2012-10-03 14:58:37 +00:00
|
|
|
/*
|
|
|
|
* Copyright (C) 2012 Martin Willi
|
|
|
|
* Copyright (C) 2012 revosec AG
|
|
|
|
*
|
|
|
|
* This program is free software; you can redistribute it and/or modify it
|
|
|
|
* under the terms of the GNU General Public License as published by the
|
|
|
|
* Free Software Foundation; either version 2 of the License, or (at your
|
|
|
|
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful, but
|
|
|
|
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
|
|
|
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
|
|
* for more details.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include "lookip_listener.h"
|
|
|
|
|
|
|
|
#include <daemon.h>
|
2012-10-16 12:54:16 +00:00
|
|
|
#include <collections/hashtable.h>
|
|
|
|
#include <collections/linked_list.h>
|
2012-10-03 14:58:37 +00:00
|
|
|
#include <threading/rwlock.h>
|
|
|
|
|
|
|
|
typedef struct private_lookip_listener_t private_lookip_listener_t;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Private data of an lookip_listener_t object.
|
|
|
|
*/
|
|
|
|
struct private_lookip_listener_t {
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Public lookip_listener_t interface.
|
|
|
|
*/
|
|
|
|
lookip_listener_t public;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Lock for hashtable
|
|
|
|
*/
|
|
|
|
rwlock_t *lock;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Hashtable with entries: host_t => entry_t
|
|
|
|
*/
|
|
|
|
hashtable_t *entries;
|
2012-10-03 15:42:19 +00:00
|
|
|
|
|
|
|
/**
|
|
|
|
* List of registered listeners
|
|
|
|
*/
|
|
|
|
linked_list_t *listeners;
|
2012-10-03 14:58:37 +00:00
|
|
|
};
|
|
|
|
|
2012-10-03 15:42:19 +00:00
|
|
|
/**
|
|
|
|
* Listener entry
|
|
|
|
*/
|
|
|
|
typedef struct {
|
|
|
|
/** callback function */
|
|
|
|
lookip_callback_t cb;
|
|
|
|
/** user data for callback */
|
|
|
|
void *user;
|
|
|
|
} listener_entry_t;
|
|
|
|
|
2012-10-03 14:58:37 +00:00
|
|
|
/**
|
|
|
|
* Hashtable entry
|
|
|
|
*/
|
|
|
|
typedef struct {
|
|
|
|
/** virtual IP, serves as lookup key */
|
|
|
|
host_t *vip;
|
|
|
|
/** peers external address */
|
|
|
|
host_t *other;
|
|
|
|
/** peer (EAP-)Identity */
|
|
|
|
identification_t *id;
|
|
|
|
/** associated connection name */
|
|
|
|
char *name;
|
2012-11-29 08:53:10 +00:00
|
|
|
/** IKE_SA unique identifier */
|
|
|
|
u_int unique_id;
|
2012-10-03 14:58:37 +00:00
|
|
|
} entry_t;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Destroy a hashtable entry
|
|
|
|
*/
|
|
|
|
static void entry_destroy(entry_t *entry)
|
|
|
|
{
|
|
|
|
entry->vip->destroy(entry->vip);
|
|
|
|
entry->other->destroy(entry->other);
|
|
|
|
entry->id->destroy(entry->id);
|
|
|
|
free(entry->name);
|
|
|
|
free(entry);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Hashtable hash function
|
|
|
|
*/
|
|
|
|
static u_int hash(host_t *key)
|
|
|
|
{
|
|
|
|
return chunk_hash(key->get_address(key));
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Hashtable equals function
|
|
|
|
*/
|
|
|
|
static bool equals(host_t *a, host_t *b)
|
|
|
|
{
|
|
|
|
return a->ip_equals(a, b);
|
|
|
|
}
|
|
|
|
|
2012-10-03 15:42:19 +00:00
|
|
|
/**
|
|
|
|
* Compare callback that invokes up callback of all registered listeners
|
|
|
|
*/
|
|
|
|
static bool notify_up(listener_entry_t *listener, entry_t *entry)
|
|
|
|
{
|
|
|
|
if (!listener->cb(listener->user, TRUE, entry->vip, entry->other,
|
2012-11-29 08:53:10 +00:00
|
|
|
entry->id, entry->name, entry->unique_id))
|
2012-10-03 15:42:19 +00:00
|
|
|
{
|
|
|
|
free(listener);
|
|
|
|
return TRUE;
|
|
|
|
}
