Print this page
Current snapshot of OpenSolaris port.
Checkpoint
Checkpoint
Merge from parent.
Merge with WIDE update.
Pull from WIDE.
Pull from WIDE.
Checkpoint
Re-update.
blah
WIDE update
Update from WIDE.
| Split |
Close |
| Expand all |
| Collapse all |
--- old/iked/ike_pfkey.c
+++ new/iked/ike_pfkey.c
1 1 /* $Id: ike_pfkey.c,v 1.79 2008/02/06 08:08:59 mk Exp $ */
2 2
3 3 /*
4 4 * Copyright (C) 2004 WIDE Project.
5 5 * All rights reserved.
6 6 *
7 7 * Redistribution and use in source and binary forms, with or without
8 8 * modification, are permitted provided that the following conditions
9 9 * are met:
10 10 * 1. Redistributions of source code must retain the above copyright
11 11 * notice, this list of conditions and the following disclaimer.
12 12 * 2. Redistributions in binary form must reproduce the above copyright
13 13 * notice, this list of conditions and the following disclaimer in the
14 14 * documentation and/or other materials provided with the distribution.
15 15 * 3. Neither the name of the project nor the names of its contributors
16 16 * may be used to endorse or promote products derived from this software
17 17 * without specific prior written permission.
18 18 *
19 19 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
20 20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 22 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
23 23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 29 * SUCH DAMAGE.
30 30 */
31 31
32 32 /*
33 33 * IKE-PFKEY interface bridge
34 34 */
35 35
36 36 #include <config.h>
37 37
38 38 #include <stdio.h>
39 39 #include <string.h>
40 40 #ifdef HAVE_INTTYPES_H
41 41 # include <inttypes.h>
42 42 #endif
43 43 #include <sys/types.h>
44 44 #if TIME_WITH_SYS_TIME
45 45 # include <sys/time.h>
46 46 # include <time.h>
47 47 #else
48 48 # if HAVE_SYS_TIME_H
49 49 # include <sys/time.h>
50 50 # else
51 51 # include <time.h>
52 52 # endif
53 53 #endif
54 54 #include <arpa/inet.h>
55 55
56 56 #include "racoon.h"
57 57 #include "ike_pfkey.h"
58 58 #include "isakmp_impl.h"
59 59 #include "ikev2_impl.h"
60 60 #include "debug.h"
61 61 #ifdef IKEV1
|
↓ open down ↓ |
61 lines elided |
↑ open up ↑ |
62 62 # include "oakley.h"
63 63 # include "ikev1_impl.h"
64 64 # include "ikev1/handler.h"
65 65 #endif
66 66
67 67 extern int debug_pfkey;
68 68 static void dump_param(char *, struct rcpfk_msg *);
69 69
70 70 static int sadb_getspi(struct rcpfk_msg *);
71 71 static int sadb_acquire_error(struct rcpfk_msg *);
72 +static int sadb_inverse_acquire(struct rcpfk_msg *);
72 73 static int sadb_update(struct rcpfk_msg *);
73 74 static int sadb_get(struct rcpfk_msg *);
74 75 static int sadb_add(struct rcpfk_msg *);
75 76 static int sadb_responder_error(struct rcpfk_msg *);
76 77 static int sadb_delete(struct rcpfk_msg *);
77 78
78 79 static int
79 80 null_proc()
80 81 {
81 82 return 0;
82 83 }
83 84
84 85 /* sadb_initiator_request_method used in response to SADB_ACQUIRE */
85 86 struct sadb_request_method sadb_initiator_request_method = {
86 87 sadb_getspi,
87 88 sadb_acquire_error,
88 89 sadb_update,
89 90 sadb_add,
90 91 sadb_delete,
91 92 sadb_get,
93 +#ifdef sun
94 + null_proc,
95 +#endif /* sun/OpenSolaris */
92 96 };
93 97
94 98 /* sadb_responder_request_method for use when receiving IKE_SA_INIT packet */
95 99 struct sadb_request_method sadb_responder_request_method = {
96 100 sadb_getspi,
97 101 sadb_responder_error,
98 102 sadb_update,
99 103 sadb_add,
100 104 sadb_delete,
101 105 sadb_get,
106 +#ifdef sun
107 + sadb_inverse_acquire,
108 +#endif /* sun/OpenSolaris */
102 109 };
103 110
104 111 /* sadb_rekey_request_method for use when rekeying soft-expired IPsec SA */
105 112 struct sadb_request_method sadb_rekey_request_method = {
106 113 sadb_getspi,
107 114 sadb_responder_error,
108 115 sadb_update,
109 116 sadb_add,
110 117 sadb_delete,
111 118 sadb_get,
112 119 };
113 120
114 121 /* sadb_null_method for informational exchange SA */
115 122 struct sadb_request_method sadb_null_method = {
116 123 null_proc, null_proc, null_proc, null_proc, null_proc, null_proc
124 +#ifdef sun
125 + , null_proc
126 +#endif /* sun/OpenSolaris */
117 127 };
118 128
119 129 /* sadb_force_initiate_method for use with isakmp_force_initiate() */
120 130 struct sadb_request_method sadb_force_initiate_method = {
121 131 sadb_getspi,
122 132 sadb_responder_error, /* to ignore error */
123 133 sadb_update,
124 134 sadb_add,
125 135 sadb_delete,
126 136 sadb_get,
137 +#ifdef sun
138 + null_proc,
139 +#endif /* sun/OpenSolaris */
127 140 };
128 141
129 142 static SADB_LIST_HEAD(sadb_request_list_head, sadb_request) sadb_request_list_head;
130 143
131 144 static int pfkey_socket;
132 -static uint32_t sadb_msg_seq;
145 +static uint32_t my_sadb_seqnum;
133 146
134 147 static int sadb_getspi_callback(struct rcpfk_msg *param);
135 148 static int sadb_update_callback(struct rcpfk_msg *param);
136 149 static int sadb_get_callback(struct rcpfk_msg *param);
137 150 static int sadb_expire_callback(struct rcpfk_msg *param);
