mukesh agrawal | ddc378f | 2012-02-17 18:26:20 -0800 | [diff] [blame] | 1 | // Copyright (c) 2012 The Chromium OS Authors. All rights reserved. |
Paul Stewart | dd60e45 | 2011-08-08 11:38:36 -0700 | [diff] [blame] | 2 | // Use of this source code is governed by a BSD-style license that can be |
| 3 | // found in the LICENSE file. |
| 4 | |
| 5 | #include "shill/connection.h" |
| 6 | |
Paul Stewart | 9a90808 | 2011-08-31 12:18:48 -0700 | [diff] [blame] | 7 | #include <arpa/inet.h> |
| 8 | #include <linux/rtnetlink.h> |
| 9 | |
| 10 | #include "shill/device_info.h" |
Christopher Wiley | b691efd | 2012-08-09 13:51:51 -0700 | [diff] [blame] | 11 | #include "shill/logging.h" |
Paul Stewart | dd60e45 | 2011-08-08 11:38:36 -0700 | [diff] [blame] | 12 | #include "shill/resolver.h" |
| 13 | #include "shill/routing_table.h" |
| 14 | #include "shill/rtnl_handler.h" |
| 15 | |
Darin Petkov | 13e6d55 | 2012-05-09 14:22:23 +0200 | [diff] [blame] | 16 | using base::Bind; |
| 17 | using base::Closure; |
| 18 | using base::Unretained; |
| 19 | using std::deque; |
Paul Stewart | dd60e45 | 2011-08-08 11:38:36 -0700 | [diff] [blame] | 20 | using std::string; |
Paul Stewart | d62d603 | 2012-09-11 11:35:49 -0700 | [diff] [blame] | 21 | using std::vector; |
Paul Stewart | dd60e45 | 2011-08-08 11:38:36 -0700 | [diff] [blame] | 22 | |
| 23 | namespace shill { |
| 24 | |
| 25 | // static |
| 26 | const uint32 Connection::kDefaultMetric = 1; |
| 27 | // static |
Paul Stewart | 7cfca04 | 2011-12-08 14:18:17 -0800 | [diff] [blame] | 28 | const uint32 Connection::kNonDefaultMetricBase = 10; |
Paul Stewart | dd60e45 | 2011-08-08 11:38:36 -0700 | [diff] [blame] | 29 | |
Darin Petkov | 13e6d55 | 2012-05-09 14:22:23 +0200 | [diff] [blame] | 30 | Connection::Binder::Binder(const string &name, |
| 31 | const Closure &disconnect_callback) |
| 32 | : name_(name), |
Darin Petkov | 13e6d55 | 2012-05-09 14:22:23 +0200 | [diff] [blame] | 33 | client_disconnect_callback_(disconnect_callback) {} |
| 34 | |
| 35 | Connection::Binder::~Binder() { |
| 36 | Attach(NULL); |
| 37 | } |
| 38 | |
Darin Petkov | ef1f9fe | 2012-05-11 16:51:52 +0200 | [diff] [blame] | 39 | void Connection::Binder::Attach(const ConnectionRefPtr &to_connection) { |
Darin Petkov | 13e6d55 | 2012-05-09 14:22:23 +0200 | [diff] [blame] | 40 | if (connection_) { |
| 41 | connection_->DetachBinder(this); |
| 42 | LOG(INFO) << name_ << ": unbound from connection: " |
| 43 | << connection_->interface_name(); |
Darin Petkov | ef1f9fe | 2012-05-11 16:51:52 +0200 | [diff] [blame] | 44 | connection_.reset(); |
Darin Petkov | 13e6d55 | 2012-05-09 14:22:23 +0200 | [diff] [blame] | 45 | } |
Darin Petkov | ef1f9fe | 2012-05-11 16:51:52 +0200 | [diff] [blame] | 46 | if (to_connection) { |
| 47 | connection_ = to_connection->weak_ptr_factory_.GetWeakPtr(); |
Darin Petkov | 13e6d55 | 2012-05-09 14:22:23 +0200 | [diff] [blame] | 48 | connection_->AttachBinder(this); |
| 49 | LOG(INFO) << name_ << ": bound to connection: " |
| 50 | << connection_->interface_name(); |
| 51 | } |
| 52 | } |
| 53 | |
| 54 | void Connection::Binder::OnDisconnect() { |
| 55 | LOG(INFO) << name_ << ": bound connection disconnected: " |
| 56 | << connection_->interface_name(); |
Darin Petkov | ef1f9fe | 2012-05-11 16:51:52 +0200 | [diff] [blame] | 57 | connection_.reset(); |
Darin Petkov | 13e6d55 | 2012-05-09 14:22:23 +0200 | [diff] [blame] | 58 | if (!client_disconnect_callback_.is_null()) { |
| 59 | SLOG(Connection, 2) << "Running client disconnect callback."; |
| 60 | client_disconnect_callback_.Run(); |
| 61 | } |
| 62 | } |
| 63 | |
Paul Stewart | 9a90808 | 2011-08-31 12:18:48 -0700 | [diff] [blame] | 64 | Connection::Connection(int interface_index, |
| 65 | const std::string& interface_name, |
Paul Stewart | e00600e | 2012-03-16 07:08:00 -0700 | [diff] [blame] | 66 | Technology::Identifier technology, |
mukesh agrawal | 23ac6b7 | 2013-01-31 18:52:37 -0800 | [diff] [blame] | 67 | const DeviceInfo *device_info) |
