1 /* $NetBSD: pfkey.c,v 1.18.4.5 2008/03/05 22:14:24 mgrooms Exp $ */
2
3 /* $Id: pfkey.c,v 1.18.4.5 2008/03/05 22:14:24 mgrooms Exp $ */
4
5 /*
6 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
7 * All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the project nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "config.h"
35
36 #include <stdlib.h>
37 #include <string.h>
38 #include <stdio.h>
39 #include <netdb.h>
40 #include <errno.h>
41 #ifdef HAVE_UNISTD_H
42 #include <unistd.h>
43 #endif
44 #include <netdb.h>
45 #include <netinet/in.h>
46 #include <arpa/inet.h>
47
48 #ifdef ENABLE_NATT
49 # ifdef __linux__
50 # include <linux/udp.h>
51 # endif
52 # if defined(__NetBSD__) || defined(__FreeBSD__) || \
53 (defined(__APPLE__) && defined(__MACH__))
54 # include <netinet/udp.h>
55 # endif
56 #endif
57
58 #include <sys/types.h>
59 #include <sys/param.h>
60 #include <sys/socket.h>
61 #include <sys/queue.h>
62 #ifndef ANDROID_CHANGES
63 #include <sys/sysctl.h>
64 #endif
65
66 #include <net/route.h>
67 #include <net/pfkeyv2.h>
68
69 #include <netinet/in.h>
70 #include PATH_IPSEC_H
71 #include <fcntl.h>
72
73 #include "libpfkey.h"
74
75 #include "var.h"
76 #include "misc.h"
77 #include "vmbuf.h"
78 #include "plog.h"
79 #include "sockmisc.h"
80 #include "debug.h"
81
82 #include "schedule.h"
83 #include "localconf.h"
84 #include "remoteconf.h"
85 #include "handler.h"
86 #include "policy.h"
87 #include "proposal.h"
88 #include "isakmp_var.h"
89 #include "isakmp.h"
90 #include "isakmp_inf.h"
91 #include "ipsec_doi.h"
92 #include "oakley.h"
93 #include "pfkey.h"
94 #include "algorithm.h"
95 #include "sainfo.h"
96 #include "admin.h"
97 #include "privsep.h"
98 #include "strnames.h"
99 #include "backupsa.h"
100 #include "gcmalloc.h"
101 #include "nattraversal.h"
102 #include "crypto_openssl.h"
103 #include "grabmyaddr.h"
104
105 #if defined(SADB_X_EALG_RIJNDAELCBC) && !defined(SADB_X_EALG_AESCBC)
106 #define SADB_X_EALG_AESCBC SADB_X_EALG_RIJNDAELCBC
107 #endif
108
109 /* prototype */
110 static u_int ipsecdoi2pfkey_aalg __P((u_int));
111 static u_int ipsecdoi2pfkey_ealg __P((u_int));
112 static u_int ipsecdoi2pfkey_calg __P((u_int));
113 static u_int ipsecdoi2pfkey_alg __P((u_int, u_int));
114 static u_int keylen_aalg __P((u_int));
115 static u_int keylen_ealg __P((u_int, int));
116
117 static int pk_recvgetspi __P((caddr_t *));
118 static int pk_recvupdate __P((caddr_t *));
119 static int pk_recvadd __P((caddr_t *));
120 static int pk_recvdelete __P((caddr_t *));
121 static int pk_recvacquire __P((caddr_t *));
122 static int pk_recvexpire __P((caddr_t *));
123 static int pk_recvflush __P((caddr_t *));
124 static int getsadbpolicy __P((caddr_t *, int *, int, struct ph2handle *));
125 static int pk_recvspdupdate __P((caddr_t *));
126 static int pk_recvspdadd __P((caddr_t *));
127 static int pk_recvspddelete __P((caddr_t *));
128 static int pk_recvspdexpire __P((caddr_t *));
129 static int pk_recvspdget __P((caddr_t *));
130 static int pk_recvspddump __P((caddr_t *));
131 static int pk_recvspdflush __P((caddr_t *));
132 static struct sadb_msg *pk_recv __P((int, int *));
133
134 static int (*pkrecvf[]) __P((caddr_t *)) = {
135 NULL,
136 pk_recvgetspi,
137 pk_recvupdate,
138 pk_recvadd,
139 pk_recvdelete,
140 NULL, /* SADB_GET */
141 pk_recvacquire,
142 NULL, /* SABD_REGISTER */
143 pk_recvexpire,
144 pk_recvflush,
145 NULL, /* SADB_DUMP */
146 NULL, /* SADB_X_PROMISC */
147 NULL, /* SADB_X_PCHANGE */
148 pk_recvspdupdate,
149 pk_recvspdadd,
150 pk_recvspddelete,
151 pk_recvspdget,
152 NULL, /* SADB_X_SPDACQUIRE */
153 pk_recvspddump,
154 pk_recvspdflush,
155 NULL, /* SADB_X_SPDSETIDX */
156 pk_recvspdexpire,
157 NULL, /* SADB_X_SPDDELETE2 */
158 NULL, /* SADB_X_NAT_T_NEW_MAPPING */
159 NULL, /* SADB_X_MIGRATE */
160 #if (SADB_MAX > 24)
161 #error "SADB extra message?"
162 #endif
163 };
164
165 static int addnewsp __P((caddr_t *));
166
167 /* cope with old kame headers - ugly */
168 #ifndef SADB_X_AALG_MD5
169 #define SADB_X_AALG_MD5 SADB_AALG_MD5
170 #endif
171 #ifndef SADB_X_AALG_SHA
172 #define SADB_X_AALG_SHA SADB_AALG_SHA
173 #endif
174 #ifndef SADB_X_AALG_NULL
175 #define SADB_X_AALG_NULL SADB_AALG_NULL
176 #endif
177
178 #ifndef SADB_X_EALG_BLOWFISHCBC
179 #define SADB_X_EALG_BLOWFISHCBC SADB_EALG_BLOWFISHCBC
180 #endif
181 #ifndef SADB_X_EALG_CAST128CBC
182 #define SADB_X_EALG_CAST128CBC SADB_EALG_CAST128CBC
183 #endif
184 #ifndef SADB_X_EALG_RC5CBC
185 #ifdef SADB_EALG_RC5CBC
186 #define SADB_X_EALG_RC5CBC SADB_EALG_RC5CBC
187 #endif
188 #endif
189
190 /*
191 * PF_KEY packet handler
192 * 0: success
193 * -1: fail
194 */
195 int
pfkey_handler()196 pfkey_handler()
197 {
198 struct sadb_msg *msg;
199 int len;
200 caddr_t mhp[SADB_EXT_MAX + 1];
201 int error = -1;
202
203 /* receive pfkey message. */
204 len = 0;
205 msg = (struct sadb_msg *)pk_recv(lcconf->sock_pfkey, &len);
206 if (msg == NULL) {
207 if (len < 0) {
208 plog(LLV_ERROR, LOCATION, NULL,
209 "failed to recv from pfkey (%s)\n",
210 strerror(errno));
211 goto end;
212 } else {
213 /* short message - msg not ready */
214 return 0;
215 }
216 }
217
218 plog(LLV_DEBUG, LOCATION, NULL, "get pfkey %s message\n",
219 s_pfkey_type(msg->sadb_msg_type));
220 plogdump(LLV_DEBUG2, msg, msg->sadb_msg_len << 3);
221
222 /* validity check */
223 if (msg->sadb_msg_errno) {
224 int pri;
225
226 /* when SPD is empty, treat the state as no error. */
227 if (msg->sadb_msg_type == SADB_X_SPDDUMP &&
228 msg->sadb_msg_errno == ENOENT)
229 pri = LLV_DEBUG;
230 else
231 pri = LLV_ERROR;
232
233 plog(pri, LOCATION, NULL,
234 "pfkey %s failed: %s\n",
235 s_pfkey_type(msg->sadb_msg_type),
236 strerror(msg->sadb_msg_errno));
237
238 goto end;
239 }
240
241 /* check pfkey message. */
242 if (pfkey_align(msg, mhp)) {
243 plog(LLV_ERROR, LOCATION, NULL,
244 "libipsec failed pfkey align (%s)\n",
245 ipsec_strerror());
246 goto end;
247 }
248 if (pfkey_check(mhp)) {
249 plog(LLV_ERROR, LOCATION, NULL,
250 "libipsec failed pfkey check (%s)\n",
251 ipsec_strerror());
252 goto end;
253 }
254 msg = (struct sadb_msg *)mhp[0];
255
256 /* safety check */
257 if (msg->sadb_msg_type >= ARRAYLEN(pkrecvf)) {
258 plog(LLV_ERROR, LOCATION, NULL,
259 "unknown PF_KEY message type=%u\n",
260 msg->sadb_msg_type);
261 goto end;
262 }
263
264 if (pkrecvf[msg->sadb_msg_type] == NULL) {
265 plog(LLV_INFO, LOCATION, NULL,
266 "unsupported PF_KEY message %s\n",
267 s_pfkey_type(msg->sadb_msg_type));
268 goto end;
269 }
270
271 if ((pkrecvf[msg->sadb_msg_type])(mhp) < 0)
272 goto end;
273
274 error = 0;
275 end:
276 if (msg)
277 racoon_free(msg);
278 return(error);
279 }
280
281 /*
282 * dump SADB
283 */
284 vchar_t *
pfkey_dump_sadb(satype)285 pfkey_dump_sadb(satype)
286 int satype;
287 {
288 int s = -1;
289 vchar_t *buf = NULL;
290 pid_t pid = getpid();
291 struct sadb_msg *msg = NULL;
292 size_t bl, ml;
293 int len;
294
295 if ((s = privsep_pfkey_open()) < 0) {
296 plog(LLV_ERROR, LOCATION, NULL,
297 "libipsec failed pfkey open: %s\n",
298 ipsec_strerror());
299 return NULL;
300 }
301
302 plog(LLV_DEBUG, LOCATION, NULL, "call pfkey_send_dump\n");
303 if (pfkey_send_dump(s, satype) < 0) {
304 plog(LLV_ERROR, LOCATION, NULL,
305 "libipsec failed dump: %s\n", ipsec_strerror());
306 goto fail;
307 }
308
309 while (1) {
310 if (msg)
311 racoon_free(msg);
312 msg = pk_recv(s, &len);
313 if (msg == NULL) {
314 if (len < 0)
315 goto done;
316 else
317 continue;
318 }
319
320 if (msg->sadb_msg_type != SADB_DUMP || msg->sadb_msg_pid != pid)
321 {
322 plog(LLV_DEBUG, LOCATION, NULL,
323 "discarding non-sadb dump msg %p, our pid=%i\n", msg, pid);
324 plog(LLV_DEBUG, LOCATION, NULL,
325 "type %i, pid %i\n", msg->sadb_msg_type, msg->sadb_msg_pid);
326 continue;
327 }
328
329
330 ml = msg->sadb_msg_len << 3;
331 bl = buf ? buf->l : 0;
332 buf = vrealloc(buf, bl + ml);
333 if (buf == NULL) {
334 plog(LLV_ERROR, LOCATION, NULL,
335 "failed to reallocate buffer to dump.\n");
336 goto fail;
337 }
338 memcpy(buf->v + bl, msg, ml);
339
340 if (msg->sadb_msg_seq == 0)
341 break;
342 }
343 goto done;
344
345 fail:
346 if (buf)
347 vfree(buf);
348 buf = NULL;
349 done:
350 if (msg)
351 racoon_free(msg);
352 if (s >= 0)
353 privsep_pfkey_close(s);
354 return buf;
355 }
356
357 #ifdef ENABLE_ADMINPORT
358 /*
359 * flush SADB
360 */
361 void
pfkey_flush_sadb(proto)362 pfkey_flush_sadb(proto)
363 u_int proto;
364 {
365 int satype;
366
367 /* convert to SADB_SATYPE */
368 if ((satype = admin2pfkey_proto(proto)) < 0)
369 return;
370
371 plog(LLV_DEBUG, LOCATION, NULL, "call pfkey_send_flush\n");
372 if (pfkey_send_flush(lcconf->sock_pfkey, satype) < 0) {
373 plog(LLV_ERROR, LOCATION, NULL,
374 "libipsec failed send flush (%s)\n", ipsec_strerror());
375 return;
376 }
377
378 return;
379 }
380 #endif
381
382 /*
383 * These are the SATYPEs that we manage. We register to get
384 * PF_KEY messages related to these SATYPEs, and we also use
385 * this list to determine which SATYPEs to delete SAs for when
386 * we receive an INITIAL-CONTACT.
