plugins/vpn.c - chromiumos/platform/flimflam - Git at Google

 /*
  *
  *  Connection Manager
  *
  *  Copyright (C) 2007-2010  Intel Corporation. All rights reserved.
  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License version 2 as
  *  published by the Free Software Foundation.
  *
  *  This program is distributed in the hope that it will be useful,
  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  *  GNU General Public License for more details.
  *
  *  You should have received a copy of the GNU General Public License
  *  along with this program; if not, write to the Free Software
  *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
  *
  */

 /*
  * Support for vpn plugins.  Common code to manage a provider object,
  * tun device and a task associated with an external vpn process.  The
  * vpn plugin is responsible for launching the external process and
  * handling notification callbacks to clock the provider state machine.
  *
  * TODO(sleffler) seems to make more sense in src than plugins
  */

 #ifdef HAVE_CONFIG_H
 #include <config.h>
 #endif

 #include <string.h>
 #include <fcntl.h>
 #include <unistd.h>
 #include <sys/stat.h>
 #include <stdio.h>
 #include <errno.h>
 #include <stdint.h>
 #include <sys/ioctl.h>
 #include <sys/types.h>
 #include <linux/if_tun.h>
 #include <net/if.h>

 #include <dbus/dbus.h>

 #include <glib.h>

 #include <connman/provider.h>
 #include <connman/log.h>
 #include <connman/rtnl.h>
 #include <connman/task.h>
 #include <connman/inet.h>

 #include "vpn.h"

 #define _DBG_VPN(fmt, arg...) DBG(DBG_VPN, fmt, ## arg)

 struct vpn_data {
 	struct connman_provider *provider;
 	char *if_name;
 	unsigned flags;
 	struct connman_rtnl rtnl;
 	enum vpn_state state;
 	struct connman_task *task;
 	void *vpn_specific_data;
 };

 struct vpn_driver_data {
 	const char *name;
 	const char *program;
 	struct vpn_driver *vpn_driver;
 	struct connman_provider_driver provider_driver;
 };

 static GHashTable *driver_hash = NULL;

 static int kill_tun(struct connman_provider *provider)
 {
 	struct vpn_data *data = connman_provider_get_data(provider);
 	struct vpn_driver_data *vpn_driver_data;
 	const char *name;
 	struct ifreq ifr;
 	int fd, err;

 	if (data == NULL)
 		return -1;

 	name = connman_provider_get_driver_name(provider);
 	vpn_driver_data = g_hash_table_lookup(driver_hash, name);

 	if (vpn_driver_data != NULL && vpn_driver_data->vpn_driver !=NULL &&
 		vpn_driver_data->vpn_driver->flags == VPN_FLAG_NO_TUN)
 		return 0;

 	memset(&ifr, 0, sizeof(ifr));
 	ifr.ifr_flags = IFF_TUN | IFF_NO_PI;
 	strncpy(ifr.ifr_name, data->if_name, sizeof(ifr.ifr_name));

 	fd = open("/dev/net/tun", O_RDWR);
 	if (fd < 0) {
 		err = -errno;
 		connman_error("Failed to open /dev/net/tun to device %s: %s",
 			      data->if_name, strerror(errno));
 		return err;
 	}

 	if (ioctl(fd, TUNSETIFF, (void *)&ifr)) {
 		err = -errno;
 		connman_error("Failed to TUNSETIFF for device %s to it: %s",
 			      data->if_name, strerror(errno));
 		close(fd);
 		return err;
 	}

 	if (ioctl(fd, TUNSETPERSIST, 0)) {
 		err = -errno;
 		connman_error("Failed to set tun device %s nonpersistent: %s",
 			      data->if_name, strerror(errno));
 		close(fd);
 		return err;
 	}
 	close(fd);
 	_DBG_VPN("Killed tun device %s", data->if_name);
 	return 0;
 }

 void vpn_died(struct connman_task *task, void *user_data,
     enum connman_provider_error error)
 {
 	struct connman_provider *provider = user_data;
 	struct vpn_data *data = connman_provider_get_data(provider);

