flimflam: Add L2TP/IPsec VPN plugin

plugins/vpn.c

 /*
  *
  *  Connection Manager
  *
  *  Copyright (C) 2007-2010  Intel Corporation. All rights reserved.
  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License version 2 as
  *  published by the Free Software Foundation.
  *
  *  This program is distributed in the hope that it will be useful,
  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  *  GNU General Public License for more details.
  *
  *  You should have received a copy of the GNU General Public License
  *  along with this program; if not, write to the Free Software
  *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
  *
  */
 
 /*
  * Support for vpn plugins.  Common code to manage a provider object,
  * tun device and a task associated with an external vpn process.  The
  * vpn plugin is responsible for launching the external process and
  * handling notification callbacks to clock the provider state machine.
  *
- * TODO(sleffler) currently assumes extern vpn service uses tun but not all do
  * TODO(sleffler) seems to make more sense in src than plugins
  */
 
 #ifdef HAVE_CONFIG_H
 #include <config.h>
 #endif
 
 #include <string.h>
 #include <fcntl.h>
 #include <unistd.h>
@@ skipping 31 matching lines @@
 
 struct vpn_driver_data {
         const char *name;
         const char *program;
         struct vpn_driver *vpn_driver;
         struct connman_provider_driver provider_driver;
 };
 
 static GHashTable *driver_hash = NULL;
 
-static int kill_tun(char *tun_name)
+static int kill_tun(struct connman_provider *provider)
 {
+        struct vpn_data *data = connman_provider_get_data(provider);
+        struct vpn_driver_data *vpn_driver_data;
+        const char *name;
         struct ifreq ifr;
         int fd, err;
 
+        if (data == NULL)
+                return -1;
+
+        name = connman_provider_get_driver_name(provider);
+        vpn_driver_data = g_hash_table_lookup(driver_hash, name);
+
+        if (vpn_driver_data != NULL && vpn_driver_data->vpn_driver !=NULL &&
+                vpn_driver_data->vpn_driver->flags == VPN_FLAG_NO_TUN)
+                return 0;
+
         memset(&ifr, 0, sizeof(ifr));
         ifr.ifr_flags = IFF_TUN | IFF_NO_PI;
-        strncpy(ifr.ifr_name, tun_name, sizeof(ifr.ifr_name));
+        strncpy(ifr.ifr_name, data->if_name, sizeof(ifr.ifr_name));

[thutt, 2011/03/17 15:02:21]

(nit) It looks like you are adding tabs in a file which does not have them.
Or, if it does, then lines 81..96 do not use tabs.

(That is, if my interpretation of the red chevrons indicate tabs)

[kmixter1, 2011/03/17 17:52:20]

It's the latter.  The file is mostly tabs but I didn't add them consistently.
Running tabify.

 
         fd = open("/dev/net/tun", O_RDWR);
         if (fd < 0) {
                 err = -errno;
                 connman_error("Failed to open /dev/net/tun to device %s: %s",
-                              tun_name, strerror(errno));
+                              data->if_name, strerror(errno));
                 return err;
         }
 
         if (ioctl(fd, TUNSETIFF, (void *)&ifr)) {
                 err = -errno;
                 connman_error("Failed to TUNSETIFF for device %s to it: %s",
-                              tun_name, strerror(errno));
+                              data->if_name, strerror(errno));
                 close(fd);
                 return err;
         }
 
         if (ioctl(fd, TUNSETPERSIST, 0)) {
                 err = -errno;
                 connman_error("Failed to set tun device %s nonpersistent: %s",
-                              tun_name, strerror(errno));
+                              data->if_name, strerror(errno));
                 close(fd);
                 return err;
         }
         close(fd);
-        _DBG_VPN("Killed tun device %s", tun_name);
+        _DBG_VPN("Killed tun device %s", data->if_name);
         return 0;
 }
 
 void vpn_died(struct connman_task *task, void *user_data)
 {
         struct connman_provider *provider = user_data;
         struct vpn_data *data = connman_provider_get_data(provider);
         int state = data->state;
 
         _DBG_VPN("provider %p data %p", provider, data);
 
         if (!data)
                 goto vpn_exit;
 
