socket-default: Add options to disable address families

man/strongswan.conf.5.in

@@ -632,6 +632,12 @@ have a high priority according to the order defined in interface-order(5).
 .BR charon.plugins.socket-default.set_source " [yes]"
 Set source address on outbound packets, if possible.
 .TP
+.BR charon.plugins.socket-default.use_ipv4 " [yes]"
+Listen on IPv4, if possible.
+.TP
+.BR charon.plugins.socket-default.use_ipv6 " [yes]"
+Listen on IPv6, if possible.
+.TP
 .BR charon.plugins.sql.database
 Database URI for charons SQL plugin
 .TP

src/libcharon/plugins/socket_default/socket_default_socket.c

@@ -630,12 +630,37 @@ static int open_socket(private_socket_default_socket_t *this,
 	return skt;
 }
 
+/**
+ * Check if we should use the given family
+ */
+static bool use_family(int family)
+{
+	switch (family)
+	{
+		case AF_INET:
+			return lib->settings->get_bool(lib->settings,
+					"%s.plugins.socket-default.use_ipv4", TRUE, charon->name);
+		case AF_INET6:
+			return lib->settings->get_bool(lib->settings,
+					"%s.plugins.socket-default.use_ipv6", TRUE, charon->name);
+		default:
+			return FALSE;
+	}
+}
+
 /**
  * Open a socket pair (normal and NAT traversal) for a given address family
  */
 static void open_socketpair(private_socket_default_socket_t *this, int family,
 							int *skt, int *skt_natt, char *label)
 {
+	if (!use_family(family))
+	{
+		*skt = -1;
+		*skt_natt = -1;
+		return;
+	}
+
 	*skt = open_socket(this, family, &this->port);
 	if (*skt == -1)
 	{