26  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  27  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  28  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  29  * SUCH DAMAGE.
  30  */
  31 
  32 #include <config.h>
  33 
  34 #include <sys/types.h>
  35 #include <sys/param.h>
  36 #include <sys/socket.h>
  37 
  38 #include <netinet/in.h>
  39 
  40 #ifdef HAVE_NETINET6_IPSEC_H
  41 # include <netinet6/ipsec.h>
  42 #else
  43 # ifdef HAVE_NETIPSEC_IPSEC_H
  44 #  include <netipsec/ipsec.h>
  45 # else

  46 #  include <linux/ipsec.h>
  47 # endif

  48 #endif
  49 





  50 #include <assert.h>
  51 #include <stdlib.h>
  52 #include <stdio.h>
  53 #include <string.h>
  54 #include <errno.h>
  55 #include <netdb.h>
  56 #if TIME_WITH_SYS_TIME
  57 # include <sys/time.h>
  58 # include <time.h>
  59 #else
  60 # if HAVE_SYS_TIME_H
  61 #  include <sys/time.h>
  62 # else
  63 #  include <time.h>
  64 # endif
  65 #endif
  66 
  67 #include "racoon.h"
  68 
  69 #include "var.h"

3018                         propoff = iph2->sa->l - q->l;
3019 
3020                         rc_vfree(q);
3021                 }
3022         }
3023 
3024         return 0;
3025 }
3026 
3027 /*
3028  * return 1 if all of the given protocols are transport mode.
3029  */
3030 int
3031 ipsecdoi_transportmode(pp)
3032         struct saprop *pp;
3033 {
3034         struct saproto *pr = NULL;
3035 
3036         for (; pp; pp = pp->next) {
3037                 for (pr = pp->head; pr; pr = pr->next) {
3038                         if (pr->encmode != IPSECDOI_ATTR_ENC_MODE_TRNS)

3039                                 return 0;
3040                 }
3041         }
3042 
3043         return 1;
3044 }
3045 
3046 #if 0
3047 int
3048 ipsecdoi_get_defaultlifetime()
3049 {
3050         return IPSECDOI_ATTR_SA_LD_SEC_DEFAULT;
3051 }
3052 #endif
3053 
3054 int
3055 ipsecdoi_checkalgtypes(proto_id, enc, auth, comp)
3056         int proto_id, enc, auth, comp;
3057 {
3058 #define TMPALGTYPE2STR(n) s_algtype(algclass_ipsec_##n, n)

3091                 }
3092                 break;
3093         default:
3094                 plog(PLOG_PROTOERR, PLOGLOC, NULL,
3095                         "invalid ipsec protocol %d\n", proto_id);
3096                 return -1;
3097         }
3098 #undef TMPALGTYPE2STR
3099         return 0;
3100 }
3101 
3102 int
3103 ipproto2doi(proto)
3104         int proto;
3105 {
3106         switch (proto) {
3107         case IPPROTO_AH:
3108                 return IPSECDOI_PROTO_IPSEC_AH;
3109         case IPPROTO_ESP:
3110                 return IPSECDOI_PROTO_IPSEC_ESP;

3111         case IPPROTO_IPCOMP:
3112                 return IPSECDOI_PROTO_IPCOMP;

3113         }
3114         return -1;      /* XXX */
3115 }
3116 
3117 int
3118 doi2ipproto(proto)
3119         int proto;
3120 {
3121         switch (proto) {
3122         case IPSECDOI_PROTO_IPSEC_AH:
3123                 return IPPROTO_AH;
3124         case IPSECDOI_PROTO_IPSEC_ESP:
3125                 return IPPROTO_ESP;

3126         case IPSECDOI_PROTO_IPCOMP:
3127                 return IPPROTO_IPCOMP;

3128         }
3129         return -1;      /* XXX */
3130 }
3131 
3132 /*
3133  * check the following:
3134  * - In main mode with pre-shared key, only address type can be used.
3135  * - if proper type for phase 1 ?
3136  * - if phase 1 ID payload conformed RFC2407 4.6.2.
3137  *   (proto, port) must be (0, 0), (udp, 500) or (udp, [specified]).
3138  * - if ID payload sent from peer is equal to the ID expected by me.
3139  *
3140  * both of "id" and "id_p" should be ID payload without general header,
3141  */
3142 int
3143 ipsecdoi_checkid1(iph1)
3144         struct ph1handle *iph1;
3145 {
3146         struct ipsecdoi_id_b *id_b;
3147 #if 0

