identation cleanups
[strongswan.git] / src / charon / network / socket.c
1 /*
2 * Copyright (C) 2006-2009 Tobias Brunner
3 * Copyright (C) 2006 Daniel Roethlisberger
4 * Copyright (C) 2005-2007 Martin Willi
5 * Copyright (C) 2005 Jan Hutter
6 * Hochschule fuer Technik Rapperswil
7 *
8 * This program is free software; you can redistribute it and/or modify it
9 * under the terms of the GNU General Public License as published by the
10 * Free Software Foundation; either version 2 of the License, or (at your
11 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
12 *
13 * This program is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
15 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
16 * for more details.
17 */
18
19 /* for struct in6_pktinfo */
20 #define _GNU_SOURCE
21
22 #include <pthread.h>
23 #include <sys/types.h>
24 #include <sys/socket.h>
25 #include <string.h>
26 #include <errno.h>
27 #include <unistd.h>
28 #include <stdlib.h>
29 #include <fcntl.h>
30 #include <sys/ioctl.h>
31 #include <netinet/in_systm.h>
32 #include <netinet/in.h>
33 #include <netinet/ip.h>
34 #include <netinet/ip6.h>
35 #include <netinet/udp.h>
36 #include <net/if.h>
37
38 #include "socket.h"
39
40 #include <daemon.h>
41
42 /* length of non-esp marker */
43 #define MARKER_LEN sizeof(u_int32_t)
44
45 /* from linux/udp.h */
46 #ifndef UDP_ENCAP
47 #define UDP_ENCAP 100
48 #endif /*UDP_ENCAP*/
49
50 #ifndef UDP_ENCAP_ESPINUDP
51 #define UDP_ENCAP_ESPINUDP 2
52 #endif /*UDP_ENCAP_ESPINUDP*/
53
54 /* these are not defined on some platforms */
55 #ifndef SOL_IP
56 #define SOL_IP IPPROTO_IP
57 #endif
58 #ifndef SOL_IPV6
59 #define SOL_IPV6 IPPROTO_IPV6
60 #endif
61 #ifndef SOL_UDP
62 #define SOL_UDP IPPROTO_UDP
63 #endif
64
65 typedef struct private_socket_t private_socket_t;
66
67 /**
68 * Private data of an socket_t object
69 */
70 struct private_socket_t {
71 /**
72 * public functions
73 */
74 socket_t public;
75
76 /**
77 * IPv4 socket (500)
78 */
79 int ipv4;
80
81 /**
82 * IPv4 socket for NATT (4500)
83 */
84 int ipv4_natt;
85
86 /**
87 * IPv6 socket (500)
88 */
89 int ipv6;
90
91 /**
92 * IPv6 socket for NATT (4500)
93 */
94 int ipv6_natt;
95 };
96
97 /**
98 * implementation of socket_t.receive
99 */
100 static status_t receiver(private_socket_t *this, packet_t **packet)
101 {
102 char buffer[MAX_PACKET];
103 chunk_t data;
104 packet_t *pkt;
105 host_t *source = NULL, *dest = NULL;
106 int bytes_read = 0;
107 int data_offset, oldstate;
108 fd_set rfds;
109 int max_fd = 0, selected = 0;
110 u_int16_t port;
111
112 FD_ZERO(&rfds);
113
114 if (this->ipv4)
115 {
116 FD_SET(this->ipv4, &rfds);
117 }
118 if (this->ipv4_natt)
119 {
120 FD_SET(this->ipv4_natt, &rfds);
121 }
122 if (this->ipv6)
123 {
124 FD_SET(this->ipv6, &rfds);
125 }
126 if (this->ipv6_natt)
127 {
128 FD_SET(this->ipv6_natt, &rfds);
129 }
130 max_fd = max(max(this->ipv4, this->ipv4_natt), max(this->ipv6, this->ipv6_natt));
131
132 DBG2(DBG_NET, "waiting for data on sockets");
133 pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &oldstate);
134 if (select(max_fd + 1, &rfds, NULL, NULL, NULL) <= 0)
135 {
136 pthread_setcancelstate(oldstate, NULL);
137 return FAILED;
138 }
139 pthread_setcancelstate(oldstate, NULL);
140
141 if (FD_ISSET(this->ipv4, &rfds))