387 */
388 const struct pfkey_satype pfkey_satypes[] = {
389 { SADB_SATYPE_AH, "AH" },
390 { SADB_SATYPE_ESP, "ESP" },
391 { SADB_X_SATYPE_IPCOMP, "IPCOMP" },
392 };
393 const int pfkey_nsatypes =
394 sizeof(pfkey_satypes) / sizeof(pfkey_satypes[0]);
395
396 /*
397 * PF_KEY initialization
398 */
399 int
pfkey_init()400 pfkey_init()
401 {
402 int i, reg_fail;
403
404 if ((lcconf->sock_pfkey = privsep_pfkey_open()) < 0) {
405 plog(LLV_ERROR, LOCATION, NULL,
406 "libipsec failed pfkey open (%s)\n", ipsec_strerror());
407 return -1;
408 }
409 if (fcntl(lcconf->sock_pfkey, F_SETFL, O_NONBLOCK) == -1)
410 plog(LLV_WARNING, LOCATION, NULL,
411 "failed to set the pfkey socket to NONBLOCK\n");
412
413 for (i = 0, reg_fail = 0; i < pfkey_nsatypes; i++) {
414 plog(LLV_DEBUG, LOCATION, NULL,
415 "call pfkey_send_register for %s\n",
416 pfkey_satypes[i].ps_name);
417 if (pfkey_send_register(lcconf->sock_pfkey,
418 pfkey_satypes[i].ps_satype) < 0 ||
419 pfkey_recv_register(lcconf->sock_pfkey) < 0) {
420 plog(LLV_WARNING, LOCATION, NULL,
421 "failed to register %s (%s)\n",
422 pfkey_satypes[i].ps_name,
423 ipsec_strerror());
424 reg_fail++;
425 }
426 }
427
428 if (reg_fail == pfkey_nsatypes) {
429 plog(LLV_ERROR, LOCATION, NULL,
430 "failed to regist any protocol.\n");
431 pfkey_close(lcconf->sock_pfkey);
432 return -1;
433 }
434
435 initsp();
436
437 if (pfkey_send_spddump(lcconf->sock_pfkey) < 0) {
438 plog(LLV_ERROR, LOCATION, NULL,
439 "libipsec sending spddump failed: %s\n",
440 ipsec_strerror());
441 pfkey_close(lcconf->sock_pfkey);
442 return -1;
443 }
444 #if 0
445 if (pfkey_promisc_toggle(1) < 0) {
446 pfkey_close(lcconf->sock_pfkey);
447 return -1;
448 }
449 #endif
450 return 0;
451 }
452
453 /* %%% for conversion */
454 /* IPSECDOI_ATTR_AUTH -> SADB_AALG */
455 static u_int
ipsecdoi2pfkey_aalg(hashtype)456 ipsecdoi2pfkey_aalg(hashtype)
457 u_int hashtype;
458 {
459 switch (hashtype) {
460 case IPSECDOI_ATTR_AUTH_HMAC_MD5:
461 return SADB_AALG_MD5HMAC;
462 case IPSECDOI_ATTR_AUTH_HMAC_SHA1:
463 return SADB_AALG_SHA1HMAC;
464 case IPSECDOI_ATTR_AUTH_HMAC_SHA2_256:
465 #if (defined SADB_X_AALG_SHA2_256) && !defined(SADB_X_AALG_SHA2_256HMAC)
466 return SADB_X_AALG_SHA2_256;
467 #else
468 return SADB_X_AALG_SHA2_256HMAC;
469 #endif
470 case IPSECDOI_ATTR_AUTH_HMAC_SHA2_384:
471 #if (defined SADB_X_AALG_SHA2_384) && !defined(SADB_X_AALG_SHA2_384HMAC)
472 return SADB_X_AALG_SHA2_384;
473 #else
474 return SADB_X_AALG_SHA2_384HMAC;
475 #endif
476 case IPSECDOI_ATTR_AUTH_HMAC_SHA2_512:
477 #if (defined SADB_X_AALG_SHA2_512) && !defined(SADB_X_AALG_SHA2_512HMAC)
478 return SADB_X_AALG_SHA2_512;
479 #else
480 return SADB_X_AALG_SHA2_512HMAC;
481 #endif
482 case IPSECDOI_ATTR_AUTH_KPDK: /* need special care */
483 return SADB_AALG_NONE;
484
485 /* not supported */
486 case IPSECDOI_ATTR_AUTH_DES_MAC:
487 plog(LLV_ERROR, LOCATION, NULL,
488 "Not supported hash type: %u\n", hashtype);
489 return ~0;
490
491 case 0: /* reserved */
492 default:
493 return SADB_AALG_NONE;
494
495 plog(LLV_ERROR, LOCATION, NULL,
496 "Invalid hash type: %u\n", hashtype);
497 return ~0;
498 }
499 /*NOTREACHED*/
500 }
501
502 /* IPSECDOI_ESP -> SADB_EALG */
503 static u_int
ipsecdoi2pfkey_ealg(t_id)504 ipsecdoi2pfkey_ealg(t_id)
505 u_int t_id;
506 {
507 switch (t_id) {
508 case IPSECDOI_ESP_DES_IV64: /* sa_flags |= SADB_X_EXT_OLD */
509 return SADB_EALG_DESCBC;
510 case IPSECDOI_ESP_DES:
511 return SADB_EALG_DESCBC;
512 case IPSECDOI_ESP_3DES:
513 return SADB_EALG_3DESCBC;
514 #ifdef SADB_X_EALG_RC5CBC
515 case IPSECDOI_ESP_RC5:
516 return SADB_X_EALG_RC5CBC;
517 #endif
518 case IPSECDOI_ESP_CAST:
519 return SADB_X_EALG_CAST128CBC;
520 case IPSECDOI_ESP_BLOWFISH:
521 return SADB_X_EALG_BLOWFISHCBC;
522 case IPSECDOI_ESP_DES_IV32: /* flags |= (SADB_X_EXT_OLD|
523 SADB_X_EXT_IV4B)*/
524 return SADB_EALG_DESCBC;
525 case IPSECDOI_ESP_NULL:
526 return SADB_EALG_NULL;
527 #ifdef SADB_X_EALG_AESCBC
528 case IPSECDOI_ESP_AES:
529 return SADB_X_EALG_AESCBC;
530 #endif
531 #ifdef SADB_X_EALG_TWOFISHCBC
532 case IPSECDOI_ESP_TWOFISH:
533 return SADB_X_EALG_TWOFISHCBC;
534 #endif
535 #ifdef SADB_X_EALG_CAMELLIACBC
536 case IPSECDOI_ESP_CAMELLIA:
537 return SADB_X_EALG_CAMELLIACBC;
538 #endif
539
540 /* not supported */
541 case IPSECDOI_ESP_3IDEA:
542 case IPSECDOI_ESP_IDEA:
543 case IPSECDOI_ESP_RC4:
544 plog(LLV_ERROR, LOCATION, NULL,
545 "Not supported transform: %u\n", t_id);
546 return ~0;
547
548 case 0: /* reserved */
549 default:
550 plog(LLV_ERROR, LOCATION, NULL,
551 "Invalid transform id: %u\n", t_id);
552 return ~0;
553 }
554 /*NOTREACHED*/
555 }
556
557 /* IPCOMP -> SADB_CALG */
558 static u_int
ipsecdoi2pfkey_calg(t_id)559 ipsecdoi2pfkey_calg(t_id)
560 u_int t_id;
561 {
562 switch (t_id) {
563 case IPSECDOI_IPCOMP_OUI:
564 return SADB_X_CALG_OUI;
565 case IPSECDOI_IPCOMP_DEFLATE:
566 return SADB_X_CALG_DEFLATE;
567 case IPSECDOI_IPCOMP_LZS:
568 return SADB_X_CALG_LZS;
569
570 case 0: /* reserved */
571 default:
572 plog(LLV_ERROR, LOCATION, NULL,
573 "Invalid transform id: %u\n", t_id);
574 return ~0;
575 }
576 /*NOTREACHED*/
577 }
578
579 /* IPSECDOI_PROTO -> SADB_SATYPE */
580 u_int
ipsecdoi2pfkey_proto(proto)581 ipsecdoi2pfkey_proto(proto)
582 u_int proto;
583 {
584 switch (proto) {
585 case IPSECDOI_PROTO_IPSEC_AH:
586 return SADB_SATYPE_AH;
587 case IPSECDOI_PROTO_IPSEC_ESP:
588 return SADB_SATYPE_ESP;
589 case IPSECDOI_PROTO_IPCOMP:
590 return SADB_X_SATYPE_IPCOMP;
591
592 default:
593 plog(LLV_ERROR, LOCATION, NULL,
594 "Invalid ipsec_doi proto: %u\n", proto);
595 return ~0;
596 }
597 /*NOTREACHED*/
598 }
599
600 static u_int
ipsecdoi2pfkey_alg(algclass,type)601 ipsecdoi2pfkey_alg(algclass, type)
602 u_int algclass, type;
603 {
604 switch (algclass) {
605 case IPSECDOI_ATTR_AUTH:
606 return ipsecdoi2pfkey_aalg(type);
607 case IPSECDOI_PROTO_IPSEC_ESP:
608 return ipsecdoi2pfkey_ealg(type);
609 case IPSECDOI_PROTO_IPCOMP:
610 return ipsecdoi2pfkey_calg(type);
611 default:
612 plog(LLV_ERROR, LOCATION, NULL,
613 "Invalid ipsec_doi algclass: %u\n", algclass);
614 return ~0;
615 }
616 /*NOTREACHED*/
617 }
618
619 /* SADB_SATYPE -> IPSECDOI_PROTO */
620 u_int
pfkey2ipsecdoi_proto(satype)621 pfkey2ipsecdoi_proto(satype)
622 u_int satype;
623 {
624 switch (satype) {
625 case SADB_SATYPE_AH:
626 return IPSECDOI_PROTO_IPSEC_AH;
627 case SADB_SATYPE_ESP:
628 return IPSECDOI_PROTO_IPSEC_ESP;
629 case SADB_X_SATYPE_IPCOMP:
630 return IPSECDOI_PROTO_IPCOMP;
631
632 default:
633 plog(LLV_ERROR, LOCATION, NULL,
634 "Invalid pfkey proto: %u\n", satype);
635 return ~0;
636 }
637 /*NOTREACHED*/
638 }
639
640 /* IPSECDOI_ATTR_ENC_MODE -> IPSEC_MODE */
641 u_int
ipsecdoi2pfkey_mode(mode)642 ipsecdoi2pfkey_mode(mode)
643 u_int mode;
644 {
645 switch (mode) {
646 case IPSECDOI_ATTR_ENC_MODE_TUNNEL:
647 #ifdef ENABLE_NATT
648 case IPSECDOI_ATTR_ENC_MODE_UDPTUNNEL_RFC:
649 case IPSECDOI_ATTR_ENC_MODE_UDPTUNNEL_DRAFT:
650 #endif
651 return IPSEC_MODE_TUNNEL;
652 case IPSECDOI_ATTR_ENC_MODE_TRNS:
653 #ifdef ENABLE_NATT
654 case IPSECDOI_ATTR_ENC_MODE_UDPTRNS_RFC:
655 case IPSECDOI_ATTR_ENC_MODE_UDPTRNS_DRAFT:
656 #endif
657 return IPSEC_MODE_TRANSPORT;
658 default:
659 plog(LLV_ERROR, LOCATION, NULL, "Invalid mode type: %u\n", mode);
660 return ~0;
661 }
662 /*NOTREACHED*/
663 }
664
665 /* IPSECDOI_ATTR_ENC_MODE -> IPSEC_MODE */
666 u_int
pfkey2ipsecdoi_mode(mode)667 pfkey2ipsecdoi_mode(mode)
668 u_int mode;
669 {
670 switch (mode) {
671 case IPSEC_MODE_TUNNEL:
672 return IPSECDOI_ATTR_ENC_MODE_TUNNEL;
673 case IPSEC_MODE_TRANSPORT:
674 return IPSECDOI_ATTR_ENC_MODE_TRNS;
675 case IPSEC_MODE_ANY:
676 return IPSECDOI_ATTR_ENC_MODE_ANY;
677 default:
678 plog(LLV_ERROR, LOCATION, NULL, "Invalid mode type: %u\n", mode);
679 return ~0;
680 }
681 /*NOTREACHED*/
682 }
683
684 /* default key length for encryption algorithm */
685 static u_int
keylen_aalg(hashtype)686 keylen_aalg(hashtype)
687 u_int hashtype;
688 {
689 int res;
690
691 if (hashtype == 0)
692 return SADB_AALG_NONE;
693
694 res = alg_ipsec_hmacdef_hashlen(hashtype);
695 if (res == -1) {
696 plog(LLV_ERROR, LOCATION, NULL,
697 "invalid hmac algorithm %u.\n", hashtype);
698 return ~0;
699 }
700 return res;
701 }
702
703 /* default key length for encryption algorithm */
704 static u_int
keylen_ealg(enctype,encklen)705 keylen_ealg(enctype, encklen)
706 u_int enctype;
707 int encklen;
708 {
709 int res;
710
711 res = alg_ipsec_encdef_keylen(enctype, encklen);
712 if (res == -1) {
713 plog(LLV_ERROR, LOCATION, NULL,
714 "invalid encryption algorithm %u.\n", enctype);
715 return ~0;
716 }
717 return res;
718 }
719
720 int
pfkey_convertfromipsecdoi(proto_id,t_id,hashtype,e_type,e_keylen,a_type,a_keylen,flags)721 pfkey_convertfromipsecdoi(proto_id, t_id, hashtype,
722 e_type, e_keylen, a_type, a_keylen, flags)
723 u_int proto_id;
724 u_int t_id;
725 u_int hashtype;
726 u_int *e_type;
727 u_int *e_keylen;
728 u_int *a_type;
729 u_int *a_keylen;
730 u_int *flags;
731 {
732 *flags = 0;
733 switch (proto_id) {
734 case IPSECDOI_PROTO_IPSEC_ESP:
735 if ((*e_type = ipsecdoi2pfkey_ealg(t_id)) == ~0)
736 goto bad;
737 if ((*e_keylen = keylen_ealg(t_id, *e_keylen)) == ~0)
738 goto bad;
739 *e_keylen >>= 3;
740
741 if ((*a_type = ipsecdoi2pfkey_aalg(hashtype)) == ~0)
742 goto bad;
743 if ((*a_keylen = keylen_aalg(hashtype)) == ~0)
744 goto bad;
745 *a_keylen >>= 3;
746
747 if (*e_type == SADB_EALG_NONE) {
748 plog(LLV_ERROR, LOCATION, NULL, "no ESP algorithm.\n");
749 goto bad;
750 }
751 break;
752
753 case IPSECDOI_PROTO_IPSEC_AH:
754 if ((*a_type = ipsecdoi2pfkey_aalg(hashtype)) == ~0)
755 goto bad;
756 if ((*a_keylen = keylen_aalg(hashtype)) == ~0)
757 goto bad;
758 *a_keylen >>= 3;
759
760 if (t_id == IPSECDOI_ATTR_AUTH_HMAC_MD5
761 && hashtype == IPSECDOI_ATTR_AUTH_KPDK) {
762 /* AH_MD5 + Auth(KPDK) = RFC1826 keyed-MD5 */
763 *a_type = SADB_X_AALG_MD5;
764 *flags |= SADB_X_EXT_OLD;
765 }
766 *e_type = SADB_EALG_NONE;
767 *e_keylen = 0;
768 if (*a_type == SADB_AALG_NONE) {
769 plog(LLV_ERROR, LOCATION, NULL, "no AH algorithm.\n");
770 goto bad;
771 }
772 break;
773
774 case IPSECDOI_PROTO_IPCOMP:
775 if ((*e_type = ipsecdoi2pfkey_calg(t_id)) == ~0)
776 goto bad;
777 *e_keylen = 0;
778
779 *flags = SADB_X_EXT_RAWCPI;
780
781 *a_type = SADB_AALG_NONE;
782 *a_keylen = 0;
783 if (*e_type == SADB_X_CALG_NONE) {
784 plog(LLV_ERROR, LOCATION, NULL, "no IPCOMP algorithm.\n");
785 goto bad;
786 }
787 break;
788
789 default:
790 plog(LLV_ERROR, LOCATION, NULL, "unknown IPsec protocol.\n");
791 goto bad;
792 }
793
794 return 0;
795
796 bad:
797 errno = EINVAL;
798 return -1;
799 }
800
801 /* called from scheduler */
802 void
pfkey_timeover_stub(p)803 pfkey_timeover_stub(p)
804 void *p;
805 {
806
807 pfkey_timeover((struct ph2handle *)p);
808 }
809
810 void
pfkey_timeover(iph2)811 pfkey_timeover(iph2)
812 struct ph2handle *iph2;
813 {
814 plog(LLV_ERROR, LOCATION, NULL,
815 "%s give up to get IPsec-SA due to time up to wait.\n",
816 saddrwop2str(iph2->dst));
817 SCHED_KILL(iph2->sce);
818
819 /* If initiator side, send error to kernel by SADB_ACQUIRE. */
820 if (iph2->side == INITIATOR)
821 pk_sendeacquire(iph2);
822
823 unbindph12(iph2);
824 remph2(iph2);
825 delph2(iph2);
826
827 return;
828 }
829
830 /*%%%*/
831 /* send getspi message per ipsec protocol per remote address */
832 /*
833 * the local address and remote address in ph1handle are dealed
834 * with destination address and source address respectively.
835 * Because SPI is decided by responder.