 	_DBG_VPN("provider %p data %p", provider, data);

 	if (data != NULL) {
 		kill_tun(provider);
 		connman_provider_set_data(provider, NULL);
 		connman_rtnl_unregister(&data->rtnl);

 		_DBG_VPN("provider %p vpn state %d", provider, data->state);
 		switch (data->state) {
 		case VPN_STATE_CONNECT:
 		case VPN_STATE_RECONNECT:
 			connman_provider_indicate_error(provider, error);
 			break;
 		default:
 			connman_provider_set_state(provider,
 						CONNMAN_PROVIDER_STATE_IDLE);
 			break;
 		}
 	}

 	connman_provider_set_index(provider, -1);
 	connman_provider_set_interface(provider, NULL);
 	if (data != NULL) {
 		connman_provider_unref(data->provider);
 		g_free(data);
 	}

 	connman_task_destroy(task);
 }

 int vpn_set_ifname(struct connman_provider *provider, const char *ifname)
 {
 	struct vpn_data *data = connman_provider_get_data(provider);
 	int index;

 	_DBG_VPN("provider %p ifname %s", provider, ifname);

 	if (data == NULL) {
 		_DBG_VPN("%s: provider data not accessible", __func__);
 		return -EIO;
 	}

 	if (ifname == NULL) {
 		_DBG_VPN("%s: ifname not provided", __func__);
 		return -EIO;
 	}

 	index = connman_inet_ifindex(ifname);
 	if (index < 0) {
 		_DBG_VPN("%s: could not get ifindex from %s", __func__, ifname);
 		return -EIO;
 	}

 	data->if_name = (char *)g_strdup(ifname);
 	connman_provider_set_index(provider, index);
 	connman_provider_set_interface(provider, data->if_name);

 	return 0;
 }

 void *vpn_get_specific_data(struct connman_provider *vpn)
 {
 	struct vpn_data *data;

 	data = connman_provider_get_data(vpn);
 	if (data == NULL)
 		return NULL;
 	return data->vpn_specific_data;
 }

 void vpn_set_specific_data(struct connman_provider *vpn,
 			   void *vpn_specific_data)
 {
 	struct vpn_data *data;

 	data = connman_provider_get_data(vpn);
 	if (data == NULL)
 		return;
 	data->vpn_specific_data = vpn_specific_data;
 }

 static void vpn_newlink(void *user_data, int index, unsigned short type,
     const char *ifname, unsigned flags, int change)
 {
 	struct connman_provider *provider = user_data;
 	struct vpn_data *data;

 	data = connman_provider_get_data(provider);
 	_DBG_VPN("provider %p vpn state %d cur flags 0x%x new flags 0x%x",
 	    provider, data->state, data->flags, flags);

 	if ((data->flags & IFF_UP) != (flags & IFF_UP)) {
 		if (flags & IFF_UP) {
 			data->state = VPN_STATE_READY;
 			connman_provider_set_state(provider,
 					CONNMAN_PROVIDER_STATE_READY);
 		}
 	}
 	data->flags = flags;
 }

 static DBusMessage *vpn_notify(struct connman_task *task,
 			DBusMessage *msg, void *user_data)
 {
 	struct connman_provider *provider = user_data;
 	struct vpn_data *data = connman_provider_get_data(provider);
 	struct vpn_driver_data *vpn_driver_data;
 	const char *name;
 	enum vpn_state state;

 	name = connman_provider_get_driver_name(provider);
 	vpn_driver_data = g_hash_table_lookup(driver_hash, name);
 	if (vpn_driver_data == NULL)
 		return NULL;