  26  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  27  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  28  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  29  * SUCH DAMAGE.
  30  */
  31 
  32 #include <config.h>
  33 
  34 #include <sys/types.h>
  35 #include <sys/param.h>
  36 #include <sys/socket.h>
  37 
  38 #include <netinet/in.h>
  39 
  40 #ifdef HAVE_NETINET6_IPSEC_H
  41 # include <netinet6/ipsec.h>
  42 #else
  43 # ifdef HAVE_NETIPSEC_IPSEC_H
  44 #  include <netipsec/ipsec.h>
  45 # else
  46 #  ifndef sun   /* XXX KEBE SAYS OpenSolaris */
  47 #    include <linux/ipsec.h>
  48 #  endif
  49 # endif
  50 #endif
  51 
  52 #ifdef sun      /* XXX KEBE SAYS OpenSolaris */
  53 #define IPSEC_ULPROTO_ANY 0
  54 #define IPSEC_PORT_ANY 0
  55 #endif
  56 
  57 #include <assert.h>
  58 #include <stdlib.h>
  59 #include <stdio.h>
  60 #include <string.h>
  61 #include <errno.h>
  62 #include <netdb.h>
  63 #if TIME_WITH_SYS_TIME
  64 # include <sys/time.h>
  65 # include <time.h>
  66 #else
  67 # if HAVE_SYS_TIME_H
  68 #  include <sys/time.h>
  69 # else
  70 #  include <time.h>
  71 # endif
  72 #endif
  73 
  74 #include "racoon.h"
  75 
  76 #include "var.h"

3025                         propoff = iph2->sa->l - q->l;
3026 
3027                         rc_vfree(q);
3028                 }
3029         }
3030 
3031         return 0;
3032 }
3033 
3034 /*
3035  * return 1 if all of the given protocols are transport mode.
3036  */
3037 int
3038 ipsecdoi_transportmode(pp)
3039         struct saprop *pp;
3040 {
3041         struct saproto *pr = NULL;
3042 
3043         for (; pp; pp = pp->next) {
3044                 for (pr = pp->head; pr; pr = pr->next) {
3045                         if (pr->encmode != IPSECDOI_ATTR_ENC_MODE_TRNS &&
3046                             pr->encmode != IPSECDOI_ATTR_ENC_MODE_UDPTRNS_RFC)
3047                                 return 0;
3048                 }
3049         }
3050 
3051         return 1;
3052 }
3053 
3054 #if 0
3055 int
3056 ipsecdoi_get_defaultlifetime()
3057 {
3058         return IPSECDOI_ATTR_SA_LD_SEC_DEFAULT;
3059 }
3060 #endif
3061 
3062 int
3063 ipsecdoi_checkalgtypes(proto_id, enc, auth, comp)
3064         int proto_id, enc, auth, comp;
3065 {
3066 #define TMPALGTYPE2STR(n) s_algtype(algclass_ipsec_##n, n)

3099                 }
3100                 break;
3101         default:
3102                 plog(PLOG_PROTOERR, PLOGLOC, NULL,
3103                         "invalid ipsec protocol %d\n", proto_id);
3104                 return -1;
3105         }
3106 #undef TMPALGTYPE2STR
3107         return 0;
3108 }
3109 
3110 int
3111 ipproto2doi(proto)
3112         int proto;
3113 {
3114         switch (proto) {
3115         case IPPROTO_AH:
3116                 return IPSECDOI_PROTO_IPSEC_AH;
3117         case IPPROTO_ESP:
3118                 return IPSECDOI_PROTO_IPSEC_ESP;
3119 #ifndef sun     /* XXX KEBE SAYS OpenSolaris */
3120         case IPPROTO_IPCOMP:
3121                 return IPSECDOI_PROTO_IPCOMP;
3122 #endif
3123         }
3124         return -1;      /* XXX */
3125 }
3126 
3127 int
3128 doi2ipproto(proto)
3129         int proto;
3130 {
3131         switch (proto) {
3132         case IPSECDOI_PROTO_IPSEC_AH:
3133                 return IPPROTO_AH;
3134         case IPSECDOI_PROTO_IPSEC_ESP:
3135                 return IPPROTO_ESP;
3136 #ifndef sun     /* XXX KEBE SAYS OpenSolaris */
3137         case IPSECDOI_PROTO_IPCOMP:
3138                 return IPPROTO_IPCOMP;
3139 #endif
3140         }
3141         return -1;      /* XXX */
3142 }
3143 
3144 /*
3145  * check the following:
3146  * - In main mode with pre-shared key, only address type can be used.
3147  * - if proper type for phase 1 ?
3148  * - if phase 1 ID payload conformed RFC2407 4.6.2.
3149  *   (proto, port) must be (0, 0), (udp, 500) or (udp, [specified]).
3150  * - if ID payload sent from peer is equal to the ID expected by me.
3151  *
3152  * both of "id" and "id_p" should be ID payload without general header,
3153  */
3154 int
3155 ipsecdoi_checkid1(iph1)
3156         struct ph1handle *iph1;
3157 {
3158         struct ipsecdoi_id_b *id_b;
3159 #if 0