596c26f0b58c45c39b2a1de447bd10eb046519b8
[strongswan.git] / src / charon / network / socket.c
1 /**
2 * @file socket.c
3 *
4 * @brief Implementation of socket_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2006 Tobias Brunner, Daniel Roethlisberger
10 * Copyright (C) 2005-2006 Martin Willi
11 * Copyright (C) 2005 Jan Hutter
12 * Hochschule fuer Technik Rapperswil
13 *
14 * This program is free software; you can redistribute it and/or modify it
15 * under the terms of the GNU General Public License as published by the
16 * Free Software Foundation; either version 2 of the License, or (at your
17 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
18 *
19 * This program is distributed in the hope that it will be useful, but
20 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
21 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
22 * for more details.
23 */
24
25 #include <pthread.h>
26 #include <sys/types.h>
27 #include <sys/socket.h>
28 #include <string.h>
29 #include <errno.h>
30 #include <unistd.h>
31 #include <stdlib.h>
32 #include <fcntl.h>
33 #include <sys/ioctl.h>
34 #include <netinet/in.h>
35 #include <netinet/ip.h>
36 #include <netinet/ip6.h>
37 #include <netinet/udp.h>
38 #include <linux/ipsec.h>
39 #include <linux/filter.h>
40 #include <net/if.h>
41 #include <ifaddrs.h>
42
43 #include "socket.h"
44
45 #include <daemon.h>
46
47 /* constants for packet handling */
48 #define IP_LEN sizeof(struct iphdr)
49 #define IP6_LEN sizeof(struct ip6_hdr)
50 #define UDP_LEN sizeof(struct udphdr)
51 #define MARKER_LEN sizeof(u_int32_t)
52
53 /* offsets for packet handling */
54 #define IP_PROTO_OFFSET 9
55 #define IP6_PROTO_OFFSET 6
56 #define IKE_VERSION_OFFSET 17
57 #define IKE_LENGTH_OFFSET 24
58
59 /* from linux/in.h */
60 #ifndef IP_IPSEC_POLICY
61 #define IP_IPSEC_POLICY 16
62 #endif /*IP_IPSEC_POLICY*/
63
64 /* from linux/udp.h */
65 #ifndef UDP_ENCAP
66 #define UDP_ENCAP 100
67 #endif /*UDP_ENCAP*/
68
69 #ifndef UDP_ENCAP_ESPINUDP
70 #define UDP_ENCAP_ESPINUDP 2
71 #endif /*UDP_ENCAP_ESPINUDP*/
72
73 /* needed for older kernel headers */
74 #ifndef IPV6_2292PKTINFO
75 #define IPV6_2292PKTINFO 2
76 #endif /*IPV6_2292PKTINFO*/
77
78 /* missing on uclibc */
79 #ifndef IPV6_IPSEC_POLICY
80 #define IPV6_IPSEC_POLICY 34
81 #endif /*IPV6_IPSEC_POLICY*/
82
83 typedef struct private_socket_t private_socket_t;
84
85 /**
86 * Private data of an socket_t object
87 */
88 struct private_socket_t{
89 /**
90 * public functions
91 */
92 socket_t public;
93
94 /**
95 * regular port
96 */
97 int port;
98
99 /**
100 * port used for nat-t
101 */
102 int natt_port;
103
104 /**
105 * raw receiver socket for IPv4
106 */
107 int recv4;
108
109 /**
110 * raw receiver socket for IPv6
111 */
112 int recv6;
113
114 /**
115 * send socket on regular port for IPv4
116 */
117 int send4;
118
119 /**
120 * send socket on regular port for IPv6
121 */
122 int send6;
123
124 /**
125 * send socket on nat-t port for IPv4
126 */
127 int send4_natt;
128
129 /**
130 * send socket on nat-t port for IPv6
131 */
132 int send6_natt;
133 };
134
135 /**
136 * implementation of socket_t.receive
137 */
138 static status_t receiver(private_socket_t *this, packet_t **packet)
139 {
140 char buffer[MAX_PACKET];
141 chunk_t data;
142 packet_t *pkt;
143 struct udphdr *udp;
144 host_t *source = NULL, *dest = NULL;
145 int bytes_read = 0;
146 int data_offset, oldstate;
147 fd_set rfds;
148
149 FD_ZERO(&rfds);
150
151 if (this->recv4)
152 {
153 FD_SET(this->recv4, &rfds);
154 }
155 if (this->recv6)
156 {
157 FD_SET(this->recv6, &rfds);
158 }
159
160 DBG2(DBG_NET, "waiting for data on raw sockets");
161
162 pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &oldstate);
163 if (select(max(this->recv4, this->recv6) + 1, &rfds, NULL, NULL, NULL) <= 0)
164 {
165 pthread_setcancelstate(oldstate, NULL);
166 return FAILED;
167 }
168 pthread_setcancelstate(oldstate, NULL);
169
170 if (this->recv4 && FD_ISSET(this->recv4, &rfds))
171 {
172 /* IPv4 raw sockets return the IP header. We read src/dest
173 * information directly from the raw header */
174 struct iphdr *ip;
175 struct sockaddr_in src, dst;
176
177 bytes_read = recv(this->recv4, buffer, MAX_PACKET, 0);
178 if (bytes_read < 0)
179 {
180 DBG1(DBG_NET, "error reading from IPv4 socket: %m");
181 return FAILED;
182 }
183 DBG3(DBG_NET, "received IPv4 packet %b", buffer, bytes_read);
184
185 /* read source/dest from raw IP/UDP header */
186 if (bytes_read < IP_LEN + UDP_LEN + MARKER_LEN)
187 {
188 DBG1(DBG_NET, "received IPv4 packet too short (%d bytes)",
189 bytes_read);
190 return FAILED;
191 }
192 ip = (struct iphdr*) buffer;
193 udp = (struct udphdr*) (buffer + IP_LEN);
194 src.sin_family = AF_INET;
195 src.sin_addr.s_addr = ip->saddr;
196 src.sin_port = udp->source;
197 dst.sin_family = AF_INET;
198 dst.sin_addr.s_addr = ip->daddr;
199 dst.sin_port = udp->dest;
200 source = host_create_from_sockaddr((sockaddr_t*)&src);
201 dest = host_create_from_sockaddr((sockaddr_t*)&dst);
202
203 pkt = packet_create();
204 pkt->set_source(pkt, source);
205 pkt->set_destination(pkt, dest);
206 DBG2(DBG_NET, "received packet: from %#H to %#H", source, dest);
207 data_offset = IP_LEN + UDP_LEN;
208 /* remove non esp marker */
209 if (dest->get_port(dest) == this->natt_port)
210 {
211 data_offset += MARKER_LEN;
212 }
213 /* fill in packet */
214 data.len = bytes_read - data_offset;
215 data.ptr = malloc(data.len);
216 memcpy(data.ptr, buffer + data_offset, data.len);
217 pkt->set_data(pkt, data);
218 }
219 else if (this->recv6 && FD_ISSET(this->recv6, &rfds))
220 {
221 /* IPv6 raw sockets return no IP header. We must query
222 * src/dest via socket options/ancillary data */
223 struct msghdr msg;
224 struct cmsghdr *cmsgptr;
225 struct sockaddr_in6 src, dst;
226 struct iovec iov;
227 char ancillary[64];
228
229 msg.msg_name = &src;
230 msg.msg_namelen = sizeof(src);
231 iov.iov_base = buffer;
232 iov.iov_len = sizeof(buffer);
233 msg.msg_iov = &iov;
234 msg.msg_iovlen = 1;
235 msg.msg_control = ancillary;
236 msg.msg_controllen = sizeof(ancillary);
237 msg.msg_flags = 0;
238
239 bytes_read = recvmsg(this->recv6, &msg, 0);
240 if (bytes_read < 0)
241 {
242 DBG1(DBG_NET, "error reading from IPv6 socket: %m");
243 return FAILED;
244 }
245 DBG3(DBG_NET, "received IPv6 packet %b", buffer, bytes_read);
246
247 if (bytes_read < IP_LEN + UDP_LEN + MARKER_LEN)
248 {
249 DBG3(DBG_NET, "received IPv6 packet too short (%d bytes)",
250 bytes_read);
251 return FAILED;
252 }
253
254 /* read ancillary data to get destination address */
255 for (cmsgptr = CMSG_FIRSTHDR(&msg); cmsgptr != NULL;
256 cmsgptr = CMSG_NXTHDR(&msg, cmsgptr))
257 {
258 if (cmsgptr->cmsg_len == 0)
259 {
260 DBG1(DBG_NET, "error reading IPv6 ancillary data");
261 return FAILED;
262 }
263 if (cmsgptr->cmsg_level == SOL_IPV6 &&
264 cmsgptr->cmsg_type == IPV6_2292PKTINFO)
265 {
266 struct in6_pktinfo *pktinfo;
267 pktinfo = (struct in6_pktinfo*)CMSG_DATA(cmsgptr);
268
269 memset(&dst, 0, sizeof(dst));
270 memcpy(&dst.sin6_addr, &pktinfo->ipi6_addr, sizeof(dst.sin6_addr));
271 dst.sin6_family = AF_INET6;
272 udp = (struct udphdr*) (buffer);
273 dst.sin6_port = udp->dest;
274 src.sin6_port = udp->source;
275 dest = host_create_from_sockaddr((sockaddr_t*)&dst);
276 }
277 }
278 /* ancillary data missing? */
279 if (dest == NULL)
280 {
281 DBG1(DBG_NET, "error reading IPv6 packet header");
282 return FAILED;
283 }
284
285 source = host_create_from_sockaddr((sockaddr_t*)&src);
286
287 pkt = packet_create();
288 pkt->set_source(pkt, source);
289 pkt->set_destination(pkt, dest);
290 DBG2(DBG_NET, "received packet: from %#H to %#H", source, dest);
291 data_offset = UDP_LEN;
292 /* remove non esp marker */
293 if (dest->get_port(dest) == this->natt_port)
294 {
295 data_offset += MARKER_LEN;
296 }
297 /* fill in packet */
298 data.len = bytes_read - data_offset;
299 data.ptr = malloc(data.len);
300 memcpy(data.ptr, buffer + data_offset, data.len);
301 pkt->set_data(pkt, data);
302 }
303 else
304 {
305 /* oops, shouldn't happen */
306 return FAILED;
307 }
308
309 /* return packet */
310 *packet = pkt;
311 return SUCCESS;
312 }
313
314 /**
315 * implementation of socket_t.send
316 */
317 status_t sender(private_socket_t *this, packet_t *packet)
318 {
319 int sport, skt, family;
320 ssize_t bytes_sent;
321 chunk_t data, marked;
322 host_t *src, *dst;
323 struct msghdr msg;
324 struct cmsghdr *cmsg;
325 struct iovec iov;
326
327 src = packet->get_source(packet);
328 dst = packet->get_destination(packet);
329 data = packet->get_data(packet);
330
331 DBG2(DBG_NET, "sending packet: from %#H to %#H", src, dst);
332
333 /* send data */
334 sport = src->get_port(src);
335 family = dst->get_family(dst);
336 if (sport == this->port)
337 {
338 if (family == AF_INET)
339 {
340 skt = this->send4;
341 }
342 else
343 {
344 skt = this->send6;
345 }
346 }
347 else if (sport == this->natt_port)
348 {
349 if (family == AF_INET)
350 {
351 skt = this->send4_natt;
352 }
353 else
354 {
355 skt = this->send6_natt;
356 }
357 /* NAT keepalives without marker */
358 if (data.len != 1 || data.ptr[0] != 0xFF)
359 {
360 /* add non esp marker to packet */
361 if (data.len > MAX_PACKET - MARKER_LEN)
362 {
363 DBG1(DBG_NET, "unable to send packet: it's too big (%d bytes)",
364 data.len);
365 return FAILED;
366 }
367 marked = chunk_alloc(data.len + MARKER_LEN);
368 memset(marked.ptr, 0, MARKER_LEN);
369 memcpy(marked.ptr + MARKER_LEN, data.ptr, data.len);
370 /* let the packet do the clean up for us */
371 packet->set_data(packet, marked);
372 data = marked;
373 }
374 }
375 else
376 {
377 DBG1(DBG_NET, "unable to locate a send socket for port %d", sport);
378 return FAILED;
379 }
380
381 memset(&msg, 0, sizeof(struct msghdr));
382 msg.msg_name = dst->get_sockaddr(dst);;
383 msg.msg_namelen = *dst->get_sockaddr_len(dst);
384 iov.iov_base = data.ptr;
385 iov.iov_len = data.len;
386 msg.msg_iov = &iov;
387 msg.msg_iovlen = 1;
388 msg.msg_flags = 0;
389
390 if (!dst->is_anyaddr(dst))
391 {
392 if (family == AF_INET)
393 {
394 char buf[CMSG_SPACE(sizeof(struct in_pktinfo))];
395 struct in_pktinfo *pktinfo;
396 struct sockaddr_in *sin;
397
398 msg.msg_control = buf;
399 msg.msg_controllen = sizeof(buf);
400 cmsg = CMSG_FIRSTHDR(&msg);
401 cmsg->cmsg_level = SOL_IP;
402 cmsg->cmsg_type = IP_PKTINFO;
403 cmsg->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo));
404 pktinfo = (struct in_pktinfo*)CMSG_DATA(cmsg);
405 memset(pktinfo, 0, sizeof(struct in_pktinfo));
406 sin = (struct sockaddr_in*)src->get_sockaddr(src);
407 memcpy(&pktinfo->ipi_spec_dst, &sin->sin_addr, sizeof(struct in_addr));
408 }
409 else
410 {
411 char buf[CMSG_SPACE(sizeof(struct in6_pktinfo))];
412 struct in6_pktinfo *pktinfo;
413 struct sockaddr_in6 *sin;
414
415 msg.msg_control = buf;
416 msg.msg_controllen = sizeof(buf);
417 cmsg = CMSG_FIRSTHDR(&msg);
418 cmsg->cmsg_level = SOL_IPV6;
419 cmsg->cmsg_type = IPV6_2292PKTINFO;
420 cmsg->cmsg_len = CMSG_LEN(sizeof(struct in6_pktinfo));
421 pktinfo = (struct in6_pktinfo*)CMSG_DATA(cmsg);
422 memset(pktinfo, 0, sizeof(struct in6_pktinfo));
423 sin = (struct sockaddr_in6*)src->get_sockaddr(src);
424 memcpy(&pktinfo->ipi6_addr, &sin->sin6_addr, sizeof(struct in6_addr));
425 }
426 }
427
428 bytes_sent = sendmsg(skt, &msg, 0);
429
430 if (bytes_sent != data.len)
431 {
432 DBG1(DBG_NET, "error writing to socket: %m");
433 return FAILED;
434 }
435 return SUCCESS;
436 }
437
438 /**
439 * open a socket to send packets
440 */
441 static int open_send_socket(private_socket_t *this, int family, u_int16_t port)
442 {
443 int on = TRUE;
444 int type = UDP_ENCAP_ESPINUDP;
445 struct sockaddr_storage addr;
446 u_int sol, ipsec_policy;
447 struct sadb_x_policy policy;
448 int skt;
449
450 memset(&addr, 0, sizeof(addr));
451 /* precalculate constants depending on address family */
452 switch (family)
453 {
454 case AF_INET:
455 {
456 struct sockaddr_in *sin = (struct sockaddr_in *)&addr;
457 sin->sin_family = AF_INET;
458 sin->sin_addr.s_addr = INADDR_ANY;
459 sin->sin_port = htons(port);
460 sol = SOL_IP;
461 ipsec_policy = IP_IPSEC_POLICY;
462 break;
463 }
464 case AF_INET6:
465 {
466 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&addr;
467 sin6->sin6_family = AF_INET6;
468 memcpy(&sin6->sin6_addr, &in6addr_any, sizeof(in6addr_any));
469 sin6->sin6_port = htons(port);
470 sol = SOL_IPV6;
471 ipsec_policy = IPV6_IPSEC_POLICY;
472 break;
473 }
474 default:
475 return 0;
476 }
477
478 skt = socket(family, SOCK_DGRAM, IPPROTO_UDP);
479 if (skt < 0)
480 {
481 DBG1(DBG_NET, "could not open send socket: %m");
482 return 0;
483 }
484
485 if (setsockopt(skt, SOL_SOCKET, SO_REUSEADDR, (void*)&on, sizeof(on)) < 0)
486 {
487 DBG1(DBG_NET, "unable to set SO_REUSEADDR on send socket: %m");
488 close(skt);
489 return 0;
490 }
491
492 /* bypass outgoung IKE traffic on send socket */
493 memset(&policy, 0, sizeof(policy));
494 policy.sadb_x_policy_len = sizeof(policy) / sizeof(u_int64_t);
495 policy.sadb_x_policy_exttype = SADB_X_EXT_POLICY;
496 policy.sadb_x_policy_type = IPSEC_POLICY_BYPASS;
497 policy.sadb_x_policy_dir = IPSEC_DIR_OUTBOUND;
498
499 if (setsockopt(skt, sol, ipsec_policy, &policy, sizeof(policy)) < 0)
500 {
501 DBG1(DBG_NET, "unable to set IPSEC_POLICY on send socket: %m");
502 close(skt);
503 return 0;
504 }
505
506 /* We don't receive packets on the send socket, but we need a INBOUND policy.
507 * Otherwise, UDP decapsulation does not work!!! */
508 policy.sadb_x_policy_dir = IPSEC_DIR_INBOUND;
509 if (setsockopt(skt, sol, ipsec_policy, &policy, sizeof(policy)) < 0)
510 {
511 DBG1(DBG_NET, "unable to set IPSEC_POLICY on send socket: %m");
512 close(skt);
513 return 0;
514 }
515
516 /* bind the send socket */
517 if (bind(skt, (struct sockaddr *)&addr, sizeof(addr)) < 0)
518 {
519 DBG1(DBG_NET, "unable to bind send socket: %m");
520 close(skt);
521 return 0;
522 }
523
524 if (family == AF_INET)
525 {
526 /* enable UDP decapsulation globally, only for one socket needed */
527 if (setsockopt(skt, SOL_UDP, UDP_ENCAP, &type, sizeof(type)) < 0)
528 {
529 DBG1(DBG_NET, "unable to set UDP_ENCAP: %m; NAT-T may fail");
530 }
531 }
532
533 return skt;
534 }
535
536 /**
537 * open a socket to receive packets
538 */
539 static int open_recv_socket(private_socket_t *this, int family)
540 {
541 int skt;
542 int on = TRUE;
543 u_int proto_offset, ip_len, sol, ipsec_policy, udp_header, ike_header;
544 struct sadb_x_policy policy;
545
546 /* precalculate constants depending on address family */
547 switch (family)
548 {
549 case AF_INET:
550 proto_offset = IP_PROTO_OFFSET;
551 ip_len = IP_LEN;
552 sol = SOL_IP;
553 ipsec_policy = IP_IPSEC_POLICY;
554 break;
555 case AF_INET6:
556 proto_offset = IP6_PROTO_OFFSET;
557 ip_len = 0; /* IPv6 raw sockets contain no IP header */
558 sol = SOL_IPV6;
559 ipsec_policy = IPV6_IPSEC_POLICY;
560 break;
561 default:
562 return 0;
563 }
564 udp_header = ip_len;
565 ike_header = ip_len + UDP_LEN;
566
567 /* This filter code filters out all non-IKEv2 traffic on
568 * a SOCK_RAW IP_PROTP_UDP socket. Handling of other
569 * IKE versions is done in pluto.
