pfkey.c (62583) | pfkey.c (78064) |
---|---|
1/* $FreeBSD: head/lib/libipsec/pfkey.c 62583 2000-07-04 16:22:05Z itojun $ */ 2/* $KAME: pfkey.c,v 1.31 2000/06/10 14:17:43 sakane Exp $ */ | 1/* $FreeBSD: head/lib/libipsec/pfkey.c 78064 2001-06-11 12:39:29Z ume $ */ 2/* $KAME: pfkey.c,v 1.39 2001/03/05 18:22:17 thorpej Exp $ */ |
3 4/* 5 * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: --- 26 unchanged lines hidden (view full) --- 37#include <netkey/key_var.h> 38#include <netinet/in.h> 39#include <netinet6/ipsec.h> 40 41#include <stdlib.h> 42#include <unistd.h> 43#include <string.h> 44#include <errno.h> | 3 4/* 5 * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: --- 26 unchanged lines hidden (view full) --- 37#include <netkey/key_var.h> 38#include <netinet/in.h> 39#include <netinet6/ipsec.h> 40 41#include <stdlib.h> 42#include <unistd.h> 43#include <string.h> 44#include <errno.h> |
45#include <stdio.h> |
|
45 46#include "ipsec_strerror.h" 47#include "libpfkey.h" 48 49#define CALLOC(size, cast) (cast)calloc(1, (size)) 50 | 46 47#include "ipsec_strerror.h" 48#include "libpfkey.h" 49 50#define CALLOC(size, cast) (cast)calloc(1, (size)) 51 |
52static int findsupportedmap __P((int)); 53static int setsupportedmap __P((struct sadb_supported *)); 54static struct sadb_alg *findsupportedalg __P((u_int, u_int)); |
|
51static int pfkey_send_x1 __P((int, u_int, u_int, u_int, struct sockaddr *, 52 struct sockaddr *, u_int32_t, u_int32_t, u_int, caddr_t, 53 u_int, u_int, u_int, u_int, u_int, u_int32_t, u_int32_t, 54 u_int32_t, u_int32_t, u_int32_t)); 55static int pfkey_send_x2 __P((int, u_int, u_int, u_int, 56 struct sockaddr *, struct sockaddr *, u_int32_t)); 57static int pfkey_send_x3 __P((int, u_int, u_int)); 58static int pfkey_send_x4 __P((int, u_int, struct sockaddr *, u_int, | 55static int pfkey_send_x1 __P((int, u_int, u_int, u_int, struct sockaddr *, 56 struct sockaddr *, u_int32_t, u_int32_t, u_int, caddr_t, 57 u_int, u_int, u_int, u_int, u_int, u_int32_t, u_int32_t, 58 u_int32_t, u_int32_t, u_int32_t)); 59static int pfkey_send_x2 __P((int, u_int, u_int, u_int, 60 struct sockaddr *, struct sockaddr *, u_int32_t)); 61static int pfkey_send_x3 __P((int, u_int, u_int)); 62static int pfkey_send_x4 __P((int, u_int, struct sockaddr *, u_int, |
59 struct sockaddr *, u_int, u_int, char *, int, u_int32_t)); | 63 struct sockaddr *, u_int, u_int, u_int64_t, u_int64_t, 64 char *, int, u_int32_t)); |
60static int pfkey_send_x5 __P((int, u_int, u_int32_t)); 61 | 65static int pfkey_send_x5 __P((int, u_int, u_int32_t)); 66 |
62static caddr_t pfkey_setsadbmsg __P((caddr_t, u_int, u_int, | 67static caddr_t pfkey_setsadbmsg __P((caddr_t, caddr_t, u_int, u_int, |
63 u_int, u_int32_t, pid_t)); | 68 u_int, u_int32_t, pid_t)); |
64static caddr_t pfkey_setsadbsa __P((caddr_t, u_int32_t, u_int, | 69static caddr_t pfkey_setsadbsa __P((caddr_t, caddr_t, u_int32_t, u_int, |
65 u_int, u_int, u_int32_t)); | 70 u_int, u_int, u_int32_t)); |
66static caddr_t pfkey_setsadbaddr __P((caddr_t, u_int, | 71static caddr_t pfkey_setsadbaddr __P((caddr_t, caddr_t, u_int, |
67 struct sockaddr *, u_int, u_int)); | 72 struct sockaddr *, u_int, u_int)); |
68static caddr_t pfkey_setsadbkey __P((caddr_t, u_int, caddr_t, u_int)); 69static caddr_t pfkey_setsadblifetime __P((caddr_t, u_int, u_int32_t, u_int32_t, 70 u_int32_t, u_int32_t)); 71static caddr_t pfkey_setsadbxsa2 __P((caddr_t, u_int32_t, u_int32_t)); | 73static caddr_t pfkey_setsadbkey __P((caddr_t, caddr_t, u_int, caddr_t, u_int)); 74static caddr_t pfkey_setsadblifetime __P((caddr_t, caddr_t, u_int, u_int32_t, 75 u_int32_t, u_int32_t, u_int32_t)); 76static caddr_t pfkey_setsadbxsa2 __P((caddr_t, caddr_t, u_int32_t, u_int32_t)); |
72 73/* | 77 78/* |
79 * make and search supported algorithm structure. 80 */ 81static struct sadb_supported *ipsec_supported[] = { NULL, NULL, NULL, }; 82 83static int supported_map[] = { 84 SADB_SATYPE_AH, 85 SADB_SATYPE_ESP, 86 SADB_X_SATYPE_IPCOMP, 87}; 88 89static int 90findsupportedmap(satype) 91 int satype; 92{ 93 int i; 94 95 for (i = 0; i < sizeof(supported_map)/sizeof(supported_map[0]); i++) 96 if (supported_map[i] == satype) 97 return i; 98 return -1; 99} 100 101static struct sadb_alg * 102findsupportedalg(satype, alg_id) 103 u_int satype, alg_id; 104{ 105 int algno; 106 int tlen; 107 caddr_t p; 108 109 /* validity check */ 110 algno = findsupportedmap(satype); 111 if (algno == -1) { 112 __ipsec_errcode = EIPSEC_INVAL_ARGUMENT; 113 return NULL; 114 } 115 if (ipsec_supported[algno] == NULL) { 116 __ipsec_errcode = EIPSEC_DO_GET_SUPP_LIST; 117 return NULL; 118 } 119 120 tlen = ipsec_supported[algno]->sadb_supported_len 121 - sizeof(struct sadb_supported); 122 p = (caddr_t)(ipsec_supported[algno] + 1); 123 while (tlen > 0) { 124 if (tlen < sizeof(struct sadb_alg)) { 125 /* invalid format */ 126 break; 127 } 128 if (((struct sadb_alg *)p)->sadb_alg_id == alg_id) 129 return (struct sadb_alg *)p; 130 131 tlen -= sizeof(struct sadb_alg); 132 p += sizeof(struct sadb_alg); 133 } 134 135 __ipsec_errcode = EIPSEC_NOT_SUPPORTED; 136 return NULL; 137} 138 139static int 140setsupportedmap(sup) 141 struct sadb_supported *sup; 142{ 143 struct sadb_supported **ipsup; 144 145 switch (sup->sadb_supported_exttype) { 146 case SADB_EXT_SUPPORTED_AUTH: 147 ipsup = &ipsec_supported[findsupportedmap(SADB_SATYPE_AH)]; 148 break; 149 case SADB_EXT_SUPPORTED_ENCRYPT: 150 ipsup = &ipsec_supported[findsupportedmap(SADB_SATYPE_ESP)]; 151 break; 152 default: 153 __ipsec_errcode = EIPSEC_INVAL_SATYPE; 154 return -1; 155 } 156 157 if (*ipsup) 158 free(*ipsup); 159 160 *ipsup = malloc(sup->sadb_supported_len); 161 if (!*ipsup) { 162 __ipsec_set_strerror(strerror(errno)); 163 return -1; 164 } 165 memcpy(*ipsup, sup, sup->sadb_supported_len); 166 167 return 0; 168} 169 170/* |
|
74 * check key length against algorithm specified. | 171 * check key length against algorithm specified. |
75 * supported is either SADB_EXT_SUPPORTED_ENCRYPT or SADB_EXT_SUPPORTED_AUTH. 76 * Refer to keyv2.h to get more info. | 172 * This function is called with SADB_EXT_SUPPORTED_{AUTH,ENCRYPT} as the 173 * augument, and only calls to ipsec_check_keylen2(); |
77 * keylen is the unit of bit. 78 * OUT: 79 * -1: invalid. 80 * 0: valid. 81 */ | 174 * keylen is the unit of bit. 175 * OUT: 176 * -1: invalid. 177 * 0: valid. 178 */ |
82struct sadb_msg *ipsec_supported = NULL; 83 | |
84int 85ipsec_check_keylen(supported, alg_id, keylen) 86 u_int supported; 87 u_int alg_id; 88 u_int keylen; 89{ | 179int 180ipsec_check_keylen(supported, alg_id, keylen) 181 u_int supported; 182 u_int alg_id; 183 u_int keylen; 184{ |
90 u_int tlen; 91 caddr_t p; 92 struct sadb_supported *sup; 93 struct sadb_alg *alg; | 185 int satype; |
94 95 /* validity check */ | 186 187 /* validity check */ |
96 if (ipsec_supported == NULL) { 97 __ipsec_errcode = EIPSEC_DO_GET_SUPP_LIST; 98 return -1; 99 } | |
100 switch (supported) { 101 case SADB_EXT_SUPPORTED_AUTH: | 188 switch (supported) { 189 case SADB_EXT_SUPPORTED_AUTH: |
190 satype = SADB_SATYPE_AH; 191 break; |
|
102 case SADB_EXT_SUPPORTED_ENCRYPT: | 192 case SADB_EXT_SUPPORTED_ENCRYPT: |
193 satype = SADB_SATYPE_ESP; |
|
103 break; 104 default: 105 __ipsec_errcode = EIPSEC_INVAL_ARGUMENT; 106 return -1; 107 } 108 | 194 break; 195 default: 196 __ipsec_errcode = EIPSEC_INVAL_ARGUMENT; 197 return -1; 198 } 199 |
