1 /*	$NetBSD: isakmp.c,v 1.20.6.7 2007/08/01 11:52:20 vanhu Exp $	*/
3 /* Id: isakmp.c,v 1.74 2006/05/07 21:32:59 manubsd Exp */
91 #include "isakmp.h"
149  * isakmp packet handler
154 	struct isakmp isakmp;
157 		char		buf[sizeof (isakmp) + 4];
161 				     sizeof(isakmp) + 4];
175 			 "ignoring isakmp port until power-mgmt event is handled.\n");
185 			"failed to receive isakmp packet: %s\n",
210 	memcpy ((char *)&isakmp, x.buf + extralen, sizeof (isakmp));
212 	/* check isakmp header length, as well as sanity of header length */
213 	if (len < sizeof(isakmp) || ntohl(isakmp.len) < sizeof(isakmp)) {
215 			"packet shorter than isakmp header size (size: %zu, minimum expected: %zu)\n", len, sizeof(isakmp));
217 		if ((len = recvfrom(so_isakmp, (char *)&isakmp, sizeof(isakmp),
220 				"failed to receive isakmp packet: %s\n",
227 	if (ntohl(isakmp.len) > 0xffff) {
229 			"the length in the isakmp header is too big.\n");
230 		if ((len = recvfrom(so_isakmp, (char *)&isakmp, sizeof(isakmp),
233 				"failed to receive isakmp packet: %s\n",
240 	if ((tmpbuf = vmalloc(ntohl(isakmp.len) + extralen)) == NULL) {
243 			ntohl(isakmp.len) + extralen);
245 		if ((len = recvfrom(so_isakmp, (char *)&isakmp, sizeof(isakmp),
248 				"failed to receive isakmp packet: %s\n", 
260 			"failed to receive isakmp packet: %s\n",
317 	/* XXX: I don't know how to check isakmp half connection attack. */
332 	/* isakmp main routine */
345  * main processing to handle isakmp payload
350 	struct isakmp *isakmp = (struct isakmp *)msg->v;
351     u_int8_t isakmp_version = isakmp->v;
358 	if (memcmp(&isakmp->i_ck, r_ck0, sizeof(cookie_t)) == 0) {
378 		if (ISAKMP_GETMINORV(isakmp->v) < ISAKMP_MINOR_VERSION) {   //%%%%%%%%%%%%%%% ??????
381 				ISAKMP_GETMINORV(isakmp->v));
390 		if (isakmp->flags & ~(ISAKMP_FLAG_E | ISAKMP_FLAG_C | ISAKMP_FLAG_A)) { //%%%%%%%%%%%% any other flags for IKEv2 ?????
391 			plog(ASL_LEVEL_ERR, "invalid flag 0x%02x.\n", isakmp->flags);
396 		if (ISSET(isakmp->flags, ISAKMP_FLAG_C)) {
397 			if (isakmp->msgid == 0) {                   //%%%%% does this apply to V2
398 				isakmp_info_send_nx(isakmp, remote, local,
420     struct isakmp *isakmp = (struct isakmp *)msg->v;
421     isakmp_index *index = (isakmp_index *)isakmp;
435 		if (memcmp(&isakmp->r_ck, r_ck0, sizeof(cookie_t)) == 0 &&
523 	switch (isakmp->etype) {
529                 if (isakmp->msgid != 0) {
534                 /* search for isakmp status record of phase 1 */
545                         if (memcmp(&isakmp->r_ck, r_ck0,
554                         ikev1_ph1begin_r(session, msg, remote, local, isakmp->etype);
563                 if (iph1->etype != isakmp->etype) {
572                          s_isakmp_etype(isakmp->etype));
576                 if (isakmp->np == ISAKMP_NPTYPE_FRAG) {
607                 if (isakmp->np == ISAKMP_NPTYPE_FRAG)
617                 u_int32_t msgid = isakmp->msgid;
621                     isakmp_info_send_nx(isakmp, remote, local,
624                          "there is no ISAKMP-SA, %s\n", isakmp_pindex((isakmp_index *)&isakmp->i_ck,
625                                                                       isakmp->msgid));
635                 if (isakmp->np == ISAKMP_NPTYPE_FRAG) {
651                 /* search isakmp phase 2 stauts record. */
666                 if (ISSET(isakmp->flags, ISAKMP_FLAG_C))
669                 if (ISSET(isakmp->flags, ISAKMP_FLAG_E) &&
689                          isakmp->etype, saddr2str((struct sockaddr *)remote));
696                          isakmp->etype, saddr2str((struct sockaddr *)remote),
700                 if (isakmp->np == ISAKMP_NPTYPE_FRAG)
712                  isakmp->etype, saddr2str((struct sockaddr *)remote));
736 	/* get new entry to isakmp status table. */
843     struct isakmp *isakmp = (struct isakmp *)msg->v;
868 	/* get new entry to isakmp status table. */
873 	memcpy(&iph1->index.i_ck, &isakmp->i_ck, sizeof(iph1->index.i_ck));
880 	iph1->version = isakmp->v;
1000 	struct isakmp *isakmp = (struct isakmp *)msg->v;
1024 	iph2->flags = isakmp->flags;
1025 	iph2->msgid = isakmp->msgid;
1338 	struct isakmp *isakmp = (struct isakmp *)buf->v;
1344 	np = isakmp->np;
1345 	gen = (struct isakmp_gen *)(buf->v + sizeof(*isakmp));
1346 	tlen = buf->l - sizeof(struct isakmp);
1590             plog(ASL_LEVEL_ERR, "could not create isakmp socket source.");
1605 			"%s used as isakmp port (fd=%d)\n",
2505 		/* found isakmp-sa */
2543 	/* no isakmp-sa found */
2792  * set values into allocated buffer of isakmp header for phase 1
2803 	struct isakmp *isakmp;
2805 	if (vbuf->l < sizeof(*isakmp))
2808 	isakmp = (struct isakmp *)vbuf->v;
2810 	memcpy(&isakmp->i_ck, &iph1->index.i_ck, sizeof(cookie_t));
2811 	memcpy(&isakmp->r_ck, &iph1->index.r_ck, sizeof(cookie_t));
2812 	isakmp->np = nptype;
2813 	isakmp->v = iph1->version;
2814 	isakmp->etype = etype;
2815 	isakmp->flags = flags;
2816 	isakmp->msgid = msgid;
2817 	isakmp->len = htonl(vbuf->l);
2819 	return vbuf->v + sizeof(*isakmp);
2823  * set values into allocated buffer of isakmp header for phase 1
2835  * set values into allocated buffer of isakmp header for phase 2
2847  * set values into allocated buffer of isakmp payload.
2873 /* for print-isakmp.c */
2956 	struct isakmp *isakmp;
2999 		isakmp = (struct isakmp *)buf->v;
3000 		if (isakmp->flags & ISAKMP_FLAG_E) {
3007 			isakmp->flags &= ~ISAKMP_FLAG_E;
3167 	size_t tlen = sizeof (struct isakmp), n = 0;

Indexes created Thu Jun 27 20:29:42 MDT 2024