570 */
571 struct sock_filter ikev2_filter_code[] =
572 {
573 /* Destination Port must be either port or natt_port */
574 BPF_STMT(BPF_LD+BPF_H+BPF_ABS, udp_header + 2),
575 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, this->port, 1, 0),
576 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, this->natt_port, 5, 12),
577 /* port */
578 /* IKE version must be 2.0 */
579 BPF_STMT(BPF_LD+BPF_B+BPF_ABS, ike_header + IKE_VERSION_OFFSET),
580 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, 0x20, 0, 10),
581 /* packet length is length in IKEv2 header + ip header + udp header */
582 BPF_STMT(BPF_LD+BPF_W+BPF_ABS, ike_header + IKE_LENGTH_OFFSET),
583 BPF_STMT(BPF_ALU+BPF_ADD+BPF_K, ip_len + UDP_LEN),
584 BPF_STMT(BPF_RET+BPF_A, 0),
585 /* natt_port */
586 /* nat-t: check for marker */
587 BPF_STMT(BPF_LD+BPF_W+BPF_ABS, ike_header),
588 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, 0, 0, 5),
589 /* nat-t: IKE version must be 2.0 */
590 BPF_STMT(BPF_LD+BPF_B+BPF_ABS, ike_header + MARKER_LEN + IKE_VERSION_OFFSET),
591 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, 0x20, 0, 3),
592 /* nat-t: packet length is length in IKEv2 header + ip header + udp header + non esp marker */
593 BPF_STMT(BPF_LD+BPF_W+BPF_ABS, ike_header + MARKER_LEN + IKE_LENGTH_OFFSET),
594 BPF_STMT(BPF_ALU+BPF_ADD+BPF_K, ip_len + UDP_LEN + MARKER_LEN),
595 BPF_STMT(BPF_RET+BPF_A, 0),
596 /* packet doesn't match, ignore */
597 BPF_STMT(BPF_RET+BPF_K, 0),
598 };
599
600 /* Filter struct to use with setsockopt */
601 struct sock_fprog ikev2_filter = {
602 sizeof(ikev2_filter_code) / sizeof(struct sock_filter),
603 ikev2_filter_code
604 };
605
606 /* set up a raw socket */
607 skt = socket(family, SOCK_RAW, IPPROTO_UDP);
608 if (skt < 0)
609 {
610 DBG1(DBG_NET, "unable to create raw socket: %m");
611 return 0;
612 }
613
614 if (setsockopt(skt, SOL_SOCKET, SO_ATTACH_FILTER,
615 &ikev2_filter, sizeof(ikev2_filter)) < 0)
616 {
617 DBG1(DBG_NET, "unable to attach IKEv2 filter to raw socket: %m");
618 close(skt);
619 return 0;
620 }
621
622 if (family == AF_INET6 &&
623 /* we use IPV6_2292PKTINFO, as IPV6_PKTINFO is defined as
624 * 2 or 50 depending on kernel header version */
625 setsockopt(skt, sol, IPV6_2292PKTINFO, &on, sizeof(on)) < 0)
626 {
627 DBG1(DBG_NET, "unable to set IPV6_PKTINFO on raw socket: %m");
628 close(skt);
629 return 0;
630 }
631
632 /* bypass incomining IKE traffic on this socket */
633 memset(&policy, 0, sizeof(policy));
634 policy.sadb_x_policy_len = sizeof(policy) / sizeof(u_int64_t);
635 policy.sadb_x_policy_exttype = SADB_X_EXT_POLICY;
636 policy.sadb_x_policy_type = IPSEC_POLICY_BYPASS;
637 policy.sadb_x_policy_dir = IPSEC_DIR_INBOUND;
638
