Cross Reference: /freebsd-10.2-release/lib/libipsec/pfkey.c

Deleted Added

sdiff udiff text old ( 55505 ) new ( 62583 )

full compact

pfkey.c (55505)	pfkey.c (62583)
	1/* $FreeBSD: head/lib/libipsec/pfkey.c 62583 2000-07-04 16:22:05Z itojun $ / 2/ $KAME: pfkey.c,v 1.31 2000/06/10 14:17:43 sakane Exp $ */ 3
1/* 2 * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project. 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright --- 11 unchanged lines hidden (view full) --- 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE.	4/* 5 * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright --- 11 unchanged lines hidden (view full) --- 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE.
28 * 29 * $FreeBSD: head/lib/libipsec/pfkey.c 55505 2000-01-06 12:40:54Z shin $
30 */ 31	31 */ 32
32#ifndef lint 33static char *rcsid = "@(#) pfkey.c $Revision: 1.10 $"; 34#endif 35
36#include <sys/types.h> 37#include <sys/param.h> 38#include <sys/socket.h> 39#include <net/pfkeyv2.h> 40#include <netkey/key_var.h> 41#include <netinet/in.h>	33#include <sys/types.h> 34#include <sys/param.h> 35#include <sys/socket.h> 36#include <net/pfkeyv2.h> 37#include <netkey/key_var.h> 38#include <netinet/in.h>
42#include <netinet6/in6.h>
43#include <netinet6/ipsec.h> 44 45#include <stdlib.h> 46#include <unistd.h> 47#include <string.h> 48#include <errno.h> 49 50#include "ipsec_strerror.h"	39#include <netinet6/ipsec.h> 40 41#include <stdlib.h> 42#include <unistd.h> 43#include <string.h> 44#include <errno.h> 45 46#include "ipsec_strerror.h"
	47#include "libpfkey.h"
51	48
52#define CALLOC(size, cast) (cast)calloc(1, (size))	49#define CALLOC(size, cast) (cast)calloc(1, (size))
53	50
54static int pfkey_send_x1 __P((int so, u_int type, u_int satype, u_int mode, 55 struct sockaddr src, struct sockaddr dst, u_int32_t spi, u_int wsize, 56 caddr_t keymat, 57 u_int e_type, u_int e_keylen, u_int a_type, u_int a_keylen, 58 u_int flags, 59 u_int32_t l_alloc, u_int32_t l_bytes, 60 u_int32_t l_addtime, u_int32_t l_usetime, u_int32_t seq)); 61static int pfkey_send_x2 __P((int so, u_int type, u_int satype, u_int mode, 62 struct sockaddr src, struct sockaddr dst, u_int32_t spi)); 63static int pfkey_send_x3 __P((int so, u_int type, u_int satype));	51static int pfkey_send_x1 __P((int, u_int, u_int, u_int, struct sockaddr , 52 struct sockaddr , u_int32_t, u_int32_t, u_int, caddr_t, 53 u_int, u_int, u_int, u_int, u_int, u_int32_t, u_int32_t, 54 u_int32_t, u_int32_t, u_int32_t)); 55static int pfkey_send_x2 __P((int, u_int, u_int, u_int, 56 struct sockaddr , struct sockaddr , u_int32_t)); 57static int pfkey_send_x3 __P((int, u_int, u_int)); 58static int pfkey_send_x4 __P((int, u_int, struct sockaddr , u_int, 59 struct sockaddr , u_int, u_int, char *, int, u_int32_t)); 60static int pfkey_send_x5 __P((int, u_int, u_int32_t));
64	61
65static caddr_t pfkey_setsadbmsg __P((caddr_t buf, u_int type, u_int tlen, 66 u_int satype, u_int mode, u_int32_t seq, pid_t pid)); 67static caddr_t pfkey_setsadbsa __P((caddr_t buf, u_int32_t spi, u_int wsize, 68 u_int auth, u_int enc, u_int32_t flags)); 69static caddr_t pfkey_setsadbaddr __P((caddr_t buf, u_int exttype, 70 struct sockaddr *saddr, u_int prefixlen, u_int ul_proto)); 71static caddr_t pfkey_setsadbkey(caddr_t buf, u_int type, 72 caddr_t key, u_int keylen); 73static caddr_t pfkey_setsadblifetime(caddr_t buf, u_int type, 74 u_int32_t l_alloc, u_int32_t l_bytes, 75 u_int32_t l_addtime, u_int32_t l_usetime);	62static caddr_t pfkey_setsadbmsg __P((caddr_t, u_int, u_int, 63 u_int, u_int32_t, pid_t)); 64static caddr_t pfkey_setsadbsa __P((caddr_t, u_int32_t, u_int, 65 u_int, u_int, u_int32_t)); 66static caddr_t pfkey_setsadbaddr __P((caddr_t, u_int, 67 struct sockaddr *, u_int, u_int)); 68static caddr_t pfkey_setsadbkey __P((caddr_t, u_int, caddr_t, u_int)); 69static caddr_t pfkey_setsadblifetime __P((caddr_t, u_int, u_int32_t, u_int32_t, 70 u_int32_t, u_int32_t)); 71static caddr_t pfkey_setsadbxsa2 __P((caddr_t, u_int32_t, u_int32_t));
76 77/* 78 * check key length against algorithm specified. 79 * supported is either SADB_EXT_SUPPORTED_ENCRYPT or SADB_EXT_SUPPORTED_AUTH. 80 * Refer to keyv2.h to get more info. 81 * keylen is the unit of bit. 82 * OUT: 83 * -1: invalid. --- 9 unchanged lines hidden (view full) --- 93{ 94 u_int tlen; 95 caddr_t p; 96 struct sadb_supported sup; 97 struct sadb_alg alg; 98 99 /* validity check / 100* if (ipsec_supported == NULL) {	72 73/* 74 * check key length against algorithm specified. 75 * supported is either SADB_EXT_SUPPORTED_ENCRYPT or SADB_EXT_SUPPORTED_AUTH. 76 * Refer to keyv2.h to get more info. 77 * keylen is the unit of bit. 78 * OUT: 79 * -1: invalid. --- 9 unchanged lines hidden (view full) --- 89{ 90 u_int tlen; 91 caddr_t p; 92 struct sadb_supported sup; 93 struct sadb_alg alg; 94 95 /* validity check */ 96 if (ipsec_supported == NULL) {
101 ipsec_errcode = EIPSEC_DO_GET_SUPP_LIST;	97 __ipsec_errcode = EIPSEC_DO_GET_SUPP_LIST;
102 return -1; 103 } 104 switch (supported) { 105 case SADB_EXT_SUPPORTED_AUTH: 106 case SADB_EXT_SUPPORTED_ENCRYPT: 107 break; 108 default:	98 return -1; 99 } 100 switch (supported) { 101 case SADB_EXT_SUPPORTED_AUTH: 102 case SADB_EXT_SUPPORTED_ENCRYPT: 103 break; 104 default:
109 ipsec_errcode = EIPSEC_INVAL_ARGUMENT;	105 __ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
110 return -1; 111 } 112 113 tlen = ipsec_supported->sadb_msg_len - sizeof(struct sadb_msg); 114 p = (caddr_t)ipsec_supported + sizeof(struct sadb_msg); 115 116 for (; 117 tlen > 0; --- 14 unchanged lines hidden (view full) --- 132 alg = (struct sadb_alg )pp; 133* 134 if (alg->sadb_alg_id == alg_id) 135 goto found; 136 } 137 } 138 } 139	106 return -1; 107 } 108 109 tlen = ipsec_supported->sadb_msg_len - sizeof(struct sadb_msg); 110 p = (caddr_t)ipsec_supported + sizeof(struct sadb_msg); 111 112 for (; 113 tlen > 0; --- 14 unchanged lines hidden (view full) --- 128 alg = (struct sadb_alg )pp; 129* 130 if (alg->sadb_alg_id == alg_id) 131 goto found; 132 } 133 } 134 } 135
140 ipsec_errcode = EIPSEC_NOT_SUPPORTED;	136 __ipsec_errcode = EIPSEC_NOT_SUPPORTED;
141 return -1; 142 /* NOTREACHED / 143* 144 found: 145 if (keylen < alg->sadb_alg_minbits 146 \|\| keylen > alg->sadb_alg_maxbits) {	137 return -1; 138 /* NOTREACHED / 139* 140 found: 141 if (keylen < alg->sadb_alg_minbits 142 \|\| keylen > alg->sadb_alg_maxbits) {
147 ipsec_errcode = EIPSEC_INVAL_KEYLEN;	143 __ipsec_errcode = EIPSEC_INVAL_KEYLEN;
148 return -1; 149 } 150	144 return -1; 145 } 146
151 ipsec_errcode = EIPSEC_NO_ERROR;	147 __ipsec_errcode = EIPSEC_NO_ERROR;
152 return 0; 153} 154 155/* 156 * set the rate for SOFT lifetime against HARD one. 157 * If rate is more than 100 or equal to zero, then set to 100. 158 / 159static u_int soft_lifetime_allocations_rate = PFKEY_SOFT_LIFETIME_RATE; 160static u_int soft_lifetime_bytes_rate = PFKEY_SOFT_LIFETIME_RATE; 161static u_int soft_lifetime_addtime_rate = PFKEY_SOFT_LIFETIME_RATE; 162static u_int soft_lifetime_usetime_rate = PFKEY_SOFT_LIFETIME_RATE; 163* 164u_int 165pfkey_set_softrate(type, rate) 166 u_int type, rate; 167{	148 return 0; 149} 150 151/* 152 * set the rate for SOFT lifetime against HARD one. 153 * If rate is more than 100 or equal to zero, then set to 100. 154 / 155static u_int soft_lifetime_allocations_rate = PFKEY_SOFT_LIFETIME_RATE; 156static u_int soft_lifetime_bytes_rate = PFKEY_SOFT_LIFETIME_RATE; 157static u_int soft_lifetime_addtime_rate = PFKEY_SOFT_LIFETIME_RATE; 158static u_int soft_lifetime_usetime_rate = PFKEY_SOFT_LIFETIME_RATE; 159* 160u_int 161pfkey_set_softrate(type, rate) 162 u_int type, rate; 163{