 	/*
 	 * NB: Drivers return a state value but it's just used
 	 * to determine success/failure (i.e. it does not, for
 	 * example, indicate the new state of the vpn).  This is
 	 * inherited from upstream and should be re-done...
 	 */
 	state = vpn_driver_data->vpn_driver->notify(msg, provider);
 	if (state != VPN_STATE_CONNECT) {
 		connman_provider_set_state(provider,
 					CONNMAN_PROVIDER_STATE_DISCONNECT);
 		return NULL;
 	}

 	if (data->state == VPN_STATE_CONNECT) {
 		data->rtnl.index = connman_provider_get_index(provider);
 		connman_rtnl_register(&data->rtnl);
 		connman_inet_ifup(data->rtnl.index);
 	} else if (data->state == VPN_STATE_RECONNECT) {
 		data->state = VPN_STATE_READY;
 		connman_provider_set_state(provider,
 					CONNMAN_PROVIDER_STATE_READY);
 	}
 	return NULL;
 }

 void vpn_reconnect(struct connman_provider *provider)
 {
 	struct vpn_data *data = connman_provider_get_data(provider);

 	if (data == NULL) {
 		connman_error("%s: no vpn data for provider %p",
 		    __func__, provider);
 		return;
 	}
 	/* drop default route, et al so vpn can re-resolve remote hostnames */
 	connman_provider_ipconfig_clear(provider);

 	data->state = VPN_STATE_RECONNECT;
 	connman_provider_set_state(provider, CONNMAN_PROVIDER_STATE_CONNECT);
 }

 static int vpn_create_tun(struct connman_provider *provider)
 {
 	struct vpn_data *data = connman_provider_get_data(provider);
 	struct ifreq ifr;
 	int i, fd, index;
 	int ret = 0;

 	if (data == NULL) {
 		connman_error("%s: called out of order", __func__);
 		return -EIO;
 	}

 	fd = open("/dev/net/tun", O_RDWR);
 	if (fd < 0) {
 		i = -errno;
 		connman_error("%s: failed to open /dev/net/tun: %s",
 			      __func__, strerror(errno));
 		ret = i;
 		goto exist_err;
 	}

 	memset(&ifr, 0, sizeof(ifr));
 	ifr.ifr_flags = IFF_TUN | IFF_NO_PI;

 	for (i = 0; i < 256; i++) {
 		sprintf(ifr.ifr_name, "vpn%d", i);

 		if (!ioctl(fd, TUNSETIFF, (void *)&ifr))
 			break;
 	}

 	if (i == 256) {
 		connman_error("%s: failed to find available tun device",
 			      __func__);
 		close(fd);
 		ret = -ENODEV;
 		goto exist_err;
 	}

 	data->if_name = (char *)g_strdup(ifr.ifr_name);
 	if (!data->if_name) {
 		ret = -ENOMEM;
 		goto exist_err;
 	}

 	if (ioctl(fd, TUNSETPERSIST, 1)) {
 		i = -errno;
 		connman_error("%s: failed to set tun persistent: %s",
 			      __func__, strerror(errno));
 		close(fd);
 		ret = i;
 		goto exist_err;
 	}

 	close(fd);

 	index = connman_inet_ifindex(data->if_name);
 	if (index < 0) {
 		connman_error("%s: failed to get tun ifindex", __func__);
 		kill_tun(provider);
 		ret = -EIO;
 		goto exist_err;
 	}
 	connman_provider_set_index(provider, index);
 	connman_provider_set_interface(provider, data->if_name);

 	return 0;

 exist_err:
 	return ret;
 }

 static int vpn_connect(struct connman_provider *provider)
 {
 	struct vpn_data *data = connman_provider_get_data(provider);
 	struct vpn_driver_data *vpn_driver_data;
 	const char *name;
 	int ret = 0;

 	if (data != NULL) {
 		_DBG_VPN("%s: data != NULL", __func__);
 		return -EISCONN;
 	}

 	data = g_try_new0(struct vpn_data, 1);
 	if (data == NULL)
 		return -ENOMEM;

 	data->provider = connman_provider_ref(provider);
 	data->flags = 0;
 	data->task = NULL;
 	data->state = VPN_STATE_IDLE;