109 tlen = ipsec_supported->sadb_msg_len - sizeof(struct sadb_msg); 110 p = (caddr_t)ipsec_supported + sizeof(struct sadb_msg); | 200 return ipsec_check_keylen2(satype, alg_id, keylen); 201} |
111 | 202 |
112 for (; 113 tlen > 0; 114 tlen -= sup->sadb_supported_len, p += sup->sadb_supported_len) { | 203/* 204 * check key length against algorithm specified. 205 * satype is one of satype defined at pfkeyv2.h. 206 * keylen is the unit of bit. 207 * OUT: 208 * -1: invalid. 209 * 0: valid. 210 */ 211int 212ipsec_check_keylen2(satype, alg_id, keylen) 213 u_int satype; 214 u_int alg_id; 215 u_int keylen; 216{ 217 struct sadb_alg *alg; |
115 | 218 |
116 sup = (struct sadb_supported *)p; | 219 alg = findsupportedalg(satype, alg_id); 220 if (!alg) 221 return -1; |
117 | 222 |
118 if (sup->sadb_supported_exttype != supported) 119 continue; | 223 if (keylen < alg->sadb_alg_minbits || keylen > alg->sadb_alg_maxbits) { 224 __ipsec_errcode = EIPSEC_INVAL_KEYLEN; 225 return -1; 226 } |
120 | 227 |
121 { 122 u_int ttlen = sup->sadb_supported_len; 123 caddr_t pp = p + sizeof(*sup); | 228 __ipsec_errcode = EIPSEC_NO_ERROR; 229 return 0; 230} |
124 | 231 |
125 for (; 126 ttlen > 0; 127 ttlen -= sizeof(*alg), pp += sizeof(*alg)) { 128 alg = (struct sadb_alg *)pp; | 232/* 233 * get max/min key length against algorithm specified. 234 * satype is one of satype defined at pfkeyv2.h. 235 * keylen is the unit of bit. 236 * OUT: 237 * -1: invalid. 238 * 0: valid. 239 */ 240int 241ipsec_get_keylen(supported, alg_id, alg0) 242 u_int supported, alg_id; 243 struct sadb_alg *alg0; 244{ 245 struct sadb_alg *alg; 246 u_int satype; |
129 | 247 |
130 if (alg->sadb_alg_id == alg_id) 131 goto found; 132 } 133 } | 248 /* validity check */ 249 if (!alg0) { 250 __ipsec_errcode = EIPSEC_INVAL_ARGUMENT; 251 return -1; |
134 } 135 | 252 } 253 |
136 __ipsec_errcode = EIPSEC_NOT_SUPPORTED; 137 return -1; 138 /* NOTREACHED */ 139 140 found: 141 if (keylen < alg->sadb_alg_minbits 142 || keylen > alg->sadb_alg_maxbits) { 143 __ipsec_errcode = EIPSEC_INVAL_KEYLEN; | 254 switch (supported) { 255 case SADB_EXT_SUPPORTED_AUTH: 256 satype = SADB_SATYPE_AH; 257 break; 258 case SADB_EXT_SUPPORTED_ENCRYPT: 259 satype = SADB_SATYPE_ESP; 260 break; 261 default: 262 __ipsec_errcode = EIPSEC_INVAL_ARGUMENT; |
144 return -1; 145 } 146 | 263 return -1; 264 } 265 |
266 alg = findsupportedalg(satype, alg_id); 267 if (!alg) 268 return -1; 269 270 memcpy(alg0, alg, sizeof(*alg0)); 271 |
|
147 __ipsec_errcode = EIPSEC_NO_ERROR; 148 return 0; 149} 150 151/* 152 * set the rate for SOFT lifetime against HARD one. 153 * If rate is more than 100 or equal to zero, then set to 100. 154 */ --- 61 unchanged lines hidden (view full) --- 216int 217pfkey_send_getspi(so, satype, mode, src, dst, min, max, reqid, seq) 218 int so; 219 u_int satype, mode; 220 struct sockaddr *src, *dst; 221 u_int32_t min, max, reqid, seq; 222{ 223 struct sadb_msg *newmsg; | 272 __ipsec_errcode = EIPSEC_NO_ERROR; 273 return 0; 274} 275 276/* 277 * set the rate for SOFT lifetime against HARD one. 278 * If rate is more than 100 or equal to zero, then set to 100. 279 */ --- 61 unchanged lines hidden (view full) --- 341int 342pfkey_send_getspi(so, satype, mode, src, dst, min, max, reqid, seq) 343 int so; 344 u_int satype, mode; 345 struct sockaddr *src, *dst; 346 u_int32_t min, max, reqid, seq; 347{ 348 struct sadb_msg *newmsg; |
349 caddr_t ep; |
|
224 int len; 225 int need_spirange = 0; 226 caddr_t p; 227 int plen; 228 229 /* validity check */ 230 if (src == NULL || dst == NULL) { 231 __ipsec_errcode = EIPSEC_INVAL_ARGUMENT; --- 31 unchanged lines hidden (view full) --- 263 need_spirange++; 264 len += sizeof(struct sadb_spirange); 265 } 266 267 if ((newmsg = CALLOC(len, struct sadb_msg *)) == NULL) { 268 __ipsec_set_strerror(strerror(errno)); 269 return -1; 270 } | 350 int len; 351 int need_spirange = 0; 352 caddr_t p; 353 int plen; 354 355 /* validity check */ 356 if (src == NULL || dst == NULL) { 357 __ipsec_errcode = EIPSEC_INVAL_ARGUMENT; --- 31 unchanged lines hidden (view full) --- 389 need_spirange++; 390 len += sizeof(struct sadb_spirange); 391 } 392 393 if ((newmsg = CALLOC(len, struct sadb_msg *)) == NULL) { 394 __ipsec_set_strerror(strerror(errno)); 395 return -1; 396 } |
397 ep = ((caddr_t)newmsg) + len; |
|
271 | 398 |
272 p = pfkey_setsadbmsg((caddr_t)newmsg, SADB_GETSPI, 273 len, satype, seq, getpid()); | 399 p = pfkey_setsadbmsg((caddr_t)newmsg, ep, SADB_GETSPI, 400 len, satype, seq, getpid()); 401 if (!p) { 402 free(newmsg); 403 return -1; 404 } |
274 | 405 |
275 p = pfkey_setsadbxsa2(p, mode, reqid); | 406 p = pfkey_setsadbxsa2(p, ep, mode, reqid); 407 if (!p) { 408 free(newmsg); 409 return -1; 410 } |
276 277 /* set sadb_address for source */ | 411 412 /* set sadb_address for source */ |
278 p = pfkey_setsadbaddr(p, SADB_EXT_ADDRESS_SRC, src, plen, | 413 p = pfkey_setsadbaddr(p, ep, SADB_EXT_ADDRESS_SRC, src, plen, |
279 IPSEC_ULPROTO_ANY); | 414 IPSEC_ULPROTO_ANY); |
415 if (!p) { 416 free(newmsg); 417 return -1; 418 } |
|
280 281 /* set sadb_address for destination */ | 419 420 /* set sadb_address for destination */ |
282 p = pfkey_setsadbaddr(p, SADB_EXT_ADDRESS_DST, dst, plen, | 421 p = pfkey_setsadbaddr(p, ep, SADB_EXT_ADDRESS_DST, dst, plen, |
283 IPSEC_ULPROTO_ANY); | 422 IPSEC_ULPROTO_ANY); |
423 if (!p) { 424 free(newmsg); 425 return -1; 426 } |
|
284 285 /* proccessing spi range */ 286 if (need_spirange) { | 427 428 /* proccessing spi range */ 429 if (need_spirange) { |
287 int _len = sizeof(struct sadb_spirange); | 430 struct sadb_spirange spirange; |
288 | 431 |
289#define _SADB_SPIRANGE(p) ((struct sadb_spirange *)(p)) 290 _SADB_SPIRANGE(p)->sadb_spirange_len = PFKEY_UNIT64(_len); 291 _SADB_SPIRANGE(p)->sadb_spirange_exttype = SADB_EXT_SPIRANGE; 292 _SADB_SPIRANGE(p)->sadb_spirange_min = min; 293 _SADB_SPIRANGE(p)->sadb_spirange_max = max; 294#undef _SADB_SPIRANGE(p) 295 p += _len; | 432 if (p + sizeof(spirange) > ep) { 433 free(newmsg); 434 return -1; 435 } 436 437 memset(&spirange, 0, sizeof(spirange)); 438 spirange.sadb_spirange_len = PFKEY_UNIT64(sizeof(spirange)); 439 spirange.sadb_spirange_exttype = SADB_EXT_SPIRANGE; 440 spirange.sadb_spirange_min = min; 441 spirange.sadb_spirange_max = max; 442 443 memcpy(p, &spirange, sizeof(spirange)); 444 445 p += sizeof(spirange); |
296 } | 446 } |
447 if (p != ep) { 448 free(newmsg); 449 return -1; 450 } |
|
297 298 /* send message */ 299 len = pfkey_send(so, newmsg, len); 300 free(newmsg); 301 302 if (len < 0) 303 return -1; 304 --- 79 unchanged lines hidden (view full) --- 384 int len; 385 if ((len = pfkey_send_x2(so, SADB_DELETE, satype, mode, src, dst, spi)) < 0) 386 return -1; 387 388 return len; 389} 390 391/* | 451 452 /* send message */ 453 len = pfkey_send(so, newmsg, len); 454 free(newmsg); 455 456 if (len < 0) 457 return -1; 458 --- 79 unchanged lines hidden (view full) --- 538 int len; 539 if ((len = pfkey_send_x2(so, SADB_DELETE, satype, mode, src, dst, spi)) < 0) 540 return -1; 541 542 return len; 543} 544 545/* |