-        kill_tun(data->if_name);
+        kill_tun(provider);
         connman_provider_set_data(provider, NULL);
         connman_rtnl_remove_watch(data->watch);
 
 vpn_exit:
         if (state != VPN_STATE_READY && state != VPN_STATE_DISCONNECT)
                 connman_provider_set_state(provider,
                                                 CONNMAN_PROVIDER_STATE_FAILURE);
         else
                 connman_provider_set_state(provider,
                                                 CONNMAN_PROVIDER_STATE_IDLE);
 
         connman_provider_set_index(provider, -1);
         connman_provider_unref(data->provider);
         g_free(data);
 
         connman_task_destroy(task);
 }
 
+int vpn_set_ifname(struct connman_provider *provider, const char *ifname)
+{
+        struct vpn_data *data = connman_provider_get_data(provider);
+        int index;
+
+        if (data == NULL) {
+                _DBG_VPN("%s: provider data not accessible", __func__);
+                return  -EIO;
+        }
+
+        if (ifname == NULL) {
+                _DBG_VPN("%s: ifname not provided", __func__);
+                return  -EIO;
+        }
+
+        index = connman_inet_ifindex(ifname);
+        if (index < 0) {
+                _DBG_VPN("%s: could not get ifindex from %s", __func__, ifname);
+                return  -EIO;
+        }
+
+        data->if_name = (char *)g_strdup(ifname);
+        connman_provider_set_index(provider, index);
+
+        /* Set connect state to retry creating ipconfig with index above. */
+        connman_provider_set_state(provider, CONNMAN_PROVIDER_STATE_CONNECT);
+
+        return 0;
+}
+
 static void vpn_newlink(const char *ifname, unsigned flags, unsigned change,                            void *user_data)
 {
         struct connman_provider *provider = user_data;
         struct vpn_data *data = connman_provider_get_data(provider);
 
         if ((data->flags & IFF_UP) != (flags & IFF_UP)) {
                 if (flags & IFF_UP) {
                         data->state = VPN_STATE_READY;
                         connman_provider_set_state(provider,
                                         CONNMAN_PROVIDER_STATE_READY);
                 }
         }
         data->flags = flags;
 }
 
-static void vpn_notify(struct connman_task *task,
+static DBusMessage *vpn_notify(struct connman_task *task,

[thutt, 2011/03/17 15:02:21]

I don't understand why you changed this function to return a DBusMessage*, but
then always return NULL.

[kmixter1, 2011/03/17 17:52:20]

This is the default notification function if the provider doesn't override it. 
The change makes notification functions be able to return dbus responses, but
this one doesn't need to.

                         DBusMessage *msg, void *user_data)
 {
         struct connman_provider *provider = user_data;
         struct vpn_data *data;
         struct vpn_driver_data *vpn_driver_data;
         const char *name;
         int state, index;
 
         data = connman_provider_get_data(provider);
 
         name = connman_provider_get_driver_name(provider);
         vpn_driver_data = g_hash_table_lookup(driver_hash, name);
         if (vpn_driver_data == NULL)
-                return;
+                return NULL;
 
         state = vpn_driver_data->vpn_driver->notify(msg, provider);
         switch (state) {
         case VPN_STATE_CONNECT:
         case VPN_STATE_READY:
                 index = connman_provider_get_index(provider);
                 data->watch = connman_rtnl_add_newlink_watch(index,
                                                      vpn_newlink, provider);
                 connman_inet_ifup(index);
                 break;
 
         case VPN_STATE_UNKNOWN:
         case VPN_STATE_IDLE:
         case VPN_STATE_DISCONNECT:
         case VPN_STATE_FAILURE:
                 connman_provider_set_state(provider,
                                         CONNMAN_PROVIDER_STATE_DISCONNECT);
                 break;
         }
+
+        return NULL;
 }
 
-static int vpn_connect(struct connman_provider *provider)
+static int vpn_create_tun(struct connman_provider *provider)
 {
         struct vpn_data *data = connman_provider_get_data(provider);
-        struct vpn_driver_data *vpn_driver_data;
         struct ifreq ifr;
-        const char *name;
         int i, fd, index;
         int ret = 0;
 
-        if (data != NULL)
+        if (data == NULL)

[thutt, 2011/03/17 15:02:21]

I'm not a networking person, but is this returning an error stating that you're
already connected if you don't have any data?

[kmixter1, 2011/03/17 17:52:20]

Done and added a message.

                 return -EISCONN;
 