Darin Petkov | 13e6d55 | 2012-05-09 14:22:23 +0200 | [diff] [blame] | 68 | : weak_ptr_factory_(this), |
| 69 | is_default_(false), |
Paul Stewart | 4a6748d | 2012-07-17 14:31:36 -0700 | [diff] [blame] | 70 | has_broadcast_domain_(false), |
Paul Stewart | c8f4bef | 2011-12-13 09:45:51 -0800 | [diff] [blame] | 71 | routing_request_count_(0), |
Paul Stewart | dd60e45 | 2011-08-08 11:38:36 -0700 | [diff] [blame] | 72 | interface_index_(interface_index), |
| 73 | interface_name_(interface_name), |
Paul Stewart | e00600e | 2012-03-16 07:08:00 -0700 | [diff] [blame] | 74 | technology_(technology), |
Paul Stewart | 4a6748d | 2012-07-17 14:31:36 -0700 | [diff] [blame] | 75 | local_(IPAddress::kFamilyUnknown), |
| 76 | gateway_(IPAddress::kFamilyUnknown), |
Darin Petkov | 13e6d55 | 2012-05-09 14:22:23 +0200 | [diff] [blame] | 77 | lower_binder_( |
| 78 | interface_name_, |
| 79 | // Connection owns a single instance of |lower_binder_| so it's safe |
| 80 | // to use an Unretained callback. |
| 81 | Bind(&Connection::OnLowerDisconnect, Unretained(this))), |
Paul Stewart | 9a90808 | 2011-08-31 12:18:48 -0700 | [diff] [blame] | 82 | device_info_(device_info), |
Paul Stewart | dd60e45 | 2011-08-08 11:38:36 -0700 | [diff] [blame] | 83 | resolver_(Resolver::GetInstance()), |
| 84 | routing_table_(RoutingTable::GetInstance()), |
| 85 | rtnl_handler_(RTNLHandler::GetInstance()) { |
Ben Chan | fad4a0b | 2012-04-18 15:49:59 -0700 | [diff] [blame] | 86 | SLOG(Connection, 2) << __func__ << "(" << interface_index << ", " |
| 87 | << interface_name << ", " |
| 88 | << Technology::NameFromIdentifier(technology) << ")"; |
Paul Stewart | dd60e45 | 2011-08-08 11:38:36 -0700 | [diff] [blame] | 89 | } |
| 90 | |
| 91 | Connection::~Connection() { |
Ben Chan | fad4a0b | 2012-04-18 15:49:59 -0700 | [diff] [blame] | 92 | SLOG(Connection, 2) << __func__ << " " << interface_name_; |
Paul Stewart | 9a90808 | 2011-08-31 12:18:48 -0700 | [diff] [blame] | 93 | |
Darin Petkov | 13e6d55 | 2012-05-09 14:22:23 +0200 | [diff] [blame] | 94 | NotifyBindersOnDisconnect(); |
| 95 | |
Paul Stewart | c8f4bef | 2011-12-13 09:45:51 -0800 | [diff] [blame] | 96 | DCHECK(!routing_request_count_); |
Thieu Le | fb46caf | 2012-03-08 11:57:15 -0800 | [diff] [blame] | 97 | routing_table_->FlushRoutes(interface_index_); |
Paul Stewart | e93b038 | 2012-04-24 13:11:28 -0700 | [diff] [blame] | 98 | routing_table_->FlushRoutesWithTag(interface_index_); |
Paul Stewart | 9a90808 | 2011-08-31 12:18:48 -0700 | [diff] [blame] | 99 | device_info_->FlushAddresses(interface_index_); |
Paul Stewart | dd60e45 | 2011-08-08 11:38:36 -0700 | [diff] [blame] | 100 | } |
| 101 | |
| 102 | void Connection::UpdateFromIPConfig(const IPConfigRefPtr &config) { |
Ben Chan | fad4a0b | 2012-04-18 15:49:59 -0700 | [diff] [blame] | 103 | SLOG(Connection, 2) << __func__ << " " << interface_name_; |
Paul Stewart | e613202 | 2011-08-16 09:11:02 -0700 | [diff] [blame] | 104 | |
Paul Stewart | 9a90808 | 2011-08-31 12:18:48 -0700 | [diff] [blame] | 105 | const IPConfig::Properties &properties = config->properties(); |
Paul Stewart | 73fcc3f | 2013-02-25 12:16:53 -0800 | [diff] [blame] | 106 | IPAddress gateway(properties.address_family); |
| 107 | if (!properties.gateway.empty() && |
| 108 | !gateway.SetAddressFromString(properties.gateway)) { |
| 109 | LOG(ERROR) << "Gateway address " << properties.gateway << " is invalid"; |
Paul Stewart | e93b038 | 2012-04-24 13:11:28 -0700 | [diff] [blame] | 110 | return; |
| 111 | } |
| 112 | |
Paul Stewart | 73fcc3f | 2013-02-25 12:16:53 -0800 | [diff] [blame] | 113 | IPAddress trusted_ip(properties.address_family); |
| 114 | if (!properties.trusted_ip.empty()) { |
| 115 | if (!trusted_ip.SetAddressFromString(properties.trusted_ip)) { |
| 116 | LOG(ERROR) << "Trusted IP address " |
| 117 | << properties.trusted_ip << " is invalid"; |
| 118 | return; |
| 119 | } |
| 120 | if (!PinHostRoute(trusted_ip, gateway)) { |
