diff options
| author | Martin Willi <martin@strongswan.org> | 2006-07-14 12:53:06 +0000 |
|---|---|---|
| committer | Martin Willi <martin@strongswan.org> | 2006-07-14 12:53:06 +0000 |
| commit | e6cfe0eecc22b4b2691d0ff48e0fe3febb0c38f0 (patch) | |
| tree | 41a6399eadb79d55df24328b9afef367cd0d472c /src | |
| parent | 106e9fc6f857a720598dc60190d329e05a4919cf (diff) | |
| download | strongswan-e6cfe0eecc22b4b2691d0ff48e0fe3febb0c38f0.tar.bz2 strongswan-e6cfe0eecc22b4b2691d0ff48e0fe3febb0c38f0.tar.xz | |
fixed UDP decapsulation by adding inbound bypass policy for send socket
Diffstat (limited to 'src')
| -rw-r--r-- | src/charon/network/socket.c | 27 |
1 files changed, 17 insertions, 10 deletions
diff --git a/src/charon/network/socket.c b/src/charon/network/socket.c index 0e38627ac..4dff479ce 100644 --- a/src/charon/network/socket.c +++ b/src/charon/network/socket.c @@ -284,6 +284,15 @@ static status_t setup_send_socket(private_socket_t *this, u_int16_t port, int *s close(fd); return FAILED; } + /* We don't receive packets on the send socket, but we need a INBOUND policy. + * Otherwise, UDP decapsulation does not work!!! */ + policy.sadb_x_policy_dir = IPSEC_DIR_INBOUND; + if (setsockopt(fd, IPPROTO_IP, IP_IPSEC_POLICY, &policy, sizeof(policy)) < 0) + { + this->logger->log(this->logger, ERROR, "unable to set IPSEC_POLICY on send socket!"); + close(fd); + return FAILED; + } /* bind the send socket */ addr.sin_family = AF_INET; @@ -305,6 +314,7 @@ static status_t setup_send_socket(private_socket_t *this, u_int16_t port, int *s static status_t initialize(private_socket_t *this) { struct sadb_x_policy policy; + int type = UDP_ENCAP_ESPINUDP; /* This filter code filters out all non-IKEv2 traffic on * a SOCK_RAW IP_PROTP_UDP socket. Handling of other @@ -384,23 +394,20 @@ static status_t initialize(private_socket_t *this) this->logger->log(this->logger, ERROR, "unable to setup send socket on port %d!", this->port); return FAILED; } - if (this->setup_send_socket(this, this->natt_port, &this->natt_fd) != SUCCESS) { this->logger->log(this->logger, ERROR, "unable to setup send socket on port %d!", this->natt_port); return FAILED; } - else + + /* enable UDP decapsulation globally */ + if (setsockopt(this->natt_fd, SOL_UDP, UDP_ENCAP, &type, sizeof(type)) < 0) { - int type = UDP_ENCAP_ESPINUDP; - if (setsockopt(this->natt_fd, SOL_UDP, UDP_ENCAP, &type, sizeof(type)) < 0) - { - this->logger->log(this->logger, ERROR, - "unable to set UDP_ENCAP on natt send socket! NAT-T may fail! error: %s", - strerror(errno)); - } + this->logger->log(this->logger, ERROR, + "unable to set UDP_ENCAP on raw socket! NAT-T may fail! error: %s", + strerror(errno)); } - + return SUCCESS; } |