]> git.ipfire.org Git - people/ms/strongswan.git/blob - linux/net/ipsec/pfkey_v2_ext_process.c
projects / people / ms / strongswan.git / blob
? search:


9269bd59e69bf4b97f105c5da608ad3d647da7e4
[people/ms/strongswan.git] / linux / net / ipsec / pfkey_v2_ext_process.c
1 /*
2 * @(#) RFC2367 PF_KEYv2 Key management API message parser
3 * Copyright (C) 1999, 2000, 2001 Richard Guy Briggs <rgb@freeswan.org>
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 *
15 * RCSID $Id: pfkey_v2_ext_process.c,v 1.3 2004/06/13 19:57:50 as Exp $
16 */
17
18 /*
19 * Template from klips/net/ipsec/ipsec/ipsec_netlink.c.
20 */
21
22 char pfkey_v2_ext_process_c_version[] = "$Id: pfkey_v2_ext_process.c,v 1.3 2004/06/13 19:57:50 as Exp $";
23
24 #include <linux/config.h>
25 #include <linux/version.h>
26 #include <linux/kernel.h> /* printk() */
27
28 #include "freeswan/ipsec_param.h"
29
30 #ifdef MALLOC_SLAB
31 # include <linux/slab.h> /* kmalloc() */
32 #else /* MALLOC_SLAB */
33 # include <linux/malloc.h> /* kmalloc() */
34 #endif /* MALLOC_SLAB */
35 #include <linux/errno.h> /* error codes */
36 #include <linux/types.h> /* size_t */
37 #include <linux/interrupt.h> /* mark_bh */
38
39 #include <linux/netdevice.h> /* struct device, and other headers */
40 #include <linux/etherdevice.h> /* eth_type_trans */
41 #include <linux/ip.h> /* struct iphdr */
42 #include <linux/skbuff.h>
43
44 #include <freeswan.h>
45
46 #include <crypto/des.h>
47
48 #ifdef SPINLOCK
49 # ifdef SPINLOCK_23
50 # include <linux/spinlock.h> /* *lock* */
51 # else /* SPINLOCK_23 */
52 # include <asm/spinlock.h> /* *lock* */
53 # endif /* SPINLOCK_23 */
54 #endif /* SPINLOCK */
55 #ifdef NET_21
56 # include <asm/uaccess.h>
57 # include <linux/in6.h>
58 # define ip_chk_addr inet_addr_type
59 # define IS_MYADDR RTN_LOCAL
60 #endif
61 #include <asm/checksum.h>
62 #include <net/ip.h>
63 #ifdef NETLINK_SOCK
64 # include <linux/netlink.h>
65 #else
66 # include <net/netlink.h>
67 #endif
68
69 #include <linux/random.h> /* get_random_bytes() */
70
71 #include "freeswan/radij.h"
72 #include "freeswan/ipsec_encap.h"
73 #include "freeswan/ipsec_sa.h"
74
75 #include "freeswan/ipsec_radij.h"
76 #include "freeswan/ipsec_xform.h"
77 #include "freeswan/ipsec_ah.h"
78 #include "freeswan/ipsec_esp.h"
79 #include "freeswan/ipsec_tunnel.h"
80 #include "freeswan/ipsec_rcv.h"
81 #include "freeswan/ipcomp.h"
82
83 #include <pfkeyv2.h>
84 #include <pfkey.h>
85
86 #include "freeswan/ipsec_proto.h"
87 #include "freeswan/ipsec_alg.h"
88
89 #define SENDERR(_x) do { error = -(_x); goto errlab; } while (0)
90
91 int
92 pfkey_sa_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr)
93 {
94 struct sadb_sa *pfkey_sa = (struct sadb_sa *)pfkey_ext;
95 int error = 0;
96 struct ipsec_sa* ipsp;
97
98 KLIPS_PRINT(debug_pfkey,
99 "klips_debug:pfkey_sa_process: .\n");
100
101 if(!extr || !extr->ips) {
102 KLIPS_PRINT(debug_pfkey,
103 "klips_debug:pfkey_sa_process: "
104 "extr or extr->ips is NULL, fatal\n");
