kernel-libipsec: Use separate class to route packets between charon, libipsec and TUN device
This commit is contained in:
parent
554c4276a5
commit
7045defbff
|
@ -14,7 +14,8 @@ endif
|
||||||
|
|
||||||
libstrongswan_kernel_libipsec_la_SOURCES = \
|
libstrongswan_kernel_libipsec_la_SOURCES = \
|
||||||
kernel_libipsec_plugin.h kernel_libipsec_plugin.c \
|
kernel_libipsec_plugin.h kernel_libipsec_plugin.c \
|
||||||
kernel_libipsec_ipsec.h kernel_libipsec_ipsec.c
|
kernel_libipsec_ipsec.h kernel_libipsec_ipsec.c \
|
||||||
|
kernel_libipsec_router.h kernel_libipsec_router.c
|
||||||
|
|
||||||
libstrongswan_kernel_libipsec_la_LIBADD = $(top_builddir)/src/libipsec/libipsec.la
|
libstrongswan_kernel_libipsec_la_LIBADD = $(top_builddir)/src/libipsec/libipsec.la
|
||||||
|
|
||||||
|
|
|
@ -15,12 +15,11 @@
|
||||||
|
|
||||||
#include "kernel_libipsec_plugin.h"
|
#include "kernel_libipsec_plugin.h"
|
||||||
#include "kernel_libipsec_ipsec.h"
|
#include "kernel_libipsec_ipsec.h"
|
||||||
|
#include "kernel_libipsec_router.h"
|
||||||
|
|
||||||
#include <daemon.h>
|
#include <daemon.h>
|
||||||
#include <ipsec.h>
|
#include <ipsec.h>
|
||||||
#include <networking/tun_device.h>
|
#include <networking/tun_device.h>
|
||||||
#include <processing/jobs/callback_job.h>
|
|
||||||
#include <utils/debug.h>
|
|
||||||
|
|
||||||
#define TUN_DEFAULT_MTU 1400
|
#define TUN_DEFAULT_MTU 1400
|
||||||
|
|
||||||
|
@ -41,6 +40,10 @@ struct private_kernel_libipsec_plugin_t {
|
||||||
*/
|
*/
|
||||||
tun_device_t *tun;
|
tun_device_t *tun;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Packet router
|
||||||
|
*/
|
||||||
|
kernel_libipsec_router_t *router;
|
||||||
};
|
};
|
||||||
|
|
||||||
METHOD(plugin_t, get_name, char*,
|
METHOD(plugin_t, get_name, char*,
|
||||||
|
@ -50,81 +53,18 @@ METHOD(plugin_t, get_name, char*,
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Outbound callback
|
* Create the kernel_libipsec_router_t instance
|
||||||
*/
|
*/
|
||||||
static void send_esp(void *data, esp_packet_t *packet)
|
static bool create_router(private_kernel_libipsec_plugin_t *this,
|
||||||
{
|
plugin_feature_t *feature, bool reg, void *arg)
|
||||||
charon->sender->send_no_marker(charon->sender, (packet_t*)packet);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Inbound callback
|
|
||||||
*/
|
|
||||||
static void deliver_plain(private_kernel_libipsec_plugin_t *this,
|
|
||||||
ip_packet_t *packet)
|
|
||||||
{
|
|
||||||
this->tun->write_packet(this->tun, packet->get_encoding(packet));
|
|
||||||
packet->destroy(packet);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Receiver callback
|
|
||||||
*/
|
|
||||||
static void receiver_esp_cb(void *data, packet_t *packet)
|
|
||||||
{
|
|
||||||
ipsec->processor->queue_inbound(ipsec->processor,
|
|
||||||
esp_packet_create_from_packet(packet));
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Job handling outbound plaintext packets
|
|
||||||
*/
|
|
||||||
static job_requeue_t handle_plain(private_kernel_libipsec_plugin_t *this)
|
|
||||||
{
|
|
||||||
chunk_t raw;
|
|
||||||
|
|
||||||
if (this->tun->read_packet(this->tun, &raw))
|
|
||||||
{
|
|
||||||
ip_packet_t *packet;
|
|
||||||
|
|
||||||
packet = ip_packet_create(raw);
|
|
||||||
if (packet)
|
|
||||||
{
|
|
||||||
ipsec->processor->queue_outbound(ipsec->processor, packet);
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
DBG1(DBG_KNL, "invalid IP packet read from TUN device");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return JOB_REQUEUE_DIRECT;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Initialize/deinitialize sender and receiver
|
|
||||||
*/
|
|
||||||
static bool packet_handler_cb(private_kernel_libipsec_plugin_t *this,
|
|
||||||
plugin_feature_t *feature, bool reg, void *arg)
|
|
||||||
{
|
{
|
||||||
if (reg)
|
if (reg)
|
||||||
{
|
{ /* registers as packet handler etc. */
|
||||||
ipsec->processor->register_outbound(ipsec->processor, send_esp, NULL);
|
