diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2012-02-24 11:07:34 +0100 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2012-08-08 15:12:24 +0200 |
| commit | e49abcede093ded4d11de88a6d0c25f003c9771e (patch) | |
| tree | a34d5a92882578ecb0b4820df0ff5f9af5f94807 /src/libcharon/plugins/socket_default/socket_default_socket.c | |
| parent | 08b2ce7aa7070674d756fefd365a96b600f3ebcb (diff) | |
| download | strongswan-e49abcede093ded4d11de88a6d0c25f003c9771e.tar.bz2 strongswan-e49abcede093ded4d11de88a6d0c25f003c9771e.tar.xz | |
Let kernel interfaces decide how to enable UDP decapsulation of ESP packets.
Diffstat (limited to 'src/libcharon/plugins/socket_default/socket_default_socket.c')
| -rw-r--r-- | src/libcharon/plugins/socket_default/socket_default_socket.c | 42 |
1 files changed, 6 insertions, 36 deletions
diff --git a/src/libcharon/plugins/socket_default/socket_default_socket.c b/src/libcharon/plugins/socket_default/socket_default_socket.c index eba7219b2..b035d575a 100644 --- a/src/libcharon/plugins/socket_default/socket_default_socket.c +++ b/src/libcharon/plugins/socket_default/socket_default_socket.c @@ -40,9 +40,6 @@ #include <netinet/ip.h> #include <netinet/udp.h> #include <net/if.h> -#ifdef __APPLE__ -#include <sys/sysctl.h> -#endif #include <hydra.h> #include <daemon.h> @@ -54,15 +51,6 @@ /* length of non-esp marker */ #define MARKER_LEN sizeof(u_int32_t) -/* from linux/udp.h */ -#ifndef UDP_ENCAP -#define UDP_ENCAP 100 -#endif /*UDP_ENCAP*/ - -#ifndef UDP_ENCAP_ESPINUDP -#define UDP_ENCAP_ESPINUDP 2 -#endif /*UDP_ENCAP_ESPINUDP*/ - /* these are not defined on some platforms */ #ifndef SOL_IP #define SOL_IP IPPROTO_IP @@ -70,9 +58,6 @@ #ifndef SOL_IPV6 #define SOL_IPV6 IPPROTO_IPV6 #endif -#ifndef SOL_UDP -#define SOL_UDP IPPROTO_UDP -#endif /* IPV6_RECVPKTINFO is defined in RFC 3542 which obsoletes RFC 2292 that * previously defined IPV6_PKTINFO */ @@ -513,17 +498,14 @@ static int open_socket(private_socket_default_socket_t *this, DBG1(DBG_NET, "installing IKE bypass policy failed"); } -#ifndef __APPLE__ + /* enable UDP decapsulation globally, only for one socket needed */ + if (family == AF_INET && port == CHARON_NATT_PORT && + !hydra->kernel_interface->enable_udp_decap(hydra->kernel_interface, + skt, family, port)) { - /* enable UDP decapsulation globally, only for one socket needed */ - int type = UDP_ENCAP_ESPINUDP; - if (family == AF_INET && port == CHARON_NATT_PORT && - setsockopt(skt, SOL_UDP, UDP_ENCAP, &type, sizeof(type)) < 0) - { - DBG1(DBG_NET, "unable to set UDP_ENCAP: %s", strerror(errno)); - } + DBG1(DBG_NET, "enabling UDP decapsulation failed"); } -#endif + return skt; } @@ -568,18 +550,6 @@ socket_default_socket_t *socket_default_socket_create() "%s.max_packet", MAX_PACKET, charon->name), ); -#ifdef __APPLE__ - { - int natt_port = CHARON_NATT_PORT; - if (sysctlbyname("net.inet.ipsec.esp_port", NULL, NULL, &natt_port, - sizeof(natt_port)) != 0) - { - DBG1(DBG_NET, "could not set net.inet.ipsec.esp_port to %d: %s", - natt_port, strerror(errno)); - } - } -#endif - this->ipv4 = open_socket(this, AF_INET, CHARON_UDP_PORT); if (this->ipv4 == 0) { |