Added some IPv6 tweaks for Android.
[strongswan.git] / src / charon / network / socket.c
1 /*
2 * Copyright (C) 2006-2009 Tobias Brunner
3 * Copyright (C) 2006 Daniel Roethlisberger
4 * Copyright (C) 2005-2007 Martin Willi
5 * Copyright (C) 2005 Jan Hutter
6 * Hochschule fuer Technik Rapperswil
7 *
8 * This program is free software; you can redistribute it and/or modify it
9 * under the terms of the GNU General Public License as published by the
10 * Free Software Foundation; either version 2 of the License, or (at your
11 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
12 *
13 * This program is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
15 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
16 * for more details.
17 */
18
19 /* for struct in6_pktinfo */
20 #define _GNU_SOURCE
21 #ifdef __sun
22 #define _XPG4_2
23 #define __EXTENSIONS__
24 #endif
25
26 #include <sys/types.h>
27 #include <sys/socket.h>
28 #include <string.h>
29 #include <errno.h>
30 #include <unistd.h>
31 #include <stdlib.h>
32 #include <fcntl.h>
33 #include <sys/ioctl.h>
34 #include <netinet/in_systm.h>
35 #include <netinet/in.h>
36 #include <netinet/ip.h>
37 #include <netinet/udp.h>
38 #include <net/if.h>
39 #ifdef __APPLE__
40 #include <sys/sysctl.h>
41 #endif
42
43 #include "socket.h"
44
45 #include <daemon.h>
46 #include <threading/thread.h>
47
48 /* length of non-esp marker */
49 #define MARKER_LEN sizeof(u_int32_t)
50
51 /* from linux/udp.h */
52 #ifndef UDP_ENCAP
53 #define UDP_ENCAP 100
54 #endif /*UDP_ENCAP*/
55
56 #ifndef UDP_ENCAP_ESPINUDP
57 #define UDP_ENCAP_ESPINUDP 2
58 #endif /*UDP_ENCAP_ESPINUDP*/
59
60 /* these are not defined on some platforms */
61 #ifndef SOL_IP
62 #define SOL_IP IPPROTO_IP
63 #endif
64 #ifndef SOL_IPV6
65 #define SOL_IPV6 IPPROTO_IPV6
66 #endif
67 #ifndef SOL_UDP
68 #define SOL_UDP IPPROTO_UDP
69 #endif
70
71 /* IPV6_RECVPKTINFO is defined in RFC 3542 which obsoletes RFC 2292 that
72 * previously defined IPV6_PKTINFO */
73 #ifndef IPV6_RECVPKTINFO
74 #define IPV6_RECVPKTINFO IPV6_PKTINFO
75 #endif
76
77 #ifndef IN6ADDR_ANY_INIT
78 #define IN6ADDR_ANY_INIT {{{0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}}}
79 #endif
80
81 #ifndef HAVE_IN6ADDR_ANY
82 static const struct in6_addr in6addr_any = IN6ADDR_ANY_INIT;
83 #endif
84
85 typedef struct private_socket_t private_socket_t;
86
87 /**
88 * Private data of an socket_t object
89 */
90 struct private_socket_t {
91 /**
92 * public functions
93 */
94 socket_t public;
95
96 /**
97 * IPv4 socket (500)
98 */
99 int ipv4;
100
101 /**
102 * IPv4 socket for NATT (4500)
103 */
104 int ipv4_natt;
105
106 /**
107 * IPv6 socket (500)
108 */
109 int ipv6;
110
111 /**
112 * IPv6 socket for NATT (4500)
113 */
114 int ipv6_natt;
115 };
116
117 /**
118 * implementation of socket_t.receive
119 */
120 static status_t receiver(private_socket_t *this, packet_t **packet)
121 {