-        data = g_try_new0(struct vpn_data, 1);
-        if (data == NULL)
-                return -ENOMEM;
-
-        data->provider = connman_provider_ref(provider);
-        data->watch = 0;
-        data->flags = 0;
-        data->task = NULL;
-        data->state = VPN_STATE_IDLE;
-
-        connman_provider_set_data(provider, data);
-
-        name = connman_provider_get_driver_name(provider);
-        vpn_driver_data = g_hash_table_lookup(driver_hash, name);
-
         fd = open("/dev/net/tun", O_RDWR);
         if (fd < 0) {
                 i = -errno;
                 connman_error("%s: failed to open /dev/net/tun: %s",
                               __func__, strerror(errno));
                 ret = i;
                 goto exist_err;
         }
 
         memset(&ifr, 0, sizeof(ifr));
@@ skipping 27 matching lines @@
                 close(fd);
                 ret = i;
                 goto exist_err;
         }
 
         close(fd);
 
         index = connman_inet_ifindex(data->if_name);
         if (index < 0) {
                 connman_error("%s: failed to get tun ifindex", __func__);
-                kill_tun(data->if_name);
+                kill_tun(provider);
                 ret = -EIO;
                 goto exist_err;
         }
         connman_provider_set_index(provider, index);
 
+        return 0;
+
+exist_err:
+        return ret;
+}
+
+static int vpn_connect(struct connman_provider *provider)
+{
+        struct vpn_data *data = connman_provider_get_data(provider);
+        struct vpn_driver_data *vpn_driver_data;
+        const char *name;
+        int ret = 0;
+
+        if (data != NULL) {

[thutt, 2011/03/17 15:02:21]

I'm puzzled by the condition -vs- the message here.  If you have data, you
report an error that you could not access the data.  Maybe it's just that I
don't this stuff very much, but the condition & the message seem to contradict
each other.

It's particularly confusing because line 249 seems to do the opposite.

[kmixter1, 2011/03/17 17:52:20]

Updated the error message - I copy and pasted wrong when adding error messages
in response to an earlier review.

+                _DBG_VPN("%s: unable to access provider data", __func__);
+                return -EISCONN;
+        }
+
+        data = g_try_new0(struct vpn_data, 1);
+        if (data == NULL)
+                return -ENOMEM;
+
+        data->provider = connman_provider_ref(provider);
+        data->watch = 0;
+        data->flags = 0;
+        data->task = NULL;
+        data->state = VPN_STATE_IDLE;
+
+        connman_provider_set_data(provider, data);
+
+        name = connman_provider_get_driver_name(provider);
+        vpn_driver_data = g_hash_table_lookup(driver_hash, name);
+
+        if (vpn_driver_data != NULL && vpn_driver_data->vpn_driver != NULL &&
+                vpn_driver_data->vpn_driver->flags != VPN_FLAG_NO_TUN) {
+
+                ret = vpn_create_tun(provider);
+                if (ret < 0)
+                        goto exist_err;
+        }
+
         data->task = connman_task_create(vpn_driver_data->program);
 
         if (data->task == NULL) {
                 ret = -ENOMEM;
-                kill_tun(data->if_name);
+                kill_tun(provider);
                 goto exist_err;
         }
 
         if (connman_task_set_notify(data->task, "notify",
                                         vpn_notify, provider)) {
                 ret = -ENOMEM;
-                kill_tun(data->if_name);
+                kill_tun(provider);
                 connman_task_destroy(data->task);
                 data->task = NULL;
                 goto exist_err;
         }
 
         ret = vpn_driver_data->vpn_driver->connect(provider, data->task,
                                                         data->if_name);
         if (ret < 0) {
-                kill_tun(data->if_name);
+                kill_tun(provider);
                 connman_task_destroy(data->task);
                 data->task = NULL;
                 goto exist_err;
         }
 
         _DBG_VPN("%s started with dev %s",
                 vpn_driver_data->provider_driver.name, data->if_name);
 
         data->state = VPN_STATE_CONNECT;
 
@@ skipping 39 matching lines @@
         connman_task_stop(data->task);
 
         return 0;
 }
 
 static int vpn_remove(struct connman_provider *provider)
 {
         struct vpn_data *data;
 
         data = connman_provider_get_data(provider);
-        connman_provider_set_data(provider, NULL);
         if (data == NULL)
                 return 0;
 
         if (data->watch != 0)
                 connman_rtnl_remove_watch(data->watch);
         data->watch = 0;
         connman_task_stop(data->task);
 
         g_usleep(G_USEC_PER_SEC);
-        kill_tun(data->if_name);
+        kill_tun(provider);
+        connman_provider_set_data(provider, NULL);
         return 0;
 }
 
 int vpn_register(const char *name, struct vpn_driver *vpn_driver,
                         const char *program)
 {
         struct vpn_driver_data *data;
 
         _DBG_VPN("name %s program %s", name, program);
 
@@ skipping 33 matching lines @@
         if (data == NULL)
                 return;
 
         connman_provider_driver_unregister(&data->provider_driver);
 
         g_hash_table_remove(driver_hash, name);
 
         if (g_hash_table_size(driver_hash) == 0)
                 g_hash_table_destroy(driver_hash);
 }