546 * sending SADB_DELETE without spi to the kernel. This is 547 * the "delete all" request (an extension also present in 548 * Solaris). 549 * 550 * OUT: 551 * positive: success and return length sent 552 * -1 : error occured, and set errno 553 */ 554int 555pfkey_send_delete_all(so, satype, mode, src, dst) 556 int so; 557 u_int satype, mode; 558 struct sockaddr *src, *dst; 559{ 560 struct sadb_msg *newmsg; 561 int len; 562 caddr_t p; 563 int plen; 564 caddr_t ep; 565 566 /* validity check */ 567 if (src == NULL || dst == NULL) { 568 __ipsec_errcode = EIPSEC_INVAL_ARGUMENT; 569 return -1; 570 } 571 if (src->sa_family != dst->sa_family) { 572 __ipsec_errcode = EIPSEC_FAMILY_MISMATCH; 573 return -1; 574 } 575 switch (src->sa_family) { 576 case AF_INET: 577 plen = sizeof(struct in_addr) << 3; 578 break; 579 case AF_INET6: 580 plen = sizeof(struct in6_addr) << 3; 581 break; 582 default: 583 __ipsec_errcode = EIPSEC_INVAL_FAMILY; 584 return -1; 585 } 586 587 /* create new sadb_msg to reply. */ 588 len = sizeof(struct sadb_msg) 589 + sizeof(struct sadb_address) 590 + PFKEY_ALIGN8(src->sa_len) 591 + sizeof(struct sadb_address) 592 + PFKEY_ALIGN8(dst->sa_len); 593 594 if ((newmsg = CALLOC(len, struct sadb_msg *)) == NULL) { 595 __ipsec_set_strerror(strerror(errno)); 596 return -1; 597 } 598 ep = ((caddr_t)newmsg) + len; 599 600 p = pfkey_setsadbmsg((caddr_t)newmsg, ep, SADB_DELETE, len, satype, 0, 601 getpid()); 602 if (!p) { 603 free(newmsg); 604 return -1; 605 } 606 p = pfkey_setsadbaddr(p, ep, SADB_EXT_ADDRESS_SRC, src, plen, 607 IPSEC_ULPROTO_ANY); 608 if (!p) { 609 free(newmsg); 610 return -1; 611 } 612 p = pfkey_setsadbaddr(p, ep, SADB_EXT_ADDRESS_DST, dst, plen, 613 IPSEC_ULPROTO_ANY); 614 if (!p || p != ep) { 615 free(newmsg); 616 return -1; 617 } 618 619 /* send message */ 620 len = pfkey_send(so, newmsg, len); 621 free(newmsg); 622 623 if (len < 0) 624 return -1; 625 626 __ipsec_errcode = EIPSEC_NO_ERROR; 627 return len; 628} 629 630/* |
|
392 * sending SADB_GET message to the kernel. 393 * OUT: 394 * positive: success and return length sent. 395 * -1 : error occured, and set errno. 396 */ 397int 398pfkey_send_get(so, satype, mode, src, dst, spi) 399 int so; --- 14 unchanged lines hidden (view full) --- 414 * positive: success and return length sent. 415 * -1 : error occured, and set errno. 416 */ 417int 418pfkey_send_register(so, satype) 419 int so; 420 u_int satype; 421{ | 631 * sending SADB_GET message to the kernel. 632 * OUT: 633 * positive: success and return length sent. 634 * -1 : error occured, and set errno. 635 */ 636int 637pfkey_send_get(so, satype, mode, src, dst, spi) 638 int so; --- 14 unchanged lines hidden (view full) --- 653 * positive: success and return length sent. 654 * -1 : error occured, and set errno. 655 */ 656int 657pfkey_send_register(so, satype) 658 int so; 659 u_int satype; 660{ |
422 int len; | 661 int len, algno; |
423 | 662 |
663 if (satype == PF_UNSPEC) { 664 for (algno = 0; 665 algno < sizeof(supported_map)/sizeof(supported_map[0]); 666 algno++) { 667 if (ipsec_supported[algno]) { 668 free(ipsec_supported[algno]); 669 ipsec_supported[algno] = NULL; 670 } 671 } 672 } else { 673 algno = findsupportedmap(satype); 674 if (algno == -1) { 675 __ipsec_errcode = EIPSEC_INVAL_ARGUMENT; 676 return -1; 677 } 678 679 if (ipsec_supported[algno]) { 680 free(ipsec_supported[algno]); 681 ipsec_supported[algno] = NULL; 682 } 683 } 684 |
|
424 if ((len = pfkey_send_x3(so, SADB_REGISTER, satype)) < 0) 425 return -1; 426 427 return len; 428} 429 430/* 431 * receiving SADB_REGISTER message from the kernel, and copy buffer for 432 * sadb_supported returned into ipsec_supported. 433 * OUT: 434 * 0: success and return length sent. 435 * -1: error occured, and set errno. 436 */ 437int 438pfkey_recv_register(so) 439 int so; 440{ 441 pid_t pid = getpid(); 442 struct sadb_msg *newmsg; | 685 if ((len = pfkey_send_x3(so, SADB_REGISTER, satype)) < 0) 686 return -1; 687 688 return len; 689} 690 691/* 692 * receiving SADB_REGISTER message from the kernel, and copy buffer for 693 * sadb_supported returned into ipsec_supported. 694 * OUT: 695 * 0: success and return length sent. 696 * -1: error occured, and set errno. 697 */ 698int 699pfkey_recv_register(so) 700 int so; 701{ 702 pid_t pid = getpid(); 703 struct sadb_msg *newmsg; |
443 struct sadb_supported *sup; 444 caddr_t p; 445 int tlen; | 704 int error = -1; |
446 447 /* receive message */ 448 do { 449 if ((newmsg = pfkey_recv(so)) == NULL) 450 return -1; | 705 706 /* receive message */ 707 do { 708 if ((newmsg = pfkey_recv(so)) == NULL) 709 return -1; |
451 | |
452 } while (newmsg->sadb_msg_type != SADB_REGISTER 453 || newmsg->sadb_msg_pid != pid); 454 455 /* check and fix */ 456 newmsg->sadb_msg_len = PFKEY_UNUNIT64(newmsg->sadb_msg_len); 457 | 710 } while (newmsg->sadb_msg_type != SADB_REGISTER 711 || newmsg->sadb_msg_pid != pid); 712 713 /* check and fix */ 714 newmsg->sadb_msg_len = PFKEY_UNUNIT64(newmsg->sadb_msg_len); 715 |
458 tlen = newmsg->sadb_msg_len - sizeof(struct sadb_msg); 459 p = (caddr_t)newmsg + sizeof(struct sadb_msg); 460 while (tlen > 0) { | 716 error = pfkey_set_supported(newmsg, newmsg->sadb_msg_len); 717 free(newmsg); 718 719 if (error == 0) 720 __ipsec_errcode = EIPSEC_NO_ERROR; 721 722 return error; 723} 724 725/* 726 * receiving SADB_REGISTER message from the kernel, and copy buffer for 727 * sadb_supported returned into ipsec_supported. 728 * NOTE: sadb_msg_len must be host order. 729 * IN: 730 * tlen: msg length, it's to makeing sure. 731 * OUT: 732 * 0: success and return length sent. 733 * -1: error occured, and set errno. 734 */ 735int 736pfkey_set_supported(msg, tlen) 737 struct sadb_msg *msg; 738 int tlen; 739{ 740 struct sadb_supported *sup; 741 caddr_t p; 742 caddr_t ep; 743 744 /* validity */ 745 if (msg->sadb_msg_len != tlen) { 746 __ipsec_errcode = EIPSEC_INVAL_ARGUMENT; 747 return -1; 748 } 749 750 p = (caddr_t)msg; 751 ep = p + tlen; 752 753 p += sizeof(struct sadb_msg); 754 755 while (p < ep) { |
461 sup = (struct sadb_supported *)p; | 756 sup = (struct sadb_supported *)p; |
757 if (ep < p + sizeof(*sup) || 758 PFKEY_EXTLEN(sup) < sizeof(*sup) || 759 ep < p + sup->sadb_supported_len) { 760 /* invalid format */ 761 break; 762 } 763 |
|
462 switch (sup->sadb_supported_exttype) { 463 case SADB_EXT_SUPPORTED_AUTH: 464 case SADB_EXT_SUPPORTED_ENCRYPT: | 764 switch (sup->sadb_supported_exttype) { 765 case SADB_EXT_SUPPORTED_AUTH: 766 case SADB_EXT_SUPPORTED_ENCRYPT: |
465 sup->sadb_supported_len = PFKEY_EXTLEN(sup); | |
466 break; 467 default: 468 __ipsec_errcode = EIPSEC_INVAL_SATYPE; | 767 break; 768 default: 769 __ipsec_errcode = EIPSEC_INVAL_SATYPE; |
469 free(newmsg); | |
470 return -1; 471 } 472 | 770 return -1; 771 } 772 |
473 tlen -= sup->sadb_supported_len; | 773 /* fixed length */ 774 sup->sadb_supported_len = PFKEY_EXTLEN(sup); 775 776 /* set supported map */ 777 if (setsupportedmap(sup) != 0) 778 return -1; 779 |
474 p += sup->sadb_supported_len; 475 } 476 | 780 p += sup->sadb_supported_len; 781 } 782 |
477 if (tlen < 0) { | 783 if (p != ep) { |
478 __ipsec_errcode = EIPSEC_INVAL_SATYPE; 479 return -1; 480 } 481 | 784 __ipsec_errcode = EIPSEC_INVAL_SATYPE; 785 return -1; 786 } 787 |
482 if (ipsec_supported != NULL) 483 free(ipsec_supported); 484 485 ipsec_supported = newmsg; 486 | |
487 __ipsec_errcode = EIPSEC_NO_ERROR; | 788 __ipsec_errcode = EIPSEC_NO_ERROR; |
789 |
|