122 char buffer[MAX_PACKET];
123 chunk_t data;
124 packet_t *pkt;
125 host_t *source = NULL, *dest = NULL;
126 int bytes_read = 0, data_offset;
127 bool oldstate;
128
129 fd_set rfds;
130 int max_fd = 0, selected = 0;
131 u_int16_t port = 0;
132
133 FD_ZERO(&rfds);
134
135 if (this->ipv4)
136 {
137 FD_SET(this->ipv4, &rfds);
138 }
139 if (this->ipv4_natt)
140 {
141 FD_SET(this->ipv4_natt, &rfds);
142 }
143 if (this->ipv6)
144 {
145 FD_SET(this->ipv6, &rfds);
146 }
147 if (this->ipv6_natt)
148 {
149 FD_SET(this->ipv6_natt, &rfds);
150 }
151 max_fd = max(max(this->ipv4, this->ipv4_natt), max(this->ipv6, this->ipv6_natt));
152
153 DBG2(DBG_NET, "waiting for data on sockets");
154 oldstate = thread_cancelability(TRUE);
155 if (select(max_fd + 1, &rfds, NULL, NULL, NULL) <= 0)
156 {
157 thread_cancelability(oldstate);
158 return FAILED;
159 }
160 thread_cancelability(oldstate);
161
162 if (FD_ISSET(this->ipv4, &rfds))
163 {
164 port = IKEV2_UDP_PORT;
165 selected = this->ipv4;
166 }
167 if (FD_ISSET(this->ipv4_natt, &rfds))
168 {
169 port = IKEV2_NATT_PORT;
170 selected = this->ipv4_natt;
171 }
172 if (FD_ISSET(this->ipv6, &rfds))
173 {
174 port = IKEV2_UDP_PORT;
175 selected = this->ipv6;
176 }
177 if (FD_ISSET(this->ipv6_natt, &rfds))
178 {
179 port = IKEV2_NATT_PORT;
180 selected = this->ipv6_natt;
181 }
182 if (selected)
183 {
184 struct msghdr msg;
185 struct cmsghdr *cmsgptr;
186 struct iovec iov;
187 char ancillary[64];
188 union {
189 struct sockaddr_in in4;
190 struct sockaddr_in6 in6;
191 } src;
192
193 msg.msg_name = &src;
194 msg.msg_namelen = sizeof(src);
195 iov.iov_base = buffer;
196 iov.iov_len = sizeof(buffer);
197 msg.msg_iov = &iov;
198 msg.msg_iovlen = 1;
199 msg.msg_control = ancillary;
200 msg.msg_controllen = sizeof(ancillary);
201 msg.msg_flags = 0;
202 bytes_read = recvmsg(selected, &msg, 0);
203 if (bytes_read < 0)
204 {
205 DBG1(DBG_NET, "error reading socket: %s", strerror(errno));
206 return FAILED;
207 }
208 DBG3(DBG_NET, "received packet %b", buffer, bytes_read);
209
210 if (bytes_read < MARKER_LEN)
211 {
212 DBG3(DBG_NET, "received packet too short (%d bytes)",
213 bytes_read);
214 return FAILED;
215 }
216
217 /* read ancillary data to get destination address */
218 for (cmsgptr = CMSG_FIRSTHDR(&msg); cmsgptr != NULL;
219 cmsgptr = CMSG_NXTHDR(&msg, cmsgptr))
220 {
221 if (cmsgptr->cmsg_len == 0)
222 {
223 DBG1(DBG_NET, "error reading ancillary data");
224 return FAILED;
225 }
226
227 #ifdef HAVE_IN6_PKTINFO
228 if (cmsgptr->cmsg_level == SOL_IPV6 &&
229 cmsgptr->cmsg_type == IPV6_PKTINFO)
230 {
231 struct in6_pktinfo *pktinfo;
232 pktinfo = (struct in6_pktinfo*)CMSG_DATA(cmsgptr);
233 struct sockaddr_in6 dst;
234
235 memset(&dst, 0, sizeof(dst));
236 memcpy(&dst.sin6_addr, &pktinfo->ipi6_addr, sizeof(dst.sin6_addr));
237 dst.sin6_family = AF_INET6;
238 dst.sin6_port = htons(port);
