starter: Drop support for %defaultroute.

9 files changed, 14 insertions, 336 deletions

diff --git a/src/starter/Android.mk b/src/starter/Android.mk
index c1cb27e82..960d85a2d 100644
--- a/src/starter/Android.mk
+++ b/src/starter/Android.mk
@@ -5,7 +5,7 @@ include $(CLEAR_VARS)
 LOCAL_SRC_FILES := \
 parser.c lexer.c ipsec-parser.h netkey.c args.h netkey.h \
 starterwhack.c starterwhack.h starterstroke.c invokepluto.c confread.c \
-starterstroke.h interfaces.c invokepluto.h confread.h interfaces.h args.c \
+starterstroke.h invokepluto.h confread.h args.c \
 keywords.c files.h keywords.h cmp.c starter.c cmp.h invokecharon.c \
 invokecharon.h klips.c klips.h
 
diff --git a/src/starter/Makefile.am b/src/starter/Makefile.am
index 9a4512066..185edbb8a 100644
--- a/src/starter/Makefile.am
+++ b/src/starter/Makefile.am
@@ -2,7 +2,7 @@ ipsec_PROGRAMS = starter
 starter_SOURCES = \
 parser.y lexer.l ipsec-parser.h netkey.c args.h netkey.h \
 starterwhack.c starterwhack.h starterstroke.c invokepluto.c confread.c \
-starterstroke.h interfaces.c invokepluto.h confread.h interfaces.h args.c \
+starterstroke.h invokepluto.h confread.h args.c \
 keywords.c files.h keywords.h cmp.c starter.c cmp.h invokecharon.c \
 invokecharon.h klips.c klips.h
 
diff --git a/src/starter/cmp.c b/src/starter/cmp.c
index 0727cf5f0..0072e3ed7 100644
--- a/src/starter/cmp.c
+++ b/src/starter/cmp.c
@@ -21,7 +21,6 @@
 
 #include "confread.h"
 #include "args.h"
-#include "interfaces.h"
 #include "cmp.h"
 
 #define VARCMP(obj) if (c1->obj != c2->obj) return FALSE
@@ -105,11 +104,3 @@ starter_cmp_pluto(starter_config_t *c1, starter_config_t *c2)
 
 	return cmp_args(KW_PLUTO_FIRST, KW_PLUTO_LAST, (char *)c1, (char *)c2);
 }
-
-bool
-starter_cmp_defaultroute(defaultroute_t *d1, defaultroute_t *d2)
-{
-	if ((d1 == NULL) || (d2 == NULL))
-		return FALSE;
-	return memcmp(d1, d2, sizeof(defaultroute_t)) == 0;
-}
diff --git a/src/starter/cmp.h b/src/starter/cmp.h
index cda6e44b9..58c2ef819 100644
--- a/src/starter/cmp.h
+++ b/src/starter/cmp.h
@@ -15,13 +15,10 @@
 #ifndef _STARTER_CMP_H_
 #define _STARTER_CMP_H_
 
-#include "interfaces.h"
-
 extern bool starter_cmp_conn(starter_conn_t *c1, starter_conn_t *c2);
 extern bool starter_cmp_ca(starter_ca_t *c1, starter_ca_t *c2);
 extern bool starter_cmp_klips(starter_config_t *c1, starter_config_t *c2);
 extern bool starter_cmp_pluto(starter_config_t *c1, starter_config_t *c2);
-extern bool starter_cmp_defaultroute(defaultroute_t *d1, defaultroute_t *d2);
 
 #endif
 
diff --git a/src/starter/confread.c b/src/starter/confread.c
index af7cc4649..47afc5559 100644
--- a/src/starter/confread.c
+++ b/src/starter/confread.c
@@ -30,7 +30,6 @@
 #include "confread.h"
 #include "args.h"
 #include "files.h"
-#include "interfaces.h"
 