836 */
837 int
pk_sendgetspi(iph2)838 pk_sendgetspi(iph2)
839 struct ph2handle *iph2;
840 {
841 struct sockaddr *src = NULL, *dst = NULL;
842 u_int satype, mode;
843 struct saprop *pp;
844 struct saproto *pr;
845 u_int32_t minspi, maxspi;
846 int proxy = 0;
847
848 if (iph2->side == INITIATOR) {
849 pp = iph2->proposal;
850 proxy = iph2->ph1->rmconf->support_proxy;
851 } else {
852 pp = iph2->approval;
853 if (iph2->sainfo && iph2->sainfo->id_i)
854 proxy = 1;
855 }
856
857 /* for mobile IPv6 */
858 if (proxy && iph2->src_id && iph2->dst_id &&
859 ipsecdoi_transportmode(pp)) {
860 src = iph2->src_id;
861 dst = iph2->dst_id;
862 } else {
863 src = iph2->src;
864 dst = iph2->dst;
865 }
866
867 for (pr = pp->head; pr != NULL; pr = pr->next) {
868
869 /* validity check */
870 satype = ipsecdoi2pfkey_proto(pr->proto_id);
871 if (satype == ~0) {
872 plog(LLV_ERROR, LOCATION, NULL,
873 "invalid proto_id %d\n", pr->proto_id);
874 return -1;
875 }
876 /* this works around a bug in Linux kernel where it allocates 4 byte
877 spi's for IPCOMP */
878 else if (satype == SADB_X_SATYPE_IPCOMP) {
879 minspi = 0x100;
880 maxspi = 0xffff;
881 }
882 else {
883 minspi = 0;
884 maxspi = 0;
885 }
886 mode = ipsecdoi2pfkey_mode(pr->encmode);
887 if (mode == ~0) {
888 plog(LLV_ERROR, LOCATION, NULL,
889 "invalid encmode %d\n", pr->encmode);
890 return -1;
891 }
892
893 #ifdef ENABLE_NATT
894 /* XXX should we do a copy of src/dst for each pr ?
895 */
896 if (! pr->udp_encap) {
897 /* Remove port information, that SA doesn't use it */
898 set_port(src, 0);
899 set_port(dst, 0);
900 }
901 #endif
902 plog(LLV_DEBUG, LOCATION, NULL, "call pfkey_send_getspi\n");
903 if (pfkey_send_getspi(
904 lcconf->sock_pfkey,
905 satype,
906 mode,
907 dst, /* src of SA */
908 src, /* dst of SA */
909 minspi, maxspi,
910 pr->reqid_in, iph2->seq) < 0) {
911 plog(LLV_ERROR, LOCATION, NULL,
912 "ipseclib failed send getspi (%s)\n",
913 ipsec_strerror());
914 return -1;
915 }
916 plog(LLV_DEBUG, LOCATION, NULL,
917 "pfkey GETSPI sent: %s\n",
918 sadbsecas2str(dst, src, satype, 0, mode));
919 }
920
921 return 0;
922 }
923
924 /*
925 * receive GETSPI from kernel.
926 */
927 static int
pk_recvgetspi(mhp)928 pk_recvgetspi(mhp)
929 caddr_t *mhp;
930 {
931 struct sadb_msg *msg;
932 struct sadb_sa *sa;
933 struct ph2handle *iph2;
934 struct sockaddr *dst;
935 int proto_id;
936 int allspiok, notfound;
937 struct saprop *pp;
938 struct saproto *pr;
939
940 /* validity check */
941 if (mhp[SADB_EXT_SA] == NULL
942 || mhp[SADB_EXT_ADDRESS_DST] == NULL) {
943 plog(LLV_ERROR, LOCATION, NULL,
944 "inappropriate sadb getspi message passed.\n");
945 return -1;
946 }
947 msg = (struct sadb_msg *)mhp[0];
948 sa = (struct sadb_sa *)mhp[SADB_EXT_SA];
949 dst = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_SRC]); /* note SA dir */
950
951 /* the message has to be processed or not ? */
952 if (msg->sadb_msg_pid != getpid()) {
953 plog(LLV_DEBUG, LOCATION, NULL,
954 "%s message is not interesting "
955 "because pid %d is not mine.\n",
956 s_pfkey_type(msg->sadb_msg_type),
957 msg->sadb_msg_pid);
958 return -1;
959 }
960
961 iph2 = getph2byseq(msg->sadb_msg_seq);
962 if (iph2 == NULL) {
963 plog(LLV_DEBUG, LOCATION, NULL,
964 "seq %d of %s message not interesting.\n",
965 msg->sadb_msg_seq,
966 s_pfkey_type(msg->sadb_msg_type));
967 return -1;
968 }
969
970 if (iph2->status != PHASE2ST_GETSPISENT) {
971 plog(LLV_ERROR, LOCATION, NULL,
972 "status mismatch (db:%d msg:%d)\n",
973 iph2->status, PHASE2ST_GETSPISENT);
974 return -1;
975 }
976
977 /* set SPI, and check to get all spi whether or not */
978 allspiok = 1;
979 notfound = 1;
980 proto_id = pfkey2ipsecdoi_proto(msg->sadb_msg_satype);
981 pp = iph2->side == INITIATOR ? iph2->proposal : iph2->approval;
982
983 for (pr = pp->head; pr != NULL; pr = pr->next) {
984 if (pr->proto_id == proto_id && pr->spi == 0) {
985 pr->spi = sa->sadb_sa_spi;
986 notfound = 0;
987 plog(LLV_DEBUG, LOCATION, NULL,
988 "pfkey GETSPI succeeded: %s\n",
989 sadbsecas2str(iph2->dst, iph2->src,
990 msg->sadb_msg_satype,
991 sa->sadb_sa_spi,
992 ipsecdoi2pfkey_mode(pr->encmode)));
993 }
994 if (pr->spi == 0)
995 allspiok = 0; /* not get all spi */
996 }
997
998 if (notfound) {
999 plog(LLV_ERROR, LOCATION, NULL,
1000 "get spi for unknown address %s\n",
1001 saddrwop2str(iph2->dst));
1002 return -1;
1003 }
1004
1005 if (allspiok) {
1006 /* update status */
1007 iph2->status = PHASE2ST_GETSPIDONE;
1008 if (isakmp_post_getspi(iph2) < 0) {
1009 plog(LLV_ERROR, LOCATION, NULL,
1010 "failed to start post getspi.\n");
1011 unbindph12(iph2);
1012 remph2(iph2);
1013 delph2(iph2);
1014 iph2 = NULL;
1015 return -1;
1016 }
1017 }
1018
1019 return 0;
1020 }
1021
1022 /*
1023 * set inbound SA
1024 */
1025 int
pk_sendupdate(iph2)1026 pk_sendupdate(iph2)
1027 struct ph2handle *iph2;
1028 {
1029 struct saproto *pr;
1030 struct pfkey_send_sa_args sa_args;
1031 int proxy = 0;
1032
1033 /* sanity check */
1034 if (iph2->approval == NULL) {
1035 plog(LLV_ERROR, LOCATION, NULL,
1036 "no approvaled SAs found.\n");
1037 }
1038
1039 if (iph2->side == INITIATOR)
1040 proxy = iph2->ph1->rmconf->support_proxy;
1041 else if (iph2->sainfo && iph2->sainfo->id_i)
1042 proxy = 1;
1043
1044 /* fill in some needed for pfkey_send_update2 */
1045 memset (&sa_args, 0, sizeof (sa_args));
1046 sa_args.so = lcconf->sock_pfkey;
1047 sa_args.l_addtime = iph2->approval->lifetime;
1048 sa_args.seq = iph2->seq;
1049 sa_args.wsize = 4;
1050
1051 /* for mobile IPv6 */
1052 if (proxy && iph2->src_id && iph2->dst_id &&
1053 ipsecdoi_transportmode(iph2->approval)) {
1054 sa_args.dst = iph2->src_id;
1055 sa_args.src = iph2->dst_id;
1056 } else {
1057 sa_args.dst = iph2->src;
1058 sa_args.src = iph2->dst;
1059 }
1060
1061 for (pr = iph2->approval->head; pr != NULL; pr = pr->next) {
1062 /* validity check */
1063 sa_args.satype = ipsecdoi2pfkey_proto(pr->proto_id);
1064 if (sa_args.satype == ~0) {
1065 plog(LLV_ERROR, LOCATION, NULL,
1066 "invalid proto_id %d\n", pr->proto_id);
1067 return -1;
1068 }
1069 else if (sa_args.satype == SADB_X_SATYPE_IPCOMP) {
1070 /* IPCOMP has no replay window */
1071 sa_args.wsize = 0;
1072 }
1073 #ifdef ENABLE_SAMODE_UNSPECIFIED
1074 sa_args.mode = IPSEC_MODE_ANY;
1075 #else
1076 sa_args.mode = ipsecdoi2pfkey_mode(pr->encmode);
1077 if (sa_args.mode == ~0) {
1078 plog(LLV_ERROR, LOCATION, NULL,
1079 "invalid encmode %d\n", pr->encmode);
1080 return -1;
1081 }
1082 #endif
1083 /* set algorithm type and key length */
1084 sa_args.e_keylen = pr->head->encklen;
1085 if (pfkey_convertfromipsecdoi(
1086 pr->proto_id,
1087 pr->head->trns_id,
1088 pr->head->authtype,
1089 &sa_args.e_type, &sa_args.e_keylen,
1090 &sa_args.a_type, &sa_args.a_keylen,
1091 &sa_args.flags) < 0)
1092 return -1;
1093
1094 #if 0
1095 sa_args.l_bytes = iph2->approval->lifebyte * 1024,
1096 #else
1097 sa_args.l_bytes = 0;
1098 #endif
1099
1100 #ifdef HAVE_SECCTX
1101 if (*iph2->approval->sctx.ctx_str) {
1102 sa_args.ctxdoi = iph2->approval->sctx.ctx_doi;
1103 sa_args.ctxalg = iph2->approval->sctx.ctx_alg;
1104 sa_args.ctxstrlen = iph2->approval->sctx.ctx_strlen;
1105 sa_args.ctxstr = iph2->approval->sctx.ctx_str;
1106 }
1107 #endif /* HAVE_SECCTX */
1108
1109 #ifdef ENABLE_NATT
1110 if (pr->udp_encap) {
1111 sa_args.l_natt_type = iph2->ph1->natt_options->encaps_type;
1112 sa_args.l_natt_sport = extract_port (iph2->ph1->remote);
1113 sa_args.l_natt_dport = extract_port (iph2->ph1->local);
1114 sa_args.l_natt_oa = NULL; // FIXME: Here comes OA!!!
1115 #ifdef SADB_X_EXT_NAT_T_FRAG
1116 sa_args.l_natt_frag = iph2->ph1->rmconf->esp_frag;
1117 #endif
1118 } else {
1119 /* Remove port information, that SA doesn't use it */
1120 set_port(sa_args.src, 0);
1121 set_port(sa_args.dst, 0);
1122 }
1123
1124 #endif
1125 /* more info to fill in */
1126 sa_args.spi = pr->spi;
1127 sa_args.reqid = pr->reqid_in;
1128 sa_args.keymat = pr->keymat->v;
1129
1130 plog(LLV_DEBUG, LOCATION, NULL, "call pfkey_send_update2\n");
1131 if (pfkey_send_update2(&sa_args) < 0) {
1132 plog(LLV_ERROR, LOCATION, NULL,
1133 "libipsec failed send update (%s)\n",
1134 ipsec_strerror());
1135 return -1;
1136 }
1137
1138 #ifndef ANDROID_PATCHED
1139 if (!lcconf->pathinfo[LC_PATHTYPE_BACKUPSA])
1140 continue;
1141
1142 /*
1143 * It maybe good idea to call backupsa_to_file() after
1144 * racoon will receive the sadb_update messages.
1145 * But it is impossible because there is not key in the
1146 * information from the kernel.
1147 */
1148
1149 /* change some things before backing up */
1150 sa_args.wsize = 4;
1151 sa_args.l_bytes = iph2->approval->lifebyte * 1024;
1152
1153 if (backupsa_to_file(&sa_args) < 0) {
1154 plog(LLV_ERROR, LOCATION, NULL,
1155 "backuped SA failed: %s\n",
1156 sadbsecas2str(sa_args.src, sa_args.dst,
1157 sa_args.satype, sa_args.spi, sa_args.mode));
1158 }
1159 plog(LLV_DEBUG, LOCATION, NULL,
1160 "backuped SA: %s\n",
1161 sadbsecas2str(sa_args.src, sa_args.dst,
1162 sa_args.satype, sa_args.spi, sa_args.mode));
1163 #endif
1164 }
1165
1166 return 0;
1167 }
1168
1169 static int
pk_recvupdate(mhp)1170 pk_recvupdate(mhp)
1171 caddr_t *mhp;
1172 {
1173 struct sadb_msg *msg;
1174 struct sadb_sa *sa;
1175 struct sockaddr *src, *dst;
1176 struct ph2handle *iph2;
1177 u_int proto_id, encmode, sa_mode;
1178 int incomplete = 0;
1179 struct saproto *pr;
1180
1181 /* ignore this message because of local test mode. */
1182 if (f_local)
1183 return 0;
1184
1185 /* sanity check */
1186 if (mhp[0] == NULL
1187 || mhp[SADB_EXT_SA] == NULL
1188 || mhp[SADB_EXT_ADDRESS_SRC] == NULL
1189 || mhp[SADB_EXT_ADDRESS_DST] == NULL) {
1190 plog(LLV_ERROR, LOCATION, NULL,
1191 "inappropriate sadb update message passed.\n");
1192 return -1;
1193 }
1194 msg = (struct sadb_msg *)mhp[0];
1195 src = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_SRC]);
1196 dst = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_DST]);
1197 sa = (struct sadb_sa *)mhp[SADB_EXT_SA];
1198
1199 sa_mode = mhp[SADB_X_EXT_SA2] == NULL
1200 ? IPSEC_MODE_ANY
1201 : ((struct sadb_x_sa2 *)mhp[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
1202
1203 /* the message has to be processed or not ? */
1204 if (msg->sadb_msg_pid != getpid()) {
1205 plog(LLV_DEBUG, LOCATION, NULL,
1206 "%s message is not interesting "
1207 "because pid %d is not mine.\n",
1208 s_pfkey_type(msg->sadb_msg_type),
1209 msg->sadb_msg_pid);
1210 return -1;
1211 }
1212
1213 iph2 = getph2byseq(msg->sadb_msg_seq);
1214 if (iph2 == NULL) {
1215 plog(LLV_DEBUG, LOCATION, NULL,
1216 "seq %d of %s message not interesting.\n",
1217 msg->sadb_msg_seq,
1218 s_pfkey_type(msg->sadb_msg_type));
1219 return -1;
1220 }
1221
1222 if (iph2->status != PHASE2ST_ADDSA) {
1223 plog(LLV_ERROR, LOCATION, NULL,
1224 "status mismatch (db:%d msg:%d)\n",
1225 iph2->status, PHASE2ST_ADDSA);
1226 return -1;
1227 }
1228
1229 /* check to complete all keys ? */
1230 for (pr = iph2->approval->head; pr != NULL; pr = pr->next) {
1231 proto_id = pfkey2ipsecdoi_proto(msg->sadb_msg_satype);
1232 if (proto_id == ~0) {
1233 plog(LLV_ERROR, LOCATION, NULL,
1234 "invalid proto_id %d\n", msg->sadb_msg_satype);
1235 return -1;
1236 }
1237 encmode = pfkey2ipsecdoi_mode(sa_mode);
1238 if (encmode == ~0) {
1239 plog(LLV_ERROR, LOCATION, NULL,
1240 "invalid encmode %d\n", sa_mode);
1241 return -1;
1242 }
1243
1244 if (pr->proto_id == proto_id
1245 && pr->spi == sa->sadb_sa_spi) {
1246 pr->ok = 1;
1247 plog(LLV_DEBUG, LOCATION, NULL,
1248 "pfkey UPDATE succeeded: %s\n",
1249 sadbsecas2str(iph2->dst, iph2->src,
1250 msg->sadb_msg_satype,
1251 sa->sadb_sa_spi,
1252 sa_mode));
1253
1254 plog(LLV_INFO, LOCATION, NULL,
1255 "IPsec-SA established: %s\n",
1256 sadbsecas2str(iph2->dst, iph2->src,
1257 msg->sadb_msg_satype, sa->sadb_sa_spi,
1258 sa_mode));
1259 }
1260
1261 if (pr->ok == 0)
1262 incomplete = 1;
1263 }
1264
1265 if (incomplete)
1266 return 0;
1267
1268 /* turn off the timer for calling pfkey_timeover() */
1269 SCHED_KILL(iph2->sce);
1270
1271 /* update status */
1272 iph2->status = PHASE2ST_ESTABLISHED;
1273
1274 #ifdef ENABLE_STATS
1275 gettimeofday(&iph2->end, NULL);
1276 syslog(LOG_NOTICE, "%s(%s): %8.6f",
1277 "phase2", "quick", timedelta(&iph2->start, &iph2->end));
1278 #endif
1279
1280 /* count up */
1281 iph2->ph1->ph2cnt++;
1282
1283 /* turn off schedule */
1284 SCHED_KILL(iph2->scr);
1285
1286 /* Force the update of ph2's ports, as there is at least one
1287 * situation where they'll mismatch with ph1's values
1288 */
1289
1290 #ifdef ENABLE_NATT
1291 set_port(iph2->src, extract_port(iph2->ph1->local));
1292 set_port(iph2->dst, extract_port(iph2->ph1->remote));
1293 #endif
1294
1295 /*
1296 * since we are going to reuse the phase2 handler, we need to
1297 * remain it and refresh all the references between ph1 and ph2 to use.