142 {
143 port = IKEV2_UDP_PORT;
144 selected = this->ipv4;
145 }
146 if (FD_ISSET(this->ipv4_natt, &rfds))
147 {
148 port = IKEV2_NATT_PORT;
149 selected = this->ipv4_natt;
150 }
151 if (FD_ISSET(this->ipv6, &rfds))
152 {
153 port = IKEV2_UDP_PORT;
154 selected = this->ipv6;
155 }
156 if (FD_ISSET(this->ipv6_natt, &rfds))
157 {
158 port = IKEV2_NATT_PORT;
159 selected = this->ipv6_natt;
160 }
161 if (selected)
162 {
163 struct msghdr msg;
164 struct cmsghdr *cmsgptr;
165 struct iovec iov;
166 char ancillary[64];
167 union {
168 struct sockaddr_in in4;
169 struct sockaddr_in6 in6;
170 } src;
171
172 msg.msg_name = &src;
173 msg.msg_namelen = sizeof(src);
174 iov.iov_base = buffer;
175 iov.iov_len = sizeof(buffer);
176 msg.msg_iov = &iov;
177 msg.msg_iovlen = 1;
178 msg.msg_control = ancillary;
179 msg.msg_controllen = sizeof(ancillary);
180 msg.msg_flags = 0;
181 bytes_read = recvmsg(selected, &msg, 0);
182 if (bytes_read < 0)
183 {
184 DBG1(DBG_NET, "error reading socket: %s", strerror(errno));
185 return FAILED;
186 }
187 DBG3(DBG_NET, "received packet %b", buffer, bytes_read);
188
189 if (bytes_read < MARKER_LEN)
190 {
191 DBG3(DBG_NET, "received packet too short (%d bytes)",
192 bytes_read);
193 return FAILED;
194 }
195
196 /* read ancillary data to get destination address */
197 for (cmsgptr = CMSG_FIRSTHDR(&msg); cmsgptr != NULL;
198 cmsgptr = CMSG_NXTHDR(&msg, cmsgptr))
199 {
200 if (cmsgptr->cmsg_len == 0)
201 {
202 DBG1(DBG_NET, "error reading ancillary data");
203 return FAILED;
204 }
205
206 if (cmsgptr->cmsg_level == SOL_IPV6 &&
207 cmsgptr->cmsg_type == IPV6_PKTINFO)
208 {
209 struct in6_pktinfo *pktinfo;
210 pktinfo = (struct in6_pktinfo*)CMSG_DATA(cmsgptr);
211 struct sockaddr_in6 dst;
212
213 memset(&dst, 0, sizeof(dst));
214 memcpy(&dst.sin6_addr, &pktinfo->ipi6_addr, sizeof(dst.sin6_addr));
215 dst.sin6_family = AF_INET6;
216 dst.sin6_port = htons(port);
217 dest = host_create_from_sockaddr((sockaddr_t*)&dst);
218 }
219 if (cmsgptr->cmsg_level == SOL_IP &&
220 #ifdef IP_PKTINFO
221 cmsgptr->cmsg_type == IP_PKTINFO
222 #elif defined(IP_RECVDSTADDR)
223 cmsgptr->cmsg_type == IP_RECVDSTADDR
224 #else
225 FALSE
226 #endif
227 )
228 {
229 struct in_addr *addr;
230 struct sockaddr_in dst;
231
232 #ifdef IP_PKTINFO
233 struct in_pktinfo *pktinfo;
234 pktinfo = (struct in_pktinfo*)CMSG_DATA(cmsgptr);
235 addr = &pktinfo->ipi_addr;
236 #elif defined(IP_RECVDSTADDR)
237 addr = (struct in_addr*)CMSG_DATA(cmsgptr);
238 #endif
239 memset(&dst, 0, sizeof(dst));
240 memcpy(&dst.sin_addr, addr, sizeof(dst.sin_addr));
241
242 dst.sin_family = AF_INET;
243 dst.sin_port = htons(port);
244 dest = host_create_from_sockaddr((sockaddr_t*)&dst);
245 }
246 if (dest)
247 {
248 break;
249 }
250 }
251 if (dest == NULL)
252 {
253 DBG1(DBG_NET, "error reading IP header");
254 return FAILED;
255 }
256 source = host_create_from_sockaddr((sockaddr_t*)&src);
257
258 pkt = packet_create();
259 pkt->set_source(pkt, source);
260 pkt->set_destination(pkt, dest);
261 DBG2(DBG_NET, "received packet: from %#H to %#H", source, dest);
262 data_offset = 0;
263 /* remove non esp marker */
264 if (dest->get_port(dest) == IKEV2_NATT_PORT)
265 {
266 data_offset += MARKER_LEN;
267 }
268 /* fill in packet */
