kernel-libipsec: Use separate class to route packets between charon, libipsec and TUN device

2013-06-15 14:21:34 +02:00 · 2013-06-15 14:21:34 +02:00 · 7045defbff
parent 554c4276a5
commit 7045defbff
4 changed files with 188 additions and 74 deletions
--- a/src/libcharon/plugins/kernel_libipsec/Makefile.am
+++ b/src/libcharon/plugins/kernel_libipsec/Makefile.am
@ -14,7 +14,8 @@ endif

 libstrongswan_kernel_libipsec_la_SOURCES = \
 	kernel_libipsec_plugin.h kernel_libipsec_plugin.c \
-	kernel_libipsec_ipsec.h kernel_libipsec_ipsec.c
+	kernel_libipsec_ipsec.h kernel_libipsec_ipsec.c \
+	kernel_libipsec_router.h kernel_libipsec_router.c

 libstrongswan_kernel_libipsec_la_LIBADD = $(top_builddir)/src/libipsec/libipsec.la

--- a/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_plugin.c
+++ b/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_plugin.c
@ -15,12 +15,11 @@

 #include "kernel_libipsec_plugin.h"
 #include "kernel_libipsec_ipsec.h"
+#include "kernel_libipsec_router.h"

 #include <daemon.h>
 #include <ipsec.h>
 #include <networking/tun_device.h>
-#include <processing/jobs/callback_job.h>
-#include <utils/debug.h>

 #define TUN_DEFAULT_MTU 1400

@ -41,6 +40,10 @@ struct private_kernel_libipsec_plugin_t {
 	 */
 	tun_device_t *tun;

+	/**
+	 * Packet router
+	 */
+	kernel_libipsec_router_t *router;
 };

 METHOD(plugin_t, get_name, char*,
@ -50,81 +53,18 @@ METHOD(plugin_t, get_name, char*,
 }

