5ccc9bfa9c29d66ce95f6c530db6903f5b21bb05
[strongswan.git] / src / charon / network / socket.c
1 /*
2 * Copyright (C) 2006-2009 Tobias Brunner
3 * Copyright (C) 2006 Daniel Roethlisberger
4 * Copyright (C) 2005-2007 Martin Willi
5 * Copyright (C) 2005 Jan Hutter
6 * Hochschule fuer Technik Rapperswil
7 *
8 * This program is free software; you can redistribute it and/or modify it
9 * under the terms of the GNU General Public License as published by the
10 * Free Software Foundation; either version 2 of the License, or (at your
11 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
12 *
13 * This program is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
15 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
16 * for more details.
17 */
18
19 /* for struct in6_pktinfo */
20 #define _GNU_SOURCE
21
22 #include <pthread.h>
23 #include <sys/types.h>
24 #include <sys/socket.h>
25 #include <string.h>
26 #include <errno.h>
27 #include <unistd.h>
28 #include <stdlib.h>
29 #include <fcntl.h>
30 #include <sys/ioctl.h>
31 #include <netinet/in_systm.h>
32 #include <netinet/in.h>
33 #include <netinet/ip.h>
34 #include <netinet/ip6.h>
35 #include <netinet/udp.h>
36 #include <net/if.h>
37
38 #include "socket.h"
39
40 #include <daemon.h>
41
42 /* length of non-esp marker */
43 #define MARKER_LEN sizeof(u_int32_t)
44
45 /* from linux/udp.h */
46 #ifndef UDP_ENCAP
47 #define UDP_ENCAP 100
48 #endif /*UDP_ENCAP*/
49
50 #ifndef UDP_ENCAP_ESPINUDP
51 #define UDP_ENCAP_ESPINUDP 2
52 #endif /*UDP_ENCAP_ESPINUDP*/
53
54 /* these are not defined on some platforms */
55 #ifndef SOL_IP
56 #define SOL_IP IPPROTO_IP
57 #define SOL_IPV6 IPPROTO_IPV6
58 #define SOL_UDP IPPROTO_UDP
59 #endif
60
61 typedef struct private_socket_t private_socket_t;
62
63 /**
64 * Private data of an socket_t object
65 */
66 struct private_socket_t {
67 /**
68 * public functions
69 */
70 socket_t public;
71
72 /**
73 * IPv4 socket (500)
74 */
75 int ipv4;
76
77 /**
78 * IPv4 socket for NATT (4500)
79 */
80 int ipv4_natt;
81
82 /**
83 * IPv6 socket (500)
84 */
85 int ipv6;
86
87 /**
88 * IPv6 socket for NATT (4500)
89 */
90 int ipv6_natt;
91 };
92
93 /**
94 * implementation of socket_t.receive
95 */
96 static status_t receiver(private_socket_t *this, packet_t **packet)
97 {
98 char buffer[MAX_PACKET];
99 chunk_t data;
100 packet_t *pkt;
101 host_t *source = NULL, *dest = NULL;
102 int bytes_read = 0;
103 int data_offset, oldstate;
104 fd_set rfds;
105 int max_fd = 0, selected = 0;
106 u_int16_t port;
107
108 FD_ZERO(&rfds);
109
110 if (this->ipv4)
111 {
112 FD_SET(this->ipv4, &rfds);
113 }
114 if (this->ipv4_natt)
115 {
116 FD_SET(this->ipv4_natt, &rfds);
117 }
118 if (this->ipv6)
119 {
120 FD_SET(this->ipv6, &rfds);
121 }
122 if (this->ipv6_natt)
123 {
124 FD_SET(this->ipv6_natt, &rfds);
125 }
126 max_fd = max(max(this->ipv4, this->ipv4_natt), max(this->ipv6, this->ipv6_natt));
127
128 DBG2(DBG_NET, "waiting for data on sockets");
129 pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &oldstate);
130 if (select(max_fd + 1, &rfds, NULL, NULL, NULL) <= 0)
131 {
132 pthread_setcancelstate(oldstate, NULL);
133 return FAILED;
134 }
135 pthread_setcancelstate(oldstate, NULL);
136