138 151 static int sadb_acquire_callback(struct rcpfk_msg *param);
139 152 static int sadb_delete_callback(struct rcpfk_msg *param);
140 153 #ifdef SADB_X_MIGRATE
141 154 static int sadb_x_migrate_callback(struct rcpfk_msg *param);
142 155 #endif
143 156
144 157 static struct rcpfk_cb ike_rcpfk_callback = {
145 158 sadb_getspi_callback,
146 159 sadb_update_callback,
147 160 0, /* sadb_add_callback, */
148 161 sadb_expire_callback,
149 162 sadb_acquire_callback,
150 163 sadb_delete_callback,
151 164 sadb_get_callback,
152 165 0, /* sadb_spdupdate_callback, */
153 166 0, /* sadb_spdadd_callback, */
154 167 0, /* sadb_spddelete_callback, */
155 168 0, /* sadb_spddelete2_callback, */
156 169 0, /* sadb_spdexpire_callbcak, */
157 170 0, /* sadb_spdget_callback */
158 171 0, /* sadb_spddump_callback */
|
↓ open down ↓ |
16 lines elided |
↑ open up ↑ |
159 172 #ifdef SADB_X_MIGRATE
160 173 sadb_x_migrate_callback,
161 174 #endif
162 175 };
163 176
164 177 int
165 178 sadb_init(void)
166 179 {
167 180 struct rcpfk_msg param;
168 181
182 + (void) memset(¶m, 0, sizeof (param));
183 +
169 184 SADB_LIST_INIT(&sadb_request_list_head);
170 185 if (debug_pfkey)
171 186 return 0;
172 187
173 188 param.flags = 0;
174 189
175 190 if (rcpfk_init(¶m, &ike_rcpfk_callback) != 0)
176 191 return -1;
177 192 pfkey_socket = param.so;
178 193 TRACE((PLOGLOC, "pfkey_socket: %d\n", pfkey_socket));
179 194 return 0;
180 195 }
181 196
182 197 #ifdef DEBUG
183 198 void
184 199 sadb_list_dump(void)
185 200 {
186 201 struct sadb_request *req;
187 202
188 203 plog(PLOG_DEBUG, PLOGLOC, 0, "sadb request list:\n");
189 204 for (req = SADB_LIST_FIRST(&sadb_request_list_head);
190 205 !SADB_LIST_END(req);
191 206 req = SADB_LIST_NEXT(req)) {
192 207 plog(PLOG_DEBUG, PLOGLOC, 0,
193 208 "req %p method:%p seqno:%lx sa:%p\n",
194 209 req, req->method, (unsigned long)req->seqno,
195 210 req->sa);
196 211 }
197 212 plog(PLOG_DEBUG, PLOGLOC, 0, "end\n");
198 213 }
199 214 #endif
|
↓ open down ↓ |
21 lines elided |
↑ open up ↑ |
200 215
201 216 int
202 217 sadb_socket(void)
203 218 {
204 219 return pfkey_socket;
205 220 }
206 221
207 222 uint32_t
208 223 sadb_new_seq(void)
209 224 {
210 - return ++sadb_msg_seq;
225 + return ++my_sadb_seqnum;
211 226 }
212 227
213 228 static void
214 229 log_rcpfk_error(const char *msg, struct rcpfk_msg *param)
215 230 {
216 231 if (param->eno) {
217 232 isakmp_log(0, 0, 0, 0,
218 233 PLOG_INTERR, PLOGLOC,
219 234 "%s: %s\n", msg, param->estr);
220 235 } else {
221 236 isakmp_log(0, 0, 0, 0,
|
↓ open down ↓ |
1 lines elided |
↑ open up ↑ |
222 237 PLOG_INTERR, PLOGLOC,
223 238 "%s: unknown error\n", msg);
224 239 }
225 240 }
226 241
227 242 void
228 243 sadb_poll(void)
229 244 {
230 245 struct rcpfk_msg rcpfk_param;
231 246
247 + (void) memset(&rcpfk_param, 0, sizeof (rcpfk_param));
232 248 rcpfk_param.so = pfkey_socket;
233 249 rcpfk_param.flags = 0;
234 250 if (rcpfk_handler(&rcpfk_param) != 0) {
235 251 log_rcpfk_error("sadb_poll", &rcpfk_param);
236 252 }
237 253 }
238 254
239 255 void
240 256 sadb_request_initialize(struct sadb_request *req,
241 257 struct sadb_request_method *m,
242 258 struct sadb_response_method *r,
243 259 uint32_t seqno, void *sa)
244 260 {
245 261 req->method = m;
246 262 req->callback = r;
247 263 req->seqno = seqno;
248 264 req->sa = sa;
249 265 SADB_LIST_LINK(&sadb_request_list_head, req);
250 266 }
251 267
252 268 void
253 269 sadb_request_finish(struct sadb_request *req)
254 270 {
255 271 TRACE((PLOGLOC, "%p\n", req));
256 272 if (req->link.tqe_prev != 0) /* initialized? */
257 273 SADB_LIST_REMOVE(&sadb_request_list_head, req);
258 274 }
259 275
260 276 /*
261 277 * Send a SADB_GETSPI message
262 278 */
263 279 static int
264 280 sadb_getspi(struct rcpfk_msg *param)
265 281 {
266 282 int err;
267 283
268 284 TRACE((PLOGLOC, "sadb_getspi: seq=%d, satype=%d\n",
269 285 param->seq, param->satype));
270 286
271 287 param->so = pfkey_socket;
272 288 param->eno = 0;
273 289 param->flags = 0;
274 290 err = rcpfk_send_getspi(param);
275 291 if (err)
276 292 log_rcpfk_error("sadb_getspi", param);
277 293 return err;
278 294 }
279 295
280 296 /*
281 297 * send SADB_ACQUIRE with error to inform kernel of SA creation failure
282 298 */
283 299 static int
284 300 sadb_acquire_error(struct rcpfk_msg *param)
285 301 {
286 302 int err;
287 303
288 304 TRACE((PLOGLOC,
289 305 "sadb_acquire_error: seq=%d, satype=%d, errno=%d\n",
290 306 param->seq, param->satype, param->eno));
|
↓ open down ↓ |
49 lines elided |
↑ open up ↑ |
291 307
292 308 /* param: so, satype, seq, eno */
293 309 param->so = pfkey_socket;
294 310 param->flags = 0;
295 311 err = rcpfk_send_acquire(param);
296 312 if (err)
297 313 log_rcpfk_error("sadb_acquire_error", param);
298 314 return err;
299 315 }
300 316
317 +#ifdef sun
318 +static int
319 +sadb_inverse_acquire(struct rcpfk_msg *param)
320 +{
321 + int err;
322 +
323 + TRACE((PLOGLOC, "sadb_inverse_acquire: seq=%d\n", param->seq));
324 +
325 + /* param: so, satype, seq, eno */