168 ipsec_errcode = EIPSEC_NO_ERROR;	164 __ipsec_errcode = EIPSEC_NO_ERROR;
169 170 if (rate > 100 \|\| rate == 0) 171 rate = 100; 172 173 switch (type) { 174 case SADB_X_LIFETIME_ALLOCATIONS: 175 soft_lifetime_allocations_rate = rate; 176 return 0; 177 case SADB_X_LIFETIME_BYTES: 178 soft_lifetime_bytes_rate = rate; 179 return 0; 180 case SADB_X_LIFETIME_ADDTIME: 181 soft_lifetime_addtime_rate = rate; 182 return 0; 183 case SADB_X_LIFETIME_USETIME: 184 soft_lifetime_usetime_rate = rate; 185 return 0; 186 } 187	165 166 if (rate > 100 \|\| rate == 0) 167 rate = 100; 168 169 switch (type) { 170 case SADB_X_LIFETIME_ALLOCATIONS: 171 soft_lifetime_allocations_rate = rate; 172 return 0; 173 case SADB_X_LIFETIME_BYTES: 174 soft_lifetime_bytes_rate = rate; 175 return 0; 176 case SADB_X_LIFETIME_ADDTIME: 177 soft_lifetime_addtime_rate = rate; 178 return 0; 179 case SADB_X_LIFETIME_USETIME: 180 soft_lifetime_usetime_rate = rate; 181 return 0; 182 } 183
188 ipsec_errcode = EIPSEC_INVAL_ARGUMENT;	184 __ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
189 return 1; 190} 191 192/* 193 * get current rate for SOFT lifetime against HARD one. 194 * ATTENTION: ~0 is returned if invalid type was passed. 195 / 196u_int --- 16 unchanged lines hidden* (view full) --- 213 214/* 215 * sending SADB_GETSPI message to the kernel. 216 * OUT: 217 * positive: success and return length sent. 218 * -1 : error occured, and set errno. 219 / 220*int	185 return 1; 186} 187 188/* 189 * get current rate for SOFT lifetime against HARD one. 190 * ATTENTION: ~0 is returned if invalid type was passed. 191 / 192u_int --- 16 unchanged lines hidden* (view full) --- 209 210/* 211 * sending SADB_GETSPI message to the kernel. 212 * OUT: 213 * positive: success and return length sent. 214 * -1 : error occured, and set errno. 215 / 216*int
221pfkey_send_getspi(so, satype, mode, src, dst, min, max, seq)	217pfkey_send_getspi(so, satype, mode, src, dst, min, max, reqid, seq)
222 int so; 223 u_int satype, mode; 224 struct sockaddr src, dst;	218 int so; 219 u_int satype, mode; 220 struct sockaddr src, dst;
225 u_int32_t min, max, seq;	221 u_int32_t min, max, reqid, seq;
226{ 227 struct sadb_msg newmsg; 228* int len; 229 int need_spirange = 0; 230 caddr_t p;	222{ 223 struct sadb_msg newmsg; 224* int len; 225 int need_spirange = 0; 226 caddr_t p;
	227 int plen;
231 232 /* validity check / 233* if (src == NULL \|\| dst == NULL) {	228 229 /* validity check / 230* if (src == NULL \|\| dst == NULL) {
234 ipsec_errcode = EIPSEC_INVAL_ARGUMENT;	231 __ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
235 return -1; 236 } 237 if (src->sa_family != dst->sa_family) {	232 return -1; 233 } 234 if (src->sa_family != dst->sa_family) {
238 ipsec_errcode = EIPSEC_FAMILY_MISMATCH;	235 __ipsec_errcode = EIPSEC_FAMILY_MISMATCH;
239 return -1; 240 } 241 if (min > max \|\| (min > 0 && min <= 255)) {	236 return -1; 237 } 238 if (min > max \|\| (min > 0 && min <= 255)) {
242 ipsec_errcode = EIPSEC_INVAL_SPI;	239 __ipsec_errcode = EIPSEC_INVAL_SPI;
243 return -1; 244 }	240 return -1; 241 }
	242 switch (src->sa_family) { 243 case AF_INET: 244 plen = sizeof(struct in_addr) << 3; 245 break; 246 case AF_INET6: 247 plen = sizeof(struct in6_addr) << 3; 248 break; 249 default: 250 __ipsec_errcode = EIPSEC_INVAL_FAMILY; 251 return -1; 252 }
245 246 /* create new sadb_msg to send. / 247* len = sizeof(struct sadb_msg)	253 254 /* create new sadb_msg to send. / 255* len = sizeof(struct sadb_msg)
	256 + sizeof(struct sadb_x_sa2)
248 + sizeof(struct sadb_address) 249 + PFKEY_ALIGN8(src->sa_len) 250 + sizeof(struct sadb_address) 251 + PFKEY_ALIGN8(dst->sa_len); 252 253 if (min > 255 && max < ~0) { 254 need_spirange++; 255 len += sizeof(struct sadb_spirange); 256 } 257 258 if ((newmsg = CALLOC(len, struct sadb_msg *)) == NULL) {	257 + sizeof(struct sadb_address) 258 + PFKEY_ALIGN8(src->sa_len) 259 + sizeof(struct sadb_address) 260 + PFKEY_ALIGN8(dst->sa_len); 261 262 if (min > 255 && max < ~0) { 263 need_spirange++; 264 len += sizeof(struct sadb_spirange); 265 } 266 267 if ((newmsg = CALLOC(len, struct sadb_msg *)) == NULL) {
259 ipsec_set_strerror(strerror(errno));	268 __ipsec_set_strerror(strerror(errno));
260 return -1; 261 } 262 263 p = pfkey_setsadbmsg((caddr_t)newmsg, SADB_GETSPI,	269 return -1; 270 } 271 272 p = pfkey_setsadbmsg((caddr_t)newmsg, SADB_GETSPI,
264 len, satype, mode, seq, getpid());	273 len, satype, seq, getpid());
265	274
	275 p = pfkey_setsadbxsa2(p, mode, reqid); 276
266 /* set sadb_address for source */	277 /* set sadb_address for source */
267 p = pfkey_setsadbaddr(p, 268 SADB_EXT_ADDRESS_SRC, 269 src, 270 _INALENBYAF(src->sa_family) << 3, 271 IPSEC_ULPROTO_ANY);	278 p = pfkey_setsadbaddr(p, SADB_EXT_ADDRESS_SRC, src, plen, 279 IPSEC_ULPROTO_ANY);
272 273 /* set sadb_address for destination */	280 281 /* set sadb_address for destination */
274 p = pfkey_setsadbaddr(p, 275 SADB_EXT_ADDRESS_DST, 276 dst, 277 _INALENBYAF(dst->sa_family) << 3, 278 IPSEC_ULPROTO_ANY);	282 p = pfkey_setsadbaddr(p, SADB_EXT_ADDRESS_DST, dst, plen, 283 IPSEC_ULPROTO_ANY);
279 280 /* proccessing spi range / 281* if (need_spirange) { 282 int _len = sizeof(struct sadb_spirange); 283	284 285 /* proccessing spi range / 286* if (need_spirange) { 287 int _len = sizeof(struct sadb_spirange); 288
284#define _SADB_SPIRANGE(p) ((struct sadb_spirange *)(p))	289#define _SADB_SPIRANGE(p) ((struct sadb_spirange *)(p))
285 _SADB_SPIRANGE(p)->sadb_spirange_len = PFKEY_UNIT64(_len); 286 _SADB_SPIRANGE(p)->sadb_spirange_exttype = SADB_EXT_SPIRANGE; 287 _SADB_SPIRANGE(p)->sadb_spirange_min = min; 288 _SADB_SPIRANGE(p)->sadb_spirange_max = max; 289#undef _SADB_SPIRANGE(p) 290 p += _len; 291 } 292 293 /* send message / 294* len = pfkey_send(so, newmsg, len); 295 free(newmsg); 296 297 if (len < 0) 298 return -1; 299	290 _SADB_SPIRANGE(p)->sadb_spirange_len = PFKEY_UNIT64(_len); 291 _SADB_SPIRANGE(p)->sadb_spirange_exttype = SADB_EXT_SPIRANGE; 292 _SADB_SPIRANGE(p)->sadb_spirange_min = min; 293 _SADB_SPIRANGE(p)->sadb_spirange_max = max; 294#undef _SADB_SPIRANGE(p) 295 p += _len; 296 } 297 298 /* send message / 299* len = pfkey_send(so, newmsg, len); 300 free(newmsg); 301 302 if (len < 0) 303 return -1; 304
300 ipsec_errcode = EIPSEC_NO_ERROR;	305 __ipsec_errcode = EIPSEC_NO_ERROR;
301 return len; 302} 303 304/* 305 * sending SADB_UPDATE message to the kernel. 306 * The length of key material is a_keylen + e_keylen. 307 * OUT: 308 * positive: success and return length sent. 309 * -1 : error occured, and set errno. 310 / 311*int	306 return len; 307} 308 309/* 310 * sending SADB_UPDATE message to the kernel. 311 * The length of key material is a_keylen + e_keylen. 312 * OUT: 313 * positive: success and return length sent. 314 * -1 : error occured, and set errno. 315 / 316*int
312pfkey_send_update(so, satype, mode, src, dst, spi, wsize,	317pfkey_send_update(so, satype, mode, src, dst, spi, reqid, wsize,
313 keymat, e_type, e_keylen, a_type, a_keylen, flags, 314 l_alloc, l_bytes, l_addtime, l_usetime, seq) 315 int so; 316 u_int satype, mode, wsize; 317 struct sockaddr src, dst;	318 keymat, e_type, e_keylen, a_type, a_keylen, flags, 319 l_alloc, l_bytes, l_addtime, l_usetime, seq) 320 int so; 321 u_int satype, mode, wsize; 322 struct sockaddr src, dst;
318 u_int32_t spi;	323 u_int32_t spi, reqid;
319 caddr_t keymat; 320 u_int e_type, e_keylen, a_type, a_keylen, flags; 321 u_int32_t l_alloc; 322 u_int64_t l_bytes, l_addtime, l_usetime; 323 u_int32_t seq; 324{ 325 int len; 326 if ((len = pfkey_send_x1(so, SADB_UPDATE, satype, mode, src, dst, spi,	324 caddr_t keymat; 325 u_int e_type, e_keylen, a_type, a_keylen, flags; 326 u_int32_t l_alloc; 327 u_int64_t l_bytes, l_addtime, l_usetime; 328 u_int32_t seq; 329{ 330 int len; 331 if ((len = pfkey_send_x1(so, SADB_UPDATE, satype, mode, src, dst, spi,
