projects / strongswan.git / blob
? search:


00ba22d5a4fb4d883fe58248b615978a0a15d704
[strongswan.git] / src / charon / network / socket.c
1 /**
2 * @file socket.c
3 *
4 * @brief Implementation of socket_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2006 Tobias Brunner, Daniel Roethlisberger
10 * Copyright (C) 2005-2006 Martin Willi
11 * Copyright (C) 2005 Jan Hutter
12 * Hochschule fuer Technik Rapperswil
13 *
14 * This program is free software; you can redistribute it and/or modify it
15 * under the terms of the GNU General Public License as published by the
16 * Free Software Foundation; either version 2 of the License, or (at your
17 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
18 *
19 * This program is distributed in the hope that it will be useful, but
20 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
21 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
22 * for more details.
23 */
24
25 #include <pthread.h>
26 #include <sys/types.h>
27 #include <sys/socket.h>
28 #include <string.h>
29 #include <errno.h>
30 #include <unistd.h>
31 #include <stdlib.h>
32 #include <fcntl.h>
33 #include <sys/ioctl.h>
34 #include <netinet/in.h>
35 #include <netinet/ip.h>
36 #include <netinet/ip6.h>
37 #include <netinet/udp.h>
38 #include <linux/ipsec.h>
39 #include <linux/filter.h>
40 #include <net/if.h>
41
42 #include "socket.h"
43
44 #include <daemon.h>
45
46 /* constants for packet handling */
47 #define IP_LEN sizeof(struct iphdr)
48 #define IP6_LEN sizeof(struct ip6_hdr)
49 #define UDP_LEN sizeof(struct udphdr)
50 #define MARKER_LEN sizeof(u_int32_t)
51
52 /* offsets for packet handling */
53 #define IP_PROTO_OFFSET 9
54 #define IP6_PROTO_OFFSET 6
55 #define IKE_VERSION_OFFSET 17
56 #define IKE_LENGTH_OFFSET 24
57
58 /* from linux/in.h */
59 #ifndef IP_IPSEC_POLICY
60 #define IP_IPSEC_POLICY 16
61 #endif /*IP_IPSEC_POLICY*/
62
63 /* from linux/udp.h */
64 #ifndef UDP_ENCAP
65 #define UDP_ENCAP 100
66 #endif /*UDP_ENCAP*/
67
68 #ifndef UDP_ENCAP_ESPINUDP
69 #define UDP_ENCAP_ESPINUDP 2
70 #endif /*UDP_ENCAP_ESPINUDP*/
71
72 /* needed for older kernel headers */
73 #ifndef IPV6_2292PKTINFO
74 #define IPV6_2292PKTINFO 2
75 #endif /*IPV6_2292PKTINFO*/
76
77 /* missing on uclibc */
78 #ifndef IPV6_IPSEC_POLICY
79 #define IPV6_IPSEC_POLICY 34
80 #endif /*IPV6_IPSEC_POLICY*/
81
82 typedef struct private_socket_t private_socket_t;
83
84 /**
85 * Private data of an socket_t object
86 */
87 struct private_socket_t{
88 /**
89 * public functions
90 */
91 socket_t public;
92
93 /**
94 * regular port
95 */
96 int port;
97
98 /**
99 * port used for nat-t
100 */
101 int natt_port;
102
103 /**
104 * raw receiver socket for IPv4
105 */
106 int recv4;
107
108 /**
109 * raw receiver socket for IPv6
110 */
111 int recv6;
112
113 /**
114 * send socket on regular port for IPv4
115 */
116 int send4;
117
118 /**
119 * send socket on regular port for IPv6
120 */
121 int send6;
122
123 /**
124 * send socket on nat-t port for IPv4
125 */
126 int send4_natt;
127
128 /**