326 + param->so = pfkey_socket;
327 + param->flags = 0;
328 + err = rcpfk_send_inverse_acquire(param);
329 + if (err)
330 + log_rcpfk_error("sadb_inverse_acquire", param);
331 + return (err);
332 +}
333 +#endif /* sun/OpenSolaris */
334 +
335 +#define sa2str_chk(sa) (((sa) == NULL) ? "<none>" : rcs_sa2str(sa))
336 +
301 337 static void
302 338 sadb_log_add(char *op, struct rcpfk_msg *param)
303 339 {
304 340 if (param->satype == RCT_SATYPE_ESP) {
305 341 INFO((PLOGLOC,
306 - "%s ul_proto=%d src=%s dst=%s satype=%s samode=%s spi=0x%08x authtype=%s enctype=%s lifetime soft time=%"
342 + "%s ul_proto=%d src=%s dst=%s "
343 +#ifdef sun
344 + "isrc=%s idst=%s nlc=%s nrm=%s"
345 +#endif
346 + "satype=%s samode=%s spi=0x%08x authtype=%s enctype=%s lifetime soft time=%"
307 347 PRIu64 " bytes=%" PRIu64 " hard time=%" PRIu64 " bytes=%" PRIu64 "\n",
308 348 op, param->ul_proto, rcs_sa2str(param->sa_src),
309 - rcs_sa2str(param->sa_dst), rct2str(param->satype),
349 + rcs_sa2str(param->sa_dst),
350 +#ifdef sun
351 + sa2str_chk(param->sa_isrc), sa2str_chk(param->sa_idst),
352 + sa2str_chk(param->sa_natlocal),
353 + sa2str_chk(param->sa_natremote),
354 +#endif
355 + rct2str(param->satype),
310 356 rct2str(param->samode), ntohl(param->spi),
311 357 rct2str(param->authtype), rct2str(param->enctype),
312 358 param->lft_soft_time, param->lft_soft_bytes,
313 359 param->lft_hard_time, param->lft_hard_bytes));
314 360 } else {
315 361 INFO((PLOGLOC,
316 - "%s ul_proto=%d src=%s dst=%s satype=%s samode=%s spi=0x%08x authtype=%s lifetime soft time=%"
362 + "%s ul_proto=%d src=%s dst=%s "
363 +#ifdef sun
364 + "isrc=%s idst=%s nlc=%s nrm=%s"
365 +#endif
366 + "satype=%s samode=%s spi=0x%08x authtype=%s lifetime soft time=%"
317 367 PRIu64 " bytes=%" PRIu64 " hard time=%" PRIu64 " bytes=%" PRIu64 "\n",
318 368 op, param->ul_proto, rcs_sa2str(param->sa_src),
319 - rcs_sa2str(param->sa_dst), rct2str(param->satype),
369 + rcs_sa2str(param->sa_dst),
370 +#ifdef sun
371 + sa2str_chk(param->sa_isrc), sa2str_chk(param->sa_idst),
372 + sa2str_chk(param->sa_natlocal),
373 + sa2str_chk(param->sa_natremote),
374 +#endif
375 + rct2str(param->satype),
320 376 rct2str(param->samode), ntohl(param->spi),
321 377 rct2str(param->authtype), param->lft_soft_time,
322 378 param->lft_soft_bytes, param->lft_hard_time,
323 379 param->lft_hard_bytes));
324 380 }
325 381 }
326 382
327 383 /* send SADB_UPDATE */
328 384 static int
329 385 sadb_update(struct rcpfk_msg *param)
330 386 {
331 387 int err;
332 388
333 389 sadb_log_add("SADB_UPDATE", param);
334 390 IF_TRACE(dump_param("sadb_update", param));
335 391
336 392 /* param:
337 393 * so, satype, seq, spi, wsize, authtype, [enctype,] saflags, samode, reqid,
338 394 * lft_hard_time, lft_hard_bytes, lft_soft_time, lft_soft_bytes,
339 395 * sa_src, pref_src, sa_dst, pref_dst, ul_proto,
340 396 * [enckey, enckeylen], authkey, authkeylen
341 397 */
342 398 param->so = pfkey_socket;
343 399 param->eno = 0;
344 400 err = rcpfk_send_update(param);
345 401 if (err)
346 402 log_rcpfk_error("sadb_update", param);
347 403 return err;
348 404 }
349 405
350 406 /* send SADB_ADD */
351 407 static int
352 408 sadb_add(struct rcpfk_msg *param)
353 409 {
354 410 int err;
355 411
356 412 sadb_log_add("SADB_ADD", param);
357 413 IF_TRACE(dump_param("sadb_add", param));
358 414
359 415 param->so = pfkey_socket;
360 416 param->eno = 0;
361 417 err = rcpfk_send_add(param);
362 418 if (err)
363 419 log_rcpfk_error("sadb_add", param);
364 420 return err;
365 421 }
366 422
367 423 /* send SADB_GET */
368 424 static int
369 425 sadb_get(struct rcpfk_msg *param)
370 426 {
371 427 int err;
372 428
373 429 IF_TRACE(dump_param("sadb_get", param));
374 430
375 431 param->so = pfkey_socket;
376 432 param->eno = 0;
377 433 err = rcpfk_send_get(param);
378 434 if (err)
379 435 log_rcpfk_error("sadb_get", param);
380 436 return err;
381 437 }
382 438
383 439 /*
384 440 * acquire_error for responder
385 441 */
386 442 static int
387 443 sadb_responder_error(struct rcpfk_msg *param)
388 444 {
389 445 /* just ignore since there's no corresponding SADB_ACQUIRE */
390 446 TRACE((PLOGLOC,
391 447 "sadb_responder_error: seq=%d, satype=%d, spi=0x%08x, errno=%d\n",
392 448 param->seq, param->satype, ntohl(param->spi), param->eno));
393 449 return 0;
394 450 }
395 451
396 452 /*
397 453 * send SADB_DELETE
398 454 */
399 455 static int
400 456 sadb_delete(struct rcpfk_msg *rc)
401 457 {
402 458 int err;
403 459
404 460 INFO((PLOGLOC,
405 461 "SADB_DELETE ul_proto=%d src=%s dst=%s satype=%s spi=0x%08x\n",
406 462 rc->ul_proto, rcs_sa2str(rc->sa_src), rcs_sa2str(rc->sa_dst),
407 463 rct2str(rc->satype), ntohl(rc->spi)));
408 464 TRACE((PLOGLOC,
409 465 "sadb_delete: sa_src=%s, sa_dst=%s, satype=%d (%s), spi=0x%08x\n",
410 466 rcs_sa2str(rc->sa_src), rcs_sa2str(rc->sa_dst), rc->satype,
411 467 rct2str(rc->satype), ntohl(rc->spi)));
412 468
413 469 /* param: so, satype, spi, sa_src, sa_dst, ul_proto */
414 470 /* XXX