 /* strings containing a colon are interpreted as an IPv6 address */
 #define ip_version(string)	(strchr(string, '.') ? AF_INET : AF_INET6)
@@ -184,24 +183,7 @@ static void kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token,
 	case KW_HOST:
 		free(end->host);
 		end->host = NULL;
-		if (streq(value, "%defaultroute"))
-		{
-			if (cfg->defaultroute.defined)
-			{
-				end->addr    = cfg->defaultroute.addr;
-				end->nexthop = cfg->defaultroute.nexthop;
-			}
-			else if (!cfg->defaultroute.supported)
-			{
-				DBG1(DBG_APP, "%%defaultroute not supported, fallback to %%any");
-			}
-			else
-			{
-				DBG1(DBG_APP, "# default route not known: %s=%s", name, value);
-				goto err;
-			}
-		}
-		else if (streq(value, "%any") || streq(value, "%any4"))
+		if (streq(value, "%any") || streq(value, "%any4"))
 		{
 			anyaddr(conn->addr_family, &end->addr);
 		}
@@ -355,19 +337,7 @@ static void kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token,
 	switch (token)
 	{
 	case KW_NEXTHOP:
-		if (streq(value, "%defaultroute"))
-		{
-			if (cfg->defaultroute.defined)
-			{
-				end->nexthop = cfg->defaultroute.nexthop;
-			}
-			else
-			{
-				DBG1(DBG_APP, "# default route not known: %s=%s", name, value);
-				goto err;
-			}
-		}
-		else if (streq(value, "%direct"))
+		if (streq(value, "%direct"))
 		{
 			ugh = anyaddr(conn->addr_family, &end->nexthop);
 		}
@@ -404,42 +374,25 @@ static void kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token,
 		end->has_port_wildcard = has_port_wildcard;
 		break;
 	case KW_NATIP:
+	{
+		ip_address addr;
 		if (end->sourceip)
 		{
 			DBG1(DBG_APP, "# natip and sourceip cannot be defined at the same time");
 			goto err;
 		}
-		if (streq(value, "%defaultroute"))
-		{
-			char buf[64];
-
-			if (cfg->defaultroute.defined)
-			{
-				addrtot(&cfg->defaultroute.addr, 0, buf, sizeof(buf));
-				end->sourceip = clone_str(buf);
-			}
-			else
-			{
-				DBG1(DBG_APP, "# default route not known: %s=%s", name, value);
-				goto err;
-			}
-		}
-		else
+		conn->tunnel_addr_family = ip_version(value);
+		ugh = ttoaddr(value, 0, conn->tunnel_addr_family, &addr);
+		if (ugh != NULL)
 		{
-			ip_address addr;
-
-			conn->tunnel_addr_family = ip_version(value);
-			ugh = ttoaddr(value, 0, conn->tunnel_addr_family, &addr);
-			if (ugh != NULL)
-			{
-				DBG1(DBG_APP, "# bad addr: %s=%s [%s]", name, value, ugh);
-				goto err;
-			}
-			end->sourceip = clone_str(value);
+			DBG1(DBG_APP, "# bad addr: %s=%s [%s]", name, value, ugh);
+			goto err;
 		}
+		end->sourceip = clone_str(value);
 		end->has_natip = TRUE;
 		conn->policy |= POLICY_TUNNEL;
 		break;
+	}
 	default:
 		break;
 	}
@@ -1053,9 +1006,6 @@ starter_config_t* confread_load(const char *file)
 	/* set default values */
 	default_values(cfg);
 
-	/* determine default route */
-	get_defaultroute(&cfg->defaultroute);
-
 	/* load config setup section */
 	load_setup(cfg, cfgp);
 
diff --git a/src/starter/confread.h b/src/starter/confread.h
index 655c97084..c142961b3 100644
--- a/src/starter/confread.h
+++ b/src/starter/confread.h
@@ -16,12 +16,10 @@
 #ifndef _IPSEC_CONFREAD_H_
 #define _IPSEC_CONFREAD_H_
 
-#ifndef _FREESWAN_H
 #include <freeswan.h>
-#endif
+#include "../pluto/constants.h"
 
 #include "ipsec-parser.h"
-#include "interfaces.h"
 
 typedef enum {
 		STARTUP_NO,
@@ -218,9 +216,6 @@ struct starter_config {
 				bool    hidetos;
 		} setup;
 