327 wsize, keymat, e_type, e_keylen, a_type, a_keylen, flags,	332 reqid, wsize, 333 keymat, e_type, e_keylen, a_type, a_keylen, flags,
328 l_alloc, l_bytes, l_addtime, l_usetime, seq)) < 0) 329 return -1; 330 331 return len; 332} 333 334/* 335 * sending SADB_ADD message to the kernel. 336 * The length of key material is a_keylen + e_keylen. 337 * OUT: 338 * positive: success and return length sent. 339 * -1 : error occured, and set errno. 340 / 341*int	334 l_alloc, l_bytes, l_addtime, l_usetime, seq)) < 0) 335 return -1; 336 337 return len; 338} 339 340/* 341 * sending SADB_ADD message to the kernel. 342 * The length of key material is a_keylen + e_keylen. 343 * OUT: 344 * positive: success and return length sent. 345 * -1 : error occured, and set errno. 346 / 347*int
342pfkey_send_add(so, satype, mode, src, dst, spi, wsize,	348pfkey_send_add(so, satype, mode, src, dst, spi, reqid, wsize,
343 keymat, e_type, e_keylen, a_type, a_keylen, flags, 344 l_alloc, l_bytes, l_addtime, l_usetime, seq) 345 int so; 346 u_int satype, mode, wsize; 347 struct sockaddr src, dst;	349 keymat, e_type, e_keylen, a_type, a_keylen, flags, 350 l_alloc, l_bytes, l_addtime, l_usetime, seq) 351 int so; 352 u_int satype, mode, wsize; 353 struct sockaddr src, dst;
348 u_int32_t spi;	354 u_int32_t spi, reqid;
349 caddr_t keymat; 350 u_int e_type, e_keylen, a_type, a_keylen, flags; 351 u_int32_t l_alloc; 352 u_int64_t l_bytes, l_addtime, l_usetime; 353 u_int32_t seq; 354{ 355 int len; 356 if ((len = pfkey_send_x1(so, SADB_ADD, satype, mode, src, dst, spi,	355 caddr_t keymat; 356 u_int e_type, e_keylen, a_type, a_keylen, flags; 357 u_int32_t l_alloc; 358 u_int64_t l_bytes, l_addtime, l_usetime; 359 u_int32_t seq; 360{ 361 int len; 362 if ((len = pfkey_send_x1(so, SADB_ADD, satype, mode, src, dst, spi,
357 wsize, keymat, e_type, e_keylen, a_type, a_keylen, flags,	363 reqid, wsize, 364 keymat, e_type, e_keylen, a_type, a_keylen, flags,
358 l_alloc, l_bytes, l_addtime, l_usetime, seq)) < 0) 359 return -1; 360 361 return len; 362} 363 364/* 365 * sending SADB_DELETE message to the kernel. --- 87 unchanged lines hidden (view full) --- 453 while (tlen > 0) { 454 sup = (struct sadb_supported )p; 455* switch (sup->sadb_supported_exttype) { 456 case SADB_EXT_SUPPORTED_AUTH: 457 case SADB_EXT_SUPPORTED_ENCRYPT: 458 sup->sadb_supported_len = PFKEY_EXTLEN(sup); 459 break; 460 default:	365 l_alloc, l_bytes, l_addtime, l_usetime, seq)) < 0) 366 return -1; 367 368 return len; 369} 370 371/* 372 * sending SADB_DELETE message to the kernel. --- 87 unchanged lines hidden (view full) --- 460 while (tlen > 0) { 461 sup = (struct sadb_supported )p; 462* switch (sup->sadb_supported_exttype) { 463 case SADB_EXT_SUPPORTED_AUTH: 464 case SADB_EXT_SUPPORTED_ENCRYPT: 465 sup->sadb_supported_len = PFKEY_EXTLEN(sup); 466 break; 467 default:
461 ipsec_errcode = EIPSEC_INVAL_SATYPE;	468 __ipsec_errcode = EIPSEC_INVAL_SATYPE;
462 free(newmsg); 463 return -1; 464 } 465 466 tlen -= sup->sadb_supported_len; 467 p += sup->sadb_supported_len; 468 } 469 470 if (tlen < 0) {	469 free(newmsg); 470 return -1; 471 } 472 473 tlen -= sup->sadb_supported_len; 474 p += sup->sadb_supported_len; 475 } 476 477 if (tlen < 0) {
471 ipsec_errcode = EIPSEC_INVAL_SATYPE;	478 __ipsec_errcode = EIPSEC_INVAL_SATYPE;
472 return -1; 473 } 474 475 if (ipsec_supported != NULL) 476 free(ipsec_supported); 477 478 ipsec_supported = newmsg; 479	479 return -1; 480 } 481 482 if (ipsec_supported != NULL) 483 free(ipsec_supported); 484 485 ipsec_supported = newmsg; 486
480 ipsec_errcode = EIPSEC_NO_ERROR;	487 __ipsec_errcode = EIPSEC_NO_ERROR;
481 return 0; 482} 483 484/* 485 * sending SADB_FLUSH message to the kernel. 486 * OUT: 487 * positive: success and return length sent. 488 * -1 : error occured, and set errno. --- 52 unchanged lines hidden (view full) --- 541 if ((len = pfkey_send_x3(so, SADB_X_PROMISC, (flag ? 1 : 0))) < 0) 542 return -1; 543 544 return len; 545} 546 547/* 548 * sending SADB_X_SPDADD message to the kernel.	488 return 0; 489} 490 491/* 492 * sending SADB_FLUSH message to the kernel. 493 * OUT: 494 * positive: success and return length sent. 495 * -1 : error occured, and set errno. --- 52 unchanged lines hidden (view full) --- 548 if ((len = pfkey_send_x3(so, SADB_X_PROMISC, (flag ? 1 : 0))) < 0) 549 return -1; 550 551 return len; 552} 553 554/* 555 * sending SADB_X_SPDADD message to the kernel.
549 * The length of key material is a_keylen + e_keylen.
550 * OUT: 551 * positive: success and return length sent. 552 * -1 : error occured, and set errno. 553 / 554int 555pfkey_send_spdadd(so, src, prefs, dst, prefd, proto, policy, policylen, seq) 556* int so; 557 struct sockaddr src, dst; 558 u_int prefs, prefd, proto;	556 * OUT: 557 * positive: success and return length sent. 558 * -1 : error occured, and set errno. 559 / 560int 561pfkey_send_spdadd(so, src, prefs, dst, prefd, proto, policy, policylen, seq) 562* int so; 563 struct sockaddr src, dst; 564 u_int prefs, prefd, proto;
559 char *policy;	565 caddr_t policy;
560 int policylen; 561 u_int32_t seq; 562{	566 int policylen; 567 u_int32_t seq; 568{
563 struct sadb_msg *newmsg;
564 int len;	569 int len;
565 caddr_t p;
566	570
567 /* validity check / 568* if (src == NULL \|\| dst == NULL) { 569 ipsec_errcode = EIPSEC_INVAL_ARGUMENT;	571 if ((len = pfkey_send_x4(so, SADB_X_SPDADD, 572 src, prefs, dst, prefd, proto, 573 policy, policylen, seq)) < 0)
570 return -1;	574 return -1;
571 } 572 if (src->sa_family != dst->sa_family) { 573 ipsec_errcode = EIPSEC_FAMILY_MISMATCH; 574 return -1; 575 } 576 if (prefs > (_INALENBYAF(src->sa_family) << 3) 577 \|\| prefd > (_INALENBYAF(dst->sa_family) << 3)) { 578 ipsec_errcode = EIPSEC_INVAL_PREFIXLEN; 579 return -1; 580 }
581	575
582 /* create new sadb_msg to reply. / 583* len = sizeof(struct sadb_msg) 584 + sizeof(struct sadb_address) 585 + PFKEY_ALIGN8(_SALENBYAF(src->sa_family)) 586 + sizeof(struct sadb_address) 587 + PFKEY_ALIGN8(_SALENBYAF(src->sa_family)) 588 + policylen;	576 return len; 577}
589	578
590 if ((newmsg = CALLOC(len, struct sadb_msg )) == NULL) { 591* ipsec_set_strerror(strerror(errno)); 592 return -1; 593 }	579/* 580 * sending SADB_X_SPDUPDATE message to the kernel. 581 * OUT: 582 * positive: success and return length sent. 583 * -1 : error occured, and set errno. 584 / 585int 586pfkey_send_spdupdate(so, src, prefs, dst, prefd, proto, policy, policylen, seq) 587* int so; 588 struct sockaddr src, dst; 589 u_int prefs, prefd, proto; 590 caddr_t policy; 591 int policylen; 592 u_int32_t seq; 593{ 594 int len;
594	595
595 p = pfkey_setsadbmsg((caddr_t)newmsg, SADB_X_SPDADD, len, 596 SADB_SATYPE_UNSPEC, IPSEC_MODE_ANY, seq, getpid()); 597 p = pfkey_setsadbaddr(p, 598 SADB_EXT_ADDRESS_SRC, 599 src, 600 prefs, 601 proto); 602 p = pfkey_setsadbaddr(p, 603 SADB_EXT_ADDRESS_DST, 604 dst, 605 prefd, 606 proto); 607 memcpy(p, policy, policylen); 608 609 /* send message / 610* len = pfkey_send(so, newmsg, len); 611 free(newmsg); 612 613 if (len < 0)	596 if ((len = pfkey_send_x4(so, SADB_X_SPDUPDATE, 597 src, prefs, dst, prefd, proto, 598 policy, policylen, seq)) < 0)
614 return -1; 615	599 return -1; 600
616 ipsec_errcode = EIPSEC_NO_ERROR;
617 return len; 618} 619 620/* 621 * sending SADB_X_SPDDELETE message to the kernel.	601 return len; 602} 603 604/* 605 * sending SADB_X_SPDDELETE message to the kernel.
622 * The length of key material is a_keylen + e_keylen.