this->router = kernel_libipsec_router_create();
|
||||||
ipsec->processor->register_inbound(ipsec->processor,
|
|
||||||
(ipsec_inbound_cb_t)deliver_plain, this);
|
|
||||||
charon->receiver->add_esp_cb(charon->receiver,
|
|
||||||
(receiver_esp_cb_t)receiver_esp_cb, NULL);
|
|
||||||
lib->processor->queue_job(lib->processor,
|
|
||||||
(job_t*)callback_job_create((callback_job_cb_t)handle_plain, this,
|
|
||||||
NULL, (callback_job_cancel_t)return_false));
|
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
charon->receiver->del_esp_cb(charon->receiver,
|
this->router->destroy(this->router);
|
||||||
(receiver_esp_cb_t)receiver_esp_cb);
|
|
||||||
ipsec->processor->unregister_outbound(ipsec->processor,
|
|
||||||
(ipsec_outbound_cb_t)send_esp);
|
|
||||||
ipsec->processor->unregister_inbound(ipsec->processor,
|
|
||||||
(ipsec_inbound_cb_t)deliver_plain);
|
|
||||||
}
|
}
|
||||||
return TRUE;
|
return TRUE;
|
||||||
}
|
}
|
||||||
|
@ -135,8 +75,8 @@ METHOD(plugin_t, get_features, int,
|
||||||
static plugin_feature_t f[] = {
|
static plugin_feature_t f[] = {
|
||||||
PLUGIN_CALLBACK(kernel_ipsec_register, kernel_libipsec_ipsec_create),
|
PLUGIN_CALLBACK(kernel_ipsec_register, kernel_libipsec_ipsec_create),
|
||||||
PLUGIN_PROVIDE(CUSTOM, "kernel-ipsec"),
|
PLUGIN_PROVIDE(CUSTOM, "kernel-ipsec"),
|
||||||
PLUGIN_CALLBACK((plugin_feature_callback_t)packet_handler_cb, NULL),
|
PLUGIN_CALLBACK((plugin_feature_callback_t)create_router, NULL),
|
||||||
PLUGIN_PROVIDE(CUSTOM, "kernel-libipsec-handler"),
|
PLUGIN_PROVIDE(CUSTOM, "kernel-libipsec-router"),
|
||||||
PLUGIN_DEPENDS(CUSTOM, "libcharon-receiver"),
|
PLUGIN_DEPENDS(CUSTOM, "libcharon-receiver"),
|
||||||
};
|
};
|
||||||
*features = f;
|
*features = f;
|
||||||
|
|
|
@ -0,0 +1,128 @@
|
||||||
|
/*
|
||||||
|
* Copyright (C) 2013 Tobias Brunner
|
||||||
|
* Hochschule fuer Technik Rapperswil
|
||||||
|
*
|
||||||
|
* This program is free software; you can redistribute it and/or modify it
|
||||||
|
* under the terms of the GNU General Public License as published by the
|
||||||
|
* Free Software Foundation; either version 2 of the License, or (at your
|
||||||
|
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
||||||
|
*
|
||||||
|
* This program is distributed in the hope that it will be useful, but
|
||||||
|
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||||
|
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||||
|
* for more details.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include "kernel_libipsec_router.h"
|
||||||
|
|
||||||
|
#include <daemon.h>
|
||||||
|
#include <ipsec.h>
|
||||||
|
#include <networking/tun_device.h>
|
||||||
|
#include <processing/jobs/callback_job.h>
|
||||||
|
|
||||||
|
typedef struct private_kernel_libipsec_router_t private_kernel_libipsec_router_t;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Private data
|
||||||
|
*/
|
||||||
|
struct private_kernel_libipsec_router_t {
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Public interface
|
||||||
|
*/
|
||||||
|
kernel_libipsec_router_t public;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TUN device
|
||||||
|
*/
|
||||||
|
tun_device_t *tun;
|
||||||
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Outbound callback
|
||||||
|
*/
|
||||||
|
static void send_esp(void *data, esp_packet_t *packet)
|
||||||
|
{
|
||||||
|
charon->sender->send_no_marker(charon->sender, (packet_t*)packet);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Receiver callback
|
||||||
|
*/
|
||||||
|
static void receiver_esp_cb(void *data, packet_t *packet)
|
||||||
|
{
|
||||||
|
ipsec->processor->queue_inbound(ipsec->processor,
|
||||||
|
esp_packet_create_from_packet(packet));
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Inbound callback
|
||||||
|
*/
|
||||||
|
static void deliver_plain(private_kernel_libipsec_router_t *this,
|
||||||
|
ip_packet_t *packet)
|
||||||
|
{
|
||||||
|
this->tun->write_packet(this->tun, packet->get_encoding(packet));
|
||||||
|
packet->destroy(packet);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Job handling outbound plaintext packets
|
||||||
|
*/
|
||||||
|
static job_requeue_t handle_plain(private_kernel_libipsec_router_t *this)
|
||||||
|
{
|
||||||
|
chunk_t raw;
|
||||||
|
|
||||||
|
if (this->tun->read_packet(this->tun, &raw))
|
||||||
|
{
|
||||||
|
ip_packet_t *packet;
|
||||||
|
|
||||||
|
packet = ip_packet_create(raw);
|
||||||
|
if (packet)
|
||||||
|
{
|
||||||
|
ipsec->processor->queue_outbound(ipsec->processor, packet);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
DBG1(DBG_KNL, "invalid IP packet read from TUN device");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return JOB_REQUEUE_DIRECT;
|
||||||
|
}
|
||||||
|
|
||||||
|
METHOD(kernel_libipsec_router_t, destroy, void,
|
||||||
|
private_kernel_libipsec_router_t *this)
|
||||||
|
{
|
||||||
|
charon->receiver->del_esp_cb(charon->receiver,
|
||||||
|
(receiver_esp_cb_t)receiver_esp_cb);
|
||||||
|
ipsec->processor->unregister_outbound(ipsec->processor,
|
||||||
|
(ipsec_outbound_cb_t)send_esp);
|
||||||
|
ipsec->processor->unregister_inbound(ipsec->processor,
|
||||||
|
(ipsec_inbound_cb_t)deliver_plain);
|
||||||
|
free(this);
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* See header file
|
||||||
|
*/
|
||||||
|
kernel_libipsec_router_t *kernel_libipsec_router_create(tun_device_t *tun)
|
||||||
|
{
|
||||||
|
private_kernel_libipsec_router_t *this;
|
||||||
|
|
||||||
|
INIT(this,
|
||||||
|
.public = {
|
||||||
|
.destroy = _destroy,
|
||||||
|
},
|
||||||
|
.tun = lib->get(lib, "kernel-libipsec-tun"),
|
||||||
|
);
|
||||||
|
|
||||||
|
ipsec->processor->register_outbound(ipsec->processor, send_esp, NULL);
|
||||||
|
ipsec->processor->register_inbound(ipsec->processor,
|
||||||
|
(ipsec_inbound_cb_t)deliver_plain, this);
|
||||||
|
charon->receiver->add_esp_cb(charon->receiver,
|
||||||
|
(receiver_esp_cb_t)receiver_esp_cb, NULL);
|
||||||
|
lib->processor->queue_job(lib->processor,
|
||||||
|
(job_t*)callback_job_create((callback_job_cb_t)handle_plain, this,
|
||||||
|
NULL, (callback_job_cancel_t)return_false));
|
||||||
|
|
||||||
|
return &this->public;
|
||||||
|
}
|
|
@ -0,0 +1,45 @@
|
||||||
|
/*
|
||||||
|
* Copyright (C) 2013 Tobias Brunner
|
||||||
|
* Hochschule fuer Technik Rapperswil
|
||||||
|
*
|
||||||
|
* This program is free software; you can redistribute it and/or modify it
|
||||||
|
* under the terms of the GNU General Public License as published by the
|
||||||
|
* Free Software Foundation; either version 2 of the License, or (at your
|
||||||
|
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
||||||
|
*
|
||||||
|
* This program is distributed in the hope that it will be useful, but
|
||||||
|
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||||
|
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||||
|
* for more details.
|
||||||
|
*/
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @defgroup kernel_libipsec_router kernel_libipsec_router
|
||||||
|
* @{ @ingroup kernel_libipsec
|
||||||
|
*/
|
||||||
|
|
||||||
|
#ifndef KERNEL_LIBIPSEC_ROUTER_H_
|
||||||
|
#define KERNEL_LIBIPSEC_ROUTER_H_
|
||||||
|
|
||||||
|
typedef struct kernel_libipsec_router_t kernel_libipsec_router_t;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Class that routes the network packets between TUN device, libipsec and
|
||||||
|
* charon's IKE socket.
|
||||||
|
*/
|
||||||
|
struct kernel_libipsec_router_t {
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Destroy the given instance
|
||||||
|
*/
|
||||||
|
void (*destroy)(kernel_libipsec_router_t *this);
|
||||||
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Create a kernel_libipsec_router_t instance.
|
||||||
|
*
|
||||||
|
* @return kernel_libipsec_router_t instance
|
||||||
|
*/
|
||||||
|
kernel_libipsec_router_t *kernel_libipsec_router_create();
|
||||||
|
|
||||||
|
#endif /** KERNEL_LIBIPSEC_ROUTER_H_ @}*/
|
Loading…
Reference in New Issue