 	/* NB: index set when register'ing, may not be available here */
 	RTNL_INIT(&data->rtnl,
 	    connman_provider_get_ident(provider),	/* name */
 	    CONNMAN_RTNL_PRIORITY_DEFAULT,		/* priority */
 	    CONNMAN_RTNL_DEVICE_ANY,
 	    provider					/* private */
 	);
 	data->rtnl.newlink = vpn_newlink;

 	connman_provider_set_data(provider, data);

 	name = connman_provider_get_driver_name(provider);
 	vpn_driver_data = g_hash_table_lookup(driver_hash, name);

 	if (vpn_driver_data != NULL && vpn_driver_data->vpn_driver != NULL &&
 		vpn_driver_data->vpn_driver->flags != VPN_FLAG_NO_TUN) {

 		ret = vpn_create_tun(provider);
 		if (ret < 0)
 			goto exist_err;
 	}

 	data->task = connman_task_create(vpn_driver_data->program);

 	if (data->task == NULL) {
 		ret = -ENOMEM;
 		kill_tun(provider);
 		goto exist_err;
 	}

 	if (connman_task_set_notify(data->task, "notify",
 					vpn_notify, provider)) {
 		ret = -ENOMEM;
 		kill_tun(provider);
 		connman_task_destroy(data->task);
 		data->task = NULL;
 		goto exist_err;
 	}

 	ret = vpn_driver_data->vpn_driver->connect(provider, data->task,
 							data->if_name);
 	if (ret < 0) {
 		kill_tun(provider);
 		connman_task_destroy(data->task);
 		data->task = NULL;
 		goto exist_err;
 	}

 	_DBG_VPN("%s started with dev %s",
 		vpn_driver_data->provider_driver.name, data->if_name);

 	data->state = VPN_STATE_CONNECT;

 	connman_provider_set_state(provider, CONNMAN_PROVIDER_STATE_CONNECT);

 	return -EINPROGRESS;

 exist_err:
 	connman_provider_set_index(provider, -1);
 	connman_provider_set_interface(provider, NULL);
 	connman_provider_set_data(provider, NULL);
 	connman_provider_unref(data->provider);
 	g_free(data);

 	return ret;
 }

 static int vpn_probe(struct connman_provider *provider)
 {
 	return 0;
 }

 static int vpn_disconnect(struct connman_provider *provider)
 {
 	struct vpn_data *data = connman_provider_get_data(provider);
 	struct vpn_driver_data *vpn_driver_data;
 	const char *name;

 	_DBG_VPN("disconnect provider %p data %p", provider, data);

 	if (data == NULL)
 		return 0;

 	name = connman_provider_get_driver_name(provider);
 	vpn_driver_data = g_hash_table_lookup(driver_hash, name);
 	if (vpn_driver_data->vpn_driver->disconnect)
 		vpn_driver_data->vpn_driver->disconnect();

 	connman_rtnl_unregister(&data->rtnl);

 	data->state = VPN_STATE_DISCONNECT;
 	connman_task_stop(data->task);

 	return 0;
 }

 static int vpn_remove(struct connman_provider *provider)
 {
 	struct vpn_data *data;

 	data = connman_provider_get_data(provider);
 	if (data == NULL)
 		return 0;

 	connman_rtnl_unregister(&data->rtnl);
 	connman_task_stop(data->task);

 	g_usleep(G_USEC_PER_SEC);
 	kill_tun(provider);
 	connman_provider_set_data(provider, NULL);
 	return 0;
 }

 int vpn_register(const char *name, struct vpn_driver *vpn_driver,
 			const char *program)
 {
 	struct vpn_driver_data *data;

 	_DBG_VPN("name %s program %s", name, program);

 	data = g_try_new0(struct vpn_driver_data, 1);
 	if (data == NULL)
 		return -ENOMEM;

 	data->name = name;
 	data->program = program;

 	data->vpn_driver = vpn_driver;

 	data->provider_driver.name = name;
 	data->provider_driver.disconnect = vpn_disconnect;
 	data->provider_driver.connect = vpn_connect;
 	data->provider_driver.probe = vpn_probe;
 	data->provider_driver.remove = vpn_remove;
 	data->provider_driver.append_props = vpn_driver->append_props;
 	data->provider_driver.save_props = vpn_driver->save_props;
 	data->provider_driver.load_props = vpn_driver->load_props;

 	if (driver_hash == NULL) {
 		driver_hash = g_hash_table_new_full(g_str_hash,
 							g_str_equal,
 							NULL, g_free);
 	}

 	g_hash_table_insert(driver_hash, (char *)name, data);