623 * OUT: 624 * positive: success and return length sent. 625 * -1 : error occured, and set errno. 626 / 627*int	606 * OUT: 607 * positive: success and return length sent. 608 * -1 : error occured, and set errno. 609 / 610*int
628pfkey_send_spddelete(so, src, prefs, dst, prefd, proto, seq)	611pfkey_send_spddelete(so, src, prefs, dst, prefd, proto, policy, policylen, seq)
629 int so; 630 struct sockaddr src, dst; 631 u_int prefs, prefd, proto;	612 int so; 613 struct sockaddr src, dst; 614 u_int prefs, prefd, proto;
	615 caddr_t policy; 616 int policylen;
632 u_int32_t seq; 633{	617 u_int32_t seq; 618{
634 struct sadb_msg *newmsg;
635 int len;	619 int len;
636 caddr_t p;
637	620
638 /* validity check / 639* if (src == NULL \|\| dst == NULL) { 640 ipsec_errcode = EIPSEC_INVAL_ARGUMENT;	621 if (policylen != sizeof(struct sadb_x_policy)) { 622 __ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
641 return -1; 642 }	623 return -1; 624 }
643 if (src->sa_family != dst->sa_family) { 644 ipsec_errcode = EIPSEC_FAMILY_MISMATCH;	625 626 if ((len = pfkey_send_x4(so, SADB_X_SPDDELETE, 627 src, prefs, dst, prefd, proto, 628 policy, policylen, seq)) < 0)
645 return -1;	629 return -1;
646 } 647 if (prefs > (_INALENBYAF(src->sa_family) << 3) 648 \|\| prefd > (_INALENBYAF(dst->sa_family) << 3)) { 649 ipsec_errcode = EIPSEC_INVAL_PREFIXLEN;	630 631 return len; 632} 633 634/* 635 * sending SADB_X_SPDDELETE message to the kernel. 636 * OUT: 637 * positive: success and return length sent. 638 * -1 : error occured, and set errno. 639 / 640int 641pfkey_send_spddelete2(so, spid) 642* int so; 643 u_int32_t spid; 644{ 645 int len; 646 647 if ((len = pfkey_send_x5(so, SADB_X_SPDDELETE2, spid)) < 0)
650 return -1;	648 return -1;
651 }
652	649
653 /* create new sadb_msg to reply. / 654* len = sizeof(struct sadb_msg) 655 + sizeof(struct sadb_address) 656 + PFKEY_ALIGN8(_SALENBYAF(src->sa_family)) 657 + sizeof(struct sadb_address) 658 + PFKEY_ALIGN8(_SALENBYAF(src->sa_family));	650 return len; 651}
659	652
660 if ((newmsg = CALLOC(len, struct sadb_msg )) == NULL) { 661* ipsec_set_strerror(strerror(errno));	653/* 654 * sending SADB_X_SPDGET message to the kernel. 655 * OUT: 656 * positive: success and return length sent. 657 * -1 : error occured, and set errno. 658 / 659int 660pfkey_send_spdget(so, spid) 661* int so; 662 u_int32_t spid; 663{ 664 int len; 665 666 if ((len = pfkey_send_x5(so, SADB_X_SPDGET, spid)) < 0)
662 return -1;	667 return -1;
663 }
664	668
665 p = pfkey_setsadbmsg((caddr_t)newmsg, SADB_X_SPDDELETE, len, 666 SADB_SATYPE_UNSPEC, IPSEC_MODE_ANY, seq, getpid()); 667 p = pfkey_setsadbaddr(p, 668 SADB_EXT_ADDRESS_SRC, 669 src, 670 prefs, 671 proto); 672 p = pfkey_setsadbaddr(p, 673 SADB_EXT_ADDRESS_DST, 674 dst, 675 prefd, 676 proto);	669 return len; 670}
677	671
678 /* send message / 679* len = pfkey_send(so, newmsg, len); 680 free(newmsg);	672/* 673 * sending SADB_X_SPDSETIDX message to the kernel. 674 * OUT: 675 * positive: success and return length sent. 676 * -1 : error occured, and set errno. 677 / 678int 679pfkey_send_spdsetidx(so, src, prefs, dst, prefd, proto, policy, policylen, seq) 680* int so; 681 struct sockaddr src, dst; 682 u_int prefs, prefd, proto; 683 caddr_t policy; 684 int policylen; 685 u_int32_t seq; 686{ 687 int len;
681	688
682 if (len < 0)	689 if (policylen != sizeof(struct sadb_x_policy)) { 690 __ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
683 return -1;	691 return -1;
	692 }
684	693
685 ipsec_errcode = EIPSEC_NO_ERROR;	694 if ((len = pfkey_send_x4(so, SADB_X_SPDSETIDX, 695 src, prefs, dst, prefd, proto, 696 policy, policylen, seq)) < 0) 697 return -1; 698
686 return len; 687} 688 689/* 690 * sending SADB_SPDFLUSH message to the kernel. 691 * OUT: 692 * positive: success and return length sent. 693 * -1 : error occured, and set errno. --- 25 unchanged lines hidden (view full) --- 719 if ((len = pfkey_send_x3(so, SADB_X_SPDDUMP, SADB_SATYPE_UNSPEC)) < 0) 720 return -1; 721 722 return len; 723} 724 725/* sending SADB_ADD or SADB_UPDATE message to the kernel / 726*static int	699 return len; 700} 701 702/* 703 * sending SADB_SPDFLUSH message to the kernel. 704 * OUT: 705 * positive: success and return length sent. 706 * -1 : error occured, and set errno. --- 25 unchanged lines hidden (view full) --- 732 if ((len = pfkey_send_x3(so, SADB_X_SPDDUMP, SADB_SATYPE_UNSPEC)) < 0) 733 return -1; 734 735 return len; 736} 737 738/* sending SADB_ADD or SADB_UPDATE message to the kernel / 739*static int
727pfkey_send_x1(so, type, satype, mode, src, dst, spi, wsize,	740pfkey_send_x1(so, type, satype, mode, src, dst, spi, reqid, wsize,
728 keymat, e_type, e_keylen, a_type, a_keylen, flags, 729 l_alloc, l_bytes, l_addtime, l_usetime, seq) 730 int so; 731 u_int type, satype, mode; 732 struct sockaddr src, dst;	741 keymat, e_type, e_keylen, a_type, a_keylen, flags, 742 l_alloc, l_bytes, l_addtime, l_usetime, seq) 743 int so; 744 u_int type, satype, mode; 745 struct sockaddr src, dst;
733 u_int32_t spi;	746 u_int32_t spi, reqid;
734 u_int wsize; 735 caddr_t keymat; 736 u_int e_type, e_keylen, a_type, a_keylen, flags; 737 u_int32_t l_alloc, l_bytes, l_addtime, l_usetime, seq; 738{ 739 struct sadb_msg newmsg; 740* int len; 741 caddr_t p;	747 u_int wsize; 748 caddr_t keymat; 749 u_int e_type, e_keylen, a_type, a_keylen, flags; 750 u_int32_t l_alloc, l_bytes, l_addtime, l_usetime, seq; 751{ 752 struct sadb_msg newmsg; 753* int len; 754 caddr_t p;
	755 int plen;
742 743 /* validity check / 744* if (src == NULL \|\| dst == NULL) {	756 757 /* validity check / 758* if (src == NULL \|\| dst == NULL) {
745 ipsec_errcode = EIPSEC_INVAL_ARGUMENT;	759 __ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
746 return -1; 747 } 748 if (src->sa_family != dst->sa_family) {	760 return -1; 761 } 762 if (src->sa_family != dst->sa_family) {
749 ipsec_errcode = EIPSEC_FAMILY_MISMATCH;	763 __ipsec_errcode = EIPSEC_FAMILY_MISMATCH;
750 return -1; 751 }	764 return -1; 765 }
	766 switch (src->sa_family) { 767 case AF_INET: 768 plen = sizeof(struct in_addr) << 3; 769 break; 770 case AF_INET6: 771 plen = sizeof(struct in6_addr) << 3; 772 break; 773 default: 774 __ipsec_errcode = EIPSEC_INVAL_FAMILY; 775 return -1; 776 }
752 753 switch (satype) { 754 case SADB_SATYPE_ESP: 755 if (e_type == SADB_EALG_NONE) {	777 778 switch (satype) { 779 case SADB_SATYPE_ESP: 780 if (e_type == SADB_EALG_NONE) {
756 ipsec_errcode = EIPSEC_NO_ALGS;	781 __ipsec_errcode = EIPSEC_NO_ALGS;
757 return -1; 758 } 759 break; 760 case SADB_SATYPE_AH: 761 if (e_type != SADB_EALG_NONE) {	782 return -1; 783 } 784 break; 785 case SADB_SATYPE_AH: 786 if (e_type != SADB_EALG_NONE) {
762 ipsec_errcode = EIPSEC_INVAL_ALGS;	787 __ipsec_errcode = EIPSEC_INVAL_ALGS;
763 return -1; 764 } 765 if (a_type == SADB_AALG_NONE) {	788 return -1; 789 } 790 if (a_type == SADB_AALG_NONE) {
766 ipsec_errcode = EIPSEC_NO_ALGS;	791 __ipsec_errcode = EIPSEC_NO_ALGS;
767 return -1; 768 } 769 break; 770 case SADB_X_SATYPE_IPCOMP: 771 break; 772 default:	792 return -1; 793 } 794 break; 795 case SADB_X_SATYPE_IPCOMP: 796 break; 797 default:
773 ipsec_errcode = EIPSEC_INVAL_SATYPE;	798 __ipsec_errcode = EIPSEC_INVAL_SATYPE;
774 return -1; 775 } 776 777 /* create new sadb_msg to reply. / 778* len = sizeof(struct sadb_msg) 779 + sizeof(struct sadb_sa)	799 return -1; 800 } 801 802 /* create new sadb_msg to reply. / 803* len = sizeof(struct sadb_msg) 804 + sizeof(struct sadb_sa)
