258 iph1->dpd_r_u = NULL;
259
260 return iph1;
261 }
262
263 /*
264 * delete new isakmp Phase 1 status record to handle isakmp in Phase1
265 */
266 void
267 delph1(struct ph1handle *iph1)
268 {
269 if (iph1 == NULL)
270 return;
271
272 /* SA down shell script hook */
273 ikev1_script_hook(iph1, SCRIPT_PHASE1_DOWN);
274
275 EVT_PUSH(iph1->local, iph1->remote, EVTT_PHASE1_DOWN, NULL);
276
277 #ifdef ENABLE_NATT
278 if (iph1->natt_flags & NAT_KA_QUEUED)
279 natt_keepalive_remove (iph1->local, iph1->remote);
280
281 if (iph1->natt_options) {
282 racoon_free(iph1->natt_options);
283 iph1->natt_options = NULL;
284 }
285 #endif
286
287 if (iph1->dpd_r_u != NULL)
288 SCHED_KILL(iph1->dpd_r_u);
289
290 if (iph1->remote) {
291 racoon_free(iph1->remote);
292 iph1->remote = NULL;
293 }
294 if (iph1->local) {
295 racoon_free(iph1->local);
296 iph1->local = NULL;
297 }
298
299 if (iph1->approval) {
453 */
454 struct ph2handle *
455 getph2bymsgid(struct ph1handle *iph1, uint32_t msgid)
456 {
457 struct ph2handle *p;
458
459 LIST_FOREACH(p, &ph2tree, chain) {
460 if (p->msgid == msgid)
461 return p;
462 }
463
464 return NULL;
465 }
466
467 struct ph2handle *
468 getph2byselector(struct sockaddr *src, struct sockaddr *dst, struct rcf_selector *selector)
469 {
470 struct ph2handle *p;
471
472 LIST_FOREACH(p, &ph2tree, chain) {
473 if (rc_vmemcmp(p->selector->sl_index, selector->sl_index)
474 == 0 &&
475 CMPSADDR(src, p->src) == 0 &&
476 CMPSADDR(dst, p->dst) == 0)
477 return p;
478 }
479
480 return NULL;
481 }
482
483 struct ph2handle *
484 getph2bysaddr(struct sockaddr *src, struct sockaddr *dst)
485 {
486 struct ph2handle *p;
487
488 LIST_FOREACH(p, &ph2tree, chain) {
489 if (rcs_cmpsa(src, p->src) == 0 &&
490 rcs_cmpsa(dst, p->dst) == 0)
491 return p;
492 }
493
494 return NULL;
612 delph2(struct ph2handle *iph2)
613 {
614 initph2(iph2);
615
616 if (iph2->src) {
617 racoon_free(iph2->src);
618 iph2->src = NULL;
619 }
620 if (iph2->dst) {
621 racoon_free(iph2->dst);
622 iph2->dst = NULL;
623 }
624 if (iph2->src_id) {
625 racoon_free(iph2->src_id);
626 iph2->src_id = NULL;
627 }
628 if (iph2->dst_id) {
629 racoon_free(iph2->dst_id);
630 iph2->dst_id = NULL;
631 }
632
633 if (iph2->proposal) {
634 flushsaprop(iph2->proposal);
635 iph2->proposal = NULL;
636 }
637
638 sadb_request_finish(&iph2->sadb_request);
639
640 racoon_free(iph2);
641 }
642
643 /*
644 * create new isakmp Phase 2 status record to handle isakmp in Phase2
645 */
646 int
647 insph2(struct ph2handle *iph2)
648 {
649 LIST_INSERT_HEAD(&ph2tree, iph2, chain);
650
651 return 0;
1471 isakmp_info_send_d1(p);
1472 purge_remote(p);
1473 found++;
1474 }
1475 }
1476
1477 return found;
1478 }
1479 #endif
1480
1481
1482 static int
1483 delete_ipsec_sa(struct sadb_request *r,
1484 struct sockaddr *src, struct sockaddr *dst, int proto,
1485 uint32_t spi/* network order */)
1486 {
1487 struct rcpfk_msg param;
1488 int satype;
1489 int retval;
1490
1491 switch (proto) {
1492 case IPSECDOI_PROTO_IPSEC_AH:
1493 satype = RCT_SATYPE_AH;
1494 break;
1495 case IPSECDOI_PROTO_IPSEC_ESP:
1496 satype = RCT_SATYPE_ESP;
1497 break;
1498 case IPSECDOI_PROTO_IPCOMP:
1499 satype = RCT_SATYPE_IPCOMP;
1500 break;
1501 default:
1502 plog(PLOG_INTERR, PLOGLOC, 0,
1503 "unsupported IPSECDOI protocol ID (%d)\n",
1504 proto);
1505 retval = -1;
1506 goto done;
1507 break;
1508 }
1509
1510 param.sa_src = src;
|
258 iph1->dpd_r_u = NULL;
259
260 return iph1;
261 }
262
263 /*
264 * delete new isakmp Phase 1 status record to handle isakmp in Phase1
265 */
266 void
267 delph1(struct ph1handle *iph1)
268 {
269 if (iph1 == NULL)
270 return;
271
272 /* SA down shell script hook */
