2 * @(#) RFC2367 PF_KEYv2 Key management API message parser
3 * Copyright (C) 1999, 2000, 2001 Richard Guy Briggs <rgb@freeswan.org>
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15 * RCSID $Id: pfkey_v2_ext_process.c,v 1.3 2004/06/13 19:57:50 as Exp $
19 * Template from klips/net/ipsec/ipsec/ipsec_netlink.c.
22 char pfkey_v2_ext_process_c_version
[] = "$Id: pfkey_v2_ext_process.c,v 1.3 2004/06/13 19:57:50 as Exp $";
24 #include <linux/config.h>
25 #include <linux/version.h>
26 #include <linux/kernel.h> /* printk() */
28 #include "freeswan/ipsec_param.h"
31 # include <linux/slab.h> /* kmalloc() */
32 #else /* MALLOC_SLAB */
33 # include <linux/malloc.h> /* kmalloc() */
34 #endif /* MALLOC_SLAB */
35 #include <linux/errno.h> /* error codes */
36 #include <linux/types.h> /* size_t */
37 #include <linux/interrupt.h> /* mark_bh */
39 #include <linux/netdevice.h> /* struct device, and other headers */
40 #include <linux/etherdevice.h> /* eth_type_trans */
41 #include <linux/ip.h> /* struct iphdr */
42 #include <linux/skbuff.h>
46 #include <crypto/des.h>
50 # include <linux/spinlock.h> /* *lock* */
51 # else /* SPINLOCK_23 */
52 # include <asm/spinlock.h> /* *lock* */
53 # endif /* SPINLOCK_23 */
56 # include <asm/uaccess.h>
57 # include <linux/in6.h>
58 # define ip_chk_addr inet_addr_type
59 # define IS_MYADDR RTN_LOCAL
61 #include <asm/checksum.h>
64 # include <linux/netlink.h>
66 # include <net/netlink.h>
69 #include <linux/random.h> /* get_random_bytes() */
71 #include "freeswan/radij.h"
72 #include "freeswan/ipsec_encap.h"
73 #include "freeswan/ipsec_sa.h"
75 #include "freeswan/ipsec_radij.h"
76 #include "freeswan/ipsec_xform.h"
77 #include "freeswan/ipsec_ah.h"
78 #include "freeswan/ipsec_esp.h"
79 #include "freeswan/ipsec_tunnel.h"
80 #include "freeswan/ipsec_rcv.h"
81 #include "freeswan/ipcomp.h"
86 #include "freeswan/ipsec_proto.h"
87 #include "freeswan/ipsec_alg.h"
89 #define SENDERR(_x) do { error = -(_x); goto errlab; } while (0)
92 pfkey_sa_process(struct sadb_ext
*pfkey_ext
, struct pfkey_extracted_data
* extr
)
94 struct sadb_sa
*pfkey_sa
= (struct sadb_sa
*)pfkey_ext
;
96 struct ipsec_sa
* ipsp
;
98 KLIPS_PRINT(debug_pfkey
,
99 "klips_debug:pfkey_sa_process: .\n");
101 if(!extr
|| !extr
->ips
) {
102 KLIPS_PRINT(debug_pfkey
,
103 "klips_debug:pfkey_sa_process: "
104 "extr or extr->ips is NULL, fatal\n");
108 switch(pfkey_ext
->sadb_ext_type
) {
113 if(extr
->ips2
== NULL
) {
114 extr
->ips2
= ipsec_sa_alloc(&error
); /* pass error var by pointer */
116 if(extr
->ips2
== NULL
) {
122 KLIPS_PRINT(debug_pfkey
,
123 "klips_debug:pfkey_sa_process: "
124 "invalid exttype=%d.\n",
125 pfkey_ext
->sadb_ext_type
);
129 ipsp
->ips_said
.spi
= pfkey_sa
->sadb_sa_spi
;
130 ipsp
->ips_replaywin