105 SENDERR(EINVAL);
106 }
107
108 switch(pfkey_ext->sadb_ext_type) {
109 case SADB_EXT_SA:
110 ipsp = extr->ips;
111 break;
112 case SADB_X_EXT_SA2:
113 if(extr->ips2 == NULL) {
114 extr->ips2 = ipsec_sa_alloc(&error); /* pass error var by pointer */
115 }
116 if(extr->ips2 == NULL) {
117 SENDERR(-error);
118 }
119 ipsp = extr->ips2;
120 break;
121 default:
122 KLIPS_PRINT(debug_pfkey,
123 "klips_debug:pfkey_sa_process: "
124 "invalid exttype=%d.\n",
125 pfkey_ext->sadb_ext_type);
126 SENDERR(EINVAL);
127 }
128
129 ipsp->ips_said.spi = pfkey_sa->sadb_sa_spi;
130 ipsp->ips_replaywin = pfkey_sa->sadb_sa_replay;
131 ipsp->ips_state = pfkey_sa->sadb_sa_state;
132 ipsp->ips_flags = pfkey_sa->sadb_sa_flags;
133 ipsp->ips_replaywin_lastseq = ipsp->ips_replaywin_bitmap = 0;
134 ipsp->ips_ref_rel = pfkey_sa->sadb_x_sa_ref;
135
136 switch(ipsp->ips_said.proto) {
137 case IPPROTO_AH:
138 ipsp->ips_authalg = pfkey_sa->sadb_sa_auth;
139 ipsp->ips_encalg = SADB_EALG_NONE;
140 break;
141 case IPPROTO_ESP:
142 ipsp->ips_authalg = pfkey_sa->sadb_sa_auth;
143 ipsp->ips_encalg = pfkey_sa->sadb_sa_encrypt;
144 #ifdef CONFIG_IPSEC_ALG
145 ipsec_alg_sa_init(ipsp);
146 #endif /* CONFIG_IPSEC_ALG */
147 break;
148 case IPPROTO_IPIP:
149 ipsp->ips_authalg = AH_NONE;
150 ipsp->ips_encalg = ESP_NONE;
151 break;
152 #ifdef CONFIG_IPSEC_IPCOMP
153 case IPPROTO_COMP:
154 ipsp->ips_authalg = AH_NONE;
155 ipsp->ips_encalg = pfkey_sa->sadb_sa_encrypt;
156 break;
157 #endif /* CONFIG_IPSEC_IPCOMP */
158 case IPPROTO_INT:
159 ipsp->ips_authalg = AH_NONE;
160 ipsp->ips_encalg = ESP_NONE;
161 break;
162 case 0:
163 break;
164 default:
165 KLIPS_PRINT(debug_pfkey,
166 "klips_debug:pfkey_sa_process: "
167 "unknown proto=%d.\n",
168 ipsp->ips_said.proto);
169 SENDERR(EINVAL);
170 }
171
172 errlab:
173 return error;
174 }
175
176 int
177 pfkey_lifetime_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr)
178 {
179 int error = 0;
180 struct sadb_lifetime *pfkey_lifetime = (struct sadb_lifetime *)pfkey_ext;
181
182 KLIPS_PRINT(debug_pfkey,
183 "klips_debug:pfkey_lifetime_process: .\n");
184
185 if(!extr || !extr->ips) {
186 KLIPS_PRINT(debug_pfkey,
187 "klips_debug:pfkey_lifetime_process: "
188 "extr or extr->ips is NULL, fatal\n");
189 SENDERR(EINVAL);
190 }
191
192 switch(pfkey_lifetime->sadb_lifetime_exttype) {
193 case SADB_EXT_LIFETIME_CURRENT:
194 KLIPS_PRINT(debug_pfkey,
195 "klips_debug:pfkey_lifetime_process: "
196 "lifetime_current not supported yet.\n");
197 SENDERR(EINVAL);
198 break;
199 case SADB_EXT_LIFETIME_HARD:
200 ipsec_lifetime_update_hard(&extr->ips->ips_life.ipl_allocations,
201 pfkey_lifetime->sadb_lifetime_allocations);
202
203 ipsec_lifetime_update_hard(&extr->ips->ips_life.ipl_bytes,
204 pfkey_lifetime->sadb_lifetime_bytes);
205
206 ipsec_lifetime_update_hard(&extr->ips->ips_life.ipl_addtime,
207 pfkey_lifetime->sadb_lifetime_addtime);
208
209 ipsec_lifetime_update_hard(&extr->ips->ips_life.ipl_usetime,
210 pfkey_lifetime->sadb_lifetime_usetime);