137 if (FD_ISSET(this->ipv4, &rfds))
138 {
139 port = IKEV2_UDP_PORT;
140 selected = this->ipv4;
141 }
142 if (FD_ISSET(this->ipv4_natt, &rfds))
143 {
144 port = IKEV2_NATT_PORT;
145 selected = this->ipv4_natt;
146 }
147 if (FD_ISSET(this->ipv6, &rfds))
148 {
149 port = IKEV2_UDP_PORT;
150 selected = this->ipv6;
151 }
152 if (FD_ISSET(this->ipv6_natt, &rfds))
153 {
154 port = IKEV2_NATT_PORT;
155 selected = this->ipv6_natt;
156 }
157 if (selected)
158 {
159 struct msghdr msg;
160 struct cmsghdr *cmsgptr;
161 struct iovec iov;
162 char ancillary[64];
163 union {
164 struct sockaddr_in in4;
165 struct sockaddr_in6 in6;
166 } src;
167
168 msg.msg_name = &src;
169 msg.msg_namelen = sizeof(src);
170 iov.iov_base = buffer;
171 iov.iov_len = sizeof(buffer);
172 msg.msg_iov = &iov;
173 msg.msg_iovlen = 1;
174 msg.msg_control = ancillary;
175 msg.msg_controllen = sizeof(ancillary);
176 msg.msg_flags = 0;
177 bytes_read = recvmsg(selected, &msg, 0);
178 if (bytes_read < 0)
179 {
180 DBG1(DBG_NET, "error reading socket: %s", strerror(errno));
181 return FAILED;
182 }
183 DBG3(DBG_NET, "received packet %b", buffer, bytes_read);
184
185 if (bytes_read < MARKER_LEN)
186 {
187 DBG3(DBG_NET, "received packet too short (%d bytes)",
188 bytes_read);
189 return FAILED;
190 }
191
192 /* read ancillary data to get destination address */
193 for (cmsgptr = CMSG_FIRSTHDR(&msg); cmsgptr != NULL;
194 cmsgptr = CMSG_NXTHDR(&msg, cmsgptr))
195 {
196 if (cmsgptr->cmsg_len == 0)
197 {
198 DBG1(DBG_NET, "error reading ancillary data");
199 return FAILED;
200 }
201
202 if (cmsgptr->cmsg_level == SOL_IPV6 &&
203 cmsgptr->cmsg_type == IPV6_PKTINFO)
204 {
205 struct in6_pktinfo *pktinfo;
206 pktinfo = (struct in6_pktinfo*)CMSG_DATA(cmsgptr);
207 struct sockaddr_in6 dst;
208
209 memset(&dst, 0, sizeof(dst));
210 memcpy(&dst.sin6_addr, &pktinfo->ipi6_addr, sizeof(dst.sin6_addr));
211 dst.sin6_family = AF_INET6;
212 dst.sin6_port = htons(port);
213 dest = host_create_from_sockaddr((sockaddr_t*)&dst);
214 }
215 if (cmsgptr->cmsg_level == SOL_IP &&
216 #ifdef IP_RECVDSTADDR
217 cmsgptr->cmsg_type == IP_RECVDSTADDR
218 #else
219 cmsgptr->cmsg_type == IP_PKTINFO
220 #endif
221 )
222 {
223 struct in_addr *addr;
224 struct sockaddr_in dst;
225
226 #ifdef IP_RECVDSTADDR
227 addr = (struct in_addr*)CMSG_DATA(cmsgptr);
228 #else
229 struct in_pktinfo *pktinfo;
230 pktinfo = (struct in_pktinfo*)CMSG_DATA(cmsgptr);
231 addr = &pktinfo->ipi_addr;
232 #endif
233 memset(&dst, 0, sizeof(dst));
234 memcpy(&dst.sin_addr, addr, sizeof(dst.sin_addr));
235
236 dst.sin_family = AF_INET;
237 dst.sin_port = htons(port);
238 dest = host_create_from_sockaddr((sockaddr_t*)&dst);
239 }
240 if (dest)
241 {
242 break;
243 }
244 }
245 if (dest == NULL)
246 {
247 DBG1(DBG_NET, "error reading IP header");
248 return FAILED;
249 }
250 source = host_create_from_sockaddr((sockaddr_t*)&src);
251
252 pkt = packet_create();
253 pkt->set_source(pkt, source);
254 pkt->set_destination(pkt, dest);
255 DBG2(DBG_NET, "received packet: from %#H to %#H", source, dest);
256 data_offset = 0;
257 /* remove non esp marker */
258 if (dest->get_port(dest) == IKEV2_NATT_PORT)
259 {
260 data_offset += MARKER_LEN;
261 }
262 /* fill in packet */
