
+ }
+
+ this->mutex->lock(this->mutex);
+ if (msg.rtm.rtm_pid == this->pid && msg.rtm.rtm_seq == this->waiting_seq)
+ {
+ /* seems like the message someone is waiting for, deliver */
+ this->reply = realloc(this->reply, msg.rtm.rtm_msglen);
+ memcpy(this->reply, &msg, msg.rtm.rtm_msglen);
}
+ /* signal on any event, add_ip()/del_ip() might wait for it */
+ this->condvar->broadcast(this->condvar);
+ this->mutex->unlock(this->mutex);
- return JOB_REQUEUE_DIRECT;
+ return TRUE;
}
@@ -530,6 +986,10 @@ static bool filter_addresses(address_enumerator_t *data,
{ /* skip virtual interfaces added by us */
return FALSE;
}
+ if (!(data->which & ADDR_TYPE_REGULAR) && !(*in)->virtual)
+ { /* address is regular, but not requested */
+ return FALSE;
+ }
ip = (*in)->ip;
if (ip->get_family(ip) == AF_INET6)
{
@@ -578,9 +1038,12 @@ static bool filter_interfaces(address_enumerator_t *data, iface_entry_t** in,
METHOD(kernel_net_t, create_address_enumerator, enumerator_t*,
private_kernel_pfroute_net_t *this, kernel_address_type_t which)
{
- address_enumerator_t *data = malloc_thing(address_enumerator_t);
- data->this = this;
- data->which = which;
+ address_enumerator_t *data;
+
+ INIT(data,
+ .this = this,
+ .which = which,
+ );
this->lock->read_lock(this->lock);
return enumerator_create_nested(
@@ -591,6 +1054,12 @@ METHOD(kernel_net_t, create_address_enumerator, enumerator_t*,
(void*)address_enumerator_destroy);
}
+METHOD(kernel_net_t, get_features, kernel_feature_t,
+ private_kernel_pfroute_net_t *this)
+{
+ return KERNEL_REQUIRE_EXCLUDE_ROUTE;
+}
+
METHOD(kernel_net_t, get_interface_name, bool,
private_kernel_pfroute_net_t *this, host_t* ip, char **name)
{
@@ -616,6 +1085,19 @@ METHOD(kernel_net_t, get_interface_name, bool,
this->lock->unlock(this->lock);
return TRUE;
}
+ /* check if it is a virtual IP */
+ entry = this->addrs->get_match(this->addrs, &lookup,
+ (void*)addr_map_entry_match_virtual);
+ if (entry)
+ {
+ if (name)
+ {
+ *name = strdup(entry->iface->ifname);
+ DBG2(DBG_KNL, "virtual IP %H is on interface %s", ip, *name);
+ }
+ this->lock->unlock(this->lock);
+ return TRUE;
+ }
/* maybe it is installed on an ignored interface */
entry = this->addrs->get_match(this->addrs, &lookup,
(void*)addr_map_entry_match_up);
@@ -627,44 +1109,484 @@ METHOD(kernel_net_t, get_interface_name, bool,
return FALSE;
}
-METHOD(kernel_net_t, get_source_addr, host_t*,
- private_kernel_pfroute_net_t *this, host_t *dest, host_t *src)
+METHOD(kernel_net_t, add_ip, status_t,
+ private_kernel_pfroute_net_t *this, host_t *vip, int prefix,
+ char *ifname)
+{
+ enumerator_t *ifaces, *addrs;
+ iface_entry_t *iface;
+ addr_entry_t *addr;
+ tun_device_t *tun;
+ bool timeout = FALSE;
+
+ tun = tun_device_create(NULL);
+ if (!tun)
+ {
+ return FAILED;
+ }
+ if (prefix == -1)
+ {
+ prefix = vip->get_address(vip).len * 8;
+ }
+ if (!tun->up(tun) || !tun->set_address(tun, vip, prefix))
+ {
+ tun->destroy(tun);
+ return FAILED;
+ }
+
+ /* wait until address appears */
+ this->mutex->lock(this->mutex);
+ while (!timeout && !get_interface_name(this, vip, NULL))
+ {
+ timeout = this->condvar->timed_wait(this->condvar, this->mutex,
+ this->vip_wait);
+ }
+ this->mutex->unlock(this->mutex);
+ if (timeout)
+ {
+ DBG1(DBG_KNL, "virtual IP %H did not appear on %s",
+ vip, tun->get_name(tun));
