projects / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
improved signal handling and emitting
[strongswan.git] / src / charon / network / socket.c
1 /**
2 * @file socket.c
3 *
4 * @brief Implementation of socket_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2006 Tobias Brunner, Daniel Roethlisberger
10 * Copyright (C) 2005-2006 Martin Willi
11 * Copyright (C) 2005 Jan Hutter
12 * Hochschule fuer Technik Rapperswil
13 *
14 * This program is free software; you can redistribute it and/or modify it
15 * under the terms of the GNU General Public License as published by the
16 * Free Software Foundation; either version 2 of the License, or (at your
17 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
18 *
19 * This program is distributed in the hope that it will be useful, but
20 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
21 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
22 * for more details.
23 */
24
25 #include <pthread.h>
26 #include <sys/types.h>
27 #include <sys/socket.h>
28 #include <string.h>
29 #include <errno.h>
30 #include <unistd.h>
31 #include <stdlib.h>
32 #include <fcntl.h>
33 #include <sys/ioctl.h>
34 #include <netinet/in.h>
35 #include <netinet/ip.h>
36 #include <netinet/ip6.h>
37 #include <netinet/udp.h>
38 #include <linux/ipsec.h>
39 #include <linux/filter.h>
40 #include <net/if.h>
41 #include <ifaddrs.h>
42
43 #include "socket.h"
44
45 #include <daemon.h>
46
47 /* constants for packet handling */
48 #define IP_LEN sizeof(struct iphdr)
49 #define IP6_LEN sizeof(struct ip6_hdr)
50 #define UDP_LEN sizeof(struct udphdr)
51 #define MARKER_LEN sizeof(u_int32_t)
52
53 /* offsets for packet handling */
54 #define IP_PROTO_OFFSET 9
55 #define IP6_PROTO_OFFSET 6
56 #define IKE_VERSION_OFFSET 17
57 #define IKE_LENGTH_OFFSET 24
58
59 /* from linux/in.h */
60 #ifndef IP_IPSEC_POLICY
61 #define IP_IPSEC_POLICY 16
62 #endif /*IP_IPSEC_POLICY*/
63
64 /* from linux/udp.h */
65 #ifndef UDP_ENCAP
66 #define UDP_ENCAP 100
67 #endif /*UDP_ENCAP*/
68
69 #ifndef UDP_ENCAP_ESPINUDP
70 #define UDP_ENCAP_ESPINUDP 2
71 #endif /*UDP_ENCAP_ESPINUDP*/
72
73 /* needed for older kernel headers */
74 #ifndef IPV6_2292PKTINFO
75 #define IPV6_2292PKTINFO 2
76 #endif /*IPV6_2292PKTINFO*/
77
78 typedef struct private_socket_t private_socket_t;
79
80 /**
81 * Private data of an socket_t object
82 */
83 struct private_socket_t{
84 /**
85 * public functions
86 */
87 socket_t public;
88
89 /**
90 * regular port
91 */
92 int port;
93
94 /**
95 * port used for nat-t
96 */
97 int natt_port;
98
99 /**
100 * raw receiver socket for IPv4
101 */
102 int recv4;
103
104 /**
105 * raw receiver socket for IPv6
106 */
107 int recv6;
108
109 /**
110 * send socket on regular port for IPv4
111 */
112 int send4;
113
114 /**
115 * send socket on regular port for IPv6
116 */
117 int send6;
118
119 /**
120 * send socket on nat-t port for IPv4
121 */
122 int send4_natt;
123
124 /**
125 * send socket on nat-t port for IPv6
126 */
127 int send6_natt;
128 };
129
130 /**
131 * implementation of socket_t.receive
132 */
133 static status_t receiver(private_socket_t *this, packet_t **packet)
134 {
135 char buffer[MAX_PACKET];