263 data.len = bytes_read - data_offset;
264 data.ptr = malloc(data.len);
265 memcpy(data.ptr, buffer + data_offset, data.len);
266 pkt->set_data(pkt, data);
267 }
268 else
269 {
270 /* oops, shouldn't happen */
271 return FAILED;
272 }
273 /* return packet */
274 *packet = pkt;
275 return SUCCESS;
276 }
277
278 /**
279 * implementation of socket_t.send
280 */
281 status_t sender(private_socket_t *this, packet_t *packet)
282 {
283 int sport, skt, family;
284 ssize_t bytes_sent;
285 chunk_t data, marked;
286 host_t *src, *dst;
287 struct msghdr msg;
288 struct cmsghdr *cmsg;
289 struct iovec iov;
290
291 src = packet->get_source(packet);
292 dst = packet->get_destination(packet);
293 data = packet->get_data(packet);
294
295 DBG2(DBG_NET, "sending packet: from %#H to %#H", src, dst);
296
297 /* send data */
298 sport = src->get_port(src);
299 family = dst->get_family(dst);
300 if (sport == IKEV2_UDP_PORT)
301 {
302 if (family == AF_INET)
303 {
304 skt = this->ipv4;
305 }
306 else
307 {
308 skt = this->ipv6;
309 }
310 }
311 else if (sport == IKEV2_NATT_PORT)
312 {
313 if (family == AF_INET)
314 {
315 skt = this->ipv4_natt;
316 }
317 else
318 {
319 skt = this->ipv6_natt;
320 }
321 /* NAT keepalives without marker */
322 if (data.len != 1 || data.ptr[0] != 0xFF)
323 {
324 /* add non esp marker to packet */
325 if (data.len > MAX_PACKET - MARKER_LEN)
326 {
327 DBG1(DBG_NET, "unable to send packet: it's too big (%d bytes)",
328 data.len);
329 return FAILED;
330 }
331 marked = chunk_alloc(data.len + MARKER_LEN);
332 memset(marked.ptr, 0, MARKER_LEN);
333 memcpy(marked.ptr + MARKER_LEN, data.ptr, data.len);
334 /* let the packet do the clean up for us */
335 packet->set_data(packet, marked);
336 data = marked;
337 }
338 }
339 else
340 {
341 DBG1(DBG_NET, "unable to locate a send socket for port %d", sport);
342 return FAILED;
343 }
344
345 memset(&msg, 0, sizeof(struct msghdr));
346 msg.msg_name = dst->get_sockaddr(dst);;
347 msg.msg_namelen = *dst->get_sockaddr_len(dst);
348 iov.iov_base = data.ptr;
349 iov.iov_len = data.len;
350 msg.msg_iov = &iov;
351 msg.msg_iovlen = 1;
352 msg.msg_flags = 0;
353
354 if (!src->is_anyaddr(src))
355 {
356 if (family == AF_INET)
357 {
358 struct in_addr *addr;
359 struct sockaddr_in *sin;
360 #ifdef IP_SENDSRCADDR
361 char buf[CMSG_SPACE(sizeof(struct in_addr))];
362 #else
363 char buf[CMSG_SPACE(sizeof(struct in_pktinfo))];
364 struct in_pktinfo *pktinfo;
365 #endif
366 msg.msg_control = buf;
367 msg.msg_controllen = sizeof(buf);
368 cmsg = CMSG_FIRSTHDR(&msg);
369 cmsg->cmsg_level = SOL_IP;
370 #ifdef IP_SENDSRCADDR
371 cmsg->cmsg_type = IP_SENDSRCADDR;
372 cmsg->cmsg_len = CMSG_LEN(sizeof(struct in_addr));
373 addr = (struct in_addr*)CMSG_DATA(cmsg);
374 #else
375 cmsg->cmsg_type = IP_PKTINFO;
376 cmsg->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo));
377 pktinfo = (struct in_pktinfo*)CMSG_DATA(cmsg);
378 memset(pktinfo, 0, sizeof(struct in_pktinfo));
379 addr = &pktinfo->ipi_spec_dst;
380 #endif
381 sin = (struct sockaddr_in*)src->get_sockaddr(src);
382 memcpy(addr, &sin->sin_addr, sizeof(struct in_addr));
383 }
384 else
385 {
386 char buf[CMSG_SPACE(sizeof(struct in6_pktinfo))];