1298 */
1299 unbindph12(iph2);
1300
1301 iph2->sce = sched_new(iph2->approval->lifetime,
1302 isakmp_ph2expire_stub, iph2);
1303
1304 plog(LLV_DEBUG, LOCATION, NULL, "===\n");
1305 return 0;
1306 }
1307
1308 /*
1309 * set outbound SA
1310 */
1311 int
pk_sendadd(iph2)1312 pk_sendadd(iph2)
1313 struct ph2handle *iph2;
1314 {
1315 struct saproto *pr;
1316 int proxy = 0;
1317 struct pfkey_send_sa_args sa_args;
1318
1319 /* sanity check */
1320 if (iph2->approval == NULL) {
1321 plog(LLV_ERROR, LOCATION, NULL,
1322 "no approvaled SAs found.\n");
1323 return -1;
1324 }
1325
1326 if (iph2->side == INITIATOR)
1327 proxy = iph2->ph1->rmconf->support_proxy;
1328 else if (iph2->sainfo && iph2->sainfo->id_i)
1329 proxy = 1;
1330
1331 /* fill in some needed for pfkey_send_update2 */
1332 memset (&sa_args, 0, sizeof (sa_args));
1333 sa_args.so = lcconf->sock_pfkey;
1334 sa_args.l_addtime = iph2->approval->lifetime;
1335 sa_args.seq = iph2->seq;
1336 sa_args.wsize = 4;
1337
1338 /* for mobile IPv6 */
1339 if (proxy && iph2->src_id && iph2->dst_id &&
1340 ipsecdoi_transportmode(iph2->approval)) {
1341 sa_args.src = iph2->src_id;
1342 sa_args.dst = iph2->dst_id;
1343 } else {
1344 sa_args.src = iph2->src;
1345 sa_args.dst = iph2->dst;
1346 }
1347
1348 for (pr = iph2->approval->head; pr != NULL; pr = pr->next) {
1349 /* validity check */
1350 sa_args.satype = ipsecdoi2pfkey_proto(pr->proto_id);
1351 if (sa_args.satype == ~0) {
1352 plog(LLV_ERROR, LOCATION, NULL,
1353 "invalid proto_id %d\n", pr->proto_id);
1354 return -1;
1355 }
1356 else if (sa_args.satype == SADB_X_SATYPE_IPCOMP) {
1357 /* no replay window for IPCOMP */
1358 sa_args.wsize = 0;
1359 }
1360 #ifdef ENABLE_SAMODE_UNSPECIFIED
1361 sa_args.mode = IPSEC_MODE_ANY;
1362 #else
1363 sa_args.mode = ipsecdoi2pfkey_mode(pr->encmode);
1364 if (sa_args.mode == ~0) {
1365 plog(LLV_ERROR, LOCATION, NULL,
1366 "invalid encmode %d\n", pr->encmode);
1367 return -1;
1368 }
1369 #endif
1370
1371 /* set algorithm type and key length */
1372 sa_args.e_keylen = pr->head->encklen;
1373 if (pfkey_convertfromipsecdoi(
1374 pr->proto_id,
1375 pr->head->trns_id,
1376 pr->head->authtype,
1377 &sa_args.e_type, &sa_args.e_keylen,
1378 &sa_args.a_type, &sa_args.a_keylen,
1379 &sa_args.flags) < 0)
1380 return -1;
1381
1382 #if 0
1383 sa_args.l_bytes = iph2->approval->lifebyte * 1024,
1384 #else
1385 sa_args.l_bytes = 0;
1386 #endif
1387
1388 #ifdef HAVE_SECCTX
1389 if (*iph2->approval->sctx.ctx_str) {
1390 sa_args.ctxdoi = iph2->approval->sctx.ctx_doi;
1391 sa_args.ctxalg = iph2->approval->sctx.ctx_alg;
1392 sa_args.ctxstrlen = iph2->approval->sctx.ctx_strlen;
1393 sa_args.ctxstr = iph2->approval->sctx.ctx_str;
1394 }
1395 #endif /* HAVE_SECCTX */
1396
1397 #ifdef ENABLE_NATT
1398 plog(LLV_DEBUG, LOCATION, NULL, "call pfkey_send_add2 "
1399 "(NAT flavor)\n");
1400
1401 if (pr->udp_encap) {
1402 sa_args.l_natt_type = UDP_ENCAP_ESPINUDP;
1403 sa_args.l_natt_sport = extract_port(iph2->ph1->local);
1404 sa_args.l_natt_dport = extract_port(iph2->ph1->remote);
1405 sa_args.l_natt_oa = NULL; // FIXME: Here comes OA!!!
1406 #ifdef SADB_X_EXT_NAT_T_FRAG
1407 sa_args.l_natt_frag = iph2->ph1->rmconf->esp_frag;
1408 #endif
1409 } else {
1410 /* Remove port information, that SA doesn't use it */
1411 set_port(sa_args.src, 0);
1412 set_port(sa_args.dst, 0);
1413 }
1414
1415 #else
1416 /* Remove port information, it is not used without NAT-T */
1417 set_port(sa_args.src, 0);
1418 set_port(sa_args.dst, 0);
1419 #endif
1420
1421 /* more info to fill in */
1422 sa_args.spi = pr->spi_p;
1423 sa_args.reqid = pr->reqid_out;
1424 sa_args.keymat = pr->keymat_p->v;
1425
1426 plog(LLV_DEBUG, LOCATION, NULL, "call pfkey_send_add2\n");
1427 if (pfkey_send_add2(&sa_args) < 0) {
1428 plog(LLV_ERROR, LOCATION, NULL,
1429 "libipsec failed send add (%s)\n",
1430 ipsec_strerror());
1431 return -1;
1432 }
1433
1434 #ifndef ANDROID_PATCHED
1435 if (!lcconf->pathinfo[LC_PATHTYPE_BACKUPSA])
1436 continue;
1437
1438 /*
1439 * It maybe good idea to call backupsa_to_file() after
1440 * racoon will receive the sadb_update messages.
1441 * But it is impossible because there is not key in the
1442 * information from the kernel.
1443 */
1444 if (backupsa_to_file(&sa_args) < 0) {
1445 plog(LLV_ERROR, LOCATION, NULL,
1446 "backuped SA failed: %s\n",
1447 sadbsecas2str(sa_args.src, sa_args.dst,
1448 sa_args.satype, sa_args.spi, sa_args.mode));
1449 }
1450 plog(LLV_DEBUG, LOCATION, NULL,
1451 "backuped SA: %s\n",
1452 sadbsecas2str(sa_args.src, sa_args.dst,
1453 sa_args.satype, sa_args.spi, sa_args.mode));
1454 #endif
1455 }
1456 return 0;
1457 }
1458
1459 static int
pk_recvadd(mhp)1460 pk_recvadd(mhp)
1461 caddr_t *mhp;
1462 {
1463 struct sadb_msg *msg;
1464 struct sadb_sa *sa;
1465 struct sockaddr *src, *dst;
1466 struct ph2handle *iph2;
1467 u_int sa_mode;
1468
1469 /* ignore this message because of local test mode. */
1470 if (f_local)
1471 return 0;
1472
1473 /* sanity check */
1474 if (mhp[0] == NULL
1475 || mhp[SADB_EXT_SA] == NULL
1476 || mhp[SADB_EXT_ADDRESS_SRC] == NULL
1477 || mhp[SADB_EXT_ADDRESS_DST] == NULL) {
1478 plog(LLV_ERROR, LOCATION, NULL,
1479 "inappropriate sadb add message passed.\n");
1480 return -1;
1481 }
1482 msg = (struct sadb_msg *)mhp[0];
1483 src = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_SRC]);
1484 dst = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_DST]);
1485 sa = (struct sadb_sa *)mhp[SADB_EXT_SA];
1486
1487 sa_mode = mhp[SADB_X_EXT_SA2] == NULL
1488 ? IPSEC_MODE_ANY
1489 : ((struct sadb_x_sa2 *)mhp[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
1490
1491 /* the message has to be processed or not ? */
1492 if (msg->sadb_msg_pid != getpid()) {
1493 plog(LLV_DEBUG, LOCATION, NULL,
1494 "%s message is not interesting "
1495 "because pid %d is not mine.\n",
1496 s_pfkey_type(msg->sadb_msg_type),
1497 msg->sadb_msg_pid);
1498 return -1;
1499 }
1500
1501 iph2 = getph2byseq(msg->sadb_msg_seq);
1502 if (iph2 == NULL) {
1503 plog(LLV_DEBUG, LOCATION, NULL,
1504 "seq %d of %s message not interesting.\n",
1505 msg->sadb_msg_seq,
1506 s_pfkey_type(msg->sadb_msg_type));
1507 return -1;
1508 }
1509
1510 /*
1511 * NOTE don't update any status of phase2 handle
1512 * because they must be updated by SADB_UPDATE message
1513 */
1514
1515 plog(LLV_INFO, LOCATION, NULL,
1516 "IPsec-SA established: %s\n",
1517 sadbsecas2str(iph2->src, iph2->dst,
1518 msg->sadb_msg_satype, sa->sadb_sa_spi, sa_mode));
1519
1520 plog(LLV_DEBUG, LOCATION, NULL, "===\n");
1521 return 0;
1522 }
1523
1524 static int
pk_recvexpire(mhp)1525 pk_recvexpire(mhp)
1526 caddr_t *mhp;
1527 {
1528 struct sadb_msg *msg;
1529 struct sadb_sa *sa;
1530 struct sockaddr *src, *dst;
1531 struct ph2handle *iph2;
1532 u_int proto_id, sa_mode;
1533
1534 /* sanity check */
1535 if (mhp[0] == NULL
1536 || mhp[SADB_EXT_SA] == NULL
1537 || mhp[SADB_EXT_ADDRESS_SRC] == NULL
1538 || mhp[SADB_EXT_ADDRESS_DST] == NULL
1539 || (mhp[SADB_EXT_LIFETIME_HARD] != NULL
1540 && mhp[SADB_EXT_LIFETIME_SOFT] != NULL)) {
1541 plog(LLV_ERROR, LOCATION, NULL,
1542 "inappropriate sadb expire message passed.\n");
1543 return -1;
1544 }
1545 msg = (struct sadb_msg *)mhp[0];
1546 sa = (struct sadb_sa *)mhp[SADB_EXT_SA];
1547 src = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_SRC]);
1548 dst = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_DST]);
1549
1550 sa_mode = mhp[SADB_X_EXT_SA2] == NULL
1551 ? IPSEC_MODE_ANY
1552 : ((struct sadb_x_sa2 *)mhp[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
1553
1554 proto_id = pfkey2ipsecdoi_proto(msg->sadb_msg_satype);
1555 if (proto_id == ~0) {
1556 plog(LLV_ERROR, LOCATION, NULL,
1557 "invalid proto_id %d\n", msg->sadb_msg_satype);
1558 return -1;
1559 }
1560
1561 plog(LLV_INFO, LOCATION, NULL,
1562 "IPsec-SA expired: %s\n",
1563 sadbsecas2str(src, dst,
1564 msg->sadb_msg_satype, sa->sadb_sa_spi, sa_mode));
1565
1566 iph2 = getph2bysaidx(src, dst, proto_id, sa->sadb_sa_spi);
1567 if (iph2 == NULL) {
1568 /*
1569 * Ignore it because two expire messages are come up.
1570 * phase2 handler has been deleted already when 2nd message
1571 * is received.
1572 */
1573 plog(LLV_DEBUG, LOCATION, NULL,
1574 "no such a SA found: %s\n",
1575 sadbsecas2str(src, dst,
1576 msg->sadb_msg_satype, sa->sadb_sa_spi,
1577 sa_mode));
1578 return 0;
1579 }
1580 if (iph2->status != PHASE2ST_ESTABLISHED) {
1581 /*
1582 * If the status is not equal to PHASE2ST_ESTABLISHED,
1583 * racoon ignores this expire message. There are two reason.
1584 * One is that the phase 2 probably starts because there is
1585 * a potential that racoon receives the acquire message
1586 * without receiving a expire message. Another is that racoon
1587 * may receive the multiple expire messages from the kernel.