 	connman_provider_driver_register(&data->provider_driver);

 	return 0;
 }

 void vpn_unregister(const char *name)
 {
 	struct vpn_driver_data *data;

 	data = g_hash_table_lookup(driver_hash, name);
 	if (data == NULL)
 		return;

 	connman_provider_driver_unregister(&data->provider_driver);

 	g_hash_table_remove(driver_hash, name);

 	if (g_hash_table_size(driver_hash) == 0)
 		g_hash_table_destroy(driver_hash);
 }
	/*
	*
	* Connection Manager
	*
	* Copyright (C) 2007-2010 Intel Corporation. All rights reserved.
	*
	* This program is free software; you can redistribute it and/or modify
	* it under the terms of the GNU General Public License version 2 as
	* published by the Free Software Foundation.
	*
	* This program is distributed in the hope that it will be useful,
	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	* GNU General Public License for more details.
	*
	* You should have received a copy of the GNU General Public License
	* along with this program; if not, write to the Free Software
	* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	*
	*/

	/*
	* Support for vpn plugins. Common code to manage a provider object,
	* tun device and a task associated with an external vpn process. The
	* vpn plugin is responsible for launching the external process and
	* handling notification callbacks to clock the provider state machine.
	*
	* TODO(sleffler) seems to make more sense in src than plugins
	*/

	#ifdef HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include <string.h>
	#include <fcntl.h>
	#include <unistd.h>
	#include <sys/stat.h>
	#include <stdio.h>
	#include <errno.h>
	#include <stdint.h>
	#include <sys/ioctl.h>
	#include <sys/types.h>
	#include <linux/if_tun.h>
	#include <net/if.h>

	#include <dbus/dbus.h>

	#include <glib.h>

	#include <connman/provider.h>
	#include <connman/log.h>
	#include <connman/rtnl.h>
	#include <connman/task.h>
	#include <connman/inet.h>

	#include "vpn.h"

	#define _DBG_VPN(fmt, arg...) DBG(DBG_VPN, fmt, ## arg)

	struct vpn_data {
	struct connman_provider *provider;
	char *if_name;
	unsigned flags;
	struct connman_rtnl rtnl;
	enum vpn_state state;
	struct connman_task *task;
	void *vpn_specific_data;
	};

	struct vpn_driver_data {
	const char *name;
	const char *program;
	struct vpn_driver *vpn_driver;
	struct connman_provider_driver provider_driver;
	};

	static GHashTable *driver_hash = NULL;

	static int kill_tun(struct connman_provider *provider)
	{
	struct vpn_data *data = connman_provider_get_data(provider);
	struct vpn_driver_data *vpn_driver_data;
	const char *name;
	struct ifreq ifr;
	int fd, err;

	if (data == NULL)
	return -1;

	name = connman_provider_get_driver_name(provider);
	vpn_driver_data = g_hash_table_lookup(driver_hash, name);

	if (vpn_driver_data != NULL && vpn_driver_data->vpn_driver !=NULL &&
	vpn_driver_data->vpn_driver->flags == VPN_FLAG_NO_TUN)
	return 0;

	memset(&ifr, 0, sizeof(ifr));
	ifr.ifr_flags = IFF_TUN \| IFF_NO_PI;
	strncpy(ifr.ifr_name, data->if_name, sizeof(ifr.ifr_name));

	fd = open("/dev/net/tun", O_RDWR);
	if (fd < 0) {
	err = -errno;
	connman_error("Failed to open /dev/net/tun to device %s: %s",
	data->if_name, strerror(errno));
	return err;
	}

	if (ioctl(fd, TUNSETIFF, (void *)&ifr)) {
	err = -errno;
	connman_error("Failed to TUNSETIFF for device %s to it: %s",
	data->if_name, strerror(errno));
	close(fd);
	return err;
	}

	if (ioctl(fd, TUNSETPERSIST, 0)) {
	err = -errno;
	connman_error("Failed to set tun device %s nonpersistent: %s",
	data->if_name, strerror(errno));
	close(fd);
	return err;
	}
	close(fd);
	_DBG_VPN("Killed tun device %s", data->if_name);
	return 0;
	}

	void vpn_died(struct connman_task task, void user_data,
	enum connman_provider_error error)
	{
	struct connman_provider *provider = user_data;
	struct vpn_data *data = connman_provider_get_data(provider);