639 if (setsockopt(skt, sol, ipsec_policy, &policy, sizeof(policy)) < 0)
640 {
641 DBG1(DBG_NET, "unable to set IPSEC_POLICY on raw socket: %m");
642 close(skt);
643 return 0;
644 }
645
646 return skt;
647 }
648
649 /**
650 * implementation of socket_t.destroy
651 */
652 static void destroy(private_socket_t *this)
653 {
654 if (this->recv4)
655 {
656 close(this->recv4);
657 }
658 if (this->recv6)
659 {
660 close(this->recv6);
661 }
662 if (this->send4)
663 {
664 close(this->send4);
665 }
666 if (this->send6)
667 {
668 close(this->send6);
669 }
670 if (this->send4_natt)
671 {
672 close(this->send4_natt);
673 }
674 if (this->send6_natt)
675 {
676 close(this->send6_natt);
677 }
678 free(this);
679 }
680
681 /*
682 * See header for description
683 */
684 socket_t *socket_create(u_int16_t port, u_int16_t natt_port)
685 {
686 private_socket_t *this = malloc_thing(private_socket_t);
687
688 /* public functions */
689 this->public.send = (status_t(*)(socket_t*, packet_t*))sender;
690 this->public.receive = (status_t(*)(socket_t*, packet_t**))receiver;
691 this->public.destroy = (void(*)(socket_t*)) destroy;
692
693 this->port = port;
694 this->natt_port = natt_port;
695 this->recv4 = 0;
696 this->recv6 = 0;
697 this->send4 = 0;
698 this->send6 = 0;
699 this->send4_natt = 0;
700 this->send6_natt = 0;
701
702 this->recv4 = open_recv_socket(this, AF_INET);
703 if (this->recv4 == 0)
704 {
705 DBG1(DBG_NET, "could not open IPv4 receive socket, IPv4 disabled");
706 }
707 else
708 {
709 this->send4 = open_send_socket(this, AF_INET, this->port);
710 if (this->send4 == 0)
711 {
712 DBG1(DBG_NET, "could not open IPv4 send socket, IPv4 disabled");
713 close(this->recv4);
714 }
715 else
716 {
717 this->send4_natt = open_send_socket(this, AF_INET, this->natt_port);
718 if (this->send4_natt == 0)
719 {
720 DBG1(DBG_NET, "could not open IPv4 NAT-T send socket");
721 }
722 }
723 }
724
725 this->recv6 = open_recv_socket(this, AF_INET6);
726 if (this->recv6 == 0)
727 {
728 DBG1(DBG_NET, "could not open IPv6 receive socket, IPv6 disabled");
729 }
730 else
731 {
732 this->send6 = open_send_socket(this, AF_INET6, this->port);
733 if (this->send6 == 0)
734 {
735 DBG1(DBG_NET, "could not open IPv6 send socket, IPv6 disabled");
736 close(this->recv6);
737 }
738 else
739 {
740 this->send6_natt = open_send_socket(this, AF_INET6, this->natt_port);
741 if (this->send6_natt == 0)
742 {
743 DBG1(DBG_NET, "could not open IPv6 NAT-T send socket");
744 }
745 }
746 }
747
748 if (!(this->send4 || this->send6) || !(this->recv4 || this->recv6))
749 {
750 DBG1(DBG_NET, "could not create any sockets");
751 destroy(this);
752 charon->kill(charon, "socket initialization failed");
753 }
754
755 return (socket_t*)this;
756 }