1588 */
1589 plog(LLV_WARNING, LOCATION, NULL,
1590 "the expire message is received "
1591 "but the handler has not been established.\n");
1592 return 0;
1593 }
1594
1595 /* turn off the timer for calling isakmp_ph2expire() */
1596 SCHED_KILL(iph2->sce);
1597
1598 iph2->status = PHASE2ST_EXPIRED;
1599
1600 /* INITIATOR, begin phase 2 exchange. */
1601 /* allocate buffer for status management of pfkey message */
1602 if (iph2->side == INITIATOR) {
1603
1604 initph2(iph2);
1605
1606 /* update status for re-use */
1607 iph2->status = PHASE2ST_STATUS2;
1608
1609 /* start isakmp initiation by using ident exchange */
1610 if (isakmp_post_acquire(iph2) < 0) {
1611 plog(LLV_ERROR, LOCATION, iph2->dst,
1612 "failed to begin ipsec sa "
1613 "re-negotication.\n");
1614 unbindph12(iph2);
1615 remph2(iph2);
1616 delph2(iph2);
1617 return -1;
1618 }
1619
1620 return 0;
1621 /*NOTREACHED*/
1622 }
1623
1624 /* If not received SADB_EXPIRE, INITIATOR delete ph2handle. */
1625 /* RESPONDER always delete ph2handle, keep silent. RESPONDER doesn't
1626 * manage IPsec SA, so delete the list */
1627 unbindph12(iph2);
1628 remph2(iph2);
1629 delph2(iph2);
1630
1631 return 0;
1632 }
1633
1634 static int
pk_recvacquire(mhp)1635 pk_recvacquire(mhp)
1636 caddr_t *mhp;
1637 {
1638 struct sadb_msg *msg;
1639 struct sadb_x_policy *xpl;
1640 struct secpolicy *sp_out = NULL, *sp_in = NULL;
1641 #define MAXNESTEDSA 5 /* XXX */
1642 struct ph2handle *iph2[MAXNESTEDSA];
1643 struct sockaddr *src, *dst;
1644 int n; /* # of phase 2 handler */
1645 int remoteid=0;
1646 #ifdef HAVE_SECCTX
1647 struct sadb_x_sec_ctx *m_sec_ctx;
1648 #endif /* HAVE_SECCTX */
1649 struct policyindex spidx;
1650
1651
1652 /* ignore this message because of local test mode. */
1653 if (f_local)
1654 return 0;
1655
1656 /* sanity check */
1657 if (mhp[0] == NULL
1658 || mhp[SADB_EXT_ADDRESS_SRC] == NULL
1659 || mhp[SADB_EXT_ADDRESS_DST] == NULL
1660 || mhp[SADB_X_EXT_POLICY] == NULL) {
1661 plog(LLV_ERROR, LOCATION, NULL,
1662 "inappropriate sadb acquire message passed.\n");
1663 return -1;
1664 }
1665 msg = (struct sadb_msg *)mhp[0];
1666 xpl = (struct sadb_x_policy *)mhp[SADB_X_EXT_POLICY];
1667 src = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_SRC]);
1668 dst = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_DST]);
1669
1670 #ifdef HAVE_SECCTX
1671 m_sec_ctx = (struct sadb_x_sec_ctx *)mhp[SADB_X_EXT_SEC_CTX];
1672
1673 if (m_sec_ctx != NULL) {
1674 plog(LLV_INFO, LOCATION, NULL, "security context doi: %u\n",
1675 m_sec_ctx->sadb_x_ctx_doi);
1676 plog(LLV_INFO, LOCATION, NULL,
1677 "security context algorithm: %u\n",
1678 m_sec_ctx->sadb_x_ctx_alg);
1679 plog(LLV_INFO, LOCATION, NULL, "security context length: %u\n",
1680 m_sec_ctx->sadb_x_ctx_len);
1681 plog(LLV_INFO, LOCATION, NULL, "security context: %s\n",
1682 ((char *)m_sec_ctx + sizeof(struct sadb_x_sec_ctx)));
1683 }
1684 #endif /* HAVE_SECCTX */
1685
1686 /* ignore if type is not IPSEC_POLICY_IPSEC */
1687 if (xpl->sadb_x_policy_type != IPSEC_POLICY_IPSEC) {
1688 plog(LLV_DEBUG, LOCATION, NULL,
1689 "ignore ACQUIRE message. type is not IPsec.\n");
1690 return 0;
1691 }
1692
1693 /* ignore it if src is multicast address */
1694 {
1695 struct sockaddr *sa = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_DST]);
1696
1697 if ((sa->sa_family == AF_INET
1698 && IN_MULTICAST(ntohl(((struct sockaddr_in *)sa)->sin_addr.s_addr)))
1699 #ifdef INET6
1700 || (sa->sa_family == AF_INET6
1701 && IN6_IS_ADDR_MULTICAST(&((struct sockaddr_in6 *)sa)->sin6_addr))
1702 #endif
1703 ) {
1704 plog(LLV_DEBUG, LOCATION, NULL,
1705 "ignore due to multicast address: %s.\n",
1706 saddrwop2str(sa));
1707 return 0;
1708 }
1709 }
1710
1711 /* ignore, if we do not listen on source address */
1712 {
1713 /* reasons behind:
1714 * - if we'll contact peer from address we do not listen -
1715 * we will be unable to complete negotiation;
1716 * - if we'll negotiate using address we're listening -
1717 * remote peer will send packets to address different
1718 * than one in the policy, so kernel will drop them;
1719 * => therefore this acquire is not for us! --Aidas
1720 */
1721 struct sockaddr *sa = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_SRC]);
1722 struct myaddrs *p;
1723 int do_listen = 0;
1724 for (p = lcconf->myaddrs; p; p = p->next) {
1725 if (!cmpsaddrwop(p->addr, sa)) {
1726 do_listen = 1;
1727 break;
1728 }
1729 }
1730
1731 if (!do_listen) {
1732 plog(LLV_DEBUG, LOCATION, NULL,
1733 "ignore because do not listen on source address : %s.\n",
1734 saddrwop2str(sa));
1735 return 0;
1736 }
1737 }
1738
1739 /*
1740 * If there is a phase 2 handler against the policy identifier in
1741 * the acquire message, and if
1742 * 1. its state is less than PHASE2ST_ESTABLISHED, then racoon
1743 * should ignore such a acquire message because the phase 2
1744 * is just negotiating.
1745 * 2. its state is equal to PHASE2ST_ESTABLISHED, then racoon
1746 * has to prcesss such a acquire message because racoon may
1747 * lost the expire message.
1748 */
1749 iph2[0] = getph2byid(src, dst, xpl->sadb_x_policy_id);
1750 if (iph2[0] != NULL) {
1751 if (iph2[0]->status < PHASE2ST_ESTABLISHED) {
1752 plog(LLV_DEBUG, LOCATION, NULL,
1753 "ignore the acquire because ph2 found\n");
1754 return -1;
1755 }
1756 if (iph2[0]->status == PHASE2ST_EXPIRED)
1757 iph2[0] = NULL;
1758 /*FALLTHROUGH*/
1759 }
1760
1761 /* search for proper policyindex */
1762 sp_out = getspbyspid(xpl->sadb_x_policy_id);
1763 if (sp_out == NULL) {
1764 plog(LLV_ERROR, LOCATION, NULL, "no policy found: id:%d.\n",
1765 xpl->sadb_x_policy_id);
1766 return -1;
1767 }
1768 plog(LLV_DEBUG, LOCATION, NULL,
1769 "suitable outbound SP found: %s.\n", spidx2str(&sp_out->spidx));
1770
1771 /* get inbound policy */
1772 {
1773
1774 memset(&spidx, 0, sizeof(spidx));
1775 spidx.dir = IPSEC_DIR_INBOUND;
1776 memcpy(&spidx.src, &sp_out->spidx.dst, sizeof(spidx.src));
1777 memcpy(&spidx.dst, &sp_out->spidx.src, sizeof(spidx.dst));
1778 spidx.prefs = sp_out->spidx.prefd;
1779 spidx.prefd = sp_out->spidx.prefs;
1780 spidx.ul_proto = sp_out->spidx.ul_proto;
1781
1782 #ifdef HAVE_SECCTX
1783 if (m_sec_ctx) {
1784 spidx.sec_ctx.ctx_doi = m_sec_ctx->sadb_x_ctx_doi;
1785 spidx.sec_ctx.ctx_alg = m_sec_ctx->sadb_x_ctx_alg;
1786 spidx.sec_ctx.ctx_strlen = m_sec_ctx->sadb_x_ctx_len;
1787 memcpy(spidx.sec_ctx.ctx_str,
1788 ((char *)m_sec_ctx + sizeof(struct sadb_x_sec_ctx)),
1789 spidx.sec_ctx.ctx_strlen);
1790 }
1791 #endif /* HAVE_SECCTX */
1792
1793 sp_in = getsp(&spidx);
1794 if (sp_in) {
1795 plog(LLV_DEBUG, LOCATION, NULL,
1796 "suitable inbound SP found: %s.\n",
1797 spidx2str(&sp_in->spidx));
1798 } else {
1799 plog(LLV_NOTIFY, LOCATION, NULL,
1800 "no in-bound policy found: %s\n",
1801 spidx2str(&spidx));
1802 }
1803 }
1804
1805 memset(iph2, 0, MAXNESTEDSA);
1806
1807 n = 0;
1808
1809 /* allocate a phase 2 */
1810 iph2[n] = newph2();
1811 if (iph2[n] == NULL) {
1812 plog(LLV_ERROR, LOCATION, NULL,
1813 "failed to allocate phase2 entry.\n");
1814 return -1;
1815 }
1816 iph2[n]->side = INITIATOR;
1817 iph2[n]->spid = xpl->sadb_x_policy_id;
1818 iph2[n]->satype = msg->sadb_msg_satype;
1819 iph2[n]->seq = msg->sadb_msg_seq;
1820 iph2[n]->status = PHASE2ST_STATUS2;
1821
1822 /* set end addresses of SA */
1823 iph2[n]->dst = dupsaddr(PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_DST]));
1824 if (iph2[n]->dst == NULL) {
1825 delph2(iph2[n]);
1826 return -1;
1827 }
1828 iph2[n]->src = dupsaddr(PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_SRC]));
1829 if (iph2[n]->src == NULL) {
1830 delph2(iph2[n]);
1831 return -1;
1832 }
1833
1834 plog(LLV_DEBUG, LOCATION, NULL,
1835 "new acquire %s\n", spidx2str(&sp_out->spidx));
1836
1837 /* get sainfo */
1838 {
1839 vchar_t *idsrc, *iddst;
1840
1841 idsrc = ipsecdoi_sockaddr2id((struct sockaddr *)&sp_out->spidx.src,
1842 sp_out->spidx.prefs, sp_out->spidx.ul_proto);
1843 if (idsrc == NULL) {
1844 plog(LLV_ERROR, LOCATION, NULL,
1845 "failed to get ID for %s\n",
1846 spidx2str(&sp_out->spidx));
1847 delph2(iph2[n]);
1848 return -1;
1849 }
1850 iddst = ipsecdoi_sockaddr2id((struct sockaddr *)&sp_out->spidx.dst,
1851 sp_out->spidx.prefd, sp_out->spidx.ul_proto);
1852 if (iddst == NULL) {
1853 plog(LLV_ERROR, LOCATION, NULL,
1854 "failed to get ID for %s\n",
1855 spidx2str(&sp_out->spidx));
1856 vfree(idsrc);
1857 delph2(iph2[n]);
1858 return -1;
1859 }
1860 {
1861 struct remoteconf *conf;
1862 conf = getrmconf(iph2[n]->dst);
1863 if (conf != NULL)
1864 remoteid=conf->ph1id;
1865 else{
1866 plog(LLV_DEBUG, LOCATION, NULL, "Warning: no valid rmconf !\n");
1867 remoteid=0;
1868 }
1869 }
1870 iph2[n]->sainfo = getsainfo(idsrc, iddst, NULL, remoteid);
1871 vfree(idsrc);
1872 vfree(iddst);
1873 if (iph2[n]->sainfo == NULL) {
1874 plog(LLV_ERROR, LOCATION, NULL,
1875 "failed to get sainfo.\n");
1876 delph2(iph2[n]);
1877 return -1;
1878 /* XXX should use the algorithm list from register message */
1879 }
1880
1881 plog(LLV_DEBUG, LOCATION, NULL,
1882 "selected sainfo: %s\n", sainfo2str(iph2[n]->sainfo));
1883 }
1884
1885 if (set_proposal_from_policy(iph2[n], sp_out, sp_in) < 0) {
1886 plog(LLV_ERROR, LOCATION, NULL,
1887 "failed to create saprop.\n");
1888 delph2(iph2[n]);
1889 return -1;
1890 }
1891 #ifdef HAVE_SECCTX
1892 if (m_sec_ctx) {
1893 set_secctx_in_proposal(iph2[n], spidx);
1894 }
1895 #endif /* HAVE_SECCTX */
1896
1897 insph2(iph2[n]);
1898
1899 /* start isakmp initiation by using ident exchange */
1900 /* XXX should be looped if there are multiple phase 2 handler. */
1901 if (isakmp_post_acquire(iph2[n]) < 0) {
1902 plog(LLV_ERROR, LOCATION, NULL,
1903 "failed to begin ipsec sa negotication.\n");
1904 goto err;
1905 }
1906
1907 return 0;
1908
1909 err:
1910 while (n >= 0) {
1911 unbindph12(iph2[n]);
1912 remph2(iph2[n]);
1913 delph2(iph2[n]);
1914 iph2[n] = NULL;
1915 n--;
1916 }
1917 return -1;
1918 }
1919
1920 static int
pk_recvdelete(mhp)1921 pk_recvdelete(mhp)
1922 caddr_t *mhp;
1923 {
1924 struct sadb_msg *msg;
1925 struct sadb_sa *sa;
1926 struct sockaddr *src, *dst;
1927 struct ph2handle *iph2 = NULL;
1928 u_int proto_id;
1929
1930 /* ignore this message because of local test mode. */
1931 if (f_local)
1932 return 0;
1933
1934 /* sanity check */
1935 if (mhp[0] == NULL
1936 || mhp[SADB_EXT_SA] == NULL
1937 || mhp[SADB_EXT_ADDRESS_SRC] == NULL
1938 || mhp[SADB_EXT_ADDRESS_DST] == NULL) {
1939 plog(LLV_ERROR, LOCATION, NULL,
1940 "inappropriate sadb delete message passed.\n");
1941 return -1;
1942 }
1943 msg = (struct sadb_msg *)mhp[0];
1944 sa = (struct sadb_sa *)mhp[SADB_EXT_SA];
1945 src = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_SRC]);
1946 dst = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_DST]);
1947
1948 /* the message has to be processed or not ? */
1949 if (msg->sadb_msg_pid == getpid()) {
1950 plog(LLV_DEBUG, LOCATION, NULL,
1951 "%s message is not interesting "
1952 "because the message was originated by me.\n",
1953 s_pfkey_type(msg->sadb_msg_type));
1954 return -1;
1955 }
1956
1957 proto_id = pfkey2ipsecdoi_proto(msg->sadb_msg_satype);
1958 if (proto_id == ~0) {
1959 plog(LLV_ERROR, LOCATION, NULL,
1960 "invalid proto_id %d\n", msg->sadb_msg_satype);
1961 return -1;
1962 }
1963
1964 iph2 = getph2bysaidx(src, dst, proto_id, sa->sadb_sa_spi);
1965 if (iph2 == NULL) {
1966 /* ignore */
1967 plog(LLV_ERROR, LOCATION, NULL,
1968 "no iph2 found: %s\n",
1969 sadbsecas2str(src, dst, msg->sadb_msg_satype,
1970 sa->sadb_sa_spi, IPSEC_MODE_ANY));
1971 return 0;
1972 }
1973
1974 plog(LLV_ERROR, LOCATION, NULL,
1975 "pfkey DELETE received: %s\n",
1976 sadbsecas2str(iph2->src, iph2->dst,
1977 msg->sadb_msg_satype, sa->sadb_sa_spi, IPSEC_MODE_ANY));
1978
1979 /* send delete information */
1980 if (iph2->status == PHASE2ST_ESTABLISHED)
1981 isakmp_info_send_d2(iph2);
1982
1983 unbindph12(iph2);