	805 + sizeof(struct sadb_x_sa2)
780 + sizeof(struct sadb_address) 781 + PFKEY_ALIGN8(src->sa_len) 782 + sizeof(struct sadb_address) 783 + PFKEY_ALIGN8(dst->sa_len) 784 + sizeof(struct sadb_lifetime) 785 + sizeof(struct sadb_lifetime); 786 787 if (e_type != SADB_EALG_NONE) 788 len += (sizeof(struct sadb_key) + PFKEY_ALIGN8(e_keylen)); 789 if (a_type != SADB_AALG_NONE) 790 len += (sizeof(struct sadb_key) + PFKEY_ALIGN8(a_keylen)); 791 792 if ((newmsg = CALLOC(len, struct sadb_msg *)) == NULL) {	806 + sizeof(struct sadb_address) 807 + PFKEY_ALIGN8(src->sa_len) 808 + sizeof(struct sadb_address) 809 + PFKEY_ALIGN8(dst->sa_len) 810 + sizeof(struct sadb_lifetime) 811 + sizeof(struct sadb_lifetime); 812 813 if (e_type != SADB_EALG_NONE) 814 len += (sizeof(struct sadb_key) + PFKEY_ALIGN8(e_keylen)); 815 if (a_type != SADB_AALG_NONE) 816 len += (sizeof(struct sadb_key) + PFKEY_ALIGN8(a_keylen)); 817 818 if ((newmsg = CALLOC(len, struct sadb_msg *)) == NULL) {
793 ipsec_set_strerror(strerror(errno));	819 __ipsec_set_strerror(strerror(errno));
794 return -1; 795 } 796 797 p = pfkey_setsadbmsg((caddr_t)newmsg, type, len,	820 return -1; 821 } 822 823 p = pfkey_setsadbmsg((caddr_t)newmsg, type, len,
798 satype, mode, seq, getpid());	824 satype, seq, getpid());
799 p = pfkey_setsadbsa(p, spi, wsize, a_type, e_type, flags);	825 p = pfkey_setsadbsa(p, spi, wsize, a_type, e_type, flags);
800 p = pfkey_setsadbaddr(p, 801 SADB_EXT_ADDRESS_SRC, 802 src, 803 _INALENBYAF(src->sa_family) << 3, 804 IPSEC_ULPROTO_ANY); 805 p = pfkey_setsadbaddr(p, 806 SADB_EXT_ADDRESS_DST, 807 dst, 808 _INALENBYAF(dst->sa_family) << 3, 809 IPSEC_ULPROTO_ANY);	826 p = pfkey_setsadbxsa2(p, mode, reqid); 827 p = pfkey_setsadbaddr(p, SADB_EXT_ADDRESS_SRC, src, plen, 828 IPSEC_ULPROTO_ANY); 829 p = pfkey_setsadbaddr(p, SADB_EXT_ADDRESS_DST, dst, plen, 830 IPSEC_ULPROTO_ANY);
810 811 if (e_type != SADB_EALG_NONE) 812 p = pfkey_setsadbkey(p, SADB_EXT_KEY_ENCRYPT, 813 keymat, e_keylen); 814 if (a_type != SADB_AALG_NONE) 815 p = pfkey_setsadbkey(p, SADB_EXT_KEY_AUTH, 816 keymat + e_keylen, a_keylen); 817 --- 5 unchanged lines hidden (view full) --- 823 824 /* send message / 825* len = pfkey_send(so, newmsg, len); 826 free(newmsg); 827 828 if (len < 0) 829 return -1; 830	831 832 if (e_type != SADB_EALG_NONE) 833 p = pfkey_setsadbkey(p, SADB_EXT_KEY_ENCRYPT, 834 keymat, e_keylen); 835 if (a_type != SADB_AALG_NONE) 836 p = pfkey_setsadbkey(p, SADB_EXT_KEY_AUTH, 837 keymat + e_keylen, a_keylen); 838 --- 5 unchanged lines hidden (view full) --- 844 845 /* send message / 846* len = pfkey_send(so, newmsg, len); 847 free(newmsg); 848 849 if (len < 0) 850 return -1; 851
831 ipsec_errcode = EIPSEC_NO_ERROR;	852 __ipsec_errcode = EIPSEC_NO_ERROR;
832 return len; 833} 834 835/* sending SADB_DELETE or SADB_GET message to the kernel / 836static int 837pfkey_send_x2(so, type, satype, mode, src, dst, spi) 838* int so; 839 u_int type, satype, mode; 840 struct sockaddr src, dst; 841 u_int32_t spi; 842{ 843 struct sadb_msg newmsg; 844* int len; 845 caddr_t p;	853 return len; 854} 855 856/* sending SADB_DELETE or SADB_GET message to the kernel / 857static int 858pfkey_send_x2(so, type, satype, mode, src, dst, spi) 859* int so; 860 u_int type, satype, mode; 861 struct sockaddr src, dst; 862 u_int32_t spi; 863{ 864 struct sadb_msg newmsg; 865* int len; 866 caddr_t p;
	867 int plen;
846 847 /* validity check / 848* if (src == NULL \|\| dst == NULL) {	868 869 /* validity check / 870* if (src == NULL \|\| dst == NULL) {
849 ipsec_errcode = EIPSEC_INVAL_ARGUMENT;	871 __ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
850 return -1; 851 } 852 if (src->sa_family != dst->sa_family) {	872 return -1; 873 } 874 if (src->sa_family != dst->sa_family) {
853 ipsec_errcode = EIPSEC_FAMILY_MISMATCH;	875 __ipsec_errcode = EIPSEC_FAMILY_MISMATCH;
854 return -1; 855 }	876 return -1; 877 }
	878 switch (src->sa_family) { 879 case AF_INET: 880 plen = sizeof(struct in_addr) << 3; 881 break; 882 case AF_INET6: 883 plen = sizeof(struct in6_addr) << 3; 884 break; 885 default: 886 __ipsec_errcode = EIPSEC_INVAL_FAMILY; 887 return -1; 888 }
856 857 /* create new sadb_msg to reply. / 858* len = sizeof(struct sadb_msg) 859 + sizeof(struct sadb_sa) 860 + sizeof(struct sadb_address) 861 + PFKEY_ALIGN8(src->sa_len) 862 + sizeof(struct sadb_address) 863 + PFKEY_ALIGN8(dst->sa_len); 864 865 if ((newmsg = CALLOC(len, struct sadb_msg *)) == NULL) {	889 890 /* create new sadb_msg to reply. / 891* len = sizeof(struct sadb_msg) 892 + sizeof(struct sadb_sa) 893 + sizeof(struct sadb_address) 894 + PFKEY_ALIGN8(src->sa_len) 895 + sizeof(struct sadb_address) 896 + PFKEY_ALIGN8(dst->sa_len); 897 898 if ((newmsg = CALLOC(len, struct sadb_msg *)) == NULL) {
866 ipsec_set_strerror(strerror(errno));	899 __ipsec_set_strerror(strerror(errno));
867 return -1; 868 } 869	900 return -1; 901 } 902
870 p = pfkey_setsadbmsg((caddr_t)newmsg, type, len, satype, mode, 0, getpid());	903 p = pfkey_setsadbmsg((caddr_t)newmsg, type, len, satype, 0, getpid());
871 p = pfkey_setsadbsa(p, spi, 0, 0, 0, 0);	904 p = pfkey_setsadbsa(p, spi, 0, 0, 0, 0);
872 p = pfkey_setsadbaddr(p, 873 SADB_EXT_ADDRESS_SRC, 874 src, 875 _INALENBYAF(src->sa_family) << 3, 876 IPSEC_ULPROTO_ANY); 877 p = pfkey_setsadbaddr(p, 878 SADB_EXT_ADDRESS_DST, 879 dst, 880 _INALENBYAF(dst->sa_family) << 3, 881 IPSEC_ULPROTO_ANY);	905 p = pfkey_setsadbaddr(p, SADB_EXT_ADDRESS_SRC, src, plen, 906 IPSEC_ULPROTO_ANY); 907 p = pfkey_setsadbaddr(p, SADB_EXT_ADDRESS_DST, dst, plen, 908 IPSEC_ULPROTO_ANY);
882 883 /* send message / 884* len = pfkey_send(so, newmsg, len); 885 free(newmsg); 886 887 if (len < 0) 888 return -1; 889	909 910 /* send message / 911* len = pfkey_send(so, newmsg, len); 912 free(newmsg); 913 914 if (len < 0) 915 return -1; 916
890 ipsec_errcode = EIPSEC_NO_ERROR;	917 __ipsec_errcode = EIPSEC_NO_ERROR;
891 return len; 892} 893 894/* 895 * sending SADB_REGISTER, SADB_FLUSH, SADB_DUMP or SADB_X_PROMISC message 896 * to the kernel 897 / 898static int 899pfkey_send_x3(so, type, satype) 900* int so; 901 u_int type, satype; 902{ 903 struct sadb_msg newmsg; 904* int len; 905 906 /* validity check / 907* switch (type) { 908 case SADB_X_PROMISC: 909 if (satype != 0 && satype != 1) {	918 return len; 919} 920 921/* 922 * sending SADB_REGISTER, SADB_FLUSH, SADB_DUMP or SADB_X_PROMISC message 923 * to the kernel 924 / 925static int 926pfkey_send_x3(so, type, satype) 927* int so; 928 u_int type, satype; 929{ 930 struct sadb_msg newmsg; 931* int len; 932 933 /* validity check / 934* switch (type) { 935 case SADB_X_PROMISC: 936 if (satype != 0 && satype != 1) {
910 ipsec_errcode = EIPSEC_INVAL_SATYPE;	937 __ipsec_errcode = EIPSEC_INVAL_SATYPE;
911 return -1; 912 } 913 break; 914 default: 915 switch (satype) { 916 case SADB_SATYPE_UNSPEC: 917 case SADB_SATYPE_AH: 918 case SADB_SATYPE_ESP: 919 case SADB_X_SATYPE_IPCOMP: 920 break; 921 default:	938 return -1; 939 } 940 break; 941 default: 942 switch (satype) { 943 case SADB_SATYPE_UNSPEC: 944 case SADB_SATYPE_AH: 945 case SADB_SATYPE_ESP: 946 case SADB_X_SATYPE_IPCOMP: 947 break; 948 default:
922 ipsec_errcode = EIPSEC_INVAL_SATYPE;	949 __ipsec_errcode = EIPSEC_INVAL_SATYPE;