239 dest = host_create_from_sockaddr((sockaddr_t*)&dst);
240 }
241 #endif /* HAVE_IN6_PKTINFO */
242 if (cmsgptr->cmsg_level == SOL_IP &&
243 #ifdef IP_PKTINFO
244 cmsgptr->cmsg_type == IP_PKTINFO
245 #elif defined(IP_RECVDSTADDR)
246 cmsgptr->cmsg_type == IP_RECVDSTADDR
247 #else
248 FALSE
249 #endif
250 )
251 {
252 struct in_addr *addr;
253 struct sockaddr_in dst;
254
255 #ifdef IP_PKTINFO
256 struct in_pktinfo *pktinfo;
257 pktinfo = (struct in_pktinfo*)CMSG_DATA(cmsgptr);
258 addr = &pktinfo->ipi_addr;
259 #elif defined(IP_RECVDSTADDR)
260 addr = (struct in_addr*)CMSG_DATA(cmsgptr);
261 #endif
262 memset(&dst, 0, sizeof(dst));
263 memcpy(&dst.sin_addr, addr, sizeof(dst.sin_addr));
264
265 dst.sin_family = AF_INET;
266 dst.sin_port = htons(port);
267 dest = host_create_from_sockaddr((sockaddr_t*)&dst);
268 }
269 if (dest)
270 {
271 break;
272 }
273 }
274 if (dest == NULL)
275 {
276 DBG1(DBG_NET, "error reading IP header");
277 return FAILED;
278 }
279 source = host_create_from_sockaddr((sockaddr_t*)&src);
280
281 pkt = packet_create();
282 pkt->set_source(pkt, source);
283 pkt->set_destination(pkt, dest);
284 DBG2(DBG_NET, "received packet: from %#H to %#H", source, dest);
285 data_offset = 0;
286 /* remove non esp marker */
287 if (dest->get_port(dest) == IKEV2_NATT_PORT)
288 {
289 data_offset += MARKER_LEN;
290 }
291 /* fill in packet */
292 data.len = bytes_read - data_offset;
293 data.ptr = malloc(data.len);
294 memcpy(data.ptr, buffer + data_offset, data.len);
295 pkt->set_data(pkt, data);
296 }
297 else
298 {
299 /* oops, shouldn't happen */
300 return FAILED;
301 }
302 /* return packet */
303 *packet = pkt;
304 return SUCCESS;
305 }
306
307 /**
308 * implementation of socket_t.send
309 */
310 status_t sender(private_socket_t *this, packet_t *packet)
311 {
312 int sport, skt, family;
313 ssize_t bytes_sent;
314 chunk_t data, marked;
315 host_t *src, *dst;
316 struct msghdr msg;
317 struct cmsghdr *cmsg;
318 struct iovec iov;
319
320 src = packet->get_source(packet);
321 dst = packet->get_destination(packet);
322 data = packet->get_data(packet);
323
324 DBG2(DBG_NET, "sending packet: from %#H to %#H", src, dst);
325
326 /* send data */
327 sport = src->get_port(src);
328 family = dst->get_family(dst);
329 if (sport == IKEV2_UDP_PORT)
330 {
331 if (family == AF_INET)
332 {
333 skt = this->ipv4;
334 }
335 else
336 {
337 skt = this->ipv6;
338 }
339 }
340 else if (sport == IKEV2_NATT_PORT)
341 {
342 if (family == AF_INET)
343 {
344 skt = this->ipv4_natt;
345 }
346 else
347 {
348 skt = this->ipv6_natt;
349 }
350 /* NAT keepalives without marker */
351 if (data.len != 1 || data.ptr[0] != 0xFF)
352 {
353 /* add non esp marker to packet */
354 if (data.len > MAX_PACKET - MARKER_LEN)
355 {
356 DBG1(DBG_NET, "unable to send packet: it's too big (%d bytes)",
357 data.len);
358 return FAILED;
359 }
360 marked = chunk_alloc(data.len + MARKER_LEN);