136 chunk_t data;
137 packet_t *pkt;
138 struct udphdr *udp;
139 host_t *source = NULL, *dest = NULL;
140 int bytes_read = 0;
141 int data_offset, oldstate;
142 fd_set rfds;
143
144 FD_ZERO(&rfds);
145
146 if (this->recv4)
147 {
148 FD_SET(this->recv4, &rfds);
149 }
150 if (this->recv6)
151 {
152 FD_SET(this->recv6, &rfds);
153 }
154
155 DBG2(DBG_NET, "waiting for data on raw sockets");
156
157 pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &oldstate);
158 if (select(max(this->recv4, this->recv6) + 1, &rfds, NULL, NULL, NULL) <= 0)
159 {
160 pthread_setcancelstate(oldstate, NULL);
161 return FAILED;
162 }
163 pthread_setcancelstate(oldstate, NULL);
164
165 if (this->recv4 && FD_ISSET(this->recv4, &rfds))
166 {
167 /* IPv4 raw sockets return the IP header. We read src/dest
168 * information directly from the raw header */
169 struct iphdr *ip;
170 struct sockaddr_in src, dst;
171
172 bytes_read = recv(this->recv4, buffer, MAX_PACKET, 0);
173 if (bytes_read < 0)
174 {
175 DBG1(DBG_NET, "error reading from IPv4 socket: %m");
176 return FAILED;
177 }
178 DBG3(DBG_NET, "received IPv4 packet %b", buffer, bytes_read);
179
180 /* read source/dest from raw IP/UDP header */
181 if (bytes_read < IP_LEN + UDP_LEN + MARKER_LEN)
182 {
183 DBG1(DBG_NET, "received IPv4 packet too short (%d bytes)",
184 bytes_read);
185 return FAILED;
186 }
187 ip = (struct iphdr*) buffer;
188 udp = (struct udphdr*) (buffer + IP_LEN);
189 src.sin_family = AF_INET;
190 src.sin_addr.s_addr = ip->saddr;
191 src.sin_port = udp->source;
192 dst.sin_family = AF_INET;
193 dst.sin_addr.s_addr = ip->daddr;
194 dst.sin_port = udp->dest;
195 source = host_create_from_sockaddr((sockaddr_t*)&src);
196 dest = host_create_from_sockaddr((sockaddr_t*)&dst);
197
198 pkt = packet_create();
199 pkt->set_source(pkt, source);
200 pkt->set_destination(pkt, dest);
201 DBG2(DBG_NET, "received packet: from %#H to %#H", source, dest);
202 data_offset = IP_LEN + UDP_LEN;
203 /* remove non esp marker */
204 if (dest->get_port(dest) == this->natt_port)
205 {
206 data_offset += MARKER_LEN;
207 }
208 /* fill in packet */
209 data.len = bytes_read - data_offset;
210 data.ptr = malloc(data.len);
211 memcpy(data.ptr, buffer + data_offset, data.len);
212 pkt->set_data(pkt, data);
213 }
214 else if (this->recv6 && FD_ISSET(this->recv6, &rfds))
215 {
216 /* IPv6 raw sockets return no IP header. We must query
217 * src/dest via socket options/ancillary data */
218 struct msghdr msg;
219 struct cmsghdr *cmsgptr;
220 struct sockaddr_in6 src, dst;
221 struct iovec iov;
222 char ancillary[64];
223
224 msg.msg_name = &src;
225 msg.msg_namelen = sizeof(src);
226 iov.iov_base = buffer;
227 iov.iov_len = sizeof(buffer);
228 msg.msg_iov = &iov;
229 msg.msg_iovlen = 1;
230 msg.msg_control = ancillary;
231 msg.msg_controllen = sizeof(ancillary);
232 msg.msg_flags = 0;
233
234 bytes_read = recvmsg(this->recv6, &msg, 0);
235 if (bytes_read < 0)
236 {
237 DBG1(DBG_NET, "error reading from IPv6 socket: %m");
238 return FAILED;
239 }
240 DBG3(DBG_NET, "received IPv6 packet %b", buffer, bytes_read);
241
242 if (bytes_read < IP_LEN + UDP_LEN + MARKER_LEN)
243 {
244 DBG3(DBG_NET, "received IPv6 packet too short (%d bytes)",