273 ikev1_script_hook(iph1, SCRIPT_PHASE1_DOWN);
274
275 EVT_PUSH(iph1->local, iph1->remote, EVTT_PHASE1_DOWN, NULL);
276
277 #ifdef ENABLE_NATT
278 #ifndef sun /* XXX KEBE SAYS kernel does this in OpenSolaris */
279 if (iph1->natt_flags & NAT_KA_QUEUED)
280 natt_keepalive_remove (iph1->local, iph1->remote);
281 #endif
282
283 if (iph1->natt_options) {
284 racoon_free(iph1->natt_options);
285 iph1->natt_options = NULL;
286 }
287 #endif
288
289 if (iph1->dpd_r_u != NULL)
290 SCHED_KILL(iph1->dpd_r_u);
291
292 if (iph1->remote) {
293 racoon_free(iph1->remote);
294 iph1->remote = NULL;
295 }
296 if (iph1->local) {
297 racoon_free(iph1->local);
298 iph1->local = NULL;
299 }
300
301 if (iph1->approval) {
455 */
456 struct ph2handle *
457 getph2bymsgid(struct ph1handle *iph1, uint32_t msgid)
458 {
459 struct ph2handle *p;
460
461 LIST_FOREACH(p, &ph2tree, chain) {
462 if (p->msgid == msgid)
463 return p;
464 }
465
466 return NULL;
467 }
468
469 struct ph2handle *
470 getph2byselector(struct sockaddr *src, struct sockaddr *dst, struct rcf_selector *selector)
471 {
472 struct ph2handle *p;
473
474 LIST_FOREACH(p, &ph2tree, chain) {
475 #ifdef sun
476 if ((p->selector->sl_index == selector->sl_index ||
477 rc_vmemcmp(p->selector->sl_index,
478 selector->sl_index) == 0) &&
479 #else
480 if (rc_vmemcmp(p->selector->sl_index, selector->sl_index)
481 == 0 &&
482 #endif
483 CMPSADDR(src, p->src) == 0 &&
484 CMPSADDR(dst, p->dst) == 0)
485 return p;
486 }
487
488 return NULL;
489 }
490
491 struct ph2handle *
492 getph2bysaddr(struct sockaddr *src, struct sockaddr *dst)
493 {
494 struct ph2handle *p;
495
496 LIST_FOREACH(p, &ph2tree, chain) {
497 if (rcs_cmpsa(src, p->src) == 0 &&
498 rcs_cmpsa(dst, p->dst) == 0)
499 return p;
500 }
501
502 return NULL;
620 delph2(struct ph2handle *iph2)
621 {
622 initph2(iph2);
623
624 if (iph2->src) {
625 racoon_free(iph2->src);
626 iph2->src = NULL;
627 }
628 if (iph2->dst) {
629 racoon_free(iph2->dst);
630 iph2->dst = NULL;
631 }
632 if (iph2->src_id) {
633 racoon_free(iph2->src_id);
634 iph2->src_id = NULL;
635 }
636 if (iph2->dst_id) {
637 racoon_free(iph2->dst_id);
638 iph2->dst_id = NULL;
639 }
640 #ifdef ENABLE_NATT
641 if (iph2->natoa_src) {
642 racoon_free(iph2->natoa_src);
643 iph2->natoa_src = NULL;
644 }
645 if (iph2->natoa_dst) {
646 racoon_free(iph2->natoa_dst);
647 iph2->natoa_dst = NULL;
648 }
649 #endif
650
651 if (iph2->proposal) {
652 flushsaprop(iph2->proposal);
653 iph2->proposal = NULL;
654 }
655
656 sadb_request_finish(&iph2->sadb_request);
657
658 racoon_free(iph2);
659 }
660
661 /*
662 * create new isakmp Phase 2 status record to handle isakmp in Phase2
663 */
664 int
665 insph2(struct ph2handle *iph2)
666 {
667 LIST_INSERT_HEAD(&ph2tree, iph2, chain);
668
669 return 0;
1489 isakmp_info_send_d1(p);
1490 purge_remote(p);
1491 found++;
1492 }
1493 }
1494
1495 return found;
1496 }
1497 #endif
1498
1499
1500 static int
1501 delete_ipsec_sa(struct sadb_request *r,
1502 struct sockaddr *src, struct sockaddr *dst, int proto,
1503 uint32_t spi/* network order */)
1504 {
1505 struct rcpfk_msg param;
1506 int satype;
1507 int retval;
1508
1509 (void) memset(¶m, 0, sizeof (param));
1510
1511 switch (proto) {
1512 case IPSECDOI_PROTO_IPSEC_AH:
1513 satype = RCT_SATYPE_AH;
1514 break;
1515 case IPSECDOI_PROTO_IPSEC_ESP:
1516 satype = RCT_SATYPE_ESP;
1517 break;
1518 case IPSECDOI_PROTO_IPCOMP:
1519 satype = RCT_SATYPE_IPCOMP;
1520 break;
1521 default:
1522 plog(PLOG_INTERR, PLOGLOC, 0,
1523 "unsupported IPSECDOI protocol ID (%d)\n",
1524 proto);
1525 retval = -1;
1526 goto done;
1527 break;
1528 }
1529
1530 param.sa_src = src;
|