361 memset(marked.ptr, 0, MARKER_LEN);
362 memcpy(marked.ptr + MARKER_LEN, data.ptr, data.len);
363 /* let the packet do the clean up for us */
364 packet->set_data(packet, marked);
365 data = marked;
366 }
367 }
368 else
369 {
370 DBG1(DBG_NET, "unable to locate a send socket for port %d", sport);
371 return FAILED;
372 }
373
374 memset(&msg, 0, sizeof(struct msghdr));
375 msg.msg_name = dst->get_sockaddr(dst);;
376 msg.msg_namelen = *dst->get_sockaddr_len(dst);
377 iov.iov_base = data.ptr;
378 iov.iov_len = data.len;
379 msg.msg_iov = &iov;
380 msg.msg_iovlen = 1;
381 msg.msg_flags = 0;
382
383 if (!src->is_anyaddr(src))
384 {
385 if (family == AF_INET)
386 {
387 #if defined(IP_PKTINFO) || defined(IP_SENDSRCADDR)
388 struct in_addr *addr;
389 struct sockaddr_in *sin;
390 #ifdef IP_PKTINFO
391 char buf[CMSG_SPACE(sizeof(struct in_pktinfo))];
392 struct in_pktinfo *pktinfo;
393 #elif defined(IP_SENDSRCADDR)
394 char buf[CMSG_SPACE(sizeof(struct in_addr))];
395 #endif
396 msg.msg_control = buf;
397 msg.msg_controllen = sizeof(buf);
398 cmsg = CMSG_FIRSTHDR(&msg);
399 cmsg->cmsg_level = SOL_IP;
400 #ifdef IP_PKTINFO
401 cmsg->cmsg_type = IP_PKTINFO;
402 cmsg->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo));
403 pktinfo = (struct in_pktinfo*)CMSG_DATA(cmsg);
404 memset(pktinfo, 0, sizeof(struct in_pktinfo));
405 addr = &pktinfo->ipi_spec_dst;
406 #elif defined(IP_SENDSRCADDR)
407 cmsg->cmsg_type = IP_SENDSRCADDR;
408 cmsg->cmsg_len = CMSG_LEN(sizeof(struct in_addr));
409 addr = (struct in_addr*)CMSG_DATA(cmsg);
410 #endif
411 sin = (struct sockaddr_in*)src->get_sockaddr(src);
412 memcpy(addr, &sin->sin_addr, sizeof(struct in_addr));
413 #endif /* IP_PKTINFO || IP_SENDSRCADDR */
414 }
415 #ifdef HAVE_IN6_PKTINFO
416 else
417 {
418 char buf[CMSG_SPACE(sizeof(struct in6_pktinfo))];
419 struct in6_pktinfo *pktinfo;
420 struct sockaddr_in6 *sin;
421
422 msg.msg_control = buf;
423 msg.msg_controllen = sizeof(buf);
424 cmsg = CMSG_FIRSTHDR(&msg);
425 cmsg->cmsg_level = SOL_IPV6;
426 cmsg->cmsg_type = IPV6_PKTINFO;
427 cmsg->cmsg_len = CMSG_LEN(sizeof(struct in6_pktinfo));
428 pktinfo = (struct in6_pktinfo*)CMSG_DATA(cmsg);
429 memset(pktinfo, 0, sizeof(struct in6_pktinfo));
430 sin = (struct sockaddr_in6*)src->get_sockaddr(src);
431 memcpy(&pktinfo->ipi6_addr, &sin->sin6_addr, sizeof(struct in6_addr));
432 }
433 #endif /* HAVE_IN6_PKTINFO */
434 }
435
436 bytes_sent = sendmsg(skt, &msg, 0);
437
438 if (bytes_sent != data.len)
439 {
440 DBG1(DBG_NET, "error writing to socket: %s", strerror(errno));
441 return FAILED;
442 }
443 return SUCCESS;
444 }
445
446 /**
447 * open a socket to send and receive packets
448 */
449 static int open_socket(private_socket_t *this, int family, u_int16_t port)
450 {
451 int on = TRUE;
452 struct sockaddr_storage addr;
453 socklen_t addrlen;
454 u_int sol, pktinfo = 0;
455 int skt;
456
457 memset(&addr, 0, sizeof(addr));