387 struct in6_pktinfo *pktinfo;
388 struct sockaddr_in6 *sin;
389
390 msg.msg_control = buf;
391 msg.msg_controllen = sizeof(buf);
392 cmsg = CMSG_FIRSTHDR(&msg);
393 cmsg->cmsg_level = SOL_IPV6;
394 cmsg->cmsg_type = IPV6_PKTINFO;
395 cmsg->cmsg_len = CMSG_LEN(sizeof(struct in6_pktinfo));
396 pktinfo = (struct in6_pktinfo*)CMSG_DATA(cmsg);
397 memset(pktinfo, 0, sizeof(struct in6_pktinfo));
398 sin = (struct sockaddr_in6*)src->get_sockaddr(src);
399 memcpy(&pktinfo->ipi6_addr, &sin->sin6_addr, sizeof(struct in6_addr));
400 }
401 }
402
403 bytes_sent = sendmsg(skt, &msg, 0);
404
405 if (bytes_sent != data.len)
406 {
407 DBG1(DBG_NET, "error writing to socket: %s", strerror(errno));
408 return FAILED;
409 }
410 return SUCCESS;
411 }
412
413 /**
414 * open a socket to send and receive packets
415 */
416 static int open_socket(private_socket_t *this, int family, u_int16_t port)
417 {
418 int on = TRUE;
419 int type = UDP_ENCAP_ESPINUDP;
420 struct sockaddr_storage addr;
421 socklen_t addrlen;
422 u_int sol, pktinfo;
423 int skt;
424
425 memset(&addr, 0, sizeof(addr));
426 /* precalculate constants depending on address family */
427 switch (family)
428 {
429 case AF_INET:
430 {
431 struct sockaddr_in *sin = (struct sockaddr_in *)&addr;
432 sin->sin_family = AF_INET;
433 sin->sin_addr.s_addr = INADDR_ANY;
434 sin->sin_port = htons(port);
435 addrlen = sizeof(struct sockaddr_in);
436 sol = SOL_IP;
437 #ifdef IP_RECVDSTADDR
438 pktinfo = IP_RECVDSTADDR;
439 #else
440 pktinfo = IP_PKTINFO;
441 #endif
442 break;
443 }
444 case AF_INET6:
445 {
446 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&addr;
447 sin6->sin6_family = AF_INET6;
448 memcpy(&sin6->sin6_addr, &in6addr_any, sizeof(in6addr_any));
449 sin6->sin6_port = htons(port);
450 addrlen = sizeof(struct sockaddr_in6);
451 sol = SOL_IPV6;
452 pktinfo = IPV6_RECVPKTINFO;
453 break;
454 }
455 default:
456 return 0;
457 }
458
459 skt = socket(family, SOCK_DGRAM, IPPROTO_UDP);
460 if (skt < 0)
461 {
462 DBG1(DBG_NET, "could not open socket: %s", strerror(errno));
463 return 0;
464 }
465 if (setsockopt(skt, SOL_SOCKET, SO_REUSEADDR, (void*)&on, sizeof(on)) < 0)
466 {
467 DBG1(DBG_NET, "unable to set SO_REUSEADDR on socket: %s", strerror(errno));
468 close(skt);
469 return 0;
470 }
471
472 /* bind the socket */
473 if (bind(skt, (struct sockaddr *)&addr, addrlen) < 0)
474 {
475 DBG1(DBG_NET, "unable to bind socket: %s", strerror(errno));
476 close(skt);
477 return 0;
478 }
479
480 /* get additional packet info on receive */
481 if (setsockopt(skt, sol, pktinfo, &on, sizeof(on)) < 0)
482 {
483 DBG1(DBG_NET, "unable to set IP_PKTINFO on socket: %s", strerror(errno));
484 close(skt);
485 return 0;
486 }
487
488 /* enable UDP decapsulation globally, only for one socket needed */
489 if (family == AF_INET && port == IKEV2_NATT_PORT &&
490 setsockopt(skt, SOL_UDP, UDP_ENCAP, &type, sizeof(type)) < 0)
491 {
492 DBG1(DBG_NET, "unable to set UDP_ENCAP: %s", strerror(errno));
493 }
494 return skt;
495 }
496
497 /**
498 * enumerator for underlying sockets
499 */
500 typedef struct {
501 /** implements enumerator_t */
502 enumerator_t public;
503 /** sockets we enumerate */
504 private_socket_t *socket;
505 /** counter */