| 121 | LOG(ERROR) << "Unable to pin host route to " << properties.trusted_ip; |
| 122 | return; |
| 123 | } |
| 124 | } |
| 125 | |
Paul Stewart | 9a90808 | 2011-08-31 12:18:48 -0700 | [diff] [blame] | 126 | IPAddress local(properties.address_family); |
| 127 | if (!local.SetAddressFromString(properties.address)) { |
| 128 | LOG(ERROR) << "Local address " << properties.address << " is invalid"; |
| 129 | return; |
| 130 | } |
Paul Stewart | 48100b0 | 2012-03-19 07:53:52 -0700 | [diff] [blame] | 131 | local.set_prefix(properties.subnet_prefix); |
Paul Stewart | 9a90808 | 2011-08-31 12:18:48 -0700 | [diff] [blame] | 132 | |
| 133 | IPAddress broadcast(properties.address_family); |
Paul Stewart | 1062d9d | 2012-04-27 10:42:27 -0700 | [diff] [blame] | 134 | if (properties.broadcast_address.empty()) { |
Paul Stewart | fe1c0e1 | 2012-04-30 19:57:04 -0700 | [diff] [blame] | 135 | if (properties.peer_address.empty()) { |
Paul Stewart | 1062d9d | 2012-04-27 10:42:27 -0700 | [diff] [blame] | 136 | LOG(WARNING) << "Broadcast address is not set. Using default."; |
Paul Stewart | fe1c0e1 | 2012-04-30 19:57:04 -0700 | [diff] [blame] | 137 | broadcast = local.GetDefaultBroadcast(); |
Paul Stewart | 1062d9d | 2012-04-27 10:42:27 -0700 | [diff] [blame] | 138 | } |
| 139 | } else if (!broadcast.SetAddressFromString(properties.broadcast_address)) { |
Paul Stewart | 9a90808 | 2011-08-31 12:18:48 -0700 | [diff] [blame] | 140 | LOG(ERROR) << "Broadcast address " << properties.broadcast_address |
| 141 | << " is invalid"; |
| 142 | return; |
| 143 | } |
| 144 | |
Paul Stewart | 48100b0 | 2012-03-19 07:53:52 -0700 | [diff] [blame] | 145 | IPAddress peer(properties.address_family); |
| 146 | if (!properties.peer_address.empty() && |
| 147 | !peer.SetAddressFromString(properties.peer_address)) { |
| 148 | LOG(ERROR) << "Peer address " << properties.peer_address |
| 149 | << " is invalid"; |
| 150 | return; |
| 151 | } |
| 152 | |
Paul Stewart | 73fcc3f | 2013-02-25 12:16:53 -0800 | [diff] [blame] | 153 | if (!FixGatewayReachability(&local, &peer, &gateway, trusted_ip)) { |
Paul Stewart | 53a3038 | 2012-04-26 09:06:59 -0700 | [diff] [blame] | 154 | LOG(WARNING) << "Expect limited network connectivity."; |
| 155 | } |
Paul Stewart | 5b7ba8c | 2012-04-18 09:08:00 -0700 | [diff] [blame] | 156 | |
Paul Stewart | 05a42c2 | 2012-08-02 16:47:21 -0700 | [diff] [blame] | 157 | if (device_info_->HasOtherAddress(interface_index_, local)) { |
| 158 | // The address has changed for this interface. We need to flush |
| 159 | // everything and start over. |
| 160 | LOG(INFO) << __func__ << ": Flushing old addresses and routes."; |
| 161 | routing_table_->FlushRoutes(interface_index_); |
| 162 | device_info_->FlushAddresses(interface_index_); |
| 163 | } |
| 164 | |
Paul Stewart | e78ec54 | 2012-06-08 18:28:50 -0700 | [diff] [blame] | 165 | LOG(INFO) << __func__ << ": Installing with parameters:" |
| 166 | << " local=" << local.ToString() |
| 167 | << " broadcast=" << broadcast.ToString() |
| 168 | << " peer=" << peer.ToString() |
| 169 | << " gateway=" << gateway.ToString(); |
Paul Stewart | 48100b0 | 2012-03-19 07:53:52 -0700 | [diff] [blame] | 170 | rtnl_handler_->AddInterfaceAddress(interface_index_, local, broadcast, peer); |
Paul Stewart | dd60e45 | 2011-08-08 11:38:36 -0700 | [diff] [blame] | 171 | |
Paul Stewart | e78ec54 | 2012-06-08 18:28:50 -0700 | [diff] [blame] | 172 | if (gateway.IsValid()) { |
| 173 | routing_table_->SetDefaultRoute(interface_index_, gateway, |
Paul Stewart | 5b7ba8c | 2012-04-18 09:08:00 -0700 | [diff] [blame] | 174 | GetMetric(is_default_)); |
Paul Stewart | 5b7ba8c | 2012-04-18 09:08:00 -0700 | [diff] [blame] | 175 | } |
Paul Stewart | dd60e45 | 2011-08-08 11:38:36 -0700 | [diff] [blame] | 176 | |
Paul Stewart | 3f68bb1 | 2012-03-15 13:33:10 -0700 | [diff] [blame] | 177 | // Install any explicitly configured routes at the default metric. |
| 178 | routing_table_->ConfigureRoutes(interface_index_, config, kDefaultMetric); |