415 471 * pref_dst,pref_src must be <= addrlen, eventhough the values aren't used
416 472 */
417 473 rc->so = pfkey_socket;
418 474 rc->eno = 0;
419 475 rc->seq = 0;
420 476 rc->pref_src = rc->pref_dst = 0; /* ??? */
421 477 rc->flags = 0;
422 478 err = rcpfk_send_delete(rc);
423 479 if (err)
424 480 log_rcpfk_error("sadb_delete", rc);
425 481 return err;
426 482 }
427 483
428 484 /*
429 485 * find sadb_request by seq
430 486 */
431 487 static struct sadb_request *
432 488 sadb_find_by_seq(uint32_t seq)
433 489 {
434 490 struct sadb_request *req;
435 491
436 492 for (req = SADB_LIST_FIRST(&sadb_request_list_head);
437 493 !SADB_LIST_END(req);
438 494 req = SADB_LIST_NEXT(req)) {
439 495 if (req->seqno == seq)
440 496 return req;
441 497 }
442 498 return 0;
443 499 }
444 500
445 501
446 502 /*
447 503 * receive SADB_GETSPI message from kernel
448 504 */
449 505 static int
450 506 sadb_getspi_callback(struct rcpfk_msg *param)
451 507 {
452 508 /* param: seq, satype, spi, sa_src, sa_dst */
453 509
454 510 struct sadb_request *req;
455 511
456 512 TRACE((PLOGLOC,
457 513 "sadb_getspi_callback: seq=%d, spi=0x%08x, satype=%d, sa_src=%s, sa_dst=%s\n",
458 514 param->seq, ntohl(param->spi), param->satype,
459 515 rcs_sa2str(param->sa_src), rcs_sa2str(param->sa_dst)));
460 516
461 517 /* find sadb_request by param->seq */
462 518 req = sadb_find_by_seq(param->seq);
463 519 if (!req) {
464 520
465 521 /* couldn't find corresponding SA */
466 522 isakmp_log(0, 0, 0, 0,
467 523 PLOG_INTWARN, PLOGLOC,
468 524 "received PF_KEY SADB_GETSPI message (seq %u) does not have corresponding request. (ignored)\n",
469 525 param->seq);
470 526 return -1;
471 527 }
472 528
473 529 (*req->callback->getspi_response)(req, param->sa_src,
474 530 param->sa_dst,
475 531 (unsigned int)param->satype,
476 532 ntohl(param->spi));
477 533 return 0;
478 534 }
479 535
480 536
481 537 /* called when other KMd issued SADB_UPDATE */
482 538 static int
483 539 sadb_update_callback(struct rcpfk_msg *param)
484 540 {
485 541 /* param: seq, satype, spi, sa_src, sa_dst, samode */
486 542 /* lifetime??? address(P)??? identity??? */
487 543
488 544 struct sadb_request *req;
489 545
490 546 TRACE((PLOGLOC,
491 547 "sadb_update_callback: seq=%d, spi=0x%08x, satype=%d, sa_src=%s,"
492 548 " sa_dst=%s, samode=%d\n",
493 549 param->seq, ntohl(param->spi), param->satype,
494 550 rcs_sa2str(param->sa_src), rcs_sa2str(param->sa_dst),
495 551 param->samode));
496 552
497 553 req = sadb_find_by_seq(param->seq);
498 554 if (!req) {
499 555
500 556 /* couldn't find corresponding SA */
501 557 isakmp_log(0, 0, 0, 0,
502 558 PLOG_INTWARN, PLOGLOC,
503 559 "received PF_KEY SADB_UPDATE message (seq %u) does not have corresponding request. (ignored)\n",
504 560 param->seq);
505 561 return -1;
506 562 }
507 563
508 564 req->callback->update_response(req,
509 565 param->sa_src, param->sa_dst,
510 566 (unsigned int)param->satype,
511 567 (unsigned int)param->samode,
512 568 ntohl(param->spi));
513 569 return 0;
514 570 }
515 571
516 572 /* called when other KMd issued SADB_GET */
517 573 static int
518 574 sadb_get_callback(struct rcpfk_msg *param)
519 575 {
520 576 /* param: seq, satype, spi, sa_src, sa_dst, samode */
521 577 /* lifetime address(P) identity */
522 578
523 579 struct sadb_request *req;
524 580
525 581 TRACE((PLOGLOC,
526 582 "sadb_get_callback: seq=%d, spi=0x%08x, satype=%d, sa_src=%s,"
527 583 " sa_dst=%s, samode=%d\n",
528 584 param->seq, ntohl(param->spi), param->satype,
529 585 rcs_sa2str(param->sa_src), rcs_sa2str(param->sa_dst),
530 586 param->samode));
531 587
532 588 req = sadb_find_by_seq(param->seq);
533 589 if (!req) {
534 590 /* couldn't find corresponding SA */
535 591 isakmp_log(0, 0, 0, 0,
536 592 PLOG_INTWARN, PLOGLOC,
537 593 "received PF_KEY SADB_GET message (seq %u) does not have corresponding request. (ignored)\n",
538 594 param->seq);
539 595 return -1;
540 596 }
541 597
542 598 req->callback->get_response(req,
543 599 param->sa_src,
544 600 param->sa_dst,
545 601 (unsigned int)param->satype,
546 602 ntohl(param->spi),
547 603 ¶m->lft_current_bytes);
548 604
549 605 return 0;
550 606 }
551 607
552 608
553 609 #if 0
554 610 /* not used */
555 611 /* called when other KMd issued SADB_UDPATE */
556 612 static int
557 613 sadb_add_callback(struct rcpfk_msg *param)
558 614 {
559 615 /* param: seq, satype, spi, sa_src, sa_dst, samode */
560 616 /* lifetime??? identity?? sensitivity?? */
561 617
562 618 return 0;
563 619 }
564 620 #endif
565 621
566 622 /*
567 623 * called when kernel SA expires
568 624 */
569 625 static int
570 626 sadb_expire_callback(struct rcpfk_msg *param)
571 627 {
572 628 /* param: seq, satype, spi, sa_src, sa_dst, samode, expired(hard?2:1) */
573 629 /* lifetime(C)??? */
574 630
575 631 struct sadb_request *req;
576 632
577 633 plog(PLOG_INFO, PLOGLOC, 0,
578 634 "received PFKEY_EXPIRE seq=%d sa_dst=%s spi=0x%08x satype=%s samode=%s expired=%d\n",
579 635 param->seq, rcs_sa2str(param->sa_dst), ntohl(param->spi),
580 636 rct2str(param->satype), rct2str(param->samode), param->expired);