129 * send socket on nat-t port for IPv6
130 */
131 int send6_natt;
132 };
133
134 /**
135 * implementation of socket_t.receive
136 */
137 static status_t receiver(private_socket_t *this, packet_t **packet)
138 {
139 char buffer[MAX_PACKET];
140 chunk_t data;
141 packet_t *pkt;
142 struct udphdr *udp;
143 host_t *source = NULL, *dest = NULL;
144 int bytes_read = 0;
145 int data_offset, oldstate;
146 fd_set rfds;
147
148 FD_ZERO(&rfds);
149
150 if (this->recv4)
151 {
152 FD_SET(this->recv4, &rfds);
153 }
154 if (this->recv6)
155 {
156 FD_SET(this->recv6, &rfds);
157 }
158
159 DBG2(DBG_NET, "waiting for data on raw sockets");
160
161 pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &oldstate);
162 if (select(max(this->recv4, this->recv6) + 1, &rfds, NULL, NULL, NULL) <= 0)
163 {
164 pthread_setcancelstate(oldstate, NULL);
165 return FAILED;
166 }
167 pthread_setcancelstate(oldstate, NULL);
168
169 if (this->recv4 && FD_ISSET(this->recv4, &rfds))
170 {
171 /* IPv4 raw sockets return the IP header. We read src/dest
172 * information directly from the raw header */
173 struct iphdr *ip;
174 struct sockaddr_in src, dst;
175
176 bytes_read = recv(this->recv4, buffer, MAX_PACKET, 0);
177 if (bytes_read < 0)
178 {
179 DBG1(DBG_NET, "error reading from IPv4 socket: %m");
180 return FAILED;
181 }
182 DBG3(DBG_NET, "received IPv4 packet %b", buffer, bytes_read);
183
184 /* read source/dest from raw IP/UDP header */
185 if (bytes_read < IP_LEN + UDP_LEN + MARKER_LEN)
186 {
187 DBG1(DBG_NET, "received IPv4 packet too short (%d bytes)",
188 bytes_read);
189 return FAILED;
190 }
191 ip = (struct iphdr*) buffer;
192 udp = (struct udphdr*) (buffer + IP_LEN);
193 src.sin_family = AF_INET;
194 src.sin_addr.s_addr = ip->saddr;
195 src.sin_port = udp->source;
196 dst.sin_family = AF_INET;
197 dst.sin_addr.s_addr = ip->daddr;
198 dst.sin_port = udp->dest;
199 source = host_create_from_sockaddr((sockaddr_t*)&src);
200 dest = host_create_from_sockaddr((sockaddr_t*)&dst);
201
202 pkt = packet_create();
203 pkt->set_source(pkt, source);
204 pkt->set_destination(pkt, dest);
205 DBG2(DBG_NET, "received packet: from %#H to %#H", source, dest);
206 data_offset = IP_LEN + UDP_LEN;
207 /* remove non esp marker */
208 if (dest->get_port(dest) == this->natt_port)
209 {
210 data_offset += MARKER_LEN;
211 }
212 /* fill in packet */
213 data.len = bytes_read - data_offset;
214 data.ptr = malloc(data.len);
215 memcpy(data.ptr, buffer + data_offset, data.len);
216 pkt->set_data(pkt, data);
217 }
218 else if (this->recv6 && FD_ISSET(this->recv6, &rfds))
219 {
220 /* IPv6 raw sockets return no IP header. We must query
221 * src/dest via socket options/ancillary data */
222 struct msghdr msg;
223 struct cmsghdr *cmsgptr;
224 struct sockaddr_in6 src, dst;
225 struct iovec iov;
226 char ancillary[64];
227
228 msg.msg_name = &src;
229 msg.msg_namelen = sizeof(src);
230 iov.iov_base = buffer;
231 iov.iov_len = sizeof(buffer);
232 msg.msg_iov = &iov;
233 msg.msg_iovlen = 1;
234 msg.msg_control = ancillary;