506 int index;
507 } socket_enumerator_t;
508
509 /**
510 * enumerate function for socket_enumerator_t
511 */
512 static bool enumerate(socket_enumerator_t *this, int *fd, int *family, int *port)
513 {
514 static const struct {
515 int fd_offset;
516 int family;
517 int port;
518 } sockets[] = {
519 { offsetof(private_socket_t, ipv4), AF_INET, IKEV2_UDP_PORT },
520 { offsetof(private_socket_t, ipv6), AF_INET6, IKEV2_UDP_PORT },
521 { offsetof(private_socket_t, ipv4_natt), AF_INET, IKEV2_NATT_PORT },
522 { offsetof(private_socket_t, ipv6_natt), AF_INET6, IKEV2_NATT_PORT }
523 };
524
525 while(++this->index < countof(sockets))
526 {
527 int sock = *(int*)((char*)this->socket + sockets[this->index].fd_offset);
528 if (!sock)
529 {
530 continue;
531 }
532 *fd = sock;
533 *family = sockets[this->index].family;
534 *port = sockets[this->index].port;
535 return TRUE;
536 }
537 return FALSE;
538 }
539
540 /**
541 * implementation of socket_t.create_enumerator
542 */
543 static enumerator_t *create_enumerator(private_socket_t *this)
544 {
545 socket_enumerator_t *enumerator;
546
547 enumerator = malloc_thing(socket_enumerator_t);
548 enumerator->index = -1;
549 enumerator->socket = this;
550 enumerator->public.enumerate = (void*)enumerate;
551 enumerator->public.destroy = (void*)free;
552 return &enumerator->public;
553 }
554
555 /**
556 * implementation of socket_t.destroy
557 */
558 static void destroy(private_socket_t *this)
559 {
560 if (this->ipv4)
561 {
562 close(this->ipv4);
563 }
564 if (this->ipv4_natt)
565 {
566 close(this->ipv4_natt);
567 }
568 if (this->ipv6)
569 {
570 close(this->ipv6);
571 }
572 if (this->ipv6_natt)
573 {
574 close(this->ipv6_natt);
575 }
576 free(this);
577 }
578
579 /*
580 * See header for description
581 */
582 socket_t *socket_create()
583 {
584 private_socket_t *this = malloc_thing(private_socket_t);
585
586 /* public functions */
587 this->public.send = (status_t(*)(socket_t*, packet_t*))sender;
588 this->public.receive = (status_t(*)(socket_t*, packet_t**))receiver;
589 this->public.create_enumerator = (enumerator_t*(*)(socket_t*))create_enumerator;
590 this->public.destroy = (void(*)(socket_t*)) destroy;
591
592 this->ipv4 = 0;
593 this->ipv6 = 0;
594 this->ipv4_natt = 0;
595 this->ipv6_natt = 0;
596
597 this->ipv4 = open_socket(this, AF_INET, IKEV2_UDP_PORT);
598 if (this->ipv4 == 0)
599 {
600 DBG1(DBG_NET, "could not open IPv4 socket, IPv4 disabled");
601 }
602 else
603 {
604 this->ipv4_natt = open_socket(this, AF_INET, IKEV2_NATT_PORT);
605 if (this->ipv4_natt == 0)
606 {
607 DBG1(DBG_NET, "could not open IPv4 NAT-T socket");
608 }
609 }
610
611 this->ipv6 = open_socket(this, AF_INET6, IKEV2_UDP_PORT);
612 if (this->ipv6 == 0)
613 {
614 DBG1(DBG_NET, "could not open IPv6 socket, IPv6 disabled");
615 }
616 else
617 {
618 this->ipv6_natt = open_socket(this, AF_INET6, IKEV2_NATT_PORT);
619 if (this->ipv6_natt == 0)
620 {
621 DBG1(DBG_NET, "could not open IPv6 NAT-T socket");
622 }
623 }
624
625 if (!this->ipv4 && !this->ipv6)
626 {
627 DBG1(DBG_NET, "could not create any sockets");
628 destroy(this);
629 charon->kill(charon, "socket initialization failed");
630 }
631 return (socket_t*)this;
632 }
633