581 637
582 638 /* #ifdef __linux__ ??? */
583 639 /* Linux/USAGI generates soft-expire regardless it was used or not */
584 640 TRACE((PLOGLOC, "allocated: %" PRIu64 "\n", param->lft_current_alloc));
585 641 if (param->expired == 1 && param->lft_current_alloc == 0) {
586 642 TRACE((PLOGLOC, "ignoring soft expire\n"));
587 643 return 0;
588 644 }
589 645 /* #endif */
590 646
591 647 /* start rekeying */
592 648 /* find sadb_request by spi, sa_dst */
593 649 for (req = SADB_LIST_FIRST(&sadb_request_list_head);
594 650 !SADB_LIST_END(req); req = SADB_LIST_NEXT(req)) {
595 651 if (req->callback->expired(req, param))
596 652 goto done;
597 653 }
598 654
599 655 /* couldn't find corresponding SA */
600 656 isakmp_log(0, 0, 0, 0, PLOG_INTWARN, PLOGLOC,
601 657 "PF_KEY SADB_EXPIRE message does not have corresponding request. (ignored)\n");
602 658
603 659 done:
604 660 TRACE((PLOGLOC, "done.\n"));
|
↓ open down ↓ |
275 lines elided |
↑ open up ↑ |
605 661 return 0;
606 662 }
607 663
608 664
609 665 /*
610 666 * called when the kernel generates SADB_ACQUIRE message
611 667 */
612 668 static int
613 669 sadb_acquire_callback(struct rcpfk_msg *param)
614 670 {
671 + struct sadb_request *req;
672 + invacq_t *invacq;
615 673 /* param: seq, satype, sa_src, sa_dst, samode, selid */
616 674 /* address(P)??? pid?? identity??? proposal??? */
617 675
618 676 TRACE((PLOGLOC,
619 677 "sadb_acquire_callback: seq=%d satype=%d sa_src=%s sa_dst=%s samode=%d selid=%d\n",
620 678 param->seq, param->satype, rcs_sa2str(param->sa_src),
621 679 rcs_sa2str(param->sa_dst), param->samode, param->slid));
622 680
623 - if (sadb_find_by_seq(param->seq)) {
624 - TRACE((PLOGLOC, "duplicate seq %u\n", param->seq));
625 - return 0;
681 + req = sadb_find_by_seq(param->seq);
682 + if (req != NULL) {
683 + /* Inverse-ACQUIRE. */
684 + invacq = (invacq_t *)req->sa;
685 + invacq->answer = param;
686 + return (invacq->receiver(invacq));
626 687 }
627 688
628 - isakmp_initiate(&sadb_initiator_request_method,
629 - param->slid,
630 - param->seq, param->satype,
631 - param->sa_src, param->sa_dst,
632 - param->sa2_src);
689 + if (param->eno != 0) {
690 + /* inverse-ACQUIRE error with no outstanding request. Drop. */
691 + return (-1);
692 + }
693 +
694 + isakmp_initiate(&sadb_initiator_request_method, param);
633 695 return 0;
634 696 }
635 697
636 698 /*
637 699 * called when the kernel generates SADB_DELETE message
638 700 */
639 701 static int
640 702 sadb_delete_callback(struct rcpfk_msg *param)
641 703 {
642 704 /* param: seq, satype, spi, sa_src, sa_dst, samode */
643 705
644 706 /* similar to expire ? */
645 707
646 708 plog(PLOG_INFO, PLOGLOC, 0,
647 709 "received PFKEY_DELETE seq=%d satype=%s spi=0x%08x\n",
648 710 param->seq, rct2str(param->satype), ntohl(param->spi));
649 711 return 0;
650 712 }
651 713
652 714 #if 0
653 715 /* not used */
654 716 /* called when other KMd issued SADB_X_SPDUPDATE */
655 717 static int
656 718 sadb_spdupdate_callback(struct rcpfk_msg *param)
657 719 {
658 720 /* param: selid */
659 721
660 722 return 0;
661 723 }
662 724 #endif
663 725
664 726 #if 0
665 727 /* not used */
666 728 /* called when other KMd issued SADB_X_SPDADD */
667 729 static int
668 730 sadb_spdadd_callback(struct rcpfk_msg *param)
669 731 {
670 732 /* param: selid */
671 733 return 0;
672 734 }
673 735 #endif
674 736
675 737 #if 0
676 738 /* called when other KMd issued SADB_X_SPDDELETE */
677 739 static int
678 740 sadb_spddelete_callback(struct rcpfk_msg *param)
679 741 {
680 742 /* param: selid */
681 743 return 0;
682 744 }
683 745 #endif
684 746
685 747 #if 0
686 748 /* called when kernel SP expires */
687 749 static int
688 750 sadb_spdexpire_callback(struct rcpfk_msg *param)
689 751 {
690 752 /* param: selid */
691 753 /* address(SD)? lifetime(CH)? */
692 754
693 755 return 0;
694 756 }
695 757 #endif
696 758
697 759 #ifdef SADB_X_MIGRATE
698 760 #include <netinet/in.h>
699 761 /* called when kernel issued SADB_X_MIGRATE */
700 762 static int
701 763 sadb_x_migrate_callback(struct rcpfk_msg *param)
702 764 {
703 765 struct rcf_selector *selector;
704 766 struct rcf_policy *policy;
705 767 struct ikev2_sa *ike_sa;
706 768 struct ikev2_child_sa *child_sa;
707 769 #ifdef IKEV1
708 770 struct ph1handle *iph1;
709 771 struct ph2handle *iph2;
710 772 extern struct ph1handle *getph1bydstaddrwop(struct sockaddr *);
711 773 #endif
712 774 extern struct rcf_selector *rcf_selector_head;
713 775
714 776 TRACE((PLOGLOC,
715 777 "sadb_x_migrate_callback: dir=%s, sa_src=%s, sa_dst=%s, sa2_src=%s, sa2_dst=%s\n",
716 778 rct2str(param->dir),
717 779 rcs_sa2str(param->sa_src), rcs_sa2str(param->sa_dst),
718 780 rcs_sa2str(param->sa2_src), rcs_sa2str(param->sa2_dst)));
719 781
720 782 if ((rcs_cmpsa(param->sa_src, param->sa2_src) == 0) &&
721 783 (rcs_cmpsa(param->sa_dst, param->sa2_dst) == 0))
722 784 return 0;
723 785 if (param->dir != RCT_DIR_OUTBOUND)
724 786 return 0;
725 787
726 788 /* migrate the primary selector */
727 789