235 msg.msg_controllen = sizeof(ancillary);
236 msg.msg_flags = 0;
237
238 bytes_read = recvmsg(this->recv6, &msg, 0);
239 if (bytes_read < 0)
240 {
241 DBG1(DBG_NET, "error reading from IPv6 socket: %m");
242 return FAILED;
243 }
244 DBG3(DBG_NET, "received IPv6 packet %b", buffer, bytes_read);
245
246 if (bytes_read < IP_LEN + UDP_LEN + MARKER_LEN)
247 {
248 DBG3(DBG_NET, "received IPv6 packet too short (%d bytes)",
249 bytes_read);
250 return FAILED;
251 }
252
253 /* read ancillary data to get destination address */
254 for (cmsgptr = CMSG_FIRSTHDR(&msg); cmsgptr != NULL;
255 cmsgptr = CMSG_NXTHDR(&msg, cmsgptr))
256 {
257 if (cmsgptr->cmsg_len == 0)
258 {
259 DBG1(DBG_NET, "error reading IPv6 ancillary data");
260 return FAILED;
261 }
262 if (cmsgptr->cmsg_level == SOL_IPV6 &&
263 cmsgptr->cmsg_type == IPV6_2292PKTINFO)
264 {
265 struct in6_pktinfo *pktinfo;
266 pktinfo = (struct in6_pktinfo*)CMSG_DATA(cmsgptr);
267
268 memset(&dst, 0, sizeof(dst));
269 memcpy(&dst.sin6_addr, &pktinfo->ipi6_addr, sizeof(dst.sin6_addr));
270 dst.sin6_family = AF_INET6;
271 udp = (struct udphdr*) (buffer);
272 dst.sin6_port = udp->dest;
273 src.sin6_port = udp->source;
274 dest = host_create_from_sockaddr((sockaddr_t*)&dst);
275 }
276 }
277 /* ancillary data missing? */
278 if (dest == NULL)
279 {
280 DBG1(DBG_NET, "error reading IPv6 packet header");
281 return FAILED;
282 }
283
284 source = host_create_from_sockaddr((sockaddr_t*)&src);
285
286 pkt = packet_create();
287 pkt->set_source(pkt, source);
288 pkt->set_destination(pkt, dest);
289 DBG2(DBG_NET, "received packet: from %#H to %#H", source, dest);
290 data_offset = UDP_LEN;
291 /* remove non esp marker */
292 if (dest->get_port(dest) == this->natt_port)
293 {
294 data_offset += MARKER_LEN;
295 }
296 /* fill in packet */
297 data.len = bytes_read - data_offset;
298 data.ptr = malloc(data.len);
299 memcpy(data.ptr, buffer + data_offset, data.len);
300 pkt->set_data(pkt, data);
301 }
302 else
303 {
304 /* oops, shouldn't happen */
305 return FAILED;
306 }
307
308 /* return packet */
309 *packet = pkt;
310 return SUCCESS;
311 }
312
313 /**
314 * implementation of socket_t.send
315 */
316 status_t sender(private_socket_t *this, packet_t *packet)
317 {
318 int sport, skt, family;
319 ssize_t bytes_sent;
320 chunk_t data, marked;
321 host_t *src, *dst;
322 struct msghdr msg;
323 struct cmsghdr *cmsg;
324 struct iovec iov;
325
326 src = packet->get_source(packet);
327 dst = packet->get_destination(packet);
328 data = packet->get_data(packet);
329
330 DBG2(DBG_NET, "sending packet: from %#H to %#H", src, dst);
331
332 /* send data */
333 sport = src->get_port(src);
334 family = dst->get_family(dst);
335 if (sport == this->port)
336 {
337 if (family == AF_INET)
338 {
339 skt = this->send4;
340 }
341 else
342 {
343 skt = this->send6;
344 }
345 }
346 else if (sport == this->natt_port)
347 {
348 if (family == AF_INET)
349 {
350 skt = this->send4_natt;
351 }
352 else
353 {
354 skt = this->send6_natt;
355 }
356 /* NAT keepalives without marker */
