output number of transmitted bytes in closing CHILD_SA statement
[strongswan.git] / src / charon / network / socket.c
1 /*
2 * Copyright (C) 2006-2009 Tobias Brunner
3 * Copyright (C) 2006 Daniel Roethlisberger
4 * Copyright (C) 2005-2007 Martin Willi
5 * Copyright (C) 2005 Jan Hutter
6 * Hochschule fuer Technik Rapperswil
7 *
8 * This program is free software; you can redistribute it and/or modify it
9 * under the terms of the GNU General Public License as published by the
10 * Free Software Foundation; either version 2 of the License, or (at your
11 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
12 *
13 * This program is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
15 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
16 * for more details.
17 */
18
19 /* for struct in6_pktinfo */
20 #define _GNU_SOURCE
21
22 #include <pthread.h>
23 #include <sys/types.h>
24 #include <sys/socket.h>
25 #include <string.h>
26 #include <errno.h>
27 #include <unistd.h>
28 #include <stdlib.h>
29 #include <fcntl.h>
30 #include <sys/ioctl.h>
31 #include <netinet/in_systm.h>
32 #include <netinet/in.h>
33 #include <netinet/ip.h>
34 #include <netinet/ip6.h>
35 #include <netinet/udp.h>
36 #include <net/if.h>
37 #ifdef __APPLE__
38 #include <sys/sysctl.h>
39 #endif
40
41 #include "socket.h"
42
43 #include <daemon.h>
44
45 /* length of non-esp marker */
46 #define MARKER_LEN sizeof(u_int32_t)
47
48 /* from linux/udp.h */
49 #ifndef UDP_ENCAP
50 #define UDP_ENCAP 100
51 #endif /*UDP_ENCAP*/
52
53 #ifndef UDP_ENCAP_ESPINUDP
54 #define UDP_ENCAP_ESPINUDP 2
55 #endif /*UDP_ENCAP_ESPINUDP*/
56
57 /* these are not defined on some platforms */
58 #ifndef SOL_IP
59 #define SOL_IP IPPROTO_IP
60 #endif
61 #ifndef SOL_IPV6
62 #define SOL_IPV6 IPPROTO_IPV6
63 #endif
64 #ifndef SOL_UDP
65 #define SOL_UDP IPPROTO_UDP
66 #endif
67
68 /* IPV6_RECVPKTINFO is defined in RFC 3542 which obsoletes RFC 2292 that
69 * previously defined IPV6_PKTINFO */
70 #ifndef IPV6_RECVPKTINFO
71 #define IPV6_RECVPKTINFO IPV6_PKTINFO;
72 #endif
73
74
75 typedef struct private_socket_t private_socket_t;
76
77 /**
78 * Private data of an socket_t object
79 */
80 struct private_socket_t {
81 /**
82 * public functions
83 */
84 socket_t public;
85
86 /**
87 * IPv4 socket (500)
88 */
89 int ipv4;
90
91 /**
92 * IPv4 socket for NATT (4500)
93 */
94 int ipv4_natt;
95
96 /**
97 * IPv6 socket (500)
98 */
99 int ipv6;
100
101 /**
102 * IPv6 socket for NATT (4500)
103 */
104 int ipv6_natt;
105 };
106
107 /**
108 * implementation of socket_t.receive
109 */
110 static status_t receiver(private_socket_t *this, packet_t **packet)
111 {
112 char buffer[MAX_PACKET];
113 chunk_t data;
114 packet_t *pkt;
115 host_t *source = NULL, *dest = NULL;
116 int bytes_read = 0;
117 int data_offset, oldstate;
118 fd_set rfds;
119 int max_fd = 0, selected = 0;
120 u_int16_t port = 0;
121
122 FD_ZERO(&rfds);
123
124 if (this->ipv4)
125 {
126 FD_SET(this->ipv4, &rfds);
127 }
128 if (this->ipv4_natt)
129 {
130 FD_SET(this->ipv4_natt, &rfds);
131 }
132 if (this->ipv6)
133 {
134 FD_SET(this->ipv6, &rfds);
135 }
136 if (this->ipv6_natt)
137 {
138 FD_SET(this->ipv6_natt, &rfds);
139 }
140 max_fd = max(max(this->ipv4, this->ipv4_natt), max(this->ipv6, this->ipv6_natt));
141
142 DBG2(DBG_NET, "waiting for data on sockets");
143 pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &oldstate);