245 bytes_read);
246 return FAILED;
247 }
248
249 /* read ancillary data to get destination address */
250 for (cmsgptr = CMSG_FIRSTHDR(&msg); cmsgptr != NULL;
251 cmsgptr = CMSG_NXTHDR(&msg, cmsgptr))
252 {
253 if (cmsgptr->cmsg_len == 0)
254 {
255 DBG1(DBG_NET, "error reading IPv6 ancillary data");
256 return FAILED;
257 }
258 if (cmsgptr->cmsg_level == SOL_IPV6 &&
259 cmsgptr->cmsg_type == IPV6_2292PKTINFO)
260 {
261 struct in6_pktinfo *pktinfo;
262 pktinfo = (struct in6_pktinfo*)CMSG_DATA(cmsgptr);
263
264 memset(&dst, 0, sizeof(dst));
265 memcpy(&dst.sin6_addr, &pktinfo->ipi6_addr, sizeof(dst.sin6_addr));
266 dst.sin6_family = AF_INET6;
267 udp = (struct udphdr*) (buffer);
268 dst.sin6_port = udp->dest;
269 src.sin6_port = udp->source;
270 dest = host_create_from_sockaddr((sockaddr_t*)&dst);
271 }
272 }
273 /* ancillary data missing? */
274 if (dest == NULL)
275 {
276 DBG1(DBG_NET, "error reading IPv6 packet header");
277 return FAILED;
278 }
279
280 source = host_create_from_sockaddr((sockaddr_t*)&src);
281
282 pkt = packet_create();
283 pkt->set_source(pkt, source);
284 pkt->set_destination(pkt, dest);
285 DBG2(DBG_NET, "received packet: from %#H to %#H", source, dest);
286 data_offset = UDP_LEN;
287 /* remove non esp marker */
288 if (dest->get_port(dest) == this->natt_port)
289 {
290 data_offset += MARKER_LEN;
291 }
292 /* fill in packet */
293 data.len = bytes_read - data_offset;
294 data.ptr = malloc(data.len);
295 memcpy(data.ptr, buffer + data_offset, data.len);
296 pkt->set_data(pkt, data);
297 }
298 else
299 {
300 /* oops, shouldn't happen */
301 return FAILED;
302 }
303
304 /* return packet */
305 *packet = pkt;
306 return SUCCESS;
307 }
308
309 /**
310 * implementation of socket_t.send
311 */
312 status_t sender(private_socket_t *this, packet_t *packet)
313 {
314 int sport, skt, family;
315 ssize_t bytes_sent;
316 chunk_t data, marked;
317 host_t *src, *dst;
318
319 src = packet->get_source(packet);
320 dst = packet->get_destination(packet);
321 data = packet->get_data(packet);
322
323 DBG2(DBG_NET, "sending packet: from %#H to %#H", src, dst);
324
325 /* send data */
326 sport = src->get_port(src);
327 family = dst->get_family(dst);
328 if (sport == this->port)
329 {
330 if (family == AF_INET)
331 {
332 skt = this->send4;
333 }
334 else
335 {
336 skt = this->send6;
337 }
338 }
339 else if (sport == this->natt_port)
340 {
341 if (family == AF_INET)
342 {
343 skt = this->send4_natt;
344 }
345 else
346 {
347 skt = this->send6_natt;
348 }
349 /* NAT keepalives without marker */
350 if (data.len != 1 || data.ptr[0] != 0xFF)
351 {
352 /* add non esp marker to packet */
353 if (data.len > MAX_PACKET - MARKER_LEN)
354 {
355 DBG1(DBG_NET, "unable to send packet: it's too big (%d bytes)",
356 data.len);
357 return FAILED;
358 }
359 marked = chunk_alloc(data.len + MARKER_LEN);
360 memset(marked.ptr, 0, MARKER_LEN);
361 memcpy(marked.ptr + MARKER_LEN, data.ptr, data.len);
362 /* let the packet do the clean up for us */
363 packet->set_data(packet, marked);
364 data = marked;
365 }
366 }
367 else
368 {
369 DBG1(DBG_NET, "unable to locate a send socket for port %d", sport);
370 return FAILED;