488 return 0; 489} 490 491/* 492 * sending SADB_FLUSH message to the kernel. 493 * OUT: 494 * positive: success and return length sent. 495 * -1 : error occured, and set errno. --- 69 unchanged lines hidden (view full) --- 565 caddr_t policy; 566 int policylen; 567 u_int32_t seq; 568{ 569 int len; 570 571 if ((len = pfkey_send_x4(so, SADB_X_SPDADD, 572 src, prefs, dst, prefd, proto, | 790 return 0; 791} 792 793/* 794 * sending SADB_FLUSH message to the kernel. 795 * OUT: 796 * positive: success and return length sent. 797 * -1 : error occured, and set errno. --- 69 unchanged lines hidden (view full) --- 867 caddr_t policy; 868 int policylen; 869 u_int32_t seq; 870{ 871 int len; 872 873 if ((len = pfkey_send_x4(so, SADB_X_SPDADD, 874 src, prefs, dst, prefd, proto, |
875 0, 0, |
|
573 policy, policylen, seq)) < 0) 574 return -1; 575 576 return len; 577} 578 579/* | 876 policy, policylen, seq)) < 0) 877 return -1; 878 879 return len; 880} 881 882/* |
883 * sending SADB_X_SPDADD message to the kernel. 884 * OUT: 885 * positive: success and return length sent. 886 * -1 : error occured, and set errno. 887 */ 888int 889pfkey_send_spdadd2(so, src, prefs, dst, prefd, proto, ltime, vtime, 890 policy, policylen, seq) 891 int so; 892 struct sockaddr *src, *dst; 893 u_int prefs, prefd, proto; 894 u_int64_t ltime, vtime; 895 caddr_t policy; 896 int policylen; 897 u_int32_t seq; 898{ 899 int len; 900 901 if ((len = pfkey_send_x4(so, SADB_X_SPDADD, 902 src, prefs, dst, prefd, proto, 903 ltime, vtime, 904 policy, policylen, seq)) < 0) 905 return -1; 906 907 return len; 908} 909 910/* |
|
580 * sending SADB_X_SPDUPDATE message to the kernel. 581 * OUT: 582 * positive: success and return length sent. 583 * -1 : error occured, and set errno. 584 */ 585int 586pfkey_send_spdupdate(so, src, prefs, dst, prefd, proto, policy, policylen, seq) 587 int so; 588 struct sockaddr *src, *dst; 589 u_int prefs, prefd, proto; 590 caddr_t policy; 591 int policylen; 592 u_int32_t seq; 593{ 594 int len; 595 596 if ((len = pfkey_send_x4(so, SADB_X_SPDUPDATE, 597 src, prefs, dst, prefd, proto, | 911 * sending SADB_X_SPDUPDATE message to the kernel. 912 * OUT: 913 * positive: success and return length sent. 914 * -1 : error occured, and set errno. 915 */ 916int 917pfkey_send_spdupdate(so, src, prefs, dst, prefd, proto, policy, policylen, seq) 918 int so; 919 struct sockaddr *src, *dst; 920 u_int prefs, prefd, proto; 921 caddr_t policy; 922 int policylen; 923 u_int32_t seq; 924{ 925 int len; 926 927 if ((len = pfkey_send_x4(so, SADB_X_SPDUPDATE, 928 src, prefs, dst, prefd, proto, |
929 0, 0, |
|
598 policy, policylen, seq)) < 0) 599 return -1; 600 601 return len; 602} 603 604/* | 930 policy, policylen, seq)) < 0) 931 return -1; 932 933 return len; 934} 935 936/* |
937 * sending SADB_X_SPDUPDATE message to the kernel. 938 * OUT: 939 * positive: success and return length sent. 940 * -1 : error occured, and set errno. 941 */ 942int 943pfkey_send_spdupdate2(so, src, prefs, dst, prefd, proto, ltime, vtime, 944 policy, policylen, seq) 945 int so; 946 struct sockaddr *src, *dst; 947 u_int prefs, prefd, proto; 948 u_int64_t ltime, vtime; 949 caddr_t policy; 950 int policylen; 951 u_int32_t seq; 952{ 953 int len; 954 955 if ((len = pfkey_send_x4(so, SADB_X_SPDUPDATE, 956 src, prefs, dst, prefd, proto, 957 ltime, vtime, 958 policy, policylen, seq)) < 0) 959 return -1; 960 961 return len; 962} 963 964/* |
|
605 * sending SADB_X_SPDDELETE message to the kernel. 606 * OUT: 607 * positive: success and return length sent. 608 * -1 : error occured, and set errno. 609 */ 610int 611pfkey_send_spddelete(so, src, prefs, dst, prefd, proto, policy, policylen, seq) 612 int so; --- 7 unchanged lines hidden (view full) --- 620 621 if (policylen != sizeof(struct sadb_x_policy)) { 622 __ipsec_errcode = EIPSEC_INVAL_ARGUMENT; 623 return -1; 624 } 625 626 if ((len = pfkey_send_x4(so, SADB_X_SPDDELETE, 627 src, prefs, dst, prefd, proto, | 965 * sending SADB_X_SPDDELETE message to the kernel. 966 * OUT: 967 * positive: success and return length sent. 968 * -1 : error occured, and set errno. 969 */ 970int 971pfkey_send_spddelete(so, src, prefs, dst, prefd, proto, policy, policylen, seq) 972 int so; --- 7 unchanged lines hidden (view full) --- 980 981 if (policylen != sizeof(struct sadb_x_policy)) { 982 __ipsec_errcode = EIPSEC_INVAL_ARGUMENT; 983 return -1; 984 } 985 986 if ((len = pfkey_send_x4(so, SADB_X_SPDDELETE, 987 src, prefs, dst, prefd, proto, |
988 0, 0, |
|
628 policy, policylen, seq)) < 0) 629 return -1; 630 631 return len; 632} 633 634/* 635 * sending SADB_X_SPDDELETE message to the kernel. --- 52 unchanged lines hidden (view full) --- 688 689 if (policylen != sizeof(struct sadb_x_policy)) { 690 __ipsec_errcode = EIPSEC_INVAL_ARGUMENT; 691 return -1; 692 } 693 694 if ((len = pfkey_send_x4(so, SADB_X_SPDSETIDX, 695 src, prefs, dst, prefd, proto, | 989 policy, policylen, seq)) < 0) 990 return -1; 991 992 return len; 993} 994 995/* 996 * sending SADB_X_SPDDELETE message to the kernel. --- 52 unchanged lines hidden (view full) --- 1049 1050 if (policylen != sizeof(struct sadb_x_policy)) { 1051 __ipsec_errcode = EIPSEC_INVAL_ARGUMENT; 1052 return -1; 1053 } 1054 1055 if ((len = pfkey_send_x4(so, SADB_X_SPDSETIDX, 1056 src, prefs, dst, prefd, proto, |
1057 0, 0, |
|
696 policy, policylen, seq)) < 0) 697 return -1; 698 699 return len; 700} 701 702/* 703 * sending SADB_SPDFLUSH message to the kernel. --- 44 unchanged lines hidden (view full) --- 748 caddr_t keymat; 749 u_int e_type, e_keylen, a_type, a_keylen, flags; 750 u_int32_t l_alloc, l_bytes, l_addtime, l_usetime, seq; 751{ 752 struct sadb_msg *newmsg; 753 int len; 754 caddr_t p; 755 int plen; | 1058 policy, policylen, seq)) < 0) 1059 return -1; 1060 1061 return len; 1062} 1063 1064/* 1065 * sending SADB_SPDFLUSH message to the kernel. --- 44 unchanged lines hidden (view full) --- 1110 caddr_t keymat; 1111 u_int e_type, e_keylen, a_type, a_keylen, flags; 1112 u_int32_t l_alloc, l_bytes, l_addtime, l_usetime, seq; 1113{ 1114 struct sadb_msg *newmsg; 1115 int len; 1116 caddr_t p; 1117 int plen; |
1118 caddr_t ep; |
|
756 757 /* validity check */ 758 if (src == NULL || dst == NULL) { 759 __ipsec_errcode = EIPSEC_INVAL_ARGUMENT; 760 return -1; 761 } 762 if (src->sa_family != dst->sa_family) { 763 __ipsec_errcode = EIPSEC_FAMILY_MISMATCH; --- 24 unchanged lines hidden (view full) --- 788 return -1; 789 } 790 if (a_type == SADB_AALG_NONE) { 791 __ipsec_errcode = EIPSEC_NO_ALGS; 792 return -1; 793 } 794 break; 795 case SADB_X_SATYPE_IPCOMP: | 1119 1120 /* validity check */ 1121 if (src == NULL || dst == NULL) { 1122 __ipsec_errcode = EIPSEC_INVAL_ARGUMENT; 1123 return -1; 1124 } 1125 if (src->sa_family != dst->sa_family) { 1126 __ipsec_errcode = EIPSEC_FAMILY_MISMATCH; --- 24 unchanged lines hidden (view full) --- 1151 return -1; 1152 } 1153 if (a_type == SADB_AALG_NONE) { 1154 __ipsec_errcode = EIPSEC_NO_ALGS; 1155 return -1; 1156 } 1157 break; 1158 case SADB_X_SATYPE_IPCOMP: |
1159 if (e_type == SADB_X_CALG_NONE) { 1160 __ipsec_errcode = EIPSEC_INVAL_ALGS; 1161 return -1; 1162 } 1163 if (a_type != SADB_AALG_NONE) { 1164 __ipsec_errcode = EIPSEC_NO_ALGS; 1165 return -1; 1166 } |
|