144 if (select(max_fd + 1, &rfds, NULL, NULL, NULL) <= 0)
145 {
146 pthread_setcancelstate(oldstate, NULL);
147 return FAILED;
148 }
149 pthread_setcancelstate(oldstate, NULL);
150
151 if (FD_ISSET(this->ipv4, &rfds))
152 {
153 port = IKEV2_UDP_PORT;
154 selected = this->ipv4;
155 }
156 if (FD_ISSET(this->ipv4_natt, &rfds))
157 {
158 port = IKEV2_NATT_PORT;
159 selected = this->ipv4_natt;
160 }
161 if (FD_ISSET(this->ipv6, &rfds))
162 {
163 port = IKEV2_UDP_PORT;
164 selected = this->ipv6;
165 }
166 if (FD_ISSET(this->ipv6_natt, &rfds))
167 {
168 port = IKEV2_NATT_PORT;
169 selected = this->ipv6_natt;
170 }
171 if (selected)
172 {
173 struct msghdr msg;
174 struct cmsghdr *cmsgptr;
175 struct iovec iov;
176 char ancillary[64];
177 union {
178 struct sockaddr_in in4;
179 struct sockaddr_in6 in6;
180 } src;
181
182 msg.msg_name = &src;
183 msg.msg_namelen = sizeof(src);
184 iov.iov_base = buffer;
185 iov.iov_len = sizeof(buffer);
186 msg.msg_iov = &iov;
187 msg.msg_iovlen = 1;
188 msg.msg_control = ancillary;
189 msg.msg_controllen = sizeof(ancillary);
190 msg.msg_flags = 0;
191 bytes_read = recvmsg(selected, &msg, 0);
192 if (bytes_read < 0)
193 {
194 DBG1(DBG_NET, "error reading socket: %s", strerror(errno));
195 return FAILED;
196 }
197 DBG3(DBG_NET, "received packet %b", buffer, bytes_read);
198
199 if (bytes_read < MARKER_LEN)
200 {
201 DBG3(DBG_NET, "received packet too short (%d bytes)",
202 bytes_read);
203 return FAILED;
204 }
205
206 /* read ancillary data to get destination address */
207 for (cmsgptr = CMSG_FIRSTHDR(&msg); cmsgptr != NULL;
208 cmsgptr = CMSG_NXTHDR(&msg, cmsgptr))
209 {
210 if (cmsgptr->cmsg_len == 0)
211 {
212 DBG1(DBG_NET, "error reading ancillary data");
213 return FAILED;
214 }
215
216 if (cmsgptr->cmsg_level == SOL_IPV6 &&
217 cmsgptr->cmsg_type == IPV6_PKTINFO)
218 {
219 struct in6_pktinfo *pktinfo;
220 pktinfo = (struct in6_pktinfo*)CMSG_DATA(cmsgptr);
221 struct sockaddr_in6 dst;
222
223 memset(&dst, 0, sizeof(dst));
224 memcpy(&dst.sin6_addr, &pktinfo->ipi6_addr, sizeof(dst.sin6_addr));
225 dst.sin6_family = AF_INET6;
226 dst.sin6_port = htons(port);
227 dest = host_create_from_sockaddr((sockaddr_t*)&dst);
228 }
229 if (cmsgptr->cmsg_level == SOL_IP &&
230 #ifdef IP_PKTINFO
231 cmsgptr->cmsg_type == IP_PKTINFO
232 #elif defined(IP_RECVDSTADDR)
233 cmsgptr->cmsg_type == IP_RECVDSTADDR
234 #else
235 FALSE
236 #endif
237 )
238 {
239 struct in_addr *addr;
240 struct sockaddr_in dst;
241
242 #ifdef IP_PKTINFO
243 struct in_pktinfo *pktinfo;
244 pktinfo = (struct in_pktinfo*)CMSG_DATA(cmsgptr);
245 addr = &pktinfo->ipi_addr;
246 #elif defined(IP_RECVDSTADDR)
247 addr = (struct in_addr*)CMSG_DATA(cmsgptr);
248 #endif
249 memset(&dst, 0, sizeof(dst));
250 memcpy(&dst.sin_addr, addr, sizeof(dst.sin_addr));
251
252 dst.sin_family = AF_INET;
253 dst.sin_port = htons(port);
254 dest = host_create_from_sockaddr((sockaddr_t*)&dst);
255 }
256 if (dest)
257 {
258 break;
259 }
260 }
261 if (dest == NULL)
262 {
263 DBG1(DBG_NET, "error reading IP header");
264 return FAILED;
265 }
266 source = host_create_from_sockaddr((sockaddr_t*)&src);
267
268 pkt = packet_create();
269 pkt->set_source(pkt, source);
270 pkt->set_destination(pkt, dest);
271 DBG2(DBG_NET, "received packet: from %#H to %#H", source, dest);
272 data_offset = 0;
273 /* remove non esp marker */
274 if (dest->get_port(dest) == IKEV2_NATT_PORT)
275 {