= pfkey_sa
->sadb_sa_replay
;
131 ipsp
->ips_state
= pfkey_sa
->sadb_sa_state
;
132 ipsp
->ips_flags
= pfkey_sa
->sadb_sa_flags
;
133 ipsp
->ips_replaywin_lastseq
= ipsp
->ips_replaywin_bitmap
= 0;
134 ipsp
->ips_ref_rel
= pfkey_sa
->sadb_x_sa_ref
;
136 switch(ipsp
->ips_said
.proto
) {
138 ipsp
->ips_authalg
= pfkey_sa
->sadb_sa_auth
;
139 ipsp
->ips_encalg
= SADB_EALG_NONE
;
142 ipsp
->ips_authalg
= pfkey_sa
->sadb_sa_auth
;
143 ipsp
->ips_encalg
= pfkey_sa
->sadb_sa_encrypt
;
144 #ifdef CONFIG_IPSEC_ALG
145 ipsec_alg_sa_init(ipsp
);
146 #endif /* CONFIG_IPSEC_ALG */
149 ipsp
->ips_authalg
= AH_NONE
;
150 ipsp
->ips_encalg
= ESP_NONE
;
152 #ifdef CONFIG_IPSEC_IPCOMP
154 ipsp
->ips_authalg
= AH_NONE
;
155 ipsp
->ips_encalg
= pfkey_sa
->sadb_sa_encrypt
;
157 #endif /* CONFIG_IPSEC_IPCOMP */
159 ipsp
->ips_authalg
= AH_NONE
;
160 ipsp
->ips_encalg
= ESP_NONE
;
165 KLIPS_PRINT(debug_pfkey
,
166 "klips_debug:pfkey_sa_process: "
167 "unknown proto=%d.\n",
168 ipsp
->ips_said
.proto
);
177 pfkey_lifetime_process(struct sadb_ext
*pfkey_ext
, struct pfkey_extracted_data
* extr
)
180 struct sadb_lifetime
*pfkey_lifetime
= (struct sadb_lifetime
*)pfkey_ext
;
182 KLIPS_PRINT(debug_pfkey
,
183 "klips_debug:pfkey_lifetime_process: .\n");
185 if(!extr
|| !extr
->ips
) {
186 KLIPS_PRINT(debug_pfkey
,
187 "klips_debug:pfkey_lifetime_process: "
188 "extr or extr->ips is NULL, fatal\n");
192 switch(pfkey_lifetime
->sadb_lifetime_exttype
) {
193 case SADB_EXT_LIFETIME_CURRENT
:
194 KLIPS_PRINT(debug_pfkey
,
195 "klips_debug:pfkey_lifetime_process: "
196 "lifetime_current not supported yet.\n");
199 case SADB_EXT_LIFETIME_HARD
:
200 ipsec_lifetime_update_hard(&extr
->ips
->ips_life
.ipl_allocations
,
201 pfkey_lifetime
->sadb_lifetime_allocations
);
203 ipsec_lifetime_update_hard(&extr
->ips
->ips_life
.ipl_bytes
,
204 pfkey_lifetime
->sadb_lifetime_bytes
);
206 ipsec_lifetime_update_hard(&extr
->ips
->ips_life
.ipl_addtime
,
207 pfkey_lifetime
->sadb_lifetime_addtime
);
209 ipsec_lifetime_update_hard(&extr
->ips
->ips_life
.ipl_usetime
,
210 pfkey_lifetime
->sadb_lifetime_usetime
);
214 case SADB_EXT_LIFETIME_SOFT
:
215 ipsec_lifetime_update_soft(&extr
->ips
->ips_life
.ipl_allocations
,
216 pfkey_lifetime
->sadb_lifetime_allocations
);
218 ipsec_lifetime_update_soft(&extr
->ips
->ips_life
.ipl_bytes
,
219 pfkey_lifetime
->sadb_lifetime_bytes
);
221 ipsec_lifetime_update_soft(&extr
->ips
->ips_life
.ipl_addtime
,
222 pfkey_lifetime
->sadb_lifetime_addtime
);
224 ipsec_lifetime_update_soft(&extr
->ips
->ips_life
.ipl_usetime
,
225 pfkey_lifetime
->sadb_lifetime_usetime
);
229 KLIPS_PRINT(debug_pfkey
,
230 "klips_debug:pfkey_lifetime_process: "
231 "invalid exttype=%d.\n",
232 pfkey_ext
->sadb_ext_type
);