796 break; 797 default: 798 __ipsec_errcode = EIPSEC_INVAL_SATYPE; 799 return -1; 800 } 801 802 /* create new sadb_msg to reply. */ 803 len = sizeof(struct sadb_msg) --- 10 unchanged lines hidden (view full) --- 814 len += (sizeof(struct sadb_key) + PFKEY_ALIGN8(e_keylen)); 815 if (a_type != SADB_AALG_NONE) 816 len += (sizeof(struct sadb_key) + PFKEY_ALIGN8(a_keylen)); 817 818 if ((newmsg = CALLOC(len, struct sadb_msg *)) == NULL) { 819 __ipsec_set_strerror(strerror(errno)); 820 return -1; 821 } | 1167 break; 1168 default: 1169 __ipsec_errcode = EIPSEC_INVAL_SATYPE; 1170 return -1; 1171 } 1172 1173 /* create new sadb_msg to reply. */ 1174 len = sizeof(struct sadb_msg) --- 10 unchanged lines hidden (view full) --- 1185 len += (sizeof(struct sadb_key) + PFKEY_ALIGN8(e_keylen)); 1186 if (a_type != SADB_AALG_NONE) 1187 len += (sizeof(struct sadb_key) + PFKEY_ALIGN8(a_keylen)); 1188 1189 if ((newmsg = CALLOC(len, struct sadb_msg *)) == NULL) { 1190 __ipsec_set_strerror(strerror(errno)); 1191 return -1; 1192 } |
1193 ep = ((caddr_t)newmsg) + len; |
|
822 | 1194 |
823 p = pfkey_setsadbmsg((caddr_t)newmsg, type, len, | 1195 p = pfkey_setsadbmsg((caddr_t)newmsg, ep, type, len, |
824 satype, seq, getpid()); | 1196 satype, seq, getpid()); |
825 p = pfkey_setsadbsa(p, spi, wsize, a_type, e_type, flags); 826 p = pfkey_setsadbxsa2(p, mode, reqid); 827 p = pfkey_setsadbaddr(p, SADB_EXT_ADDRESS_SRC, src, plen, | 1197 if (!p) { 1198 free(newmsg); 1199 return -1; 1200 } 1201 p = pfkey_setsadbsa(p, ep, spi, wsize, a_type, e_type, flags); 1202 if (!p) { 1203 free(newmsg); 1204 return -1; 1205 } 1206 p = pfkey_setsadbxsa2(p, ep, mode, reqid); 1207 if (!p) { 1208 free(newmsg); 1209 return -1; 1210 } 1211 p = pfkey_setsadbaddr(p, ep, SADB_EXT_ADDRESS_SRC, src, plen, |
828 IPSEC_ULPROTO_ANY); | 1212 IPSEC_ULPROTO_ANY); |
829 p = pfkey_setsadbaddr(p, SADB_EXT_ADDRESS_DST, dst, plen, | 1213 if (!p) { 1214 free(newmsg); 1215 return -1; 1216 } 1217 p = pfkey_setsadbaddr(p, ep, SADB_EXT_ADDRESS_DST, dst, plen, |
830 IPSEC_ULPROTO_ANY); | 1218 IPSEC_ULPROTO_ANY); |
1219 if (!p) { 1220 free(newmsg); 1221 return -1; 1222 } |
|
831 | 1223 |
832 if (e_type != SADB_EALG_NONE) 833 p = pfkey_setsadbkey(p, SADB_EXT_KEY_ENCRYPT, | 1224 if (e_type != SADB_EALG_NONE) { 1225 p = pfkey_setsadbkey(p, ep, SADB_EXT_KEY_ENCRYPT, |
834 keymat, e_keylen); | 1226 keymat, e_keylen); |
835 if (a_type != SADB_AALG_NONE) 836 p = pfkey_setsadbkey(p, SADB_EXT_KEY_AUTH, | 1227 if (!p) { 1228 free(newmsg); 1229 return -1; 1230 } 1231 } 1232 if (a_type != SADB_AALG_NONE) { 1233 p = pfkey_setsadbkey(p, ep, SADB_EXT_KEY_AUTH, |
837 keymat + e_keylen, a_keylen); | 1234 keymat + e_keylen, a_keylen); |
1235 if (!p) { 1236 free(newmsg); 1237 return -1; 1238 } 1239 } |
|
838 839 /* set sadb_lifetime for destination */ | 1240 1241 /* set sadb_lifetime for destination */ |
840 p = pfkey_setsadblifetime(p, SADB_EXT_LIFETIME_HARD, | 1242 p = pfkey_setsadblifetime(p, ep, SADB_EXT_LIFETIME_HARD, |
841 l_alloc, l_bytes, l_addtime, l_usetime); | 1243 l_alloc, l_bytes, l_addtime, l_usetime); |
842 p = pfkey_setsadblifetime(p, SADB_EXT_LIFETIME_SOFT, | 1244 if (!p) { 1245 free(newmsg); 1246 return -1; 1247 } 1248 p = pfkey_setsadblifetime(p, ep, SADB_EXT_LIFETIME_SOFT, |
843 l_alloc, l_bytes, l_addtime, l_usetime); | 1249 l_alloc, l_bytes, l_addtime, l_usetime); |
1250 if (!p || p != ep) { 1251 free(newmsg); 1252 return -1; 1253 } |
|
844 845 /* send message */ 846 len = pfkey_send(so, newmsg, len); 847 free(newmsg); 848 849 if (len < 0) 850 return -1; 851 --- 8 unchanged lines hidden (view full) --- 860 u_int type, satype, mode; 861 struct sockaddr *src, *dst; 862 u_int32_t spi; 863{ 864 struct sadb_msg *newmsg; 865 int len; 866 caddr_t p; 867 int plen; | 1254 1255 /* send message */ 1256 len = pfkey_send(so, newmsg, len); 1257 free(newmsg); 1258 1259 if (len < 0) 1260 return -1; 1261 --- 8 unchanged lines hidden (view full) --- 1270 u_int type, satype, mode; 1271 struct sockaddr *src, *dst; 1272 u_int32_t spi; 1273{ 1274 struct sadb_msg *newmsg; 1275 int len; 1276 caddr_t p; 1277 int plen; |
1278 caddr_t ep; |
|
868 869 /* validity check */ 870 if (src == NULL || dst == NULL) { 871 __ipsec_errcode = EIPSEC_INVAL_ARGUMENT; 872 return -1; 873 } 874 if (src->sa_family != dst->sa_family) { 875 __ipsec_errcode = EIPSEC_FAMILY_MISMATCH; --- 18 unchanged lines hidden (view full) --- 894 + PFKEY_ALIGN8(src->sa_len) 895 + sizeof(struct sadb_address) 896 + PFKEY_ALIGN8(dst->sa_len); 897 898 if ((newmsg = CALLOC(len, struct sadb_msg *)) == NULL) { 899 __ipsec_set_strerror(strerror(errno)); 900 return -1; 901 } | 1279 1280 /* validity check */ 1281 if (src == NULL || dst == NULL) { 1282 __ipsec_errcode = EIPSEC_INVAL_ARGUMENT; 1283 return -1; 1284 } 1285 if (src->sa_family != dst->sa_family) { 1286 __ipsec_errcode = EIPSEC_FAMILY_MISMATCH; --- 18 unchanged lines hidden (view full) --- 1305 + PFKEY_ALIGN8(src->sa_len) 1306 + sizeof(struct sadb_address) 1307 + PFKEY_ALIGN8(dst->sa_len); 1308 1309 if ((newmsg = CALLOC(len, struct sadb_msg *)) == NULL) { 1310 __ipsec_set_strerror(strerror(errno)); 1311 return -1; 1312 } |
1313 ep = ((caddr_t)newmsg) + len; |
|
902 | 1314 |
903 p = pfkey_setsadbmsg((caddr_t)newmsg, type, len, satype, 0, getpid()); 904 p = pfkey_setsadbsa(p, spi, 0, 0, 0, 0); 905 p = pfkey_setsadbaddr(p, SADB_EXT_ADDRESS_SRC, src, plen, | 1315 p = pfkey_setsadbmsg((caddr_t)newmsg, ep, type, len, satype, 0, 1316 getpid()); 1317 if (!p) { 1318 free(newmsg); 1319 return -1; 1320 } 1321 p = pfkey_setsadbsa(p, ep, spi, 0, 0, 0, 0); 1322 if (!p) { 1323 free(newmsg); 1324 return -1; 1325 } 1326 p = pfkey_setsadbaddr(p, ep, SADB_EXT_ADDRESS_SRC, src, plen, |
906 IPSEC_ULPROTO_ANY); | 1327 IPSEC_ULPROTO_ANY); |
907 p = pfkey_setsadbaddr(p, SADB_EXT_ADDRESS_DST, dst, plen, | 1328 if (!p) { 1329 free(newmsg); 1330 return -1; 1331 } 1332 p = pfkey_setsadbaddr(p, ep, SADB_EXT_ADDRESS_DST, dst, plen, |
908 IPSEC_ULPROTO_ANY); | 1333 IPSEC_ULPROTO_ANY); |
1334 if (!p || p != ep) { 1335 free(newmsg); 1336 return -1; 1337 } |
|
909 910 /* send message */ 911 len = pfkey_send(so, newmsg, len); 912 free(newmsg); 913 914 if (len < 0) 915 return -1; 916 --- 7 unchanged lines hidden (view full) --- 924 */ 925static int 926pfkey_send_x3(so, type, satype) 927 int so; 928 u_int type, satype; 929{ 930 struct sadb_msg *newmsg; 931 int len; | 1338 1339 /* send message */ 1340 len = pfkey_send(so, newmsg, len); 1341 free(newmsg); 1342 1343 if (len < 0) 1344 return -1; 1345 --- 7 unchanged lines hidden (view full) --- 1353 */ 1354static int 1355pfkey_send_x3(so, type, satype) 1356 int so; 1357 u_int type, satype; 1358{ 1359 struct sadb_msg *newmsg; 1360 int len; |
1361 caddr_t p; 1362 caddr_t ep; |
|
932 933 /* validity check */ 934 switch (type) { 935 case SADB_X_PROMISC: 936 if (satype != 0 && satype != 1) { 937 __ipsec_errcode = EIPSEC_INVAL_SATYPE; 938 return -1; 939 } --- 13 unchanged lines hidden (view full) --- 953 954 /* create new sadb_msg to send. */ 955 len = sizeof(struct sadb_msg); 956 957 if ((newmsg = CALLOC(len, struct sadb_msg *)) == NULL) { 958 __ipsec_set_strerror(strerror(errno)); 959 return -1; 960 } | 1363 1364 /* validity check */ 1365 switch (type) { 1366 case SADB_X_PROMISC: 1367 if (satype != 0 && satype != 1) { 1368 __ipsec_errcode = EIPSEC_INVAL_SATYPE; 1369 return -1; 1370 } --- 13 unchanged lines hidden (view full) --- 1384 1385 /* create new sadb_msg to send. */ 1386 len = sizeof(struct sadb_msg); 1387 1388 if ((newmsg = CALLOC(len, struct sadb_msg *)) == NULL) { 1389 __ipsec_set_strerror(strerror(errno)); 1390 return -1; 1391 } |
1392 ep = ((caddr_t)newmsg) + len; |
|
961 | 1393 |
962 (void)pfkey_setsadbmsg((caddr_t)newmsg, type, len, satype, 0, getpid()); | 1394 p = pfkey_setsadbmsg((caddr_t)newmsg, ep, type, len, satype, 0, 1395 getpid()); 1396 if (!p || p != ep) { 1397 free(newmsg); 1398 return -1; 1399 } |