| 179 | |
Ben Chan | a016312 | 2012-09-25 15:10:52 -0700 | [diff] [blame] | 180 | if (properties.blackhole_ipv6) { |
| 181 | routing_table_->CreateBlackholeRoute(interface_index_, |
| 182 | IPAddress::kFamilyIPv6, |
| 183 | kDefaultMetric); |
| 184 | } |
| 185 | |
Paul Stewart | d62d603 | 2012-09-11 11:35:49 -0700 | [diff] [blame] | 186 | // Save a copy of the last non-null DNS config. |
Paul Stewart | dd60e45 | 2011-08-08 11:38:36 -0700 | [diff] [blame] | 187 | if (!config->properties().dns_servers.empty()) { |
| 188 | dns_servers_ = config->properties().dns_servers; |
Paul Stewart | d62d603 | 2012-09-11 11:35:49 -0700 | [diff] [blame] | 189 | } |
| 190 | |
| 191 | if (!config->properties().domain_search.empty()) { |
Paul Stewart | dd60e45 | 2011-08-08 11:38:36 -0700 | [diff] [blame] | 192 | dns_domain_search_ = config->properties().domain_search; |
Paul Stewart | d62d603 | 2012-09-11 11:35:49 -0700 | [diff] [blame] | 193 | } |
| 194 | |
| 195 | if (!config->properties().domain_name.empty()) { |
| 196 | dns_domain_name_ = config->properties().domain_name; |
Paul Stewart | dd60e45 | 2011-08-08 11:38:36 -0700 | [diff] [blame] | 197 | } |
| 198 | |
Paul Stewart | 10241e3 | 2012-04-23 18:15:06 -0700 | [diff] [blame] | 199 | ipconfig_rpc_identifier_ = config->GetRpcIdentifier(); |
| 200 | |
Paul Stewart | dd60e45 | 2011-08-08 11:38:36 -0700 | [diff] [blame] | 201 | if (is_default_) { |
Paul Stewart | 6f65c0b | 2012-09-11 14:57:32 -0700 | [diff] [blame] | 202 | PushDNSConfig(); |
Paul Stewart | dd60e45 | 2011-08-08 11:38:36 -0700 | [diff] [blame] | 203 | } |
Paul Stewart | 4a6748d | 2012-07-17 14:31:36 -0700 | [diff] [blame] | 204 | |
| 205 | local_ = local; |
| 206 | gateway_ = gateway; |
| 207 | has_broadcast_domain_ = !peer.IsValid(); |
Paul Stewart | dd60e45 | 2011-08-08 11:38:36 -0700 | [diff] [blame] | 208 | } |
| 209 | |
Paul Stewart | c1dec4d | 2011-12-08 15:25:28 -0800 | [diff] [blame] | 210 | void Connection::SetIsDefault(bool is_default) { |
Ben Chan | fad4a0b | 2012-04-18 15:49:59 -0700 | [diff] [blame] | 211 | SLOG(Connection, 2) << __func__ << " " << interface_name_ |
| 212 | << " (index " << interface_index_ << ") " |
| 213 | << is_default_ << " -> " << is_default; |
Paul Stewart | dd60e45 | 2011-08-08 11:38:36 -0700 | [diff] [blame] | 214 | if (is_default == is_default_) { |
| 215 | return; |
| 216 | } |
| 217 | |
Paul Stewart | 7cfca04 | 2011-12-08 14:18:17 -0800 | [diff] [blame] | 218 | routing_table_->SetDefaultMetric(interface_index_, GetMetric(is_default)); |
Paul Stewart | dd60e45 | 2011-08-08 11:38:36 -0700 | [diff] [blame] | 219 | |
Paul Stewart | c681fa0 | 2012-03-02 19:40:04 -0800 | [diff] [blame] | 220 | is_default_ = is_default; |
| 221 | |
Paul Stewart | dd60e45 | 2011-08-08 11:38:36 -0700 | [diff] [blame] | 222 | if (is_default) { |
Paul Stewart | 6f65c0b | 2012-09-11 14:57:32 -0700 | [diff] [blame] | 223 | PushDNSConfig(); |
Paul Stewart | c681fa0 | 2012-03-02 19:40:04 -0800 | [diff] [blame] | 224 | DeviceRefPtr device = device_info_->GetDevice(interface_index_); |
| 225 | if (device) { |
| 226 | device->RequestPortalDetection(); |
| 227 | } |
Paul Stewart | dd60e45 | 2011-08-08 11:38:36 -0700 | [diff] [blame] | 228 | } |
Paul Stewart | e78ec54 | 2012-06-08 18:28:50 -0700 | [diff] [blame] | 229 | routing_table_->FlushCache(); |
Paul Stewart | dd60e45 | 2011-08-08 11:38:36 -0700 | [diff] [blame] | 230 | } |
| 231 | |
Paul Stewart | 6f65c0b | 2012-09-11 14:57:32 -0700 | [diff] [blame] | 232 | void Connection::PushDNSConfig() { |
| 233 | vector<string> domain_search = dns_domain_search_; |
| 234 | if (domain_search.empty() && !dns_domain_name_.empty()) { |
| 235 | SLOG(Connection, 2) << "Setting domain search to domain name " |
| 236 | << dns_domain_name_; |
| 237 | domain_search.push_back(dns_domain_name_ + "."); |
| 238 | } |
mukesh agrawal | 23ac6b7 | 2013-01-31 18:52:37 -0800 | [diff] [blame] | 239 | resolver_->SetDNSFromLists(dns_servers_, domain_search); |