+ tun->destroy(tun);
+ return FAILED;
+ }
+
+ this->lock->write_lock(this->lock);
+ this->tuns->insert_last(this->tuns, tun);
+
+ ifaces = this->ifaces->create_enumerator(this->ifaces);
+ while (ifaces->enumerate(ifaces, &iface))
+ {
+ if (streq(iface->ifname, tun->get_name(tun)))
+ {
+ addrs = iface->addrs->create_enumerator(iface->addrs);
+ while (addrs->enumerate(addrs, &addr))
+ {
+ if (addr->ip->ip_equals(addr->ip, vip))
+ {
+ addr->virtual = TRUE;
+ }
+ }
+ addrs->destroy(addrs);
+ /* during IKEv1 reauthentication, children get moved from
+ * old the new SA before the virtual IP is available. This
+ * kills the route for our virtual IP, reinstall. */
+ queue_route_reinstall(this, strdup(iface->ifname));
+ break;
+ }
+ }
+ ifaces->destroy(ifaces);
+ /* lets do this while holding the lock, thus preventing another thread
+ * from deleting the TUN device concurrently, hopefully listeners are quick
+ * and cause no deadlocks */
+ hydra->kernel_interface->tun(hydra->kernel_interface, tun, TRUE);
+ this->lock->unlock(this->lock);
+
+ return SUCCESS;
+}
+
+METHOD(kernel_net_t, del_ip, status_t,
+ private_kernel_pfroute_net_t *this, host_t *vip, int prefix,
+ bool wait)
{
- return NULL;
+ enumerator_t *enumerator;
+ tun_device_t *tun;
+ host_t *addr;
+ bool timeout = FALSE, found = FALSE;
+
+ this->lock->write_lock(this->lock);
+ enumerator = this->tuns->create_enumerator(this->tuns);
+ while (enumerator->enumerate(enumerator, &tun))
+ {
+ addr = tun->get_address(tun, NULL);
+ if (addr && addr->ip_equals(addr, vip))
+ {
+ this->tuns->remove_at(this->tuns, enumerator);
+ hydra->kernel_interface->tun(hydra->kernel_interface, tun,
+ FALSE);
+ tun->destroy(tun);
+ found = TRUE;
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+ this->lock->unlock(this->lock);
+
+ if (!found)
+ {
+ return NOT_FOUND;
+ }
+ /* wait until address disappears */
+ if (wait)
+ {
+ this->mutex->lock(this->mutex);
+ while (!timeout && get_interface_name(this, vip, NULL))
+ {
+ timeout = this->condvar->timed_wait(this->condvar, this->mutex,
+ this->vip_wait);
+ }
+ this->mutex->unlock(this->mutex);
+ if (timeout)
+ {
+ DBG1(DBG_KNL, "virtual IP %H did not disappear from tun", vip);
+ return FAILED;
+ }
+ }
+ return SUCCESS;
}
-METHOD(kernel_net_t, get_nexthop, host_t*,
- private_kernel_pfroute_net_t *this, host_t *dest, host_t *src)
+/**
+ * Append a sockaddr_in/in6 of given type to routing message
+ */
+static void add_rt_addr(struct rt_msghdr *hdr, int type, host_t *addr)
{
- return NULL;
+ if (addr)
+ {
+ int len;
+
+ len = *addr->get_sockaddr_len(addr);
+ memcpy((char*)hdr + hdr->rtm_msglen, addr->get_sockaddr(addr), len);
+ hdr->rtm_msglen += SA_LEN(len);
+ hdr->rtm_addrs |= type;
+ }
}
-METHOD(kernel_net_t, add_ip, status_t,
- private_kernel_pfroute_net_t *this, host_t *virtual_ip, int prefix,
- char *iface)
+/**
+ * Append a subnet mask sockaddr using the given prefix to routing message
+ */
+static void add_rt_mask(struct rt_msghdr *hdr, int type, int family, int prefix)
{
- return FAILED;
+ host_t *mask;
+
+ mask = host_create_netmask(family, prefix);
+ if (mask)
+ {
+ add_rt_addr(hdr, type, mask);
+ mask->destroy(mask);
+ }
}
-METHOD(kernel_net_t, del_ip, status_t,
- private_kernel_pfroute_net_t *this, host_t *virtual_ip, int prefix,
- bool wait)
+/**
+ * Append an interface name sockaddr_dl to routing message
+ */
+static void add_rt_ifname(struct rt_msghdr *hdr, int type, char *name)
{
- return FAILED;
+ struct sockaddr_dl sdl = {
+ .sdl_len = sizeof(struct sockaddr_dl),
+ .sdl_family = AF_LINK,
+ .sdl_nlen = strlen(name),
+ };
+
+ if (strlen(name) <= sizeof(sdl.sdl_data))
+ {
+ memcpy(sdl.sdl_data, name, sdl.sdl_nlen);
+ memcpy((char*)hdr + hdr->rtm_msglen, &sdl, sdl.sdl_len);
+ hdr->rtm_msglen += SA_LEN(sdl.sdl_len);
+ hdr->rtm_addrs |= type;
+ }
+}
+
+/**
+ * Add or remove a route
+ */
+static status_t manage_route(private_kernel_pfroute_net_t *this, int op,
+ chunk_t dst_net, u_int8_t prefixlen,
+ host_t *gateway, char *if_name)
+{
+ struct {
+ struct rt_msghdr hdr;
+ char buf[sizeof(struct sockaddr_storage) * RTAX_MAX];
+ } msg = {
+ .hdr = {
+ .rtm_version = RTM_VERSION,
+ .rtm_type = op,
+ .rtm_flags = RTF_UP | RTF_STATIC,
+ .rtm_pid = this->pid,
+ .rtm_seq = ref_get(&this->seq),
+ },
+ };
+ host_t *dst;
+ int type;
+
+ if (prefixlen == 0 && dst_net.len)
+ {
+ status_t status;
+ chunk_t half;
+
+ half = chunk_clonea(dst_net);
+ half.ptr[0] |= 0x80;
+ prefixlen = 1;
+ status = manage_route(this, op, half, prefixlen, gateway, if_name);
+ if (status != SUCCESS)
+ {
+ return status;
+ }
+ }
+
+ dst = host_create_from_chunk(AF_UNSPEC, dst_net, 0);
+ if (!dst)
+ {
+ return FAILED;
+ }
+
+ if ((dst->get_family(dst) == AF_INET && prefixlen == 32) ||
+ (dst->get_family(dst) == AF_INET6 && prefixlen == 128))
+ {
+ msg.hdr.rtm_flags |= RTF_HOST | RTF_GATEWAY;
+ }
+
+ msg.hdr.rtm_msglen = sizeof(struct rt_msghdr);
+ for (type = 0; type < RTAX_MAX; type++)
+ {
+ switch (type)
+ {
+ case RTAX_DST:
+ add_rt_addr(&msg.hdr, RTA_DST, dst);
+ break;
+ case RTAX_NETMASK:
+ if (!(msg.hdr.rtm_flags & RTF_HOST))
+ {
+ add_rt_mask(&msg.hdr, RTA_NETMASK,
+ dst->get_family(dst), prefixlen);
+ }
+ break;
+ case RTAX_IFP:
+ if (if_name)
+ {
+ add_rt_ifname(&msg.hdr, RTA_IFP, if_name);
+ }
+ break;
+ case RTAX_GATEWAY:
+ if (gateway)
+ {
+ add_rt_addr(&msg.hdr, RTA_GATEWAY, gateway);
+ }
+ break;
+ default:
+ break;
+ }
+ }
+ dst->destroy(dst);
+
+ if (send(this->socket, &msg, msg.hdr.rtm_msglen, 0) != msg.hdr.rtm_msglen)
+ {
+ if (errno == EEXIST)
+ {
+ return ALREADY_DONE;
+ }
+ DBG1(DBG_KNL, "%s PF_ROUTE route failed: %s",
+ op == RTM_ADD ? "adding" : "deleting", strerror(errno));
+ return FAILED;
+ }
+ return SUCCESS;
}
METHOD(kernel_net_t, add_route, status_t,
private_kernel_pfroute_net_t *this, chunk_t dst_net, u_int8_t prefixlen,
host_t *gateway, host_t *src_ip, char *if_name)
{
- return FAILED;
+ status_t status;
+ route_entry_t *found, route = {
+ .dst_net = dst_net,
+ .prefixlen = prefixlen,
+ .gateway = gateway,
+ .if_name = if_name,
+ };
+
+ this->routes_lock->lock(this->routes_lock);
+ found = this->routes->get(this->routes, &route);
+ if (found)
+ {
+ this->routes_lock->unlock(this->routes_lock);
+ return ALREADY_DONE;
+ }
+ found = route_entry_clone(&route);
+ this->routes->put(this->routes, found, found);
+ status = manage_route(this, RTM_ADD, dst_net, prefixlen, gateway, if_name);
+ this->routes_lock->unlock(this->routes_lock);
+ return status;
}
METHOD(kernel_net_t, del_route, status_t,
private_kernel_pfroute_net_t *this, chunk_t dst_net, u_int8_t prefixlen,
host_t *gateway, host_t *src_ip, char *if_name)
{
- return FAILED;
+ status_t status;
+ route_entry_t *found, route = {
+ .dst_net = dst_net,
+ .prefixlen = prefixlen,
+ .gateway = gateway,
+ .if_name = if_name,
+ };
+
+ this->routes_lock->lock(this->routes_lock);
+ found = this->routes->get(this->routes, &route);
+ if (!found)
+ {
+ this->routes_lock->unlock(this->routes_lock);
+ return NOT_FOUND;
+ }
+ this->routes->remove(this->routes, found);
+ route_entry_destroy(found);
+ status = manage_route(this, RTM_DELETE, dst_net, prefixlen, gateway,
+ if_name);
+ this->routes_lock->unlock(this->routes_lock);
+ return status;
+}
+
+/**
+ * Do a route lookup for dest and return either the nexthop or the source
+ * address.
+ */
+static host_t *get_route(private_kernel_pfroute_net_t *this, bool nexthop,
+ host_t *dest, host_t *src)
+{
+ struct {
+ struct rt_msghdr hdr;
+ char buf[sizeof(struct sockaddr_storage) * RTAX_MAX];
+ } msg = {
+ .hdr = {
+ .rtm_version = RTM_VERSION,
+ .rtm_type = RTM_GET,
+ .rtm_pid = this->pid,
+ .rtm_seq = ref_get(&this->seq),
+ },
+ };
+ host_t *host = NULL;
+ enumerator_t *enumerator;
+ struct sockaddr *addr;
+ bool failed = FALSE;
+ int type;
+
+retry:
+ msg.hdr.rtm_msglen = sizeof(struct rt_msghdr);
+ for (type = 0; type < RTAX_MAX; type++)
+ {
+ switch (type)
+ {
+ case RTAX_DST:
+ add_rt_addr(&msg.hdr, RTA_DST, dest);
+ break;
+ case RTAX_IFA:
+ add_rt_addr(&msg.hdr, RTA_IFA, src);
+ break;
+ case RTAX_IFP:
+ if (!nexthop)
+ { /* add an empty IFP to ensure we get a source address */
+ add_rt_ifname(&msg.hdr, RTA_IFP, "");
+ }
+ break;
+ default:
+ break;
+ }
+ }
+ this->mutex->lock(this->mutex);
+
+ while (this->waiting_seq)
+ {
+ this->condvar->wait(this->condvar, this->mutex);
+ }
+ this->waiting_seq = msg.hdr.rtm_seq;
+ if (send(this->socket, &msg, msg.hdr.rtm_msglen, 0) == msg.hdr.rtm_msglen)
+ {
+ while (TRUE)
+ {
+ if (this->condvar->timed_wait(this->condvar, this->mutex, 1000))
+ { /* timed out? */
+ break;
+ }
+ if (this->reply->rtm_msglen < sizeof(*this->reply) ||
+ msg.hdr.rtm_seq != this->reply->rtm_seq)
+ {
+ continue;
+ }
+ enumerator = create_rtmsg_enumerator(this->reply);
+ while (enumerator->enumerate(enumerator, &type, &addr))
+ {
+ if (nexthop)
+ {
+ if (type == RTAX_DST && this->reply->rtm_flags & RTF_HOST)
+ { /* probably a cloned/cached direct route, only use that
+ * as fallback if no gateway is found */
+ host = host ?: host_create_from_sockaddr(addr);
+ }
+ if (type == RTAX_GATEWAY)
+ { /* could actually be a MAC address */
+ host_t *gtw = host_create_from_sockaddr(addr);
+ if (gtw)
+ {
+ DESTROY_IF(host);
+ host = gtw;
+ }
+ }
+ }
+ else
+ {
+ if (type == RTAX_IFA)
+ {
+ host = host_create_from_sockaddr(addr);
+ }
+ }
+ }
+ enumerator->destroy(enumerator);
+ break;
+ }
+ }
+ else
+ {
+ failed = TRUE;
+ }
+ /* signal completion of query to a waiting thread */
+ this->waiting_seq = 0;
+ this->condvar->signal(this->condvar);
+ this->mutex->unlock(this->mutex);
+
+ if (failed)
+ {
+ if (src)
+ { /* the given source address might be gone, try again without */
+ src = NULL;
+ msg.hdr.rtm_seq = ref_get(&this->seq);
+ msg.hdr.rtm_addrs = 0;
+ memset(msg.buf, sizeof(msg.buf), 0);
+ goto retry;
+ }
+ DBG1(DBG_KNL, "PF_ROUTE lookup failed: %s", strerror(errno));
+ }
+ if (!host)
+ {
+ return NULL;
+ }
+ if (!nexthop)
+ { /* make sure the source address is not virtual and usable */
+ addr_entry_t *entry, lookup = {
+ .ip = host,
+ };
+
+ this->lock->read_lock(this->lock);
+ entry = this->addrs->get_match(this->addrs, &lookup,
+ (void*)addr_map_entry_match_up_and_usable);
+ this->lock->unlock(this->lock);
+ if (!entry)
+ {
+ host->destroy(host);
+ return NULL;
+ }
+ }
+ DBG2(DBG_KNL, "using %H as %s to reach %H", host,
+ nexthop ? "nexthop" : "address", dest);
+ return host;
+}
+
+METHOD(kernel_net_t, get_source_addr, host_t*,
+ private_kernel_pfroute_net_t *this, host_t *dest, host_t *src)
+{
+ return get_route(this, FALSE, dest, src);
+}
+
+METHOD(kernel_net_t, get_nexthop, host_t*,
+ private_kernel_pfroute_net_t *this, host_t *dest, host_t *src)
+{
+ return get_route(this, TRUE, dest, src);
}
/**
@@ -711,22 +1633,22 @@ static status_t init_address_list(private_kernel_pfroute_net_t *this)
if (!iface)
{
- iface = malloc_thing(iface_entry_t);
+ INIT(iface,
+ .ifindex = if_nametoindex(ifa->ifa_name),
+ .flags = ifa->ifa_flags,
+ .addrs = linked_list_create(),
+ .usable = hydra->kernel_interface->is_interface_usable(
+ hydra->kernel_interface, ifa->ifa_name),
+ );
memcpy(iface->ifname, ifa->ifa_name, IFNAMSIZ);
- iface->ifindex = if_nametoindex(ifa->ifa_name);
- iface->flags = ifa->ifa_flags;
- iface->addrs = linked_list_create();
- iface->usable = hydra->kernel_interface->is_interface_usable(
- hydra->kernel_interface, ifa->ifa_name);
this->ifaces->insert_last(this->ifaces, iface);
}
if (ifa->ifa_addr->sa_family != AF_LINK)
{
- addr = malloc_thing(addr_entry_t);
- addr->ip = host_create_from_sockaddr(ifa->ifa_addr);
- addr->virtual = FALSE;
- addr->refcount = 1;
+ INIT(addr,
+ .ip = host_create_from_sockaddr(ifa->ifa_addr),
+ );
iface->addrs->insert_last(iface->addrs, addr);
addr_map_entry_add(this, addr, iface);
}
@@ -758,16 +1680,30 @@ METHOD(kernel_net_t, destroy, void,
private_kernel_pfroute_net_t *this)
{
enumerator_t *enumerator;
+ route_entry_t *route;
addr_entry_t *addr;
- if (this->socket > 0)
+ enumerator = this->routes->create_enumerator(this->routes);
+ while (enumerator->enumerate(enumerator, NULL, (void**)&route))
{
- close(this->socket);
+ manage_route(this, RTM_DELETE, route->dst_net, route->prefixlen,
+ route->gateway, route->if_name);
+ route_entry_destroy(route);
}
- if (this->socket_events)
+ enumerator->destroy(enumerator);
+ this->routes->destroy(this->routes);
+ this->routes_lock->destroy(this->routes_lock);
+
+ if (this->socket != -1)
{
- close(this->socket_events);
+ lib->watcher->remove(lib->watcher, this->socket);
+ close(this->socket);
}
+
+ net_changes_clear(this);
+ this->net_changes->destroy(this->net_changes);
+ this->net_changes_lock->destroy(this->net_changes_lock);
+
enumerator = this->addrs->create_enumerator(this->addrs);
while (enumerator->enumerate(enumerator, NULL, (void**)&addr))
{
@@ -776,8 +1712,11 @@ METHOD(kernel_net_t, destroy, void,
enumerator->destroy(enumerator);
this->addrs->destroy(this->addrs);
this->ifaces->destroy_function(this->ifaces, (void*)iface_entry_destroy);
+ this->tuns->destroy(this->tuns);
this->lock->destroy(this->lock);
- this->mutex_pfroute->destroy(this->mutex_pfroute);
+ this->mutex->destroy(this->mutex);
+ this->condvar->destroy(this->condvar);
+ free(this->reply);
free(this);
}
@@ -787,11 +1726,11 @@ METHOD(kernel_net_t, destroy, void,
kernel_pfroute_net_t *kernel_pfroute_net_create()
{
private_kernel_pfroute_net_t *this;
- bool register_for_events = TRUE;
INIT(this,
.public = {
.interface = {
+ .get_features = _get_features,
.get_interface = _get_interface_name,
.create_address_enumerator = _create_address_enumerator,
.get_source_addr = _get_source_addr,
@@ -803,45 +1742,51 @@ kernel_pfroute_net_t *kernel_pfroute_net_create()
.destroy = _destroy,
},
},
+ .pid = getpid(),
.ifaces = linked_list_create(),
.addrs = hashtable_create(
(hashtable_hash_t)addr_map_entry_hash,
(hashtable_equals_t)addr_map_entry_equals, 16),
+ .routes = hashtable_create((hashtable_hash_t)route_entry_hash,
+ (hashtable_equals_t)route_entry_equals, 16),
+ .net_changes = hashtable_create(
+ (hashtable_hash_t)net_change_hash,
+ (hashtable_equals_t)net_change_equals, 16),
+ .tuns = linked_list_create(),
.lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
- .mutex_pfroute = mutex_create(MUTEX_TYPE_DEFAULT),
+ .mutex = mutex_create(MUTEX_TYPE_DEFAULT),
+ .condvar = condvar_create(CONDVAR_TYPE_DEFAULT),
+ .routes_lock = mutex_create(MUTEX_TYPE_DEFAULT),
+ .net_changes_lock = mutex_create(MUTEX_TYPE_DEFAULT),
+ .vip_wait = lib->settings->get_int(lib->settings,
+ "%s.plugins.kernel-pfroute.vip_wait", 1000, hydra->daemon),
);
-
- if (streq(hydra->daemon, "starter"))
- { /* starter has no threads, so we do not register for kernel events */
- register_for_events = FALSE;
- }
+ timerclear(&this->last_route_reinstall);
+ timerclear(&this->last_roam);
/* create a PF_ROUTE socket to communicate with the kernel */
this->socket = socket(PF_ROUTE, SOCK_RAW, AF_UNSPEC);
- if (this->socket < 0)
+ if (this->socket == -1)
{
DBG1(DBG_KNL, "unable to create PF_ROUTE socket");
destroy(this);
return NULL;
}
- if (register_for_events)
+ if (streq(hydra->daemon, "starter"))
{
- /* create a PF_ROUTE socket to receive events */
- this->socket_events = socket(PF_ROUTE, SOCK_RAW, AF_UNSPEC);
- if (this->socket_events < 0)
+ /* starter has no threads, so we do not register for kernel events */
+ if (shutdown(this->socket, SHUT_RD) != 0)
{
- DBG1(DBG_KNL, "unable to create PF_ROUTE event socket");
- destroy(this);
- return NULL;
+ DBG1(DBG_KNL, "closing read end of PF_ROUTE socket failed: %s",
+ strerror(errno));
}
-
- lib->processor->queue_job(lib->processor,
- (job_t*)callback_job_create_with_prio(
- (callback_job_cb_t)receive_events, this, NULL,
- (callback_job_cancel_t)return_false, JOB_PRIO_CRITICAL));
}
-
+ else
+ {
+ lib->watcher->add(lib->watcher, this->socket, WATCHER_READ,
+ (watcher_cb_t)receive_events, this);
+ }
if (init_address_list(this) != SUCCESS)
{
DBG1(DBG_KNL, "unable to get interface list");
diff --git a/src/libhydra/plugins/resolve/Makefile.am b/src/libhydra/plugins/resolve/Makefile.am
index a05c84061..4cbf65fc0 100644
--- a/src/libhydra/plugins/resolve/Makefile.am
+++ b/src/libhydra/plugins/resolve/Makefile.am
@@ -1,9 +1,11 @@
-
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra
-
-AM_CFLAGS = -rdynamic \
+AM_CPPFLAGS = \
+ -I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libhydra \
-DRESOLV_CONF=\"${resolv_conf}\"
+AM_CFLAGS = \
+ -rdynamic
+
if MONOLITHIC
noinst_LTLIBRARIES = libstrongswan-resolve.la
else
diff --git a/src/libhydra/plugins/resolve/Makefile.in b/src/libhydra/plugins/resolve/Makefile.in