211
212 break;
213
214 case SADB_EXT_LIFETIME_SOFT:
215 ipsec_lifetime_update_soft(&extr->ips->ips_life.ipl_allocations,
216 pfkey_lifetime->sadb_lifetime_allocations);
217
218 ipsec_lifetime_update_soft(&extr->ips->ips_life.ipl_bytes,
219 pfkey_lifetime->sadb_lifetime_bytes);
220
221 ipsec_lifetime_update_soft(&extr->ips->ips_life.ipl_addtime,
222 pfkey_lifetime->sadb_lifetime_addtime);
223
224 ipsec_lifetime_update_soft(&extr->ips->ips_life.ipl_usetime,
225 pfkey_lifetime->sadb_lifetime_usetime);
226
227 break;
228 default:
229 KLIPS_PRINT(debug_pfkey,
230 "klips_debug:pfkey_lifetime_process: "
231 "invalid exttype=%d.\n",
232 pfkey_ext->sadb_ext_type);
233 SENDERR(EINVAL);
234 }
235
236 errlab:
237 return error;
238 }
239
240 int
241 pfkey_address_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr)
242 {
243 int error = 0;
244 int saddr_len = 0;
245 char ipaddr_txt[ADDRTOA_BUF];
246 unsigned char **sap;
247 unsigned short * portp = 0;
248 struct sadb_address *pfkey_address = (struct sadb_address *)pfkey_ext;
249 struct sockaddr* s = (struct sockaddr*)((char*)pfkey_address + sizeof(*pfkey_address));
250 struct ipsec_sa* ipsp;
251
252 KLIPS_PRINT(debug_pfkey,
253 "klips_debug:pfkey_address_process:\n");
254
255 if(!extr || !extr->ips) {
256 KLIPS_PRINT(debug_pfkey,
257 "klips_debug:pfkey_address_process: "
258 "extr or extr->ips is NULL, fatal\n");
259 SENDERR(EINVAL);
260 }
261
262 switch(s->sa_family) {
263 case AF_INET:
264 saddr_len = sizeof(struct sockaddr_in);
265 addrtoa(((struct sockaddr_in*)s)->sin_addr, 0, ipaddr_txt, sizeof(ipaddr_txt));
266 KLIPS_PRINT(debug_pfkey,
267 "klips_debug:pfkey_address_process: "
268 "found address family=%d, AF_INET, %s.\n",
269 s->sa_family,
270 ipaddr_txt);
271 break;
272 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
273 case AF_INET6:
274 saddr_len = sizeof(struct sockaddr_in6);
275 break;
276 #endif /* defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) */
277 default:
278 KLIPS_PRINT(debug_pfkey,
279 "klips_debug:pfkey_address_process: "
280 "s->sa_family=%d not supported.\n",
281 s->sa_family);
282 SENDERR(EPFNOSUPPORT);
283 }
284
285 switch(pfkey_address->sadb_address_exttype) {
286 case SADB_EXT_ADDRESS_SRC:
287 KLIPS_PRINT(debug_pfkey,
288 "klips_debug:pfkey_address_process: "
289 "found src address.\n");
290 sap = (unsigned char **)&(extr->ips->ips_addr_s);
291 extr->ips->ips_addr_s_size = saddr_len;
292 break;
293 case SADB_EXT_ADDRESS_DST:
294 KLIPS_PRINT(debug_pfkey,
295 "klips_debug:pfkey_address_process: "
296 "found dst address.\n");
297 sap = (unsigned char **)&(extr->ips->ips_addr_d);
298 extr->ips->ips_addr_d_size = saddr_len;
299 break;
300 case SADB_EXT_ADDRESS_PROXY:
301 KLIPS_PRINT(debug_pfkey,
302 "klips_debug:pfkey_address_process: "
303 "found proxy address.\n");
304 sap = (unsigned char **)&(extr->ips->ips_addr_p);
305 extr->ips->ips_addr_p_size = saddr_len;
306 break;
307 case SADB_X_EXT_ADDRESS_DST2:
308 KLIPS_PRINT(debug_pfkey,