241 pfkey_address_process(struct sadb_ext
*pfkey_ext
, struct pfkey_extracted_data
* extr
)
245 char ipaddr_txt
[ADDRTOA_BUF
];
247 unsigned short * portp
= 0;
248 struct sadb_address
*pfkey_address
= (struct sadb_address
*)pfkey_ext
;
249 struct sockaddr
* s
= (struct sockaddr
*)((char*)pfkey_address
+ sizeof(*pfkey_address
));
250 struct ipsec_sa
* ipsp
;
252 KLIPS_PRINT(debug_pfkey
,
253 "klips_debug:pfkey_address_process:\n");
255 if(!extr
|| !extr
->ips
) {
256 KLIPS_PRINT(debug_pfkey
,
257 "klips_debug:pfkey_address_process: "
258 "extr or extr->ips is NULL, fatal\n");
262 switch(s
->sa_family
) {
264 saddr_len
= sizeof(struct sockaddr_in
);
265 addrtoa(((struct sockaddr_in
*)s
)->sin_addr
, 0, ipaddr_txt
, sizeof(ipaddr_txt
));
266 KLIPS_PRINT(debug_pfkey
,
267 "klips_debug:pfkey_address_process: "
268 "found address family=%d, AF_INET, %s.\n",
272 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
274 saddr_len
= sizeof(struct sockaddr_in6
);
276 #endif /* defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) */
278 KLIPS_PRINT(debug_pfkey
,
279 "klips_debug:pfkey_address_process: "
280 "s->sa_family=%d not supported.\n",
282 SENDERR(EPFNOSUPPORT
);
285 switch(pfkey_address
->sadb_address_exttype
) {
286 case SADB_EXT_ADDRESS_SRC
:
287 KLIPS_PRINT(debug_pfkey
,
288 "klips_debug:pfkey_address_process: "
289 "found src address.\n");
290 sap
= (unsigned char **)&(extr
->ips
->ips_addr_s
);
291 extr
->ips
->ips_addr_s_size
= saddr_len
;
293 case SADB_EXT_ADDRESS_DST
:
294 KLIPS_PRINT(debug_pfkey
,
295 "klips_debug:pfkey_address_process: "
296 "found dst address.\n");
297 sap
= (unsigned char **)&(extr
->ips
->ips_addr_d
);
298 extr
->ips
->ips_addr_d_size
= saddr_len
;
300 case SADB_EXT_ADDRESS_PROXY
:
301 KLIPS_PRINT(debug_pfkey
,
302 "klips_debug:pfkey_address_process: "
303 "found proxy address.\n");
304 sap
= (unsigned char **)&(extr
->ips
->ips_addr_p
);
305 extr
->ips
->ips_addr_p_size
= saddr_len
;
307 case SADB_X_EXT_ADDRESS_DST2
:
308 KLIPS_PRINT(debug_pfkey
,
309 "klips_debug:pfkey_address_process: "
310 "found 2nd dst address.\n");
311 if(extr
->ips2
== NULL
) {
312 extr
->ips2
= ipsec_sa_alloc(&error
); /* pass error var by pointer */
314 if(extr
->ips2
== NULL
) {
317 sap
= (unsigned char **)&(extr
->ips2
->ips_addr_d
);
318 extr
->ips2
->ips_addr_d_size
= saddr_len
;
320 case SADB_X_EXT_ADDRESS_SRC_FLOW
:
321 KLIPS_PRINT(debug_pfkey
,
322 "klips_debug:pfkey_address_process: "
323 "found src flow address.\n");
324 if(pfkey_alloc_eroute(&(extr
->eroute
)) == ENOMEM
) {
327 sap
= (unsigned char **)&(extr
->eroute
->er_eaddr
.sen_ip_src
);
328 portp
= &(extr
->eroute
->er_eaddr
.sen_sport
);
330 case SADB_X_EXT_ADDRESS_DST_FLOW
:
331 KLIPS_PRINT(debug_pfkey
,
332 "klips_debug:pfkey_address_process: "