923 return -1; 924 } 925 } 926 927 /* create new sadb_msg to send. / 928* len = sizeof(struct sadb_msg); 929 930 if ((newmsg = CALLOC(len, struct sadb_msg *)) == NULL) {	950 return -1; 951 } 952 } 953 954 /* create new sadb_msg to send. / 955* len = sizeof(struct sadb_msg); 956 957 if ((newmsg = CALLOC(len, struct sadb_msg *)) == NULL) {
931 ipsec_set_strerror(strerror(errno));	958 __ipsec_set_strerror(strerror(errno));
932 return -1; 933 } 934	959 return -1; 960 } 961
935 (void)pfkey_setsadbmsg((caddr_t)newmsg, type, len, satype, 0, 0, getpid());	962 (void)pfkey_setsadbmsg((caddr_t)newmsg, type, len, satype, 0, getpid());
936 937 /* send message / 938* len = pfkey_send(so, newmsg, len); 939 free(newmsg); 940 941 if (len < 0) 942 return -1; 943	963 964 /* send message / 965* len = pfkey_send(so, newmsg, len); 966 free(newmsg); 967 968 if (len < 0) 969 return -1; 970
944 ipsec_errcode = EIPSEC_NO_ERROR;	971 __ipsec_errcode = EIPSEC_NO_ERROR;
945 return len; 946} 947	972 return len; 973} 974
	975/* sending SADB_X_SPDADD message to the kernel / 976static int 977pfkey_send_x4(so, type, src, prefs, dst, prefd, proto, policy, policylen, seq) 978* int so; 979 struct sockaddr src, dst; 980 u_int type, prefs, prefd, proto; 981 char policy; 982* int policylen; 983 u_int32_t seq; 984{ 985 struct sadb_msg newmsg; 986* int len; 987 caddr_t p; 988 int plen; 989 990 /* validity check / 991* if (src == NULL \|\| dst == NULL) { 992 __ipsec_errcode = EIPSEC_INVAL_ARGUMENT; 993 return -1; 994 } 995 if (src->sa_family != dst->sa_family) { 996 __ipsec_errcode = EIPSEC_FAMILY_MISMATCH; 997 return -1; 998 } 999 1000 switch (src->sa_family) { 1001 case AF_INET: 1002 plen = sizeof(struct in_addr) << 3; 1003 break; 1004 case AF_INET6: 1005 plen = sizeof(struct in6_addr) << 3; 1006 break; 1007 default: 1008 __ipsec_errcode = EIPSEC_INVAL_FAMILY; 1009 return -1; 1010 } 1011 if (prefs > plen \|\| prefd > plen) { 1012 __ipsec_errcode = EIPSEC_INVAL_PREFIXLEN; 1013 return -1; 1014 } 1015 1016 /* create new sadb_msg to reply. / 1017* len = sizeof(struct sadb_msg) 1018 + sizeof(struct sadb_address) 1019 + PFKEY_ALIGN8(src->sa_len) 1020 + sizeof(struct sadb_address) 1021 + PFKEY_ALIGN8(src->sa_len) 1022 + policylen; 1023 1024 if ((newmsg = CALLOC(len, struct sadb_msg )) == NULL) { 1025* __ipsec_set_strerror(strerror(errno)); 1026 return -1; 1027 } 1028 1029 p = pfkey_setsadbmsg((caddr_t)newmsg, type, len, 1030 SADB_SATYPE_UNSPEC, seq, getpid()); 1031 p = pfkey_setsadbaddr(p, 1032 SADB_EXT_ADDRESS_SRC, 1033 src, 1034 prefs, 1035 proto); 1036 p = pfkey_setsadbaddr(p, 1037 SADB_EXT_ADDRESS_DST, 1038 dst, 1039 prefd, 1040 proto); 1041 memcpy(p, policy, policylen); 1042 1043 /* send message / 1044* len = pfkey_send(so, newmsg, len); 1045 free(newmsg); 1046 1047 if (len < 0) 1048 return -1; 1049 1050 __ipsec_errcode = EIPSEC_NO_ERROR; 1051 return len; 1052} 1053 1054/* sending SADB_X_SPDGET or SADB_X_SPDDELETE message to the kernel / 1055static int 1056pfkey_send_x5(so, type, spid) 1057* int so; 1058 u_int type; 1059 u_int32_t spid; 1060{ 1061 struct sadb_msg newmsg; 1062* struct sadb_x_policy xpl; 1063 int len; 1064 caddr_t p; 1065 1066 /* create new sadb_msg to reply. / 1067* len = sizeof(struct sadb_msg) 1068 + sizeof(xpl); 1069 1070 if ((newmsg = CALLOC(len, struct sadb_msg )) == NULL) { 1071* __ipsec_set_strerror(strerror(errno)); 1072 return -1; 1073 } 1074 1075 p = pfkey_setsadbmsg((caddr_t)newmsg, type, len, 1076 SADB_SATYPE_UNSPEC, 0, getpid()); 1077 1078 memset(&xpl, 0, sizeof(xpl)); 1079 xpl.sadb_x_policy_len = PFKEY_UNUNIT64(sizeof(xpl)); 1080 xpl.sadb_x_policy_exttype = SADB_X_EXT_POLICY; 1081 xpl.sadb_x_policy_id = spid; 1082 1083 memcpy(p, &xpl, sizeof(xpl)); 1084 1085 /* send message / 1086* len = pfkey_send(so, newmsg, len); 1087 free(newmsg); 1088 1089 if (len < 0) 1090 return -1; 1091 1092 __ipsec_errcode = EIPSEC_NO_ERROR; 1093 return len; 1094} 1095
948/* 949 * open a socket. 950 * OUT: 951 * -1: fail. 952 * others : success and return value of socket. 953 / 954int 955pfkey_open() 956{ 957* int so; 958 const int bufsiz = 128 * 1024; /is 128K enough?/ 959 960 if ((so = socket(PF_KEY, SOCK_RAW, PF_KEY_V2)) < 0) {	1096/* 1097 * open a socket. 1098 * OUT: 1099 * -1: fail. 1100 * others : success and return value of socket. 1101 / 1102int 1103pfkey_open() 1104{ 1105* int so; 1106 const int bufsiz = 128 * 1024; /is 128K enough?/ 1107 1108 if ((so = socket(PF_KEY, SOCK_RAW, PF_KEY_V2)) < 0) {
961 ipsec_set_strerror(strerror(errno));	1109 __ipsec_set_strerror(strerror(errno));
962 return -1; 963 } 964 965 /* 966 * This is a temporary workaround for KAME PR 154. 967 * Don't really care even if it fails. 968 / 969* (void)setsockopt(so, SOL_SOCKET, SO_SNDBUF, &bufsiz, sizeof(bufsiz)); 970 (void)setsockopt(so, SOL_SOCKET, SO_RCVBUF, &bufsiz, sizeof(bufsiz)); 971	1110 return -1; 1111 } 1112 1113 /* 1114 * This is a temporary workaround for KAME PR 154. 1115 * Don't really care even if it fails. 1116 / 1117* (void)setsockopt(so, SOL_SOCKET, SO_SNDBUF, &bufsiz, sizeof(bufsiz)); 1118 (void)setsockopt(so, SOL_SOCKET, SO_RCVBUF, &bufsiz, sizeof(bufsiz)); 1119
972 ipsec_errcode = EIPSEC_NO_ERROR;	1120 __ipsec_errcode = EIPSEC_NO_ERROR;
973 return so; 974} 975 976/* 977 * close a socket. 978 * OUT: 979 * 0: success. 980 * -1: fail. 981 / 982void 983pfkey_close(so) 984* int so; 985{ 986 (void)close(so); 987	1121 return so; 1122} 1123 1124/* 1125 * close a socket. 1126 * OUT: 1127 * 0: success. 1128 * -1: fail. 1129 / 1130void 1131pfkey_close(so) 1132* int so; 1133{ 1134 (void)close(so); 1135
988 ipsec_errcode = EIPSEC_NO_ERROR;	1136 __ipsec_errcode = EIPSEC_NO_ERROR;
989 return; 990} 991 992/* 993 * receive sadb_msg data, and return pointer to new buffer allocated. 994 * Must free this buffer later. 995 * OUT: 996 * NULL : error occured. 997 * others : a pointer to sadb_msg structure. 998 / 999struct sadb_msg 1000pfkey_recv(so) 1001 int so; 1002{ 1003 struct sadb_msg buf, newmsg; 1004* int len, reallen; 1005 1006 while ((len = recv(so, (caddr_t)&buf, sizeof(buf), MSG_PEEK)) < 0) { 1007 if (errno == EINTR) continue;	1137 return; 1138} 1139 1140/* 1141 * receive sadb_msg data, and return pointer to new buffer allocated. 1142 * Must free this buffer later. 1143 * OUT: 1144 * NULL : error occured. 1145 * others : a pointer to sadb_msg structure. 1146 / 1147struct sadb_msg 1148pfkey_recv(so) 1149 int so; 1150{ 1151 struct sadb_msg buf, newmsg; 1152* int len, reallen; 1153 1154 while ((len = recv(so, (caddr_t)&buf, sizeof(buf), MSG_PEEK)) < 0) { 1155 if (errno == EINTR) continue;
1008 ipsec_set_strerror(strerror(errno));	1156 __ipsec_set_strerror(strerror(errno));
1009 return NULL; 1010 } 1011 1012 if (len < sizeof(buf)) { 1013 recv(so, (caddr_t)&buf, sizeof(buf), 0);	1157 return NULL; 1158 } 1159 1160 if (len < sizeof(buf)) { 1161 recv(so, (caddr_t)&buf, sizeof(buf), 0);
1014 ipsec_errcode = EIPSEC_MAX;	1162 __ipsec_errcode = EIPSEC_MAX;
1015 return NULL; 1016 } 1017 1018 /* read real message / 1019* reallen = PFKEY_UNUNIT64(buf.sadb_msg_len); 1020 if ((newmsg = CALLOC(reallen, struct sadb_msg *)) == 0) {	1163 return NULL; 1164 } 1165 1166 /* read real message / 1167* reallen = PFKEY_UNUNIT64(buf.sadb_msg_len); 1168 if ((newmsg = CALLOC(reallen, struct sadb_msg *)) == 0) {
1021 ipsec_set_strerror(strerror(errno));	1169 __ipsec_set_strerror(strerror(errno));