309 "klips_debug:pfkey_address_process: "
310 "found 2nd dst address.\n");
311 if(extr->ips2 == NULL) {
312 extr->ips2 = ipsec_sa_alloc(&error); /* pass error var by pointer */
313 }
314 if(extr->ips2 == NULL) {
315 SENDERR(-error);
316 }
317 sap = (unsigned char **)&(extr->ips2->ips_addr_d);
318 extr->ips2->ips_addr_d_size = saddr_len;
319 break;
320 case SADB_X_EXT_ADDRESS_SRC_FLOW:
321 KLIPS_PRINT(debug_pfkey,
322 "klips_debug:pfkey_address_process: "
323 "found src flow address.\n");
324 if(pfkey_alloc_eroute(&(extr->eroute)) == ENOMEM) {
325 SENDERR(ENOMEM);
326 }
327 sap = (unsigned char **)&(extr->eroute->er_eaddr.sen_ip_src);
328 portp = &(extr->eroute->er_eaddr.sen_sport);
329 break;
330 case SADB_X_EXT_ADDRESS_DST_FLOW:
331 KLIPS_PRINT(debug_pfkey,
332 "klips_debug:pfkey_address_process: "
333 "found dst flow address.\n");
334 if(pfkey_alloc_eroute(&(extr->eroute)) == ENOMEM) {
335 SENDERR(ENOMEM);
336 }
337 sap = (unsigned char **)&(extr->eroute->er_eaddr.sen_ip_dst);
338 portp = &(extr->eroute->er_eaddr.sen_dport);
339 break;
340 case SADB_X_EXT_ADDRESS_SRC_MASK:
341 KLIPS_PRINT(debug_pfkey,
342 "klips_debug:pfkey_address_process: "
343 "found src mask address.\n");
344 if(pfkey_alloc_eroute(&(extr->eroute)) == ENOMEM) {
345 SENDERR(ENOMEM);
346 }
347 sap = (unsigned char **)&(extr->eroute->er_emask.sen_ip_src);
348 portp = &(extr->eroute->er_emask.sen_sport);
349 break;
350 case SADB_X_EXT_ADDRESS_DST_MASK:
351 KLIPS_PRINT(debug_pfkey,
352 "klips_debug:pfkey_address_process: "
353 "found dst mask address.\n");
354 if(pfkey_alloc_eroute(&(extr->eroute)) == ENOMEM) {
355 SENDERR(ENOMEM);
356 }
357 sap = (unsigned char **)&(extr->eroute->er_emask.sen_ip_dst);
358 portp = &(extr->eroute->er_emask.sen_dport);
359 break;
360 #ifdef NAT_TRAVERSAL
361 case SADB_X_EXT_NAT_T_OA:
362 KLIPS_PRINT(debug_pfkey,
363 "klips_debug:pfkey_address_process: "
364 "found NAT-OA address.\n");
365 sap = (unsigned char **)&(extr->ips->ips_natt_oa);
366 extr->ips->ips_natt_oa_size = saddr_len;
367 break;
368 #endif
369 default:
370 KLIPS_PRINT(debug_pfkey,
371 "klips_debug:pfkey_address_process: "
372 "unrecognised ext_type=%d.\n",
373 pfkey_address->sadb_address_exttype);
374 SENDERR(EINVAL);
375 }
376
377 switch(pfkey_address->sadb_address_exttype) {
378 case SADB_EXT_ADDRESS_SRC:
379 case SADB_EXT_ADDRESS_DST:
380 case SADB_EXT_ADDRESS_PROXY:
381 case SADB_X_EXT_ADDRESS_DST2:
382 #ifdef NAT_TRAVERSAL
383 case SADB_X_EXT_NAT_T_OA:
384 #endif
385 KLIPS_PRINT(debug_pfkey,
386 "klips_debug:pfkey_address_process: "
387 "allocating %d bytes for saddr.\n",
388 saddr_len);
389 if(!(*sap = kmalloc(saddr_len, GFP_KERNEL))) {
390 SENDERR(ENOMEM);
391 }
392 memcpy(*sap, s, saddr_len);
393 break;
394 default:
395 if(s->sa_family != AF_INET) {
396 KLIPS_PRINT(debug_pfkey,
397 "klips_debug:pfkey_address_process: "
398 "s->sa_family=%d not supported.\n",
399 s->sa_family);
400 SENDERR(EPFNOSUPPORT);
401 }
402 (unsigned long)(*sap) = ((struct sockaddr_in*)s)->sin_addr.s_addr;