728 790 for (selector = rcf_selector_head;
729 791 selector != 0;
730 792 selector = selector->next) {
731 793 if (selector->direction != RCT_DIR_OUTBOUND)
732 794 continue;
733 795 /* XXX match only on the reqid! */
734 796 if (param->reqid != selector->reqid)
735 797 continue;
736 798 policy = selector->pl;
737 799 if (policy->my_sa_ipaddr)
738 800 switch (param->sa_src->sa_family) {
739 801 case AF_INET:
740 802 if (policy->my_sa_ipaddr->type != RCT_ADDR_INET)
741 803 break;
742 804 ((struct sockaddr_in *)policy->my_sa_ipaddr->a.ipaddr)->sin_addr =
743 805 ((struct sockaddr_in *)param->sa2_src)->sin_addr;
744 806 break;
745 807 #ifdef INET6
746 808 case AF_INET6:
747 809 if (policy->my_sa_ipaddr->type != RCT_ADDR_INET)
748 810 break;
749 811 memcpy(&((struct sockaddr_in6 *)policy->my_sa_ipaddr->a.ipaddr)->sin6_addr,
750 812 &((struct sockaddr_in6 *)param->sa2_src)->sin6_addr,
751 813 sizeof(struct in6_addr));
752 814 break;
753 815 #endif
754 816 default:
755 817 return -1;
756 818 }
757 819 if (policy->peers_sa_ipaddr)
758 820 switch (param->sa_dst->sa_family) {
759 821 case AF_INET:
760 822 if (policy->peers_sa_ipaddr->type != RCT_ADDR_INET)
761 823 break;
762 824 ((struct sockaddr_in *)policy->peers_sa_ipaddr->a.ipaddr)->sin_addr =
763 825 ((struct sockaddr_in *)param->sa2_dst)->sin_addr;
764 826 break;
765 827 #ifdef INET6
766 828 case AF_INET6:
767 829 if (policy->peers_sa_ipaddr->type != RCT_ADDR_INET)
768 830 break;
769 831 memcpy(&((struct sockaddr_in6 *)policy->peers_sa_ipaddr->a.ipaddr)->sin6_addr,
770 832 &((struct sockaddr_in6 *)param->sa2_dst)->sin6_addr,
771 833 sizeof(struct in6_addr));
772 834 break;
773 835 #endif
774 836 default:
775 837 return -1;
776 838 }
777 839 plog(PLOG_INFO, PLOGLOC, 0,
778 840 "move selector(%p) with sl_index(%s)\n",
779 841 selector, rc_vmem2str(selector->sl_index));
780 842 }
781 843
782 844 /* migrate the IKE SA */
783 845
784 846 ike_sa = ikev2_find_sa_by_addr(param->sa_dst);
785 847 if (ike_sa == NULL)
786 848 goto v1;
787 849 plog(PLOG_INFO, PLOGLOC, 0, "move ikev2_sa(%p): from %s -> %s\n",
788 850 ike_sa, rcs_sa2str(ike_sa->local), rcs_sa2str(ike_sa->remote));
789 851
790 852 switch (ike_sa->remote->sa_family) {
791 853 case AF_INET:
792 854 ((struct sockaddr_in *)ike_sa->local)->sin_addr =
793 855 ((struct sockaddr_in *)param->sa2_src)->sin_addr;
794 856 ((struct sockaddr_in *)ike_sa->remote)->sin_addr =
795 857 ((struct sockaddr_in *)param->sa2_dst)->sin_addr;
796 858 #ifdef INET6
797 859 case AF_INET6:
798 860 memcpy(&((struct sockaddr_in6 *)ike_sa->local)->sin6_addr,
799 861 &((struct sockaddr_in6 *)param->sa2_src)->sin6_addr,
800 862 sizeof(struct in6_addr));
801 863 memcpy(&((struct sockaddr_in6 *)ike_sa->remote)->sin6_addr,
802 864 &((struct sockaddr_in6 *)param->sa2_dst)->sin6_addr,
803 865 sizeof(struct in6_addr));
804 866 break;
805 867 #endif
806 868 default:
807 869 return -1;
808 870 }
809 871 plog(PLOG_INFO, PLOGLOC, 0, "move ikev2_sa(%p): to %s -> %s\n",
810 872 ike_sa, rcs_sa2str(ike_sa->local), rcs_sa2str(ike_sa->remote));
811 873
812 874 /* migrate children */
813 875
814 876 for (child_sa = IKEV2_CHILD_LIST_FIRST(&ike_sa->children);
815 877 !IKEV2_CHILD_LIST_END(child_sa);
816 878 child_sa = IKEV2_CHILD_LIST_NEXT(child_sa)) {
817 879 if (!child_sa->selector)
818 880 continue;
819 881 if (param->reqid != child_sa->selector->reqid)
820 882 continue;
821 883 switch (ike_sa->remote->sa_family) {
822 884 case AF_INET:
823 885 if (child_sa->local)
824 886 ((struct sockaddr_in *)child_sa->local)->sin_addr =
825 887 ((struct sockaddr_in *)ike_sa->local)->sin_addr;
826 888 if (child_sa->remote)
827 889 ((struct sockaddr_in *)child_sa->remote)->sin_addr =
828 890 ((struct sockaddr_in *)ike_sa->remote)->sin_addr;
829 891
830 892 policy = child_sa->selector->pl;
831 893 if (policy->my_sa_ipaddr) {
832 894 if (policy->my_sa_ipaddr->type != RCT_ADDR_INET) {
833 895 TRACE((PLOGLOC, "unexpected type\n"));
834 896 continue;
835 897 }
836 898 ((struct sockaddr_in *)policy->my_sa_ipaddr->a.ipaddr)->sin_addr =
837 899 ((struct sockaddr_in *)ike_sa->local)->sin_addr;
838 900 }
839 901 if (policy->peers_sa_ipaddr) {
840 902 if (policy->peers_sa_ipaddr->type != RCT_ADDR_INET) {
841 903 TRACE((PLOGLOC, "unexpected type\n"));
842 904 continue;
843 905 }
844 906 ((struct sockaddr_in *)policy->peers_sa_ipaddr->a.ipaddr)->sin_addr =
845 907 ((struct sockaddr_in *)ike_sa->local)->sin_addr;
846 908 }
847 909 break;
848 910 #ifdef INET6
849 911 case AF_INET6:
850 912 if (child_sa->local)
851 913 memcpy(&((struct sockaddr_in6 *)child_sa->local)->sin6_addr,
852 914 &((struct sockaddr_in6 *)ike_sa->local)->sin6_addr,
853 915 sizeof(struct in6_addr));
854 916 if (child_sa->remote)
855 917 memcpy(&((struct sockaddr_in6 *)child_sa->remote)->sin6_addr,
856 918 &((struct sockaddr_in6 *)ike_sa->remote)->sin6_addr,
857 919 sizeof(struct in6_addr));
858 920
859 921 policy = child_sa->selector->pl;
860 922 if (policy->my_sa_ipaddr) {
861 923 if (policy->my_sa_ipaddr->type != RCT_ADDR_INET) {
