aboutsummaryrefslogtreecommitdiffstats
path: root/src/libstrongswan/utils
diff options
context:
space:
mode:
Diffstat (limited to 'src/libstrongswan/utils')
-rw-r--r--src/libstrongswan/utils/blocking_queue.c129
-rw-r--r--src/libstrongswan/utils/blocking_queue.h97
-rw-r--r--src/libstrongswan/utils/host.c2
-rw-r--r--src/libstrongswan/utils/host.h13
-rw-r--r--src/libstrongswan/utils/packet.c163
-rw-r--r--src/libstrongswan/utils/packet.h121
-rw-r--r--src/libstrongswan/utils/tun_device.c353
-rw-r--r--src/libstrongswan/utils/tun_device.h112
8 files changed, 983 insertions, 7 deletions
diff --git a/src/libstrongswan/utils/blocking_queue.c b/src/libstrongswan/utils/blocking_queue.c
new file mode 100644
index 000000000..c70184198
--- /dev/null
+++ b/src/libstrongswan/utils/blocking_queue.c
@@ -0,0 +1,129 @@
+/*
+ * Copyright (C) 2012 Tobias Brunner
+ * Copyright (C) 2012 Giuliano Grassi
+ * Copyright (C) 2012 Ralf Sager
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "blocking_queue.h"
+
+#include <threading/mutex.h>
+#include <threading/thread.h>
+#include <threading/condvar.h>
+#include <utils/linked_list.h>
+
+typedef struct private_blocking_queue_t private_blocking_queue_t;
+
+/**
+ * Private data of a blocking_queue_t object.
+ */
+struct private_blocking_queue_t {
+
+ /**
+ * Public part
+ */
+ blocking_queue_t public;
+
+ /**
+ * Linked list containing all items in the queue
+ */
+ linked_list_t *list;
+
+ /**
+ * Mutex used to synchronize access to the queue
+ */
+ mutex_t *mutex;
+
+ /**
+ * Condvar used to wait for items
+ */
+ condvar_t *condvar;
+
+};
+
+METHOD(blocking_queue_t, enqueue, void,
+ private_blocking_queue_t *this, void *item)
+{
+ this->mutex->lock(this->mutex);
+ this->list->insert_first(this->list, item);
+ this->condvar->signal(this->condvar);
+ this->mutex->unlock(this->mutex);
+}
+
+METHOD(blocking_queue_t, dequeue, void*,
+ private_blocking_queue_t *this)
+{
+ bool oldstate;
+ void *item;
+
+
+ this->mutex->lock(this->mutex);
+ thread_cleanup_push((thread_cleanup_t)this->mutex->unlock, this->mutex);
+ /* ensure that a canceled thread does not dequeue any items */
+ thread_cancellation_point();
+ while (this->list->remove_last(this->list, &item) != SUCCESS)
+ {
+ oldstate = thread_cancelability(TRUE);
+ this->condvar->wait(this->condvar, this->mutex);
+ thread_cancelability(oldstate);
+ }
+ thread_cleanup_pop(TRUE);
+ return item;
+}
+
+METHOD(blocking_queue_t, destroy, void,
+ private_blocking_queue_t *this)
+{
+ this->list->destroy(this->list);
+ this->condvar->destroy(this->condvar);
+ this->mutex->destroy(this->mutex);
+ free(this);
+}
+
+METHOD(blocking_queue_t, destroy_offset, void,
+ private_blocking_queue_t *this, size_t offset)
+{
+ this->list->invoke_offset(this->list, offset);
+ destroy(this);
+}
+
+METHOD(blocking_queue_t, destroy_function, void,
+ private_blocking_queue_t *this, void (*fn)(void*))
+{
+ this->list->invoke_function(this->list, (linked_list_invoke_t)fn);
+ destroy(this);
+}
+
+/*
+ * Described in header.