403 if (portp != 0)
404 *portp = ((struct sockaddr_in*)s)->sin_port;
405 #ifdef CONFIG_IPSEC_DEBUG
406 if(extr->eroute) {
407 char buf1[64], buf2[64];
408 if (debug_pfkey) {
409 subnettoa(extr->eroute->er_eaddr.sen_ip_src,
410 extr->eroute->er_emask.sen_ip_src, 0, buf1, sizeof(buf1));
411 subnettoa(extr->eroute->er_eaddr.sen_ip_dst,
412 extr->eroute->er_emask.sen_ip_dst, 0, buf2, sizeof(buf2));
413 KLIPS_PRINT(debug_pfkey,
414 "klips_debug:pfkey_address_parse: "
415 "extr->eroute set to %s:%d->%s:%d\n",
416 buf1,
417 ntohs(extr->eroute->er_eaddr.sen_sport),
418 buf2,
419 ntohs(extr->eroute->er_eaddr.sen_dport));
420 }
421 }
422 #endif /* CONFIG_IPSEC_DEBUG */
423 }
424
425 ipsp = extr->ips;
426 switch(pfkey_address->sadb_address_exttype) {
427 case SADB_X_EXT_ADDRESS_DST2:
428 ipsp = extr->ips2;
429 case SADB_EXT_ADDRESS_DST:
430 if(s->sa_family == AF_INET) {
431 ipsp->ips_said.dst.s_addr = ((struct sockaddr_in*)(ipsp->ips_addr_d))->sin_addr.s_addr;
432 addrtoa(((struct sockaddr_in*)(ipsp->ips_addr_d))->sin_addr,
433 0,
434 ipaddr_txt,
435 sizeof(ipaddr_txt));
436 KLIPS_PRINT(debug_pfkey,
437 "klips_debug:pfkey_address_process: "
438 "ips_said.dst set to %s.\n",
439 ipaddr_txt);
440 } else {
441 KLIPS_PRINT(debug_pfkey,
442 "klips_debug:pfkey_address_process: "
443 "uh, ips_said.dst doesn't do address family=%d yet, said will be invalid.\n",
444 s->sa_family);
445 }
446 default:
447 break;
448 }
449
450 /* XXX check if port!=0 */
451
452 KLIPS_PRINT(debug_pfkey,
453 "klips_debug:pfkey_address_process: successful.\n");
454 errlab:
455 return error;
456 }
457
458 int
459 pfkey_key_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr)
460 {
461 int error = 0;
462 struct sadb_key *pfkey_key = (struct sadb_key *)pfkey_ext;
463
464 KLIPS_PRINT(debug_pfkey,
465 "klips_debug:pfkey_key_process: .\n");
466
467 if(!extr || !extr->ips) {
468 KLIPS_PRINT(debug_pfkey,
469 "klips_debug:pfkey_key_process: "
470 "extr or extr->ips is NULL, fatal\n");
471 SENDERR(EINVAL);
472 }
473
474 switch(pfkey_key->sadb_key_exttype) {
475 case SADB_EXT_KEY_AUTH:
476 KLIPS_PRINT(debug_pfkey,
477 "klips_debug:pfkey_key_process: "
478 "allocating %d bytes for authkey.\n",
479 DIVUP(pfkey_key->sadb_key_bits, 8));
480 if(!(extr->ips->ips_key_a = kmalloc(DIVUP(pfkey_key->sadb_key_bits, 8), GFP_KERNEL))) {
481 KLIPS_PRINT(debug_pfkey,
482 "klips_debug:pfkey_key_process: "
483 "memory allocation error.\n");
484 SENDERR(ENOMEM);
485 }
486 extr->ips->ips_key_bits_a = pfkey_key->sadb_key_bits;
487 extr->ips->ips_key_a_size = DIVUP(pfkey_key->sadb_key_bits, 8);
488 memcpy(extr->ips->ips_key_a,
489 (char*)pfkey_key + sizeof(struct sadb_key),
490 extr->ips->ips_key_a_size);
491 break;
492 case SADB_EXT_KEY_ENCRYPT: /* Key(s) */
493 KLIPS_PRINT(debug_pfkey,
494 "klips_debug:pfkey_key_process: "
495 "allocating %d bytes for enckey.\n",
496 DIVUP(pfkey_key->sadb_key_bits, 8));
497 if(!(extr->ips->ips_key_e = kmalloc(DIVUP(pfkey_key->sadb_key_bits, 8), GFP_KERNEL))) {