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Compare callback that invokes down callback of all registered listeners
|
|
|
|
*/
|
|
|
|
static bool notify_down(listener_entry_t *listener, entry_t *entry)
|
|
|
|
{
|
|
|
|
if (!listener->cb(listener->user, FALSE, entry->vip, entry->other,
|
2012-11-29 08:53:10 +00:00
|
|
|
entry->id, entry->name, entry->unique_id))
|
2012-10-03 15:42:19 +00:00
|
|
|
{
|
|
|
|
free(listener);
|
|
|
|
return TRUE;
|
|
|
|
}
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
2012-10-03 14:58:37 +00:00
|
|
|
/**
|
|
|
|
* Add a new entry to the hashtable
|
|
|
|
*/
|
|
|
|
static void add_entry(private_lookip_listener_t *this, ike_sa_t *ike_sa)
|
|
|
|
{
|
|
|
|
enumerator_t *enumerator;
|
|
|
|
host_t *vip, *other;
|
|
|
|
identification_t *id;
|
|
|
|
entry_t *entry;
|
|
|
|
|
|
|
|
enumerator = ike_sa->create_virtual_ip_enumerator(ike_sa, FALSE);
|
|
|
|
while (enumerator->enumerate(enumerator, &vip))
|
|
|
|
{
|
|
|
|
other = ike_sa->get_other_host(ike_sa);
|
|
|
|
id = ike_sa->get_other_eap_id(ike_sa);
|
|
|
|
|
|
|
|
INIT(entry,
|
|
|
|
.vip = vip->clone(vip),
|
|
|
|
.other = other->clone(other),
|
|
|
|
.id = id->clone(id),
|
|
|
|
.name = strdup(ike_sa->get_name(ike_sa)),
|
2012-11-29 08:53:10 +00:00
|
|
|
.unique_id = ike_sa->get_unique_id(ike_sa),
|
2012-10-03 14:58:37 +00:00
|
|
|
);
|
|
|
|
|
2012-10-03 15:42:19 +00:00
|
|
|
this->lock->read_lock(this->lock);
|
|
|
|
this->listeners->remove(this->listeners, entry, (void*)notify_up);
|
|
|
|
this->lock->unlock(this->lock);
|
|
|
|
|
2012-10-03 14:58:37 +00:00
|
|
|
this->lock->write_lock(this->lock);
|
|
|
|
entry = this->entries->put(this->entries, entry->vip, entry);
|
|
|
|
this->lock->unlock(this->lock);
|
|
|
|
if (entry)
|
|
|
|
{
|
|
|
|
entry_destroy(entry);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
enumerator->destroy(enumerator);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Remove an entry from the hashtable
|
|
|
|
*/
|
|
|
|
static void remove_entry(private_lookip_listener_t *this, ike_sa_t *ike_sa)
|
|
|
|
{
|
|
|
|
enumerator_t *enumerator;
|
|
|
|
host_t *vip;
|
|
|
|
entry_t *entry;
|
|
|
|
|
|
|
|
enumerator = ike_sa->create_virtual_ip_enumerator(ike_sa, FALSE);
|
|
|
|
while (enumerator->enumerate(enumerator, &vip))
|
|
|
|
{
|
|
|
|
this->lock->write_lock(this->lock);
|
|
|
|
entry = this->entries->remove(this->entries, vip);
|
|
|
|
this->lock->unlock(this->lock);
|
|
|
|
if (entry)
|
|
|
|
{
|
2012-10-03 15:42:19 +00:00
|
|
|
this->lock->read_lock(this->lock);
|
|
|
|
this->listeners->remove(this->listeners, entry, (void*)notify_down);
|
|
|
|
this->lock->unlock(this->lock);
|
|
|
|
|
2012-10-03 14:58:37 +00:00
|
|
|
entry_destroy(entry);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
enumerator->destroy(enumerator);
|
|
|
|
}
|
|
|
|
|
|
|
|
METHOD(listener_t, message_hook, bool,
|
|
|
|
private_lookip_listener_t *this, ike_sa_t *ike_sa,
|
|
|
|
message_t *message, bool incoming, bool plain)
|
|
|
|
{
|
|
|
|
if (plain && ike_sa->get_state(ike_sa) == IKE_ESTABLISHED &&
|
|
|
|
!incoming && !message->get_request(message))
|
|
|
|
{
|
|
|
|
if (ike_sa->get_version(ike_sa) == IKEV1 &&
|
|
|
|
message->get_exchange_type(message) == TRANSACTION)
|
|
|
|
{
|
|
|
|
add_entry(this, ike_sa);
|
|
|
|
}
|
|
|
|
if (ike_sa->get_version(ike_sa) == IKEV2 &&
|
|
|
|
message->get_exchange_type(message) == IKE_AUTH)
|
|
|
|
{
|
|
|
|
add_entry(this, ike_sa);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return TRUE;
|
|
|
|
}
|
|
|
|
|
|
|
|
METHOD(listener_t, ike_updown, bool,
|
|
|
|
private_lookip_listener_t *this, ike_sa_t *ike_sa, bool up)
|
|
|
|
{
|
|
|
|
if (!up)
|
|
|
|
{
|
|
|
|
remove_entry(this, ike_sa);