371 }
372
373 bytes_sent = sendto(skt, data.ptr, data.len, 0,
374 dst->get_sockaddr(dst), *(dst->get_sockaddr_len(dst)));
375
376 if (bytes_sent != data.len)
377 {
378 DBG1(DBG_NET, "error writing to socket: %m");
379 return FAILED;
380 }
381 return SUCCESS;
382 }
383
384 /**
385 * implements socket_t.is_local_address
386 */
387 static bool is_local_address(private_socket_t *this, host_t *host, char **dev)
388 {
389 struct ifaddrs *list;
390 struct ifaddrs *cur;
391 bool found = FALSE;
392
393 if (getifaddrs(&list) < 0)
394 {
395 return FALSE;
396 }
397
398 for (cur = list; cur != NULL; cur = cur->ifa_next)
399 {
400 if (!(cur->ifa_flags & IFF_UP))
401 {
402 /* ignore interface which are down */
403 continue;
404 }
405
406 if (cur->ifa_addr == NULL ||
407 cur->ifa_addr->sa_family != host->get_family(host))
408 {
409 /* no match in family */
410 continue;
411 }
412
413 switch (cur->ifa_addr->sa_family)
414 {
415 case AF_INET:
416 {
417 struct sockaddr_in *listed, *requested;
418 listed = (struct sockaddr_in*)cur->ifa_addr;
419 requested = (struct sockaddr_in*)host->get_sockaddr(host);
420 if (listed->sin_addr.s_addr == requested->sin_addr.s_addr)
421 {
422 found = TRUE;
423 }
424 break;
425 }
426 case AF_INET6:
427 {
428 struct sockaddr_in6 *listed, *requested;
429 listed = (struct sockaddr_in6*)cur->ifa_addr;
430 requested = (struct sockaddr_in6*)host->get_sockaddr(host);
431 if (memcmp(&listed->sin6_addr, &requested->sin6_addr,
432 sizeof(listed->sin6_addr)) == 0)
433 {
434 found = TRUE;
435 }
436 break;
437 }
438 default:
439 break;
440 }
441
442 if (found)
443 {
444 if (dev && cur->ifa_name)
445 {
446 /* return interface name, if requested */
447 *dev = strdup(cur->ifa_name);
448 }
449 break;
450 }
451 }
452 freeifaddrs(list);
453 return found;
454 }
455
456
457 /**
458 * implements socket_t.create_local_address_list
459 */
460 static linked_list_t* create_local_address_list(private_socket_t *this)
461 {
462 struct ifaddrs *list;
463 struct ifaddrs *cur;
464 host_t *host;
465 linked_list_t *result = linked_list_create();
466
467 if (getifaddrs(&list) < 0)
468 {
469 return result;
470 }
471
472 for (cur = list; cur != NULL; cur = cur->ifa_next)
473 {
474 if (!(cur->ifa_flags & IFF_UP))
475 {
476 /* ignore interface which are down */
477 continue;
478 }
479
480 host = host_create_from_sockaddr(cur->ifa_addr);
481 if (host)
482 {
483 /* we use always the IKEv2 port. This is relevant for
484 * natd payload hashing. */
485 host->set_port(host, this->port);
486 result->insert_last(result, host);
487 }
488 }
489 freeifaddrs(list);
490 return result;
491 }
492
493 /**
494 * open a socket to send packets
495 */
496 static int open_send_socket(private_socket_t *this, int family, u_int16_t port)
497 {
498 int on = TRUE;
499 int type = UDP_ENCAP_ESPINUDP;
500 struct sockaddr_storage addr;
501 u_int sol, ipsec_policy;
502 struct sadb_x_policy policy;
503 int skt;
504
505 memset(&addr, 0, sizeof(addr));
506 /* precalculate constants depending on address family */
507 switch (family)
508 {
509 case AF_INET:
510 {
511 struct sockaddr_in *sin = (struct sockaddr_in *)&addr;
512 sin->sin_family = AF_INET;
513 sin->sin_addr.s_addr = INADDR_ANY;