862 924 TRACE((PLOGLOC, "unexpected type\n"));
863 925 continue;
864 926 }
865 927 memcpy(&((struct sockaddr_in6 *)policy->my_sa_ipaddr->a.ipaddr)->sin6_addr,
866 928 &((struct sockaddr_in6 *)ike_sa->local)->sin6_addr,
867 929 sizeof(struct in6_addr));
868 930 }
869 931 if (policy->peers_sa_ipaddr) {
870 932 if (policy->peers_sa_ipaddr->type != RCT_ADDR_INET) {
871 933 TRACE((PLOGLOC, "unexpected type\n"));
872 934 continue;
873 935 }
874 936 memcpy(&((struct sockaddr_in6 *)policy->peers_sa_ipaddr->a.ipaddr)->sin6_addr,
875 937 &((struct sockaddr_in6 *)ike_sa->remote)->sin6_addr,
876 938 sizeof(struct in6_addr));
877 939 }
878 940 break;
879 941 #endif
880 942 }
881 943 plog(PLOG_INFO, PLOGLOC, 0, "move child_sa(%p)\n", child_sa);
882 944 }
883 945
884 946 ikev2_migrate_script_hook(ike_sa, param->sa_src, param->sa_dst,
885 947 param->sa2_src, param->sa2_dst);
886 948
887 949 v1:
888 950 #ifdef IKEV1
889 951 /* migrate the ISAKMP SA (aka phase 1) */
890 952
891 953 iph1 = getph1bydstaddrwop(param->sa_dst);
892 954 if (iph1 == NULL)
893 955 return 0;
894 956 plog(PLOG_INFO, PLOGLOC, 0, "move ikev1_ph1(%p): from %s -> %s\n",
895 957 iph1, rcs_sa2str(iph1->local), rcs_sa2str(iph1->remote));
896 958
897 959 switch (iph1->remote->sa_family) {
898 960 case AF_INET:
899 961 ((struct sockaddr_in *)iph1->local)->sin_addr =
900 962 ((struct sockaddr_in *)param->sa2_src)->sin_addr;
901 963 ((struct sockaddr_in *)iph1->remote)->sin_addr =
902 964 ((struct sockaddr_in *)param->sa2_dst)->sin_addr;
903 965 #ifdef INET6
904 966 case AF_INET6:
905 967 memcpy(&((struct sockaddr_in6 *)iph1->local)->sin6_addr,
906 968 &((struct sockaddr_in6 *)param->sa2_src)->sin6_addr,
907 969 sizeof(struct in6_addr));
908 970 memcpy(&((struct sockaddr_in6 *)iph1->remote)->sin6_addr,
909 971 &((struct sockaddr_in6 *)param->sa2_dst)->sin6_addr,
910 972 sizeof(struct in6_addr));
911 973 break;
912 974 #endif
913 975 default:
914 976 return -1;
915 977 }
916 978 plog(PLOG_INFO, PLOGLOC, 0, "move ikev1_ph1(%p): to %s -> %s\n",
917 979 iph1, rcs_sa2str(iph1->local), rcs_sa2str(iph1->remote));
918 980
919 981 /* migrate children aka phases 2 */
920 982
921 983 LIST_FOREACH(iph2, &iph1->ph2tree, ph1bind) {
922 984 if (!iph2->selector)
923 985 continue;
924 986 if (param->reqid != iph2->selector->reqid)
925 987 continue;
926 988 switch (iph1->remote->sa_family) {
927 989 case AF_INET:
928 990 if (iph2->src)
929 991 ((struct sockaddr_in *)iph2->src)->sin_addr =
930 992 ((struct sockaddr_in *)iph1->local)->sin_addr;
931 993 if (iph2->dst)
932 994 ((struct sockaddr_in *)iph2->dst)->sin_addr =
933 995 ((struct sockaddr_in *)iph1->remote)->sin_addr;
934 996
935 997 policy = iph2->selector->pl;
936 998 if (policy->my_sa_ipaddr) {
937 999 if (policy->my_sa_ipaddr->type != RCT_ADDR_INET) {
938 1000 TRACE((PLOGLOC, "unexpected type\n"));
939 1001 continue;
940 1002 }
941 1003 ((struct sockaddr_in *)policy->my_sa_ipaddr->a.ipaddr)->sin_addr =
942 1004 ((struct sockaddr_in *)iph1->local)->sin_addr;
943 1005 }
944 1006 if (policy->peers_sa_ipaddr) {
945 1007 if (policy->peers_sa_ipaddr->type != RCT_ADDR_INET) {
946 1008 TRACE((PLOGLOC, "unexpected type\n"));
947 1009 continue;
948 1010 }
949 1011 ((struct sockaddr_in *)policy->peers_sa_ipaddr->a.ipaddr)->sin_addr =
950 1012 ((struct sockaddr_in *)iph1->local)->sin_addr;
951 1013 }
952 1014 break;
953 1015 #ifdef INET6
954 1016 case AF_INET6:
955 1017 if (iph2->src)
956 1018 memcpy(&((struct sockaddr_in6 *)iph2->src)->sin6_addr,
957 1019 &((struct sockaddr_in6 *)iph1->local)->sin6_addr,
958 1020 sizeof(struct in6_addr));
959 1021 if (iph2->dst)
960 1022 memcpy(&((struct sockaddr_in6 *)iph2->dst)->sin6_addr,
961 1023 &((struct sockaddr_in6 *)iph1->remote)->sin6_addr,
962 1024 sizeof(struct in6_addr));
963 1025
964 1026 policy = iph2->selector->pl;
965 1027 if (policy->my_sa_ipaddr) {
966 1028 if (policy->my_sa_ipaddr->type != RCT_ADDR_INET) {
967 1029 TRACE((PLOGLOC, "unexpected type\n"));
968 1030 continue;
969 1031 }
970 1032 memcpy(&((struct sockaddr_in6 *)policy->my_sa_ipaddr->a.ipaddr)->sin6_addr,
971 1033 &((struct sockaddr_in6 *)iph1->local)->sin6_addr,
972 1034 sizeof(struct in6_addr));
973 1035 }
974 1036 if (policy->peers_sa_ipaddr) {
975 1037 if (policy->peers_sa_ipaddr->type != RCT_ADDR_INET) {
976 1038 TRACE((PLOGLOC, "unexpected type\n"));
977 1039 continue;
978 1040 }
979 1041 memcpy(&((struct sockaddr_in6 *)policy->peers_sa_ipaddr->a.ipaddr)->sin6_addr,
980 1042 &((struct sockaddr_in6 *)iph1->remote)->sin6_addr,
981 1043 sizeof(struct in6_addr));
982 1044 }
983 1045 break;
984 1046 #endif
985 1047 }
986 1048 plog(PLOG_INFO, PLOGLOC, 0, "move iph2(%p)\n", iph2);
987 1049 }
988 1050
989 1051 ikev1_migrate_script_hook(iph1, param->sa_src, param->sa_dst,
990 1052 param->sa2_src, param->sa2_dst);
991 1053
992 1054 #endif
993 1055 return 0;
994 1056 }
995 1057 #endif
996 1058
997 1059 /* #ifdef DEBUG */
998 1060 static int sadb_debug_getspi(struct rcpfk_msg *param);