+ */
+blocking_queue_t *blocking_queue_create()
+{
+ private_blocking_queue_t *this;
+
+ INIT(this,
+ .public = {
+ .enqueue = _enqueue,
+ .dequeue = _dequeue,
+ .destroy = _destroy,
+ .destroy_offset = _destroy_offset,
+ .destroy_function = _destroy_function,
+ },
+ .list = linked_list_create(),
+ .mutex = mutex_create(MUTEX_TYPE_DEFAULT),
+ .condvar = condvar_create(CONDVAR_TYPE_DEFAULT),
+ );
+
+ return &this->public;
+}
+
diff --git a/src/libstrongswan/utils/blocking_queue.h b/src/libstrongswan/utils/blocking_queue.h
new file mode 100644
index 000000000..cf2712cf4
--- /dev/null
+++ b/src/libstrongswan/utils/blocking_queue.h
@@ -0,0 +1,97 @@
+/*
+ * Copyright (C) 2012 Tobias Brunner
+ * Copyright (C) 2012 Giuliano Grassi
+ * Copyright (C) 2012 Ralf Sager
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup blocking_queue blocking_queue
+ * @{ @ingroup utils
+ */
+
+#ifndef BLOCKING_QUEUE_H_
+#define BLOCKING_QUEUE_H_
+
+typedef struct blocking_queue_t blocking_queue_t;
+
+#include <library.h>
+
+/**
+ * Class implementing a synchronized blocking queue based on linked_list_t
+ */
+struct blocking_queue_t {
+
+ /**
+ * Inserts a new item at the tail of the queue
+ *
+ * @param item item to insert in queue
+ */
+ void (*enqueue)(blocking_queue_t *this, void *item);
+
+ /**
+ * Removes the first item in the queue and returns its value.
+ * If the queue is empty, this call blocks until a new item is inserted.
+ *
+ * @note This is a thread cancellation point
+ *
+ * @return removed item
+ */
+ void *(*dequeue)(blocking_queue_t *this);
+
+ /**
+ * Destroys a blocking_queue_t object.
+ *
+ * @note No thread must wait in dequeue() when this function is called
+ */
+ void (*destroy)(blocking_queue_t *this);
+
+ /**
+ * Destroys a queue and its objects using the given destructor.
+ *
+ * If a queue and the contained objects should be destroyed, use
+ * destroy_offset. The supplied offset specifies the destructor to
+ * call on each object. The offset may be calculated using the offsetof
+ * macro, e.g.: queue->destroy_offset(queue, offsetof(object_t, destroy));
+ *
+ * @note No thread must wait in dequeue() when this function is called
+ *
+ * @param offset offset of the objects destructor
+ */
+ void (*destroy_offset)(blocking_queue_t *this, size_t offset);
+
+ /**
+ * Destroys a queue and its objects using a cleanup function.
+ *
+ * If a queue and its contents should get destroyed using a specific
+ * cleanup function, use destroy_function. This is useful when the
+ * list contains malloc()-ed blocks which should get freed,
+ * e.g.: queue->destroy_function(queue, free);
+ *
+ * @note No thread must wait in dequeue() when this function is called
+ *
+ * @param function function to call on each object
+ */
+ void (*destroy_function)(blocking_queue_t *this, void (*)(void*));
+
+};
+
+/**
+ * Creates an empty queue object.
+ *
+ * @return blocking_queue_t object.
+ */
+blocking_queue_t *blocking_queue_create();
+
+#endif /** BLOCKING_QUEUE_H_ @}*/
+
diff --git a/src/libstrongswan/utils/host.c b/src/libstrongswan/utils/host.c
index 0f40a0dd4..3a16138a4 100644
--- a/src/libstrongswan/utils/host.c
+++ b/src/libstrongswan/utils/host.c
@@ -110,7 +110,7 @@ int host_printf_hook(printf_hook_data_t *data, printf_hook_spec_t *spec,
{
snprintf(buffer, sizeof(buffer), "(null)");
}
- else if (is_anyaddr(this))
+ else if (is_anyaddr(this) && !spec->plus)
{
snprintf(buffer, sizeof(buffer), "%%any%s",
this->address.sa_family == AF_INET6 ? "6" : "");
diff --git a/src/libstrongswan/utils/host.h b/src/libstrongswan/utils/host.h
index 444878524..a8b010544 100644
--- a/src/libstrongswan/utils/host.h
+++ b/src/libstrongswan/utils/host.h
@@ -155,7 +155,7 @@ struct host_t {
*
* @param string string of an address, such as "152.96.193.130"
* @param port port number
- * @return host_t, NULL if string not an address.
+ * @return host_t, NULL if string not an address.
*/
host_t *host_create_from_string(char *string, u_int16_t port);
@@ -165,7 +165,7 @@ host_t *host_create_from_string(char *string, u_int16_t port);
* @param string hostname to resolve
* @param family family to prefer, 0 for first match
* @param port port number
- * @return host_t, NULL lookup failed
+ * @return host_t, NULL lookup failed
*/
host_t *host_create_from_dns(char *string, int family, u_int16_t port);
@@ -174,10 +174,10 @@ host_t *host_create_from_dns(char *string, int family, u_int16_t port);
*
* If family is AF_UNSPEC, it is guessed using address.len.
*
- * @param family Address family, such as AF_INET or AF_INET6
+ * @param family Address family, such as AF_INET or AF_INET6
* @param address address as chunk_t in network order
* @param port port number
- * @return host_t, NULL if family not supported/chunk invalid
+ * @return host_t, NULL if family not supported/chunk invalid
*/
host_t *host_create_from_chunk(int family, chunk_t address, u_int16_t port);
@@ -185,7 +185,7 @@ host_t *host_create_from_chunk(int family, chunk_t address, u_int16_t port);
* Constructor to create a host_t object from a sockaddr struct
*
* @param sockaddr sockaddr struct which contains family, address and port
- * @return host_t, NULL if family not supported
+ * @return host_t, NULL if family not supported
*/
host_t *host_create_from_sockaddr(sockaddr_t *sockaddr);
@@ -202,7 +202,7 @@ host_t *host_create_from_subnet(char *string, int *bits);
* Create a host without an address, a "any" host.
*
* @param family family of the any host
- * @return host_t, NULL if family not supported
+ * @return host_t, NULL if family not supported
*/
host_t *host_create_any(int family);
@@ -212,6 +212,7 @@ host_t *host_create_any(int family);
* Arguments are:
* host_t *host
* Use #-modifier to include port number
+ * Use +-modifier to force numeric representation (instead of e.g. %any)
*/
int host_printf_hook(printf_hook_data_t *data, printf_hook_spec_t *spec,
const void *const *args);
diff --git a/src/libstrongswan/utils/packet.c b/src/libstrongswan/utils/packet.c
new file mode 100644
index 000000000..a2c329d60
--- /dev/null
+++ b/src/libstrongswan/utils/packet.c
@@ -0,0 +1,163 @@
+/*
+ * Copyright (C) 2012 Tobias Brunner
+ * Copyright (C) 2005-2006 Martin Willi
+ * Copyright (C) 2005 Jan Hutter
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "packet.h"
+
+typedef struct private_packet_t private_packet_t;
+
+/**
+ * Private data of an packet_t object.
+ */
+struct private_packet_t {
+
+ /**
+ * Public part of a packet_t object.
+ */
+ packet_t public;
+
+ /**
+ * source address
+ */
+ host_t *source;
+
+ /**
+ * destination address
+ */
+ host_t *destination;
+
+ /**
+ * message data
+ */
+ chunk_t data;
+
+ /**
+ * actual chunk returned from get_data, adjusted when skip_bytes is called
+ */
+ chunk_t adjusted_data;
+};
+
+METHOD(packet_t, set_source, void,
+ private_packet_t *this, host_t *source)
+{
+ DESTROY_IF(this->source);
+ this->source = source;
+}
+
+METHOD(packet_t, set_destination, void,
+ private_packet_t *this, host_t *destination)
+{
+ DESTROY_IF(this->destination);
+ this->destination = destination;
+}
+
+METHOD(packet_t, get_source, host_t*,
+ private_packet_t *this)
+{
+ return this->source;
+}
+
+METHOD(packet_t, get_destination, host_t*,
+ private_packet_t *this)
+{
+ return this->destination;
+}
+
+METHOD(packet_t, get_data, chunk_t,
+ private_packet_t *this)
+{
+ return this->adjusted_data;
+}
+
+METHOD(packet_t, set_data, void,
+ private_packet_t *this, chunk_t data)
+{
+ free(this->data.ptr);
+ this->adjusted_data = this->data = data;
+}
+
+METHOD(packet_t, skip_bytes, void,
+ private_packet_t *this, size_t bytes)
+{
+ this->adjusted_data = chunk_skip(this->adjusted_data, bytes);
+}
+
+METHOD(packet_t, destroy, void,
+ private_packet_t *this)
+{
+ DESTROY_IF(this->source);
+ DESTROY_IF(this->destination);
+ free(this->data.ptr);
+ free(this);
+}
+
+METHOD(packet_t, clone_, packet_t*,
+ private_packet_t *this)
+{
+ packet_t *other;
+
+ other = packet_create();
+ if (this->destination)
+ {
+ other->set_destination(other,
+ this->destination->clone(this->destination));
+ }
+ if (this->source)
+ {
+ other->set_source(other, this->source->clone(this->source));
+ }
+ if (this->data.ptr)
+ {
+ other->set_data(other, chunk_clone(this->adjusted_data));
+ }
+ return other;
+}
+
+/**
+ * Described in header.
+ */
+packet_t *packet_create_from_data(host_t *src, host_t *dst, chunk_t data)
+{
+ private_packet_t *this;
+
+ INIT(this,
+ .public = {
+ .set_data = _set_data,
+ .get_data = _get_data,
+ .set_source = _set_source,
+ .get_source = _get_source,
+ .set_destination = _set_destination,
+ .get_destination = _get_destination,
+ .skip_bytes = _skip_bytes,
+ .clone = _clone_,
+ .destroy = _destroy,
+ },
+ .source = src,
+ .destination = dst,
+ .adjusted_data = data,
+ .data = data,
+ );
+
+ return &this->public;
+}
+
+/*
+ * Described in header.
+ */
+packet_t *packet_create()
+{
+ return packet_create_from_data(NULL, NULL, chunk_empty);
+}
diff --git a/src/libstrongswan/utils/packet.h b/src/libstrongswan/utils/packet.h
new file mode 100644
index 000000000..5c4440115
--- /dev/null
+++ b/src/libstrongswan/utils/packet.h
@@ -0,0 +1,121 @@
+/*
+ * Copyright (C) 2012 Tobias Brunner
+ * Copyright (C) 2005-2006 Martin Willi
+ * Copyright (C) 2005 Jan Hutter
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup packet packet
+ * @{ @ingroup utils
+ */
+
+#ifndef PACKET_H_
+#define PACKET_H_
+
+typedef struct packet_t packet_t;
+
+#include <library.h>
+#include <utils/host.h>
+
+/**
+ * Abstraction of an IP/UDP-Packet, contains data, sender and receiver.
+ */
+struct packet_t {
+
+ /**
+ * Set the source address.
+ *
+ * @param source address to set as source (gets owned)
+ */
+ void (*set_source)(packet_t *packet, host_t *source);
+
+ /**
+ * Set the destination address.
+ *
+ * @param source address to set as destination (gets owned)
+ */
+ void (*set_destination)(packet_t *packet, host_t *destination);
+
+ /**
+ * Get the source address.
+ *
+ * @return source address (internal data)
+ */
+ host_t *(*get_source)(packet_t *packet);
+
+ /**
+ * Get the destination address.
+ *
+ * @return destination address (internal data)
+ */
+ host_t *(*get_destination)(packet_t *packet);
+
+ /**
+ * Get the data from the packet.
+ *
+ * @return chunk containing the data (internal data)
+ */
+ chunk_t (*get_data)(packet_t *packet);
+
+ /**
+ * Set the data in the packet.
+ *
+ * @param data chunk with data to set (gets owned)
+ */
+ void (*set_data)(packet_t *packet, chunk_t data);
+
+ /**
+ * Increase the offset where the actual packet data starts.
+ *
+ * The total offset applies to future calls of get_data() and clone().
+ *
+ * @note The offset is reset to 0 when set_data() is called.
+ *
+ * @param bytes the number of additional bytes to skip
+ */
+ void (*skip_bytes)(packet_t *packet, size_t bytes);
+
+ /**
+ * Clones a packet_t object.
+ *
+ * @note Data is cloned without skipped bytes.
+ *
+ * @param clone clone of the packet
+ */
+ packet_t* (*clone)(packet_t *packet);
+
+ /**
+ * Destroy the packet, freeing contained data.
+ */
+ void (*destroy)(packet_t *packet);
+};
+
+/**
+ * Create an empty packet
+ *
+ * @return packet_t object
+ */
+packet_t *packet_create();
+
+/**
+ * Create a packet from the supplied data
+ *
+ * @param src source address (gets owned)
+ * @param dst destination address (gets owned)
+ * @param data packet data (gets owned)
+ * @return packet_t object
+ */
+packet_t *packet_create_from_data(host_t *src, host_t *dst, chunk_t data);
+
+#endif /** PACKET_H_ @}*/
diff --git a/src/libstrongswan/utils/tun_device.c b/src/libstrongswan/utils/tun_device.c
new file mode 100644
index 000000000..889fe6247
--- /dev/null
+++ b/src/libstrongswan/utils/tun_device.c
@@ -0,0 +1,353 @@
+/*
+ * Copyright (C) 2012 Tobias Brunner
+ * Copyright (C) 2012 Giuliano Grassi
+ * Copyright (C) 2012 Ralf Sager
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <errno.h>
+#include <fcntl.h>
+#include <netinet/in.h>
+#include <string.h>
+#include <sys/ioctl.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/stat.h>
+#include <unistd.h>
+#include <linux/if.h>
+#include <linux/if_tun.h>
+
+#include "tun_device.h"
+
+#include <library.h>
+#include <debug.h>
+#include <threading/thread.h>
+
+#define TUN_DEFAULT_MTU 1500
+
+typedef struct private_tun_device_t private_tun_device_t;
+
+struct private_tun_device_t {
+
+ /**
+ * Public interface
+ */
+ tun_device_t public;
+
+ /**
+ * The TUN device's file descriptor
+ */
+ int tunfd;
+
+ /**
+ * Name of the TUN device
+ */
+ char if_name[IFNAMSIZ];
+
+ /**
+ * Socket used for ioctl() to set interface addr, ...
+ */
+ int sock;
+
+ /**
+ * The current MTU
+ */
+ int mtu;
+};
+
+/**
+ * Set the sockaddr_t from the given netmask
+ */
+static void set_netmask(struct ifreq *ifr, int family, u_int8_t netmask)
+{
+ int len, bytes, bits;
+ char *target;
+
+ switch (family)
+ {
+ case AF_INET:
+ {
+ struct sockaddr_in *addr = (struct sockaddr_in*)&ifr->ifr_addr;
+ addr->sin_family = AF_INET;
+ target = (char*)&addr->sin_addr;
+ len = 4;
+ break;
+ }
+ case AF_INET6:
+ {
+ struct sockaddr_in6 *addr = (struct sockaddr_in6*)&ifr->ifr_addr;
+ addr->sin6_family = AF_INET6;
+ target = (char*)&addr->sin6_addr;
+ len = 16;
+ break;
+ }
+ default:
+ return;
+ }
+
+ bytes = (netmask + 7) / 8;
+ bits = (bytes * 8) - netmask;
+
+ memset(target, 0xff, bytes);
+ memset(target + bytes, 0x00, len - bytes);
+ target[bytes - 1] = bits ? (u_int8_t)(0xff << bits) : 0xff;
+}
+
+METHOD(tun_device_t, set_address, bool,
+ private_tun_device_t *this, host_t *addr, u_int8_t netmask)
+{
+ struct ifreq ifr;
+ int family;
+
+ family = addr->get_family(addr);
+ if ((netmask > 32 && family == AF_INET) || netmask > 128)
+ {
+ DBG1(DBG_LIB, "failed to set address on %s: invalid netmask",
+ this->if_name);
+ return FALSE;
+ }
+
+ memset(&ifr, 0, sizeof(ifr));
+ strncpy(ifr.ifr_name, this->if_name, IFNAMSIZ);
+ memcpy(&ifr.ifr_addr, addr->get_sockaddr(addr), sizeof(sockaddr_t));
+
+ if (ioctl(this->sock, SIOCSIFADDR, &ifr) < 0)
+ {
+ DBG1(DBG_LIB, "failed to set address on %s: %s",
+ this->if_name, strerror(errno));
+ return FALSE;
+ }
+
+ set_netmask(&ifr, family, netmask);
+
+ if (ioctl(this->sock, SIOCSIFNETMASK, &ifr) < 0)
+ {
+ DBG1(DBG_LIB, "failed to set netmask on %s: %s",
+ this->if_name, strerror(errno));
+ return FALSE;
+ }
+ return TRUE;
+}
+
+METHOD(tun_device_t, up, bool,
+ private_tun_device_t *this)
+{
+ struct ifreq ifr;
+
+ memset(&ifr, 0, sizeof(ifr));
+ strncpy(ifr.ifr_name, this->if_name, IFNAMSIZ);
+
+ if (ioctl(this->sock, SIOCGIFFLAGS, &ifr) < 0)
+ {
+ DBG1(DBG_LIB, "failed to get interface flags for %s: %s", this->if_name,
+ strerror(errno));
+ return FALSE;
+ }
+
+ ifr.ifr_flags |= IFF_RUNNING | IFF_UP;
+
+ if (ioctl(this->sock, SIOCSIFFLAGS, &ifr) < 0)
+ {
+ DBG1(DBG_LIB, "failed to set interface flags on %s: %s", this->if_name,
+ strerror(errno));
+ return FALSE;
+ }
+ return TRUE;
+}
+
+METHOD(tun_device_t, set_mtu, bool,
+ private_tun_device_t *this, int mtu)
+{
+ struct ifreq ifr;
+
+ memset(&ifr, 0, sizeof(ifr));
+ strncpy(ifr.ifr_name, this->if_name, IFNAMSIZ);
+ ifr.ifr_mtu = mtu;
+
+ if (ioctl(this->sock, SIOCSIFMTU, &ifr) < 0)
+ {
+ return FALSE;
+ }
+ this->mtu = mtu;
+ return TRUE;
+}
+
+METHOD(tun_device_t, get_mtu, int,
+ private_tun_device_t *this)
+{
+ struct ifreq ifr;
+
+ if (this->mtu > 0)
+ {
+ return this->mtu;
+ }
+
+ memset(&ifr, 0, sizeof(ifr));
+ strncpy(ifr.ifr_name, this->if_name, IFNAMSIZ);
+ this->mtu = TUN_DEFAULT_MTU;
+
+ if (ioctl(this->sock, SIOCGIFMTU, &ifr) == 0)
+ {
+ this->mtu = ifr.ifr_mtu;
+ }
+ return this->mtu;
+}
+
+METHOD(tun_device_t, get_name, char*,
+ private_tun_device_t *this)
+{
+ return this->if_name;
+}
+
+METHOD(tun_device_t, write_packet, bool,
+ private_tun_device_t *this, chunk_t packet)
+{
+ ssize_t s;
+
+ s = write(this->tunfd, packet.ptr, packet.len);
+ if (s < 0)
+ {
+ DBG1(DBG_LIB, "failed to write packet to TUN device %s: %s",
+ this->if_name, strerror(errno));
+ return FALSE;
+ }
+ else if (s != packet.len)
+ {
+ return FALSE;
+ }
+ return TRUE;
+}
+
+METHOD(tun_device_t, read_packet, bool,
+ private_tun_device_t *this, chunk_t *packet)
+{
+ ssize_t len;
+ fd_set set;
+ bool old;
+
+ FD_ZERO(&set);
+ FD_SET(this->tunfd, &set);
+
+ old = thread_cancelability(TRUE);
+ len = select(this->tunfd + 1, &set, NULL, NULL, NULL);
+ thread_cancelability(old);
+
+ if (len < 0)
+ {
+ DBG1(DBG_LIB, "select on TUN device %s failed: %s", this->if_name,
+ strerror(errno));
+ return FALSE;
+ }
+ /* FIXME: this is quite expensive for lots of small packets, copy from
+ * local buffer instead? */
+ *packet = chunk_alloc(get_mtu(this));
+ len = read(this->tunfd, packet->ptr, packet->len);
+ if (len < 0)
+ {
+ DBG1(DBG_LIB, "reading from TUN device %s failed: %s", this->if_name,
+ strerror(errno));
+ chunk_free(packet);
+ return FALSE;
+ }
+ packet->len = len;
+ return TRUE;
+}
+
+METHOD(tun_device_t, destroy, void,
+ private_tun_device_t *this)
+{
+ if (this->tunfd > 0)
+ {
+ close(this->tunfd);
+ }
+ if (this->sock > 0)
+ {
+ close(this->sock);
+ }
+ free(this);
+}
+
+/**
+ * Allocate a TUN device
+ */
+static int tun_alloc(char dev[IFNAMSIZ])
+{
+ struct ifreq ifr;
+ int fd;
+
+ fd = open("/dev/net/tun", O_RDWR);
+ if (fd < 0)
+ {
+ DBG1(DBG_LIB, "failed to open /dev/net/tun: %s", strerror(errno));
+ return fd;
+ }
+
+ memset(&ifr, 0, sizeof(ifr));
+
+ /* TUN device, no packet info */
+ ifr.ifr_flags = IFF_TUN | IFF_NO_PI;
+
+ strncpy(ifr.ifr_name, dev, IFNAMSIZ);
+
+ if (ioctl(fd, TUNSETIFF, (void*)&ifr) < 0)
+ {
+ DBG1(DBG_LIB, "failed to configure TUN device: %s", strerror(errno));
+ close(fd);
+ return -1;
+ }
+ strncpy(dev, ifr.ifr_name, IFNAMSIZ);
+ return fd;
+}
+
+/*
+ * Described in header
+ */
+tun_device_t *tun_device_create(const char *name_tmpl)
+{
+ private_tun_device_t *this;
+
+ INIT(this,
+ .public = {
+ .read_packet = _read_packet,
+ .write_packet = _write_packet,
+ .get_mtu = _get_mtu,
+ .set_mtu = _set_mtu,
+ .get_name = _get_name,
+ .set_address = _set_address,
+ .up = _up,
+ .destroy = _destroy,
+ },
+ .tunfd = -1,
+ .sock = -1,
+ );
+
+ strncpy(this->if_name, name_tmpl ?: "tun%d", IFNAMSIZ);
+ this->if_name[IFNAMSIZ-1] = '\0';
+
+ this->tunfd = tun_alloc(this->if_name);
+ if (this->tunfd < 0)
+ {
+ destroy(this);
+ return NULL;
+ }
+ DBG1(DBG_LIB, "created TUN device: %s", this->if_name);
+
+ this->sock = socket(AF_INET, SOCK_DGRAM, 0);
+ if (this->sock < 0)
+ {
+ DBG1(DBG_LIB, "failed to open socket to configure TUN device");
+ destroy(this);
+ return NULL;
+ }
+ return &this->public;
+}
diff --git a/src/libstrongswan/utils/tun_device.h b/src/libstrongswan/utils/tun_device.h
new file mode 100644
index 000000000..71af0386b
--- /dev/null
+++ b/src/libstrongswan/utils/tun_device.h
@@ -0,0 +1,112 @@
+/*
+ * Copyright (C) 2012 Tobias Brunner
+ * Copyright (C) 2012 Giuliano Grassi
+ * Copyright (C) 2012 Ralf Sager
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup tun_device tun_device
+ * @{ @ingroup utils
+ */
+
+#ifndef TUN_DEVICE_H_
+#define TUN_DEVICE_H_
+
+#include <library.h>
+#include <utils/host.h>
+
+typedef struct tun_device_t tun_device_t;
+
+/**
+ * Class to create TUN devices
+ *
+ * Creating such a device requires the CAP_NET_ADMIN capability.
+ *
+ * @note The implementation is currently very Linux specific
+ */
+struct tun_device_t {
+
+ /**
+ * Read a packet from the TUN device
+ *
+ * @note This call blocks until a packet is available. It is a thread
+ * cancellation point.
+ *
+ * @param packet the packet read from the device
+ * @return TRUE if successful
+ */
+ bool (*read_packet)(tun_device_t *this, chunk_t *packet);
+
+ /**
+ * Write a packet to the TUN device
+ *
+ * @param packet the packet to write to the TUN device
+ * @return TRUE if successful
+ */
+ bool (*write_packet)(tun_device_t *this, chunk_t packet);
+
+ /**
+ * Set the IP address of the device
+ *
+ * @param addr the desired interface address
+ * @param netmask the netmask to use
+ * @return TRUE if operation successful
+ */
+ bool (*set_address)(tun_device_t *this, host_t *addr, u_int8_t netmask);
+
+ /**
+ * Bring the TUN device up
+ *
+ * @return TRUE if operation successful
+ */
+ bool (*up)(tun_device_t *this);
+
+ /**
+ * Set the MTU for this TUN device
+ *
+ * @param mtu new MTU
+ * @return TRUE if operation successful
+ */
+ bool (*set_mtu)(tun_device_t *this, int mtu);
+
+ /**
+ * Get the current MTU for this TUN device
+ *
+ * @return current MTU
+ */
+ int (*get_mtu)(tun_device_t *this);
+
+ /**
+ * Get the interface name of this device
+ *
+ * @return interface name
+ */
+ char *(*get_name)(tun_device_t *this);
+
+ /**
+ * Destroy a tun_device_t
+ */
+ void (*destroy)(tun_device_t *this);
+
+};
+
+/**
+ * Create a TUN device using the given name template.
+ *
+ * @param name_tmpl name template, defaults to "tun%d" if not given
+ * @return TUN device
+ */
+tun_device_t *tun_device_create(const char *name_tmpl);
+
+#endif /** TUN_DEVICE_H_ @}*/