357 if (data.len != 1 || data.ptr[0] != 0xFF)
358 {
359 /* add non esp marker to packet */
360 if (data.len > MAX_PACKET - MARKER_LEN)
361 {
362 DBG1(DBG_NET, "unable to send packet: it's too big (%d bytes)",
363 data.len);
364 return FAILED;
365 }
366 marked = chunk_alloc(data.len + MARKER_LEN);
367 memset(marked.ptr, 0, MARKER_LEN);
368 memcpy(marked.ptr + MARKER_LEN, data.ptr, data.len);
369 /* let the packet do the clean up for us */
370 packet->set_data(packet, marked);
371 data = marked;
372 }
373 }
374 else
375 {
376 DBG1(DBG_NET, "unable to locate a send socket for port %d", sport);
377 return FAILED;
378 }
379
380 memset(&msg, 0, sizeof(struct msghdr));
381 msg.msg_name = dst->get_sockaddr(dst);;
382 msg.msg_namelen = *dst->get_sockaddr_len(dst);
383 iov.iov_base = data.ptr;
384 iov.iov_len = data.len;
385 msg.msg_iov = &iov;
386 msg.msg_iovlen = 1;
387 msg.msg_flags = 0;
388
389 if (!dst->is_anyaddr(dst))
390 {
391 if (family == AF_INET)
392 {
393 char buf[CMSG_SPACE(sizeof(struct in_pktinfo))];
394 struct in_pktinfo *pktinfo;
395 struct sockaddr_in *sin;
396
397 msg.msg_control = buf;
398 msg.msg_controllen = sizeof(buf);
399 cmsg = CMSG_FIRSTHDR(&msg);
400 cmsg->cmsg_level = SOL_IP;
401 cmsg->cmsg_type = IP_PKTINFO;
402 cmsg->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo));
403 pktinfo = (struct in_pktinfo*)CMSG_DATA(cmsg);
404 memset(pktinfo, 0, sizeof(struct in_pktinfo));
405 sin = (struct sockaddr_in*)src->get_sockaddr(src);
406 memcpy(&pktinfo->ipi_spec_dst, &sin->sin_addr, sizeof(struct in_addr));
407 }
408 else
409 {
410 char buf[CMSG_SPACE(sizeof(struct in6_pktinfo))];
411 struct in6_pktinfo *pktinfo;
412 struct sockaddr_in6 *sin;
413
414 msg.msg_control = buf;
415 msg.msg_controllen = sizeof(buf);
416 cmsg = CMSG_FIRSTHDR(&msg);
417 cmsg->cmsg_level = SOL_IPV6;
418 cmsg->cmsg_type = IPV6_2292PKTINFO;
419 cmsg->cmsg_len = CMSG_LEN(sizeof(struct in6_pktinfo));
420 pktinfo = (struct in6_pktinfo*)CMSG_DATA(cmsg);
421 memset(pktinfo, 0, sizeof(struct in6_pktinfo));
422 sin = (struct sockaddr_in6*)src->get_sockaddr(src);
423 memcpy(&pktinfo->ipi6_addr, &sin->sin6_addr, sizeof(struct in6_addr));
424 }
425 }
426
427 bytes_sent = sendmsg(skt, &msg, 0);
428
429 if (bytes_sent != data.len)
430 {
431 DBG1(DBG_NET, "error writing to socket: %m");
432 return FAILED;
433 }
434 return SUCCESS;
435 }
436
437 /**
438 * open a socket to send packets
439 */
440 static int open_send_socket(private_socket_t *this, int family, u_int16_t port)
441 {
442 int on = TRUE;
443 int type = UDP_ENCAP_ESPINUDP;
444 struct sockaddr_storage addr;
445 u_int sol, ipsec_policy;
446 struct sadb_x_policy policy;
447 int skt;
448
449 memset(&addr, 0, sizeof(addr));
450 /* precalculate constants depending on address family */
451 switch (family)
452 {
453 case AF_INET:
454 {
455 struct sockaddr_in *sin = (struct sockaddr_in *)&addr;
456 sin->sin_family = AF_INET;
457 sin->sin_addr.s_addr = INADDR_ANY;
458 sin->sin_port = htons(port);
459 sol = SOL_IP;