514 sin->sin_port = htons(port);
515 sol = SOL_IP;
516 ipsec_policy = IP_IPSEC_POLICY;
517 break;
518 }
519 case AF_INET6:
520 {
521 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&addr;
522 sin6->sin6_family = AF_INET6;
523 memcpy(&sin6->sin6_addr, &in6addr_any, sizeof(in6addr_any));
524 sin6->sin6_port = htons(port);
525 sol = SOL_IPV6;
526 ipsec_policy = IPV6_IPSEC_POLICY;
527 break;
528 }
529 default:
530 return 0;
531 }
532
533 skt = socket(family, SOCK_DGRAM, IPPROTO_UDP);
534 if (skt < 0)
535 {
536 DBG1(DBG_NET, "could not open send socket: %m");
537 return 0;
538 }
539
540 if (setsockopt(skt, SOL_SOCKET, SO_REUSEADDR, (void*)&on, sizeof(on)) < 0)
541 {
542 DBG1(DBG_NET, "unable to set SO_REUSEADDR on send socket: %m");
543 close(skt);
544 return 0;
545 }
546
547 /* bypass outgoung IKE traffic on send socket */
548 policy.sadb_x_policy_len = sizeof(policy) / sizeof(u_int64_t);
549 policy.sadb_x_policy_exttype = SADB_X_EXT_POLICY;
550 policy.sadb_x_policy_type = IPSEC_POLICY_BYPASS;
551 policy.sadb_x_policy_dir = IPSEC_DIR_OUTBOUND;
552 policy.sadb_x_policy_reserved = 0;
553 policy.sadb_x_policy_id = 0;
554 policy.sadb_x_policy_priority = 0;
555
556 if (setsockopt(skt, sol, ipsec_policy, &policy, sizeof(policy)) < 0)
557 {
558 DBG1(DBG_NET, "unable to set IPSEC_POLICY on send socket: %m");
559 close(skt);
560 return 0;
561 }
562
563 /* We don't receive packets on the send socket, but we need a INBOUND policy.
564 * Otherwise, UDP decapsulation does not work!!! */
565 policy.sadb_x_policy_dir = IPSEC_DIR_INBOUND;
566 if (setsockopt(skt, sol, ipsec_policy, &policy, sizeof(policy)) < 0)
567 {
568 DBG1(DBG_NET, "unable to set IPSEC_POLICY on send socket: %m");
569 close(skt);
570 return 0;
571 }
572
573 /* bind the send socket */
574 if (bind(skt, (struct sockaddr *)&addr, sizeof(addr)) < 0)
575 {
576 DBG1(DBG_NET, "unable to bind send socket: %m");
577 close(skt);
578 return 0;
579 }
580
581 if (family == AF_INET)
582 {
583 /* enable UDP decapsulation globally, only for one socket needed */
584 if (setsockopt(skt, SOL_UDP, UDP_ENCAP, &type, sizeof(type)) < 0)
585 {
586 DBG1(DBG_NET, "unable to set UDP_ENCAP: %m; NAT-T may fail");
587 }
588 }
589
590 return skt;
591 }
592
593 /**
594 * open a socket to receive packets
595 */
596 static int open_recv_socket(private_socket_t *this, int family)
597 {
598 int skt;
599 int on = TRUE;
600 u_int proto_offset, ip_len, sol, ipsec_policy, udp_header, ike_header;
601 struct sadb_x_policy policy;
602
603 /* precalculate constants depending on address family */
604 switch (family)
605 {
606 case AF_INET:
607 proto_offset = IP_PROTO_OFFSET;
608 ip_len = IP_LEN;
609 sol = SOL_IP;
610 ipsec_policy = IP_IPSEC_POLICY;
611 break;
612 case AF_INET6:
613 proto_offset = IP6_PROTO_OFFSET;
614 ip_len = 0; /* IPv6 raw sockets contain no IP header */
615 sol = SOL_IPV6;
616 ipsec_policy = IPV6_IPSEC_POLICY;
617 break;
618 default:
619 return 0;
620 }
621 udp_header = ip_len;
622 ike_header = ip_len + UDP_LEN;
623
624 /* This filter code filters out all non-IKEv2 traffic on
625 * a SOCK_RAW IP_PROTP_UDP socket. Handling of other
626 * IKE versions is done in pluto.