	_DBG_VPN("provider %p data %p", provider, data);

	if (data != NULL) {
	kill_tun(provider);
	connman_provider_set_data(provider, NULL);
	connman_rtnl_unregister(&data->rtnl);

	_DBG_VPN("provider %p vpn state %d", provider, data->state);
	switch (data->state) {
	case VPN_STATE_CONNECT:
	case VPN_STATE_RECONNECT:
	connman_provider_indicate_error(provider, error);
	break;
	default:
	connman_provider_set_state(provider,
	CONNMAN_PROVIDER_STATE_IDLE);
	break;
	}
	}

	connman_provider_set_index(provider, -1);
	connman_provider_set_interface(provider, NULL);
	if (data != NULL) {
	connman_provider_unref(data->provider);
	g_free(data);
	}

	connman_task_destroy(task);
	}

	int vpn_set_ifname(struct connman_provider provider, const char ifname)
	{
	struct vpn_data *data = connman_provider_get_data(provider);
	int index;

	_DBG_VPN("provider %p ifname %s", provider, ifname);

	if (data == NULL) {
	_DBG_VPN("%s: provider data not accessible", __func__);
	return -EIO;
	}

	if (ifname == NULL) {
	_DBG_VPN("%s: ifname not provided", __func__);
	return -EIO;
	}

	index = connman_inet_ifindex(ifname);
	if (index < 0) {
	_DBG_VPN("%s: could not get ifindex from %s", __func__, ifname);
	return -EIO;
	}

	data->if_name = (char *)g_strdup(ifname);
	connman_provider_set_index(provider, index);
	connman_provider_set_interface(provider, data->if_name);

	return 0;
	}

	void vpn_get_specific_data(struct connman_provider vpn)
	{
	struct vpn_data *data;

	data = connman_provider_get_data(vpn);
	if (data == NULL)
	return NULL;
	return data->vpn_specific_data;
	}

	void vpn_set_specific_data(struct connman_provider *vpn,
	void *vpn_specific_data)
	{
	struct vpn_data *data;

	data = connman_provider_get_data(vpn);
	if (data == NULL)
	return;
	data->vpn_specific_data = vpn_specific_data;
	}

	static void vpn_newlink(void *user_data, int index, unsigned short type,
	const char *ifname, unsigned flags, int change)
	{
	struct connman_provider *provider = user_data;
	struct vpn_data *data;

	data = connman_provider_get_data(provider);
	_DBG_VPN("provider %p vpn state %d cur flags 0x%x new flags 0x%x",
	provider, data->state, data->flags, flags);

	if ((data->flags & IFF_UP) != (flags & IFF_UP)) {
	if (flags & IFF_UP) {
	data->state = VPN_STATE_READY;
	connman_provider_set_state(provider,
	CONNMAN_PROVIDER_STATE_READY);
	}
	}
	data->flags = flags;
	}

	static DBusMessage vpn_notify(struct connman_task task,
	DBusMessage msg, void user_data)
	{
	struct connman_provider *provider = user_data;
	struct vpn_data *data = connman_provider_get_data(provider);
	struct vpn_driver_data *vpn_driver_data;
	const char *name;
	enum vpn_state state;

	name = connman_provider_get_driver_name(provider);
	vpn_driver_data = g_hash_table_lookup(driver_hash, name);
	if (vpn_driver_data == NULL)
	return NULL;