Paul Stewart | 6f65c0b | 2012-09-11 14:57:32 -0700 | [diff] [blame] | 240 | } |
| 241 | |
Paul Stewart | c8f4bef | 2011-12-13 09:45:51 -0800 | [diff] [blame] | 242 | void Connection::RequestRouting() { |
| 243 | if (routing_request_count_++ == 0) { |
| 244 | DeviceRefPtr device = device_info_->GetDevice(interface_index_); |
| 245 | DCHECK(device.get()); |
| 246 | if (!device.get()) { |
| 247 | LOG(ERROR) << "Device is NULL!"; |
| 248 | return; |
| 249 | } |
| 250 | device->DisableReversePathFilter(); |
| 251 | } |
| 252 | } |
| 253 | |
| 254 | void Connection::ReleaseRouting() { |
| 255 | DCHECK(routing_request_count_ > 0); |
| 256 | if (--routing_request_count_ == 0) { |
| 257 | DeviceRefPtr device = device_info_->GetDevice(interface_index_); |
| 258 | DCHECK(device.get()); |
| 259 | if (!device.get()) { |
| 260 | LOG(ERROR) << "Device is NULL!"; |
| 261 | return; |
| 262 | } |
| 263 | device->EnableReversePathFilter(); |
| 264 | |
| 265 | // Clear any cached routes that might have accumulated while reverse-path |
| 266 | // filtering was disabled. |
| 267 | routing_table_->FlushCache(); |
| 268 | } |
| 269 | } |
| 270 | |
Paul Stewart | f748a36 | 2012-03-07 12:01:20 -0800 | [diff] [blame] | 271 | bool Connection::RequestHostRoute(const IPAddress &address) { |
| 272 | // Set the prefix to be the entire address size. |
| 273 | IPAddress address_prefix(address); |
| 274 | address_prefix.set_prefix(address_prefix.GetLength() * 8); |
| 275 | |
Darin Petkov | 13e6d55 | 2012-05-09 14:22:23 +0200 | [diff] [blame] | 276 | // Do not set interface_index_ since this may not be the default route through |
| 277 | // which this destination can be found. However, we should tag the created |
| 278 | // route with our interface index so we can clean this route up when this |
| 279 | // connection closes. Also, add route query callback to determine the lower |
| 280 | // connection and bind to it. |
| 281 | if (!routing_table_->RequestRouteToHost( |
| 282 | address_prefix, |
| 283 | -1, |
| 284 | interface_index_, |
Darin Petkov | 5eb0542 | 2012-05-11 15:45:25 +0200 | [diff] [blame] | 285 | Bind(&Connection::OnRouteQueryResponse, |
| 286 | weak_ptr_factory_.GetWeakPtr()))) { |
Paul Stewart | f748a36 | 2012-03-07 12:01:20 -0800 | [diff] [blame] | 287 | LOG(ERROR) << "Could not request route to " << address.ToString(); |
| 288 | return false; |
| 289 | } |
| 290 | |
| 291 | return true; |
| 292 | } |
| 293 | |
Paul Stewart | 5b7ba8c | 2012-04-18 09:08:00 -0700 | [diff] [blame] | 294 | // static |
Paul Stewart | 53a3038 | 2012-04-26 09:06:59 -0700 | [diff] [blame] | 295 | bool Connection::FixGatewayReachability(IPAddress *local, |
Paul Stewart | 4925829 | 2012-05-26 06:37:14 -0700 | [diff] [blame] | 296 | IPAddress *peer, |
Paul Stewart | 73fcc3f | 2013-02-25 12:16:53 -0800 | [diff] [blame] | 297 | IPAddress *gateway, |
| 298 | const IPAddress &trusted_ip) { |
| 299 | if (!gateway->IsValid()) { |
Paul Stewart | 53a3038 | 2012-04-26 09:06:59 -0700 | [diff] [blame] | 300 | LOG(WARNING) << "No gateway address was provided for this connection."; |
| 301 | return false; |
| 302 | } |
| 303 | |
Paul Stewart | 4925829 | 2012-05-26 06:37:14 -0700 | [diff] [blame] | 304 | if (peer->IsValid()) { |
Paul Stewart | 73fcc3f | 2013-02-25 12:16:53 -0800 | [diff] [blame] | 305 | if (!gateway->Equals(*peer)) { |
| 306 | LOG(WARNING) << "Gateway address " |
| 307 | << gateway->ToString() |
| 308 | << " does not match peer address " |
| 309 | << peer->ToString(); |
| 310 | return false; |
Paul Stewart | 53a3038 | 2012-04-26 09:06:59 -0700 | [diff] [blame] | 311 | } |
Paul Stewart | 73fcc3f | 2013-02-25 12:16:53 -0800 | [diff] [blame] | 312 | if (gateway->Equals(trusted_ip)) { |
| 313 | // In order to send outgoing traffic in a point-to-point network, |
| 314 | // the gateway IP address isn't of significance. As opposed to |
| 315 | // broadcast networks, we never ARP for the gateway IP address, |
