projects / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Make the UDP ports charon listens for packets on (and uses as source ports) configurable.
[strongswan.git] / src / libcharon / plugins / socket_raw / socket_raw_socket.c
1 /*
2 * Copyright (C) 2006-2010 Tobias Brunner
3 * Copyright (C) 2005-2010 Martin Willi
4 * Copyright (C) 2006 Daniel Roethlisberger
5 * Copyright (C) 2005 Jan Hutter
6 * Hochschule fuer Technik Rapperswil
7 *
8 * This program is free software; you can redistribute it and/or modify it
9 * under the terms of the GNU General Public License as published by the
10 * Free Software Foundation; either version 2 of the License, or (at your
11 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
12 *
13 * This program is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
15 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
16 * for more details.
17 */
18
19 /* for struct in6_pktinfo */
20 #define _GNU_SOURCE
21
22 #include "socket_raw_socket.h"
23
24 #include <sys/types.h>
25 #include <sys/socket.h>
26 #include <string.h>
27 #include <errno.h>
28 #include <unistd.h>
29 #include <stdlib.h>
30 #include <fcntl.h>
31 #include <sys/ioctl.h>
32 #include <netinet/in.h>
33 #include <netinet/ip.h>
34 #include <netinet/udp.h>
35 #include <linux/types.h>
36 #include <linux/filter.h>
37 #include <net/if.h>
38
39 #include <hydra.h>
40 #include <daemon.h>
41 #include <threading/thread.h>
42
43 /* Maximum size of a packet */
44 #define MAX_PACKET 10000
45
46 /* constants for packet handling */
47 #define IP_LEN sizeof(struct iphdr)
48 #define IP6_LEN sizeof(struct ip6_hdr)
49 #define UDP_LEN sizeof(struct udphdr)
50 #define MARKER_LEN sizeof(u_int32_t)
51
52 /* offsets for packet handling */
53 #define IP_PROTO_OFFSET 9
54 #define IP6_PROTO_OFFSET 6
55 #define IKE_VERSION_OFFSET 17
56 #define IKE_LENGTH_OFFSET 24
57
58 /* from linux/udp.h */
59 #ifndef UDP_ENCAP
60 #define UDP_ENCAP 100
61 #endif /*UDP_ENCAP*/
62
63 #ifndef UDP_ENCAP_ESPINUDP
64 #define UDP_ENCAP_ESPINUDP 2
65 #endif /*UDP_ENCAP_ESPINUDP*/
66
67 /* needed for older kernel headers */
68 #ifndef IPV6_2292PKTINFO
69 #define IPV6_2292PKTINFO 2
70 #endif /*IPV6_2292PKTINFO*/
71
72 typedef struct private_socket_raw_socket_t private_socket_raw_socket_t;
73
74 /**
75 * Private data of an socket_t object
76 */
77 struct private_socket_raw_socket_t {
78
79 /**
80 * public functions
81 */
82 socket_raw_socket_t public;
83
84 /**
85 * regular port
86 */
87 int port;
88
89 /**
90 * port used for nat-t
91 */
92 int natt_port;
93
94 /**
95 * raw receiver socket for IPv4
96 */
97 int recv4;
98
99 /**
100 * raw receiver socket for IPv6
101 */
102 int recv6;
103
104 /**
105 * send socket on regular port for IPv4
106 */
107 int send4;
108
109 /**
110 * send socket on regular port for IPv6
111 */
112 int send6;
113
114 /**
115 * send socket on nat-t port for IPv4
116 */
117 int send4_natt;
118
119 /**
120 * send socket on nat-t port for IPv6
121 */
122 int send6_natt;
123
124 /**
125 * Maximum packet size to receive
126 */
127 int max_packet;
128 };
129
130 METHOD(socket_t, receiver, status_t,
131 private_socket_raw_socket_t *this, packet_t **packet)
132 {
133 char buffer[this->max_packet];
134 chunk_t data;
135 packet_t *pkt;
136 struct udphdr *udp;
137 host_t *source = NULL, *dest = NULL;
138 int bytes_read = 0, data_offset;
139 bool oldstate;
140 fd_set rfds;
141
142 FD_ZERO(&rfds);
143
144 if (this->recv4)
145 {
146 FD_SET(this->recv4, &rfds);
147 }
148 if (this->recv6)
149 {
150 FD_SET(this->recv6, &rfds);
151 }
152
153 DBG2(DBG_NET, "waiting for data on raw sockets");
154
155 oldstate = thread_cancelability(TRUE);
156 if (select(max(this->recv4, this->recv6) + 1, &rfds, NULL, NULL, NULL) <= 0)
157 {
158 thread_cancelability(oldstate);
159 return FAILED;
160 }
161 thread_cancelability(oldstate);
162
163 if (this->recv4 && FD_ISSET(this->recv4, &rfds))
164 {
165 /* IPv4 raw sockets return the IP header. We read src/dest
166 * information directly from the raw header */
167 struct iphdr *ip;
168 struct sockaddr_in src, dst;
169
170 bytes_read = recv(this->recv4, buffer, this->max_packet, 0);
171 if (bytes_read < 0)
172 {
173 DBG1(DBG_NET, "error reading from IPv4 socket: %s", strerror(errno));
174 return FAILED;
175 }
176 if (bytes_read == this->max_packet)
177 {
178 DBG1(DBG_NET, "receive buffer too small, packet discarded");
179 return FAILED;
180 }
181 DBG3(DBG_NET, "received IPv4 packet %b", buffer, bytes_read);
182
183 /* read source/dest from raw IP/UDP header */
184 if (bytes_read < IP_LEN + UDP_LEN + MARKER_LEN)
185 {
186 DBG1(DBG_NET, "received IPv4 packet too short (%d bytes)",
187 bytes_read);
188 return FAILED;
189 }
190 ip = (struct iphdr*) buffer;
191 udp = (struct udphdr*) (buffer + IP_LEN);
192 src.sin_family = AF_INET;
193 src.sin_addr.s_addr = ip->saddr;
194 src.sin_port = udp->source;
195 dst.sin_family = AF_INET;
196 dst.sin_addr.s_addr = ip->daddr;
197 dst.sin_port = udp->dest;
198 source = host_create_from_sockaddr((sockaddr_t*)&src);
199 dest = host_create_from_sockaddr((sockaddr_t*)&dst);
200
201 pkt = packet_create();
202 pkt->set_source(pkt, source);
203 pkt->set_destination(pkt, dest);
204 DBG2(DBG_NET, "received packet: from %#H to %#H", source, dest);
205 data_offset = IP_LEN + UDP_LEN;
206 /* remove non esp marker */
207 if (dest->get_port(dest) == CHARON_NATT_PORT)
208 {
209 data_offset += MARKER_LEN;
210 }
211 /* fill in packet */
212 data.len = bytes_read - data_offset;
213 data.ptr = malloc(data.len);
214 memcpy(data.ptr, buffer + data_offset, data.len);
215 pkt->set_data(pkt, data);
216 }
217 else if (this->recv6 && FD_ISSET(this->recv6, &rfds))
218 {
219 /* IPv6 raw sockets return no IP header. We must query
220 * src/dest via socket options/ancillary data */
221 struct msghdr msg;
222 struct cmsghdr *cmsgptr;
223 struct sockaddr_in6 src, dst;
224 struct iovec iov;
225 char ancillary[64];
226
227 msg.msg_name = &src;
228 msg.msg_namelen = sizeof(src);
229 iov.iov_base = buffer;
230 iov.iov_len = this->max_packet;
231 msg.msg_iov = &iov;
232 msg.msg_iovlen = 1;
233 msg.msg_control = ancillary;
234 msg.msg_controllen = sizeof(ancillary);
235 msg.msg_flags = 0;
236
237 bytes_read = recvmsg(this->recv6, &msg, 0);
238 if (bytes_read < 0)
239 {
240 DBG1(DBG_NET, "error reading from IPv6 socket: %s", strerror(errno));
241 return FAILED;
242 }
243 DBG3(DBG_NET, "received IPv6 packet %b", buffer, bytes_read);
244
245 if (bytes_read < IP_LEN + UDP_LEN + MARKER_LEN)
246 {
247 DBG3(DBG_NET, "received IPv6 packet too short (%d bytes)",
248 bytes_read);
249 return FAILED;
250 }
251
252 /* read ancillary data to get destination address */
253 for (cmsgptr = CMSG_FIRSTHDR(&msg); cmsgptr != NULL;
254 cmsgptr = CMSG_NXTHDR(&msg, cmsgptr))
255 {
256 if (cmsgptr->cmsg_len == 0)
257 {
258 DBG1(DBG_NET, "error reading IPv6 ancillary data");
259 return FAILED;
260 }
261
262 #ifdef HAVE_IN6_PKTINFO
263 if (cmsgptr->cmsg_level == SOL_IPV6 &&
264 cmsgptr->cmsg_type == IPV6_2292PKTINFO)
265 {
266 struct in6_pktinfo *pktinfo;
267 pktinfo = (struct in6_pktinfo*)CMSG_DATA(cmsgptr);
268
269 memset(&dst, 0, sizeof(dst));
270 memcpy(&dst.sin6_addr, &pktinfo->ipi6_addr, sizeof(dst.sin6_addr));
271 dst.sin6_family = AF_INET6;
272 udp = (struct udphdr*) (buffer);
273 dst.sin6_port = udp->dest;
274 src.sin6_port = udp->source;
275 dest = host_create_from_sockaddr((sockaddr_t*)&dst);
276 }
277 #endif /* HAVE_IN6_PKTINFO */
278 }
279 /* ancillary data missing? */
280 if (dest == NULL)
281 {
282 DBG1(DBG_NET, "error reading IPv6 packet header");
283 return FAILED;
284 }
285
286 source = host_create_from_sockaddr((sockaddr_t*)&src);
287
288 pkt = packet_create();
289 pkt->set_source(pkt, source);
290 pkt->set_destination(pkt, dest);
291 DBG2(DBG_NET, "received packet: from %#H to %#H", source, dest);
292 data_offset = UDP_LEN;
293 /* remove non esp marker */
294 if (dest->get_port(dest) == CHARON_NATT_PORT)
295 {
296 data_offset += MARKER_LEN;
297 }
298 /* fill in packet */
299 data.len = bytes_read - data_offset;
300 data.ptr = malloc(data.len);
301 memcpy(data.ptr, buffer + data_offset, data.len);
302 pkt->set_data(pkt, data);
303 }
304 else
305 {
306 /* oops, shouldn't happen */
307 return FAILED;
308 }
309
310 /* return packet */
311 *packet = pkt;
312 return SUCCESS;
313 }
314
315 METHOD(socket_t, sender, status_t,
316 private_socket_raw_socket_t *this, packet_t *packet)
317 {
318 int sport, skt, family;
319 ssize_t bytes_sent;
320 chunk_t data, marked;
321 host_t *src, *dst;
322 struct msghdr msg;
323 struct cmsghdr *cmsg;
324 struct iovec iov;
325
326 src = packet->get_source(packet);
327 dst = packet->get_destination(packet);
328 data = packet->get_data(packet);
329
330 DBG2(DBG_NET, "sending packet: from %#H to %#H", src, dst);
331
332 /* send data */
333 sport = src->get_port(src);
334 family = dst->get_family(dst);
335 if (sport == CHARON_UDP_PORT)
336 {
337 if (family == AF_INET)
338 {
339 skt = this->send4;
340 }
341 else
342 {
343 skt = this->send6;
344 }
345 }
346 else if (sport == CHARON_NATT_PORT)
347 {
348 if (family == AF_INET)
349 {
350 skt = this->send4_natt;
351 }
352 else
353 {
354 skt = this->send6_natt;
355 }
356 /* NAT keepalives without marker */
357 if (data.len != 1 || data.ptr[0] != 0xFF)
358 {
359 /* add non esp marker to packet */
360 marked = chunk_alloc(data.len + MARKER_LEN);
361 memset(marked.ptr, 0, MARKER_LEN);
362 memcpy(marked.ptr + MARKER_LEN, data.ptr, data.len);
363 /* let the packet do the clean up for us */
364 packet->set_data(packet, marked);
365 data = marked;
366 }
367 }
368 else
369 {
370 DBG1(DBG_NET, "unable to locate a send socket for port %d", sport);
371 return FAILED;
372 }
373
374 memset(&msg, 0, sizeof(struct msghdr));
375 msg.msg_name = dst->get_sockaddr(dst);;
376 msg.msg_namelen = *dst->get_sockaddr_len(dst);
377 iov.iov_base = data.ptr;
378 iov.iov_len = data.len;
379 msg.msg_iov = &iov;
380 msg.msg_iovlen = 1;
381 msg.msg_flags = 0;
382
383 if (!src->is_anyaddr(src))
384 {
385 if (family == AF_INET)
386 {
387 char buf[CMSG_SPACE(sizeof(struct in_pktinfo))];
388 struct in_pktinfo *pktinfo;
389 struct sockaddr_in *sin;
390
391 msg.msg_control = buf;
392 msg.msg_controllen = sizeof(buf);
393 cmsg = CMSG_FIRSTHDR(&msg);
394 cmsg->cmsg_level = SOL_IP;
395 cmsg->cmsg_type = IP_PKTINFO;
396 cmsg->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo));
397 pktinfo = (struct in_pktinfo*)CMSG_DATA(cmsg);
398 memset(pktinfo, 0, sizeof(struct in_pktinfo));
399 sin = (struct sockaddr_in*)src->get_sockaddr(src);
400 memcpy(&pktinfo->ipi_spec_dst, &sin->sin_addr, sizeof(struct in_addr));
401 }
402 #ifdef HAVE_IN6_PKTINFO
403 else
404 {
405 char buf[CMSG_SPACE(sizeof(struct in6_pktinfo))];
406 struct in6_pktinfo *pktinfo;
407 struct sockaddr_in6 *sin;
408
409 msg.msg_control = buf;
410 msg.msg_controllen = sizeof(buf);
411 cmsg = CMSG_FIRSTHDR(&msg);
412 cmsg->cmsg_level = SOL_IPV6;
413 cmsg->cmsg_type = IPV6_2292PKTINFO;
414 cmsg->cmsg_len = CMSG_LEN(sizeof(struct in6_pktinfo));
415 pktinfo = (struct in6_pktinfo*)CMSG_DATA(cmsg);
416 memset(pktinfo, 0, sizeof(struct in6_pktinfo));
417 sin = (struct sockaddr_in6*)src->get_sockaddr(src);
418 memcpy(&pktinfo->ipi6_addr, &sin->sin6_addr, sizeof(struct in6_addr));
419 }
420 #endif /* HAVE_IN6_PKTINFO */
421 }
422
423 bytes_sent = sendmsg(skt, &msg, 0);
424
425 if (bytes_sent != data.len)
426 {
427 DBG1(DBG_NET, "error writing to socket: %s", strerror(errno));
428 return FAILED;
429 }
430 return SUCCESS;
431 }
432
433 /**
434 * open a socket to send packets
435 */
436 static int open_send_socket(private_socket_raw_socket_t *this,
437 int family, u_int16_t port)
438 {
439 int on = TRUE;
440 int type = UDP_ENCAP_ESPINUDP;
441 struct sockaddr_storage addr;
442 int skt;
443
444 memset(&addr, 0, sizeof(addr));
445 addr.ss_family = family;
446 /* precalculate constants depending on address family */
447 switch (family)
448 {
449 case AF_INET:
450 {
451 struct sockaddr_in *sin = (struct sockaddr_in *)&addr;
452 htoun32(&sin->sin_addr.s_addr, INADDR_ANY);
453 htoun16(&sin->sin_port, port);
454 break;
455 }
456 case AF_INET6:
457 {
458 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&addr;
459 memcpy(&sin6->sin6_addr, &in6addr_any, sizeof(in6addr_any));
460 htoun16(&sin6->sin6_port, port);
461 break;
462 }
463 default:
464 return 0;
465 }
466
467 skt = socket(family, SOCK_DGRAM, IPPROTO_UDP);
468 if (skt < 0)
469 {
470 DBG1(DBG_NET, "could not open send socket: %s", strerror(errno));
471 return 0;
472 }
473
474 if (setsockopt(skt, SOL_SOCKET, SO_REUSEADDR, (void*)&on, sizeof(on)) < 0)
475 {
476 DBG1(DBG_NET, "unable to set SO_REUSEADDR on send socket: %s",
477 strerror(errno));
478 close(skt);
479 return 0;
480 }
481
482 /* bind the send socket */
483 if (bind(skt, (struct sockaddr *)&addr, sizeof(addr)) < 0)
484 {
485 DBG1(DBG_NET, "unable to bind send socket: %s",
486 strerror(errno));
487 close(skt);
488 return 0;
489 }
490
491 if (family == AF_INET)
492 {
493 /* enable UDP decapsulation globally, only for one socket needed */
494 if (setsockopt(skt, SOL_UDP, UDP_ENCAP, &type, sizeof(type)) < 0)
495 {
496 DBG1(DBG_NET, "unable to set UDP_ENCAP: %s; NAT-T may fail",
497 strerror(errno));
498 }
499 }
500
501 if (!hydra->kernel_interface->bypass_socket(hydra->kernel_interface,
502 skt, family))
503 {
504 DBG1(DBG_NET, "installing bypass policy on send socket failed");
505 }
506
507 return skt;
508 }
509
510 /**
511 * open a socket to receive packets
512 */
513 static int open_recv_socket(private_socket_raw_socket_t *this, int family)
514 {
515 int skt;
516 int on = TRUE;
517 u_int ip_len, sol, udp_header, ike_header;
518
519 /* precalculate constants depending on address family */
520 switch (family)
521 {
522 case AF_INET:
523 ip_len = IP_LEN;
524 sol = SOL_IP;
525 break;
526 case AF_INET6:
527 ip_len = 0; /* IPv6 raw sockets contain no IP header */
528 sol = SOL_IPV6;
529 break;
530 default:
531 return 0;
532 }
533 udp_header = ip_len;
534 ike_header = ip_len + UDP_LEN;
535
536 /* This filter code filters out all non-IKEv2 traffic on
537 * a SOCK_RAW IP_PROTP_UDP socket. Handling of other
538 * IKE versions is done in pluto.
539 */
540 struct sock_filter ikev2_filter_code[] =
541 {
542 /* Destination Port must be either port or natt_port */
543 BPF_STMT(BPF_LD+BPF_H+BPF_ABS, udp_header + 2),
544 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, CHARON_UDP_PORT, 1, 0),
545 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, CHARON_NATT_PORT, 6, 14),
546 /* port */
547 /* IKE version must be 2.x */
548 BPF_STMT(BPF_LD+BPF_B+BPF_ABS, ike_header + IKE_VERSION_OFFSET),
549 BPF_STMT(BPF_ALU+BPF_RSH+BPF_K, 4),
550 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, 2, 0, 11),
551 /* packet length is length in IKEv2 header + ip header + udp header */
552 BPF_STMT(BPF_LD+BPF_W+BPF_ABS, ike_header + IKE_LENGTH_OFFSET),
553 BPF_STMT(BPF_ALU+BPF_ADD+BPF_K, ip_len + UDP_LEN),
554 BPF_STMT(BPF_RET+BPF_A, 0),
555 /* natt_port */
556 /* nat-t: check for marker */
557 BPF_STMT(BPF_LD+BPF_W+BPF_ABS, ike_header),
558 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, 0, 0, 6),
559 /* nat-t: IKE version must be 2.x */
560 BPF_STMT(BPF_LD+BPF_B+BPF_ABS, ike_header + MARKER_LEN + IKE_VERSION_OFFSET),
561 BPF_STMT(BPF_ALU+BPF_RSH+BPF_K, 4),
562 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, 2, 0, 3),
563 /* nat-t: packet length is length in IKEv2 header + ip header + udp header + non esp marker */
564 BPF_STMT(BPF_LD+BPF_W+BPF_ABS, ike_header + MARKER_LEN + IKE_LENGTH_OFFSET),
565 BPF_STMT(BPF_ALU+BPF_ADD+BPF_K, ip_len + UDP_LEN + MARKER_LEN),
566 BPF_STMT(BPF_RET+BPF_A, 0),
567 /* packet doesn't match, ignore */
568 BPF_STMT(BPF_RET+BPF_K, 0),
569 };
570
571 /* Filter struct to use with setsockopt */
572 struct sock_fprog ikev2_filter = {
573 sizeof(ikev2_filter_code) / sizeof(struct sock_filter),
574 ikev2_filter_code
575 };
576
577 /* set up a raw socket */
578 skt = socket(family, SOCK_RAW, IPPROTO_UDP);
579 if (skt < 0)
580 {
581 DBG1(DBG_NET, "unable to create raw socket: %s", strerror(errno));
582 return 0;
583 }
584
585 if (setsockopt(skt, SOL_SOCKET, SO_ATTACH_FILTER,
586 &ikev2_filter, sizeof(ikev2_filter)) < 0)
587 {
588 DBG1(DBG_NET, "unable to attach IKEv2 filter to raw socket: %s",
589 strerror(errno));
590 close(skt);
591 return 0;
592 }
593
594 if (family == AF_INET6 &&
595 /* we use IPV6_2292PKTINFO, as IPV6_PKTINFO is defined as
596 * 2 or 50 depending on kernel header version */
597 setsockopt(skt, sol, IPV6_2292PKTINFO, &on, sizeof(on)) < 0)
598 {
599 DBG1(DBG_NET, "unable to set IPV6_PKTINFO on raw socket: %s",
600 strerror(errno));
601 close(skt);
602 return 0;
603 }
604
605 if (!hydra->kernel_interface->bypass_socket(hydra->kernel_interface,
606 skt, family))
607 {
608 DBG1(DBG_NET, "installing bypass policy on receive socket failed");
609 }
610
611 return skt;
612 }
613
614 METHOD(socket_t, destroy, void,
615 private_socket_raw_socket_t *this)
616 {
617 if (this->recv4)
618 {
619 close(this->recv4);
620 }
621 if (this->recv6)
622 {
623 close(this->recv6);
624 }
625 if (this->send4)
626 {
627 close(this->send4);
628 }
629 if (this->send6)
630 {
631 close(this->send6);
632 }
633 if (this->send4_natt)
634 {
635 close(this->send4_natt);
636 }
637 if (this->send6_natt)
638 {
639 close(this->send6_natt);
640 }
641 free(this);
642 }
643
644 /*
645 * See header for description
646 */
647 socket_raw_socket_t *socket_raw_socket_create()
648 {
649 private_socket_raw_socket_t *this;
650
651 INIT(this,
652 .public = {
653 .socket = {
654 .send = _sender,
655 .receive = _receiver,
656 .destroy = _destroy,
657 },
658 },
659 .max_packet = lib->settings->get_int(lib->settings,
660 "%s.max_packet", MAX_PACKET, charon->name),
661 );
662
663 this->recv4 = open_recv_socket(this, AF_INET);
664 if (this->recv4 == 0)
665 {
666 DBG1(DBG_NET, "could not open IPv4 receive socket, IPv4 disabled");
667 }
668 else
669 {
670 this->send4 = open_send_socket(this, AF_INET, CHARON_UDP_PORT);
671 if (this->send4 == 0)
672 {
673 DBG1(DBG_NET, "could not open IPv4 send socket, IPv4 disabled");
674 close(this->recv4);
675 }
676 else
677 {
678 this->send4_natt = open_send_socket(this, AF_INET, CHARON_NATT_PORT);
679 if (this->send4_natt == 0)
680 {
681 DBG1(DBG_NET, "could not open IPv4 NAT-T send socket");
682 }
683 }
684 }
685
686 this->recv6 = open_recv_socket(this, AF_INET6);
687 if (this->recv6 == 0)
688 {
689 DBG1(DBG_NET, "could not open IPv6 receive socket, IPv6 disabled");
690 }
691 else
692 {
693 this->send6 = open_send_socket(this, AF_INET6, CHARON_UDP_PORT);
694 if (this->send6 == 0)
695 {
696 DBG1(DBG_NET, "could not open IPv6 send socket, IPv6 disabled");
697 close(this->recv6);
698 }
699 else
700 {
701 this->send6_natt = open_send_socket(this, AF_INET6, CHARON_NATT_PORT);
702 if (this->send6_natt == 0)
703 {
704 DBG1(DBG_NET, "could not open IPv6 NAT-T send socket");
705 }
706 }
707 }
708
709 if (!(this->send4 || this->send6) || !(this->recv4 || this->recv6))
710 {
711 DBG1(DBG_NET, "could not create any sockets");
712 destroy(this);
713 return NULL;
714 }
715
716 return &this->public;
717 }
strongSwan - IPsec VPN