	/*
	* NB: Drivers return a state value but it's just used
	* to determine success/failure (i.e. it does not, for
	* example, indicate the new state of the vpn). This is
	* inherited from upstream and should be re-done...
	*/
	state = vpn_driver_data->vpn_driver->notify(msg, provider);
	if (state != VPN_STATE_CONNECT) {
	connman_provider_set_state(provider,
	CONNMAN_PROVIDER_STATE_DISCONNECT);
	return NULL;
	}

	if (data->state == VPN_STATE_CONNECT) {
	data->rtnl.index = connman_provider_get_index(provider);
	connman_rtnl_register(&data->rtnl);
	connman_inet_ifup(data->rtnl.index);
	} else if (data->state == VPN_STATE_RECONNECT) {
	data->state = VPN_STATE_READY;
	connman_provider_set_state(provider,
	CONNMAN_PROVIDER_STATE_READY);
	}
	return NULL;
	}

	void vpn_reconnect(struct connman_provider *provider)
	{
	struct vpn_data *data = connman_provider_get_data(provider);

	if (data == NULL) {
	connman_error("%s: no vpn data for provider %p",
	__func__, provider);
	return;
	}
	/* drop default route, et al so vpn can re-resolve remote hostnames */
	connman_provider_ipconfig_clear(provider);

	data->state = VPN_STATE_RECONNECT;
	connman_provider_set_state(provider, CONNMAN_PROVIDER_STATE_CONNECT);
	}

	static int vpn_create_tun(struct connman_provider *provider)
	{
	struct vpn_data *data = connman_provider_get_data(provider);
	struct ifreq ifr;
	int i, fd, index;
	int ret = 0;

	if (data == NULL) {
	connman_error("%s: called out of order", __func__);
	return -EIO;
	}

	fd = open("/dev/net/tun", O_RDWR);
	if (fd < 0) {
	i = -errno;
	connman_error("%s: failed to open /dev/net/tun: %s",
	__func__, strerror(errno));
	ret = i;
	goto exist_err;
	}

	memset(&ifr, 0, sizeof(ifr));
	ifr.ifr_flags = IFF_TUN \| IFF_NO_PI;

	for (i = 0; i < 256; i++) {
	sprintf(ifr.ifr_name, "vpn%d", i);

	if (!ioctl(fd, TUNSETIFF, (void *)&ifr))
	break;
	}

	if (i == 256) {
	connman_error("%s: failed to find available tun device",
	__func__);
	close(fd);
	ret = -ENODEV;
	goto exist_err;
	}

	data->if_name = (char *)g_strdup(ifr.ifr_name);
	if (!data->if_name) {
	ret = -ENOMEM;
	goto exist_err;
	}

	if (ioctl(fd, TUNSETPERSIST, 1)) {
	i = -errno;
	connman_error("%s: failed to set tun persistent: %s",
	__func__, strerror(errno));
	close(fd);
	ret = i;
	goto exist_err;
	}

	close(fd);

	index = connman_inet_ifindex(data->if_name);
	if (index < 0) {
	connman_error("%s: failed to get tun ifindex", __func__);
	kill_tun(provider);
	ret = -EIO;
	goto exist_err;
	}
	connman_provider_set_index(provider, index);
	connman_provider_set_interface(provider, data->if_name);

	return 0;

	exist_err:
	return ret;
	}

	static int vpn_connect(struct connman_provider *provider)
	{
	struct vpn_data *data = connman_provider_get_data(provider);
	struct vpn_driver_data *vpn_driver_data;
	const char *name;
	int ret = 0;

	if (data != NULL) {
	_DBG_VPN("%s: data != NULL", __func__);
	return -EISCONN;
	}

	data = g_try_new0(struct vpn_data, 1);
	if (data == NULL)
	return -ENOMEM;

	data->provider = connman_provider_ref(provider);
	data->flags = 0;
	data->task = NULL;
	data->state = VPN_STATE_IDLE;

	/* NB: index set when register'ing, may not be available here */
	RTNL_INIT(&data->rtnl,
	connman_provider_get_ident(provider), /* name */
	CONNMAN_RTNL_PRIORITY_DEFAULT, /* priority */
	CONNMAN_RTNL_DEVICE_ANY,
	provider /* private */
	);
	data->rtnl.newlink = vpn_newlink;

	connman_provider_set_data(provider, data);

	name = connman_provider_get_driver_name(provider);
	vpn_driver_data = g_hash_table_lookup(driver_hash, name);

	if (vpn_driver_data != NULL && vpn_driver_data->vpn_driver != NULL &&
	vpn_driver_data->vpn_driver->flags != VPN_FLAG_NO_TUN) {

