Annotation of embedaddon/strongswan/src/conftest/hooks/reset_seq.c, revision 1.1
1.1 ! misho 1: /*
! 2: * Copyright (C) 2010 Martin Willi
! 3: * Copyright (C) 2010 revosec AG
! 4: *
! 5: * This program is free software; you can redistribute it and/or modify it
! 6: * under the terms of the GNU General Public License as published by the
! 7: * Free Software Foundation; either version 2 of the License, or (at your
! 8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
! 9: *
! 10: * This program is distributed in the hope that it will be useful, but
! 11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
! 12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
! 13: * for more details.
! 14: */
! 15: /*
! 16: * Copyright (C) 2012 achelos GmbH
! 17: *
! 18: * Permission is hereby granted, free of charge, to any person obtaining a copy
! 19: * of this software and associated documentation files (the "Software"), to deal
! 20: * in the Software without restriction, including without limitation the rights
! 21: * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
! 22: * copies of the Software, and to permit persons to whom the Software is
! 23: * furnished to do so, subject to the following conditions:
! 24: *
! 25: * The above copyright notice and this permission notice shall be included in
! 26: * all copies or substantial portions of the Software.
! 27: *
! 28: * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
! 29: * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
! 30: * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
! 31: * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
! 32: * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
! 33: * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
! 34: * THE SOFTWARE.
! 35: */
! 36:
! 37: #include "hook.h"
! 38:
! 39: /* this hook is currently only supported on Linux (systems like FreeBSD don't
! 40: * actually provide an interface to change the sequence numbers of SAs) */
! 41: #ifdef __linux__
! 42:
! 43: #include <linux/xfrm.h>
! 44: #include <unistd.h>
! 45: #include <errno.h>
! 46:
! 47: #include <processing/jobs/callback_job.h>
! 48: #include <plugins/kernel_netlink/kernel_netlink_shared.h>
! 49:
! 50: #define XFRM_RTA(nlh, x) ((struct rtattr*)(NLMSG_DATA(nlh) + NLMSG_ALIGN(sizeof(x))))
! 51:
! 52: typedef struct private_reset_seq_t private_reset_seq_t;
! 53:
! 54: /**
! 55: * Private data of an reset_seq_t object.
! 56: */
! 57: struct private_reset_seq_t {
! 58:
! 59: /**
! 60: * Implements the hook_t interface.
! 61: */
! 62: hook_t hook;
! 63:
! 64: /**
! 65: * Delay for reset
! 66: */
! 67: int delay;
! 68:
! 69: /**
! 70: * Sequence number to set for outgoing packages
! 71: */
! 72: int oseq;
! 73: };
! 74:
! 75: typedef struct reset_cb_data_t reset_cb_data_t;
! 76:
! 77: /**
! 78: * Data needed for the callback job
! 79: */
! 80: struct reset_cb_data_t {
! 81:
! 82: /**
! 83: * The SA to modify
! 84: */
! 85: struct xfrm_usersa_id usersa;
! 86:
! 87: /**
! 88: * Sequence number to set for outgoing packages
! 89: */
! 90: int oseq;
! 91: };
! 92:
! 93: /**
! 94: * Callback job
! 95: */
! 96: static job_requeue_t reset_cb(struct reset_cb_data_t *data)
! 97: {
! 98: netlink_buf_t request;
! 99: struct nlmsghdr *hdr;
! 100: struct xfrm_aevent_id *id;
! 101: struct rtattr *rthdr;
! 102: struct xfrm_replay_state *rpstate;
! 103: struct sockaddr_nl addr;
! 104: int s, len;
! 105:
! 106: DBG1(DBG_CFG, "setting sequence number of SPI 0x%x to %d",
! 107: htonl(data->usersa.spi), data->oseq);
! 108:
! 109: memset(&request, 0, sizeof(request));
! 110:
! 111: hdr = &request.hdr;
! 112: hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK | NLM_F_REPLACE;
! 113: hdr->nlmsg_seq = 201;
! 114: hdr->nlmsg_pid = getpid();
! 115: hdr->nlmsg_type = XFRM_MSG_NEWAE;
! 116: hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_aevent_id));
! 117:
! 118: id = (struct xfrm_aevent_id*)NLMSG_DATA(hdr);
! 119: id->sa_id = data->usersa;
! 120:
! 121: rthdr = XFRM_RTA(hdr, struct xfrm_aevent_id);
! 122: rthdr->rta_type = XFRMA_REPLAY_VAL;
! 123: rthdr->rta_len = RTA_LENGTH(sizeof(struct xfrm_replay_state));
! 124: hdr->nlmsg_len += rthdr->rta_len;
! 125:
! 126: /* xfrm_replay_state is the structure the kernel uses for
! 127: * replay detection, and the oseq element contains the
! 128: * sequence number for outgoing packets. Currently, this
! 129: * function sets the other elements seq (records the number of
! 130: * incoming packets) and bitmask to zero, but they could be
! 131: * adjusted in the same way as oseq if required. */
! 132: rpstate = (struct xfrm_replay_state*)RTA_DATA(rthdr);
! 133: rpstate->oseq = data->oseq;
! 134:
! 135: s = socket(AF_NETLINK, SOCK_RAW, NETLINK_XFRM);
! 136: if (s == -1)
! 137: {
! 138: DBG1(DBG_CFG, "opening XFRM socket failed: %s", strerror(errno));
! 139: return JOB_REQUEUE_NONE;
! 140: }
! 141: memset(&addr, 0, sizeof(addr));
! 142: addr.nl_family = AF_NETLINK;
! 143: len = sendto(s, hdr, hdr->nlmsg_len, 0,
! 144: (struct sockaddr*)&addr, sizeof(addr));
! 145: if (len != hdr->nlmsg_len)
! 146: {
! 147: DBG1(DBG_CFG, "sending XFRM aevent failed: %s", strerror(errno));
! 148: }
! 149: close(s);
! 150: return JOB_REQUEUE_NONE;
! 151: }
! 152:
! 153: /**
! 154: * Schedule sequence number reset job
! 155: */
! 156: static void schedule_reset_job(private_reset_seq_t *this, host_t *dst,
! 157: uint32_t spi)
! 158: {
! 159: struct reset_cb_data_t *data;
! 160: chunk_t chunk;
! 161:
! 162: INIT(data,
! 163: .usersa = {
! 164: .spi = spi,
! 165: .family = dst->get_family(dst),
! 166: .proto = IPPROTO_ESP,
! 167: },
! 168: .oseq = this->oseq,
! 169: );
! 170:
! 171: chunk = dst->get_address(dst);
! 172: memcpy(&data->usersa.daddr, chunk.ptr,
! 173: min(chunk.len, sizeof(xfrm_address_t)));
! 174:
! 175: lib->scheduler->schedule_job(lib->scheduler,
! 176: (job_t*)callback_job_create(
! 177: (void*)reset_cb, data, (void*)free, NULL),
! 178: this->delay);
! 179: }
! 180:
! 181: METHOD(listener_t, child_updown, bool,
! 182: private_reset_seq_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa,
! 183: bool up)
! 184: {
! 185: if (up)
! 186: {
! 187: schedule_reset_job(this, ike_sa->get_other_host(ike_sa),
! 188: child_sa->get_spi(child_sa, FALSE));
! 189: }
! 190: return TRUE;
! 191: }
! 192:
! 193: METHOD(hook_t, destroy, void,
! 194: private_reset_seq_t *this)
! 195: {
! 196: free(this);
! 197: }
! 198:
! 199: /**
! 200: * Create the IKE_AUTH fill hook
! 201: */
! 202: hook_t *reset_seq_hook_create(char *name)
! 203: {
! 204: private_reset_seq_t *this;
! 205:
! 206: INIT(this,
! 207: .hook = {
! 208: .listener = {
! 209: .child_updown = _child_updown,
! 210: },
! 211: .destroy = _destroy,
! 212: },
! 213: .delay = conftest->test->get_int(conftest->test,
! 214: "hooks.%s.delay", 10, name),
! 215: .oseq = conftest->test->get_int(conftest->test,
! 216: "hooks.%s.oseq", 0, name),
! 217: );
! 218:
! 219: return &this->hook;
! 220: }
! 221:
! 222: #endif /* __linux__ */
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to reset_seq.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / conftest / hooks