1984 remph2(iph2);
1985 delph2(iph2);
1986
1987 return 0;
1988 }
1989
1990 static int
pk_recvflush(mhp)1991 pk_recvflush(mhp)
1992 caddr_t *mhp;
1993 {
1994 /* ignore this message because of local test mode. */
1995 if (f_local)
1996 return 0;
1997
1998 /* sanity check */
1999 if (mhp[0] == NULL) {
2000 plog(LLV_ERROR, LOCATION, NULL,
2001 "inappropriate sadb flush message passed.\n");
2002 return -1;
2003 }
2004
2005 flushph2();
2006
2007 return 0;
2008 }
2009
2010 static int
getsadbpolicy(policy0,policylen0,type,iph2)2011 getsadbpolicy(policy0, policylen0, type, iph2)
2012 caddr_t *policy0;
2013 int *policylen0, type;
2014 struct ph2handle *iph2;
2015 {
2016 struct policyindex *spidx = (struct policyindex *)iph2->spidx_gen;
2017 struct sadb_x_policy *xpl;
2018 struct sadb_x_ipsecrequest *xisr;
2019 struct saproto *pr;
2020 struct saproto **pr_rlist;
2021 int rlist_len = 0;
2022 caddr_t policy, p;
2023 int policylen;
2024 int xisrlen;
2025 u_int satype, mode;
2026 int len = 0;
2027 #ifdef HAVE_SECCTX
2028 int ctxlen = 0;
2029 #endif /* HAVE_SECCTX */
2030
2031
2032 /* get policy buffer size */
2033 policylen = sizeof(struct sadb_x_policy);
2034 if (type != SADB_X_SPDDELETE) {
2035 for (pr = iph2->approval->head; pr; pr = pr->next) {
2036 xisrlen = sizeof(*xisr);
2037 if (pr->encmode == IPSECDOI_ATTR_ENC_MODE_TUNNEL) {
2038 xisrlen += (sysdep_sa_len(iph2->src)
2039 + sysdep_sa_len(iph2->dst));
2040 }
2041
2042 policylen += PFKEY_ALIGN8(xisrlen);
2043 }
2044 }
2045
2046 #ifdef HAVE_SECCTX
2047 if (*spidx->sec_ctx.ctx_str) {
2048 ctxlen = sizeof(struct sadb_x_sec_ctx)
2049 + PFKEY_ALIGN8(spidx->sec_ctx.ctx_strlen);
2050 policylen += ctxlen;
2051 }
2052 #endif /* HAVE_SECCTX */
2053
2054 /* make policy structure */
2055 policy = racoon_malloc(policylen);
2056 memset((void*)policy, 0xcd, policylen);
2057 if (!policy) {
2058 plog(LLV_ERROR, LOCATION, NULL,
2059 "buffer allocation failed.\n");
2060 return -1;
2061 }
2062
2063 xpl = (struct sadb_x_policy *)policy;
2064 xpl->sadb_x_policy_len = PFKEY_UNIT64(policylen);
2065 xpl->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
2066 xpl->sadb_x_policy_type = IPSEC_POLICY_IPSEC;
2067 xpl->sadb_x_policy_dir = spidx->dir;
2068 xpl->sadb_x_policy_id = 0;
2069 #ifdef HAVE_PFKEY_POLICY_PRIORITY
2070 xpl->sadb_x_policy_priority = PRIORITY_DEFAULT;
2071 #endif
2072 len++;
2073
2074 #ifdef HAVE_SECCTX
2075 if (*spidx->sec_ctx.ctx_str) {
2076 struct sadb_x_sec_ctx *p;
2077
2078 p = (struct sadb_x_sec_ctx *)(xpl + len);
2079 memset(p, 0, ctxlen);
2080 p->sadb_x_sec_len = PFKEY_UNIT64(ctxlen);
2081 p->sadb_x_sec_exttype = SADB_X_EXT_SEC_CTX;
2082 p->sadb_x_ctx_len = spidx->sec_ctx.ctx_strlen;
2083 p->sadb_x_ctx_doi = spidx->sec_ctx.ctx_doi;
2084 p->sadb_x_ctx_alg = spidx->sec_ctx.ctx_alg;
2085
2086 memcpy(p + 1,spidx->sec_ctx.ctx_str,spidx->sec_ctx.ctx_strlen);
2087 len += ctxlen;
2088 }
2089 #endif /* HAVE_SECCTX */
2090
2091 /* no need to append policy information any more if type is SPDDELETE */
2092 if (type == SADB_X_SPDDELETE)
2093 goto end;
2094
2095 xisr = (struct sadb_x_ipsecrequest *)(xpl + len);
2096
2097 /* The order of things is reversed for use in add policy messages */
2098 for (pr = iph2->approval->head; pr; pr = pr->next) rlist_len++;
2099 pr_rlist = racoon_malloc((rlist_len+1)*sizeof(struct saproto*));
2100 if (!pr_rlist) {
2101 plog(LLV_ERROR, LOCATION, NULL,
2102 "buffer allocation failed.\n");
2103 return -1;
2104 }
2105 pr_rlist[rlist_len--] = NULL;
2106 for (pr = iph2->approval->head; pr; pr = pr->next) pr_rlist[rlist_len--] = pr;
2107 rlist_len = 0;
2108
2109 for (pr = pr_rlist[rlist_len++]; pr; pr = pr_rlist[rlist_len++]) {
2110
2111 satype = doi2ipproto(pr->proto_id);
2112 if (satype == ~0) {
2113 plog(LLV_ERROR, LOCATION, NULL,
2114 "invalid proto_id %d\n", pr->proto_id);
2115 goto err;
2116 }
2117 mode = ipsecdoi2pfkey_mode(pr->encmode);
2118 if (mode == ~0) {
2119 plog(LLV_ERROR, LOCATION, NULL,
2120 "invalid encmode %d\n", pr->encmode);
2121 goto err;
2122 }
2123
2124 /*
2125 * the policy level cannot be unique because the policy
2126 * is defined later than SA, so req_id cannot be bound to SA.
2127 */
2128 xisr->sadb_x_ipsecrequest_proto = satype;
2129 xisr->sadb_x_ipsecrequest_mode = mode;
2130 if(iph2->proposal->head->reqid_in > 0){
2131 xisr->sadb_x_ipsecrequest_level = IPSEC_LEVEL_UNIQUE;
2132 xisr->sadb_x_ipsecrequest_reqid = iph2->proposal->head->reqid_in;
2133 }else{
2134 xisr->sadb_x_ipsecrequest_level = IPSEC_LEVEL_REQUIRE;
2135 xisr->sadb_x_ipsecrequest_reqid = 0;
2136 }
2137 p = (caddr_t)(xisr + 1);
2138
2139 xisrlen = sizeof(*xisr);
2140
2141 if (pr->encmode == IPSECDOI_ATTR_ENC_MODE_TUNNEL) {
2142 int src_len, dst_len;
2143
2144 src_len = sysdep_sa_len(iph2->src);
2145 dst_len = sysdep_sa_len(iph2->dst);
2146 xisrlen += src_len + dst_len;
2147
2148 memcpy(p, iph2->src, src_len);
2149 p += src_len;
2150
2151 memcpy(p, iph2->dst, dst_len);
2152 p += dst_len;
2153 }
2154
2155 xisr->sadb_x_ipsecrequest_len = PFKEY_ALIGN8(xisrlen);
2156 xisr = (struct sadb_x_ipsecrequest *)p;
2157
2158 }
2159 racoon_free(pr_rlist);
2160
2161 end:
2162 *policy0 = policy;
2163 *policylen0 = policylen;
2164
2165 return 0;
2166
2167 err:
2168 if (policy)
2169 racoon_free(policy);
2170 if (pr_rlist) racoon_free(pr_rlist);
2171
2172 return -1;
2173 }
2174
2175 int
pk_sendspdupdate2(iph2)2176 pk_sendspdupdate2(iph2)
2177 struct ph2handle *iph2;
2178 {
2179 struct policyindex *spidx = (struct policyindex *)iph2->spidx_gen;
2180 caddr_t policy = NULL;
2181 int policylen = 0;
2182 u_int64_t ltime, vtime;
2183
2184 ltime = iph2->approval->lifetime;
2185 vtime = 0;
2186
2187 if (getsadbpolicy(&policy, &policylen, SADB_X_SPDUPDATE, iph2)) {
2188 plog(LLV_ERROR, LOCATION, NULL,
2189 "getting sadb policy failed.\n");
2190 return -1;
2191 }
2192
2193 if (pfkey_send_spdupdate2(
2194 lcconf->sock_pfkey,
2195 (struct sockaddr *)&spidx->src,
2196 spidx->prefs,
2197 (struct sockaddr *)&spidx->dst,
2198 spidx->prefd,
2199 spidx->ul_proto,
2200 ltime, vtime,
2201 policy, policylen, 0) < 0) {
2202 plog(LLV_ERROR, LOCATION, NULL,
2203 "libipsec failed send spdupdate2 (%s)\n",
2204 ipsec_strerror());
2205 goto end;
2206 }
2207 plog(LLV_DEBUG, LOCATION, NULL, "call pfkey_send_spdupdate2\n");
2208
2209 end:
2210 if (policy)
2211 racoon_free(policy);
2212
2213 return 0;
2214 }
2215
2216 static int
pk_recvspdupdate(mhp)2217 pk_recvspdupdate(mhp)
2218 caddr_t *mhp;
2219 {
2220 struct sadb_address *saddr, *daddr;
2221 struct sadb_x_policy *xpl;
2222 struct sadb_lifetime *lt;
2223 struct policyindex spidx;
2224 struct secpolicy *sp;
2225 u_int64_t created;
2226
2227 /* sanity check */
2228 if (mhp[0] == NULL
2229 || mhp[SADB_EXT_ADDRESS_SRC] == NULL
2230 || mhp[SADB_EXT_ADDRESS_DST] == NULL
2231 || mhp[SADB_X_EXT_POLICY] == NULL) {
2232 plog(LLV_ERROR, LOCATION, NULL,
2233 "inappropriate sadb spdupdate message passed.\n");
2234 return -1;
2235 }
2236 saddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_SRC];
2237 daddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_DST];
2238 xpl = (struct sadb_x_policy *)mhp[SADB_X_EXT_POLICY];
2239 lt = (struct sadb_lifetime*)mhp[SADB_EXT_LIFETIME_HARD];
2240 if(lt != NULL)
2241 created = lt->sadb_lifetime_addtime;
2242 else
2243 created = 0;
2244
2245 #ifdef HAVE_PFKEY_POLICY_PRIORITY
2246 KEY_SETSECSPIDX(xpl->sadb_x_policy_dir,
2247 saddr + 1,
2248 daddr + 1,
2249 saddr->sadb_address_prefixlen,
2250 daddr->sadb_address_prefixlen,
2251 saddr->sadb_address_proto,
2252 xpl->sadb_x_policy_priority,
2253 created,
2254 &spidx);
2255 #else
2256 KEY_SETSECSPIDX(xpl->sadb_x_policy_dir,
2257 saddr + 1,
2258 daddr + 1,
2259 saddr->sadb_address_prefixlen,
2260 daddr->sadb_address_prefixlen,
2261 saddr->sadb_address_proto,
2262 created,
2263 &spidx);
2264 #endif
2265
2266 #ifdef HAVE_SECCTX
2267 if (mhp[SADB_X_EXT_SEC_CTX] != NULL) {
2268 struct sadb_x_sec_ctx *ctx;
2269
2270 ctx = (struct sadb_x_sec_ctx *)mhp[SADB_X_EXT_SEC_CTX];
2271 spidx.sec_ctx.ctx_alg = ctx->sadb_x_ctx_alg;
2272 spidx.sec_ctx.ctx_doi = ctx->sadb_x_ctx_doi;
2273 spidx.sec_ctx.ctx_strlen = ctx->sadb_x_ctx_len;
2274 memcpy(spidx.sec_ctx.ctx_str, ctx + 1, ctx->sadb_x_ctx_len);
2275 }
2276 #endif /* HAVE_SECCTX */
2277
2278 sp = getsp(&spidx);
2279 if (sp == NULL) {
2280 plog(LLV_ERROR, LOCATION, NULL,
2281 "such policy does not already exist: \"%s\"\n",
2282 spidx2str(&spidx));
2283 } else {
2284 remsp(sp);
2285 delsp(sp);
2286 }
2287
2288 if (addnewsp(mhp) < 0)
2289 return -1;
2290
2291 return 0;
2292 }
2293
2294 /*
2295 * this function has to be used by responder side.
2296 */
2297 int
pk_sendspdadd2(iph2)2298 pk_sendspdadd2(iph2)
2299 struct ph2handle *iph2;
2300 {
2301 struct policyindex *spidx = (struct policyindex *)iph2->spidx_gen;
2302 caddr_t policy = NULL;
2303 int policylen = 0;
2304 u_int64_t ltime, vtime;
2305
2306 ltime = iph2->approval->lifetime;
2307 vtime = 0;
2308
2309 if (getsadbpolicy(&policy, &policylen, SADB_X_SPDADD, iph2)) {
2310 plog(LLV_ERROR, LOCATION, NULL,
2311 "getting sadb policy failed.\n");
2312 return -1;
2313 }
2314
2315 if (pfkey_send_spdadd2(
2316 lcconf->sock_pfkey,
2317 (struct sockaddr *)&spidx->src,
2318 spidx->prefs,
2319 (struct sockaddr *)&spidx->dst,
2320 spidx->prefd,
2321 spidx->ul_proto,
2322 ltime, vtime,
2323 policy, policylen, 0) < 0) {
2324 plog(LLV_ERROR, LOCATION, NULL,
2325 "libipsec failed send spdadd2 (%s)\n",
2326 ipsec_strerror());
2327 goto end;
2328 }
2329 plog(LLV_DEBUG, LOCATION, NULL, "call pfkey_send_spdadd2\n");
2330
2331 end:
2332 if (policy)
2333 racoon_free(policy);
2334
2335 return 0;
2336 }
2337
2338 static int
pk_recvspdadd(mhp)2339 pk_recvspdadd(mhp)
2340 caddr_t *mhp;
2341 {
2342 struct sadb_address *saddr, *daddr;
2343 struct sadb_x_policy *xpl;
2344 struct sadb_lifetime *lt;
2345 struct policyindex spidx;
2346 struct secpolicy *sp;
2347 u_int64_t created;
2348
2349 /* sanity check */
2350 if (mhp[0] == NULL
2351 || mhp[SADB_EXT_ADDRESS_SRC] == NULL
2352 || mhp[SADB_EXT_ADDRESS_DST] == NULL
2353 || mhp[SADB_X_EXT_POLICY] == NULL) {
2354 plog(LLV_ERROR, LOCATION, NULL,
2355 "inappropriate sadb spdadd message passed.\n");
2356 return -1;
2357 }
2358 saddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_SRC];
2359 daddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_DST];
2360 xpl = (struct sadb_x_policy *)mhp[SADB_X_EXT_POLICY];
2361 lt = (struct sadb_lifetime*)mhp[SADB_EXT_LIFETIME_HARD];
2362 if(lt != NULL)
2363 created = lt->sadb_lifetime_addtime;
2364 else
2365 created = 0;
2366
2367 #ifdef HAVE_PFKEY_POLICY_PRIORITY
2368 KEY_SETSECSPIDX(xpl->sadb_x_policy_dir,
2369 saddr + 1,
2370 daddr + 1,
2371 saddr->sadb_address_prefixlen,
2372 daddr->sadb_address_prefixlen,
2373 saddr->sadb_address_proto,
2374 xpl->sadb_x_policy_priority,
2375 created,
2376 &spidx);
2377 #else
2378 KEY_SETSECSPIDX(xpl->sadb_x_policy_dir,
2379 saddr + 1,
2380 daddr + 1,
2381 saddr->sadb_address_prefixlen,
2382 daddr->sadb_address_prefixlen,
2383 saddr->sadb_address_proto,
2384 created,
2385 &spidx);
2386 #endif
2387
2388 #ifdef HAVE_SECCTX
2389 if (mhp[SADB_X_EXT_SEC_CTX] != NULL) {
2390 struct sadb_x_sec_ctx *ctx;
2391
2392 ctx = (struct sadb_x_sec_ctx *)mhp[SADB_X_EXT_SEC_CTX];
2393 spidx.sec_ctx.ctx_alg = ctx->sadb_x_ctx_alg;
2394 spidx.sec_ctx.ctx_doi = ctx->sadb_x_ctx_doi;
2395 spidx.sec_ctx.ctx_strlen = ctx->sadb_x_ctx_len;
2396 memcpy(spidx.sec_ctx.ctx_str, ctx + 1, ctx->sadb_x_ctx_len);
2397 }
2398 #endif /* HAVE_SECCTX */
2399
2400 sp = getsp(&spidx);
2401 if (sp != NULL) {
2402 plog(LLV_ERROR, LOCATION, NULL,
2403 "such policy already exists. "
2404 "anyway replace it: %s\n",
2405 spidx2str(&spidx));
2406 remsp(sp);
2407 delsp(sp);
2408 }
2409
2410 if (addnewsp(mhp) < 0)
2411 return -1;
2412
2413 return 0;
2414 }
2415
2416 /*
2417 * this function has to be used by responder side.
