]> git.ipfire.org Git - thirdparty/strongswan.git/blob - src/libcharon/plugins/socket_default/socket_default_socket.c
projects / thirdparty / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Update copyright headers after acquisition by secunet
[thirdparty/strongswan.git] / src / libcharon / plugins / socket_default / socket_default_socket.c
1 /*
2 * Copyright (C) 2006-2013 Tobias Brunner
3 * Copyright (C) 2006 Daniel Roethlisberger
4 * Copyright (C) 2005-2010 Martin Willi
5 * Copyright (C) 2005 Jan Hutter
6 *
7 * Copyright (C) secunet Security Networks AG
8 *
9 * This program is free software; you can redistribute it and/or modify it
10 * under the terms of the GNU General Public License as published by the
11 * Free Software Foundation; either version 2 of the License, or (at your
12 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
13 *
14 * This program is distributed in the hope that it will be useful, but
15 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
16 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
17 * for more details.
18 */
19
20 /* for struct in6_pktinfo */
21 #define _GNU_SOURCE
22 #ifdef __sun
23 #define _XPG4_2
24 #define __EXTENSIONS__
25 #endif
26 /* make sure to use the proper defs on Mac OS X */
27 #define __APPLE_USE_RFC_3542
28
29 #include "socket_default_socket.h"
30
31 #include <sys/types.h>
32 #include <sys/socket.h>
33 #include <string.h>
34 #include <errno.h>
35 #include <unistd.h>
36 #include <stdlib.h>
37 #include <fcntl.h>
38 #include <sys/ioctl.h>
39 #include <netinet/in_systm.h>
40 #include <netinet/in.h>
41 #include <netinet/ip.h>
42 #include <netinet/udp.h>
43 #include <net/if.h>
44
45 #include <daemon.h>
46 #include <threading/thread.h>
47
48 /* these are not defined on some platforms */
49 #ifndef SOL_IP
50 #define SOL_IP IPPROTO_IP
51 #endif
52 #ifndef SOL_IPV6
53 #define SOL_IPV6 IPPROTO_IPV6
54 #endif
55 #ifndef IPV6_TCLASS
56 #define IPV6_TCLASS 67
57 #endif
58
59 /* IPV6_RECVPKTINFO is defined in RFC 3542 which obsoletes RFC 2292 that
60 * previously defined IPV6_PKTINFO */
61 #ifndef IPV6_RECVPKTINFO
62 #define IPV6_RECVPKTINFO IPV6_PKTINFO
63 #endif
64
65 #ifndef IN6ADDR_ANY_INIT
66 #define IN6ADDR_ANY_INIT {{{0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}}}
67 #endif
68
69 #ifndef HAVE_IN6ADDR_ANY
70 static const struct in6_addr in6addr_any = IN6ADDR_ANY_INIT;
71 #endif
72
73 typedef struct private_socket_default_socket_t private_socket_default_socket_t;
74
75 /**
76 * Private data of an socket_t object
77 */
78 struct private_socket_default_socket_t {
79
80 /**
81 * public functions
82 */
83 socket_default_socket_t public;
84
85 /**
86 * Configured port (or random, if initially 0)
87 */
88 uint16_t port;
89
90 /**
91 * Configured port for NAT-T (or random, if initially 0)
92 */
93 uint16_t natt;
94
95 /**
96 * IPv4 socket (500 or port)
97 */
98 int ipv4;
99
100 /**
101 * IPv4 socket for NAT-T (4500 or natt)
102 */
103 int ipv4_natt;
104
105 /**
106 * IPv6 socket (500 or port)
107 */
108 int ipv6;
109
110 /**
111 * IPv6 socket for NAT-T (4500 or natt)
112 */
113 int ipv6_natt;
114
115 /**
116 * DSCP value set on IPv4 socket
117 */
118 uint8_t dscp4;
119
120 /**
121 * DSCP value set on IPv4 socket for NAT-T (4500 or natt)
122 */
123 uint8_t dscp4_natt;
124
125 /**
126 * DSCP value set on IPv6 socket (500 or port)
127 */
128 uint8_t dscp6;
129
130 /**
131 * DSCP value set on IPv6 socket for NAT-T (4500 or natt)
132 */
133 uint8_t dscp6_natt;
134
135 /**
136 * Maximum packet size to receive
137 */
138 int max_packet;
139
140 /**
141 * TRUE if the source address should be set on outbound packets
142 */
143 bool set_source;
144
145 /**
146 * TRUE to force sending source interface on outbound packets
147 */
148 bool set_sourceif;
149
150 /**
151 * A counter to implement round-robin selection of read sockets
152 */
153 u_int rr_counter;
154 };
155
156 /**
157 * Get the destination IPv4 address of a received packet, depending on the
158 * available mechanism.