-		/* information about the default route */
-		defaultroute_t defaultroute;
-
 		/* number of encountered parsing errors */
 		u_int err;
 		u_int non_fatal_err;
diff --git a/src/starter/interfaces.c b/src/starter/interfaces.c
deleted file mode 100644
index 8d253aeec..000000000
--- a/src/starter/interfaces.c
+++ /dev/null
@@ -1,212 +0,0 @@
-/* strongSwan IPsec interfaces management
- * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security
- *               2009 Heiko Hund - Astaro AG
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-#include <errno.h>
-
-#include <freeswan.h>
-
-#include <debug.h>
-#include <constants.h>
-#include <defs.h>
-
-#include "interfaces.h"
-#include "files.h"
-
-#ifdef START_PLUTO
-
-#include <sys/socket.h>
-#include <sys/ioctl.h>
-#include <linux/rtnetlink.h>
-#ifdef HAVE_SYS_SOCKIO_H
-#include <sys/sockio.h>
-#endif
-
-/*
- * Get the default route information via rtnetlink
- */
-void
-get_defaultroute(defaultroute_t *defaultroute)
-{
-	union {
-		struct {
-			struct nlmsghdr nh;
-			struct rtmsg    rt;
-		} m;
-		char buf[4096];
-	} rtu;
-
-	struct nlmsghdr *nh;
-	uint32_t best_metric = ~0;
-	ssize_t msglen;
-	int fd;
-
-	memset(&rtu, 0, sizeof(rtu));
-	rtu.m.nh.nlmsg_len = NLMSG_LENGTH(sizeof(rtu.m.rt));
-	rtu.m.nh.nlmsg_flags = NLM_F_REQUEST | NLM_F_DUMP;
-	rtu.m.nh.nlmsg_type = RTM_GETROUTE;
-	rtu.m.rt.rtm_family = AF_INET;
-	rtu.m.rt.rtm_table = RT_TABLE_UNSPEC;
-	rtu.m.rt.rtm_protocol = RTPROT_UNSPEC;
-	rtu.m.rt.rtm_type = RTN_UNICAST;
-
-	fd = socket(AF_NETLINK, SOCK_DGRAM, NETLINK_ROUTE);
-	if (fd == -1)
-	{
-		DBG1(DBG_APP, "could not create rtnetlink socket");
-		return;
-	}
-
-	if (send(fd, &rtu, rtu.m.nh.nlmsg_len, 0) == -1)
-	{
-		DBG1(DBG_APP, "could not write to rtnetlink socket");
-		close(fd);
-		return;
-	}
-
-	msglen = recv(fd, &rtu, sizeof(rtu), MSG_WAITALL);
-	if (msglen == -1)
-	{
-		DBG1(DBG_APP, "could not read from rtnetlink socket");
-		close(fd);
-		return;
-	}
-
-	close(fd);
-
-	for (nh = &rtu.m.nh; NLMSG_OK(nh, msglen); nh = NLMSG_NEXT(nh, msglen))
-	{
-		struct rtmsg *rt;
-		struct rtattr *rta;
-		uint32_t rtalen, metric = 0;
-		struct in_addr gw = { .s_addr = INADDR_ANY };
-		int iface_idx = -1;
-
-		if (nh->nlmsg_type == NLMSG_ERROR)
-		{
-			DBG1(DBG_APP, "error from rtnetlink");
-			return;
-		}
-
-		if (nh->nlmsg_type == NLMSG_DONE)
-			break;
-
-		rt = NLMSG_DATA(nh);
-		if ( rt->rtm_dst_len != 0
-		||  (rt->rtm_table != RT_TABLE_MAIN
-		  && rt->rtm_table != RT_TABLE_DEFAULT) )
-			continue;
-
-		rta = RTM_RTA(rt);
-		rtalen = RTM_PAYLOAD(nh);
-		while ( RTA_OK(rta, rtalen) )
-		{
-			switch (rta->rta_type)
-			{
-			case RTA_GATEWAY:
-				gw = *(struct in_addr *) RTA_DATA(rta);
-				break;
-			case RTA_OIF:
-				iface_idx = *(int *) RTA_DATA(rta);
-				break;
-			case RTA_PRIORITY:
-				metric = *(uint32_t *) RTA_DATA(rta);
-				break;
-			}
-			rta = RTA_NEXT(rta, rtalen);
-		}
-
-		if (metric < best_metric
-		&&  iface_idx != -1)
-		{
-			struct ifreq req;
-
-			fd = socket(AF_INET, SOCK_DGRAM, 0);
-			if (fd < 0)
-			{
-				DBG1(DBG_APP, "could not open AF_INET socket");
-				break;
-			}
-			memset(&req, 0, sizeof(req));