333 "found dst flow address.\n");
334 if(pfkey_alloc_eroute(&(extr
->eroute
)) == ENOMEM
) {
337 sap
= (unsigned char **)&(extr
->eroute
->er_eaddr
.sen_ip_dst
);
338 portp
= &(extr
->eroute
->er_eaddr
.sen_dport
);
340 case SADB_X_EXT_ADDRESS_SRC_MASK
:
341 KLIPS_PRINT(debug_pfkey
,
342 "klips_debug:pfkey_address_process: "
343 "found src mask address.\n");
344 if(pfkey_alloc_eroute(&(extr
->eroute
)) == ENOMEM
) {
347 sap
= (unsigned char **)&(extr
->eroute
->er_emask
.sen_ip_src
);
348 portp
= &(extr
->eroute
->er_emask
.sen_sport
);
350 case SADB_X_EXT_ADDRESS_DST_MASK
:
351 KLIPS_PRINT(debug_pfkey
,
352 "klips_debug:pfkey_address_process: "
353 "found dst mask address.\n");
354 if(pfkey_alloc_eroute(&(extr
->eroute
)) == ENOMEM
) {
357 sap
= (unsigned char **)&(extr
->eroute
->er_emask
.sen_ip_dst
);
358 portp
= &(extr
->eroute
->er_emask
.sen_dport
);
361 case SADB_X_EXT_NAT_T_OA
:
362 KLIPS_PRINT(debug_pfkey
,
363 "klips_debug:pfkey_address_process: "
364 "found NAT-OA address.\n");
365 sap
= (unsigned char **)&(extr
->ips
->ips_natt_oa
);
366 extr
->ips
->ips_natt_oa_size
= saddr_len
;
370 KLIPS_PRINT(debug_pfkey
,
371 "klips_debug:pfkey_address_process: "
372 "unrecognised ext_type=%d.\n",
373 pfkey_address
->sadb_address_exttype
);
377 switch(pfkey_address
->sadb_address_exttype
) {
378 case SADB_EXT_ADDRESS_SRC
:
379 case SADB_EXT_ADDRESS_DST
:
380 case SADB_EXT_ADDRESS_PROXY
:
381 case SADB_X_EXT_ADDRESS_DST2
:
383 case SADB_X_EXT_NAT_T_OA
:
385 KLIPS_PRINT(debug_pfkey
,
386 "klips_debug:pfkey_address_process: "
387 "allocating %d bytes for saddr.\n",
389 if(!(*sap
= kmalloc(saddr_len
, GFP_KERNEL
))) {
392 memcpy(*sap
, s
, saddr_len
);
395 if(s
->sa_family
!= AF_INET
) {
396 KLIPS_PRINT(debug_pfkey
,
397 "klips_debug:pfkey_address_process: "
398 "s->sa_family=%d not supported.\n",
400 SENDERR(EPFNOSUPPORT
);
402 (unsigned long)(*sap
) = ((struct sockaddr_in
*)s
)->sin_addr
.s_addr
;
404 *portp
= ((struct sockaddr_in
*)s
)->sin_port
;
405 #ifdef CONFIG_IPSEC_DEBUG
407 char buf1
[64], buf2
[64];
409 subnettoa(extr
->eroute
->er_eaddr
.sen_ip_src
,
410 extr
->eroute
->er_emask
.sen_ip_src
, 0, buf1
, sizeof(buf1
));
411 subnettoa(extr
->eroute
->er_eaddr
.sen_ip_dst
,
412 extr
->eroute
->er_emask
.sen_ip_dst
, 0, buf2
, sizeof(buf2
));
413 KLIPS_PRINT(debug_pfkey
,
414 "klips_debug:pfkey_address_parse: "
415 "extr->eroute set to %s:%d->%s:%d\n",
417 ntohs(extr
->eroute
->er_eaddr
.sen_sport
),
419 ntohs(extr
->eroute
->er_eaddr
.sen_dport
));
422 #endif /* CONFIG_IPSEC_DEBUG */
426 switch(pfkey_address
->sadb_address_exttype
) {
427 case SADB_X_EXT_ADDRESS_DST2
:
429 case SADB_EXT_ADDRESS_DST
:
430 if(s
->sa_family
== AF_INET
) {
431 ipsp
->ips_said
.dst
.s_addr