159 */
160 #ifdef IP_PKTINFO
161
162 static host_t *get_dst_v4(struct cmsghdr *cmsgptr, uint16_t port)
163 {
164 struct sockaddr_in dst = {
165 .sin_family = AF_INET,
166 .sin_port = htons(port),
167 };
168 struct in_pktinfo *pktinfo;
169 struct in_addr *addr;
170
171 if (cmsgptr->cmsg_type == IP_PKTINFO)
172 {
173 pktinfo = (struct in_pktinfo*)CMSG_DATA(cmsgptr);
174 addr = &pktinfo->ipi_addr;
175 memcpy(&dst.sin_addr, addr, sizeof(dst.sin_addr));
176 return host_create_from_sockaddr((sockaddr_t*)&dst);
177 }
178 return NULL;
179 }
180
181 #elif defined(IP_RECVDSTADDR)
182
183 static host_t *get_dst_v4(struct cmsghdr *cmsgptr, uint16_t port)
184 {
185 struct sockaddr_in dst = {
186 .sin_family = AF_INET,
187 .sin_port = htons(port),
188 };
189 struct in_addr *addr;
190
191 if (cmsgptr->cmsg_type == IP_RECVDSTADDR)
192 {
193 addr = (struct in_addr*)CMSG_DATA(cmsgptr);
194 memcpy(&dst.sin_addr, addr, sizeof(dst.sin_addr));
195 return host_create_from_sockaddr((sockaddr_t*)&dst);
196 }
197 return NULL;
198 }
199
200 #else /* IP_PKTINFO || IP_RECVDSTADDR */
201
202 static host_t *get_dst_v4(struct cmsghdr *cmsgptr, uint16_t port)
203 {
204 return NULL;
205 }
206
207 #endif /* IP_PKTINFO || IP_RECVDSTADDR */
208
209 /**
210 * Get the destination IPv6 address of a received packet, depending on the
211 * available mechanism.