2418 */
2419 int
pk_sendspddelete(iph2)2420 pk_sendspddelete(iph2)
2421 struct ph2handle *iph2;
2422 {
2423 struct policyindex *spidx = (struct policyindex *)iph2->spidx_gen;
2424 caddr_t policy = NULL;
2425 int policylen;
2426
2427 if (getsadbpolicy(&policy, &policylen, SADB_X_SPDDELETE, iph2)) {
2428 plog(LLV_ERROR, LOCATION, NULL,
2429 "getting sadb policy failed.\n");
2430 return -1;
2431 }
2432
2433 if (pfkey_send_spddelete(
2434 lcconf->sock_pfkey,
2435 (struct sockaddr *)&spidx->src,
2436 spidx->prefs,
2437 (struct sockaddr *)&spidx->dst,
2438 spidx->prefd,
2439 spidx->ul_proto,
2440 policy, policylen, 0) < 0) {
2441 plog(LLV_ERROR, LOCATION, NULL,
2442 "libipsec failed send spddelete (%s)\n",
2443 ipsec_strerror());
2444 goto end;
2445 }
2446 plog(LLV_DEBUG, LOCATION, NULL, "call pfkey_send_spddelete\n");
2447
2448 end:
2449 if (policy)
2450 racoon_free(policy);
2451
2452 return 0;
2453 }
2454
2455 static int
pk_recvspddelete(mhp)2456 pk_recvspddelete(mhp)
2457 caddr_t *mhp;
2458 {
2459 struct sadb_address *saddr, *daddr;
2460 struct sadb_x_policy *xpl;
2461 struct sadb_lifetime *lt;
2462 struct policyindex spidx;
2463 struct secpolicy *sp;
2464 u_int64_t created;
2465
2466 /* sanity check */
2467 if (mhp[0] == NULL
2468 || mhp[SADB_EXT_ADDRESS_SRC] == NULL
2469 || mhp[SADB_EXT_ADDRESS_DST] == NULL
2470 || mhp[SADB_X_EXT_POLICY] == NULL) {
2471 plog(LLV_ERROR, LOCATION, NULL,
2472 "inappropriate sadb spddelete message passed.\n");
2473 return -1;
2474 }
2475 saddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_SRC];
2476 daddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_DST];
2477 xpl = (struct sadb_x_policy *)mhp[SADB_X_EXT_POLICY];
2478 lt = (struct sadb_lifetime*)mhp[SADB_EXT_LIFETIME_HARD];
2479 if(lt != NULL)
2480 created = lt->sadb_lifetime_addtime;
2481 else
2482 created = 0;
2483
2484 #ifdef HAVE_PFKEY_POLICY_PRIORITY
2485 KEY_SETSECSPIDX(xpl->sadb_x_policy_dir,
2486 saddr + 1,
2487 daddr + 1,
2488 saddr->sadb_address_prefixlen,
2489 daddr->sadb_address_prefixlen,
2490 saddr->sadb_address_proto,
2491 xpl->sadb_x_policy_priority,
2492 created,
2493 &spidx);
2494 #else
2495 KEY_SETSECSPIDX(xpl->sadb_x_policy_dir,
2496 saddr + 1,
2497 daddr + 1,
2498 saddr->sadb_address_prefixlen,
2499 daddr->sadb_address_prefixlen,
2500 saddr->sadb_address_proto,
2501 created,
2502 &spidx);
2503 #endif
2504
2505 #ifdef HAVE_SECCTX
2506 if (mhp[SADB_X_EXT_SEC_CTX] != NULL) {
2507 struct sadb_x_sec_ctx *ctx;
2508
2509 ctx = (struct sadb_x_sec_ctx *)mhp[SADB_X_EXT_SEC_CTX];
2510 spidx.sec_ctx.ctx_alg = ctx->sadb_x_ctx_alg;
2511 spidx.sec_ctx.ctx_doi = ctx->sadb_x_ctx_doi;
2512 spidx.sec_ctx.ctx_strlen = ctx->sadb_x_ctx_len;
2513 memcpy(spidx.sec_ctx.ctx_str, ctx + 1, ctx->sadb_x_ctx_len);
2514 }
2515 #endif /* HAVE_SECCTX */
2516
2517 sp = getsp(&spidx);
2518 if (sp == NULL) {
2519 plog(LLV_ERROR, LOCATION, NULL,
2520 "no policy found: %s\n",
2521 spidx2str(&spidx));
2522 return -1;
2523 }
2524
2525 remsp(sp);
2526 delsp(sp);
2527
2528 return 0;
2529 }
2530
2531 static int
pk_recvspdexpire(mhp)2532 pk_recvspdexpire(mhp)
2533 caddr_t *mhp;
2534 {
2535 struct sadb_address *saddr, *daddr;
2536 struct sadb_x_policy *xpl;
2537 struct sadb_lifetime *lt;
2538 struct policyindex spidx;
2539 struct secpolicy *sp;
2540 u_int64_t created;
2541
2542 /* sanity check */
2543 if (mhp[0] == NULL
2544 || mhp[SADB_EXT_ADDRESS_SRC] == NULL
2545 || mhp[SADB_EXT_ADDRESS_DST] == NULL
2546 || mhp[SADB_X_EXT_POLICY] == NULL) {
2547 plog(LLV_ERROR, LOCATION, NULL,
2548 "inappropriate sadb spdexpire message passed.\n");
2549 return -1;
2550 }
2551 saddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_SRC];
2552 daddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_DST];
2553 xpl = (struct sadb_x_policy *)mhp[SADB_X_EXT_POLICY];
2554 lt = (struct sadb_lifetime*)mhp[SADB_EXT_LIFETIME_HARD];
2555 if(lt != NULL)
2556 created = lt->sadb_lifetime_addtime;
2557 else
2558 created = 0;
2559
2560 #ifdef HAVE_PFKEY_POLICY_PRIORITY
2561 KEY_SETSECSPIDX(xpl->sadb_x_policy_dir,
2562 saddr + 1,
2563 daddr + 1,
2564 saddr->sadb_address_prefixlen,
2565 daddr->sadb_address_prefixlen,
2566 saddr->sadb_address_proto,
2567 xpl->sadb_x_policy_priority,
2568 created,
2569 &spidx);
2570 #else
2571 KEY_SETSECSPIDX(xpl->sadb_x_policy_dir,
2572 saddr + 1,
2573 daddr + 1,
2574 saddr->sadb_address_prefixlen,
2575 daddr->sadb_address_prefixlen,
2576 saddr->sadb_address_proto,
2577 created,
2578 &spidx);
2579 #endif
2580
2581 #ifdef HAVE_SECCTX
2582 if (mhp[SADB_X_EXT_SEC_CTX] != NULL) {
2583 struct sadb_x_sec_ctx *ctx;
2584
2585 ctx = (struct sadb_x_sec_ctx *)mhp[SADB_X_EXT_SEC_CTX];
2586 spidx.sec_ctx.ctx_alg = ctx->sadb_x_ctx_alg;
2587 spidx.sec_ctx.ctx_doi = ctx->sadb_x_ctx_doi;
2588 spidx.sec_ctx.ctx_strlen = ctx->sadb_x_ctx_len;
2589 memcpy(spidx.sec_ctx.ctx_str, ctx + 1, ctx->sadb_x_ctx_len);
2590 }
2591 #endif /* HAVE_SECCTX */
2592
2593 sp = getsp(&spidx);
2594 if (sp == NULL) {
2595 plog(LLV_ERROR, LOCATION, NULL,
2596 "no policy found: %s\n",
2597 spidx2str(&spidx));
2598 return -1;
2599 }
2600
2601 remsp(sp);
2602 delsp(sp);
2603
2604 return 0;
2605 }
2606
2607 static int
pk_recvspdget(mhp)2608 pk_recvspdget(mhp)
2609 caddr_t *mhp;
2610 {
2611 /* sanity check */
2612 if (mhp[0] == NULL) {
2613 plog(LLV_ERROR, LOCATION, NULL,
2614 "inappropriate sadb spdget message passed.\n");
2615 return -1;
2616 }
2617
2618 return 0;
2619 }
2620
2621 static int
pk_recvspddump(mhp)2622 pk_recvspddump(mhp)
2623 caddr_t *mhp;
2624 {
2625 struct sadb_msg *msg;
2626 struct sadb_address *saddr, *daddr;
2627 struct sadb_x_policy *xpl;
2628 struct sadb_lifetime *lt;
2629 struct policyindex spidx;
2630 struct secpolicy *sp;
2631 u_int64_t created;
2632
2633 /* sanity check */
2634 if (mhp[0] == NULL) {
2635 plog(LLV_ERROR, LOCATION, NULL,
2636 "inappropriate sadb spddump message passed.\n");
2637 return -1;
2638 }
2639 msg = (struct sadb_msg *)mhp[0];
2640
2641 saddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_SRC];
2642 daddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_DST];
2643 xpl = (struct sadb_x_policy *)mhp[SADB_X_EXT_POLICY];
2644 lt = (struct sadb_lifetime*)mhp[SADB_EXT_LIFETIME_HARD];
2645 if(lt != NULL)
2646 created = lt->sadb_lifetime_addtime;
2647 else
2648 created = 0;
2649
2650 if (saddr == NULL || daddr == NULL || xpl == NULL) {
2651 plog(LLV_ERROR, LOCATION, NULL,
2652 "inappropriate sadb spddump message passed.\n");
2653 return -1;
2654 }
2655
2656 #ifdef HAVE_PFKEY_POLICY_PRIORITY
2657 KEY_SETSECSPIDX(xpl->sadb_x_policy_dir,
2658 saddr + 1,
2659 daddr + 1,
2660 saddr->sadb_address_prefixlen,
2661 daddr->sadb_address_prefixlen,
2662 saddr->sadb_address_proto,
2663 xpl->sadb_x_policy_priority,
2664 created,
2665 &spidx);
2666 #else
2667 KEY_SETSECSPIDX(xpl->sadb_x_policy_dir,
2668 saddr + 1,
2669 daddr + 1,
2670 saddr->sadb_address_prefixlen,
2671 daddr->sadb_address_prefixlen,
2672 saddr->sadb_address_proto,
2673 created,
2674 &spidx);
2675 #endif
2676
2677 #ifdef HAVE_SECCTX
2678 if (mhp[SADB_X_EXT_SEC_CTX] != NULL) {
2679 struct sadb_x_sec_ctx *ctx;
2680
2681 ctx = (struct sadb_x_sec_ctx *)mhp[SADB_X_EXT_SEC_CTX];
2682 spidx.sec_ctx.ctx_alg = ctx->sadb_x_ctx_alg;
2683 spidx.sec_ctx.ctx_doi = ctx->sadb_x_ctx_doi;
2684 spidx.sec_ctx.ctx_strlen = ctx->sadb_x_ctx_len;
2685 memcpy(spidx.sec_ctx.ctx_str, ctx + 1, ctx->sadb_x_ctx_len);
2686 }
2687 #endif /* HAVE_SECCTX */
2688
2689 sp = getsp(&spidx);
2690 if (sp != NULL) {
2691 plog(LLV_ERROR, LOCATION, NULL,
2692 "such policy already exists. "
2693 "anyway replace it: %s\n",
2694 spidx2str(&spidx));
2695 remsp(sp);
2696 delsp(sp);
2697 }
2698
2699 if (addnewsp(mhp) < 0)
2700 return -1;
2701
2702 return 0;
2703 }
2704
2705 static int
pk_recvspdflush(mhp)2706 pk_recvspdflush(mhp)
2707 caddr_t *mhp;
2708 {
2709 /* sanity check */
2710 if (mhp[0] == NULL) {
2711 plog(LLV_ERROR, LOCATION, NULL,
2712 "inappropriate sadb spdflush message passed.\n");
2713 return -1;
2714 }
2715
2716 flushsp();
2717
2718 return 0;
2719 }
2720
2721 #ifndef ANDROID_PATCHED
2722
2723 /*
2724 * send error against acquire message to kenrel.
2725 */
2726 int
pk_sendeacquire(iph2)2727 pk_sendeacquire(iph2)
2728 struct ph2handle *iph2;
2729 {
2730 struct sadb_msg *newmsg;
2731 int len;
2732
2733 len = sizeof(struct sadb_msg);
2734 newmsg = racoon_calloc(1, len);
2735 if (newmsg == NULL) {
2736 plog(LLV_ERROR, LOCATION, NULL,
2737 "failed to get buffer to send acquire.\n");
2738 return -1;
2739 }
2740
2741 memset(newmsg, 0, len);
2742 newmsg->sadb_msg_version = PF_KEY_V2;
2743 newmsg->sadb_msg_type = SADB_ACQUIRE;
2744 newmsg->sadb_msg_errno = ENOENT; /* XXX */
2745 newmsg->sadb_msg_satype = iph2->satype;
2746 newmsg->sadb_msg_len = PFKEY_UNIT64(len);
2747 newmsg->sadb_msg_reserved = 0;
2748 newmsg->sadb_msg_seq = iph2->seq;
2749 newmsg->sadb_msg_pid = (u_int32_t)getpid();
2750
2751 /* send message */
2752 len = pfkey_send(lcconf->sock_pfkey, newmsg, len);
2753
2754 racoon_free(newmsg);
2755
2756 return 0;
2757 }
2758
2759 #else
2760
pk_sendeacquire(struct ph2handle * iph2)2761 int pk_sendeacquire(struct ph2handle *iph2)
2762 {
2763 exit(1);
2764 }
2765
2766 #endif
2767
2768 /*
2769 * check if the algorithm is supported or not.