| 316 | // but just send the IP packet addressed to the recipient. As |
| 317 | // such, since using the external trusted IP address as the |
| 318 | // gateway or peer wreaks havoc on the routing rules, we choose |
| 319 | // not to supply a gateway address. Here's an example: |
| 320 | // |
| 321 | // Client <-> Internet <-> VPN Gateway <-> Internal Network |
| 322 | // 192.168.1.2 10.0.1.25 172.16.5.0/24 |
| 323 | // |
| 324 | // In this example, a client connects to a VPN gateway on its |
| 325 | // public IP address 10.0.1.25. It gets issued an IP address |
| 326 | // from the VPN internal pool. For some VPN gateways, this |
| 327 | // results in a pushed-down PPP configuration which specifies: |
| 328 | // |
| 329 | // Client local address: 172.16.5.13 |
| 330 | // Client peer address: 10.0.1.25 |
| 331 | // Client default gateway: 10.0.1.25 |
| 332 | // |
| 333 | // If we take this literally, we need to resolve the fact that |
| 334 | // 10.0.1.25 is now listed as the default gateway and interface |
| 335 | // peer address for the point-to-point interface. However, in |
| 336 | // order to route tunneled packets to the VPN gateway we must |
| 337 | // use the external route through the physical interface and |
| 338 | // not the tunnel, or else we end up in an infinite loop |
| 339 | // re-entering the tunnel trying to route towards the VPN server. |
| 340 | // |
| 341 | // We can do this by pinning a route, but we would need to wait |
| 342 | // for the pinning process to complete before assigning this |
| 343 | // address. Currently this process is asynchronous and will |
| 344 | // complete only after returning to the event loop. Additionally, |
| 345 | // since there's no metric associated with assigning an address |
| 346 | // to an interface, it's always possible that having the peer |
| 347 | // address of the interface might still trump a host route. |
| 348 | // |
| 349 | // To solve this problem, we reset the peer and gateway |
| 350 | // addresses. Neither is required in order to perform the |
| 351 | // underlying routing task. A gateway route can be specified |
| 352 | // without an IP endpoint on point-to-point links, and simply |
| 353 | // specify the outbound interface index. Similarly, a peer |
| 354 | // IP address is not necessary either, and will be assigned |
| 355 | // the same IP address as the local IP. This approach |
| 356 | // simplifies routing and doesn't change the desired |
| 357 | // functional behavior. |
| 358 | // |
| 359 | LOG(INFO) << "Removing gateway and peer addresses to preserve " |
| 360 | << "routability to trusted IP address."; |
| 361 | peer->SetAddressToDefault(); |
| 362 | gateway->SetAddressToDefault(); |
| 363 | } |
| 364 | return true; |
Paul Stewart | 53a3038 | 2012-04-26 09:06:59 -0700 | [diff] [blame] | 365 | } |
| 366 | |
Paul Stewart | 73fcc3f | 2013-02-25 12:16:53 -0800 | [diff] [blame] | 367 | if (local->CanReachAddress(*gateway)) { |
Paul Stewart | 53a3038 | 2012-04-26 09:06:59 -0700 | [diff] [blame] | 368 | return true; |
Paul Stewart | 5b7ba8c | 2012-04-18 09:08:00 -0700 | [diff] [blame] | 369 | } |
| 370 | |
| 371 | LOG(WARNING) << "Gateway " |
Paul Stewart | 73fcc3f | 2013-02-25 12:16:53 -0800 | [diff] [blame] | 372 | << gateway->ToString() |
Paul Stewart | 5b7ba8c | 2012-04-18 09:08:00 -0700 | [diff] [blame] | 373 | << " is unreachable from local address/prefix " |
| 374 | << local->ToString() << "/" << local->prefix(); |
| 375 | |
Paul Stewart | 2aa5d7d | 2012-06-21 22:16:54 -0700 | [diff] [blame] | 376 | bool found_new_prefix = false; |
Paul Stewart | 5b7ba8c | 2012-04-18 09:08:00 -0700 | [diff] [blame] | 377 | size_t original_prefix = local->prefix(); |
Paul Stewart | 2aa5d7d | 2012-06-21 22:16:54 -0700 | [diff] [blame] | 378 | // Only try to expand the netmask if the configured prefix is |
| 379 | // less than "all ones". This special-cases the "all-ones" |
| 380 | // prefix as a forced conversion to point-to-point networking. |
