42528dea78d8ebc822048357249511bac333cdbd
[strongswan.git] / src / charon / network / socket.c
1 /*
2 * Copyright (C) 2006-2009 Tobias Brunner
3 * Copyright (C) 2006 Daniel Roethlisberger
4 * Copyright (C) 2005-2007 Martin Willi
5 * Copyright (C) 2005 Jan Hutter
6 * Hochschule fuer Technik Rapperswil
7 *
8 * This program is free software; you can redistribute it and/or modify it
9 * under the terms of the GNU General Public License as published by the
10 * Free Software Foundation; either version 2 of the License, or (at your
11 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
12 *
13 * This program is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
15 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
16 * for more details.
17 */
18
19 /* for struct in6_pktinfo */
20 #define _GNU_SOURCE
21 #ifdef __sun
22 #define _XPG4_2
23 #define __EXTENSIONS__
24 #endif
25
26 #include <sys/types.h>
27 #include <sys/socket.h>
28 #include <string.h>
29 #include <errno.h>
30 #include <unistd.h>
31 #include <stdlib.h>
32 #include <fcntl.h>
33 #include <sys/ioctl.h>
34 #include <netinet/in_systm.h>
35 #include <netinet/in.h>
36 #include <netinet/ip.h>
37 #include <netinet/ip6.h>
38 #include <netinet/udp.h>
39 #include <net/if.h>
40 #ifdef __APPLE__
41 #include <sys/sysctl.h>
42 #endif
43
44 #include "socket.h"
45
46 #include <daemon.h>
47 #include <threading/thread.h>
48
49 /* length of non-esp marker */
50 #define MARKER_LEN sizeof(u_int32_t)
51
52 /* from linux/udp.h */
53 #ifndef UDP_ENCAP
54 #define UDP_ENCAP 100
55 #endif /*UDP_ENCAP*/
56
57 #ifndef UDP_ENCAP_ESPINUDP
58 #define UDP_ENCAP_ESPINUDP 2
59 #endif /*UDP_ENCAP_ESPINUDP*/
60
61 /* these are not defined on some platforms */
62 #ifndef SOL_IP
63 #define SOL_IP IPPROTO_IP
64 #endif
65 #ifndef SOL_IPV6
66 #define SOL_IPV6 IPPROTO_IPV6
67 #endif
68 #ifndef SOL_UDP
69 #define SOL_UDP IPPROTO_UDP
70 #endif
71
72 /* IPV6_RECVPKTINFO is defined in RFC 3542 which obsoletes RFC 2292 that
73 * previously defined IPV6_PKTINFO */
74 #ifndef IPV6_RECVPKTINFO
75 #define IPV6_RECVPKTINFO IPV6_PKTINFO
76 #endif
77
78
79 typedef struct private_socket_t private_socket_t;
80
81 /**
82 * Private data of an socket_t object
83 */
84 struct private_socket_t {
85 /**
86 * public functions
87 */
88 socket_t public;
89
90 /**
91 * IPv4 socket (500)
92 */
93 int ipv4;
94
95 /**
96 * IPv4 socket for NATT (4500)
97 */
98 int ipv4_natt;
99
100 /**
101 * IPv6 socket (500)
102 */
103 int ipv6;
104
105 /**
106 * IPv6 socket for NATT (4500)
107 */
108 int ipv6_natt;
109 };
110
111 /**
112 * implementation of socket_t.receive
113 */
114 static status_t receiver(private_socket_t *this, packet_t **packet)
115 {
116 char buffer[MAX_PACKET];
117 chunk_t data;
118 packet_t *pkt;
119 host_t *source = NULL, *dest = NULL;
120 int bytes_read = 0, data_offset;