= ((struct sockaddr_in
*)(ipsp
->ips_addr_d
))->sin_addr
.s_addr
;
432 addrtoa(((struct sockaddr_in
*)(ipsp
->ips_addr_d
))->sin_addr
,
436 KLIPS_PRINT(debug_pfkey
,
437 "klips_debug:pfkey_address_process: "
438 "ips_said.dst set to %s.\n",
441 KLIPS_PRINT(debug_pfkey
,
442 "klips_debug:pfkey_address_process: "
443 "uh, ips_said.dst doesn't do address family=%d yet, said will be invalid.\n",
450 /* XXX check if port!=0 */
452 KLIPS_PRINT(debug_pfkey
,
453 "klips_debug:pfkey_address_process: successful.\n");
459 pfkey_key_process(struct sadb_ext
*pfkey_ext
, struct pfkey_extracted_data
* extr
)
462 struct sadb_key
*pfkey_key
= (struct sadb_key
*)pfkey_ext
;
464 KLIPS_PRINT(debug_pfkey
,
465 "klips_debug:pfkey_key_process: .\n");
467 if(!extr
|| !extr
->ips
) {
468 KLIPS_PRINT(debug_pfkey
,
469 "klips_debug:pfkey_key_process: "
470 "extr or extr->ips is NULL, fatal\n");
474 switch(pfkey_key
->sadb_key_exttype
) {
475 case SADB_EXT_KEY_AUTH
:
476 KLIPS_PRINT(debug_pfkey
,
477 "klips_debug:pfkey_key_process: "
478 "allocating %d bytes for authkey.\n",
479 DIVUP(pfkey_key
->sadb_key_bits
, 8));
480 if(!(extr
->ips
->ips_key_a
= kmalloc(DIVUP(pfkey_key
->sadb_key_bits
, 8), GFP_KERNEL
))) {
481 KLIPS_PRINT(debug_pfkey
,
482 "klips_debug:pfkey_key_process: "
483 "memory allocation error.\n");
486 extr
->ips
->ips_key_bits_a
= pfkey_key
->sadb_key_bits
;
487 extr
->ips
->ips_key_a_size
= DIVUP(pfkey_key
->sadb_key_bits
, 8);
488 memcpy(extr
->ips
->ips_key_a
,
489 (char*)pfkey_key
+ sizeof(struct sadb_key
),
490 extr
->ips
->ips_key_a_size
);
492 case SADB_EXT_KEY_ENCRYPT
: /* Key(s) */
493 KLIPS_PRINT(debug_pfkey
,
494 "klips_debug:pfkey_key_process: "
495 "allocating %d bytes for enckey.\n",
496 DIVUP(pfkey_key
->sadb_key_bits
, 8));
497 if(!(extr
->ips
->ips_key_e
= kmalloc(DIVUP(pfkey_key
->sadb_key_bits
, 8), GFP_KERNEL
))) {
498 KLIPS_PRINT(debug_pfkey
,
499 "klips_debug:pfkey_key_process: "
500 "memory allocation error.\n");
503 extr
->ips
->ips_key_bits_e
= pfkey_key
->sadb_key_bits
;
504 extr
->ips
->ips_key_e_size
= DIVUP(pfkey_key
->sadb_key_bits
, 8);
505 memcpy(extr
->ips
->ips_key_e
,
506 (char*)pfkey_key
+ sizeof(struct sadb_key
),
507 extr
->ips
->ips_key_e_size
);
513 KLIPS_PRINT(debug_pfkey
,
514 "klips_debug:pfkey_key_process: "
521 pfkey_ident_process(struct sadb_ext
*pfkey_ext
, struct pfkey_extracted_data
* extr
)
524 struct sadb_ident
*pfkey_ident
= (struct sadb_ident
*)pfkey_ext
;
527 KLIPS_PRINT(debug_pfkey
,
528 "klips_debug:pfkey_ident_process: .\n");
530 if(!extr
|| !extr
->ips
) {
531 KLIPS_PRINT(debug_pfkey
,
532 "klips_debug:pfkey_ident_process: "
533 "extr or extr->ips is NULL, fatal\n");
537 switch(pfkey_ident
->sadb_ident_exttype
) {
538 case SADB_EXT_IDENTITY_SRC
:
539 data_len