212 */
213 #ifdef HAVE_IN6_PKTINFO
214
215 static host_t *get_dst_v6(struct cmsghdr *cmsgptr, uint16_t port)
216 {
217 struct in6_pktinfo *pktinfo;
218 struct sockaddr_in6 dst = {
219 .sin6_family = AF_INET6,
220 .sin6_port = htons(port),
221 };
222
223 if (cmsgptr->cmsg_type == IPV6_PKTINFO)
224 {
225 pktinfo = (struct in6_pktinfo*)CMSG_DATA(cmsgptr);
226 memcpy(&dst.sin6_addr, &pktinfo->ipi6_addr, sizeof(dst.sin6_addr));
227 return host_create_from_sockaddr((sockaddr_t*)&dst);
228 }
229 return NULL;
230 }
231
232 #else /* HAVE_IN6_PKTINFO */
233
234 static host_t *get_dst_v6(struct cmsghdr *cmsgptr, uint16_t port)
235 {
236 return NULL;
237 }
238
239 #endif /* HAVE_IN6_PKTINFO */
240
241 METHOD(socket_t, receiver, status_t,
242 private_socket_default_socket_t *this, packet_t **packet)
243 {
244 char buffer[this->max_packet];
245 chunk_t data;
246 packet_t *pkt;
247 host_t *source = NULL, *dest = NULL;
248 int i, rr, index, bytes_read = 0, selected = -1;
249 bool oldstate;
250 uint16_t port = 0;
251 struct pollfd pfd[] = {
252 { .fd = this->ipv4, .events = POLLIN },
253 { .fd = this->ipv4_natt, .events = POLLIN },
254 { .fd = this->ipv6, .events = POLLIN },
255 { .fd = this->ipv6_natt, .events = POLLIN },
256 };
257 int ports[] = {
258 /* port numbers associated to pollfds */
259 this->port, this->natt, this->port, this->natt,
260 };
261
262 DBG2(DBG_NET, "waiting for data on sockets");
263 oldstate = thread_cancelability(TRUE);
264 if (poll(pfd, countof(pfd), -1) <= 0)
265 {
266 thread_cancelability(oldstate);
267 return FAILED;
268 }
269 thread_cancelability(oldstate);
270
271 rr = this->rr_counter++;
272 for (i = 0; i < countof(pfd); i++)
273 {
274 /* To serve all ports with equal priority, we use a round-robin
275 * scheme to choose the one to process in this invocation */
276 index = (rr + i) % countof(pfd);
277 if (pfd[index].revents & POLLIN)
278 {
279 selected = pfd[index].fd;
280 port = ports[index];
281 break;
282 }
283 }
284 if (selected != -1)
285 {
286 struct msghdr msg;
287 struct cmsghdr *cmsgptr;
288 struct iovec iov;
289 char ancillary[64];
290 union {
291 struct sockaddr_in in4;
292 struct sockaddr_in6 in6;
293 } src;
294
295 msg.msg_name = &src;
296 msg.msg_namelen = sizeof(src);
297 iov.iov_base = buffer;
298 iov.iov_len = this->max_packet;
299 msg.msg_iov = &iov;
300 msg.msg_iovlen = 1;
301 msg.msg_control = ancillary;
302 msg.msg_controllen = sizeof(ancillary);
303 msg.msg_flags = 0;
304 bytes_read = recvmsg(selected, &msg, 0);
305 if (bytes_read < 0)
306 {
307 DBG1(DBG_NET, "error reading socket: %s", strerror(errno));
308 return FAILED;
309 }
310 if (msg.msg_flags & MSG_TRUNC)
311 {
312 DBG1(DBG_NET, "receive buffer too small, packet discarded");
313 return FAILED;
314 }
315 DBG3(DBG_NET, "received packet %b", buffer, bytes_read);
316
317 /* read ancillary data to get destination address */
318 for (cmsgptr = CMSG_FIRSTHDR(&msg); cmsgptr != NULL;
319 cmsgptr = CMSG_NXTHDR(&msg, cmsgptr))
320 {
321 if (cmsgptr->cmsg_len == 0)
322 {
323 DBG1(DBG_NET, "error reading ancillary data");
324 return FAILED;
325 }
326 if (cmsgptr->cmsg_level == SOL_IP)
327 {
328 dest = get_dst_v4(cmsgptr, port);
329 }
330 else if (cmsgptr->cmsg_level == SOL_IPV6)
331 {
332 dest = get_dst_v6(cmsgptr, port);
333 }
334 if (dest)
335 {
336 break;
337 }
338 }
339 if (dest == NULL)
340 {
341 DBG1(DBG_NET, "error reading IP header");
342 return FAILED;
343 }
344 source = host_create_from_sockaddr((sockaddr_t*)&src);
345
346 pkt = packet_create();
347 pkt->set_source(pkt, source);
348 pkt->set_destination(pkt, dest);
349 DBG2(DBG_NET, "received packet: from %#H to %#H", source, dest);
350 data = chunk_create(buffer, bytes_read);
351 pkt->set_data(pkt, chunk_clone(data));
352 }
353 else
354 {
355 /* oops, shouldn't happen */
356 return FAILED;
357 }
358 /* return packet */
359 *packet = pkt;
360 return SUCCESS;
361 }
362
363 /**
364 * Generic function to send a message.