	ret = vpn_create_tun(provider);
	if (ret < 0)
	goto exist_err;
	}

	data->task = connman_task_create(vpn_driver_data->program);

	if (data->task == NULL) {
	ret = -ENOMEM;
	kill_tun(provider);
	goto exist_err;
	}

	if (connman_task_set_notify(data->task, "notify",
	vpn_notify, provider)) {
	ret = -ENOMEM;
	kill_tun(provider);
	connman_task_destroy(data->task);
	data->task = NULL;
	goto exist_err;
	}

	ret = vpn_driver_data->vpn_driver->connect(provider, data->task,
	data->if_name);
	if (ret < 0) {
	kill_tun(provider);
	connman_task_destroy(data->task);
	data->task = NULL;
	goto exist_err;
	}

	_DBG_VPN("%s started with dev %s",
	vpn_driver_data->provider_driver.name, data->if_name);

	data->state = VPN_STATE_CONNECT;

	connman_provider_set_state(provider, CONNMAN_PROVIDER_STATE_CONNECT);

	return -EINPROGRESS;

	exist_err:
	connman_provider_set_index(provider, -1);
	connman_provider_set_interface(provider, NULL);
	connman_provider_set_data(provider, NULL);
	connman_provider_unref(data->provider);
	g_free(data);

	return ret;
	}

	static int vpn_probe(struct connman_provider *provider)
	{
	return 0;
	}

	static int vpn_disconnect(struct connman_provider *provider)
	{
	struct vpn_data *data = connman_provider_get_data(provider);
	struct vpn_driver_data *vpn_driver_data;
	const char *name;

	_DBG_VPN("disconnect provider %p data %p", provider, data);

	if (data == NULL)
	return 0;

	name = connman_provider_get_driver_name(provider);
	vpn_driver_data = g_hash_table_lookup(driver_hash, name);
	if (vpn_driver_data->vpn_driver->disconnect)
	vpn_driver_data->vpn_driver->disconnect();

	connman_rtnl_unregister(&data->rtnl);

	data->state = VPN_STATE_DISCONNECT;
	connman_task_stop(data->task);

	return 0;
	}

	static int vpn_remove(struct connman_provider *provider)
	{
	struct vpn_data *data;

	data = connman_provider_get_data(provider);
	if (data == NULL)
	return 0;

	connman_rtnl_unregister(&data->rtnl);
	connman_task_stop(data->task);

	g_usleep(G_USEC_PER_SEC);
	kill_tun(provider);
	connman_provider_set_data(provider, NULL);
	return 0;
	}

	int vpn_register(const char name, struct vpn_driver vpn_driver,
	const char *program)
	{
	struct vpn_driver_data *data;

	_DBG_VPN("name %s program %s", name, program);

	data = g_try_new0(struct vpn_driver_data, 1);
	if (data == NULL)
	return -ENOMEM;

	data->name = name;
	data->program = program;

	data->vpn_driver = vpn_driver;

	data->provider_driver.name = name;
	data->provider_driver.disconnect = vpn_disconnect;
	data->provider_driver.connect = vpn_connect;
	data->provider_driver.probe = vpn_probe;
	data->provider_driver.remove = vpn_remove;
	data->provider_driver.append_props = vpn_driver->append_props;
	data->provider_driver.save_props = vpn_driver->save_props;
	data->provider_driver.load_props = vpn_driver->load_props;

	if (driver_hash == NULL) {
	driver_hash = g_hash_table_new_full(g_str_hash,
	g_str_equal,
	NULL, g_free);
	}

	g_hash_table_insert(driver_hash, (char *)name, data);

	connman_provider_driver_register(&data->provider_driver);

	return 0;
	}

	void vpn_unregister(const char *name)
	{
	struct vpn_driver_data *data;

	data = g_hash_table_lookup(driver_hash, name);
	if (data == NULL)
	return;

	connman_provider_driver_unregister(&data->provider_driver);

	g_hash_table_remove(driver_hash, name);

	if (g_hash_table_size(driver_hash) == 0)
	g_hash_table_destroy(driver_hash);
	}