= pfkey_ident
->sadb_ident_len
* IPSEC_PFKEYv2_ALIGN
- sizeof(struct sadb_ident
);
541 extr
->ips
->ips_ident_s
.type
= pfkey_ident
->sadb_ident_type
;
542 extr
->ips
->ips_ident_s
.id
= pfkey_ident
->sadb_ident_id
;
543 extr
->ips
->ips_ident_s
.len
= pfkey_ident
->sadb_ident_len
;
545 KLIPS_PRINT(debug_pfkey
,
546 "klips_debug:pfkey_ident_process: "
547 "allocating %d bytes for ident_s.\n",
549 if(!(extr
->ips
->ips_ident_s
.data
550 = kmalloc(data_len
, GFP_KERNEL
))) {
553 memcpy(extr
->ips
->ips_ident_s
.data
,
554 (char*)pfkey_ident
+ sizeof(struct sadb_ident
),
557 extr
->ips
->ips_ident_s
.data
= NULL
;
560 case SADB_EXT_IDENTITY_DST
: /* Identity(ies) */
561 data_len
= pfkey_ident
->sadb_ident_len
* IPSEC_PFKEYv2_ALIGN
- sizeof(struct sadb_ident
);
563 extr
->ips
->ips_ident_d
.type
= pfkey_ident
->sadb_ident_type
;
564 extr
->ips
->ips_ident_d
.id
= pfkey_ident
->sadb_ident_id
;
565 extr
->ips
->ips_ident_d
.len
= pfkey_ident
->sadb_ident_len
;
567 KLIPS_PRINT(debug_pfkey
,
568 "klips_debug:pfkey_ident_process: "
569 "allocating %d bytes for ident_d.\n",
571 if(!(extr
->ips
->ips_ident_d
.data
572 = kmalloc(data_len
, GFP_KERNEL
))) {
575 memcpy(extr
->ips
->ips_ident_d
.data
,
576 (char*)pfkey_ident
+ sizeof(struct sadb_ident
),
579 extr
->ips
->ips_ident_d
.data
= NULL
;
590 pfkey_sens_process(struct sadb_ext
*pfkey_ext
, struct pfkey_extracted_data
* extr
)
594 KLIPS_PRINT(debug_pfkey
,
595 "klips_debug:pfkey_sens_process: "
596 "Sorry, I can't process exttype=%d yet.\n",
597 pfkey_ext
->sadb_ext_type
);
598 SENDERR(EINVAL
); /* don't process these yet */
604 pfkey_prop_process(struct sadb_ext
*pfkey_ext
, struct pfkey_extracted_data
* extr
)
608 KLIPS_PRINT(debug_pfkey
,
609 "klips_debug:pfkey_prop_process: "
610 "Sorry, I can't process exttype=%d yet.\n",
611 pfkey_ext
->sadb_ext_type
);
612 SENDERR(EINVAL
); /* don't process these yet */
619 pfkey_supported_process(struct sadb_ext
*pfkey_ext
, struct pfkey_extracted_data
* extr
)
623 KLIPS_PRINT(debug_pfkey
,
624 "klips_debug:pfkey_supported_process: "
625 "Sorry, I can't process exttype=%d yet.\n",
626 pfkey_ext
->sadb_ext_type
);
627 SENDERR(EINVAL
); /* don't process these yet */
634 pfkey_spirange_process(struct sadb_ext
*pfkey_ext
, struct pfkey_extracted_data
* extr
)
638 KLIPS_PRINT(debug_pfkey
,
639 "klips_debug:pfkey_spirange_process: .\n");
645 pfkey_x_kmprivate_process(struct sadb_ext
*pfkey_ext
, struct pfkey_extracted_data
* extr
)
649 KLIPS_PRINT(debug_pfkey
,
650 "klips_debug:pfkey_x_kmprivate_process: "
651 "Sorry, I can't process exttype=%d yet.\n",
652 pfkey_ext
->sadb_ext_type
);
653 SENDERR(EINVAL
); /* don't process these yet */
660 pfkey_x_satype_process(struct sadb_ext
*pfkey_ext
, struct pfkey_extracted_data
