socket-default: Add options to disable address families

2 files changed, 31 insertions, 0 deletions

diff --git a/man/strongswan.conf.5.in b/man/strongswan.conf.5.in
index fd8e2f216..f86e9ea10 100644
--- a/man/strongswan.conf.5.in
+++ b/man/strongswan.conf.5.in
@@ -632,6 +632,12 @@ have a high priority according to the order defined in interface-order(5).
 .BR charon.plugins.socket-default.set_source " [yes]"
 Set source address on outbound packets, if possible.
 .TP
+.BR charon.plugins.socket-default.use_ipv4 " [yes]"
+Listen on IPv4, if possible.
+.TP
+.BR charon.plugins.socket-default.use_ipv6 " [yes]"
+Listen on IPv6, if possible.
+.TP
 .BR charon.plugins.sql.database
 Database URI for charons SQL plugin
 .TP
diff --git a/src/libcharon/plugins/socket_default/socket_default_socket.c b/src/libcharon/plugins/socket_default/socket_default_socket.c
index c1ed22ecb..54380eda0 100644
--- a/src/libcharon/plugins/socket_default/socket_default_socket.c
+++ b/src/libcharon/plugins/socket_default/socket_default_socket.c
@@ -631,11 +631,36 @@ static int open_socket(private_socket_default_socket_t *this,
 }
 
 /**
+ * Check if we should use the given family
+ */
+static bool use_family(int family)
+{
+	switch (family)
+	{
+		case AF_INET:
+			return lib->settings->get_bool(lib->settings,
+					"%s.plugins.socket-default.use_ipv4", TRUE, charon->name);
+		case AF_INET6:
+			return lib->settings->get_bool(lib->settings,
+					"%s.plugins.socket-default.use_ipv6", TRUE, charon->name);
+		default:
+			return FALSE;
+	}
+}
+
+/**
  * Open a socket pair (normal and NAT traversal) for a given address family
  */
 static void open_socketpair(private_socket_default_socket_t *this, int family,
 							int *skt, int *skt_natt, char *label)
 {
+	if (!use_family(family))
+	{
+		*skt = -1;
+		*skt_natt = -1;
+		return;
+	}
+
 	*skt = open_socket(this, family, &this->port);
 	if (*skt == -1)
 	{