269 data.len = bytes_read - data_offset;
270 data.ptr = malloc(data.len);
271 memcpy(data.ptr, buffer + data_offset, data.len);
272 pkt->set_data(pkt, data);
273 }
274 else
275 {
276 /* oops, shouldn't happen */
277 return FAILED;
278 }
279 /* return packet */
280 *packet = pkt;
281 return SUCCESS;
282 }
283
284 /**
285 * implementation of socket_t.send
286 */
287 status_t sender(private_socket_t *this, packet_t *packet)
288 {
289 int sport, skt, family;
290 ssize_t bytes_sent;
291 chunk_t data, marked;
292 host_t *src, *dst;
293 struct msghdr msg;
294 struct cmsghdr *cmsg;
295 struct iovec iov;
296
297 src = packet->get_source(packet);
298 dst = packet->get_destination(packet);
299 data = packet->get_data(packet);
300
301 DBG2(DBG_NET, "sending packet: from %#H to %#H", src, dst);
302
303 /* send data */
304 sport = src->get_port(src);
305 family = dst->get_family(dst);
306 if (sport == IKEV2_UDP_PORT)
307 {
308 if (family == AF_INET)
309 {
310 skt = this->ipv4;
311 }
312 else
313 {
314 skt = this->ipv6;
315 }
316 }
317 else if (sport == IKEV2_NATT_PORT)
318 {
319 if (family == AF_INET)
320 {
321 skt = this->ipv4_natt;
322 }
323 else
324 {
325 skt = this->ipv6_natt;
326 }
327 /* NAT keepalives without marker */
328 if (data.len != 1 || data.ptr[0] != 0xFF)
329 {
330 /* add non esp marker to packet */
331 if (data.len > MAX_PACKET - MARKER_LEN)
332 {
333 DBG1(DBG_NET, "unable to send packet: it's too big (%d bytes)",
334 data.len);
335 return FAILED;
336 }
337 marked = chunk_alloc(data.len + MARKER_LEN);
338 memset(marked.ptr, 0, MARKER_LEN);
339 memcpy(marked.ptr + MARKER_LEN, data.ptr, data.len);
340 /* let the packet do the clean up for us */
341 packet->set_data(packet, marked);
342 data = marked;
343 }
344 }
345 else
346 {
347 DBG1(DBG_NET, "unable to locate a send socket for port %d", sport);
348 return FAILED;
349 }
350
351 memset(&msg, 0, sizeof(struct msghdr));
352 msg.msg_name = dst->get_sockaddr(dst);;
353 msg.msg_namelen = *dst->get_sockaddr_len(dst);
354 iov.iov_base = data.ptr;
355 iov.iov_len = data.len;
356 msg.msg_iov = &iov;
357 msg.msg_iovlen = 1;
358 msg.msg_flags = 0;
359
360 if (!src->is_anyaddr(src))
361 {
362 if (family == AF_INET)
363 {
364 #if defined(IP_PKTINFO) || defined(IP_SENDSRCADDR)
365 struct in_addr *addr;
366 struct sockaddr_in *sin;
367 #ifdef IP_PKTINFO
368 char buf[CMSG_SPACE(sizeof(struct in_pktinfo))];
369 struct in_pktinfo *pktinfo;
370 #elif defined(IP_SENDSRCADDR)
371 char buf[CMSG_SPACE(sizeof(struct in_addr))];
372 #endif
373 msg.msg_control = buf;
374 msg.msg_controllen = sizeof(buf);
375 cmsg = CMSG_FIRSTHDR(&msg);
376 cmsg->cmsg_level = SOL_IP;
377 #ifdef IP_PKTINFO
378 cmsg->cmsg_type = IP_PKTINFO;
379 cmsg->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo));
380 pktinfo = (struct in_pktinfo*)CMSG_DATA(cmsg);
381 memset(pktinfo, 0, sizeof(struct in_pktinfo));
382 addr = &pktinfo->ipi_spec_dst;
383 #elif defined(IP_SENDSRCADDR)
384 cmsg->cmsg_type = IP_SENDSRCADDR;
385 cmsg->cmsg_len = CMSG_LEN(sizeof(struct in_addr));
386 addr = (struct in_addr*)CMSG_DATA(cmsg);
387 #endif
388 sin = (struct sockaddr_in*)src->get_sockaddr(src);
389 memcpy(addr, &sin->sin_addr, sizeof(struct in_addr));
390 #endif /* IP_PKTINFO || IP_SENDSRCADDR */
391 }
392 else
393 {