276 data_offset += MARKER_LEN;
277 }
278 /* fill in packet */
279 data.len = bytes_read - data_offset;
280 data.ptr = malloc(data.len);
281 memcpy(data.ptr, buffer + data_offset, data.len);
282 pkt->set_data(pkt, data);
283 }
284 else
285 {
286 /* oops, shouldn't happen */
287 return FAILED;
288 }
289 /* return packet */
290 *packet = pkt;
291 return SUCCESS;
292 }
293
294 /**
295 * implementation of socket_t.send
296 */
297 status_t sender(private_socket_t *this, packet_t *packet)
298 {
299 int sport, skt, family;
300 ssize_t bytes_sent;
301 chunk_t data, marked;
302 host_t *src, *dst;
303 struct msghdr msg;
304 struct cmsghdr *cmsg;
305 struct iovec iov;
306
307 src = packet->get_source(packet);
308 dst = packet->get_destination(packet);
309 data = packet->get_data(packet);
310
311 DBG2(DBG_NET, "sending packet: from %#H to %#H", src, dst);
312
313 /* send data */
314 sport = src->get_port(src);
315 family = dst->get_family(dst);
316 if (sport == IKEV2_UDP_PORT)
317 {
318 if (family == AF_INET)
319 {
320 skt = this->ipv4;
321 }
322 else
323 {
324 skt = this->ipv6;
325 }
326 }
327 else if (sport == IKEV2_NATT_PORT)
328 {
329 if (family == AF_INET)
330 {
331 skt = this->ipv4_natt;
332 }
333 else
334 {
335 skt = this->ipv6_natt;
336 }
337 /* NAT keepalives without marker */
338 if (data.len != 1 || data.ptr[0] != 0xFF)
339 {
340 /* add non esp marker to packet */
341 if (data.len > MAX_PACKET - MARKER_LEN)
342 {
343 DBG1(DBG_NET, "unable to send packet: it's too big (%d bytes)",
344 data.len);
345 return FAILED;
346 }
347 marked = chunk_alloc(data.len + MARKER_LEN);
348 memset(marked.ptr, 0, MARKER_LEN);
349 memcpy(marked.ptr + MARKER_LEN, data.ptr, data.len);
350 /* let the packet do the clean up for us */
351 packet->set_data(packet, marked);
352 data = marked;
353 }
354 }
355 else
356 {
357 DBG1(DBG_NET, "unable to locate a send socket for port %d", sport);
358 return FAILED;
359 }
360
361 memset(&msg, 0, sizeof(struct msghdr));
362 msg.msg_name = dst->get_sockaddr(dst);;
363 msg.msg_namelen = *dst->get_sockaddr_len(dst);
364 iov.iov_base = data.ptr;
365 iov.iov_len = data.len;
366 msg.msg_iov = &iov;
367 msg.msg_iovlen = 1;
368 msg.msg_flags = 0;
369
370 if (!src->is_anyaddr(src))
371 {
372 if (family == AF_INET)
373 {
374 #if defined(IP_PKTINFO) || defined(IP_SENDSRCADDR)
375 struct in_addr *addr;
376 struct sockaddr_in *sin;
377 #ifdef IP_PKTINFO
378 char buf[CMSG_SPACE(sizeof(struct in_pktinfo))];
379 struct in_pktinfo *pktinfo;
380 #elif defined(IP_SENDSRCADDR)
381 char buf[CMSG_SPACE(sizeof(struct in_addr))];
382 #endif
383 msg.msg_control = buf;
384 msg.msg_controllen = sizeof(buf);
385 cmsg = CMSG_FIRSTHDR(&msg);
386 cmsg->cmsg_level = SOL_IP;
387 #ifdef IP_PKTINFO
388 cmsg->cmsg_type = IP_PKTINFO;
389 cmsg->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo));
390 pktinfo = (struct in_pktinfo*)CMSG_DATA(cmsg);
391 memset(pktinfo, 0, sizeof(struct in_pktinfo));
392 addr = &pktinfo->ipi_spec_dst;
393 #elif defined(IP_SENDSRCADDR)
394 cmsg->cmsg_type = IP_SENDSRCADDR;
395 cmsg->cmsg_len = CMSG_LEN(sizeof(struct in_addr));
396 addr = (struct in_addr*)CMSG_DATA(cmsg);
397 #endif
398 sin = (struct sockaddr_in*)src->get_sockaddr(src);
399 memcpy(addr, &sin->sin_addr, sizeof(struct in_addr));
400 #endif /* IP_PKTINFO || IP_SENDSRCADDR */
401 }
402 else
403 {
404 char buf[CMSG_SPACE(sizeof(struct in6_pktinfo))];