999 1061 static int sadb_debug_acquire_error(struct rcpfk_msg *param);
1000 1062 static int sadb_debug_update(struct rcpfk_msg *param);
1001 1063 static int sadb_debug_add(struct rcpfk_msg *param);
1002 1064 static int sadb_debug_delete(struct rcpfk_msg *param);
1003 1065
1004 1066 struct sadb_request_method sadb_debug_method = {
1005 1067 sadb_debug_getspi,
1006 1068 sadb_debug_acquire_error,
1007 1069 sadb_debug_update,
1008 1070 sadb_debug_add,
1009 1071 sadb_debug_delete,
1010 1072 };
1011 1073
1012 1074 uint32_t debug_spi = 0x10000;
1013 1075
1014 1076 static int
1015 1077 sadb_debug_getspi(struct rcpfk_msg *param)
1016 1078 {
1017 1079 int err;
1018 1080
1019 1081 TRACE((PLOGLOC, "sadb_debug_getspi: seq=%d, satype=%d\n",
1020 1082 param->seq, param->satype));
1021 1083
1022 1084 param->spi = htonl(debug_spi++);
1023 1085 err = sadb_getspi_callback(param);
1024 1086 TRACE((PLOGLOC, "sadb_getspi_callback retval %d\n", err));
1025 1087 return 0;
1026 1088 }
1027 1089
1028 1090 static int
1029 1091 sadb_debug_acquire_error(struct rcpfk_msg *param)
1030 1092 {
1031 1093 TRACE((PLOGLOC,
1032 1094 "sadb_debug_acquire_error: seq=%d, satype=%d, spi=0x%08x, errno=%d\n",
1033 1095 param->seq, param->satype, ntohl(param->spi), param->eno));
1034 1096 return 0;
1035 1097 }
1036 1098
1037 1099 static int
1038 1100 sadb_debug_update(struct rcpfk_msg *param)
1039 1101 {
1040 1102 dump_param("sadb_debug_update", param);
1041 1103 return 0;
1042 1104 }
1043 1105
1044 1106 static int
1045 1107 sadb_debug_add(struct rcpfk_msg *param)
1046 1108 {
1047 1109 dump_param("sadb_debug_add", param);
1048 1110 return 0;
1049 1111 }
1050 1112
1051 1113 static int
1052 1114 sadb_debug_delete(struct rcpfk_msg *param)
1053 1115 {
1054 1116 dump_param("sadb_debug_delete", param);
1055 1117 return 0;
1056 1118 }
1057 1119
1058 1120 /*
1059 1121 * dump add/update parameters
1060 1122 */
1061 1123 static void
1062 1124 dump_param(char *msg, struct rcpfk_msg *param)
1063 1125 {
1064 1126 int i;
1065 1127 char buf[BUFSIZ];
1066 1128 char *bufp;
1067 1129 ssize_t buflen;
1068 1130
1069 1131 #define DUMP(x_) do { \
1070 1132 buflen -= strlen(bufp); \
1071 1133 bufp += strlen(bufp); \
1072 1134 if (buflen > 0) { \
1073 1135 x_; \
1074 1136 } \
1075 1137 } while (0)
1076 1138
1077 1139 buf[0] = '\0';
1078 1140 bufp = &buf[0];
1079 1141 buflen = sizeof(buf) - 1;
1080 1142 DUMP(snprintf(bufp, buflen,
1081 1143 "%s: seq=%d, ul_proto=%d sa_src=%s/%d, sa_dst=%s/%d, "
1082 1144 "satype=%d (%s), spi=0x%08x, wsize=%d, "
1083 1145 "authtype=%d (%s), enctype=%d (%s), saflags=0x%x, "
1084 1146 "samode=%d (%s), reqid=%d, "
1085 1147 "lifetime hard time %" PRIu64 ", bytes %" PRIu64 ", "
1086 1148 "lifetime soft time %" PRIu64 ", bytes %" PRIu64 ", "
1087 1149 "enckey len=%lu [",
1088 1150 msg,
1089 1151 param->seq, param->ul_proto,
1090 1152 rcs_sa2str(param->sa_src), param->pref_src,
1091 1153 rcs_sa2str(param->sa_dst), param->pref_dst,
1092 1154 param->satype, rct2str(param->satype),
1093 1155 ntohl(param->spi), param->wsize,
1094 1156 param->authtype, rct2str(param->authtype),
1095 1157 param->enctype, rct2str(param->enctype),
1096 1158 param->saflags,
1097 1159 param->samode, rct2str(param->samode),
1098 1160 param->reqid,
1099 1161 param->lft_hard_time, param->lft_hard_bytes,
1100 1162 param->lft_soft_time, param->lft_soft_bytes,
1101 1163 (unsigned long)param->enckeylen));
1102 1164 for (i = 0; i < (int)param->enckeylen; ++i) {
1103 1165 DUMP(snprintf(bufp, buflen,
1104 1166 "%02x", ((uint8_t *)param->enckey)[i]));
1105 1167 }
1106 1168 DUMP(snprintf(bufp, buflen, "], authkey len=%lu [",
1107 1169 (unsigned long)param->authkeylen));
1108 1170 for (i = 0; i < (int)param->authkeylen; ++i) {
1109 1171 DUMP(snprintf(bufp, buflen,
1110 1172 "%02x", ((uint8_t *)param->authkey)[i]));
1111 1173 }
1112 1174 DUMP(snprintf(bufp, buflen, "]\n"));
1113 1175
1114 1176 TRACE((PLOGLOC, "%s", buf));
1115 1177 }
1116 1178
1117 1179 #ifdef DEBUG
1118 1180 #include <sys/socket.h>
1119 1181 #include <netdb.h>
1120 1182
1121 1183 void
1122 1184 debug_initiate(char *addr, const char *selector_index)
1123 1185 {
1124 1186 struct isakmp_acquire_request *req;
1125 1187 struct addrinfo *res;
1126 1188 int err;
1127 1189
1128 1190 req = racoon_calloc(1, sizeof(*req));
1129 1191
1130 1192 err = getaddrinfo(addr, 0, 0, &res);
1131 1193 if (err) {
1132 1194 fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(err));
1133 1195 return;
1134 1196 }
1135 1197 if (!res) {
1136 1198 fprintf(stderr, "res is null\n");
1137 1199 return;
1138 1200 }
1139 1201 if (!res->ai_addr) {
1140 1202 fprintf(stderr, "res->ai_addr is null\n");
1141 1203 return;
1142 1204 }
1143 1205
1144 1206 req->callback_method = &sadb_debug_method;
1145 1207 req->request_msg_seq = 1;
1146 1208 req->dst = rcs_sadup(res->ai_addr);
1147 1209 isakmp_initiate_cont(req, selector_index);
1148 1210
1149 1211 freeaddrinfo(res);
1150 1212 }
1151 1213 #endif
1152 1214 /* #endif */
|
↓ open down ↓ |
510 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX