From 598bec78faa6064cc717102c61770ce3040dea87 Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Wed, 3 Jul 2013 17:57:24 +0200 Subject: [PATCH] socket-default: Add options to disable address families --- man/strongswan.conf.5.in | 6 +++++ .../socket_default/socket_default_socket.c | 25 +++++++++++++++++++ 2 files changed, 31 insertions(+) diff --git a/man/strongswan.conf.5.in b/man/strongswan.conf.5.in index fd8e2f2168..f86e9ea105 100644 --- a/man/strongswan.conf.5.in +++ b/man/strongswan.conf.5.in @@ -632,6 +632,12 @@ have a high priority according to the order defined in interface-order(5). .BR charon.plugins.socket-default.set_source " [yes]" Set source address on outbound packets, if possible. .TP +.BR charon.plugins.socket-default.use_ipv4 " [yes]" +Listen on IPv4, if possible. +.TP +.BR charon.plugins.socket-default.use_ipv6 " [yes]" +Listen on IPv6, if possible. +.TP .BR charon.plugins.sql.database Database URI for charons SQL plugin .TP diff --git a/src/libcharon/plugins/socket_default/socket_default_socket.c b/src/libcharon/plugins/socket_default/socket_default_socket.c index c1ed22ecba..54380eda00 100644 --- a/src/libcharon/plugins/socket_default/socket_default_socket.c +++ b/src/libcharon/plugins/socket_default/socket_default_socket.c @@ -630,12 +630,37 @@ static int open_socket(private_socket_default_socket_t *this, return skt; } +/** + * Check if we should use the given family + */ +static bool use_family(int family) +{ + switch (family) + { + case AF_INET: + return lib->settings->get_bool(lib->settings, + "%s.plugins.socket-default.use_ipv4", TRUE, charon->name); + case AF_INET6: + return lib->settings->get_bool(lib->settings, + "%s.plugins.socket-default.use_ipv6", TRUE, charon->name); + default: + return FALSE; + } +} + /** * Open a socket pair (normal and NAT traversal) for a given address family */ static void open_socketpair(private_socket_default_socket_t *this, int family, int *skt, int *skt_natt, char *label) { + if (!use_family(family)) + { + *skt = -1; + *skt_natt = -1; + return; + } + *skt = open_socket(this, family, &this->port); if (*skt == -1) { -- 2.47.3