|
|
|
|
}
|
|
|
|
return TRUE;
|
|
|
|
}
|
|
|
|
|
2012-12-10 16:04:26 +00:00
|
|
|
METHOD(listener_t, ike_rekey, bool,
|
|
|
|
private_lookip_listener_t *this, ike_sa_t *old, ike_sa_t *new)
|
|
|
|
{
|
|
|
|
/* During IKE_SA rekey, the unique identifier changes. Fire update events
|
|
|
|
* and update the cached entry. During the invocation of this hook, the
|
2012-12-20 08:31:38 +00:00
|
|
|
* virtual IPs have been migrated to new, hence remove that entry. */
|
2012-12-10 16:04:26 +00:00
|
|
|
remove_entry(this, new);
|
|
|
|
add_entry(this, new);
|
|
|
|
|
|
|
|
return TRUE;
|
|
|
|
}
|
|
|
|
|
2012-10-09 09:05:19 +00:00
|
|
|
METHOD(lookip_listener_t, lookup, int,
|
2012-10-03 15:13:37 +00:00
|
|
|
private_lookip_listener_t *this, host_t *vip,
|
|
|
|
lookip_callback_t cb, void *user)
|
|
|
|
{
|
|
|
|
entry_t *entry;
|
2012-10-09 09:05:19 +00:00
|
|
|
int matches = 0;
|
2012-10-03 15:13:37 +00:00
|
|
|
|
|
|
|
this->lock->read_lock(this->lock);
|
|
|
|
if (vip)
|
|
|
|
{
|
|
|
|
entry = this->entries->get(this->entries, vip);
|
|
|
|
if (entry)
|
|
|
|
{
|
2012-11-29 08:53:10 +00:00
|
|
|
cb(user, TRUE, entry->vip, entry->other, entry->id,
|
|
|
|
entry->name, entry->unique_id);
|
2012-10-09 09:05:19 +00:00
|
|
|
matches ++;
|
2012-10-03 15:13:37 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
enumerator_t *enumerator;
|
|
|
|
|
|
|
|
enumerator = this->entries->create_enumerator(this->entries);
|
|
|
|
while (enumerator->enumerate(enumerator, &vip, &entry))
|
|
|
|
{
|
2012-11-29 08:53:10 +00:00
|
|
|
cb(user, TRUE, entry->vip, entry->other, entry->id,
|
|
|
|
entry->name, entry->unique_id);
|
2012-10-09 09:05:19 +00:00
|
|
|
matches++;
|
2012-10-03 15:13:37 +00:00
|
|
|
}
|
|
|
|
enumerator->destroy(enumerator);
|
|
|
|
}
|
|
|
|
this->lock->unlock(this->lock);
|
2012-10-09 09:05:19 +00:00
|
|
|
|
|
|
|
return matches;
|
2012-10-03 15:13:37 +00:00
|
|
|
}
|
|
|
|
|
2012-10-03 15:42:19 +00:00
|
|
|
METHOD(lookip_listener_t, add_listener, void,
|
|
|
|
private_lookip_listener_t *this, lookip_callback_t cb, void *user)
|
|
|
|
{
|
|
|
|
listener_entry_t *listener;
|
|
|
|
|
|
|
|
INIT(listener,
|
|
|
|
.cb = cb,
|
|
|
|
.user = user,
|
|
|
|
);
|
|
|
|
|
|
|
|
this->lock->write_lock(this->lock);
|
|
|
|
this->listeners->insert_last(this->listeners, listener);
|
|
|
|
this->lock->unlock(this->lock);
|
|
|
|
}
|
|
|
|
|
2012-10-03 14:58:37 +00:00
|
|
|
METHOD(lookip_listener_t, destroy, void,
|
|
|
|
private_lookip_listener_t *this)
|
|
|
|
{
|
2012-10-03 15:42:19 +00:00
|
|
|
this->listeners->destroy_function(this->listeners, free);
|
2012-10-03 14:58:37 +00:00
|
|
|
this->entries->destroy(this->entries);
|
|
|
|
this->lock->destroy(this->lock);
|
|
|
|
free(this);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* See header
|
|
|
|
*/
|
|
|
|
lookip_listener_t *lookip_listener_create()
|
|
|
|
{
|
|
|
|
private_lookip_listener_t *this;
|
|
|
|
|
|
|
|
INIT(this,
|
|
|
|
.public = {
|
|
|
|
.listener = {
|
|
|
|
.message = _message_hook,
|
|
|
|
.ike_updown = _ike_updown,
|
2012-12-10 16:04:26 +00:00
|
|
|
.ike_rekey = _ike_rekey,
|
2012-10-03 14:58:37 +00:00
|
|
|
},
|
2012-10-03 15:13:37 +00:00
|
|
|
.lookup = _lookup,
|
2012-10-03 15:42:19 +00:00
|
|
|
.add_listener = _add_listener,
|
2012-10-03 14:58:37 +00:00
|
|
|
.destroy = _destroy,
|
|
|
|
},
|
|
|
|
.lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
|
|
|
|
.entries = hashtable_create((hashtable_hash_t)hash,
|
|
|
|
(hashtable_equals_t)equals, 32),
|
2012-10-03 15:42:19 +00:00
|
|
|
.listeners = linked_list_create(),
|
2012-10-03 14:58:37 +00:00
|
|
|
);
|
|
|
|
|
|
|
|
return &this->public;
|
|
|
|
}
|