394 char buf[CMSG_SPACE(sizeof(struct in6_pktinfo))];
395 struct in6_pktinfo *pktinfo;
396 struct sockaddr_in6 *sin;
397
398 msg.msg_control = buf;
399 msg.msg_controllen = sizeof(buf);
400 cmsg = CMSG_FIRSTHDR(&msg);
401 cmsg->cmsg_level = SOL_IPV6;
402 cmsg->cmsg_type = IPV6_PKTINFO;
403 cmsg->cmsg_len = CMSG_LEN(sizeof(struct in6_pktinfo));
404 pktinfo = (struct in6_pktinfo*)CMSG_DATA(cmsg);
405 memset(pktinfo, 0, sizeof(struct in6_pktinfo));
406 sin = (struct sockaddr_in6*)src->get_sockaddr(src);
407 memcpy(&pktinfo->ipi6_addr, &sin->sin6_addr, sizeof(struct in6_addr));
408 }
409 }
410
411 bytes_sent = sendmsg(skt, &msg, 0);
412
413 if (bytes_sent != data.len)
414 {
415 DBG1(DBG_NET, "error writing to socket: %s", strerror(errno));
416 return FAILED;
417 }
418 return SUCCESS;
419 }
420
421 /**
422 * open a socket to send and receive packets
423 */
424 static int open_socket(private_socket_t *this, int family, u_int16_t port)
425 {
426 int on = TRUE;
427 int type = UDP_ENCAP_ESPINUDP;
428 struct sockaddr_storage addr;
429 socklen_t addrlen;
430 u_int sol, pktinfo = 0;
431 int skt;
432
433 memset(&addr, 0, sizeof(addr));
434 /* precalculate constants depending on address family */
435 switch (family)
436 {
437 case AF_INET:
438 {
439 struct sockaddr_in *sin = (struct sockaddr_in *)&addr;
440 sin->sin_family = AF_INET;
441 sin->sin_addr.s_addr = INADDR_ANY;
442 sin->sin_port = htons(port);
443 addrlen = sizeof(struct sockaddr_in);
444 sol = SOL_IP;
445 #ifdef IP_PKTINFO
446 pktinfo = IP_PKTINFO;
447 #elif defined(IP_RECVDSTADDR)
448 pktinfo = IP_RECVDSTADDR;
449 #endif
450 break;
451 }
452 case AF_INET6:
453 {
454 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&addr;
455 sin6->sin6_family = AF_INET6;
456 memcpy(&sin6->sin6_addr, &in6addr_any, sizeof(in6addr_any));
457 sin6->sin6_port = htons(port);
458 addrlen = sizeof(struct sockaddr_in6);
459 sol = SOL_IPV6;
460 pktinfo = IPV6_RECVPKTINFO;
461 break;
462 }
463 default:
464 return 0;
465 }
466
467 skt = socket(family, SOCK_DGRAM, IPPROTO_UDP);
468 if (skt < 0)
469 {
470 DBG1(DBG_NET, "could not open socket: %s", strerror(errno));
471 return 0;
472 }
473 if (setsockopt(skt, SOL_SOCKET, SO_REUSEADDR, (void*)&on, sizeof(on)) < 0)
474 {
475 DBG1(DBG_NET, "unable to set SO_REUSEADDR on socket: %s", strerror(errno));
476 close(skt);
477 return 0;
478 }
479
480 /* bind the socket */
481 if (bind(skt, (struct sockaddr *)&addr, addrlen) < 0)
482 {
483 DBG1(DBG_NET, "unable to bind socket: %s", strerror(errno));
484 close(skt);
485 return 0;
486 }
487
488 /* get additional packet info on receive */
489 if (pktinfo > 0)
490 {
491 if (setsockopt(skt, sol, pktinfo, &on, sizeof(on)) < 0)
492 {
493 DBG1(DBG_NET, "unable to set IP_PKTINFO on socket: %s", strerror(errno));
494 close(skt);
495 return 0;
496 }
497 }
498
499 /* enable UDP decapsulation globally, only for one socket needed */
500 if (family == AF_INET && port == IKEV2_NATT_PORT &&
501 setsockopt(skt, SOL_UDP, UDP_ENCAP, &type, sizeof(type)) < 0)
502 {
503 DBG1(DBG_NET, "unable to set UDP_ENCAP: %s", strerror(errno));
504 }
505 return skt;
506 }
507
508 /**
509 * enumerator for underlying sockets
510 */
511 typedef struct {
512 /** implements enumerator_t */
513 enumerator_t public;