* extr
)
663 struct sadb_x_satype
*pfkey_x_satype
= (struct sadb_x_satype
*)pfkey_ext
;
665 KLIPS_PRINT(debug_pfkey
,
666 "klips_debug:pfkey_x_satype_process: .\n");
668 if(!extr
|| !extr
->ips
) {
669 KLIPS_PRINT(debug_pfkey
,
670 "klips_debug:pfkey_x_satype_process: "
671 "extr or extr->ips is NULL, fatal\n");
675 if(extr
->ips2
== NULL
) {
676 extr
->ips2
= ipsec_sa_alloc(&error
); /* pass error var by pointer */
678 if(extr
->ips2
== NULL
) {
681 if(!(extr
->ips2
->ips_said
.proto
= satype2proto(pfkey_x_satype
->sadb_x_satype_satype
))) {
682 KLIPS_PRINT(debug_pfkey
,
683 "klips_debug:pfkey_x_satype_process: "
684 "proto lookup from satype=%d failed.\n",
685 pfkey_x_satype
->sadb_x_satype_satype
);
688 KLIPS_PRINT(debug_pfkey
,
689 "klips_debug:pfkey_x_satype_process: "
690 "protocol==%d decoded from satype==%d(%s).\n",
691 extr
->ips2
->ips_said
.proto
,
692 pfkey_x_satype
->sadb_x_satype_satype
,
693 satype2name(pfkey_x_satype
->sadb_x_satype_satype
));
700 #ifdef CONFIG_IPSEC_NAT_TRAVERSAL
702 pfkey_x_nat_t_type_process(struct sadb_ext
*pfkey_ext
, struct pfkey_extracted_data
* extr
)
705 struct sadb_x_nat_t_type
*pfkey_x_nat_t_type
= (struct sadb_x_nat_t_type
*)pfkey_ext
;
707 if(!pfkey_x_nat_t_type
) {
708 printk("klips_debug:pfkey_x_nat_t_type_process: "
709 "null pointer passed in\n");
713 KLIPS_PRINT(debug_pfkey
,
714 "klips_debug:pfkey_x_nat_t_type_process: %d.\n",
715 pfkey_x_nat_t_type
->sadb_x_nat_t_type_type
);
717 if(!extr
|| !extr
->ips
) {
718 KLIPS_PRINT(debug_pfkey
,
719 "klips_debug:pfkey_nat_t_type_process: "
720 "extr or extr->ips is NULL, fatal\n");
724 switch(pfkey_x_nat_t_type
->sadb_x_nat_t_type_type
) {
725 case ESPINUDP_WITH_NON_IKE
: /* with Non-IKE */
726 case ESPINUDP_WITH_NON_ESP
: /* with Non-ESP */
727 extr
->ips
->ips_natt_type
= pfkey_x_nat_t_type
->sadb_x_nat_t_type_type
;
730 KLIPS_PRINT(debug_pfkey
,
731 "klips_debug:pfkey_x_nat_t_type_process: "
732 "unknown type %d.\n",
733 pfkey_x_nat_t_type
->sadb_x_nat_t_type_type
);
743 pfkey_x_nat_t_port_process(struct sadb_ext
*pfkey_ext
, struct pfkey_extracted_data
* extr
)
746 struct sadb_x_nat_t_port
*pfkey_x_nat_t_port
= (struct sadb_x_nat_t_port
*)pfkey_ext
;
748 if(!pfkey_x_nat_t_port
) {
749 printk("klips_debug:pfkey_x_nat_t_port_process: "
750 "null pointer passed in\n");
754 KLIPS_PRINT(debug_pfkey
,
755 "klips_debug:pfkey_x_nat_t_port_process: %d/%d.\n",
756 pfkey_x_nat_t_port
->sadb_x_nat_t_port_exttype
,
757 pfkey_x_nat_t_port
->sadb_x_nat_t_port_port
);
759 if(!extr
|| !extr
->ips
) {
760 KLIPS_PRINT(debug_pfkey
,
761 "klips_debug:pfkey_nat_t_type_process: "
762 "extr or extr->ips is NULL, fatal\n");
766 switch(pfkey_x_nat_t_port
->sadb_x_nat_t_port_exttype
) {
767 case SADB_X_EXT_NAT_T_SPORT
:
768 extr