627 */
628 struct sock_filter ikev2_filter_code[] =
629 {
630 /* Destination Port must be either port or natt_port */
631 BPF_STMT(BPF_LD+BPF_H+BPF_ABS, udp_header + 2),
632 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, this->port, 1, 0),
633 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, this->natt_port, 5, 12),
634 /* port */
635 /* IKE version must be 2.0 */
636 BPF_STMT(BPF_LD+BPF_B+BPF_ABS, ike_header + IKE_VERSION_OFFSET),
637 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, 0x20, 0, 10),
638 /* packet length is length in IKEv2 header + ip header + udp header */
639 BPF_STMT(BPF_LD+BPF_W+BPF_ABS, ike_header + IKE_LENGTH_OFFSET),
640 BPF_STMT(BPF_ALU+BPF_ADD+BPF_K, ip_len + UDP_LEN),
641 BPF_STMT(BPF_RET+BPF_A, 0),
642 /* natt_port */
643 /* nat-t: check for marker */
644 BPF_STMT(BPF_LD+BPF_W+BPF_ABS, ike_header),
645 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, 0, 0, 5),
646 /* nat-t: IKE version must be 2.0 */
647 BPF_STMT(BPF_LD+BPF_B+BPF_ABS, ike_header + MARKER_LEN + IKE_VERSION_OFFSET),
648 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, 0x20, 0, 3),
649 /* nat-t: packet length is length in IKEv2 header + ip header + udp header + non esp marker */
650 BPF_STMT(BPF_LD+BPF_W+BPF_ABS, ike_header + MARKER_LEN + IKE_LENGTH_OFFSET),
651 BPF_STMT(BPF_ALU+BPF_ADD+BPF_K, ip_len + UDP_LEN + MARKER_LEN),
652 BPF_STMT(BPF_RET+BPF_A, 0),
653 /* packet doesn't match, ignore */
654 BPF_STMT(BPF_RET+BPF_K, 0),
655 };
656
657 /* Filter struct to use with setsockopt */
658 struct sock_fprog ikev2_filter = {
659 sizeof(ikev2_filter_code) / sizeof(struct sock_filter),
660 ikev2_filter_code
661 };
662
663 /* set up a raw socket */
664 skt = socket(family, SOCK_RAW, IPPROTO_UDP);
665 if (skt < 0)
666 {
667 DBG1(DBG_NET, "unable to create raw socket: %m");
668 return 0;
669 }
670
671 if (setsockopt(skt, SOL_SOCKET, SO_ATTACH_FILTER,
672 &ikev2_filter, sizeof(ikev2_filter)) < 0)
673 {
674 DBG1(DBG_NET, "unable to attach IKEv2 filter to raw socket: %m");
675 close(skt);
676 return 0;
677 }
678
679 if (family == AF_INET6 &&
680 /* we use IPV6_2292PKTINFO, as IPV6_PKTINFO is defined as
681 * 2 or 50 depending on kernel header version */
682 setsockopt(skt, sol, IPV6_2292PKTINFO, &on, sizeof(on)) < 0)
683 {
684 DBG1(DBG_NET, "unable to set IPV6_PKTINFO on raw socket: %m");
685 close(skt);
686 return 0;
687 }
688
689 /* bypass incomining IKE traffic on this socket */
690 policy.sadb_x_policy_len = sizeof(policy) / sizeof(u_int64_t);
691 policy.sadb_x_policy_exttype = SADB_X_EXT_POLICY;
692 policy.sadb_x_policy_type = IPSEC_POLICY_BYPASS;
693 policy.sadb_x_policy_dir = IPSEC_DIR_INBOUND;
694 policy.sadb_x_policy_reserved = 0;
695 policy.sadb_x_policy_id = 0;
696 policy.sadb_x_policy_priority = 0;
697
698 if (setsockopt(skt, sol, ipsec_policy, &policy, sizeof(policy)) < 0)
699 {