405 struct in6_pktinfo *pktinfo;
406 struct sockaddr_in6 *sin;
407
408 msg.msg_control = buf;
409 msg.msg_controllen = sizeof(buf);
410 cmsg = CMSG_FIRSTHDR(&msg);
411 cmsg->cmsg_level = SOL_IPV6;
412 cmsg->cmsg_type = IPV6_PKTINFO;
413 cmsg->cmsg_len = CMSG_LEN(sizeof(struct in6_pktinfo));
414 pktinfo = (struct in6_pktinfo*)CMSG_DATA(cmsg);
415 memset(pktinfo, 0, sizeof(struct in6_pktinfo));
416 sin = (struct sockaddr_in6*)src->get_sockaddr(src);
417 memcpy(&pktinfo->ipi6_addr, &sin->sin6_addr, sizeof(struct in6_addr));
418 }
419 }
420
421 bytes_sent = sendmsg(skt, &msg, 0);
422
423 if (bytes_sent != data.len)
424 {
425 DBG1(DBG_NET, "error writing to socket: %s", strerror(errno));
426 return FAILED;
427 }
428 return SUCCESS;
429 }
430
431 /**
432 * open a socket to send and receive packets
433 */
434 static int open_socket(private_socket_t *this, int family, u_int16_t port)
435 {
436 int on = TRUE;
437 int type = UDP_ENCAP_ESPINUDP;
438 struct sockaddr_storage addr;
439 socklen_t addrlen;
440 u_int sol, pktinfo = 0;
441 int skt;
442
443 memset(&addr, 0, sizeof(addr));
444 /* precalculate constants depending on address family */
445 switch (family)
446 {
447 case AF_INET:
448 {
449 struct sockaddr_in *sin = (struct sockaddr_in *)&addr;
450 sin->sin_family = AF_INET;
451 sin->sin_addr.s_addr = INADDR_ANY;
452 sin->sin_port = htons(port);
453 addrlen = sizeof(struct sockaddr_in);
454 sol = SOL_IP;
455 #ifdef IP_PKTINFO
456 pktinfo = IP_PKTINFO;
457 #elif defined(IP_RECVDSTADDR)
458 pktinfo = IP_RECVDSTADDR;
459 #endif
460 break;
461 }
462 case AF_INET6:
463 {
464 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&addr;
465 sin6->sin6_family = AF_INET6;
466 memcpy(&sin6->sin6_addr, &in6addr_any, sizeof(in6addr_any));
467 sin6->sin6_port = htons(port);
468 addrlen = sizeof(struct sockaddr_in6);
469 sol = SOL_IPV6;
470 pktinfo = IPV6_RECVPKTINFO;
471 break;
472 }
473 default:
474 return 0;
475 }
476
477 skt = socket(family, SOCK_DGRAM, IPPROTO_UDP);
478 if (skt < 0)
479 {
480 DBG1(DBG_NET, "could not open socket: %s", strerror(errno));
481 return 0;
482 }
483 if (setsockopt(skt, SOL_SOCKET, SO_REUSEADDR, (void*)&on, sizeof(on)) < 0)
484 {
485 DBG1(DBG_NET, "unable to set SO_REUSEADDR on socket: %s", strerror(errno));
486 close(skt);
487 return 0;
488 }
489
490 /* bind the socket */
491 if (bind(skt, (struct sockaddr *)&addr, addrlen) < 0)
492 {
493 DBG1(DBG_NET, "unable to bind socket: %s", strerror(errno));
494 close(skt);
495 return 0;
496 }
497
498 /* get additional packet info on receive */
499 if (pktinfo > 0)
500 {
501 if (setsockopt(skt, sol, pktinfo, &on, sizeof(on)) < 0)
502 {
503 DBG1(DBG_NET, "unable to set IP_PKTINFO on socket: %s", strerror(errno));
504 close(skt);
505 return 0;
506 }
507 }
508
509 /* enable UDP decapsulation globally, only for one socket needed */
510 if (family == AF_INET && port == IKEV2_NATT_PORT &&
511 setsockopt(skt, SOL_UDP, UDP_ENCAP, &type, sizeof(type)) < 0)
512 {
513 DBG1(DBG_NET, "unable to set UDP_ENCAP: %s", strerror(errno));
514 }
515 return skt;
516 }
517
518 /**
519 * enumerator for underlying sockets
520 */
521 typedef struct {
522 /** implements enumerator_t */
523 enumerator_t public;
524 /** sockets we enumerate */
525 private_socket_t *socket;
526 /** counter */
527 int index;
528 } socket_enumerator_t;
529
530 /**
531 * enumerate function for socket_enumerator_t
532 */