460 ipsec_policy = IP_IPSEC_POLICY;
461 break;
462 }
463 case AF_INET6:
464 {
465 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&addr;
466 sin6->sin6_family = AF_INET6;
467 memcpy(&sin6->sin6_addr, &in6addr_any, sizeof(in6addr_any));
468 sin6->sin6_port = htons(port);
469 sol = SOL_IPV6;
470 ipsec_policy = IPV6_IPSEC_POLICY;
471 break;
472 }
473 default:
474 return 0;
475 }
476
477 skt = socket(family, SOCK_DGRAM, IPPROTO_UDP);
478 if (skt < 0)
479 {
480 DBG1(DBG_NET, "could not open send socket: %m");
481 return 0;
482 }
483
484 if (setsockopt(skt, SOL_SOCKET, SO_REUSEADDR, (void*)&on, sizeof(on)) < 0)
485 {
486 DBG1(DBG_NET, "unable to set SO_REUSEADDR on send socket: %m");
487 close(skt);
488 return 0;
489 }
490
491 /* bypass outgoung IKE traffic on send socket */
492 memset(&policy, 0, sizeof(policy));
493 policy.sadb_x_policy_len = sizeof(policy) / sizeof(u_int64_t);
494 policy.sadb_x_policy_exttype = SADB_X_EXT_POLICY;
495 policy.sadb_x_policy_type = IPSEC_POLICY_BYPASS;
496 policy.sadb_x_policy_dir = IPSEC_DIR_OUTBOUND;
497
498 if (setsockopt(skt, sol, ipsec_policy, &policy, sizeof(policy)) < 0)
499 {
500 DBG1(DBG_NET, "unable to set IPSEC_POLICY on send socket: %m");
501 close(skt);
502 return 0;
503 }
504
505 /* We don't receive packets on the send socket, but we need a INBOUND policy.
506 * Otherwise, UDP decapsulation does not work!!! */
507 policy.sadb_x_policy_dir = IPSEC_DIR_INBOUND;
508 if (setsockopt(skt, sol, ipsec_policy, &policy, sizeof(policy)) < 0)
509 {
510 DBG1(DBG_NET, "unable to set IPSEC_POLICY on send socket: %m");
511 close(skt);
512 return 0;
513 }
514
515 /* bind the send socket */
516 if (bind(skt, (struct sockaddr *)&addr, sizeof(addr)) < 0)
517 {
518 DBG1(DBG_NET, "unable to bind send socket: %m");
519 close(skt);
520 return 0;
521 }
522
523 if (family == AF_INET)
524 {
525 /* enable UDP decapsulation globally, only for one socket needed */
526 if (setsockopt(skt, SOL_UDP, UDP_ENCAP, &type, sizeof(type)) < 0)
527 {
528 DBG1(DBG_NET, "unable to set UDP_ENCAP: %m; NAT-T may fail");
529 }
530 }
531
532 return skt;
533 }
534
535 /**
536 * open a socket to receive packets
537 */
538 static int open_recv_socket(private_socket_t *this, int family)
539 {
540 int skt;
541 int on = TRUE;
542 u_int proto_offset, ip_len, sol, ipsec_policy, udp_header, ike_header;
543 struct sadb_x_policy policy;
544
545 /* precalculate constants depending on address family */
546 switch (family)
547 {
548 case AF_INET:
549 proto_offset = IP_PROTO_OFFSET;
550 ip_len = IP_LEN;
551 sol = SOL_IP;
552 ipsec_policy = IP_IPSEC_POLICY;
553 break;
554 case AF_INET6:
555 proto_offset = IP6_PROTO_OFFSET;
556 ip_len = 0; /* IPv6 raw sockets contain no IP header */
557 sol = SOL_IPV6;
558 ipsec_policy = IPV6_IPSEC_POLICY;
559 break;
560 default:
561 return 0;
562 }
563 udp_header = ip_len;
564 ike_header = ip_len + UDP_LEN;
565
566 /* This filter code filters out all non-IKEv2 traffic on
567 * a SOCK_RAW IP_PROTP_UDP socket. Handling of other
568 * IKE versions is done in pluto.