963 964 /* send message */ 965 len = pfkey_send(so, newmsg, len); 966 free(newmsg); 967 968 if (len < 0) 969 return -1; 970 971 __ipsec_errcode = EIPSEC_NO_ERROR; 972 return len; 973} 974 975/* sending SADB_X_SPDADD message to the kernel */ 976static int | 1400 1401 /* send message */ 1402 len = pfkey_send(so, newmsg, len); 1403 free(newmsg); 1404 1405 if (len < 0) 1406 return -1; 1407 1408 __ipsec_errcode = EIPSEC_NO_ERROR; 1409 return len; 1410} 1411 1412/* sending SADB_X_SPDADD message to the kernel */ 1413static int |
977pfkey_send_x4(so, type, src, prefs, dst, prefd, proto, policy, policylen, seq) | 1414pfkey_send_x4(so, type, src, prefs, dst, prefd, proto, 1415 ltime, vtime, policy, policylen, seq) |
978 int so; 979 struct sockaddr *src, *dst; 980 u_int type, prefs, prefd, proto; | 1416 int so; 1417 struct sockaddr *src, *dst; 1418 u_int type, prefs, prefd, proto; |
1419 u_int64_t ltime, vtime; |
|
981 char *policy; 982 int policylen; 983 u_int32_t seq; 984{ 985 struct sadb_msg *newmsg; 986 int len; 987 caddr_t p; 988 int plen; | 1420 char *policy; 1421 int policylen; 1422 u_int32_t seq; 1423{ 1424 struct sadb_msg *newmsg; 1425 int len; 1426 caddr_t p; 1427 int plen; |
1428 caddr_t ep; |
|
989 990 /* validity check */ 991 if (src == NULL || dst == NULL) { 992 __ipsec_errcode = EIPSEC_INVAL_ARGUMENT; 993 return -1; 994 } 995 if (src->sa_family != dst->sa_family) { 996 __ipsec_errcode = EIPSEC_FAMILY_MISMATCH; --- 17 unchanged lines hidden (view full) --- 1014 } 1015 1016 /* create new sadb_msg to reply. */ 1017 len = sizeof(struct sadb_msg) 1018 + sizeof(struct sadb_address) 1019 + PFKEY_ALIGN8(src->sa_len) 1020 + sizeof(struct sadb_address) 1021 + PFKEY_ALIGN8(src->sa_len) | 1429 1430 /* validity check */ 1431 if (src == NULL || dst == NULL) { 1432 __ipsec_errcode = EIPSEC_INVAL_ARGUMENT; 1433 return -1; 1434 } 1435 if (src->sa_family != dst->sa_family) { 1436 __ipsec_errcode = EIPSEC_FAMILY_MISMATCH; --- 17 unchanged lines hidden (view full) --- 1454 } 1455 1456 /* create new sadb_msg to reply. */ 1457 len = sizeof(struct sadb_msg) 1458 + sizeof(struct sadb_address) 1459 + PFKEY_ALIGN8(src->sa_len) 1460 + sizeof(struct sadb_address) 1461 + PFKEY_ALIGN8(src->sa_len) |
1462 + sizeof(struct sadb_lifetime) |
|
1022 + policylen; 1023 1024 if ((newmsg = CALLOC(len, struct sadb_msg *)) == NULL) { 1025 __ipsec_set_strerror(strerror(errno)); 1026 return -1; 1027 } | 1463 + policylen; 1464 1465 if ((newmsg = CALLOC(len, struct sadb_msg *)) == NULL) { 1466 __ipsec_set_strerror(strerror(errno)); 1467 return -1; 1468 } |
1469 ep = ((caddr_t)newmsg) + len; |
|
1028 | 1470 |
1029 p = pfkey_setsadbmsg((caddr_t)newmsg, type, len, 1030 SADB_SATYPE_UNSPEC, seq, getpid()); 1031 p = pfkey_setsadbaddr(p, 1032 SADB_EXT_ADDRESS_SRC, 1033 src, 1034 prefs, 1035 proto); 1036 p = pfkey_setsadbaddr(p, 1037 SADB_EXT_ADDRESS_DST, 1038 dst, 1039 prefd, 1040 proto); | 1471 p = pfkey_setsadbmsg((caddr_t)newmsg, ep, type, len, 1472 SADB_SATYPE_UNSPEC, seq, getpid()); 1473 if (!p) { 1474 free(newmsg); 1475 return -1; 1476 } 1477 p = pfkey_setsadbaddr(p, ep, SADB_EXT_ADDRESS_SRC, src, prefs, proto); 1478 if (!p) { 1479 free(newmsg); 1480 return -1; 1481 } 1482 p = pfkey_setsadbaddr(p, ep, SADB_EXT_ADDRESS_DST, dst, prefd, proto); 1483 if (!p) { 1484 free(newmsg); 1485 return -1; 1486 } 1487 p = pfkey_setsadblifetime(p, ep, SADB_EXT_LIFETIME_HARD, 1488 0, 0, ltime, vtime); 1489 if (!p || p + policylen != ep) { 1490 free(newmsg); 1491 return -1; 1492 } |
1041 memcpy(p, policy, policylen); 1042 1043 /* send message */ 1044 len = pfkey_send(so, newmsg, len); 1045 free(newmsg); 1046 1047 if (len < 0) 1048 return -1; --- 8 unchanged lines hidden (view full) --- 1057 int so; 1058 u_int type; 1059 u_int32_t spid; 1060{ 1061 struct sadb_msg *newmsg; 1062 struct sadb_x_policy xpl; 1063 int len; 1064 caddr_t p; | 1493 memcpy(p, policy, policylen); 1494 1495 /* send message */ 1496 len = pfkey_send(so, newmsg, len); 1497 free(newmsg); 1498 1499 if (len < 0) 1500 return -1; --- 8 unchanged lines hidden (view full) --- 1509 int so; 1510 u_int type; 1511 u_int32_t spid; 1512{ 1513 struct sadb_msg *newmsg; 1514 struct sadb_x_policy xpl; 1515 int len; 1516 caddr_t p; |
1517 caddr_t ep; |
|
1065 1066 /* create new sadb_msg to reply. */ 1067 len = sizeof(struct sadb_msg) 1068 + sizeof(xpl); 1069 1070 if ((newmsg = CALLOC(len, struct sadb_msg *)) == NULL) { 1071 __ipsec_set_strerror(strerror(errno)); 1072 return -1; 1073 } | 1518 1519 /* create new sadb_msg to reply. */ 1520 len = sizeof(struct sadb_msg) 1521 + sizeof(xpl); 1522 1523 if ((newmsg = CALLOC(len, struct sadb_msg *)) == NULL) { 1524 __ipsec_set_strerror(strerror(errno)); 1525 return -1; 1526 } |
1527 ep = ((caddr_t)newmsg) + len; |
|
1074 | 1528 |
1075 p = pfkey_setsadbmsg((caddr_t)newmsg, type, len, 1076 SADB_SATYPE_UNSPEC, 0, getpid()); | 1529 p = pfkey_setsadbmsg((caddr_t)newmsg, ep, type, len, 1530 SADB_SATYPE_UNSPEC, 0, getpid()); 1531 if (!p) { 1532 free(newmsg); 1533 return -1; 1534 } |
1077 | 1535 |
1536 if (p + sizeof(xpl) != ep) { 1537 free(newmsg); 1538 return -1; 1539 } |
|
1078 memset(&xpl, 0, sizeof(xpl)); 1079 xpl.sadb_x_policy_len = PFKEY_UNUNIT64(sizeof(xpl)); 1080 xpl.sadb_x_policy_exttype = SADB_X_EXT_POLICY; 1081 xpl.sadb_x_policy_id = spid; | 1540 memset(&xpl, 0, sizeof(xpl)); 1541 xpl.sadb_x_policy_len = PFKEY_UNUNIT64(sizeof(xpl)); 1542 xpl.sadb_x_policy_exttype = SADB_X_EXT_POLICY; 1543 xpl.sadb_x_policy_id = spid; |
1082 | |
1083 memcpy(p, &xpl, sizeof(xpl)); 1084 1085 /* send message */ 1086 len = pfkey_send(so, newmsg, len); 1087 free(newmsg); 1088 1089 if (len < 0) 1090 return -1; --- 47 unchanged lines hidden (view full) --- 1138} 1139 1140/* 1141 * receive sadb_msg data, and return pointer to new buffer allocated. 1142 * Must free this buffer later. 1143 * OUT: 1144 * NULL : error occured. 1145 * others : a pointer to sadb_msg structure. | 1544 memcpy(p, &xpl, sizeof(xpl)); 1545 1546 /* send message */ 1547 len = pfkey_send(so, newmsg, len); 1548 free(newmsg); 1549 1550 if (len < 0) 1551 return -1; --- 47 unchanged lines hidden (view full) --- 1599} 1600 1601/* 1602 * receive sadb_msg data, and return pointer to new buffer allocated. 1603 * Must free this buffer later. 1604 * OUT: 1605 * NULL : error occured. 1606 * others : a pointer to sadb_msg structure. |
1607 * 1608 * XXX should be rewritten to pass length explicitly |
|
1146 */ 1147struct sadb_msg * 1148pfkey_recv(so) 1149 int so; 1150{ 1151 struct sadb_msg buf, *newmsg; 1152 int len, reallen; 1153 1154 while ((len = recv(so, (caddr_t)&buf, sizeof(buf), MSG_PEEK)) < 0) { | 1609 */ 1610struct sadb_msg * 1611pfkey_recv(so) 1612 int so; 1613{ 1614 struct sadb_msg buf, *newmsg; 1615 int len, reallen; 1616 1617 while ((len = recv(so, (caddr_t)&buf, sizeof(buf), MSG_PEEK)) < 0) { |
1155 if (errno == EINTR) continue; | 1618 if (errno == EINTR) 1619 continue; |