->ips
->ips_natt_sport
= pfkey_x_nat_t_port
->sadb_x_nat_t_port_port
;
770 case SADB_X_EXT_NAT_T_DPORT
:
771 extr
->ips
->ips_natt_dport
= pfkey_x_nat_t_port
->sadb_x_nat_t_port_port
;
774 KLIPS_PRINT(debug_pfkey
,
775 "klips_debug:pfkey_x_nat_t_port_process: "
776 "unknown exttype %d.\n",
777 pfkey_x_nat_t_port
->sadb_x_nat_t_port_exttype
);
788 pfkey_x_debug_process(struct sadb_ext
*pfkey_ext
, struct pfkey_extracted_data
* extr
)
791 struct sadb_x_debug
*pfkey_x_debug
= (struct sadb_x_debug
*)pfkey_ext
;
794 printk("klips_debug:pfkey_x_debug_process: "
795 "null pointer passed in\n");
799 KLIPS_PRINT(debug_pfkey
,
800 "klips_debug:pfkey_x_debug_process: .\n");
802 #ifdef CONFIG_IPSEC_DEBUG
803 if(pfkey_x_debug
->sadb_x_debug_netlink
>>
804 (sizeof(pfkey_x_debug
->sadb_x_debug_netlink
) * 8 - 1)) {
805 pfkey_x_debug
->sadb_x_debug_netlink
&=
806 ~(1 << (sizeof(pfkey_x_debug
->sadb_x_debug_netlink
) * 8 -1));
807 debug_tunnel
|= pfkey_x_debug
->sadb_x_debug_tunnel
;
808 debug_netlink
|= pfkey_x_debug
->sadb_x_debug_netlink
;
809 debug_xform
|= pfkey_x_debug
->sadb_x_debug_xform
;
810 debug_eroute
|= pfkey_x_debug
->sadb_x_debug_eroute
;
811 debug_spi
|= pfkey_x_debug
->sadb_x_debug_spi
;
812 debug_radij
|= pfkey_x_debug
->sadb_x_debug_radij
;
813 debug_esp
|= pfkey_x_debug
->sadb_x_debug_esp
;
814 debug_ah
|= pfkey_x_debug
->sadb_x_debug_ah
;
815 debug_rcv
|= pfkey_x_debug
->sadb_x_debug_rcv
;
816 debug_pfkey
|= pfkey_x_debug
->sadb_x_debug_pfkey
;
817 #ifdef CONFIG_IPSEC_IPCOMP
818 sysctl_ipsec_debug_ipcomp
|= pfkey_x_debug
->sadb_x_debug_ipcomp
;
819 #endif /* CONFIG_IPSEC_IPCOMP */
820 sysctl_ipsec_debug_verbose
|= pfkey_x_debug
->sadb_x_debug_verbose
;
821 KLIPS_PRINT(debug_pfkey
,
822 "klips_debug:pfkey_x_debug_process: "
825 KLIPS_PRINT(debug_pfkey
,
826 "klips_debug:pfkey_x_debug_process: "
828 debug_tunnel
&= pfkey_x_debug
->sadb_x_debug_tunnel
;
829 debug_netlink
&= pfkey_x_debug
->sadb_x_debug_netlink
;
830 debug_xform
&= pfkey_x_debug
->sadb_x_debug_xform
;
831 debug_eroute
&= pfkey_x_debug
->sadb_x_debug_eroute
;
832 debug_spi
&= pfkey_x_debug
->sadb_x_debug_spi
;
833 debug_radij
&= pfkey_x_debug
->sadb_x_debug_radij
;
834 debug_esp
&= pfkey_x_debug
->sadb_x_debug_esp
;
835 debug_ah
&= pfkey_x_debug
->sadb_x_debug_ah
;
836 debug_rcv
&= pfkey_x_debug
->sadb_x_debug_rcv
;
837 debug_pfkey
&= pfkey_x_debug
->sadb_x_debug_pfkey
;
838 #ifdef CONFIG_IPSEC_IPCOMP
839 sysctl_ipsec_debug_ipcomp
&= pfkey_x_debug
->sadb_x_debug_ipcomp
;
840 #endif /* CONFIG_IPSEC_IPCOMP */
841 sysctl_ipsec_debug_verbose
&= pfkey_x_debug
->sadb_x_debug_verbose
;
843 #else /* CONFIG_IPSEC_DEBUG */
844 printk("klips_debug:pfkey_x_debug_process: "
845 "debugging not enabled\n");
847 #endif /* CONFIG_IPSEC_DEBUG */