121 bool oldstate;
122
123 fd_set rfds;
124 int max_fd = 0, selected = 0;
125 u_int16_t port = 0;
126
127 FD_ZERO(&rfds);
128
129 if (this->ipv4)
130 {
131 FD_SET(this->ipv4, &rfds);
132 }
133 if (this->ipv4_natt)
134 {
135 FD_SET(this->ipv4_natt, &rfds);
136 }
137 if (this->ipv6)
138 {
139 FD_SET(this->ipv6, &rfds);
140 }
141 if (this->ipv6_natt)
142 {
143 FD_SET(this->ipv6_natt, &rfds);
144 }
145 max_fd = max(max(this->ipv4, this->ipv4_natt), max(this->ipv6, this->ipv6_natt));
146
147 DBG2(DBG_NET, "waiting for data on sockets");
148 oldstate = thread_cancelability(TRUE);
149 if (select(max_fd + 1, &rfds, NULL, NULL, NULL) <= 0)
150 {
151 thread_cancelability(oldstate);
152 return FAILED;
153 }
154 thread_cancelability(oldstate);
155
156 if (FD_ISSET(this->ipv4, &rfds))
157 {
158 port = IKEV2_UDP_PORT;
159 selected = this->ipv4;
160 }
161 if (FD_ISSET(this->ipv4_natt, &rfds))
162 {
163 port = IKEV2_NATT_PORT;
164 selected = this->ipv4_natt;
165 }
166 if (FD_ISSET(this->ipv6, &rfds))
167 {
168 port = IKEV2_UDP_PORT;
169 selected = this->ipv6;
170 }
171 if (FD_ISSET(this->ipv6_natt, &rfds))
172 {
173 port = IKEV2_NATT_PORT;
174 selected = this->ipv6_natt;
175 }
176 if (selected)
177 {
178 struct msghdr msg;
179 struct cmsghdr *cmsgptr;
180 struct iovec iov;
181 char ancillary[64];
182 union {
183 struct sockaddr_in in4;
184 struct sockaddr_in6 in6;
185 } src;
186
187 msg.msg_name = &src;
188 msg.msg_namelen = sizeof(src);
189 iov.iov_base = buffer;
190 iov.iov_len = sizeof(buffer);
191 msg.msg_iov = &iov;
192 msg.msg_iovlen = 1;
193 msg.msg_control = ancillary;
194 msg.msg_controllen = sizeof(ancillary);
195 msg.msg_flags = 0;
196 bytes_read = recvmsg(selected, &msg, 0);
197 if (bytes_read < 0)
198 {
199 DBG1(DBG_NET, "error reading socket: %s", strerror(errno));
200 return FAILED;
201 }
202 DBG3(DBG_NET, "received packet %b", buffer, bytes_read);
203
204 if (bytes_read < MARKER_LEN)
205 {
206 DBG3(DBG_NET, "received packet too short (%d bytes)",
207 bytes_read);
208 return FAILED;
209 }
210
211 /* read ancillary data to get destination address */
212 for (cmsgptr = CMSG_FIRSTHDR(&msg); cmsgptr != NULL;
213 cmsgptr = CMSG_NXTHDR(&msg, cmsgptr))
214 {
215 if (cmsgptr->cmsg_len == 0)
216 {
217 DBG1(DBG_NET, "error reading ancillary data");
218 return FAILED;
219 }
220
221 if (cmsgptr->cmsg_level == SOL_IPV6 &&
222 cmsgptr->cmsg_type == IPV6_PKTINFO)
223 {
224 struct in6_pktinfo *pktinfo;
225 pktinfo = (struct in6_pktinfo*)CMSG_DATA(cmsgptr);
226 struct sockaddr_in6 dst;
227
228 memset(&dst, 0, sizeof(dst));
229 memcpy(&dst.sin6_addr, &pktinfo->ipi6_addr, sizeof(dst.sin6_addr));
230 dst.sin6_family = AF_INET6;
231 dst.sin6_port = htons(port);
232 dest = host_create_from_sockaddr((sockaddr_t*)&dst);
233 }
234 if (cmsgptr->cmsg_level == SOL_IP &&
235 #ifdef IP_PKTINFO
236 cmsgptr->cmsg_type == IP_PKTINFO
237 #elif defined(IP_RECVDSTADDR)
238 cmsgptr->cmsg_type == IP_RECVDSTADDR
239 #else
240 FALSE
241 #endif
242 )
243 {
244 struct in_addr *addr;
245 struct sockaddr_in dst;
246
247 #ifdef IP_PKTINFO
248 struct in_pktinfo *pktinfo;
249 pktinfo = (struct in_pktinfo*)CMSG_DATA(cmsgptr);
250 addr = &pktinfo->ipi_addr;
251 #elif defined(IP_RECVDSTADDR)
252 addr = (struct in_addr*)CMSG_DATA(cmsgptr);
253 #endif
254 memset(&dst, 0, sizeof(dst));
255 memcpy(&dst.sin_addr, addr, sizeof(dst.sin_addr));
256
257 dst.sin_family = AF_INET;
258 dst.sin_port = htons(port);
259 dest = host_create_from_sockaddr((sockaddr_t*)&dst);
260 }
261 if (dest)
262 {
263 break;
264 }
265 }
266 if (dest == NULL)
267 {
268 DBG1(DBG_NET, "error reading IP header");
269 return FAILED;
270 }
271 source = host_create_from_sockaddr((sockaddr_t*)&src);
272
273 pkt = packet_create();
274 pkt->set_source(pkt, source);
275 pkt->set_destination(pkt, dest);
276 DBG2(DBG_NET, "received packet: from %#H to %#H", source, dest);
277 data_offset = 0;
278 /* remove non esp marker */
279 if (dest->get_port(dest) == IKEV2_NATT_PORT)
280 {
281 data_offset += MARKER_LEN;
282 }
283 /* fill in packet */
284 data.len = bytes_read - data_offset;
285 data.ptr = malloc(data.len);
286 memcpy(data.ptr, buffer + data_offset, data.len);
287 pkt->set_data(pkt, data);
288 }
289 else
290 {
291 /* oops, shouldn't happen */
292 return FAILED;
293 }
294 /* return packet */
295 *packet = pkt;
296 return SUCCESS;
297 }
298
299 /**
300 * implementation of socket_t.send
301 */
302 status_t sender(private_socket_t *this, packet_t *packet)
303 {
304 int sport, skt, family;
305 ssize_t bytes_sent;
306 chunk_t data, marked;
307 host_t *src, *dst;
308 struct msghdr msg;
309 struct cmsghdr *cmsg;
310 struct iovec iov;
311
312 src = packet->get_source(packet);
313 dst = packet->get_destination(packet);
314 data = packet->get_data(packet);
315
316 DBG2(DBG_NET, "sending packet: from %#H to %#H", src, dst);
317
318 /* send data */
319 sport = src->get_port(src);
320 family = dst->get_family(dst);
321 if (sport == IKEV2_UDP_PORT)
322 {
323 if (family == AF_INET)
324 {
325 skt = this->ipv4;
326 }
327 else
328 {
329 skt = this->ipv6;
330 }
331 }
332 else if (sport == IKEV2_NATT_PORT)
333 {
334 if (family == AF_INET)
335 {
336 skt = this->ipv4_natt;
337 }
338 else
339 {
340 skt = this->ipv6_natt;
341 }
342 /* NAT keepalives without marker */
343 if (data.len != 1 || data.ptr[0] != 0xFF)
344 {
345 /* add non esp marker to packet */
346 if (data.len > MAX_PACKET - MARKER_LEN)
347 {
348 DBG1(DBG_NET, "unable to send packet: it's too big (%d bytes)",
349 data.len);
350 return FAILED;
351 }
352 marked = chunk_alloc(data.len + MARKER_LEN);
353 memset(marked.ptr, 0, MARKER_LEN);
354 memcpy(marked.ptr + MARKER_LEN, data.ptr, data.len);
355 /* let the packet do the clean up for us */
356 packet->set_data(packet, marked);
357 data = marked;
358 }
359 }
360 else
361 {
362 DBG1(DBG_NET, "unable to locate a send socket for port %d", sport);
363 return FAILED;
364 }
365
366 memset(&msg, 0, sizeof(struct msghdr));
367 msg.msg_name = dst->get_sockaddr(dst);;
368 msg.msg_namelen = *dst->get_sockaddr_len(dst);
369 iov.iov_base = data.ptr;
370 iov.iov_len = data.len;
371 msg.msg_iov = &iov;
372 msg.msg_iovlen = 1;
373 msg.msg_flags = 0;
374
375 if (!src->is_anyaddr(src))
376 {
377 if (family == AF_INET)
378 {
379 #if defined(IP_PKTINFO) || defined(IP_SENDSRCADDR)
380 struct in_addr *addr;
381 struct sockaddr_in *sin;
382 #ifdef IP_PKTINFO
383 char buf[CMSG_SPACE(sizeof(struct in_pktinfo))];
384 struct in_pktinfo *pktinfo;
385 #elif defined(IP_SENDSRCADDR)
386 char buf[CMSG_SPACE(sizeof(struct in_addr))];
387 #endif
388 msg.msg_control = buf;
389 msg.msg_controllen = sizeof(buf);
390 cmsg = CMSG_FIRSTHDR(&msg);
391 cmsg->cmsg_level = SOL_IP;
392 #ifdef IP_PKTINFO
393 cmsg->cmsg_type = IP_PKTINFO;
394 cmsg->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo));
395 pktinfo = (struct in_pktinfo*)CMSG_DATA(cmsg);
396 memset(pktinfo, 0, sizeof(struct in_pktinfo));
397 addr = &pktinfo->ipi_spec_dst;
398 #elif defined(IP_SENDSRCADDR)
399 cmsg->cmsg_type = IP_SENDSRCADDR;
400 cmsg->cmsg_len = CMSG_LEN(sizeof(struct in_addr));
401 addr = (struct in_addr*)CMSG_DATA(cmsg);
402 #endif
403 sin = (struct sockaddr_in*)src->get_sockaddr(src);
404 memcpy(addr, &sin->sin_addr, sizeof(struct in_addr));
405 #endif /* IP_PKTINFO || IP_SENDSRCADDR */
406 }
407 else
408 {
409 char buf[CMSG_SPACE(sizeof(struct in6_pktinfo))];
410 struct in6_pktinfo *pktinfo;
411 struct sockaddr_in6 *sin;
412
413 msg.msg_control = buf;
414 msg.msg_controllen = sizeof(buf);
415 cmsg = CMSG_FIRSTHDR(&msg);
416 cmsg->cmsg_level = SOL_IPV6;
417 cmsg->cmsg_type = IPV6_PKTINFO;
418 cmsg->cmsg_len = CMSG_LEN(sizeof(struct in6_pktinfo));
419 pktinfo = (struct in6_pktinfo*)CMSG_DATA(cmsg);
420 memset(pktinfo, 0, sizeof(struct in6_pktinfo));
421 sin = (struct sockaddr_in6*)src->get_sockaddr(src);
422 memcpy(&pktinfo->ipi6_addr, &sin->sin6_addr, sizeof(struct in6_addr));
423 }
424 }
425
426 bytes_sent = sendmsg(skt, &msg, 0);
427
428 if (bytes_sent != data.len)
429 {
430 DBG1(DBG_NET, "error writing to socket: %s", strerror(errno));
431 return FAILED;
432 }
433 return SUCCESS;
434 }
435
436 /**
437 * open a socket to send and receive packets
438 */
439 static int open_socket(private_socket_t *this, int family, u_int16_t port)
440 {
441 int on = TRUE;
442 struct sockaddr_storage addr;
443 socklen_t addrlen;
444 u_int sol, pktinfo = 0;
445 int skt;
446
447 memset(&addr, 0, sizeof(addr));
448 /* precalculate constants depending on address family */
449 switch (family)
450 {
451 case AF_INET:
452 {
453 struct sockaddr_in *sin = (struct sockaddr_in *)&addr;
454 sin->sin_family = AF_INET;
455 sin->sin_addr.s_addr = INADDR_ANY;
456 sin->sin_port = htons(port);
457 addrlen = sizeof(struct sockaddr_in);
458 sol = SOL_IP;
459 #ifdef IP_PKTINFO
460 pktinfo = IP_PKTINFO;
461 #elif defined(IP_RECVDSTADDR)
462 pktinfo = IP_RECVDSTADDR;
463 #endif
464 break;
465 }
466 case AF_INET6:
467 {
468 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&addr;
469 sin6->sin6_family = AF_INET6;
470 memcpy(&sin6->sin6_addr, &in6addr_any, sizeof(in6addr_any));
471 sin6->sin6_port = htons(port);
472 addrlen = sizeof(struct sockaddr_in6);
473 sol = SOL_IPV6;
474 pktinfo = IPV6_RECVPKTINFO;
475 break;
476 }
477 default:
478 return 0;
479 }
480
481 skt = socket(family, SOCK_DGRAM, IPPROTO_UDP);
482 if (skt < 0)
483 {
484 DBG1(DBG_NET, "could not open socket: %s", strerror(errno));
485 return 0;
486 }
487 if (setsockopt(skt, SOL_SOCKET, SO_REUSEADDR, (void*)&on, sizeof(on)) < 0)
488 {
489 DBG1(DBG_NET, "unable to set SO_REUSEADDR on socket: %s", strerror(errno));
490 close(skt);
491 return 0;
492 }
493
494 /* bind the socket */
495 if (bind(skt, (struct sockaddr *)&addr, addrlen) < 0)
496 {
497 DBG1(DBG_NET, "unable to bind socket: %s", strerror(errno));
498 close(skt);
499 return 0;
500 }
501
502 /* get additional packet info on receive */
503 if (pktinfo > 0)
504 {
505 if (setsockopt(skt, sol, pktinfo, &on, sizeof(on)) < 0)
506 {
507 DBG1(DBG_NET, "unable to set IP_PKTINFO on socket: %s", strerror(errno));
508 close(skt);
509 return 0;
510 }
511 }
512
513 #ifndef __APPLE__
514 {
515 /* enable UDP decapsulation globally, only for one socket needed */
516 int type = UDP_ENCAP_ESPINUDP;
517 if (family == AF_INET && port == IKEV2_NATT_PORT &&
518 setsockopt(skt, SOL_UDP, UDP_ENCAP, &type, sizeof(type)) < 0)
519 {
520 DBG1(DBG_NET, "unable to set UDP_ENCAP: %s", strerror(errno));
521 }
522 }
523 #endif
524 return skt;
525 }
526
527 /**
528 * enumerator for underlying sockets
529 */
530 typedef struct {
531 /** implements enumerator_t */
532 enumerator_t public;
533 /** sockets we enumerate */
534 private_socket_t *socket;
535 /** counter */
536 int index;
537 } socket_enumerator_t;
538
539 /**
540 * enumerate function for socket_enumerator_t
541 */
542 static bool enumerate(socket_enumerator_t *this, int *fd, int *family, int *port)
543 {
544 static const struct {
545 int fd_offset;
546 int family;
547 int port;
548 } sockets[] = {
549 { offsetof(private_socket_t, ipv4), AF_INET, IKEV2_UDP_PORT },
550 { offsetof(private_socket_t, ipv6), AF_INET6, IKEV2_UDP_PORT },
551 { offsetof(private_socket_t, ipv4_natt), AF_INET, IKEV2_NATT_PORT },
552 { offsetof(private_socket_t, ipv6_natt), AF_INET6, IKEV2_NATT_PORT }
553 };
554
555 while(++this->index < countof(sockets))
556 {
557 int sock = *(int*)((char*)this->socket + sockets[this->index].fd_offset);
558 if (!sock)
559 {
560 continue;
561 }
562 *fd = sock;
563 *family = sockets[this->index].family;
564 *port = sockets[this->index].port;
565 return TRUE;
566 }
567 return FALSE;
568 }
569
570 /**
571 * implementation of socket_t.create_enumerator
572 */
573 static enumerator_t *create_enumerator(private_socket_t *this)
574 {
575 socket_enumerator_t *enumerator;
576
577 enumerator = malloc_thing(socket_enumerator_t);
578 enumerator->index = -1;
579 enumerator->socket = this;
580 enumerator->public.enumerate = (void*)enumerate;
581 enumerator->public.destroy = (void*)free;
582 return &enumerator->public;
583 }
584
585 /**
586 * implementation of socket_t.destroy
587 */
588 static void destroy(private_socket_t *this)
589 {
590 if (this->ipv4)
591 {
592 close(this->ipv4);
593 }
594 if (this->ipv4_natt)
595 {
596 close(this->ipv4_natt);
597 }
598 if (this->ipv6)
599 {
600 close(this->ipv6);
601 }
602 if (this->ipv6_natt)
603 {
604 close(this->ipv6_natt);
605 }
606 free(this);
607 }
608
609 /*
610 * See header for description
611 */
612 socket_t *socket_create()
613 {
614 private_socket_t *this = malloc_thing(private_socket_t);
615
616 /* public functions */
617 this->public.send = (status_t(*)(socket_t*, packet_t*))sender;
618 this->public.receive = (status_t(*)(socket_t*, packet_t**))receiver;
619 this->public.create_enumerator = (enumerator_t*(*)(socket_t*))create_enumerator;
620 this->public.destroy = (void(*)(socket_t*)) destroy;
621
622 this->ipv4 = 0;
623 this->ipv6 = 0;
624 this->ipv4_natt = 0;
625 this->ipv6_natt = 0;
626
627 #ifdef __APPLE__
628 {
629 int natt_port = IKEV2_NATT_PORT;
630 if (sysctlbyname("net.inet.ipsec.esp_port", NULL, NULL, &natt_port,
631 sizeof(natt_port)) != 0)
632 {
633 DBG1(DBG_NET, "could not set net.inet.ipsec.esp_port to %d: %s",
634 natt_port, strerror(errno));
635 }
636 }
637 #endif
638
639 this->ipv4 = open_socket(this, AF_INET, IKEV2_UDP_PORT);
640 if (this->ipv4 == 0)
641 {
642 DBG1(DBG_NET, "could not open IPv4 socket, IPv4 disabled");
643 }
644 else
645 {
646 this->ipv4_natt = open_socket(this, AF_INET, IKEV2_NATT_PORT);
647 if (this->ipv4_natt == 0)
648 {
649 DBG1(DBG_NET, "could not open IPv4 NAT-T socket");
650 }
651 }
652
653 this->ipv6 = open_socket(this, AF_INET6, IKEV2_UDP_PORT);
654 if (this->ipv6 == 0)
655 {
656 DBG1(DBG_NET, "could not open IPv6 socket, IPv6 disabled");
657 }
658 else
659 {
660 this->ipv6_natt = open_socket(this, AF_INET6, IKEV2_NATT_PORT);
661 if (this->ipv6_natt == 0)
662 {
663 DBG1(DBG_NET, "could not open IPv6 NAT-T socket");
664 }
665 }
666
667 if (!this->ipv4 && !this->ipv6)
668 {
669 DBG1(DBG_NET, "could not create any sockets");
670 destroy(this);
671 charon->kill(charon, "socket initialization failed");
672 }
673 return (socket_t*)this;
674 }
675