533 static bool enumerate(socket_enumerator_t *this, int *fd, int *family, int *port)
534 {
535 static const struct {
536 int fd_offset;
537 int family;
538 int port;
539 } sockets[] = {
540 { offsetof(private_socket_t, ipv4), AF_INET, IKEV2_UDP_PORT },
541 { offsetof(private_socket_t, ipv6), AF_INET6, IKEV2_UDP_PORT },
542 { offsetof(private_socket_t, ipv4_natt), AF_INET, IKEV2_NATT_PORT },
543 { offsetof(private_socket_t, ipv6_natt), AF_INET6, IKEV2_NATT_PORT }
544 };
545
546 while(++this->index < countof(sockets))
547 {
548 int sock = *(int*)((char*)this->socket + sockets[this->index].fd_offset);
549 if (!sock)
550 {
551 continue;
552 }
553 *fd = sock;
554 *family = sockets[this->index].family;
555 *port = sockets[this->index].port;
556 return TRUE;
557 }
558 return FALSE;
559 }
560
561 /**
562 * implementation of socket_t.create_enumerator
563 */
564 static enumerator_t *create_enumerator(private_socket_t *this)
565 {
566 socket_enumerator_t *enumerator;
567
568 enumerator = malloc_thing(socket_enumerator_t);
569 enumerator->index = -1;
570 enumerator->socket = this;
571 enumerator->public.enumerate = (void*)enumerate;
572 enumerator->public.destroy = (void*)free;
573 return &enumerator->public;
574 }
575
576 /**
577 * implementation of socket_t.destroy
578 */
579 static void destroy(private_socket_t *this)
580 {
581 if (this->ipv4)
582 {
583 close(this->ipv4);
584 }
585 if (this->ipv4_natt)
586 {
587 close(this->ipv4_natt);
588 }
589 if (this->ipv6)
590 {
591 close(this->ipv6);
592 }
593 if (this->ipv6_natt)
594 {
595 close(this->ipv6_natt);
596 }
597 free(this);
598 }
599
600 /*
601 * See header for description
602 */
603 socket_t *socket_create()
604 {
605 private_socket_t *this = malloc_thing(private_socket_t);
606
607 /* public functions */
608 this->public.send = (status_t(*)(socket_t*, packet_t*))sender;
609 this->public.receive = (status_t(*)(socket_t*, packet_t**))receiver;
610 this->public.create_enumerator = (enumerator_t*(*)(socket_t*))create_enumerator;
611 this->public.destroy = (void(*)(socket_t*)) destroy;
612
613 this->ipv4 = 0;
614 this->ipv6 = 0;
615 this->ipv4_natt = 0;
616 this->ipv6_natt = 0;
617
618 #ifdef __APPLE__
619 {
620 int natt_port = IKEV2_NATT_PORT;
621 if (sysctlbyname("net.inet.ipsec.esp_port", NULL, NULL, &natt_port,
622 sizeof(natt_port)) != 0)
623 {
624 DBG1(DBG_NET, "could not set net.inet.ipsec.esp_port to %d: %s",
625 natt_port, strerror(errno));
626 }
627 }
628 #endif
629
630 this->ipv4 = open_socket(this, AF_INET, IKEV2_UDP_PORT);
631 if (this->ipv4 == 0)
632 {
633 DBG1(DBG_NET, "could not open IPv4 socket, IPv4 disabled");
634 }
635 else
636 {
637 this->ipv4_natt = open_socket(this, AF_INET, IKEV2_NATT_PORT);
638 if (this->ipv4_natt == 0)
639 {
640 DBG1(DBG_NET, "could not open IPv4 NAT-T socket");
641 }
642 }
643
644 this->ipv6 = open_socket(this, AF_INET6, IKEV2_UDP_PORT);
645 if (this->ipv6 == 0)
646 {
647 DBG1(DBG_NET, "could not open IPv6 socket, IPv6 disabled");
648 }
649 else
650 {
651 this->ipv6_natt = open_socket(this, AF_INET6, IKEV2_NATT_PORT);
652 if (this->ipv6_natt == 0)
653 {
654 DBG1(DBG_NET, "could not open IPv6 NAT-T socket");
655 }
656 }
657
658 if (!this->ipv4 && !this->ipv6)
659 {
660 DBG1(DBG_NET, "could not create any sockets");
661 destroy(this);
662 charon->kill(charon, "socket initialization failed");
663 }
664 return (socket_t*)this;
665 }
666