1022 return NULL; 1023 } 1024 1025 while ((len = recv(so, (caddr_t)newmsg, reallen, 0)) < 0) { 1026 if (errno == EINTR) continue;	1170 return NULL; 1171 } 1172 1173 while ((len = recv(so, (caddr_t)newmsg, reallen, 0)) < 0) { 1174 if (errno == EINTR) continue;
1027 ipsec_set_strerror(strerror(errno));	1175 __ipsec_set_strerror(strerror(errno));
1028 free(newmsg); 1029 return NULL; 1030 } 1031 1032 if (len != reallen) {	1176 free(newmsg); 1177 return NULL; 1178 } 1179 1180 if (len != reallen) {
1033 ipsec_errcode = EIPSEC_SYSTEM_ERROR;	1181 __ipsec_errcode = EIPSEC_SYSTEM_ERROR;
1034 free(newmsg); 1035 return NULL; 1036 } 1037	1182 free(newmsg); 1183 return NULL; 1184 } 1185
1038 ipsec_errcode = EIPSEC_NO_ERROR;	1186 __ipsec_errcode = EIPSEC_NO_ERROR;
1039 return newmsg; 1040} 1041 1042/* 1043 * send message to a socket. 1044 * OUT: 1045 * others: success and return length sent. 1046 * -1 : fail. 1047 / 1048int 1049pfkey_send(so, msg, len) 1050* int so; 1051 struct sadb_msg msg; 1052* int len; 1053{ 1054 if ((len = send(so, (caddr_t)msg, len, 0)) < 0) {	1187 return newmsg; 1188} 1189 1190/* 1191 * send message to a socket. 1192 * OUT: 1193 * others: success and return length sent. 1194 * -1 : fail. 1195 / 1196int 1197pfkey_send(so, msg, len) 1198* int so; 1199 struct sadb_msg msg; 1200* int len; 1201{ 1202 if ((len = send(so, (caddr_t)msg, len, 0)) < 0) {
1055 ipsec_set_strerror(strerror(errno));	1203 __ipsec_set_strerror(strerror(errno));
1056 return -1; 1057 } 1058	1204 return -1; 1205 } 1206
1059 ipsec_errcode = EIPSEC_NO_ERROR;	1207 __ipsec_errcode = EIPSEC_NO_ERROR;
1060 return len; 1061} 1062 1063/* 1064 * %%% Utilities 1065 * NOTE: These functions are derived from netkey/key.c in KAME. 1066 / 1067/ --- 10 unchanged lines hidden (view full) --- 1078 caddr_t mhp; 1079{ 1080* struct sadb_ext ext; 1081* int tlen, extlen; 1082 int i; 1083 1084 /* validity check / 1085* if (msg == NULL \|\| mhp == NULL) {	1208 return len; 1209} 1210 1211/* 1212 * %%% Utilities 1213 * NOTE: These functions are derived from netkey/key.c in KAME. 1214 / 1215/ --- 10 unchanged lines hidden (view full) --- 1226 caddr_t mhp; 1227{ 1228* struct sadb_ext ext; 1229* int tlen, extlen; 1230 int i; 1231 1232 /* validity check / 1233* if (msg == NULL \|\| mhp == NULL) {
1086 ipsec_errcode = EIPSEC_INVAL_ARGUMENT;	1234 __ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
1087 return -1; 1088 } 1089 1090 /* initialize / 1091* for (i = 0; i < SADB_EXT_MAX + 1; i++) 1092 mhp[i] = NULL; 1093 1094 mhp[0] = (caddr_t)msg; 1095 1096 tlen = PFKEY_UNUNIT64(msg->sadb_msg_len) - sizeof(struct sadb_msg); 1097 ext = (struct sadb_ext )((caddr_t)msg + sizeof(struct sadb_msg)); 1098* 1099 while (tlen > 0) { 1100 /* duplicate check / 1101* /* XXX Are there duplication either KEY_AUTH or KEY_ENCRYPT ?/ 1102* if (mhp[ext->sadb_ext_type] != NULL) {	1235 return -1; 1236 } 1237 1238 /* initialize / 1239* for (i = 0; i < SADB_EXT_MAX + 1; i++) 1240 mhp[i] = NULL; 1241 1242 mhp[0] = (caddr_t)msg; 1243 1244 tlen = PFKEY_UNUNIT64(msg->sadb_msg_len) - sizeof(struct sadb_msg); 1245 ext = (struct sadb_ext )((caddr_t)msg + sizeof(struct sadb_msg)); 1246* 1247 while (tlen > 0) { 1248 /* duplicate check / 1249* /* XXX Are there duplication either KEY_AUTH or KEY_ENCRYPT ?/ 1250* if (mhp[ext->sadb_ext_type] != NULL) {
1103 ipsec_errcode = EIPSEC_INVAL_EXTTYPE;	1251 __ipsec_errcode = EIPSEC_INVAL_EXTTYPE;
1104 return -1; 1105 } 1106 1107 /* set pointer / 1108* switch (ext->sadb_ext_type) { 1109 case SADB_EXT_SA: 1110 case SADB_EXT_LIFETIME_CURRENT: 1111 case SADB_EXT_LIFETIME_HARD: --- 8 unchanged lines hidden (view full) --- 1120 case SADB_EXT_IDENTITY_SRC: 1121 case SADB_EXT_IDENTITY_DST: 1122 case SADB_EXT_SENSITIVITY: 1123 case SADB_EXT_PROPOSAL: 1124 case SADB_EXT_SUPPORTED_AUTH: 1125 case SADB_EXT_SUPPORTED_ENCRYPT: 1126 case SADB_EXT_SPIRANGE: 1127 case SADB_X_EXT_POLICY:	1252 return -1; 1253 } 1254 1255 /* set pointer / 1256* switch (ext->sadb_ext_type) { 1257 case SADB_EXT_SA: 1258 case SADB_EXT_LIFETIME_CURRENT: 1259 case SADB_EXT_LIFETIME_HARD: --- 8 unchanged lines hidden (view full) --- 1268 case SADB_EXT_IDENTITY_SRC: 1269 case SADB_EXT_IDENTITY_DST: 1270 case SADB_EXT_SENSITIVITY: 1271 case SADB_EXT_PROPOSAL: 1272 case SADB_EXT_SUPPORTED_AUTH: 1273 case SADB_EXT_SUPPORTED_ENCRYPT: 1274 case SADB_EXT_SPIRANGE: 1275 case SADB_X_EXT_POLICY:
	1276 case SADB_X_EXT_SA2:
1128 mhp[ext->sadb_ext_type] = (caddr_t)ext; 1129 break; 1130 default:	1277 mhp[ext->sadb_ext_type] = (caddr_t)ext; 1278 break; 1279 default:
1131 ipsec_errcode = EIPSEC_INVAL_EXTTYPE;	1280 __ipsec_errcode = EIPSEC_INVAL_EXTTYPE;
1132 return -1; 1133 } 1134 1135 extlen = PFKEY_EXTLEN(ext); 1136 tlen -= extlen; 1137 ext = (struct sadb_ext )((caddr_t)ext + extlen); 1138* } 1139	1281 return -1; 1282 } 1283 1284 extlen = PFKEY_EXTLEN(ext); 1285 tlen -= extlen; 1286 ext = (struct sadb_ext )((caddr_t)ext + extlen); 1287* } 1288
1140 ipsec_errcode = EIPSEC_NO_ERROR;	1289 __ipsec_errcode = EIPSEC_NO_ERROR;
1141 return 0; 1142} 1143 1144/* 1145 * check basic usage for sadb_msg, 1146 * NOTE: This routine is derived from netkey/key.c in KAME. 1147 * IN: msg: pointer to message buffer. 1148 * mhp: pointer to the buffer initialized like below: --- 6 unchanged lines hidden (view full) --- 1155int 1156pfkey_check(mhp) 1157 caddr_t mhp; 1158{ 1159* struct sadb_msg msg; 1160* 1161 /* validity check / 1162* if (mhp == NULL \|\| mhp[0] == NULL) {	1290 return 0; 1291} 1292 1293/* 1294 * check basic usage for sadb_msg, 1295 * NOTE: This routine is derived from netkey/key.c in KAME. 1296 * IN: msg: pointer to message buffer. 1297 * mhp: pointer to the buffer initialized like below: --- 6 unchanged lines hidden (view full) --- 1304int 1305pfkey_check(mhp) 1306 caddr_t mhp; 1307{ 1308* struct sadb_msg msg; 1309* 1310 /* validity check / 1311* if (mhp == NULL \|\| mhp[0] == NULL) {
1163 ipsec_errcode = EIPSEC_INVAL_ARGUMENT;	1312 __ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
1164 return -1; 1165 } 1166 1167 msg = (struct sadb_msg )mhp[0]; 1168* 1169 /* check version / 1170* if (msg->sadb_msg_version != PF_KEY_V2) {	1313 return -1; 1314 } 1315 1316 msg = (struct sadb_msg )mhp[0]; 1317* 1318 /* check version / 1319* if (msg->sadb_msg_version != PF_KEY_V2) {
1171 ipsec_errcode = EIPSEC_INVAL_VERSION;	1320 __ipsec_errcode = EIPSEC_INVAL_VERSION;
1172 return -1; 1173 } 1174 1175 /* check type / 1176* if (msg->sadb_msg_type > SADB_MAX) {	1321 return -1; 1322 } 1323 1324 /* check type / 1325* if (msg->sadb_msg_type > SADB_MAX) {
1177 ipsec_errcode = EIPSEC_INVAL_MSGTYPE;	1326 __ipsec_errcode = EIPSEC_INVAL_MSGTYPE;
1178 return -1; 1179 } 1180 1181 /* check SA type / 1182* switch (msg->sadb_msg_satype) { 1183 case SADB_SATYPE_UNSPEC: 1184 switch (msg->sadb_msg_type) { 1185 case SADB_GETSPI: 1186 case SADB_UPDATE: 1187 case SADB_ADD: 1188 case SADB_DELETE: 1189 case SADB_GET: 1190 case SADB_ACQUIRE: 1191 case SADB_EXPIRE:	1327 return -1; 1328 } 1329 1330 /* check SA type / 1331* switch (msg->sadb_msg_satype) { 1332 case SADB_SATYPE_UNSPEC: 1333 switch (msg->sadb_msg_type) { 1334 case SADB_GETSPI: 1335 case SADB_UPDATE: 1336 case SADB_ADD: 1337 case SADB_DELETE: 1338 case SADB_GET: 1339 case SADB_ACQUIRE: 1340 case SADB_EXPIRE:
1192 ipsec_errcode = EIPSEC_INVAL_SATYPE;	1341 __ipsec_errcode = EIPSEC_INVAL_SATYPE;
1193 return -1; 1194 } 1195 break; 1196 case SADB_SATYPE_ESP: 1197 case SADB_SATYPE_AH: 1198 case SADB_X_SATYPE_IPCOMP: 1199 switch (msg->sadb_msg_type) { 1200 case SADB_X_SPDADD: 1201 case SADB_X_SPDDELETE: 1202 case SADB_X_SPDGET: 1203 case SADB_X_SPDDUMP: 1204 case SADB_X_SPDFLUSH:	1342 return -1; 1343 } 1344 break; 1345 case SADB_SATYPE_ESP: 1346 case SADB_SATYPE_AH: 1347 case SADB_X_SATYPE_IPCOMP: 1348 switch (msg->sadb_msg_type) { 1349 case SADB_X_SPDADD: 1350 case SADB_X_SPDDELETE: 1351 case SADB_X_SPDGET: 1352 case SADB_X_SPDDUMP: 1353 case SADB_X_SPDFLUSH:
1205 ipsec_errcode = EIPSEC_INVAL_SATYPE;	1354 __ipsec_errcode = EIPSEC_INVAL_SATYPE;
1206 return -1; 1207 } 1208 break; 1209 case SADB_SATYPE_RSVP: 1210 case SADB_SATYPE_OSPFV2: 1211 case SADB_SATYPE_RIPV2: 1212 case SADB_SATYPE_MIP:	1355 return -1; 1356 } 1357 break; 1358 case SADB_SATYPE_RSVP: 1359 case SADB_SATYPE_OSPFV2: 1360 case SADB_SATYPE_RIPV2: 1361 case SADB_SATYPE_MIP:
1213 ipsec_errcode = EIPSEC_NOT_SUPPORTED;	1362 __ipsec_errcode = EIPSEC_NOT_SUPPORTED;
1214 return -1; 1215 case 1: /* XXX: What does it do ? / 1216* if (msg->sadb_msg_type == SADB_X_PROMISC) 1217 break; 1218 /FALLTHROUGH/ 1219 default:	1363 return -1; 1364 case 1: /* XXX: What does it do ? / 1365* if (msg->sadb_msg_type == SADB_X_PROMISC) 1366 break; 1367 /FALLTHROUGH/ 1368 default:
1220 ipsec_errcode = EIPSEC_INVAL_SATYPE;	1369 __ipsec_errcode = EIPSEC_INVAL_SATYPE;
1221 return -1; 1222 } 1223 1224 /* check field of upper layer protocol and address family / 1225* if (mhp[SADB_EXT_ADDRESS_SRC] != NULL 1226 && mhp[SADB_EXT_ADDRESS_DST] != NULL) { 1227 struct sadb_address src0, dst0; 1228 1229 src0 = (struct sadb_address )(mhp[SADB_EXT_ADDRESS_SRC]); 1230* dst0 = (struct sadb_address )(mhp[SADB_EXT_ADDRESS_DST]); 1231* 1232 if (src0->sadb_address_proto != dst0->sadb_address_proto) {	1370 return -1; 1371 } 1372 1373 /* check field of upper layer protocol and address family / 1374* if (mhp[SADB_EXT_ADDRESS_SRC] != NULL 1375 && mhp[SADB_EXT_ADDRESS_DST] != NULL) { 1376 struct sadb_address src0, dst0; 1377 1378 src0 = (struct sadb_address )(mhp[SADB_EXT_ADDRESS_SRC]); 1379* dst0 = (struct sadb_address )(mhp[SADB_EXT_ADDRESS_DST]); 1380* 1381 if (src0->sadb_address_proto != dst0->sadb_address_proto) {
1233 ipsec_errcode = EIPSEC_PROTO_MISMATCH;	1382 __ipsec_errcode = EIPSEC_PROTO_MISMATCH;
1234 return -1; 1235 } 1236 1237 if (PFKEY_ADDR_SADDR(src0)->sa_family 1238 != PFKEY_ADDR_SADDR(dst0)->sa_family) {	1383 return -1; 1384 } 1385 1386 if (PFKEY_ADDR_SADDR(src0)->sa_family 1387 != PFKEY_ADDR_SADDR(dst0)->sa_family) {
1239 ipsec_errcode = EIPSEC_FAMILY_MISMATCH;	1388 __ipsec_errcode = EIPSEC_FAMILY_MISMATCH;
1240 return -1; 1241 } 1242 1243 switch (PFKEY_ADDR_SADDR(src0)->sa_family) { 1244 case AF_INET: 1245 case AF_INET6: 1246 break; 1247 default:	1389 return -1; 1390 } 1391 1392 switch (PFKEY_ADDR_SADDR(src0)->sa_family) { 1393 case AF_INET: 1394 case AF_INET6: 1395 break; 1396 default:
1248 ipsec_errcode = EIPSEC_INVAL_FAMILY;	1397 __ipsec_errcode = EIPSEC_INVAL_FAMILY;
1249 return -1; 1250 } 1251 1252 /* 1253 * prefixlen == 0 is valid because there must be the case 1254 * all addresses are matched. 1255 / 1256* } 1257	1398 return -1; 1399 } 1400 1401 /* 1402 * prefixlen == 0 is valid because there must be the case 1403 * all addresses are matched. 1404 / 1405* } 1406
1258 ipsec_errcode = EIPSEC_NO_ERROR;	1407 __ipsec_errcode = EIPSEC_NO_ERROR;
1259 return 0; 1260} 1261 1262/* 1263 * set data into sadb_msg. 1264 * `buf' must has been allocated sufficiently. 1265 / 1266*static caddr_t	1408 return 0; 1409} 1410 1411/* 1412 * set data into sadb_msg. 1413 * `buf' must has been allocated sufficiently. 1414 / 1415*static caddr_t
1267pfkey_setsadbmsg(buf, type, tlen, satype, mode, seq, pid)	1416pfkey_setsadbmsg(buf, type, tlen, satype, seq, pid)
1268 caddr_t buf;	1417 caddr_t buf;
1269 u_int type, satype, mode;	1418 u_int type, satype;
1270 u_int tlen; 1271 u_int32_t seq; 1272 pid_t pid; 1273{ 1274 struct sadb_msg p; 1275* u_int len; 1276 1277 p = (struct sadb_msg *)buf;	1419 u_int tlen; 1420 u_int32_t seq; 1421 pid_t pid; 1422{ 1423 struct sadb_msg p; 1424* u_int len; 1425 1426 p = (struct sadb_msg *)buf;
1278 len = sizeof(struct sadb_sa);	1427 len = sizeof(struct sadb_msg);
1279 1280 memset(p, 0, len); 1281 p->sadb_msg_version = PF_KEY_V2; 1282 p->sadb_msg_type = type; 1283 p->sadb_msg_errno = 0; 1284 p->sadb_msg_satype = satype; 1285 p->sadb_msg_len = PFKEY_UNIT64(tlen);	1428 1429 memset(p, 0, len); 1430 p->sadb_msg_version = PF_KEY_V2; 1431 p->sadb_msg_type = type; 1432 p->sadb_msg_errno = 0; 1433 p->sadb_msg_satype = satype; 1434 p->sadb_msg_len = PFKEY_UNIT64(tlen);
1286 p->sadb_msg_mode = mode;
1287 p->sadb_msg_reserved = 0; 1288 p->sadb_msg_seq = seq; 1289 p->sadb_msg_pid = (u_int32_t)pid; 1290 1291 return(buf + len); 1292} 1293 1294/* --- 102 unchanged lines hidden (view full) --- 1397 p->sadb_lifetime_len = PFKEY_UNIT64(len); 1398 p->sadb_lifetime_exttype = type; 1399 1400 switch (type) { 1401 case SADB_EXT_LIFETIME_SOFT: 1402 p->sadb_lifetime_allocations 1403 = (l_alloc * soft_lifetime_allocations_rate) /100; 1404 p->sadb_lifetime_bytes	1435 p->sadb_msg_reserved = 0; 1436 p->sadb_msg_seq = seq; 1437 p->sadb_msg_pid = (u_int32_t)pid; 1438 1439 return(buf + len); 1440} 1441 1442/* --- 102 unchanged lines hidden (view full) --- 1545 p->sadb_lifetime_len = PFKEY_UNIT64(len); 1546 p->sadb_lifetime_exttype = type; 1547 1548 switch (type) { 1549 case SADB_EXT_LIFETIME_SOFT: 1550 p->sadb_lifetime_allocations 1551 = (l_alloc * soft_lifetime_allocations_rate) /100; 1552 p->sadb_lifetime_bytes
1405 = ((l_bytes * soft_lifetime_bytes_rate) /100) << 10;	1553 = (l_bytes * soft_lifetime_bytes_rate) /100;
1406 p->sadb_lifetime_addtime 1407 = (l_addtime * soft_lifetime_addtime_rate) /100; 1408 p->sadb_lifetime_usetime 1409 = (l_usetime * soft_lifetime_usetime_rate) /100; 1410 break; 1411 case SADB_EXT_LIFETIME_HARD: 1412 p->sadb_lifetime_allocations = l_alloc;	1554 p->sadb_lifetime_addtime 1555 = (l_addtime * soft_lifetime_addtime_rate) /100; 1556 p->sadb_lifetime_usetime 1557 = (l_usetime * soft_lifetime_usetime_rate) /100; 1558 break; 1559 case SADB_EXT_LIFETIME_HARD: 1560 p->sadb_lifetime_allocations = l_alloc;
1413 p->sadb_lifetime_bytes = l_bytes << 10;	1561 p->sadb_lifetime_bytes = l_bytes;
1414 p->sadb_lifetime_addtime = l_addtime; 1415 p->sadb_lifetime_usetime = l_usetime; 1416 break; 1417 } 1418 1419 return buf + len; 1420} 1421	1562 p->sadb_lifetime_addtime = l_addtime; 1563 p->sadb_lifetime_usetime = l_usetime; 1564 break; 1565 } 1566 1567 return buf + len; 1568} 1569
	1570/* 1571 * copy secasvar data into sadb_address. 1572 * `buf' must has been allocated sufficiently. 1573 / 1574static caddr_t 1575pfkey_setsadbxsa2(buf, mode0, reqid) 1576* caddr_t buf; 1577 u_int32_t mode0; 1578 u_int32_t reqid; 1579{ 1580 struct sadb_x_sa2 p; 1581* u_int8_t mode = mode0 & 0xff; 1582 u_int len; 1583 1584 p = (struct sadb_x_sa2 )buf; 1585* len = sizeof(struct sadb_x_sa2); 1586 1587 memset(p, 0, len); 1588 p->sadb_x_sa2_len = PFKEY_UNIT64(len); 1589 p->sadb_x_sa2_exttype = SADB_X_EXT_SA2; 1590 p->sadb_x_sa2_mode = mode; 1591 p->sadb_x_sa2_reqid = reqid; 1592 1593 return(buf + len); 1594} 1595