29 */
30
31 #include <config.h>
32
33 #include <sys/types.h>
34 #include <sys/param.h>
35
36 #include <netinet/in.h>
37 #ifdef __linux__
38 #include <linux/udp.h>
39 #endif
40 #if defined(__NetBSD__) || defined (__FreeBSD__)
41 #include <netinet/udp.h>
42 #endif
43
44 #include <stdlib.h>
45 #include <stdio.h>
46 #include <string.h>
47 #include <errno.h>
48
49 #include "racoon.h"
50
51 #include "var.h"
52 /* #include "misc.h" */
53 /* #include "vmbuf.h" */
54 #include "plog.h"
55 #include "debug.h"
56
57 /* #include "localconf.h" */
58 #include "remoteconf.h"
59 #include "sockmisc.h"
60 #include "isakmp.h"
61 #include "isakmp_var.h"
62 #include "isakmp_impl.h"
63 #include "ikev1_impl.h"
64 #include "oakley.h"
65 #include "ipsec_doi.h"
66 #include "vendorid.h"
67 #include "handler.h"
68 #include "crypto_impl.h"
279
280 default:
281 plog(PLOG_INTERR, PLOGLOC, NULL,
282 "unsupported NAT-T version: %s\n",
283 vid_string_by_id(version));
284 return -1;
285 }
286
287 opts->mode_udp_diff =
288 opts->mode_udp_tunnel - IPSECDOI_ATTR_ENC_MODE_TUNNEL;
289
290 return 0;
291 }
292
293 void
294 ikev1_natt_float_ports(struct ph1handle *iph1)
295 {
296 if (!(iph1->natt_flags && NAT_DETECTED))
297 return;
298 if (!iph1->natt_options->float_port) {
299 /* Drafts 00 / 01, just schedule keepalive */
300 natt_keepalive_add_ph1(iph1);
301 return;
302 }
303
304 set_port(iph1->local, iph1->natt_options->float_port);
305 set_port(iph1->remote, iph1->natt_options->float_port);
306 iph1->natt_flags |= NAT_PORTS_CHANGED | NAT_ADD_NON_ESP_MARKER;
307
308 natt_keepalive_add_ph1(iph1);
309 }
310
311 void
312 ikev1_natt_handle_vendorid(struct ph1handle *iph1, int vid_numeric)
313 {
314 if (!iph1->natt_options)
315 iph1->natt_options =
316 racoon_calloc(1, sizeof(*iph1->natt_options));
317
318 if (!iph1->natt_options) {
319 plog(PLOG_INTERR, PLOGLOC, NULL,
320 "Allocating memory for natt_options failed!\n");
321 return;
322 }
323
324 if (iph1->natt_options->version < vid_numeric)
325 if (natt_fill_options(iph1->natt_options, vid_numeric) == 0)
326 iph1->natt_flags |= NAT_ANNOUNCED;
327 }
328
329 /* NAT keepalive functions */
330 static void
331 natt_keepalive_send(void *param)
332 {
333 struct natt_ka_addrs *ka, *next = NULL;
334 char keepalive_packet[] = { 0xff };
335 int len;
336 int s;
337
338 for (ka = TAILQ_FIRST(&ka_tree); ka; ka = next) {
339 next = TAILQ_NEXT(ka, chain);
340
341 s = getsockmyaddr(ka->src);
342 if (s == -1) {
343 TAILQ_REMOVE(&ka_tree, ka, chain);
344 racoon_free(ka);
345 continue;
346 }
347 plog(PLOG_DEBUG, PLOGLOC, NULL, "KA: %s->%s\n",
348 rcs_sa2str(ka->src), rcs_sa2str(ka->dst));
430 next = TAILQ_NEXT(ka, chain);
431
432 plog(PLOG_DEBUG, PLOGLOC, NULL,
433 "KA tree dump: %s->%s (in_use=%u)\n", rcs_sa2str(src),
434 rcs_sa2str(dst), ka->in_use);
435
436 if (rcs_cmpsa(ka->src, src) == 0 &&
437 rcs_cmpsa(ka->dst, dst) == 0 && --ka->in_use <= 0) {
438
439 plog(PLOG_DEBUG, PLOGLOC, NULL,
440 "KA removing this one...\n");
441
442 TAILQ_REMOVE(&ka_tree, ka, chain);
443 racoon_free(ka);
444 /* Should we break here? Every pair of addresses should
445 * be inserted only once, but who knows :-) Lets traverse
446 * the whole list... */
447 }
448 }
449 }
450
451 #ifdef notyet
452 static struct remoteconf *
453 natt_enabled_in_rmconf_stub(struct remoteconf *rmconf, void *data)
454 {
455 return (ikev1_nat_traversal(rmconf) == NATT_OFF ? NULL : rmconf);
456 }
457
458 int
459 natt_enabled_in_rmconf()
460 {
461 return foreachrmconf(natt_enabled_in_rmconf_stub, NULL) != NULL;
462 }
463 #endif
464
465 struct payload_list *
466 isakmp_plist_append_natt_vids(struct payload_list *plist,
467 rc_vchar_t *vid_natt[MAX_NATT_VID_COUNT])
468 {
469 int i, vid_natt_i = 0;
|
29 */
30
31 #include <config.h>
32
33 #include <sys/types.h>
34 #include <sys/param.h>
35
36 #include <netinet/in.h>
37 #ifdef __linux__
38 #include <linux/udp.h>
39 #endif
40 #if defined(__NetBSD__) || defined (__FreeBSD__)
41 #include <netinet/udp.h>