365 */
366 static ssize_t send_msg_generic(int skt, struct msghdr *msg)
367 {
368 return sendmsg(skt, msg, 0);
369 }
370
371 #if defined(IP_PKTINFO) || defined(HAVE_IN6_PKTINFO)
372
373 /**
374 * Find the interface index a source address is installed on
375 */
376 static int find_srcif(host_t *src)
377 {
378 char *ifname;
379 int idx = 0;
380
381 if (charon->kernel->get_interface(charon->kernel, src, &ifname))
382 {
383 idx = if_nametoindex(ifname);
384 free(ifname);
385 }
386 return idx;
387 }
388
389 #endif /* IP_PKTINFO || HAVE_IN6_PKTINFO */
390
391 /**
392 * Send a message with the IPv4 source address set, if possible.
393 */
394 #ifdef IP_PKTINFO
395
396 static ssize_t send_msg_v4(private_socket_default_socket_t *this, int skt,
397 struct msghdr *msg, host_t *src)
398 {
399 char buf[CMSG_SPACE(sizeof(struct in_pktinfo))] = {};
400 struct cmsghdr *cmsg;
401 struct in_addr *addr;
402 struct in_pktinfo *pktinfo;
403 struct sockaddr_in *sin;
404
405 msg->msg_control = buf;
406 msg->msg_controllen = sizeof(buf);
407 cmsg = CMSG_FIRSTHDR(msg);
408 cmsg->cmsg_level = SOL_IP;
409 cmsg->cmsg_type = IP_PKTINFO;
410 cmsg->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo));
411
412 pktinfo = (struct in_pktinfo*)CMSG_DATA(cmsg);
413 if (this->set_sourceif)
414 {
415 pktinfo->ipi_ifindex = find_srcif(src);
416 }
417 addr = &pktinfo->ipi_spec_dst;
418
419 sin = (struct sockaddr_in*)src->get_sockaddr(src);
420 memcpy(addr, &sin->sin_addr, sizeof(struct in_addr));
421 return send_msg_generic(skt, msg);
422 }
423
424 #elif defined(IP_SENDSRCADDR)
425
426 static ssize_t send_msg_v4(private_socket_default_socket_t *this, int skt,
427 struct msghdr *msg, host_t *src)
428 {
429 char buf[CMSG_SPACE(sizeof(struct in_addr))] = {};
430 struct cmsghdr *cmsg;
431 struct in_addr *addr;
432 struct sockaddr_in *sin;
433
434 msg->msg_control = buf;
435 msg->msg_controllen = sizeof(buf);
436 cmsg = CMSG_FIRSTHDR(msg);
437 cmsg->cmsg_level = SOL_IP;
438 cmsg->cmsg_type = IP_SENDSRCADDR;
439 cmsg->cmsg_len = CMSG_LEN(sizeof(struct in_addr));
440
441 addr = (struct in_addr*)CMSG_DATA(cmsg);
442
443 sin = (struct sockaddr_in*)src->get_sockaddr(src);
444 memcpy(addr, &sin->sin_addr, sizeof(struct in_addr));
445 return send_msg_generic(skt, msg);
446 }
447
448 #else /* IP_PKTINFO || IP_RECVDSTADDR */
449
450 static ssize_t send_msg_v4(private_socket_default_socket_t *this,
451 int skt, struct msghdr *msg, host_t *src)
452 {
453 return send_msg_generic(skt, msg);
454 }
455
456 #endif /* IP_PKTINFO || IP_RECVDSTADDR */
457
458 /**
459 * Send a message with the IPv6 source address set, if possible.
460 */
461 #ifdef HAVE_IN6_PKTINFO
462
463 static ssize_t send_msg_v6(private_socket_default_socket_t *this, int skt,
464 struct msghdr *msg, host_t *src)
465 {
466 char buf[CMSG_SPACE(sizeof(struct in6_pktinfo))] = {};
467 struct cmsghdr *cmsg;
468 struct in6_pktinfo *pktinfo;
469 struct sockaddr_in6 *sin;
470
471 msg->msg_control = buf;
472 msg->msg_controllen = sizeof(buf);
473 cmsg = CMSG_FIRSTHDR(msg);
474 cmsg->cmsg_level = SOL_IPV6;
475 cmsg->cmsg_type = IPV6_PKTINFO;
476 cmsg->cmsg_len = CMSG_LEN(sizeof(struct in6_pktinfo));
477 pktinfo = (struct in6_pktinfo*)CMSG_DATA(cmsg);
478 if (this->set_sourceif)
479 {
480 pktinfo->ipi6_ifindex = find_srcif(src);
481 }
482 sin = (struct sockaddr_in6*)src->get_sockaddr(src);
483 memcpy(&pktinfo->ipi6_addr, &sin->sin6_addr, sizeof(struct in6_addr));
484 return send_msg_generic(skt, msg);
485 }
486
487 #else /* HAVE_IN6_PKTINFO */
488
489 static ssize_t send_msg_v6(private_socket_default_socket_t *this,
490 int skt, struct msghdr *msg, host_t *src)
491 {
492 return send_msg_generic(skt, msg);
493 }
494
495 #endif /* HAVE_IN6_PKTINFO */
496
497 METHOD(socket_t, sender, status_t,
498 private_socket_default_socket_t *this, packet_t *packet)
499 {
500 int sport, skt = -1, family;
501 ssize_t bytes_sent;
502 chunk_t data;
503 host_t *src, *dst;
504 struct msghdr msg;
505 struct iovec iov;
506 uint8_t *dscp;
507
508 src = packet->get_source(packet);
509 dst = packet->get_destination(packet);
510 data = packet->get_data(packet);
511
512 DBG2(DBG_NET, "sending packet: from %#H to %#H", src, dst);
513
514 /* send data */
515 sport = src->get_port(src);
516 family = dst->get_family(dst);
517 if (sport == 0 || sport == this->port)
518 {
519 switch (family)
520 {
521 case AF_INET:
522 skt = this->ipv4;
523 dscp = &this->dscp4;
524 break;
525 case AF_INET6:
526 skt = this->ipv6;
527 dscp = &this->dscp6;
528 break;
529 default:
530 return FAILED;
531 }
532 }
533 else if (sport == this->natt)
534 {
535 switch (family)
536 {
537 case AF_INET:
538 skt = this->ipv4_natt;
539 dscp = &this->dscp4_natt;
540 break;
541 case AF_INET6:
542 skt = this->ipv6_natt;
543 dscp = &this->dscp6_natt;
544 break;
545 default:
546 return FAILED;
547 }
548 }
549 if (skt == -1)
550 {
551 DBG1(DBG_NET, "no socket found to send IPv%d packet from port %d",
552 family == AF_INET ? 4 : 6, sport);
553 return FAILED;
554 }
555
556 /* setting DSCP values per-packet in a cmsg seems not to be supported
557 * on Linux. We instead setsockopt() before sending it, this should be
558 * safe as only a single thread calls send(). */
559 if (*dscp != packet->get_dscp(packet))
560 {
561 if (family == AF_INET)
562 {
563 #ifdef __FreeBSD__
564 int ds4;
565 #else
566 uint8_t ds4;
567 #endif
568
569 ds4 = packet->get_dscp(packet) << 2;
570 if (setsockopt(skt, SOL_IP, IP_TOS, &ds4, sizeof(ds4)) == 0)
571 {
572 *dscp = packet->get_dscp(packet);
573 }
574 else
575 {
576 DBG1(DBG_NET, "unable to set IP_TOS on socket: %s",
577 strerror(errno));
578 }
579 }
580 else
581 {
582 u_int ds6;
583
584 ds6 = packet->get_dscp(packet) << 2;
585 if (setsockopt(skt, SOL_IPV6, IPV6_TCLASS, &ds6, sizeof(ds6)) == 0)
586 {
587 *dscp = packet->get_dscp(packet);
588 }
589 else
590 {
591 DBG1(DBG_NET, "unable to set IPV6_TCLASS on socket: %s",
592 strerror(errno));
593 }
594 }
595 }
596
597 memset(&msg, 0, sizeof(struct msghdr));
598 msg.msg_name = dst->get_sockaddr(dst);;
599 msg.msg_namelen = *dst->get_sockaddr_len(dst);
600 iov.iov_base = data.ptr;
601 iov.iov_len = data.len;
602 msg.msg_iov = &iov;
603 msg.msg_iovlen = 1;
604 msg.msg_flags = 0;
605
606 if (this->set_source && !src->is_anyaddr(src))
607 {
608 if (family == AF_INET)
609 {
610 bytes_sent = send_msg_v4(this, skt, &msg, src);
611 }
612 else
613 {
614 bytes_sent = send_msg_v6(this, skt, &msg, src);
615 }
616 }
617 else
618 {
619 bytes_sent = send_msg_generic(skt, &msg);
620 }
621
622 if (bytes_sent != data.len)
623 {
624 DBG1(DBG_NET, "error writing to socket: %s", strerror(errno));
625 return FAILED;
626 }
627 return SUCCESS;
628 }
629
630 METHOD(socket_t, get_port, uint16_t,
631 private_socket_default_socket_t *this, bool nat_t)
632 {
633 return nat_t ? this->natt : this->port;
634 }
635
636 METHOD(socket_t, supported_families, socket_family_t,
637 private_socket_default_socket_t *this)
638 {
639 socket_family_t families = SOCKET_FAMILY_NONE;
640
641 if (this->ipv4 != -1 || this->ipv4_natt != -1)
642 {
643 families |= SOCKET_FAMILY_IPV4;
644 }
645 if (this->ipv6 != -1 || this->ipv6_natt != -1)
646 {
647 families |= SOCKET_FAMILY_IPV6;
648 }
649 return families;
650 }
651
652 /**
653 * open a socket to send and receive packets
654 */
655 static int open_socket(private_socket_default_socket_t *this,
656 int family, uint16_t *port)
657 {
658 int on = TRUE;
659 union {
660 struct sockaddr sockaddr;
661 struct sockaddr_in sin;
662 struct sockaddr_in6 sin6;
663 } addr;
664 socklen_t addrlen;
665 u_int sol, pktinfo = 0;
666 int skt;
667
668 memset(&addr, 0, sizeof(addr));
669 addr.sockaddr.sa_family = family;
670 /* precalculate constants depending on address family */
671 switch (family)
672 {
673 case AF_INET:
674 addr.sin.sin_addr.s_addr = htonl(INADDR_ANY);
675 addr.sin.sin_port = htons(*port);
676 addrlen = sizeof(addr.sin);
677 sol = SOL_IP;
678 #ifdef IP_PKTINFO
679 pktinfo = IP_PKTINFO;
680 #elif defined(IP_RECVDSTADDR)
681 pktinfo = IP_RECVDSTADDR;
682 #endif
683 break;
684 case AF_INET6:
685 memcpy(&addr.sin6.sin6_addr, &in6addr_any, sizeof(in6addr_any));
686 addr.sin6.sin6_port = htons(*port);
687 addrlen = sizeof(addr.sin6);
688 sol = SOL_IPV6;
689 pktinfo = IPV6_RECVPKTINFO;
690 break;
691 default:
692 return -1;
693 }
694
695 skt = socket(family, SOCK_DGRAM, IPPROTO_UDP);
696 if (skt < 0)
697 {
698 DBG1(DBG_NET, "could not open socket: %s", strerror(errno));
699 return -1;
700 }
701 if (setsockopt(skt, SOL_SOCKET, SO_REUSEADDR, (void*)&on, sizeof(on)) < 0)
702 {
703 DBG1(DBG_NET, "unable to set SO_REUSEADDR on socket: %s", strerror(errno));
704 close(skt);
705 return -1;
706 }
707
708 /* bind the socket */
709 if (bind(skt, &addr.sockaddr, addrlen) < 0)
710 {
711 DBG1(DBG_NET, "unable to bind socket: %s", strerror(errno));
712 close(skt);
713 return -1;
714 }
715
716 /* retrieve randomly allocated port if needed */
717 if (*port == 0)
718 {
719 if (getsockname(skt, &addr.sockaddr, &addrlen) < 0)
720 {
721 DBG1(DBG_NET, "unable to determine port: %s", strerror(errno));
722 close(skt);
723 return -1;
724 }
725 switch (family)
726 {
727 case AF_INET:
728 *port = ntohs(addr.sin.sin_port);
729 break;
730 case AF_INET6:
731 *port = ntohs(addr.sin6.sin6_port);
732 break;
733 }
734 }
735
736 /* get additional packet info on receive */
737 if (pktinfo > 0)
738 {
739 if (setsockopt(skt, sol, pktinfo, &on, sizeof(on)) < 0)
740 {
741 DBG1(DBG_NET, "unable to set IP_PKTINFO on socket: %s", strerror(errno));
742 close(skt);
743 return -1;
744 }
745 }
746 #ifdef SO_MARK
747 { /* set optional MARK on socket (requires CAP_NET_ADMIN) */
748 char *fwmark;
749 mark_t mark;
750
751 fwmark = lib->settings->get_str(lib->settings,
752 "%s.plugins.socket-default.fwmark", NULL, lib->ns);
753 if (fwmark && mark_from_string(fwmark, MARK_OP_NONE, &mark))
754 {
755 if (setsockopt(skt, SOL_SOCKET, SO_MARK, &mark.value,
756 sizeof(mark.value)) < 0)
757 {
758 DBG1(DBG_NET, "unable to set SO_MARK on socket: %s",
759 strerror(errno));
760 }
761 }
762 }
763 #endif
764
765 if (!charon->kernel->bypass_socket(charon->kernel, skt, family))
766 {
767 DBG1(DBG_NET, "installing IKE bypass policy failed");
768 }
769
770 /* enable UDP decapsulation for NAT-T sockets */
771 if (port == &this->natt &&
772 !charon->kernel->enable_udp_decap(charon->kernel, skt, family,
773 this->natt))
774 {
775 DBG1(DBG_NET, "enabling UDP decapsulation for %s on port %d failed",
776 family == AF_INET ? "IPv4" : "IPv6", this->natt);
777 }
778
779 return skt;
780 }
781
782 /**
783 * Check if we should use the given family
784 */
785 static bool use_family(int family)
786 {
787 switch (family)
788 {
789 case AF_INET:
790 return lib->settings->get_bool(lib->settings,
791 "%s.plugins.socket-default.use_ipv4", TRUE, lib->ns);
792 case AF_INET6:
793 return lib->settings->get_bool(lib->settings,
794 "%s.plugins.socket-default.use_ipv6", TRUE, lib->ns);
795 default:
796 return FALSE;
797 }
798 }
799
800 /**
801 * Open a socket pair (normal and NAT traversal) for a given address family
802 */
803 static void open_socketpair(private_socket_default_socket_t *this, int family,
804 int *skt, int *skt_natt, char *label)
805 {
806 if (!use_family(family))
807 {
808 *skt = -1;
809 *skt_natt = -1;
810 return;
811 }
812
813 *skt = open_socket(this, family, &this->port);
814 if (*skt == -1)
815 {
816 *skt_natt = -1;
817 DBG1(DBG_NET, "could not open %s socket, %s disabled", label, label);
818 }
819 else
820 {
821 *skt_natt = open_socket(this, family, &this->natt);
822 if (*skt_natt == -1)
823 {
824 DBG1(DBG_NET, "could not open %s NAT-T socket", label);
825 }
826 }
827 }
828
829 METHOD(socket_t, destroy, void,
830 private_socket_default_socket_t *this)
831 {
832 if (this->ipv4 != -1)
833 {
834 close(this->ipv4);
835 }
836 if (this->ipv4_natt != -1)
837 {
838 close(this->ipv4_natt);
839 }
840 if (this->ipv6 != -1)
841 {
842 close(this->ipv6);
843 }
844 if (this->ipv6_natt != -1)
845 {
846 close(this->ipv6_natt);
847 }
848 free(this);
849 }
850
851 /*
852 * See header for description
853 */
854 socket_default_socket_t *socket_default_socket_create()
855 {
856 private_socket_default_socket_t *this;
857
858 INIT(this,
859 .public = {
860 .socket = {
861 .send = _sender,
862 .receive = _receiver,
863 .get_port = _get_port,
864 .supported_families = _supported_families,
865 .destroy = _destroy,
866 },
867 },
868 .port = lib->settings->get_int(lib->settings,
869 "%s.port", CHARON_UDP_PORT, lib->ns),
870 .natt = lib->settings->get_int(lib->settings,
871 "%s.port_nat_t", CHARON_NATT_PORT, lib->ns),
872 .max_packet = lib->settings->get_int(lib->settings,
873 "%s.max_packet", PACKET_MAX_DEFAULT, lib->ns),
874 .set_source = lib->settings->get_bool(lib->settings,
875 "%s.plugins.socket-default.set_source", TRUE,
876 lib->ns),
877 .set_sourceif = lib->settings->get_bool(lib->settings,
878 "%s.plugins.socket-default.set_sourceif", FALSE,
879 lib->ns),
880 );
881
882 if (this->port && this->port == this->natt)
883 {
884 DBG1(DBG_NET, "IKE ports can't be equal, will allocate NAT-T "
885 "port randomly");
886 this->natt = 0;
887 }
888
889 if ((this->port && this->port < 1024) || (this->natt && this->natt < 1024))
890 {
891 if (!lib->caps->check(lib->caps, CAP_NET_BIND_SERVICE))
892 {
893 /* required to bind ports < 1024 */
894 DBG1(DBG_NET, "socket-default plugin requires CAP_NET_BIND_SERVICE "
895 "capability");
896 destroy(this);
897 return NULL;
898 }
899 }
900
901 /* we allocate IPv6 sockets first as that will reserve randomly allocated
902 * ports also for IPv4. On OS X, we have to do it the other way round
903 * for the same effect. */
904 #ifdef __APPLE__
905 open_socketpair(this, AF_INET, &this->ipv4, &this->ipv4_natt, "IPv4");
906 open_socketpair(this, AF_INET6, &this->ipv6, &this->ipv6_natt, "IPv6");
907 #else /* !__APPLE__ */
908 open_socketpair(this, AF_INET6, &this->ipv6, &this->ipv6_natt, "IPv6");
909 open_socketpair(this, AF_INET, &this->ipv4, &this->ipv4_natt, "IPv4");
910 #endif /* __APPLE__ */
911
912 if (this->ipv4 == -1 && this->ipv6 == -1)
913 {
914 DBG1(DBG_NET, "could not create any sockets");
915 destroy(this);
916 return NULL;
917 }
918
919 return &this->public;
920 }
Unnamed repository; edit this file 'description' to name the repository.