e1f34de1e190b892ea25046d7bdfd7d883a1b76b
[strongswan.git] / src / charon / plugins / socket_dynamic / socket_dynamic_socket.c
1 /*
2 * Copyright (C) 2006-2009 Tobias Brunner
3 * Copyright (C) 2006 Daniel Roethlisberger
4 * Copyright (C) 2005-2010 Martin Willi
5 * Copyright (C) 2005 Jan Hutter
6 * Hochschule fuer Technik Rapperswil
7 * Copyright (C) 2010 revosec AG
8 *
9 * This program is free software; you can redistribute it and/or modify it
10 * under the terms of the GNU General Public License as published by the
11 * Free Software Foundation; either version 2 of the License, or (at your
12 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
13 *
14 * This program is distributed in the hope that it will be useful, but
15 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
16 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
17 * for more details.
18 */
19
20 /* for struct in6_pktinfo */
21 #define _GNU_SOURCE
22
23 #include "socket_dynamic_socket.h"
24
25 #include <sys/types.h>
26 #include <sys/socket.h>
27 #include <string.h>
28 #include <errno.h>
29 #include <unistd.h>
30 #include <stdlib.h>
31 #include <fcntl.h>
32 #include <sys/ioctl.h>
33 #include <netinet/in_systm.h>
34 #include <netinet/in.h>
35 #include <netinet/ip.h>
36 #include <netinet/udp.h>
37 #include <net/if.h>
38
39 #include <daemon.h>
40 #include <threading/thread.h>
41 #include <utils/hashtable.h>
42
43 /* Maximum size of a packet */
44 #define MAX_PACKET 5000
45
46 /* length of non-esp marker */
47 #define MARKER_LEN sizeof(u_int32_t)
48
49 /* from linux/udp.h */
50 #ifndef UDP_ENCAP
51 #define UDP_ENCAP 100
52 #endif /*UDP_ENCAP*/
53
54 #ifndef UDP_ENCAP_ESPINUDP
55 #define UDP_ENCAP_ESPINUDP 2
56 #endif /*UDP_ENCAP_ESPINUDP*/
57
58 /* these are not defined on some platforms */
59 #ifndef SOL_IP
60 #define SOL_IP IPPROTO_IP
61 #endif
62 #ifndef SOL_IPV6
63 #define SOL_IPV6 IPPROTO_IPV6
64 #endif
65 #ifndef SOL_UDP
66 #define SOL_UDP IPPROTO_UDP
67 #endif
68
69 /* IPV6_RECVPKTINFO is defined in RFC 3542 which obsoletes RFC 2292 that
70 * previously defined IPV6_PKTINFO */
71 #ifndef IPV6_RECVPKTINFO
72 #define IPV6_RECVPKTINFO IPV6_PKTINFO
73 #endif
74
75 typedef struct private_socket_dynamic_socket_t private_socket_dynamic_socket_t;
76 typedef struct dynsock_t dynsock_t;
77
78 /**
79 * Private data of an socket_t object
80 */
81 struct private_socket_dynamic_socket_t {
82
83 /**
84 * public functions
85 */
86 socket_dynamic_socket_t public;
87
88 /**
89 * Hashtable of bound sockets
90 */
91 hashtable_t *sockets;
92
93 /**
94 * Notification pipe to signal receiver
95 */
96 int notify[2];
97 };
98
99 /**
100 * Struct for a dynamically allocated socket
101 */
102 struct dynsock_t {
103
104 /**
105 * File descriptor of socket
106 */
107 int fd;
108
109 /**
110 * Address family
111 */
112 int family;
113
114 /**
115 * Bound source port
116 */
117 u_int16_t port;
118 };
119
120 /**
121 * Hash function for hashtable
122 */
123 static u_int hash(dynsock_t *key)
124 {
125 return (key->family << 16) | key->port;
126 }
127
128 /**
129 * Equals function for hashtable
130 */
131 static bool equals(dynsock_t *a, dynsock_t *b)
132 {
133 return a->family == b->family && a->port == b->port;
134 }
135
136 /**
137 * Create a fd_set from all bound sockets
138 */
139 static int build_fds(private_socket_dynamic_socket_t *this, fd_set *fds)
140 {
141 enumerator_t *enumerator;
142 dynsock_t *key, *value;
143 int maxfd;
144
145 FD_ZERO(fds);
146 FD_SET(this->notify[0], fds);
147 maxfd = this->notify[0];
148
149 enumerator = this->sockets->create_enumerator(this->sockets);
150 while (enumerator->enumerate(enumerator, &key, &value))
151 {
152 FD_SET(value->fd, fds);
153 maxfd = max(maxfd, value->fd);
154 }
155 enumerator->destroy(enumerator);
156
157 return maxfd + 1;
158 }
159
160 /**
161 * Find the socket select()ed
162 */
163 static dynsock_t* scan_fds(private_socket_dynamic_socket_t *this, fd_set *fds)
164 {
165 enumerator_t *enumerator;
166 dynsock_t *key, *value, *selected = NULL;
167
168 enumerator = this->sockets->create_enumerator(this->sockets);
169 while (enumerator->enumerate(enumerator, &key, &value))
170 {
171 if (FD_ISSET(value->fd, fds))
172 {
173 selected = value;
174 break;
175 }
176 }
177 enumerator->destroy(enumerator);
178 return selected;
179 }
180
181 /**
182 * Receive a packet from a given socket fd
183 */
184 static packet_t *receive_packet(private_socket_dynamic_socket_t *this,
185 dynsock_t *skt)
186 {
187 host_t *source = NULL, *dest = NULL;
188 ssize_t len;
189 char buffer[MAX_PACKET];
190 chunk_t data;
191 packet_t *packet;
192 struct msghdr msg;
193 struct cmsghdr *cmsgptr;
194 struct iovec iov;
195 char ancillary[64];
196 union {
197 struct sockaddr_in in4;
198 struct sockaddr_in6 in6;
199 } src;
200
201 msg.msg_name = &src;
202 msg.msg_namelen = sizeof(src);
203 iov.iov_base = buffer;
204 iov.iov_len = sizeof(buffer);
205 msg.msg_iov = &iov;
206 msg.msg_iovlen = 1;
207 msg.msg_control = ancillary;
208 msg.msg_controllen = sizeof(ancillary);
209 msg.msg_flags = 0;
210 len = recvmsg(skt->fd, &msg, 0);
211 if (len < 0)
212 {
213 DBG1(DBG_NET, "error reading socket: %s", strerror(errno));
214 return NULL;
215 }
216 DBG3(DBG_NET, "received packet %b", buffer, len);
217
218 if (len < MARKER_LEN)
219 {
220 DBG3(DBG_NET, "received packet too short (%d bytes)", len);
221 return NULL;
222 }
223
224 /* read ancillary data to get destination address */
225 for (cmsgptr = CMSG_FIRSTHDR(&msg); cmsgptr != NULL;
226 cmsgptr = CMSG_NXTHDR(&msg, cmsgptr))
227 {
228 if (cmsgptr->cmsg_len == 0)
229 {
230 DBG1(DBG_NET, "error reading ancillary data");
231 return NULL;
232 }
233
234 if (cmsgptr->cmsg_level == SOL_IPV6 &&
235 cmsgptr->cmsg_type == IPV6_PKTINFO)
236 {
237 struct in6_pktinfo *pktinfo;
238 struct sockaddr_in6 dst;
239
240 pktinfo = (struct in6_pktinfo*)CMSG_DATA(cmsgptr);
241 memset(&dst, 0, sizeof(dst));
242 memcpy(&dst.sin6_addr, &pktinfo->ipi6_addr, sizeof(dst.sin6_addr));
243 dst.sin6_family = AF_INET6;
244 dst.sin6_port = htons(skt->port);
245 dest = host_create_from_sockaddr((sockaddr_t*)&dst);
246 }
247 if (cmsgptr->cmsg_level == SOL_IP &&
248 cmsgptr->cmsg_type == IP_PKTINFO)
249 {
250 struct in_pktinfo *pktinfo;
251 struct sockaddr_in dst;
252
253 pktinfo = (struct in_pktinfo*)CMSG_DATA(cmsgptr);
254 memset(&dst, 0, sizeof(dst));
255 memcpy(&dst.sin_addr, &pktinfo->ipi_addr, sizeof(dst.sin_addr));
256
257 dst.sin_family = AF_INET;
258 dst.sin_port = htons(skt->port);
259 dest = host_create_from_sockaddr((sockaddr_t*)&dst);
260 }
261 if (dest)
262 {
263 break;
264 }
265 }
266 if (dest == NULL)
267 {
268 DBG1(DBG_NET, "error reading IP header");
269 return NULL;
270 }
271 source = host_create_from_sockaddr((sockaddr_t*)&src);
272 DBG2(DBG_NET, "received packet: from %#H to %#H", source, dest);
273 data = chunk_create(buffer, len);
274
275 packet = packet_create();
276 packet->set_source(packet, source);
277 packet->set_destination(packet, dest);
278 /* we assume a non-ESP marker if none of the ports is on 500 */
279 if (dest->get_port(dest) != IKEV2_UDP_PORT &&
280 source->get_port(source) != IKEV2_UDP_PORT)
281 {
282 data = chunk_skip(data, MARKER_LEN);
283 }
284 packet->set_data(packet, chunk_clone(data));
285 return packet;
286 }
287
288 METHOD(socket_t, receiver, status_t,
289 private_socket_dynamic_socket_t *this, packet_t **packet)
290 {
291 dynsock_t *selected;
292 packet_t *pkt;
293 bool oldstate;
294 fd_set fds;
295 int maxfd;
296
297 while (TRUE)
298 {
299 maxfd = build_fds(this, &fds);
300
301 DBG2(DBG_NET, "waiting for data on sockets");
302 oldstate = thread_cancelability(TRUE);
303 if (select(maxfd, &fds, NULL, NULL, NULL) <= 0)
304 {
305 thread_cancelability(oldstate);
306 return FAILED;
307 }
308 thread_cancelability(oldstate);
309
310 if (FD_ISSET(this->notify[0], &fds))
311 { /* got notified, read garbage, rebuild fdset */
312 char buf[1];
313
314 ignore_result(read(this->notify[0], buf, sizeof(buf)));
315 DBG2(DBG_NET, "rebuilding fdset due to newly bound ports");
316 continue;
317 }
318 selected = scan_fds(this, &fds);
319 if (selected)
320 {
321 break;
322 }
323 }
324 pkt = receive_packet(this, selected);
325 if (pkt)
326 {
327 *packet = pkt;
328 return SUCCESS;
329 }
330 return FAILED;
331 }
332
333 /**
334 * open a socket to send and receive packets
335 */
336 static int open_socket(private_socket_dynamic_socket_t *this,
337 int family, u_int16_t port, bool first)
338 {
339 int on = TRUE, type = UDP_ENCAP_ESPINUDP;
340 struct sockaddr_storage addr;
341 socklen_t addrlen;
342 u_int sol, pktinfo = 0;
343 int fd;
344
345 memset(&addr, 0, sizeof(addr));
346 /* precalculate constants depending on address family */
347 switch (family)
348 {
349 case AF_INET:
350 {
351 struct sockaddr_in *sin = (struct sockaddr_in *)&addr;
352 sin->sin_family = AF_INET;
353 sin->sin_addr.s_addr = INADDR_ANY;
354 sin->sin_port = htons(port);
355 addrlen = sizeof(struct sockaddr_in);
356 sol = SOL_IP;
357 pktinfo = IP_PKTINFO;
358 break;
359 }
360 case AF_INET6:
361 {
362 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&addr;
363 sin6->sin6_family = AF_INET6;
364 memset(&sin6->sin6_addr, 0, sizeof(sin6->sin6_addr));
365 sin6->sin6_port = htons(port);
366 addrlen = sizeof(struct sockaddr_in6);
367 sol = SOL_IPV6;
368 pktinfo = IPV6_RECVPKTINFO;
369 break;
370 }
371 default:
372 return 0;
373 }
374
375 fd = socket(family, SOCK_DGRAM, IPPROTO_UDP);
376 if (fd < 0)
377 {
378 DBG1(DBG_NET, "could not open socket: %s", strerror(errno));
379 return 0;
380 }
381 if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, (void*)&on, sizeof(on)) < 0)
382 {
383 DBG1(DBG_NET, "unable to set SO_REUSEADDR on socket: %s", strerror(errno));
384 close(fd);
385 return 0;
386 }
387
388 /* bind the socket */
389 if (bind(fd, (struct sockaddr *)&addr, addrlen) < 0)
390 {
391 DBG1(DBG_NET, "unable to bind socket: %s", strerror(errno));
392 close(fd);
393 return 0;
394 }
395
396 /* get additional packet info on receive */
397 if (setsockopt(fd, sol, pktinfo, &on, sizeof(on)) < 0)
398 {
399 DBG1(DBG_NET, "unable to set IP_PKTINFO on socket: %s", strerror(errno));
400 close(fd);
401 return 0;
402 }
403
404 if (!charon->kernel_interface->bypass_socket(charon->kernel_interface,
405 fd, family))
406 {
407 DBG1(DBG_NET, "installing IKE bypass policy failed");
408 }
409
410 /* enable UDP decapsulation globally, only for one socket needed */
411 if (first && setsockopt(fd, SOL_UDP, UDP_ENCAP, &type, sizeof(type)) < 0)
412 {
413 DBG1(DBG_NET, "unable to set UDP_ENCAP: %s", strerror(errno));
414 }
415 return fd;
416 }
417
418 /**
419 * Find/Create a socket to send from host
420 */
421 static dynsock_t *find_socket(private_socket_dynamic_socket_t *this,
422 int family, u_int16_t port)
423 {
424 dynsock_t *skt, lookup = {
425 .family = family,
426 .port = port,
427 };
428 char buf[] = {0x01};
429 int fd;
430
431 skt = this->sockets->get(this->sockets, &lookup);
432 if (skt)
433 {
434 return skt;
435 }
436 fd = open_socket(this, family, port,
437 this->sockets->get_count(this->sockets));
438 if (!fd)
439 {
440 return NULL;
441 }
442 INIT(skt,
443 .family = family,
444 .port = port,
445 .fd = fd,
446 );
447 this->sockets->put(this->sockets, skt, skt);
448 /* notify receiver thread to reread socket list */
449 ignore_result(write(this->notify[1], buf, sizeof(buf)));
450
451 return skt;
452 }
453
454 METHOD(socket_t, sender, status_t,
455 private_socket_dynamic_socket_t *this, packet_t *packet)
456 {
457 dynsock_t *skt;
458 host_t *src, *dst;
459 int port, family;
460 ssize_t len;
461 chunk_t data, marked;
462 struct msghdr msg;
463 struct cmsghdr *cmsg;
464 struct iovec iov;
465
466 src = packet->get_source(packet);
467 dst = packet->get_destination(packet);
468 family = src->get_family(src);
469 port = src->get_port(src);
470 skt = find_socket(this, family, port);
471 if (!skt)
472 {
473 return FAILED;
474 }
475
476 data = packet->get_data(packet);
477 DBG2(DBG_NET, "sending packet: from %#H to %#H", src, dst);
478
479 /* use non-ESP marker if none of the ports is 500, not for keep alives */
480 if (port != IKEV2_UDP_PORT && dst->get_port(dst) != IKEV2_UDP_PORT &&
481 !(data.len == 1 && data.ptr[0] == 0xFF))
482 {
483 /* add non esp marker to packet */
484 if (data.len > MAX_PACKET - MARKER_LEN)
485 {
486 DBG1(DBG_NET, "unable to send packet: it's too big (%d bytes)",
487 data.len);
488 return FAILED;
489 }
490 marked = chunk_alloc(data.len + MARKER_LEN);
491 memset(marked.ptr, 0, MARKER_LEN);
492 memcpy(marked.ptr + MARKER_LEN, data.ptr, data.len);
493 /* let the packet do the clean up for us */
494 packet->set_data(packet, marked);
495 data = marked;
496 }
497
498 memset(&msg, 0, sizeof(struct msghdr));
499 msg.msg_name = dst->get_sockaddr(dst);;
500 msg.msg_namelen = *dst->get_sockaddr_len(dst);
501 iov.iov_base = data.ptr;
502 iov.iov_len = data.len;
503 msg.msg_iov = &iov;
504 msg.msg_iovlen = 1;
505 msg.msg_flags = 0;
506
507 if (!src->is_anyaddr(src))
508 {
509 if (family == AF_INET)
510 {
511 struct in_addr *addr;
512 struct sockaddr_in *sin;
513 char buf[CMSG_SPACE(sizeof(struct in_pktinfo))];
514 struct in_pktinfo *pktinfo;
515
516 msg.msg_control = buf;
517 msg.msg_controllen = sizeof(buf);
518 cmsg = CMSG_FIRSTHDR(&msg);
519 cmsg->cmsg_level = SOL_IP;
520 cmsg->cmsg_type = IP_PKTINFO;
521 cmsg->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo));
522 pktinfo = (struct in_pktinfo*)CMSG_DATA(cmsg);
523 memset(pktinfo, 0, sizeof(struct in_pktinfo));
524 addr = &pktinfo->ipi_spec_dst;
525 sin = (struct sockaddr_in*)src->get_sockaddr(src);
526 memcpy(addr, &sin->sin_addr, sizeof(struct in_addr));
527 }
528 else
529 {
530 char buf[CMSG_SPACE(sizeof(struct in6_pktinfo))];
531 struct in6_pktinfo *pktinfo;
532 struct sockaddr_in6 *sin;
533
534 msg.msg_control = buf;
535 msg.msg_controllen = sizeof(buf);
536 cmsg = CMSG_FIRSTHDR(&msg);
537 cmsg->cmsg_level = SOL_IPV6;
538 cmsg->cmsg_type = IPV6_PKTINFO;
539 cmsg->cmsg_len = CMSG_LEN(sizeof(struct in6_pktinfo));
540 pktinfo = (struct in6_pktinfo*)CMSG_DATA(cmsg);
541 memset(pktinfo, 0, sizeof(struct in6_pktinfo));
542 sin = (struct sockaddr_in6*)src->get_sockaddr(src);
543 memcpy(&pktinfo->ipi6_addr, &sin->sin6_addr, sizeof(struct in6_addr));
544 }
545 }
546
547 len = sendmsg(skt->fd, &msg, 0);
548 if (len != data.len)
549 {
550 DBG1(DBG_NET, "error writing to socket: %s", strerror(errno));
551 return FAILED;
552 }
553 return SUCCESS;
554 }
555
556 METHOD(socket_dynamic_socket_t, destroy, void,
557 private_socket_dynamic_socket_t *this)
558 {
559 enumerator_t *enumerator;
560 dynsock_t *key, *value;
561
562 enumerator = this->sockets->create_enumerator(this->sockets);
563 while (enumerator->enumerate(enumerator, &key, &value))
564 {
565 close(value->fd);
566 free(value);
567 }
568 enumerator->destroy(enumerator);
569 this->sockets->destroy(this->sockets);
570
571 close(this->notify[0]);
572 close(this->notify[1]);
573 free(this);
574 }
575
576 /*
577 * See header for description
578 */
579 socket_dynamic_socket_t *socket_dynamic_socket_create()
580 {
581 private_socket_dynamic_socket_t *this;
582
583 INIT(this,
584 .public = {
585 .socket = {
586 .send = _sender,
587 .receive = _receiver,
588 },
589 .destroy = _destroy,
590 },
591 );
592
593 if (pipe(this->notify) != 0)
594 {
595 DBG1(DBG_NET, "creating notify pipe for dynamic socket failed");
596 free(this);
597 return NULL;
598 }
599
600 this->sockets = hashtable_create((void*)hash, (void*)equals, 8);
601
602 return &this->public;
603 }
604