diff options
Diffstat (limited to 'src/libcharon/plugins/socket_default')
4 files changed, 170 insertions, 77 deletions
diff --git a/src/libcharon/plugins/socket_default/Makefile.am b/src/libcharon/plugins/socket_default/Makefile.am index 635a1c548..d734b313f 100644 --- a/src/libcharon/plugins/socket_default/Makefile.am +++ b/src/libcharon/plugins/socket_default/Makefile.am @@ -1,8 +1,11 @@ +AM_CPPFLAGS = \ + -I${linux_headers} \ + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon -INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan \ - -I$(top_srcdir)/src/libhydra -I$(top_srcdir)/src/libcharon - -AM_CFLAGS = -rdynamic +AM_CFLAGS = \ + -rdynamic if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-socket-default.la diff --git a/src/libcharon/plugins/socket_default/Makefile.in b/src/libcharon/plugins/socket_default/Makefile.in index 2e04d6627..2e0140298 100644 --- a/src/libcharon/plugins/socket_default/Makefile.in +++ b/src/libcharon/plugins/socket_default/Makefile.in @@ -62,7 +62,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/macros/with.m4 \ $(top_srcdir)/m4/macros/enable-disable.m4 \ $(top_srcdir)/m4/macros/add-plugin.m4 \ - $(top_srcdir)/configure.in + $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d @@ -103,7 +103,10 @@ am_libstrongswan_socket_default_la_OBJECTS = socket_default_socket.lo \ socket_default_plugin.lo libstrongswan_socket_default_la_OBJECTS = \ $(am_libstrongswan_socket_default_la_OBJECTS) -libstrongswan_socket_default_la_LINK = $(LIBTOOL) --tag=CC \ +AM_V_lt = $(am__v_lt_@AM_V@) +am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) +am__v_lt_0 = --silent +libstrongswan_socket_default_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(AM_CFLAGS) $(CFLAGS) \ $(libstrongswan_socket_default_la_LDFLAGS) $(LDFLAGS) -o $@ @@ -116,13 +119,26 @@ am__depfiles_maybe = depfiles am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ - --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ - $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ + $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ + $(AM_CFLAGS) $(CFLAGS) +AM_V_CC = $(am__v_CC_@AM_V@) +am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) +am__v_CC_0 = @echo " CC " $@; +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ CCLD = $(CC) -LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ - --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ - $(LDFLAGS) -o $@ +LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_CCLD = $(am__v_CCLD_@AM_V@) +am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) +am__v_CCLD_0 = @echo " CCLD " $@; +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; SOURCES = $(libstrongswan_socket_default_la_SOURCES) DIST_SOURCES = $(libstrongswan_socket_default_la_SOURCES) am__can_run_installinfo = \ @@ -136,6 +152,7 @@ DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ @@ -148,6 +165,8 @@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CHECK_CFLAGS = @CHECK_CFLAGS@ CHECK_LIBS = @CHECK_LIBS@ +COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ +COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -163,6 +182,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ GREP = @GREP@ @@ -171,6 +191,7 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LCOV = @LCOV@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ @@ -217,6 +238,7 @@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ SOCKLIB = @SOCKLIB@ STRIP = @STRIP@ +UNWINDLIB = @UNWINDLIB@ VERSION = @VERSION@ YACC = @YACC@ YFLAGS = @YFLAGS@ @@ -245,6 +267,7 @@ charon_natt_port = @charon_natt_port@ charon_plugins = @charon_plugins@ charon_udp_port = @charon_udp_port@ clearsilver_LIBS = @clearsilver_LIBS@ +cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ dbusservicedir = @dbusservicedir@ @@ -322,10 +345,15 @@ top_srcdir = @top_srcdir@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ -INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan \ - -I$(top_srcdir)/src/libhydra -I$(top_srcdir)/src/libcharon +AM_CPPFLAGS = \ + -I${linux_headers} \ + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon + +AM_CFLAGS = \ + -rdynamic -AM_CFLAGS = -rdynamic @MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-socket-default.la @MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-socket-default.la libstrongswan_socket_default_la_SOURCES = \ @@ -409,7 +437,7 @@ clean-pluginLTLIBRARIES: rm -f "$${dir}/so_locations"; \ done libstrongswan-socket-default.la: $(libstrongswan_socket_default_la_OBJECTS) $(libstrongswan_socket_default_la_DEPENDENCIES) $(EXTRA_libstrongswan_socket_default_la_DEPENDENCIES) - $(libstrongswan_socket_default_la_LINK) $(am_libstrongswan_socket_default_la_rpath) $(libstrongswan_socket_default_la_OBJECTS) $(libstrongswan_socket_default_la_LIBADD) $(LIBS) + $(AM_V_CCLD)$(libstrongswan_socket_default_la_LINK) $(am_libstrongswan_socket_default_la_rpath) $(libstrongswan_socket_default_la_OBJECTS) $(libstrongswan_socket_default_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -421,25 +449,25 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/socket_default_socket.Plo@am__quote@ .c.o: -@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(COMPILE) -c $< +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< .c.obj: -@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: -@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo diff --git a/src/libcharon/plugins/socket_default/socket_default_plugin.c b/src/libcharon/plugins/socket_default/socket_default_plugin.c index 01d9473bf..e89b74279 100644 --- a/src/libcharon/plugins/socket_default/socket_default_plugin.c +++ b/src/libcharon/plugins/socket_default/socket_default_plugin.c @@ -52,6 +52,7 @@ METHOD(plugin_t, get_features, int, static plugin_feature_t f[] = { PLUGIN_CALLBACK(socket_register, socket_default_socket_create), PLUGIN_PROVIDE(CUSTOM, "socket"), + PLUGIN_SDEPEND(CUSTOM, "kernel-ipsec"), }; *features = f; return countof(f); diff --git a/src/libcharon/plugins/socket_default/socket_default_socket.c b/src/libcharon/plugins/socket_default/socket_default_socket.c index c0b744a68..4139afe5a 100644 --- a/src/libcharon/plugins/socket_default/socket_default_socket.c +++ b/src/libcharon/plugins/socket_default/socket_default_socket.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2006-2012 Tobias Brunner + * Copyright (C) 2006-2013 Tobias Brunner * Copyright (C) 2006 Daniel Roethlisberger * Copyright (C) 2005-2010 Martin Willi * Copyright (C) 2005 Jan Hutter @@ -162,23 +162,26 @@ METHOD(socket_t, receiver, status_t, FD_ZERO(&rfds); - if (this->ipv4) + if (this->ipv4 != -1) { FD_SET(this->ipv4, &rfds); + max_fd = max(max_fd, this->ipv4); } - if (this->ipv4_natt) + if (this->ipv4_natt != -1) { FD_SET(this->ipv4_natt, &rfds); + max_fd = max(max_fd, this->ipv4_natt); } - if (this->ipv6) + if (this->ipv6 != -1) { FD_SET(this->ipv6, &rfds); + max_fd = max(max_fd, this->ipv6); } - if (this->ipv6_natt) + if (this->ipv6_natt != -1) { FD_SET(this->ipv6_natt, &rfds); + max_fd = max(max_fd, this->ipv6_natt); } - max_fd = max(max(this->ipv4, this->ipv4_natt), max(this->ipv6, this->ipv6_natt)); DBG2(DBG_NET, "waiting for data on sockets"); oldstate = thread_cancelability(TRUE); @@ -189,22 +192,22 @@ METHOD(socket_t, receiver, status_t, } thread_cancelability(oldstate); - if (FD_ISSET(this->ipv4, &rfds)) + if (this->ipv4 != -1 && FD_ISSET(this->ipv4, &rfds)) { port = this->port; selected = this->ipv4; } - if (FD_ISSET(this->ipv4_natt, &rfds)) + if (this->ipv4_natt != -1 && FD_ISSET(this->ipv4_natt, &rfds)) { port = this->natt; selected = this->ipv4_natt; } - if (FD_ISSET(this->ipv6, &rfds)) + if (this->ipv6 != -1 && FD_ISSET(this->ipv6, &rfds)) { port = this->port; selected = this->ipv6; } - if (FD_ISSET(this->ipv6_natt, &rfds)) + if (this->ipv6_natt != -1 && FD_ISSET(this->ipv6_natt, &rfds)) { port = this->natt; selected = this->ipv6_natt; @@ -326,7 +329,7 @@ METHOD(socket_t, receiver, status_t, METHOD(socket_t, sender, status_t, private_socket_default_socket_t *this, packet_t *packet) { - int sport, skt, family; + int sport, skt = -1, family; ssize_t bytes_sent; chunk_t data; host_t *src, *dst; @@ -376,9 +379,10 @@ METHOD(socket_t, sender, status_t, return FAILED; } } - else + if (skt == -1) { - DBG1(DBG_NET, "unable to locate a send socket for port %d", sport); + DBG1(DBG_NET, "no socket found to send IPv%d packet from port %d", + family == AF_INET ? 4 : 6, sport); return FAILED; } @@ -497,6 +501,22 @@ METHOD(socket_t, get_port, u_int16_t, return nat_t ? this->natt : this->port; } +METHOD(socket_t, supported_families, socket_family_t, + private_socket_default_socket_t *this) +{ + socket_family_t families = SOCKET_FAMILY_NONE; + + if (this->ipv4 != -1 || this->ipv4_natt != -1) + { + families |= SOCKET_FAMILY_IPV4; + } + if (this->ipv6 != -1 || this->ipv6_natt != -1) + { + families |= SOCKET_FAMILY_IPV6; + } + return families; +} + /** * open a socket to send and receive packets */ @@ -537,20 +557,20 @@ static int open_socket(private_socket_default_socket_t *this, pktinfo = IPV6_RECVPKTINFO; break; default: - return 0; + return -1; } skt = socket(family, SOCK_DGRAM, IPPROTO_UDP); if (skt < 0) { DBG1(DBG_NET, "could not open socket: %s", strerror(errno)); - return 0; + return -1; } if (setsockopt(skt, SOL_SOCKET, SO_REUSEADDR, (void*)&on, sizeof(on)) < 0) { DBG1(DBG_NET, "unable to set SO_REUSEADDR on socket: %s", strerror(errno)); close(skt); - return 0; + return -1; } /* bind the socket */ @@ -558,7 +578,7 @@ static int open_socket(private_socket_default_socket_t *this, { DBG1(DBG_NET, "unable to bind socket: %s", strerror(errno)); close(skt); - return 0; + return -1; } /* retrieve randomly allocated port if needed */ @@ -568,7 +588,7 @@ static int open_socket(private_socket_default_socket_t *this, { DBG1(DBG_NET, "unable to determine port: %s", strerror(errno)); close(skt); - return 0; + return -1; } switch (family) { @@ -588,7 +608,7 @@ static int open_socket(private_socket_default_socket_t *this, { DBG1(DBG_NET, "unable to set IP_PKTINFO on socket: %s", strerror(errno)); close(skt); - return 0; + return -1; } } @@ -610,22 +630,69 @@ static int open_socket(private_socket_default_socket_t *this, return skt; } +/** + * Check if we should use the given family + */ +static bool use_family(int family) +{ + switch (family) + { + case AF_INET: + return lib->settings->get_bool(lib->settings, + "%s.plugins.socket-default.use_ipv4", TRUE, charon->name); + case AF_INET6: + return lib->settings->get_bool(lib->settings, + "%s.plugins.socket-default.use_ipv6", TRUE, charon->name); + default: + return FALSE; + } +} + +/** + * Open a socket pair (normal and NAT traversal) for a given address family + */ +static void open_socketpair(private_socket_default_socket_t *this, int family, + int *skt, int *skt_natt, char *label) +{ + if (!use_family(family)) + { + *skt = -1; + *skt_natt = -1; + return; + } + + *skt = open_socket(this, family, &this->port); + if (*skt == -1) + { + *skt_natt = -1; + DBG1(DBG_NET, "could not open %s socket, %s disabled", label, label); + } + else + { + *skt_natt = open_socket(this, family, &this->natt); + if (*skt_natt == -1) + { + DBG1(DBG_NET, "could not open %s NAT-T socket", label); + } + } +} + METHOD(socket_t, destroy, void, private_socket_default_socket_t *this) { - if (this->ipv4) + if (this->ipv4 != -1) { close(this->ipv4); } - if (this->ipv4_natt) + if (this->ipv4_natt != -1) { close(this->ipv4_natt); } - if (this->ipv6) + if (this->ipv6 != -1) { close(this->ipv6); } - if (this->ipv6_natt) + if (this->ipv6_natt != -1) { close(this->ipv6_natt); } @@ -645,6 +712,7 @@ socket_default_socket_t *socket_default_socket_create() .send = _sender, .receive = _receiver, .get_port = _get_port, + .supported_families = _supported_families, .destroy = _destroy, }, }, @@ -666,37 +734,30 @@ socket_default_socket_t *socket_default_socket_create() this->natt = 0; } - /* we allocate IPv6 sockets first as that will reserve randomly allocated - * ports also for IPv4 */ - this->ipv6 = open_socket(this, AF_INET6, &this->port); - if (this->ipv6 == 0) - { - DBG1(DBG_NET, "could not open IPv6 socket, IPv6 disabled"); - } - else - { - this->ipv6_natt = open_socket(this, AF_INET6, &this->natt); - if (this->ipv6_natt == 0) - { - DBG1(DBG_NET, "could not open IPv6 NAT-T socket"); - } - } - - this->ipv4 = open_socket(this, AF_INET, &this->port); - if (this->ipv4 == 0) - { - DBG1(DBG_NET, "could not open IPv4 socket, IPv4 disabled"); - } - else + if ((this->port && this->port < 1024) || (this->natt && this->natt < 1024)) { - this->ipv4_natt = open_socket(this, AF_INET, &this->natt); - if (this->ipv4_natt == 0) + if (!lib->caps->check(lib->caps, CAP_NET_BIND_SERVICE)) { - DBG1(DBG_NET, "could not open IPv4 NAT-T socket"); + /* required to bind ports < 1024 */ + DBG1(DBG_NET, "socket-default plugin requires CAP_NET_BIND_SERVICE " + "capability"); + destroy(this); + return NULL; } } - if (!this->ipv4 && !this->ipv6) + /* we allocate IPv6 sockets first as that will reserve randomly allocated + * ports also for IPv4. On OS X, we have to do it the other way round + * for the same effect. */ +#ifdef __APPLE__ + open_socketpair(this, AF_INET, &this->ipv4, &this->ipv4_natt, "IPv4"); + open_socketpair(this, AF_INET6, &this->ipv6, &this->ipv6_natt, "IPv6"); +#else /* !__APPLE__ */ + open_socketpair(this, AF_INET6, &this->ipv6, &this->ipv6_natt, "IPv6"); + open_socketpair(this, AF_INET, &this->ipv4, &this->ipv4_natt, "IPv4"); +#endif /* __APPLE__ */ + + if (this->ipv4 == -1 && this->ipv6 == -1) { DBG1(DBG_NET, "could not create any sockets"); destroy(this); |