1156 __ipsec_set_strerror(strerror(errno)); 1157 return NULL; 1158 } 1159 1160 if (len < sizeof(buf)) { 1161 recv(so, (caddr_t)&buf, sizeof(buf), 0); 1162 __ipsec_errcode = EIPSEC_MAX; 1163 return NULL; 1164 } 1165 1166 /* read real message */ 1167 reallen = PFKEY_UNUNIT64(buf.sadb_msg_len); 1168 if ((newmsg = CALLOC(reallen, struct sadb_msg *)) == 0) { 1169 __ipsec_set_strerror(strerror(errno)); 1170 return NULL; 1171 } 1172 1173 while ((len = recv(so, (caddr_t)newmsg, reallen, 0)) < 0) { | 1620 __ipsec_set_strerror(strerror(errno)); 1621 return NULL; 1622 } 1623 1624 if (len < sizeof(buf)) { 1625 recv(so, (caddr_t)&buf, sizeof(buf), 0); 1626 __ipsec_errcode = EIPSEC_MAX; 1627 return NULL; 1628 } 1629 1630 /* read real message */ 1631 reallen = PFKEY_UNUNIT64(buf.sadb_msg_len); 1632 if ((newmsg = CALLOC(reallen, struct sadb_msg *)) == 0) { 1633 __ipsec_set_strerror(strerror(errno)); 1634 return NULL; 1635 } 1636 1637 while ((len = recv(so, (caddr_t)newmsg, reallen, 0)) < 0) { |
1174 if (errno == EINTR) continue; | 1638 if (errno == EINTR) 1639 continue; |
1175 __ipsec_set_strerror(strerror(errno)); 1176 free(newmsg); 1177 return NULL; 1178 } 1179 1180 if (len != reallen) { 1181 __ipsec_errcode = EIPSEC_SYSTEM_ERROR; 1182 free(newmsg); 1183 return NULL; 1184 } 1185 | 1640 __ipsec_set_strerror(strerror(errno)); 1641 free(newmsg); 1642 return NULL; 1643 } 1644 1645 if (len != reallen) { 1646 __ipsec_errcode = EIPSEC_SYSTEM_ERROR; 1647 free(newmsg); 1648 return NULL; 1649 } 1650 |
1651 /* don't trust what the kernel says, validate! */ 1652 if (PFKEY_UNUNIT64(newmsg->sadb_msg_len) != len) { 1653 __ipsec_errcode = EIPSEC_SYSTEM_ERROR; 1654 free(newmsg); 1655 return NULL; 1656 } 1657 |
|
1186 __ipsec_errcode = EIPSEC_NO_ERROR; 1187 return newmsg; 1188} 1189 1190/* 1191 * send message to a socket. 1192 * OUT: 1193 * others: success and return length sent. --- 20 unchanged lines hidden (view full) --- 1214 */ 1215/* 1216 * set the pointer to each header in this message buffer. 1217 * IN: msg: pointer to message buffer. 1218 * mhp: pointer to the buffer initialized like below: 1219 * caddr_t mhp[SADB_EXT_MAX + 1]; 1220 * OUT: -1: invalid. 1221 * 0: valid. | 1658 __ipsec_errcode = EIPSEC_NO_ERROR; 1659 return newmsg; 1660} 1661 1662/* 1663 * send message to a socket. 1664 * OUT: 1665 * others: success and return length sent. --- 20 unchanged lines hidden (view full) --- 1686 */ 1687/* 1688 * set the pointer to each header in this message buffer. 1689 * IN: msg: pointer to message buffer. 1690 * mhp: pointer to the buffer initialized like below: 1691 * caddr_t mhp[SADB_EXT_MAX + 1]; 1692 * OUT: -1: invalid. 1693 * 0: valid. |
1694 * 1695 * XXX should be rewritten to obtain length explicitly |
|
1222 */ 1223int 1224pfkey_align(msg, mhp) 1225 struct sadb_msg *msg; 1226 caddr_t *mhp; 1227{ 1228 struct sadb_ext *ext; | 1696 */ 1697int 1698pfkey_align(msg, mhp) 1699 struct sadb_msg *msg; 1700 caddr_t *mhp; 1701{ 1702 struct sadb_ext *ext; |
1229 int tlen, extlen; | |
1230 int i; | 1703 int i; |
1704 caddr_t p; 1705 caddr_t ep; /* XXX should be passed from upper layer */ |
|
1231 1232 /* validity check */ 1233 if (msg == NULL || mhp == NULL) { 1234 __ipsec_errcode = EIPSEC_INVAL_ARGUMENT; 1235 return -1; 1236 } 1237 1238 /* initialize */ 1239 for (i = 0; i < SADB_EXT_MAX + 1; i++) 1240 mhp[i] = NULL; 1241 1242 mhp[0] = (caddr_t)msg; 1243 | 1706 1707 /* validity check */ 1708 if (msg == NULL || mhp == NULL) { 1709 __ipsec_errcode = EIPSEC_INVAL_ARGUMENT; 1710 return -1; 1711 } 1712 1713 /* initialize */ 1714 for (i = 0; i < SADB_EXT_MAX + 1; i++) 1715 mhp[i] = NULL; 1716 1717 mhp[0] = (caddr_t)msg; 1718 |
1244 tlen = PFKEY_UNUNIT64(msg->sadb_msg_len) - sizeof(struct sadb_msg); 1245 ext = (struct sadb_ext *)((caddr_t)msg + sizeof(struct sadb_msg)); | 1719 /* initialize */ 1720 p = (caddr_t) msg; 1721 ep = p + PFKEY_UNUNIT64(msg->sadb_msg_len); |
1246 | 1722 |
1247 while (tlen > 0) { | 1723 /* skip base header */ 1724 p += sizeof(struct sadb_msg); 1725 1726 while (p < ep) { 1727 ext = (struct sadb_ext *)p; 1728 if (ep < p + sizeof(*ext) || PFKEY_EXTLEN(ext) < sizeof(*ext) || 1729 ep < p + PFKEY_EXTLEN(ext)) { 1730 /* invalid format */ 1731 break; 1732 } 1733 |
1248 /* duplicate check */ 1249 /* XXX Are there duplication either KEY_AUTH or KEY_ENCRYPT ?*/ 1250 if (mhp[ext->sadb_ext_type] != NULL) { 1251 __ipsec_errcode = EIPSEC_INVAL_EXTTYPE; 1252 return -1; 1253 } 1254 1255 /* set pointer */ --- 20 unchanged lines hidden (view full) --- 1276 case SADB_X_EXT_SA2: 1277 mhp[ext->sadb_ext_type] = (caddr_t)ext; 1278 break; 1279 default: 1280 __ipsec_errcode = EIPSEC_INVAL_EXTTYPE; 1281 return -1; 1282 } 1283 | 1734 /* duplicate check */ 1735 /* XXX Are there duplication either KEY_AUTH or KEY_ENCRYPT ?*/ 1736 if (mhp[ext->sadb_ext_type] != NULL) { 1737 __ipsec_errcode = EIPSEC_INVAL_EXTTYPE; 1738 return -1; 1739 } 1740 1741 /* set pointer */ --- 20 unchanged lines hidden (view full) --- 1762 case SADB_X_EXT_SA2: 1763 mhp[ext->sadb_ext_type] = (caddr_t)ext; 1764 break; 1765 default: 1766 __ipsec_errcode = EIPSEC_INVAL_EXTTYPE; 1767 return -1; 1768 } 1769 |
1284 extlen = PFKEY_EXTLEN(ext); 1285 tlen -= extlen; 1286 ext = (struct sadb_ext *)((caddr_t)ext + extlen); | 1770 p += PFKEY_EXTLEN(ext); |
1287 } 1288 | 1771 } 1772 |
1773 if (p != ep) { 1774 __ipsec_errcode = EIPSEC_INVAL_SADBMSG; 1775 return -1; 1776 } 1777 |
|
1289 __ipsec_errcode = EIPSEC_NO_ERROR; 1290 return 0; 1291} 1292 1293/* 1294 * check basic usage for sadb_msg, 1295 * NOTE: This routine is derived from netkey/key.c in KAME. 1296 * IN: msg: pointer to message buffer. --- 111 unchanged lines hidden (view full) --- 1408 return 0; 1409} 1410 1411/* 1412 * set data into sadb_msg. 1413 * `buf' must has been allocated sufficiently. 1414 */ 1415static caddr_t | 1778 __ipsec_errcode = EIPSEC_NO_ERROR; 1779 return 0; 1780} 1781 1782/* 1783 * check basic usage for sadb_msg, 1784 * NOTE: This routine is derived from netkey/key.c in KAME. 1785 * IN: msg: pointer to message buffer. --- 111 unchanged lines hidden (view full) --- 1897 return 0; 1898} 1899 1900/* 1901 * set data into sadb_msg. 1902 * `buf' must has been allocated sufficiently. 1903 */ 1904static caddr_t |
1416pfkey_setsadbmsg(buf, type, tlen, satype, seq, pid) | 1905pfkey_setsadbmsg(buf, lim, type, tlen, satype, seq, pid) |
1417 caddr_t buf; | 1906 caddr_t buf; |
1907 caddr_t lim; |
|
1418 u_int type, satype; 1419 u_int tlen; 1420 u_int32_t seq; 1421 pid_t pid; 1422{ 1423 struct sadb_msg *p; 1424 u_int len; 1425 1426 p = (struct sadb_msg *)buf; 1427 len = sizeof(struct sadb_msg); 1428 | 1908 u_int type, satype; 1909 u_int tlen; 1910 u_int32_t seq; 1911 pid_t pid; 1912{ 1913 struct sadb_msg *p; 1914 u_int len; 1915 1916 p = (struct sadb_msg *)buf; 1917 len = sizeof(struct sadb_msg); 1918 |
1919 if (buf + len > lim) 1920 return NULL; 1921 |
|
1429 memset(p, 0, len); 1430 p->sadb_msg_version = PF_KEY_V2; 1431 p->sadb_msg_type = type; 1432 p->sadb_msg_errno = 0; 1433 p->sadb_msg_satype = satype; 1434 p->sadb_msg_len = PFKEY_UNIT64(tlen); 1435 p->sadb_msg_reserved = 0; 1436 p->sadb_msg_seq = seq; 1437 p->sadb_msg_pid = (u_int32_t)pid; 1438 1439 return(buf + len); 1440} 1441 1442/* 1443 * copy secasvar data into sadb_address. 1444 * `buf' must has been allocated sufficiently. 1445 */ 1446static caddr_t | 1922 memset(p, 0, len); 1923 p->sadb_msg_version = PF_KEY_V2; 1924 p->sadb_msg_type = type; 1925 p->sadb_msg_errno = 0; 1926 p->sadb_msg_satype = satype; 1927 p->sadb_msg_len = PFKEY_UNIT64(tlen); 1928 p->sadb_msg_reserved = 0; 1929 p->sadb_msg_seq = seq; 1930 p->sadb_msg_pid = (u_int32_t)pid; 1931 1932 return(buf + len); 1933} 1934 1935/* 1936 * copy secasvar data into sadb_address. 1937 * `buf' must has been allocated sufficiently. 1938 */ 1939static caddr_t |