514 /** sockets we enumerate */
515 private_socket_t *socket;
516 /** counter */
517 int index;
518 } socket_enumerator_t;
519
520 /**
521 * enumerate function for socket_enumerator_t
522 */
523 static bool enumerate(socket_enumerator_t *this, int *fd, int *family, int *port)
524 {
525 static const struct {
526 int fd_offset;
527 int family;
528 int port;
529 } sockets[] = {
530 { offsetof(private_socket_t, ipv4), AF_INET, IKEV2_UDP_PORT },
531 { offsetof(private_socket_t, ipv6), AF_INET6, IKEV2_UDP_PORT },
532 { offsetof(private_socket_t, ipv4_natt), AF_INET, IKEV2_NATT_PORT },
533 { offsetof(private_socket_t, ipv6_natt), AF_INET6, IKEV2_NATT_PORT }
534 };
535
536 while(++this->index < countof(sockets))
537 {
538 int sock = *(int*)((char*)this->socket + sockets[this->index].fd_offset);
539 if (!sock)
540 {
541 continue;
542 }
543 *fd = sock;
544 *family = sockets[this->index].family;
545 *port = sockets[this->index].port;
546 return TRUE;
547 }
548 return FALSE;
549 }
550
551 /**
552 * implementation of socket_t.create_enumerator
553 */
554 static enumerator_t *create_enumerator(private_socket_t *this)
555 {
556 socket_enumerator_t *enumerator;
557
558 enumerator = malloc_thing(socket_enumerator_t);
559 enumerator->index = -1;
560 enumerator->socket = this;
561 enumerator->public.enumerate = (void*)enumerate;
562 enumerator->public.destroy = (void*)free;
563 return &enumerator->public;
564 }
565
566 /**
567 * implementation of socket_t.destroy
568 */
569 static void destroy(private_socket_t *this)
570 {
571 if (this->ipv4)
572 {
573 close(this->ipv4);
574 }
575 if (this->ipv4_natt)
576 {
577 close(this->ipv4_natt);
578 }
579 if (this->ipv6)
580 {
581 close(this->ipv6);
582 }
583 if (this->ipv6_natt)
584 {
585 close(this->ipv6_natt);
586 }
587 free(this);
588 }
589
590 /*
591 * See header for description
592 */
593 socket_t *socket_create()
594 {
595 private_socket_t *this = malloc_thing(private_socket_t);
596
597 /* public functions */
598 this->public.send = (status_t(*)(socket_t*, packet_t*))sender;
599 this->public.receive = (status_t(*)(socket_t*, packet_t**))receiver;
600 this->public.create_enumerator = (enumerator_t*(*)(socket_t*))create_enumerator;
601 this->public.destroy = (void(*)(socket_t*)) destroy;
602
603 this->ipv4 = 0;
604 this->ipv6 = 0;
605 this->ipv4_natt = 0;
606 this->ipv6_natt = 0;
607
608 this->ipv4 = open_socket(this, AF_INET, IKEV2_UDP_PORT);
609 if (this->ipv4 == 0)
610 {
611 DBG1(DBG_NET, "could not open IPv4 socket, IPv4 disabled");
612 }
613 else
614 {
615 this->ipv4_natt = open_socket(this, AF_INET, IKEV2_NATT_PORT);
616 if (this->ipv4_natt == 0)
617 {
618 DBG1(DBG_NET, "could not open IPv4 NAT-T socket");
619 }
620 }
621
622 this->ipv6 = open_socket(this, AF_INET6, IKEV2_UDP_PORT);
623 if (this->ipv6 == 0)
624 {
625 DBG1(DBG_NET, "could not open IPv6 socket, IPv6 disabled");
626 }
627 else
628 {
629 this->ipv6_natt = open_socket(this, AF_INET6, IKEV2_NATT_PORT);
630 if (this->ipv6_natt == 0)
631 {
632 DBG1(DBG_NET, "could not open IPv6 NAT-T socket");
633 }
634 }
635
636 if (!this->ipv4 && !this->ipv6)
637 {
638 DBG1(DBG_NET, "could not create any sockets");
639 destroy(this);
640 charon->kill(charon, "socket initialization failed");
641 }
642 return (socket_t*)this;
643 }
644