458 /* precalculate constants depending on address family */
459 switch (family)
460 {
461 case AF_INET:
462 {
463 struct sockaddr_in *sin = (struct sockaddr_in *)&addr;
464 sin->sin_family = AF_INET;
465 sin->sin_addr.s_addr = INADDR_ANY;
466 sin->sin_port = htons(port);
467 addrlen = sizeof(struct sockaddr_in);
468 sol = SOL_IP;
469 #ifdef IP_PKTINFO
470 pktinfo = IP_PKTINFO;
471 #elif defined(IP_RECVDSTADDR)
472 pktinfo = IP_RECVDSTADDR;
473 #endif
474 break;
475 }
476 case AF_INET6:
477 {
478 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&addr;
479 sin6->sin6_family = AF_INET6;
480 memcpy(&sin6->sin6_addr, &in6addr_any, sizeof(in6addr_any));
481 sin6->sin6_port = htons(port);
482 addrlen = sizeof(struct sockaddr_in6);
483 sol = SOL_IPV6;
484 pktinfo = IPV6_RECVPKTINFO;
485 break;
486 }
487 default:
488 return 0;
489 }
490
491 skt = socket(family, SOCK_DGRAM, IPPROTO_UDP);
492 if (skt < 0)
493 {
494 DBG1(DBG_NET, "could not open socket: %s", strerror(errno));
495 return 0;
496 }
497 if (setsockopt(skt, SOL_SOCKET, SO_REUSEADDR, (void*)&on, sizeof(on)) < 0)
498 {
499 DBG1(DBG_NET, "unable to set SO_REUSEADDR on socket: %s", strerror(errno));
500 close(skt);
501 return 0;
502 }
503
504 /* bind the socket */
505 if (bind(skt, (struct sockaddr *)&addr, addrlen) < 0)
506 {
507 DBG1(DBG_NET, "unable to bind socket: %s", strerror(errno));
508 close(skt);
509 return 0;
510 }
511
512 /* get additional packet info on receive */
513 if (pktinfo > 0)
514 {
515 if (setsockopt(skt, sol, pktinfo, &on, sizeof(on)) < 0)
516 {
517 DBG1(DBG_NET, "unable to set IP_PKTINFO on socket: %s", strerror(errno));
518 close(skt);
519 return 0;
520 }
521 }
522
523 #ifndef __APPLE__
524 {
525 /* enable UDP decapsulation globally, only for one socket needed */
526 int type = UDP_ENCAP_ESPINUDP;
527 if (family == AF_INET && port == IKEV2_NATT_PORT &&
528 setsockopt(skt, SOL_UDP, UDP_ENCAP, &type, sizeof(type)) < 0)
529 {
530 DBG1(DBG_NET, "unable to set UDP_ENCAP: %s", strerror(errno));
531 }
532 }
533 #endif
534 return skt;
535 }
536
537 /**
538 * enumerator for underlying sockets
539 */
540 typedef struct {
541 /** implements enumerator_t */
542 enumerator_t public;
543 /** sockets we enumerate */
544 private_socket_t *socket;
545 /** counter */
546 int index;
547 } socket_enumerator_t;
548
549 /**
550 * enumerate function for socket_enumerator_t
551 */
552 static bool enumerate(socket_enumerator_t *this, int *fd, int *family, int *port)
553 {
554 static const struct {
555 int fd_offset;
556 int family;
557 int port;
558 } sockets[] = {
559 { offsetof(private_socket_t, ipv4), AF_INET, IKEV2_UDP_PORT },
560 { offsetof(private_socket_t, ipv6), AF_INET6, IKEV2_UDP_PORT },
561 { offsetof(private_socket_t, ipv4_natt), AF_INET, IKEV2_NATT_PORT },
562 { offsetof(private_socket_t, ipv6_natt), AF_INET6, IKEV2_NATT_PORT }
563 };
564