2770 * OUT 0: ok
2771 * -1: ng
2772 */
2773 int
pk_checkalg(class,calg,keylen)2774 pk_checkalg(class, calg, keylen)
2775 int class, calg, keylen;
2776 {
2777 int sup, error;
2778 u_int alg;
2779 struct sadb_alg alg0;
2780
2781 switch (algclass2doi(class)) {
2782 case IPSECDOI_PROTO_IPSEC_ESP:
2783 sup = SADB_EXT_SUPPORTED_ENCRYPT;
2784 break;
2785 case IPSECDOI_ATTR_AUTH:
2786 sup = SADB_EXT_SUPPORTED_AUTH;
2787 break;
2788 case IPSECDOI_PROTO_IPCOMP:
2789 plog(LLV_DEBUG, LOCATION, NULL,
2790 "compression algorithm can not be checked "
2791 "because sadb message doesn't support it.\n");
2792 return 0;
2793 default:
2794 plog(LLV_ERROR, LOCATION, NULL,
2795 "invalid algorithm class.\n");
2796 return -1;
2797 }
2798 alg = ipsecdoi2pfkey_alg(algclass2doi(class), algtype2doi(class, calg));
2799 if (alg == ~0)
2800 return -1;
2801
2802 if (keylen == 0) {
2803 if (ipsec_get_keylen(sup, alg, &alg0)) {
2804 plog(LLV_ERROR, LOCATION, NULL,
2805 "%s.\n", ipsec_strerror());
2806 return -1;
2807 }
2808 keylen = alg0.sadb_alg_minbits;
2809 }
2810
2811 error = ipsec_check_keylen(sup, alg, keylen);
2812 if (error)
2813 plog(LLV_ERROR, LOCATION, NULL,
2814 "%s.\n", ipsec_strerror());
2815
2816 return error;
2817 }
2818
2819 /*
2820 * differences with pfkey_recv() in libipsec/pfkey.c:
2821 * - never performs busy wait loop.
2822 * - returns NULL and set *lenp to negative on fatal failures
2823 * - returns NULL and set *lenp to non-negative on non-fatal failures
2824 * - returns non-NULL on success
2825 */
2826 static struct sadb_msg *
pk_recv(so,lenp)2827 pk_recv(so, lenp)
2828 int so;
2829 int *lenp;
2830 {
2831 struct sadb_msg buf, *newmsg;
2832 int reallen;
2833 int retry = 0;
2834
2835 *lenp = -1;
2836 do
2837 {
2838 plog(LLV_DEBUG, LOCATION, NULL, "pk_recv: retry[%d] recv() \n", retry );
2839 *lenp = recv(so, (caddr_t)&buf, sizeof(buf), MSG_PEEK | MSG_DONTWAIT);
2840 retry++;
2841 }
2842 while (*lenp < 0 && errno == EAGAIN && retry < 3);
2843
2844 if (*lenp < 0)
2845 return NULL; /*fatal*/
2846
2847 else if (*lenp < sizeof(buf))
2848 return NULL;
2849
2850 reallen = PFKEY_UNUNIT64(buf.sadb_msg_len);
2851 if ((newmsg = racoon_calloc(1, reallen)) == NULL)
2852 return NULL;
2853
2854 *lenp = recv(so, (caddr_t)newmsg, reallen, MSG_PEEK);
2855 if (*lenp < 0) {
2856 racoon_free(newmsg);
2857 return NULL; /*fatal*/
2858 } else if (*lenp != reallen) {
2859 racoon_free(newmsg);
2860 return NULL;
2861 }
2862
2863 *lenp = recv(so, (caddr_t)newmsg, reallen, 0);
2864 if (*lenp < 0) {
2865 racoon_free(newmsg);
2866 return NULL; /*fatal*/
2867 } else if (*lenp != reallen) {
2868 racoon_free(newmsg);
2869 return NULL;
2870 }
2871
2872 return newmsg;
2873 }
2874
2875 /* see handler.h */
2876 u_int32_t
pk_getseq()2877 pk_getseq()
2878 {
2879 return eay_random();
2880 }
2881
2882 static int
addnewsp(mhp)2883 addnewsp(mhp)
2884 caddr_t *mhp;
2885 {
2886 struct secpolicy *new = NULL;
2887 struct sadb_address *saddr, *daddr;
2888 struct sadb_x_policy *xpl;
2889 struct sadb_lifetime *lt;
2890 u_int64_t created;
2891
2892 /* sanity check */
2893 if (mhp[SADB_EXT_ADDRESS_SRC] == NULL
2894 || mhp[SADB_EXT_ADDRESS_DST] == NULL
2895 || mhp[SADB_X_EXT_POLICY] == NULL) {
2896 plog(LLV_ERROR, LOCATION, NULL,
2897 "inappropriate sadb spd management message passed.\n");
2898 goto bad;
2899 }
2900
2901 saddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_SRC];
2902 daddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_DST];
2903 xpl = (struct sadb_x_policy *)mhp[SADB_X_EXT_POLICY];
2904 lt = (struct sadb_lifetime*)mhp[SADB_EXT_LIFETIME_HARD];
2905 if(lt != NULL)
2906 created = lt->sadb_lifetime_addtime;
2907 else
2908 created = 0;
2909 lt = (struct sadb_lifetime*)mhp[SADB_EXT_LIFETIME_HARD];
2910 if(lt != NULL)
2911 created = lt->sadb_lifetime_addtime;
2912 else
2913 created = 0;
2914
2915 #ifdef __linux__
2916 /* bsd skips over per-socket policies because there will be no
2917 * src and dst extensions in spddump messages. On Linux the only
2918 * way to achieve the same is check for policy id.
2919 */
2920 if (xpl->sadb_x_policy_id % 8 >= 3) return 0;
2921 #endif
2922
2923 new = newsp();
2924 if (new == NULL) {
2925 plog(LLV_ERROR, LOCATION, NULL,
2926 "failed to allocate buffer\n");
2927 goto bad;
2928 }
2929
2930 new->spidx.dir = xpl->sadb_x_policy_dir;
2931 new->id = xpl->sadb_x_policy_id;
2932 new->policy = xpl->sadb_x_policy_type;
2933 new->req = NULL;
2934
2935 /* check policy */
2936 switch (xpl->sadb_x_policy_type) {
2937 case IPSEC_POLICY_DISCARD:
2938 case IPSEC_POLICY_NONE:
2939 case IPSEC_POLICY_ENTRUST:
2940 case IPSEC_POLICY_BYPASS:
2941 break;
2942
2943 case IPSEC_POLICY_IPSEC:
2944 {
2945 int tlen;
2946 struct sadb_x_ipsecrequest *xisr;
2947 struct ipsecrequest **p_isr = &new->req;
2948
2949 /* validity check */
2950 if (PFKEY_EXTLEN(xpl) < sizeof(*xpl)) {
2951 plog(LLV_ERROR, LOCATION, NULL,
2952 "invalid msg length.\n");
2953 goto bad;
2954 }
2955
2956 tlen = PFKEY_EXTLEN(xpl) - sizeof(*xpl);
2957 xisr = (struct sadb_x_ipsecrequest *)(xpl + 1);
2958
2959 while (tlen > 0) {
2960
2961 /* length check */
2962 if (xisr->sadb_x_ipsecrequest_len < sizeof(*xisr)) {
2963 plog(LLV_ERROR, LOCATION, NULL,
2964 "invalid msg length.\n");
2965 goto bad;
2966 }
2967
2968 /* allocate request buffer */
2969 *p_isr = newipsecreq();
2970 if (*p_isr == NULL) {
2971 plog(LLV_ERROR, LOCATION, NULL,
2972 "failed to get new ipsecreq.\n");
2973 goto bad;
2974 }
2975
2976 /* set values */
2977 (*p_isr)->next = NULL;
2978
2979 switch (xisr->sadb_x_ipsecrequest_proto) {
2980 case IPPROTO_ESP:
2981 case IPPROTO_AH:
2982 case IPPROTO_IPCOMP:
2983 break;
2984 default:
2985 plog(LLV_ERROR, LOCATION, NULL,
2986 "invalid proto type: %u\n",
2987 xisr->sadb_x_ipsecrequest_proto);
2988 goto bad;
2989 }
2990 (*p_isr)->saidx.proto = xisr->sadb_x_ipsecrequest_proto;
2991
2992 switch (xisr->sadb_x_ipsecrequest_mode) {
2993 case IPSEC_MODE_TRANSPORT:
2994 case IPSEC_MODE_TUNNEL:
2995 break;
2996 case IPSEC_MODE_ANY:
2997 default:
2998 plog(LLV_ERROR, LOCATION, NULL,
2999 "invalid mode: %u\n",
3000 xisr->sadb_x_ipsecrequest_mode);
3001 goto bad;
3002 }
3003 (*p_isr)->saidx.mode = xisr->sadb_x_ipsecrequest_mode;
3004
3005 switch (xisr->sadb_x_ipsecrequest_level) {
3006 case IPSEC_LEVEL_DEFAULT:
3007 case IPSEC_LEVEL_USE:
3008 case IPSEC_LEVEL_REQUIRE:
3009 break;
3010 case IPSEC_LEVEL_UNIQUE:
3011 (*p_isr)->saidx.reqid =
3012 xisr->sadb_x_ipsecrequest_reqid;
3013 break;
3014
3015 default:
3016 plog(LLV_ERROR, LOCATION, NULL,
3017 "invalid level: %u\n",
3018 xisr->sadb_x_ipsecrequest_level);
3019 goto bad;
3020 }
3021 (*p_isr)->level = xisr->sadb_x_ipsecrequest_level;
3022
3023 /* set IP addresses if there */
3024 if (xisr->sadb_x_ipsecrequest_len > sizeof(*xisr)) {
3025 struct sockaddr *paddr;
3026
3027 paddr = (struct sockaddr *)(xisr + 1);
3028 bcopy(paddr, &(*p_isr)->saidx.src,
3029 sysdep_sa_len(paddr));
3030
3031 paddr = (struct sockaddr *)((caddr_t)paddr
3032 + sysdep_sa_len(paddr));
3033 bcopy(paddr, &(*p_isr)->saidx.dst,
3034 sysdep_sa_len(paddr));
3035 }
3036
3037 (*p_isr)->sp = new;
3038
3039 /* initialization for the next. */
3040 p_isr = &(*p_isr)->next;
3041 tlen -= xisr->sadb_x_ipsecrequest_len;
3042
3043 /* validity check */
3044 if (tlen < 0) {
3045 plog(LLV_ERROR, LOCATION, NULL,
3046 "becoming tlen < 0\n");
3047 }
3048
3049 xisr = (struct sadb_x_ipsecrequest *)((caddr_t)xisr
3050 + xisr->sadb_x_ipsecrequest_len);
3051 }
3052 }
3053 break;
3054 default:
3055 plog(LLV_ERROR, LOCATION, NULL,
3056 "invalid policy type.\n");
3057 goto bad;
3058 }
3059
3060 #ifdef HAVE_PFKEY_POLICY_PRIORITY
3061 KEY_SETSECSPIDX(xpl->sadb_x_policy_dir,
3062 saddr + 1,
3063 daddr + 1,
3064 saddr->sadb_address_prefixlen,
3065 daddr->sadb_address_prefixlen,
3066 saddr->sadb_address_proto,
3067 xpl->sadb_x_policy_priority,
3068 created,
3069 &new->spidx);
3070 #else
3071 KEY_SETSECSPIDX(xpl->sadb_x_policy_dir,
3072 saddr + 1,
3073 daddr + 1,
3074 saddr->sadb_address_prefixlen,
3075 daddr->sadb_address_prefixlen,
3076 saddr->sadb_address_proto,
3077 created,
3078 &new->spidx);
3079 #endif
3080
3081 #ifdef HAVE_SECCTX
3082 if (mhp[SADB_X_EXT_SEC_CTX] != NULL) {
3083 struct sadb_x_sec_ctx *ctx;
3084
3085 ctx = (struct sadb_x_sec_ctx *)mhp[SADB_X_EXT_SEC_CTX];
3086 new->spidx.sec_ctx.ctx_alg = ctx->sadb_x_ctx_alg;
3087 new->spidx.sec_ctx.ctx_doi = ctx->sadb_x_ctx_doi;
3088 new->spidx.sec_ctx.ctx_strlen = ctx->sadb_x_ctx_len;
3089 memcpy(new->spidx.sec_ctx.ctx_str,ctx + 1,ctx->sadb_x_ctx_len);
3090 }
3091 #endif /* HAVE_SECCTX */
3092
3093 inssp(new);
3094
3095 return 0;
3096 bad:
3097 if (new != NULL) {
3098 if (new->req != NULL)
3099 racoon_free(new->req);
3100 racoon_free(new);
3101 }
3102 return -1;
3103 }
3104
3105 /* proto/mode/src->dst spi */
3106 const char *
sadbsecas2str(src,dst,proto,spi,mode)3107 sadbsecas2str(src, dst, proto, spi, mode)
3108 struct sockaddr *src, *dst;
3109 int proto;
3110 u_int32_t spi;
3111 int mode;
3112 {
3113 static char buf[256];
3114 u_int doi_proto, doi_mode = 0;
3115 char *p;
3116 int blen, i;
3117
3118 doi_proto = pfkey2ipsecdoi_proto(proto);
3119 if (doi_proto == ~0)
3120 return NULL;
3121 if (mode) {
3122 doi_mode = pfkey2ipsecdoi_mode(mode);
3123 if (doi_mode == ~0)
3124 return NULL;
3125 }
3126
3127 blen = sizeof(buf) - 1;
3128 p = buf;
3129
3130 i = snprintf(p, blen, "%s%s%s ",
3131 s_ipsecdoi_proto(doi_proto),
3132 mode ? "/" : "",
3133 mode ? s_ipsecdoi_encmode(doi_mode) : "");
3134 if (i < 0 || i >= blen)
3135 return NULL;
3136 p += i;
3137 blen -= i;
3138
3139 i = snprintf(p, blen, "%s->", saddr2str(src));
3140 if (i < 0 || i >= blen)
3141 return NULL;
3142 p += i;
3143 blen -= i;
3144
3145 i = snprintf(p, blen, "%s ", saddr2str(dst));
3146 if (i < 0 || i >= blen)
3147 return NULL;
3148 p += i;
3149 blen -= i;
3150
3151 if (spi) {
3152 snprintf(p, blen, "spi=%lu(0x%lx)", (unsigned long)ntohl(spi),
3153 (unsigned long)ntohl(spi));
3154 }
3155
3156 return buf;
3157 }
3158