569 */
570 struct sock_filter ikev2_filter_code[] =
571 {
572 /* Destination Port must be either port or natt_port */
573 BPF_STMT(BPF_LD+BPF_H+BPF_ABS, udp_header + 2),
574 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, this->port, 1, 0),
575 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, this->natt_port, 5, 12),
576 /* port */
577 /* IKE version must be 2.0 */
578 BPF_STMT(BPF_LD+BPF_B+BPF_ABS, ike_header + IKE_VERSION_OFFSET),
579 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, 0x20, 0, 10),
580 /* packet length is length in IKEv2 header + ip header + udp header */
581 BPF_STMT(BPF_LD+BPF_W+BPF_ABS, ike_header + IKE_LENGTH_OFFSET),
582 BPF_STMT(BPF_ALU+BPF_ADD+BPF_K, ip_len + UDP_LEN),
583 BPF_STMT(BPF_RET+BPF_A, 0),
584 /* natt_port */
585 /* nat-t: check for marker */
586 BPF_STMT(BPF_LD+BPF_W+BPF_ABS, ike_header),
587 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, 0, 0, 5),
588 /* nat-t: IKE version must be 2.0 */
589 BPF_STMT(BPF_LD+BPF_B+BPF_ABS, ike_header + MARKER_LEN + IKE_VERSION_OFFSET),
590 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, 0x20, 0, 3),
591 /* nat-t: packet length is length in IKEv2 header + ip header + udp header + non esp marker */
592 BPF_STMT(BPF_LD+BPF_W+BPF_ABS, ike_header + MARKER_LEN + IKE_LENGTH_OFFSET),
593 BPF_STMT(BPF_ALU+BPF_ADD+BPF_K, ip_len + UDP_LEN + MARKER_LEN),
594 BPF_STMT(BPF_RET+BPF_A, 0),
595 /* packet doesn't match, ignore */
596 BPF_STMT(BPF_RET+BPF_K, 0),
597 };
598
599 /* Filter struct to use with setsockopt */
600 struct sock_fprog ikev2_filter = {
601 sizeof(ikev2_filter_code) / sizeof(struct sock_filter),
602 ikev2_filter_code
603 };
604
605 /* set up a raw socket */
606 skt = socket(family, SOCK_RAW, IPPROTO_UDP);
607 if (skt < 0)
608 {
609 DBG1(DBG_NET, "unable to create raw socket: %m");
610 return 0;
611 }
612
613 if (setsockopt(skt, SOL_SOCKET, SO_ATTACH_FILTER,
614 &ikev2_filter, sizeof(ikev2_filter)) < 0)
615 {
616 DBG1(DBG_NET, "unable to attach IKEv2 filter to raw socket: %m");
617 close(skt);
618 return 0;
619 }
620
621 if (family == AF_INET6 &&
622 /* we use IPV6_2292PKTINFO, as IPV6_PKTINFO is defined as
623 * 2 or 50 depending on kernel header version */
624 setsockopt(skt, sol, IPV6_2292PKTINFO, &on, sizeof(on)) < 0)
625 {
626 DBG1(DBG_NET, "unable to set IPV6_PKTINFO on raw socket: %m");
627 close(skt);
628 return 0;
629 }
630
631 /* bypass incomining IKE traffic on this socket */
632 memset(&policy, 0, sizeof(policy));
633 policy.sadb_x_policy_len = sizeof(policy) / sizeof(u_int64_t);
634 policy.sadb_x_policy_exttype = SADB_X_EXT_POLICY;
635 policy.sadb_x_policy_type = IPSEC_POLICY_BYPASS;
636 policy.sadb_x_policy_dir = IPSEC_DIR_INBOUND;
637