565 while(++this->index < countof(sockets))
566 {
567 int sock = *(int*)((char*)this->socket + sockets[this->index].fd_offset);
568 if (!sock)
569 {
570 continue;
571 }
572 *fd = sock;
573 *family = sockets[this->index].family;
574 *port = sockets[this->index].port;
575 return TRUE;
576 }
577 return FALSE;
578 }
579
580 /**
581 * implementation of socket_t.create_enumerator
582 */
583 static enumerator_t *create_enumerator(private_socket_t *this)
584 {
585 socket_enumerator_t *enumerator;
586
587 enumerator = malloc_thing(socket_enumerator_t);
588 enumerator->index = -1;
589 enumerator->socket = this;
590 enumerator->public.enumerate = (void*)enumerate;
591 enumerator->public.destroy = (void*)free;
592 return &enumerator->public;
593 }
594
595 /**
596 * implementation of socket_t.destroy
597 */
598 static void destroy(private_socket_t *this)
599 {
600 if (this->ipv4)
601 {
602 close(this->ipv4);
603 }
604 if (this->ipv4_natt)
605 {
606 close(this->ipv4_natt);
607 }
608 if (this->ipv6)
609 {
610 close(this->ipv6);
611 }
612 if (this->ipv6_natt)
613 {
614 close(this->ipv6_natt);
615 }
616 free(this);
617 }
618
619 /*
620 * See header for description
621 */
622 socket_t *socket_create()
623 {
624 private_socket_t *this = malloc_thing(private_socket_t);
625
626 /* public functions */
627 this->public.send = (status_t(*)(socket_t*, packet_t*))sender;
628 this->public.receive = (status_t(*)(socket_t*, packet_t**))receiver;
629 this->public.create_enumerator = (enumerator_t*(*)(socket_t*))create_enumerator;
630 this->public.destroy = (void(*)(socket_t*)) destroy;
631
632 this->ipv4 = 0;
633 this->ipv6 = 0;
634 this->ipv4_natt = 0;
635 this->ipv6_natt = 0;
636
637 #ifdef __APPLE__
638 {
639 int natt_port = IKEV2_NATT_PORT;
640 if (sysctlbyname("net.inet.ipsec.esp_port", NULL, NULL, &natt_port,
641 sizeof(natt_port)) != 0)
642 {
643 DBG1(DBG_NET, "could not set net.inet.ipsec.esp_port to %d: %s",
644 natt_port, strerror(errno));
645 }
646 }
647 #endif
648
649 this->ipv4 = open_socket(this, AF_INET, IKEV2_UDP_PORT);
650 if (this->ipv4 == 0)
651 {
652 DBG1(DBG_NET, "could not open IPv4 socket, IPv4 disabled");
653 }
654 else
655 {
656 this->ipv4_natt = open_socket(this, AF_INET, IKEV2_NATT_PORT);
657 if (this->ipv4_natt == 0)
658 {
659 DBG1(DBG_NET, "could not open IPv4 NAT-T socket");
660 }
661 }
662
663 this->ipv6 = open_socket(this, AF_INET6, IKEV2_UDP_PORT);
664 if (this->ipv6 == 0)
665 {
666 DBG1(DBG_NET, "could not open IPv6 socket, IPv6 disabled");
667 }
668 else
669 {
670 this->ipv6_natt = open_socket(this, AF_INET6, IKEV2_NATT_PORT);
671 if (this->ipv6_natt == 0)
672 {
673 DBG1(DBG_NET, "could not open IPv6 NAT-T socket");
674 }
675 }
676
677 if (!this->ipv4 && !this->ipv6)
678 {
679 DBG1(DBG_NET, "could not create any sockets");
680 destroy(this);
681 charon->kill(charon, "socket initialization failed");
682 }
683 return (socket_t*)this;
684 }
685