-			req.ifr_ifindex = iface_idx;
-			if (ioctl(fd, SIOCGIFNAME, &req) < 0 ||
-				ioctl(fd, SIOCGIFADDR, &req) < 0)
-			{
-				DBG1(DBG_APP, "could not read interface data, ignoring route");
-				close(fd);
-				break;
-			}
-
-			strncpy(defaultroute->iface, req.ifr_name, IFNAMSIZ);
-			defaultroute->iface[IFNAMSIZ-1] = '\0';
-			defaultroute->addr.u.v4 = *((struct sockaddr_in *) &req.ifr_addr);
-			defaultroute->nexthop.u.v4.sin_family = AF_INET;
-
-			if (gw.s_addr == INADDR_ANY)
-			{
-				if (ioctl(fd, SIOCGIFDSTADDR, &req) < 0 ||
-					((struct sockaddr_in*) &req.ifr_dstaddr)->sin_addr.s_addr == INADDR_ANY)
-				{
-					DBG2(DBG_APP, "Ignoring default route to device %s because we can't get it's destination",
-						 req.ifr_name);
-					close(fd);
-					break;
-				}
-
-				defaultroute->nexthop.u.v4 = *((struct sockaddr_in *) &req.ifr_dstaddr);
-			}
-			else
-				defaultroute->nexthop.u.v4.sin_addr = gw;
-
-			close(fd);
-
-			{
-				char addr[20];
-				char nexthop[20];
-				addrtot(&defaultroute->addr, 0, addr, sizeof(addr));
-				addrtot(&defaultroute->nexthop, 0, nexthop, sizeof(nexthop));
-
-				DBG2(DBG_APP,
-					( !defaultroute->defined
-					? "Default route found: iface=%s, addr=%s, nexthop=%s"
-					: "Better default route: iface=%s, addr=%s, nexthop=%s"
-					), defaultroute->iface, addr, nexthop
-				);
-			}
-
-			best_metric = metric;
-			defaultroute->defined = TRUE;
-		}
-	}
-	defaultroute->supported = TRUE;
-
-	if (!defaultroute->defined)
-		DBG1(DBG_APP, "no default route - cannot cope with %%defaultroute!!!");
-}
-
-#else /* !START_PLUTO */
-
-/**
- * Pluto disabled, fall back to %any
- */
-void
-get_defaultroute(defaultroute_t *defaultroute)
-{
-	defaultroute->supported = FALSE;
-}
-#endif /* START_PLUTO */
-
diff --git a/src/starter/interfaces.h b/src/starter/interfaces.h
deleted file mode 100644
index ff8535f0e..000000000
--- a/src/starter/interfaces.h
+++ /dev/null
@@ -1,36 +0,0 @@
-/* strongSwan IPsec interfaces management
- * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#ifndef _STARTER_INTERFACES_H_
-#define _STARTER_INTERFACES_H_
-
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <net/if.h>
-
-#include "../pluto/constants.h"
-
-typedef struct {
-	bool defined;
-	bool supported;
-	char iface[IFNAMSIZ];
-	ip_address addr;
-	ip_address nexthop;
-} defaultroute_t;
-
-extern void get_defaultroute(defaultroute_t *defaultroute);
-
-
-#endif /* _STARTER_INTERFACES_H_ */
-
diff --git a/src/starter/starter.c b/src/starter/starter.c
index aad2e7a3d..86cf52b12 100644
--- a/src/starter/starter.c
+++ b/src/starter/starter.c
@@ -49,7 +49,6 @@
 #include "netkey.h"
 #include "klips.h"
 #include "cmp.h"
-#include "interfaces.h"
 
 #ifndef LOG_AUTHPRIV
 #define LOG_AUTHPRIV LOG_AUTH
@@ -662,12 +661,6 @@ int main (int argc, char **argv)
 			if (new_cfg && (new_cfg->err + new_cfg->non_fatal_err == 0))
 			{
 				/* Switch to new config. New conn will be loaded below */
-				if (!starter_cmp_defaultroute(&new_cfg->defaultroute
-								   , &cfg->defaultroute))
-				{
-					_action_ |= FLAG_ACTION_LISTEN;
-				}
-
 				if (!starter_cmp_pluto(cfg, new_cfg))
 				{
 					DBG1(DBG_APP, "Pluto has changed");