| 381 | if (local->prefix() < IPAddress::GetMaxPrefixLength(local->family())) { |
| 382 | size_t prefix = original_prefix - 1; |
| 383 | for (; prefix >= local->GetMinPrefixLength(); --prefix) { |
| 384 | local->set_prefix(prefix); |
Paul Stewart | 73fcc3f | 2013-02-25 12:16:53 -0800 | [diff] [blame] | 385 | if (local->CanReachAddress(*gateway)) { |
Paul Stewart | 2aa5d7d | 2012-06-21 22:16:54 -0700 | [diff] [blame] | 386 | found_new_prefix = true; |
| 387 | break; |
| 388 | } |
Paul Stewart | 5b7ba8c | 2012-04-18 09:08:00 -0700 | [diff] [blame] | 389 | } |
| 390 | } |
| 391 | |
Paul Stewart | 2aa5d7d | 2012-06-21 22:16:54 -0700 | [diff] [blame] | 392 | if (!found_new_prefix) { |
Paul Stewart | 5b7ba8c | 2012-04-18 09:08:00 -0700 | [diff] [blame] | 393 | // Restore the original prefix since we cannot find a better one. |
| 394 | local->set_prefix(original_prefix); |
Paul Stewart | 4925829 | 2012-05-26 06:37:14 -0700 | [diff] [blame] | 395 | DCHECK(!peer->IsValid()); |
| 396 | LOG(WARNING) << "Assuming point-to-point configuration."; |
Paul Stewart | 73fcc3f | 2013-02-25 12:16:53 -0800 | [diff] [blame] | 397 | *peer = *gateway; |
Paul Stewart | 4925829 | 2012-05-26 06:37:14 -0700 | [diff] [blame] | 398 | return true; |
Paul Stewart | 5b7ba8c | 2012-04-18 09:08:00 -0700 | [diff] [blame] | 399 | } |
Paul Stewart | 53a3038 | 2012-04-26 09:06:59 -0700 | [diff] [blame] | 400 | |
Paul Stewart | 2aa5d7d | 2012-06-21 22:16:54 -0700 | [diff] [blame] | 401 | LOG(WARNING) << "Mitigating this by setting local prefix to " |
| 402 | << local->prefix(); |
Paul Stewart | 53a3038 | 2012-04-26 09:06:59 -0700 | [diff] [blame] | 403 | return true; |
Paul Stewart | 5b7ba8c | 2012-04-18 09:08:00 -0700 | [diff] [blame] | 404 | } |
| 405 | |
Paul Stewart | 7cfca04 | 2011-12-08 14:18:17 -0800 | [diff] [blame] | 406 | uint32 Connection::GetMetric(bool is_default) { |
| 407 | // If this is not the default route, assign a metric based on the interface |
| 408 | // index. This way all non-default routes (even to the same gateway IP) end |
| 409 | // up with unique metrics so they do not collide. |
| 410 | return is_default ? kDefaultMetric : kNonDefaultMetricBase + interface_index_; |
| 411 | } |
| 412 | |
Paul Stewart | 73fcc3f | 2013-02-25 12:16:53 -0800 | [diff] [blame] | 413 | bool Connection::PinHostRoute(const IPAddress &trusted_ip, |
| 414 | const IPAddress &gateway) { |
Paul Stewart | e93b038 | 2012-04-24 13:11:28 -0700 | [diff] [blame] | 415 | SLOG(Connection, 2) << __func__; |
Paul Stewart | 73fcc3f | 2013-02-25 12:16:53 -0800 | [diff] [blame] | 416 | if (!trusted_ip.IsValid() || !gateway.IsValid()) { |
| 417 | LOG_IF(ERROR, !gateway.IsValid()) |
Darin Petkov | e8587e3 | 2012-07-02 13:56:07 +0200 | [diff] [blame] | 418 | << "No gateway -- unable to pin host route."; |
Paul Stewart | 73fcc3f | 2013-02-25 12:16:53 -0800 | [diff] [blame] | 419 | LOG_IF(ERROR, !trusted_ip.IsValid()) |
Darin Petkov | e8587e3 | 2012-07-02 13:56:07 +0200 | [diff] [blame] | 420 | << "No trusted IP -- unable to pin host route."; |
Paul Stewart | e93b038 | 2012-04-24 13:11:28 -0700 | [diff] [blame] | 421 | return false; |
| 422 | } |
| 423 | |
Paul Stewart | e93b038 | 2012-04-24 13:11:28 -0700 | [diff] [blame] | 424 | return RequestHostRoute(trusted_ip); |
| 425 | } |
| 426 | |
Darin Petkov | 13e6d55 | 2012-05-09 14:22:23 +0200 | [diff] [blame] | 427 | void Connection::OnRouteQueryResponse(int interface_index, |
| 428 | const RoutingTableEntry &entry) { |
| 429 | SLOG(Connection, 2) << __func__ << "(" << interface_index << ", " |
Darin Petkov | 5eb0542 | 2012-05-11 15:45:25 +0200 | [diff] [blame] | 430 | << entry.tag << ")" << " @ " << interface_name_; |
Darin Petkov | 13e6d55 | 2012-05-09 14:22:23 +0200 | [diff] [blame] | 431 | lower_binder_.Attach(NULL); |
| 432 | DeviceRefPtr device = device_info_->GetDevice(interface_index); |
| 433 | if (!device) { |
| 434 | LOG(ERROR) << "Unable to lookup device for index " << interface_index; |
| 435 | return; |
| 436 | } |
| 437 | ConnectionRefPtr connection = device->connection(); |
| 438 | if (!connection) { |
| 439 | LOG(ERROR) << "Device " << interface_index << " has no connection."; |
| 440 | return; |
| 441 | } |
| 442 | lower_binder_.Attach(connection); |
Paul Stewart | 4a6748d | 2012-07-17 14:31:36 -0700 | [diff] [blame] | 443 | connection->CreateGatewayRoute(); |
Paul Stewart | 8596f9f | 2013-03-14 07:58:26 -0700 | [diff] [blame] | 444 | device->OnConnectionUpdated(); |
Paul Stewart | 4a6748d | 2012-07-17 14:31:36 -0700 | [diff] [blame] | 445 | } |
| 446 | |
| 447 | bool Connection::CreateGatewayRoute() { |
| 448 | // Ensure that the gateway for the lower connection remains reachable, |
| 449 | // since we may create routes that conflict with it. |
| 450 | if (!has_broadcast_domain_) { |
| 451 | return false; |
| 452 | } |
| 453 | // It is not worth keeping track of this route, since it is benign, |
| 454 | // and only pins persistent state that was already true of the connection. |
| 455 | // If DHCP parameters change later (without the connection having been |
| 456 | // destroyed and recreated), the binding processes will likely terminate |
| 457 | // and restart, causing a new link route to be created. |
| 458 | return routing_table_->CreateLinkRoute(interface_index_, local_, gateway_); |
Darin Petkov | 13e6d55 | 2012-05-09 14:22:23 +0200 | [diff] [blame] | 459 | } |
| 460 | |
| 461 | void Connection::OnLowerDisconnect() { |
Darin Petkov | 5eb0542 | 2012-05-11 15:45:25 +0200 | [diff] [blame] | 462 | SLOG(Connection, 2) << __func__ << " @ " << interface_name_; |
Darin Petkov | 13e6d55 | 2012-05-09 14:22:23 +0200 | [diff] [blame] | 463 | // Ensures that |this| instance doesn't get destroyed in the middle of |
| 464 | // notifying the binders. This method needs to be separate from |
| 465 | // NotifyBindersOnDisconnect because the latter may be invoked by Connection's |
| 466 | // destructor when |this| instance's reference count is already 0. |
| 467 | ConnectionRefPtr connection(this); |
| 468 | connection->NotifyBindersOnDisconnect(); |
| 469 | } |
| 470 | |
| 471 | void Connection::NotifyBindersOnDisconnect() { |
| 472 | // Note that this method may be invoked by the destructor. |
Darin Petkov | 5eb0542 | 2012-05-11 15:45:25 +0200 | [diff] [blame] | 473 | SLOG(Connection, 2) << __func__ << " @ " << interface_name_; |
Darin Petkov | 13e6d55 | 2012-05-09 14:22:23 +0200 | [diff] [blame] | 474 | |
| 475 | // Unbinds the lower connection before notifying the binders. This ensures |
| 476 | // correct behavior in case of circular binding. |
| 477 | lower_binder_.Attach(NULL); |
| 478 | while (!binders_.empty()) { |
| 479 | // Pop the binder first and then notify it to ensure that each binder is |
| 480 | // notified only once. |
| 481 | Binder *binder = binders_.front(); |
| 482 | binders_.pop_front(); |
| 483 | binder->OnDisconnect(); |
| 484 | } |
| 485 | } |
| 486 | |
| 487 | void Connection::AttachBinder(Binder *binder) { |
Darin Petkov | 5eb0542 | 2012-05-11 15:45:25 +0200 | [diff] [blame] | 488 | SLOG(Connection, 2) << __func__ << "(" << binder->name() << ")" << " @ " |
| 489 | << interface_name_; |
Darin Petkov | 13e6d55 | 2012-05-09 14:22:23 +0200 | [diff] [blame] | 490 | binders_.push_back(binder); |
| 491 | } |
| 492 | |
| 493 | void Connection::DetachBinder(Binder *binder) { |
Darin Petkov | 5eb0542 | 2012-05-11 15:45:25 +0200 | [diff] [blame] | 494 | SLOG(Connection, 2) << __func__ << "(" << binder->name() << ")" << " @ " |
| 495 | << interface_name_; |
Darin Petkov | 13e6d55 | 2012-05-09 14:22:23 +0200 | [diff] [blame] | 496 | for (deque<Binder *>::iterator it = binders_.begin(); |
| 497 | it != binders_.end(); ++it) { |
| 498 | if (binder == *it) { |
| 499 | binders_.erase(it); |
| 500 | return; |
| 501 | } |
| 502 | } |
| 503 | } |
| 504 | |
Paul Stewart | dd60e45 | 2011-08-08 11:38:36 -0700 | [diff] [blame] | 505 | } // namespace shill |