1447pfkey_setsadbsa(buf, spi, wsize, auth, enc, flags) | 1940pfkey_setsadbsa(buf, lim, spi, wsize, auth, enc, flags) |
1448 caddr_t buf; | 1941 caddr_t buf; |
1942 caddr_t lim; |
|
1449 u_int32_t spi, flags; 1450 u_int wsize, auth, enc; 1451{ 1452 struct sadb_sa *p; 1453 u_int len; 1454 1455 p = (struct sadb_sa *)buf; 1456 len = sizeof(struct sadb_sa); 1457 | 1943 u_int32_t spi, flags; 1944 u_int wsize, auth, enc; 1945{ 1946 struct sadb_sa *p; 1947 u_int len; 1948 1949 p = (struct sadb_sa *)buf; 1950 len = sizeof(struct sadb_sa); 1951 |
1952 if (buf + len > lim) 1953 return NULL; 1954 |
|
1458 memset(p, 0, len); 1459 p->sadb_sa_len = PFKEY_UNIT64(len); 1460 p->sadb_sa_exttype = SADB_EXT_SA; 1461 p->sadb_sa_spi = spi; 1462 p->sadb_sa_replay = wsize; 1463 p->sadb_sa_state = SADB_SASTATE_LARVAL; 1464 p->sadb_sa_auth = auth; 1465 p->sadb_sa_encrypt = enc; 1466 p->sadb_sa_flags = flags; 1467 1468 return(buf + len); 1469} 1470 1471/* 1472 * set data into sadb_address. 1473 * `buf' must has been allocated sufficiently. 1474 * prefixlen is in bits. 1475 */ 1476static caddr_t | 1955 memset(p, 0, len); 1956 p->sadb_sa_len = PFKEY_UNIT64(len); 1957 p->sadb_sa_exttype = SADB_EXT_SA; 1958 p->sadb_sa_spi = spi; 1959 p->sadb_sa_replay = wsize; 1960 p->sadb_sa_state = SADB_SASTATE_LARVAL; 1961 p->sadb_sa_auth = auth; 1962 p->sadb_sa_encrypt = enc; 1963 p->sadb_sa_flags = flags; 1964 1965 return(buf + len); 1966} 1967 1968/* 1969 * set data into sadb_address. 1970 * `buf' must has been allocated sufficiently. 1971 * prefixlen is in bits. 1972 */ 1973static caddr_t |
1477pfkey_setsadbaddr(buf, exttype, saddr, prefixlen, ul_proto) | 1974pfkey_setsadbaddr(buf, lim, exttype, saddr, prefixlen, ul_proto) |
1478 caddr_t buf; | 1975 caddr_t buf; |
1976 caddr_t lim; |
|
1479 u_int exttype; 1480 struct sockaddr *saddr; 1481 u_int prefixlen; 1482 u_int ul_proto; 1483{ 1484 struct sadb_address *p; 1485 u_int len; 1486 1487 p = (struct sadb_address *)buf; 1488 len = sizeof(struct sadb_address) + PFKEY_ALIGN8(saddr->sa_len); 1489 | 1977 u_int exttype; 1978 struct sockaddr *saddr; 1979 u_int prefixlen; 1980 u_int ul_proto; 1981{ 1982 struct sadb_address *p; 1983 u_int len; 1984 1985 p = (struct sadb_address *)buf; 1986 len = sizeof(struct sadb_address) + PFKEY_ALIGN8(saddr->sa_len); 1987 |
1988 if (buf + len > lim) 1989 return NULL; 1990 |
|
1490 memset(p, 0, len); 1491 p->sadb_address_len = PFKEY_UNIT64(len); 1492 p->sadb_address_exttype = exttype & 0xffff; 1493 p->sadb_address_proto = ul_proto & 0xff; 1494 p->sadb_address_prefixlen = prefixlen; 1495 p->sadb_address_reserved = 0; 1496 1497 memcpy(p + 1, saddr, saddr->sa_len); 1498 1499 return(buf + len); 1500} 1501 1502/* 1503 * set sadb_key structure after clearing buffer with zero. 1504 * OUT: the pointer of buf + len. 1505 */ 1506static caddr_t | 1991 memset(p, 0, len); 1992 p->sadb_address_len = PFKEY_UNIT64(len); 1993 p->sadb_address_exttype = exttype & 0xffff; 1994 p->sadb_address_proto = ul_proto & 0xff; 1995 p->sadb_address_prefixlen = prefixlen; 1996 p->sadb_address_reserved = 0; 1997 1998 memcpy(p + 1, saddr, saddr->sa_len); 1999 2000 return(buf + len); 2001} 2002 2003/* 2004 * set sadb_key structure after clearing buffer with zero. 2005 * OUT: the pointer of buf + len. 2006 */ 2007static caddr_t |
1507pfkey_setsadbkey(buf, type, key, keylen) 1508 caddr_t buf, key; | 2008pfkey_setsadbkey(buf, lim, type, key, keylen) 2009 caddr_t buf; 2010 caddr_t lim; 2011 caddr_t key; |
1509 u_int type, keylen; 1510{ 1511 struct sadb_key *p; 1512 u_int len; 1513 1514 p = (struct sadb_key *)buf; 1515 len = sizeof(struct sadb_key) + PFKEY_ALIGN8(keylen); 1516 | 2012 u_int type, keylen; 2013{ 2014 struct sadb_key *p; 2015 u_int len; 2016 2017 p = (struct sadb_key *)buf; 2018 len = sizeof(struct sadb_key) + PFKEY_ALIGN8(keylen); 2019 |
2020 if (buf + len > lim) 2021 return NULL; 2022 |
|
1517 memset(p, 0, len); 1518 p->sadb_key_len = PFKEY_UNIT64(len); 1519 p->sadb_key_exttype = type; 1520 p->sadb_key_bits = keylen << 3; 1521 p->sadb_key_reserved = 0; 1522 1523 memcpy(p + 1, key, keylen); 1524 1525 return buf + len; 1526} 1527 1528/* 1529 * set sadb_lifetime structure after clearing buffer with zero. 1530 * OUT: the pointer of buf + len. 1531 */ 1532static caddr_t | 2023 memset(p, 0, len); 2024 p->sadb_key_len = PFKEY_UNIT64(len); 2025 p->sadb_key_exttype = type; 2026 p->sadb_key_bits = keylen << 3; 2027 p->sadb_key_reserved = 0; 2028 2029 memcpy(p + 1, key, keylen); 2030 2031 return buf + len; 2032} 2033 2034/* 2035 * set sadb_lifetime structure after clearing buffer with zero. 2036 * OUT: the pointer of buf + len. 2037 */ 2038static caddr_t |
1533pfkey_setsadblifetime(buf, type, l_alloc, l_bytes, l_addtime, l_usetime) | 2039pfkey_setsadblifetime(buf, lim, type, l_alloc, l_bytes, l_addtime, l_usetime) |
1534 caddr_t buf; | 2040 caddr_t buf; |
2041 caddr_t lim; |
|
1535 u_int type; 1536 u_int32_t l_alloc, l_bytes, l_addtime, l_usetime; 1537{ 1538 struct sadb_lifetime *p; 1539 u_int len; 1540 1541 p = (struct sadb_lifetime *)buf; 1542 len = sizeof(struct sadb_lifetime); 1543 | 2042 u_int type; 2043 u_int32_t l_alloc, l_bytes, l_addtime, l_usetime; 2044{ 2045 struct sadb_lifetime *p; 2046 u_int len; 2047 2048 p = (struct sadb_lifetime *)buf; 2049 len = sizeof(struct sadb_lifetime); 2050 |
2051 if (buf + len > lim) 2052 return NULL; 2053 |
|
1544 memset(p, 0, len); 1545 p->sadb_lifetime_len = PFKEY_UNIT64(len); 1546 p->sadb_lifetime_exttype = type; 1547 1548 switch (type) { 1549 case SADB_EXT_LIFETIME_SOFT: 1550 p->sadb_lifetime_allocations 1551 = (l_alloc * soft_lifetime_allocations_rate) /100; --- 15 unchanged lines hidden (view full) --- 1567 return buf + len; 1568} 1569 1570/* 1571 * copy secasvar data into sadb_address. 1572 * `buf' must has been allocated sufficiently. 1573 */ 1574static caddr_t | 2054 memset(p, 0, len); 2055 p->sadb_lifetime_len = PFKEY_UNIT64(len); 2056 p->sadb_lifetime_exttype = type; 2057 2058 switch (type) { 2059 case SADB_EXT_LIFETIME_SOFT: 2060 p->sadb_lifetime_allocations 2061 = (l_alloc * soft_lifetime_allocations_rate) /100; --- 15 unchanged lines hidden (view full) --- 2077 return buf + len; 2078} 2079 2080/* 2081 * copy secasvar data into sadb_address. 2082 * `buf' must has been allocated sufficiently. 2083 */ 2084static caddr_t |
1575pfkey_setsadbxsa2(buf, mode0, reqid) | 2085pfkey_setsadbxsa2(buf, lim, mode0, reqid) |
1576 caddr_t buf; | 2086 caddr_t buf; |
2087 caddr_t lim; |
|
1577 u_int32_t mode0; 1578 u_int32_t reqid; 1579{ 1580 struct sadb_x_sa2 *p; 1581 u_int8_t mode = mode0 & 0xff; 1582 u_int len; 1583 1584 p = (struct sadb_x_sa2 *)buf; 1585 len = sizeof(struct sadb_x_sa2); 1586 | 2088 u_int32_t mode0; 2089 u_int32_t reqid; 2090{ 2091 struct sadb_x_sa2 *p; 2092 u_int8_t mode = mode0 & 0xff; 2093 u_int len; 2094 2095 p = (struct sadb_x_sa2 *)buf; 2096 len = sizeof(struct sadb_x_sa2); 2097 |
2098 if (buf + len > lim) 2099 return NULL; 2100 |
|
1587 memset(p, 0, len); 1588 p->sadb_x_sa2_len = PFKEY_UNIT64(len); 1589 p->sadb_x_sa2_exttype = SADB_X_EXT_SA2; 1590 p->sadb_x_sa2_mode = mode; 1591 p->sadb_x_sa2_reqid = reqid; 1592 1593 return(buf + len); 1594} | 2101 memset(p, 0, len); 2102 p->sadb_x_sa2_len = PFKEY_UNIT64(len); 2103 p->sadb_x_sa2_exttype = SADB_X_EXT_SA2; 2104 p->sadb_x_sa2_mode = mode; 2105 p->sadb_x_sa2_reqid = reqid; 2106 2107 return(buf + len); 2108} |
1595 | |