 /**
- * Outbound callback
+ * Create the kernel_libipsec_router_t instance
 */
-static void send_esp(void *data, esp_packet_t *packet)
-{
-	charon->sender->send_no_marker(charon->sender, (packet_t*)packet);
-}
-
-/**
- * Inbound callback
- */
-static void deliver_plain(private_kernel_libipsec_plugin_t *this,
-						  ip_packet_t *packet)
-{
-	this->tun->write_packet(this->tun, packet->get_encoding(packet));
-	packet->destroy(packet);
-}
-
-/**
- * Receiver callback
- */
-static void receiver_esp_cb(void *data, packet_t *packet)
-{
-	ipsec->processor->queue_inbound(ipsec->processor,
-									esp_packet_create_from_packet(packet));
-}
-
-/**
- * Job handling outbound plaintext packets
- */
-static job_requeue_t handle_plain(private_kernel_libipsec_plugin_t *this)
-{
-	chunk_t raw;
-
-	if (this->tun->read_packet(this->tun, &raw))
-	{
-		ip_packet_t *packet;
-
-		packet = ip_packet_create(raw);
-		if (packet)
-		{
-			ipsec->processor->queue_outbound(ipsec->processor, packet);
-		}
-		else
-		{
-			DBG1(DBG_KNL, "invalid IP packet read from TUN device");
-		}
-	}
-	return JOB_REQUEUE_DIRECT;
-}
-
-/**
- * Initialize/deinitialize sender and receiver
- */
-static bool packet_handler_cb(private_kernel_libipsec_plugin_t *this,
-							  plugin_feature_t *feature, bool reg, void *arg)
+static bool create_router(private_kernel_libipsec_plugin_t *this,
+						  plugin_feature_t *feature, bool reg, void *arg)
 {
 	if (reg)
-	{
-		ipsec->processor->register_outbound(ipsec->processor, send_esp, NULL);
-		ipsec->processor->register_inbound(ipsec->processor,
-									(ipsec_inbound_cb_t)deliver_plain, this);
-		charon->receiver->add_esp_cb(charon->receiver,
-									(receiver_esp_cb_t)receiver_esp_cb, NULL);
-		lib->processor->queue_job(lib->processor,
-			(job_t*)callback_job_create((callback_job_cb_t)handle_plain, this,
-									NULL, (callback_job_cancel_t)return_false));
+	{	/* registers as packet handler etc. */
+		this->router = kernel_libipsec_router_create();
 	}
 	else
 	{
-		charon->receiver->del_esp_cb(charon->receiver,
-									(receiver_esp_cb_t)receiver_esp_cb);
-		ipsec->processor->unregister_outbound(ipsec->processor,
-											 (ipsec_outbound_cb_t)send_esp);
-		ipsec->processor->unregister_inbound(ipsec->processor,
-											 (ipsec_inbound_cb_t)deliver_plain);
+		this->router->destroy(this->router);
 	}
 	return TRUE;
 }
@ -135,8 +75,8 @@ METHOD(plugin_t, get_features, int,
 	static plugin_feature_t f[] = {
 		PLUGIN_CALLBACK(kernel_ipsec_register, kernel_libipsec_ipsec_create),
 			PLUGIN_PROVIDE(CUSTOM, "kernel-ipsec"),
-		PLUGIN_CALLBACK((plugin_feature_callback_t)packet_handler_cb, NULL),
-			PLUGIN_PROVIDE(CUSTOM, "kernel-libipsec-handler"),
+		PLUGIN_CALLBACK((plugin_feature_callback_t)create_router, NULL),
+			PLUGIN_PROVIDE(CUSTOM, "kernel-libipsec-router"),
 				PLUGIN_DEPENDS(CUSTOM, "libcharon-receiver"),
 	};
 	*features = f;
--- a/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_router.c
+++ b/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_router.c
@ -0,0 +1,128 @@
+/*
+ * Copyright (C) 2013 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "kernel_libipsec_router.h"
+
+#include <daemon.h>
+#include <ipsec.h>
+#include <networking/tun_device.h>
+#include <processing/jobs/callback_job.h>
+
+typedef struct private_kernel_libipsec_router_t private_kernel_libipsec_router_t;
+
+/**
+ * Private data
+ */
+struct private_kernel_libipsec_router_t {
+
+	/**
+	 * Public interface
+	 */
+	kernel_libipsec_router_t public;
+
+	/**
+	 * TUN device
+	 */
+	tun_device_t *tun;
+};
+
+/**
+ * Outbound callback
+ */
+static void send_esp(void *data, esp_packet_t *packet)
+{
+	charon->sender->send_no_marker(charon->sender, (packet_t*)packet);
+}
+
+/**
+ * Receiver callback
+ */
+static void receiver_esp_cb(void *data, packet_t *packet)
+{
+	ipsec->processor->queue_inbound(ipsec->processor,
+									esp_packet_create_from_packet(packet));
+}
+
+/**
+ * Inbound callback
+ */
+static void deliver_plain(private_kernel_libipsec_router_t *this,
+						  ip_packet_t *packet)
+{
+	this->tun->write_packet(this->tun, packet->get_encoding(packet));
+	packet->destroy(packet);
+}
+
+/**
+ * Job handling outbound plaintext packets
+ */
+static job_requeue_t handle_plain(private_kernel_libipsec_router_t *this)
+{
+	chunk_t raw;
+
+	if (this->tun->read_packet(this->tun, &raw))
+	{
+		ip_packet_t *packet;
+
+		packet = ip_packet_create(raw);
+		if (packet)
+		{
+			ipsec->processor->queue_outbound(ipsec->processor, packet);
+		}
+		else
+		{
+			DBG1(DBG_KNL, "invalid IP packet read from TUN device");
+		}
+	}
+	return JOB_REQUEUE_DIRECT;
+}
+
+METHOD(kernel_libipsec_router_t, destroy, void,
+	private_kernel_libipsec_router_t *this)
+{
+	charon->receiver->del_esp_cb(charon->receiver,
+								(receiver_esp_cb_t)receiver_esp_cb);
+	ipsec->processor->unregister_outbound(ipsec->processor,
+										 (ipsec_outbound_cb_t)send_esp);
+	ipsec->processor->unregister_inbound(ipsec->processor,
+										 (ipsec_inbound_cb_t)deliver_plain);
+	free(this);
+}
+
+/*
+ * See header file
+ */
+kernel_libipsec_router_t *kernel_libipsec_router_create(tun_device_t *tun)
+{
+	private_kernel_libipsec_router_t *this;
+
+	INIT(this,
+		.public = {
+			.destroy = _destroy,
+		},
+		.tun = lib->get(lib, "kernel-libipsec-tun"),
+	);
+
+	ipsec->processor->register_outbound(ipsec->processor, send_esp, NULL);
+	ipsec->processor->register_inbound(ipsec->processor,
+									(ipsec_inbound_cb_t)deliver_plain, this);
+	charon->receiver->add_esp_cb(charon->receiver,
+									(receiver_esp_cb_t)receiver_esp_cb, NULL);
+	lib->processor->queue_job(lib->processor,
+			(job_t*)callback_job_create((callback_job_cb_t)handle_plain, this,
+									NULL, (callback_job_cancel_t)return_false));
+
+	return &this->public;
+}
--- a/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_router.h
+++ b/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_router.h
@ -0,0 +1,45 @@
+/*
+ * Copyright (C) 2013 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup kernel_libipsec_router kernel_libipsec_router
+ * @{ @ingroup kernel_libipsec
+ */
+
+#ifndef KERNEL_LIBIPSEC_ROUTER_H_
+#define KERNEL_LIBIPSEC_ROUTER_H_
+
+typedef struct kernel_libipsec_router_t kernel_libipsec_router_t;
+
+/**
+ * Class that routes the network packets between TUN device, libipsec and
+ * charon's IKE socket.
+ */
+struct kernel_libipsec_router_t {
+
+	/**
+	 * Destroy the given instance
+	 */
+	void (*destroy)(kernel_libipsec_router_t *this);
+};
+
+/**
+ * Create a kernel_libipsec_router_t instance.
+ *
+ * @return			kernel_libipsec_router_t instance
+ */
+kernel_libipsec_router_t *kernel_libipsec_router_create();
+
+#endif /** KERNEL_LIBIPSEC_ROUTER_H_ @}*/