42 #endif
43
44 #include <stdlib.h>
45 #include <stdio.h>
46 #include <string.h>
47 #include <errno.h>
48
49 #ifdef sun /* XXX KEBE SAYS OpenSolaris extras */
50 #define UDP_ENCAP_ESPINUDP_NON_IKE 1
51 #define UDP_ENCAP_ESPINUDP 2
52 #endif
53
54 #include "racoon.h"
55
56 #include "var.h"
57 /* #include "misc.h" */
58 /* #include "vmbuf.h" */
59 #include "plog.h"
60 #include "debug.h"
61
62 /* #include "localconf.h" */
63 #include "remoteconf.h"
64 #include "sockmisc.h"
65 #include "isakmp.h"
66 #include "isakmp_var.h"
67 #include "isakmp_impl.h"
68 #include "ikev1_impl.h"
69 #include "oakley.h"
70 #include "ipsec_doi.h"
71 #include "vendorid.h"
72 #include "handler.h"
73 #include "crypto_impl.h"
284
285 default:
286 plog(PLOG_INTERR, PLOGLOC, NULL,
287 "unsupported NAT-T version: %s\n",
288 vid_string_by_id(version));
289 return -1;
290 }
291
292 opts->mode_udp_diff =
293 opts->mode_udp_tunnel - IPSECDOI_ATTR_ENC_MODE_TUNNEL;
294
295 return 0;
296 }
297
298 void
299 ikev1_natt_float_ports(struct ph1handle *iph1)
300 {
301 if (!(iph1->natt_flags && NAT_DETECTED))
302 return;
303 if (!iph1->natt_options->float_port) {
304 #ifndef sun /* XXX KEBE SAYS OpenSolaris does keepalives in-kernel. */
305 /* Drafts 00 / 01, just schedule keepalive */
306 natt_keepalive_add_ph1(iph1);
307 #endif
308 return;
309 }
310
311 set_port(iph1->local, iph1->natt_options->float_port);
312 set_port(iph1->remote, iph1->natt_options->float_port);
313
314 iph1->natt_flags |= NAT_PORTS_CHANGED;
315
316 #ifndef sun
317 /*
318 * XXX KEBE SAYS OpenSolaris does keepalives in-kernel.
319 * Also, we have in-kernel zero-spi addition.
320 */
321 iph1->natt_flags |= NAT_ADD_NON_ESP_MARKER;
322
323 natt_keepalive_add_ph1(iph1);
324 #endif
325 }
326
327 void
328 ikev1_natt_handle_vendorid(struct ph1handle *iph1, int vid_numeric)
329 {
330 if (!iph1->natt_options)
331 iph1->natt_options =
332 racoon_calloc(1, sizeof(*iph1->natt_options));
333
334 if (!iph1->natt_options) {
335 plog(PLOG_INTERR, PLOGLOC, NULL,
336 "Allocating memory for natt_options failed!\n");
337 return;
338 }
339
340 if (iph1->natt_options->version < vid_numeric)
341 if (natt_fill_options(iph1->natt_options, vid_numeric) == 0)
342 iph1->natt_flags |= NAT_ANNOUNCED;
343 }
344
345 #ifndef sun /* XXX KEBE SAYS OpenSolaris does keepalives in-kernel. */
346 /* NAT keepalive functions */
347 static void
348 natt_keepalive_send(void *param)
349 {
350 struct natt_ka_addrs *ka, *next = NULL;
351 char keepalive_packet[] = { 0xff };
352 int len;
353 int s;
354
355 for (ka = TAILQ_FIRST(&ka_tree); ka; ka = next) {
356 next = TAILQ_NEXT(ka, chain);
357
358 s = getsockmyaddr(ka->src);
359 if (s == -1) {
360 TAILQ_REMOVE(&ka_tree, ka, chain);
361 racoon_free(ka);
362 continue;
363 }
364 plog(PLOG_DEBUG, PLOGLOC, NULL, "KA: %s->%s\n",
365 rcs_sa2str(ka->src), rcs_sa2str(ka->dst));
447 next = TAILQ_NEXT(ka, chain);
448
449 plog(PLOG_DEBUG, PLOGLOC, NULL,
450 "KA tree dump: %s->%s (in_use=%u)\n", rcs_sa2str(src),
451 rcs_sa2str(dst), ka->in_use);
452
453 if (rcs_cmpsa(ka->src, src) == 0 &&
454 rcs_cmpsa(ka->dst, dst) == 0 && --ka->in_use <= 0) {
455
456 plog(PLOG_DEBUG, PLOGLOC, NULL,
457 "KA removing this one...\n");
458
459 TAILQ_REMOVE(&ka_tree, ka, chain);
460 racoon_free(ka);
461 /* Should we break here? Every pair of addresses should
462 * be inserted only once, but who knows :-) Lets traverse
463 * the whole list... */
464 }
465 }
466 }
467 #endif
468
469 #ifdef notyet
470 static struct remoteconf *
471 natt_enabled_in_rmconf_stub(struct remoteconf *rmconf, void *data)
472 {
473 return (ikev1_nat_traversal(rmconf) == NATT_OFF ? NULL : rmconf);
474 }
475
476 int
477 natt_enabled_in_rmconf()
478 {
479 return foreachrmconf(natt_enabled_in_rmconf_stub, NULL) != NULL;
480 }
481 #endif
482
483 struct payload_list *
484 isakmp_plist_append_natt_vids(struct payload_list *plist,
485 rc_vchar_t *vid_natt[MAX_NATT_VID_COUNT])
486 {
487 int i, vid_natt_i = 0;
|