~mdw / secnet / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Import release 0.1.2
[secnet] / tun.c
1 #include "secnet.h"
2 #include "util.h"
3 #include "netlink.h"
4 #include <stdio.h>
5 #include <string.h>
6 #include <unistd.h>
7 #include <fcntl.h>
8 #include <sys/ioctl.h>
9
10 #ifdef HAVE_LINUX_IF_H
11 #include <linux/if.h>
12 #include <linux/if_tun.h>
13 #endif
14
15 /* XXX where do we find if_tun on other platforms? */
16
17 /* Connection to the kernel through the universal TUN/TAP driver */
18
19 struct tun {
20 struct netlink nl;
21 int fd;
22 string_t device_path;
23 string_t interface_name;
24 string_t ifconfig_path;
25 string_t route_path;
26 bool_t tun_old;
27 bool_t search_for_if; /* Applies to tun-old only */
28 struct buffer_if *buff; /* We receive packets into here
29 and send them to the netlink code. */
30 netlink_deliver_fn *netlink_to_tunnel;
31 };
32
33 static int tun_beforepoll(void *sst, struct pollfd *fds, int *nfds_io,
34 int *timeout_io, const struct timeval *tv_now,
35 uint64_t *now)
36 {
37 struct tun *st=sst;
38 *nfds_io=1;
39 fds[0].fd=st->fd;
40 fds[0].events=POLLIN|POLLERR|POLLHUP;
41 return 0;
42 }
43
44 static void tun_afterpoll(void *sst, struct pollfd *fds, int nfds,
45 const struct timeval *tv_now, uint64_t *now)
46 {
47 struct tun *st=sst;
48 int l;
49
50 if (fds[0].revents&POLLERR) {
51 printf("tun_afterpoll: hup!\n");
52 }
53 if (fds[0].revents&POLLIN) {
54 BUF_ALLOC(st->buff,"tun_afterpoll");
55 buffer_init(st->buff,st->nl.max_start_pad);
56 l=read(st->fd,st->buff->start,st->buff->len-st->nl.max_start_pad);
57 if (l<0) {
58 fatal_perror("tun_afterpoll: read()");
59 }
60 if (l==0) {
61 fatal("tun_afterpoll: read()=0; device gone away?\n");
62 }
63 if (l>0) {
64 st->buff->size=l;
65 st->netlink_to_tunnel(&st->nl,NULL,st->buff);
66 BUF_ASSERT_FREE(st->buff);
67 }
68 }
69 }
70
71 static void tun_deliver_to_kernel(void *sst, void *cid,
72 struct buffer_if *buf)
73 {
74 struct tun *st=sst;
75
76 BUF_ASSERT_USED(buf);
77
78 /* No error checking, because we'd just throw the packet away anyway */
79 write(st->fd,buf->start,buf->size);
80 BUF_FREE(buf);
81 }
82
83 static bool_t tun_set_route(void *sst, struct netlink_route *route)
84 {
85 struct tun *st=sst;
86 string_t network, mask, secnetaddr;
87
88 if (route->up != route->kup) {
89 network=ipaddr_to_string(route->net.prefix);
90 mask=ipaddr_to_string(route->net.mask);
91 secnetaddr=ipaddr_to_string(st->nl.secnet_address);
92 Message(M_INFO,"%s: %s route %s/%d %s kernel routing table\n",
93 st->nl.name,route->up?"adding":"deleting",network,
94 route->net.len,route->up?"to":"from");
95 sys_cmd(st->route_path,"route",route->up?"add":"del","-net",network,
96 "netmask",mask,"gw",secnetaddr,(char *)0);
97 free(network); free(mask); free(secnetaddr);
98 route->kup=route->up;
99 return True;
100 }
101 return False;
102 }
103
104 static void tun_phase_hook(void *sst, uint32_t newphase)
105 {
106 struct tun *st=sst;
107 string_t hostaddr,secnetaddr;
108 uint8_t mtu[6];
109 string_t network,mask;
110 struct netlink_route *r;
111 int i;
112
113 if (st->tun_old) {
114 if (st->search_for_if) {
115 string_t dname;
116 int i;
117
118 /* ASSERT st->interface_name */
119 dname=safe_malloc(strlen(st->device_path)+4,"tun_old_apply");
120 st->interface_name=safe_malloc(8,"tun_phase_hook");
121
122 for (i=0; i<255; i++) {
123 sprintf(dname,"%s%d",st->device_path,i);
124 if ((st->fd=open(dname,O_RDWR))>0) {
125 sprintf(st->interface_name,"tun%d",i);
126 Message(M_INFO,"%s: allocated network interface %s "
127 "through %s\n",st->nl.name,st->interface_name,
128 dname);
129 break;
130 }
131 }
132 if (st->fd==-1) {
133 fatal("%s: unable to open any TUN device (%s...)\n",
134 st->nl.name,st->device_path);
135 }
136 } else {
137 st->fd=open(st->device_path,O_RDWR);
138 if (st->fd==-1) {
139 fatal_perror("%s: unable to open TUN device file %s",
140 st->nl.name,st->device_path);
141 }
142 }
143 } else {
144 #ifdef HAVE_LINUX_IF_H
145 struct ifreq ifr;
146
147 /* New TUN interface: open the device, then do ioctl TUNSETIFF
148 to set or find out the network interface name. */
149 st->fd=open(st->device_path,O_RDWR);
150 if (st->fd==-1) {
151 fatal_perror("%s: can't open device file %s",st->nl.name,
152 st->device_path);
153 }
154 memset(&ifr,0,sizeof(ifr));
155 ifr.ifr_flags = IFF_TUN | IFF_NO_PI; /* Just send/receive IP packets,
156 no extra headers */
157 if (st->interface_name)
158 strncpy(ifr.ifr_name,st->interface_name,IFNAMSIZ);
159 Message(M_INFO,"%s: about to ioctl(TUNSETIFF)...\n",st->nl.name);
160 if (ioctl(st->fd,TUNSETIFF,&ifr)<0) {
161 fatal_perror("%s: ioctl(TUNSETIFF)",st->nl.name);
162 }
163 if (!st->interface_name) {
164 st->interface_name=safe_malloc(strlen(ifr.ifr_name)+1,"tun_apply");
165 strcpy(st->interface_name,ifr.ifr_name);
166 Message(M_INFO,"%s: allocated network interface %s\n",st->nl.name,
167 st->interface_name);
168 }
169 #else
170 fatal("netlink.c:tun_phase_hook:!tun_old unexpected\n");
171 #endif /* HAVE_LINUX_IF_H */
172 }
173 /* All the networks we'll be using have been registered. Invoke ifconfig
174 to set the TUN device's address, and route to add routes to all
175 our networks. */
176
177 hostaddr=ipaddr_to_string(st->nl.local_address);
178 secnetaddr=ipaddr_to_string(st->nl.secnet_address);
179 snprintf(mtu,6,"%d",st->nl.mtu);
180 mtu[5]=0;
181
182 sys_cmd(st->ifconfig_path,"ifconfig",st->interface_name,
183 hostaddr,"netmask","255.255.255.255","-broadcast",
184 "pointopoint",secnetaddr,"mtu",mtu,"up",(char *)0);
185
186 r=st->nl.routes;
187 for (i=0; i<st->nl.n_routes; i++) {
188 if (r[i].up && !r[i].kup) {
189 network=ipaddr_to_string(r[i].net.prefix);
190 mask=ipaddr_to_string(r[i].net.mask);
191 sys_cmd(st->route_path,"route","add","-net",network,
192 "netmask",mask,"gw",secnetaddr,(char *)0);
193 r[i].kup=True;
194 }
195 }
196
197 /* Register for poll() */
198 register_for_poll(st, tun_beforepoll, tun_afterpoll, 1, st->nl.name);
199 }
200
201 #ifdef HAVE_LINUX_IF_H
202 static list_t *tun_apply(closure_t *self, struct cloc loc, dict_t *context,
203 list_t *args)
204 {
205 struct tun *st;
206 item_t *item;
207 dict_t *dict;
208
209 st=safe_malloc(sizeof(*st),"tun_apply");
210
211 /* First parameter must be a dict */
212 item=list_elem(args,0);
213 if (!item || item->type!=t_dict)
214 cfgfatal(loc,"tun","parameter must be a dictionary\n");
215
216 dict=item->data.dict;
217
218 st->netlink_to_tunnel=
219 netlink_init(&st->nl,st,loc,dict,
220 "netlink-tun",tun_set_route,tun_deliver_to_kernel);
221
222 st->tun_old=False;
223 st->device_path=dict_read_string(dict,"device",False,"tun-netlink",loc);
224 st->interface_name=dict_read_string(dict,"interface",False,
225 "tun-netlink",loc);
226 st->ifconfig_path=dict_read_string(dict,"ifconfig-path",
227 False,"tun-netlink",loc);
228 st->route_path=dict_read_string(dict,"route-path",
229 False,"tun-netlink",loc);
230
231 if (!st->device_path) st->device_path="/dev/net/tun";
232 if (!st->ifconfig_path) st->ifconfig_path="ifconfig";
233 if (!st->route_path) st->route_path="route";
234 st->buff=find_cl_if(dict,"buffer",CL_BUFFER,True,"tun-netlink",loc);
235
236 add_hook(PHASE_GETRESOURCES,tun_phase_hook,st);
237
238 return new_closure(&st->nl.cl);
239 }
240 #endif /* HAVE_LINUX_IF_H */
241
242 static list_t *tun_old_apply(closure_t *self, struct cloc loc, dict_t *context,
243 list_t *args)
244 {
245 struct tun *st;
246 item_t *item;
247 dict_t *dict;
248
249 st=safe_malloc(sizeof(*st),"tun_old_apply");
250
251 Message(M_WARNING,"the tun-old code has never been tested. Please report "
252 "success or failure to steve@greenend.org.uk\n");
253
254 /* First parameter must be a dict */
255 item=list_elem(args,0);
256 if (!item || item->type!=t_dict)
257 cfgfatal(loc,"tun","parameter must be a dictionary\n");
258
259 dict=item->data.dict;
260
261 st->netlink_to_tunnel=
262 netlink_init(&st->nl,st,loc,dict,
263 "netlink-tun",NULL,tun_deliver_to_kernel);
264
265 st->tun_old=True;
266 st->device_path=dict_read_string(dict,"device",False,"tun-netlink",loc);
267 st->interface_name=dict_read_string(dict,"interface",False,
268 "tun-netlink",loc);
269 st->search_for_if=dict_read_bool(dict,"interface-search",False,
270 "tun-netlink",loc,st->device_path==NULL);
271 st->ifconfig_path=dict_read_string(dict,"ifconfig-path",False,
272 "tun-netlink",loc);
273 st->route_path=dict_read_string(dict,"route-path",False,"tun-netlink",loc);
274
275 if (!st->device_path) st->device_path="/dev/tun";
276 if (!st->ifconfig_path) st->ifconfig_path="ifconfig";
277 if (!st->route_path) st->route_path="route";
278 st->buff=find_cl_if(dict,"buffer",CL_BUFFER,True,"tun-netlink",loc);
279
280 /* Old TUN interface: the network interface name depends on which
281 /dev/tunX file we open. If 'interface-search' is set to true, treat
282 'device' as the prefix and try numbers from 0--255. If it's set
283 to false, treat 'device' as the whole name, and require than an
284 appropriate interface name be specified. */
285 if (st->search_for_if && st->interface_name) {
286 cfgfatal(loc,"tun-old","you may not specify an interface name "
287 "in interface-search mode\n");
288 }
289 if (!st->search_for_if && !st->interface_name) {
290 cfgfatal(loc,"tun-old","you must specify an interface name "
291 "when you explicitly specify a TUN device file\n");
292 }
293
294
295 add_hook(PHASE_GETRESOURCES,tun_phase_hook,st);
296
297 return new_closure(&st->nl.cl);
298 }
299
300 init_module tun_module;
301 void tun_module(dict_t *dict)
302 {
303 #ifdef HAVE_LINUX_IF_H
304 add_closure(dict,"tun",tun_apply);
305 #endif
306 add_closure(dict,"tun-old",tun_old_apply);
307 }
Secnet virtual private network: clone of http://www.chiark.greenend.org.uk/ucgi/~ian/git/secnet.git/