index 1e5ff16b7..1dc4df294 100644
--- a/src/libhydra/plugins/resolve/Makefile.in
+++ b/src/libhydra/plugins/resolve/Makefile.in
@@ -62,7 +62,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/macros/with.m4 \
$(top_srcdir)/m4/macros/enable-disable.m4 \
$(top_srcdir)/m4/macros/add-plugin.m4 \
- $(top_srcdir)/configure.in
+ $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
mkinstalldirs = $(install_sh) -d
@@ -103,9 +103,13 @@ am_libstrongswan_resolve_la_OBJECTS = resolve_plugin.lo \
resolve_handler.lo
libstrongswan_resolve_la_OBJECTS = \
$(am_libstrongswan_resolve_la_OBJECTS)
-libstrongswan_resolve_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
- $(libstrongswan_resolve_la_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_lt = $(am__v_lt_@AM_V@)
+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
+am__v_lt_0 = --silent
+libstrongswan_resolve_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
+ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
+ $(AM_CFLAGS) $(CFLAGS) $(libstrongswan_resolve_la_LDFLAGS) \
+ $(LDFLAGS) -o $@
@MONOLITHIC_FALSE@am_libstrongswan_resolve_la_rpath = -rpath \
@MONOLITHIC_FALSE@ $(plugindir)
@MONOLITHIC_TRUE@am_libstrongswan_resolve_la_rpath =
@@ -115,13 +119,26 @@ am__depfiles_maybe = depfiles
am__mv = mv -f
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+ $(AM_CFLAGS) $(CFLAGS)
+AM_V_CC = $(am__v_CC_@AM_V@)
+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
+am__v_CC_0 = @echo " CC " $@;
+AM_V_at = $(am__v_at_@AM_V@)
+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
+am__v_at_0 = @
CCLD = $(CC)
-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
- $(LDFLAGS) -o $@
+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(AM_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_CCLD = $(am__v_CCLD_@AM_V@)
+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
+am__v_CCLD_0 = @echo " CCLD " $@;
+AM_V_GEN = $(am__v_GEN_@AM_V@)
+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
+am__v_GEN_0 = @echo " GEN " $@;
SOURCES = $(libstrongswan_resolve_la_SOURCES)
DIST_SOURCES = $(libstrongswan_resolve_la_SOURCES)
am__can_run_installinfo = \
@@ -135,6 +152,7 @@ DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
@@ -147,6 +165,8 @@ CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
CHECK_CFLAGS = @CHECK_CFLAGS@
CHECK_LIBS = @CHECK_LIBS@
+COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
+COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
CPPFLAGS = @CPPFLAGS@
CYGPATH_W = @CYGPATH_W@
@@ -162,6 +182,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
@@ -170,6 +191,7 @@ INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LCOV = @LCOV@
LD = @LD@
LDFLAGS = @LDFLAGS@
LEX = @LEX@
@@ -216,6 +238,7 @@ SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
SOCKLIB = @SOCKLIB@
STRIP = @STRIP@
+UNWINDLIB = @UNWINDLIB@
VERSION = @VERSION@
YACC = @YACC@
YFLAGS = @YFLAGS@
@@ -244,6 +267,7 @@ charon_natt_port = @charon_natt_port@
charon_plugins = @charon_plugins@
charon_udp_port = @charon_udp_port@
clearsilver_LIBS = @clearsilver_LIBS@
+cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
dbusservicedir = @dbusservicedir@
@@ -321,10 +345,14 @@ top_srcdir = @top_srcdir@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra
-AM_CFLAGS = -rdynamic \
+AM_CPPFLAGS = \
+ -I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libhydra \
-DRESOLV_CONF=\"${resolv_conf}\"
+AM_CFLAGS = \
+ -rdynamic
+
@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-resolve.la
@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-resolve.la
libstrongswan_resolve_la_SOURCES = \
@@ -408,7 +436,7 @@ clean-pluginLTLIBRARIES:
rm -f "$${dir}/so_locations"; \
done
libstrongswan-resolve.la: $(libstrongswan_resolve_la_OBJECTS) $(libstrongswan_resolve_la_DEPENDENCIES) $(EXTRA_libstrongswan_resolve_la_DEPENDENCIES)
- $(libstrongswan_resolve_la_LINK) $(am_libstrongswan_resolve_la_rpath) $(libstrongswan_resolve_la_OBJECTS) $(libstrongswan_resolve_la_LIBADD) $(LIBS)
+ $(AM_V_CCLD)$(libstrongswan_resolve_la_LINK) $(am_libstrongswan_resolve_la_rpath) $(libstrongswan_resolve_la_OBJECTS) $(libstrongswan_resolve_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -420,25 +448,25 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/resolve_plugin.Plo@am__quote@
.c.o:
-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $<
.c.obj:
-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
.c.lo:
-@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
mostlyclean-libtool:
-rm -f *.lo
diff --git a/src/libhydra/plugins/resolve/resolve_handler.c b/src/libhydra/plugins/resolve/resolve_handler.c
index 6b8d6be7f..6c57fa0bf 100644
--- a/src/libhydra/plugins/resolve/resolve_handler.c
+++ b/src/libhydra/plugins/resolve/resolve_handler.c
@@ -126,7 +126,7 @@ static void remove_nameserver(private_resolve_handler_t *this,
/* copy all, but matching line */
while (fgets(line, sizeof(line), in))
{
- if (strneq(line, matcher, strlen(matcher)))
+ if (strpfx(line, matcher))
{
DBG1(DBG_IKE, "removing DNS server %H from %s",
addr, this->file);
diff --git a/src/libhydra/plugins/resolve/resolve_plugin.c b/src/libhydra/plugins/resolve/resolve_plugin.c
index f95827ed9..2fef09a49 100644
--- a/src/libhydra/plugins/resolve/resolve_plugin.c
+++ b/src/libhydra/plugins/resolve/resolve_plugin.c
@@ -42,10 +42,39 @@ METHOD(plugin_t, get_name, char*,
return "resolve";
}
+/**
+ * Register handler
+ */
+static bool plugin_cb(private_resolve_plugin_t *this,
+ plugin_feature_t *feature, bool reg, void *cb_data)
+{
+ if (reg)
+ {
+ hydra->attributes->add_handler(hydra->attributes,
+ &this->handler->handler);
+ }
+ else
+ {
+ hydra->attributes->remove_handler(hydra->attributes,
+ &this->handler->handler);
+ }
+ return TRUE;
+}
+
+METHOD(plugin_t, get_features, int,
+ private_resolve_plugin_t *this, plugin_feature_t *features[])
+{
+ static plugin_feature_t f[] = {
+ PLUGIN_CALLBACK((plugin_feature_callback_t)plugin_cb, NULL),
+ PLUGIN_PROVIDE(CUSTOM, "resolve"),
+ };
+ *features = f;
+ return countof(f);
+}
+
METHOD(plugin_t, destroy, void,
private_resolve_plugin_t *this)
{
- hydra->attributes->remove_handler(hydra->attributes, &this->handler->handler);
this->handler->destroy(this->handler);
free(this);
}
@@ -61,13 +90,12 @@ plugin_t *resolve_plugin_create()
.public = {
.plugin = {
.get_name = _get_name,
- .reload = (void*)return_false,
+ .get_features = _get_features,
.destroy = _destroy,
},
},
.handler = resolve_handler_create(),
);
- hydra->attributes->add_handler(hydra->attributes, &this->handler->handler);
return &this->public.plugin;
}