638 if (setsockopt(skt, sol, ipsec_policy, &policy, sizeof(policy)) < 0)
639 {
640 DBG1(DBG_NET, "unable to set IPSEC_POLICY on raw socket: %m");
641 close(skt);
642 return 0;
643 }
644
645 return skt;
646 }
647
648 /**
649 * implementation of socket_t.destroy
650 */
651 static void destroy(private_socket_t *this)
652 {
653 if (this->recv4)
654 {
655 close(this->recv4);
656 }
657 if (this->recv6)
658 {
659 close(this->recv6);
660 }
661 if (this->send4)
662 {
663 close(this->send4);
664 }
665 if (this->send6)
666 {
667 close(this->send6);
668 }
669 if (this->send4_natt)
670 {
671 close(this->send4_natt);
672 }
673 if (this->send6_natt)
674 {
675 close(this->send6_natt);
676 }
677 free(this);
678 }
679
680 /*
681 * See header for description
682 */
683 socket_t *socket_create(u_int16_t port, u_int16_t natt_port)
684 {
685 private_socket_t *this = malloc_thing(private_socket_t);
686
687 /* public functions */
688 this->public.send = (status_t(*)(socket_t*, packet_t*))sender;
689 this->public.receive = (status_t(*)(socket_t*, packet_t**))receiver;
690 this->public.destroy = (void(*)(socket_t*)) destroy;
691
692 this->port = port;
693 this->natt_port = natt_port;
694 this->recv4 = 0;
695 this->recv6 = 0;
696 this->send4 = 0;
697 this->send6 = 0;
698 this->send4_natt = 0;
699 this->send6_natt = 0;
700
701 this->recv4 = open_recv_socket(this, AF_INET);
702 if (this->recv4 == 0)
703 {
704 DBG1(DBG_NET, "could not open IPv4 receive socket, IPv4 disabled");
705 }
706 else
707 {
708 this->send4 = open_send_socket(this, AF_INET, this->port);
709 if (this->send4 == 0)
710 {
711 DBG1(DBG_NET, "could not open IPv4 send socket, IPv4 disabled");
712 close(this->recv4);
713 }
714 else
715 {
716 this->send4_natt = open_send_socket(this, AF_INET, this->natt_port);
717 if (this->send4_natt == 0)
718 {
719 DBG1(DBG_NET, "could not open IPv4 NAT-T send socket");
720 }
721 }
722 }
723
724 this->recv6 = open_recv_socket(this, AF_INET6);
725 if (this->recv6 == 0)
726 {
727 DBG1(DBG_NET, "could not open IPv6 receive socket, IPv6 disabled");
728 }
729 else
730 {
731 this->send6 = open_send_socket(this, AF_INET6, this->port);
732 if (this->send6 == 0)
733 {
734 DBG1(DBG_NET, "could not open IPv6 send socket, IPv6 disabled");
735 close(this->recv6);
736 }
737 else
738 {
739 this->send6_natt = open_send_socket(this, AF_INET6, this->natt_port);
740 if (this->send6_natt == 0)
741 {
742 DBG1(DBG_NET, "could not open IPv6 NAT-T send socket");
743 }
744 }
745 }
746
747 if (!(this->send4 || this->send6) || !(this->recv4 || this->recv6))
748 {
749 DBG1(DBG_NET, "could not create any sockets");
750 destroy(this);
751 charon->kill(charon, "socket initialization failed");
752 }
753
754 return (socket_t*)this;
755 }
strongSwan - IPsec VPN