700 DBG1(DBG_NET, "unable to set IPSEC_POLICY on raw socket: %m");
701 close(skt);
702 return 0;
703 }
704
705 return skt;
706 }
707
708 /**
709 * implementation of socket_t.destroy
710 */
711 static void destroy(private_socket_t *this)
712 {
713 if (this->recv4)
714 {
715 close(this->recv4);
716 }
717 if (this->recv6)
718 {
719 close(this->recv6);
720 }
721 if (this->send4)
722 {
723 close(this->send4);
724 }
725 if (this->send6)
726 {
727 close(this->send6);
728 }
729 if (this->send4_natt)
730 {
731 close(this->send4_natt);
732 }
733 if (this->send6_natt)
734 {
735 close(this->send6_natt);
736 }
737 free(this);
738 }
739
740 /*
741 * See header for description
742 */
743 socket_t *socket_create(u_int16_t port, u_int16_t natt_port)
744 {
745 private_socket_t *this = malloc_thing(private_socket_t);
746
747 /* public functions */
748 this->public.send = (status_t(*)(socket_t*, packet_t*))sender;
749 this->public.receive = (status_t(*)(socket_t*, packet_t**))receiver;
750 this->public.is_local_address = (bool(*)(socket_t*, host_t*,char**))is_local_address;
751 this->public.create_local_address_list = (linked_list_t*(*)(socket_t*))create_local_address_list;
752 this->public.destroy = (void(*)(socket_t*)) destroy;
753
754 this->port = port;
755 this->natt_port = natt_port;
756 this->recv4 = 0;
757 this->recv6 = 0;
758 this->send4 = 0;
759 this->send6 = 0;
760 this->send4_natt = 0;
761 this->send6_natt = 0;
762
763 this->recv4 = open_recv_socket(this, AF_INET);
764 if (this->recv4 == 0)
765 {
766 DBG1(DBG_NET, "could not open IPv4 receive socket, IPv4 disabled");
767 }
768 else
769 {
770 this->send4 = open_send_socket(this, AF_INET, this->port);
771 if (this->send4 == 0)
772 {
773 DBG1(DBG_NET, "could not open IPv4 send socket, IPv4 disabled");
774 close(this->recv4);
775 }
776 else
777 {
778 this->send4_natt = open_send_socket(this, AF_INET, this->natt_port);
779 if (this->send4_natt == 0)
780 {
781 DBG1(DBG_NET, "could not open IPv4 NAT-T send socket");
782 }
783 }
784 }
785
786 this->recv6 = open_recv_socket(this, AF_INET6);
787 if (this->recv6 == 0)
788 {
789 DBG1(DBG_NET, "could not open IPv6 receive socket, IPv6 disabled");
790 }
791 else
792 {
793 this->send6 = open_send_socket(this, AF_INET6, this->port);
794 if (this->send6 == 0)
795 {
796 DBG1(DBG_NET, "could not open IPv6 send socket, IPv6 disabled");
797 close(this->recv6);
798 }
799 else
800 {
801 this->send6_natt = open_send_socket(this, AF_INET6, this->natt_port);
802 if (this->send6_natt == 0)
803 {
804 DBG1(DBG_NET, "could not open IPv6 NAT-T send socket");
805 }
806 }
807 }
808
809 if (!(this->send4 || this->send6) || !(this->recv4 || this->recv6))
810 {
811 DBG1(DBG_NET, "could not create any sockets");
812 destroy(this);
813 charon->kill(charon, "socket initialization failed");
814 }
815
816 return (socket_t*)this;
817 }
strongSwan - IPsec VPN