diff options
author | Tobias Brunner <tobias@strongswan.org> | 2012-05-14 12:17:50 +0200 |
---|---|---|
committer | Tobias Brunner <tobias@strongswan.org> | 2012-06-11 17:33:29 +0200 |
commit | 95e41fb80ae6b7c6b5bdc6556a235a8b2db6cdf4 (patch) | |
tree | 5b6d2b4cb87b3eb280779e0aafa3741d9db03876 /src | |
parent | 163b22738648c9c915cb1107e7cbf413cbff6c94 (diff) | |
download | strongswan-95e41fb80ae6b7c6b5bdc6556a235a8b2db6cdf4.tar.bz2 strongswan-95e41fb80ae6b7c6b5bdc6556a235a8b2db6cdf4.tar.xz |
starter: Drop support for %defaultroute.
Diffstat (limited to 'src')
-rw-r--r-- | src/starter/Android.mk | 2 | ||||
-rw-r--r-- | src/starter/Makefile.am | 2 | ||||
-rw-r--r-- | src/starter/cmp.c | 9 | ||||
-rw-r--r-- | src/starter/cmp.h | 3 | ||||
-rw-r--r-- | src/starter/confread.c | 72 | ||||
-rw-r--r-- | src/starter/confread.h | 7 | ||||
-rw-r--r-- | src/starter/interfaces.c | 212 | ||||
-rw-r--r-- | src/starter/interfaces.h | 36 | ||||
-rw-r--r-- | src/starter/starter.c | 7 |
9 files changed, 14 insertions, 336 deletions
diff --git a/src/starter/Android.mk b/src/starter/Android.mk index c1cb27e82..960d85a2d 100644 --- a/src/starter/Android.mk +++ b/src/starter/Android.mk @@ -5,7 +5,7 @@ include $(CLEAR_VARS) LOCAL_SRC_FILES := \ parser.c lexer.c ipsec-parser.h netkey.c args.h netkey.h \ starterwhack.c starterwhack.h starterstroke.c invokepluto.c confread.c \ -starterstroke.h interfaces.c invokepluto.h confread.h interfaces.h args.c \ +starterstroke.h invokepluto.h confread.h args.c \ keywords.c files.h keywords.h cmp.c starter.c cmp.h invokecharon.c \ invokecharon.h klips.c klips.h diff --git a/src/starter/Makefile.am b/src/starter/Makefile.am index 9a4512066..185edbb8a 100644 --- a/src/starter/Makefile.am +++ b/src/starter/Makefile.am @@ -2,7 +2,7 @@ ipsec_PROGRAMS = starter starter_SOURCES = \ parser.y lexer.l ipsec-parser.h netkey.c args.h netkey.h \ starterwhack.c starterwhack.h starterstroke.c invokepluto.c confread.c \ -starterstroke.h interfaces.c invokepluto.h confread.h interfaces.h args.c \ +starterstroke.h invokepluto.h confread.h args.c \ keywords.c files.h keywords.h cmp.c starter.c cmp.h invokecharon.c \ invokecharon.h klips.c klips.h diff --git a/src/starter/cmp.c b/src/starter/cmp.c index 0727cf5f0..0072e3ed7 100644 --- a/src/starter/cmp.c +++ b/src/starter/cmp.c @@ -21,7 +21,6 @@ #include "confread.h" #include "args.h" -#include "interfaces.h" #include "cmp.h" #define VARCMP(obj) if (c1->obj != c2->obj) return FALSE @@ -105,11 +104,3 @@ starter_cmp_pluto(starter_config_t *c1, starter_config_t *c2) return cmp_args(KW_PLUTO_FIRST, KW_PLUTO_LAST, (char *)c1, (char *)c2); } - -bool -starter_cmp_defaultroute(defaultroute_t *d1, defaultroute_t *d2) -{ - if ((d1 == NULL) || (d2 == NULL)) - return FALSE; - return memcmp(d1, d2, sizeof(defaultroute_t)) == 0; -} diff --git a/src/starter/cmp.h b/src/starter/cmp.h index cda6e44b9..58c2ef819 100644 --- a/src/starter/cmp.h +++ b/src/starter/cmp.h @@ -15,13 +15,10 @@ #ifndef _STARTER_CMP_H_ #define _STARTER_CMP_H_ -#include "interfaces.h" - extern bool starter_cmp_conn(starter_conn_t *c1, starter_conn_t *c2); extern bool starter_cmp_ca(starter_ca_t *c1, starter_ca_t *c2); extern bool starter_cmp_klips(starter_config_t *c1, starter_config_t *c2); extern bool starter_cmp_pluto(starter_config_t *c1, starter_config_t *c2); -extern bool starter_cmp_defaultroute(defaultroute_t *d1, defaultroute_t *d2); #endif diff --git a/src/starter/confread.c b/src/starter/confread.c index af7cc4649..47afc5559 100644 --- a/src/starter/confread.c +++ b/src/starter/confread.c @@ -30,7 +30,6 @@ #include "confread.h" #include "args.h" #include "files.h" -#include "interfaces.h" /* strings containing a colon are interpreted as an IPv6 address */ #define ip_version(string) (strchr(string, '.') ? AF_INET : AF_INET6) @@ -184,24 +183,7 @@ static void kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token, case KW_HOST: free(end->host); end->host = NULL; - if (streq(value, "%defaultroute")) - { - if (cfg->defaultroute.defined) - { - end->addr = cfg->defaultroute.addr; - end->nexthop = cfg->defaultroute.nexthop; - } - else if (!cfg->defaultroute.supported) - { - DBG1(DBG_APP, "%%defaultroute not supported, fallback to %%any"); - } - else - { - DBG1(DBG_APP, "# default route not known: %s=%s", name, value); - goto err; - } - } - else if (streq(value, "%any") || streq(value, "%any4")) + if (streq(value, "%any") || streq(value, "%any4")) { anyaddr(conn->addr_family, &end->addr); } @@ -355,19 +337,7 @@ static void kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token, switch (token) { case KW_NEXTHOP: - if (streq(value, "%defaultroute")) - { - if (cfg->defaultroute.defined) - { - end->nexthop = cfg->defaultroute.nexthop; - } - else - { - DBG1(DBG_APP, "# default route not known: %s=%s", name, value); - goto err; - } - } - else if (streq(value, "%direct")) + if (streq(value, "%direct")) { ugh = anyaddr(conn->addr_family, &end->nexthop); } @@ -404,42 +374,25 @@ static void kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token, end->has_port_wildcard = has_port_wildcard; break; case KW_NATIP: + { + ip_address addr; if (end->sourceip) { DBG1(DBG_APP, "# natip and sourceip cannot be defined at the same time"); goto err; } - if (streq(value, "%defaultroute")) - { - char buf[64]; - - if (cfg->defaultroute.defined) - { - addrtot(&cfg->defaultroute.addr, 0, buf, sizeof(buf)); - end->sourceip = clone_str(buf); - } - else - { - DBG1(DBG_APP, "# default route not known: %s=%s", name, value); - goto err; - } - } - else + conn->tunnel_addr_family = ip_version(value); + ugh = ttoaddr(value, 0, conn->tunnel_addr_family, &addr); + if (ugh != NULL) { - ip_address addr; - - conn->tunnel_addr_family = ip_version(value); - ugh = ttoaddr(value, 0, conn->tunnel_addr_family, &addr); - if (ugh != NULL) - { - DBG1(DBG_APP, "# bad addr: %s=%s [%s]", name, value, ugh); - goto err; - } - end->sourceip = clone_str(value); + DBG1(DBG_APP, "# bad addr: %s=%s [%s]", name, value, ugh); + goto err; } + end->sourceip = clone_str(value); end->has_natip = TRUE; conn->policy |= POLICY_TUNNEL; break; + } default: break; } @@ -1053,9 +1006,6 @@ starter_config_t* confread_load(const char *file) /* set default values */ default_values(cfg); - /* determine default route */ - get_defaultroute(&cfg->defaultroute); - /* load config setup section */ load_setup(cfg, cfgp); diff --git a/src/starter/confread.h b/src/starter/confread.h index 655c97084..c142961b3 100644 --- a/src/starter/confread.h +++ b/src/starter/confread.h @@ -16,12 +16,10 @@ #ifndef _IPSEC_CONFREAD_H_ #define _IPSEC_CONFREAD_H_ -#ifndef _FREESWAN_H #include <freeswan.h> -#endif +#include "../pluto/constants.h" #include "ipsec-parser.h" -#include "interfaces.h" typedef enum { STARTUP_NO, @@ -218,9 +216,6 @@ struct starter_config { bool hidetos; } setup; - /* information about the default route */ - defaultroute_t defaultroute; - /* number of encountered parsing errors */ u_int err; u_int non_fatal_err; diff --git a/src/starter/interfaces.c b/src/starter/interfaces.c deleted file mode 100644 index 8d253aeec..000000000 --- a/src/starter/interfaces.c +++ /dev/null @@ -1,212 +0,0 @@ -/* strongSwan IPsec interfaces management - * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security - * 2009 Heiko Hund - Astaro AG - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include <stdlib.h> -#include <string.h> -#include <unistd.h> -#include <errno.h> - -#include <freeswan.h> - -#include <debug.h> -#include <constants.h> -#include <defs.h> - -#include "interfaces.h" -#include "files.h" - -#ifdef START_PLUTO - -#include <sys/socket.h> -#include <sys/ioctl.h> -#include <linux/rtnetlink.h> -#ifdef HAVE_SYS_SOCKIO_H -#include <sys/sockio.h> -#endif - -/* - * Get the default route information via rtnetlink - */ -void -get_defaultroute(defaultroute_t *defaultroute) -{ - union { - struct { - struct nlmsghdr nh; - struct rtmsg rt; - } m; - char buf[4096]; - } rtu; - - struct nlmsghdr *nh; - uint32_t best_metric = ~0; - ssize_t msglen; - int fd; - - memset(&rtu, 0, sizeof(rtu)); - rtu.m.nh.nlmsg_len = NLMSG_LENGTH(sizeof(rtu.m.rt)); - rtu.m.nh.nlmsg_flags = NLM_F_REQUEST | NLM_F_DUMP; - rtu.m.nh.nlmsg_type = RTM_GETROUTE; - rtu.m.rt.rtm_family = AF_INET; - rtu.m.rt.rtm_table = RT_TABLE_UNSPEC; - rtu.m.rt.rtm_protocol = RTPROT_UNSPEC; - rtu.m.rt.rtm_type = RTN_UNICAST; - - fd = socket(AF_NETLINK, SOCK_DGRAM, NETLINK_ROUTE); - if (fd == -1) - { - DBG1(DBG_APP, "could not create rtnetlink socket"); - return; - } - - if (send(fd, &rtu, rtu.m.nh.nlmsg_len, 0) == -1) - { - DBG1(DBG_APP, "could not write to rtnetlink socket"); - close(fd); - return; - } - - msglen = recv(fd, &rtu, sizeof(rtu), MSG_WAITALL); - if (msglen == -1) - { - DBG1(DBG_APP, "could not read from rtnetlink socket"); - close(fd); - return; - } - - close(fd); - - for (nh = &rtu.m.nh; NLMSG_OK(nh, msglen); nh = NLMSG_NEXT(nh, msglen)) - { - struct rtmsg *rt; - struct rtattr *rta; - uint32_t rtalen, metric = 0; - struct in_addr gw = { .s_addr = INADDR_ANY }; - int iface_idx = -1; - - if (nh->nlmsg_type == NLMSG_ERROR) - { - DBG1(DBG_APP, "error from rtnetlink"); - return; - } - - if (nh->nlmsg_type == NLMSG_DONE) - break; - - rt = NLMSG_DATA(nh); - if ( rt->rtm_dst_len != 0 - || (rt->rtm_table != RT_TABLE_MAIN - && rt->rtm_table != RT_TABLE_DEFAULT) ) - continue; - - rta = RTM_RTA(rt); - rtalen = RTM_PAYLOAD(nh); - while ( RTA_OK(rta, rtalen) ) - { - switch (rta->rta_type) - { - case RTA_GATEWAY: - gw = *(struct in_addr *) RTA_DATA(rta); - break; - case RTA_OIF: - iface_idx = *(int *) RTA_DATA(rta); - break; - case RTA_PRIORITY: - metric = *(uint32_t *) RTA_DATA(rta); - break; - } - rta = RTA_NEXT(rta, rtalen); - } - - if (metric < best_metric - && iface_idx != -1) - { - struct ifreq req; - - fd = socket(AF_INET, SOCK_DGRAM, 0); - if (fd < 0) - { - DBG1(DBG_APP, "could not open AF_INET socket"); - break; - } - memset(&req, 0, sizeof(req)); - req.ifr_ifindex = iface_idx; - if (ioctl(fd, SIOCGIFNAME, &req) < 0 || - ioctl(fd, SIOCGIFADDR, &req) < 0) - { - DBG1(DBG_APP, "could not read interface data, ignoring route"); - close(fd); - break; - } - - strncpy(defaultroute->iface, req.ifr_name, IFNAMSIZ); - defaultroute->iface[IFNAMSIZ-1] = '\0'; - defaultroute->addr.u.v4 = *((struct sockaddr_in *) &req.ifr_addr); - defaultroute->nexthop.u.v4.sin_family = AF_INET; - - if (gw.s_addr == INADDR_ANY) - { - if (ioctl(fd, SIOCGIFDSTADDR, &req) < 0 || - ((struct sockaddr_in*) &req.ifr_dstaddr)->sin_addr.s_addr == INADDR_ANY) - { - DBG2(DBG_APP, "Ignoring default route to device %s because we can't get it's destination", - req.ifr_name); - close(fd); - break; - } - - defaultroute->nexthop.u.v4 = *((struct sockaddr_in *) &req.ifr_dstaddr); - } - else - defaultroute->nexthop.u.v4.sin_addr = gw; - - close(fd); - - { - char addr[20]; - char nexthop[20]; - addrtot(&defaultroute->addr, 0, addr, sizeof(addr)); - addrtot(&defaultroute->nexthop, 0, nexthop, sizeof(nexthop)); - - DBG2(DBG_APP, - ( !defaultroute->defined - ? "Default route found: iface=%s, addr=%s, nexthop=%s" - : "Better default route: iface=%s, addr=%s, nexthop=%s" - ), defaultroute->iface, addr, nexthop - ); - } - - best_metric = metric; - defaultroute->defined = TRUE; - } - } - defaultroute->supported = TRUE; - - if (!defaultroute->defined) - DBG1(DBG_APP, "no default route - cannot cope with %%defaultroute!!!"); -} - -#else /* !START_PLUTO */ - -/** - * Pluto disabled, fall back to %any - */ -void -get_defaultroute(defaultroute_t *defaultroute) -{ - defaultroute->supported = FALSE; -} -#endif /* START_PLUTO */ - diff --git a/src/starter/interfaces.h b/src/starter/interfaces.h deleted file mode 100644 index ff8535f0e..000000000 --- a/src/starter/interfaces.h +++ /dev/null @@ -1,36 +0,0 @@ -/* strongSwan IPsec interfaces management - * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#ifndef _STARTER_INTERFACES_H_ -#define _STARTER_INTERFACES_H_ - -#include <sys/types.h> -#include <sys/socket.h> -#include <net/if.h> - -#include "../pluto/constants.h" - -typedef struct { - bool defined; - bool supported; - char iface[IFNAMSIZ]; - ip_address addr; - ip_address nexthop; -} defaultroute_t; - -extern void get_defaultroute(defaultroute_t *defaultroute); - - -#endif /* _STARTER_INTERFACES_H_ */ - diff --git a/src/starter/starter.c b/src/starter/starter.c index aad2e7a3d..86cf52b12 100644 --- a/src/starter/starter.c +++ b/src/starter/starter.c @@ -49,7 +49,6 @@ #include "netkey.h" #include "klips.h" #include "cmp.h" -#include "interfaces.h" #ifndef LOG_AUTHPRIV #define LOG_AUTHPRIV LOG_AUTH @@ -662,12 +661,6 @@ int main (int argc, char **argv) if (new_cfg && (new_cfg->err + new_cfg->non_fatal_err == 0)) { /* Switch to new config. New conn will be loaded below */ - if (!starter_cmp_defaultroute(&new_cfg->defaultroute - , &cfg->defaultroute)) - { - _action_ |= FLAG_ACTION_LISTEN; - } - if (!starter_cmp_pluto(cfg, new_cfg)) { DBG1(DBG_APP, "Pluto has changed"); |