498 KLIPS_PRINT(debug_pfkey,
499 "klips_debug:pfkey_key_process: "
500 "memory allocation error.\n");
501 SENDERR(ENOMEM);
502 }
503 extr->ips->ips_key_bits_e = pfkey_key->sadb_key_bits;
504 extr->ips->ips_key_e_size = DIVUP(pfkey_key->sadb_key_bits, 8);
505 memcpy(extr->ips->ips_key_e,
506 (char*)pfkey_key + sizeof(struct sadb_key),
507 extr->ips->ips_key_e_size);
508 break;
509 default:
510 SENDERR(EINVAL);
511 }
512
513 KLIPS_PRINT(debug_pfkey,
514 "klips_debug:pfkey_key_process: "
515 "success.\n");
516 errlab:
517 return error;
518 }
519
520 int
521 pfkey_ident_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr)
522 {
523 int error = 0;
524 struct sadb_ident *pfkey_ident = (struct sadb_ident *)pfkey_ext;
525 int data_len;
526
527 KLIPS_PRINT(debug_pfkey,
528 "klips_debug:pfkey_ident_process: .\n");
529
530 if(!extr || !extr->ips) {
531 KLIPS_PRINT(debug_pfkey,
532 "klips_debug:pfkey_ident_process: "
533 "extr or extr->ips is NULL, fatal\n");
534 SENDERR(EINVAL);
535 }
536
537 switch(pfkey_ident->sadb_ident_exttype) {
538 case SADB_EXT_IDENTITY_SRC:
539 data_len = pfkey_ident->sadb_ident_len * IPSEC_PFKEYv2_ALIGN - sizeof(struct sadb_ident);
540
541 extr->ips->ips_ident_s.type = pfkey_ident->sadb_ident_type;
542 extr->ips->ips_ident_s.id = pfkey_ident->sadb_ident_id;
543 extr->ips->ips_ident_s.len = pfkey_ident->sadb_ident_len;
544 if(data_len) {
545 KLIPS_PRINT(debug_pfkey,
546 "klips_debug:pfkey_ident_process: "
547 "allocating %d bytes for ident_s.\n",
548 data_len);
549 if(!(extr->ips->ips_ident_s.data
550 = kmalloc(data_len, GFP_KERNEL))) {
551 SENDERR(ENOMEM);
552 }
553 memcpy(extr->ips->ips_ident_s.data,
554 (char*)pfkey_ident + sizeof(struct sadb_ident),
555 data_len);
556 } else {
557 extr->ips->ips_ident_s.data = NULL;
558 }
559 break;
560 case SADB_EXT_IDENTITY_DST: /* Identity(ies) */
561 data_len = pfkey_ident->sadb_ident_len * IPSEC_PFKEYv2_ALIGN - sizeof(struct sadb_ident);
562
563 extr->ips->ips_ident_d.type = pfkey_ident->sadb_ident_type;
564 extr->ips->ips_ident_d.id = pfkey_ident->sadb_ident_id;
565 extr->ips->ips_ident_d.len = pfkey_ident->sadb_ident_len;
566 if(data_len) {
567 KLIPS_PRINT(debug_pfkey,
568 "klips_debug:pfkey_ident_process: "
569 "allocating %d bytes for ident_d.\n",
570 data_len);
571 if(!(extr->ips->ips_ident_d.data
572 = kmalloc(data_len, GFP_KERNEL))) {
573 SENDERR(ENOMEM);
574 }
575 memcpy(extr->ips->ips_ident_d.data,
576 (char*)pfkey_ident + sizeof(struct sadb_ident),
577 data_len);
578 } else {
579 extr->ips->ips_ident_d.data = NULL;
580 }
581 break;
582 default:
583 SENDERR(EINVAL);
584 }
585 errlab:
586 return error;
587 }
588
589 int
590 pfkey_sens_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr)
591 {
592 int error = 0;
593
594 KLIPS_PRINT(debug_pfkey,
595 "klips_debug:pfkey_sens_process: "
596 "Sorry, I can't process exttype=%d yet.\n",
597 pfkey_ext->sadb_ext_type);
598 SENDERR(EINVAL); /* don't process these yet */
599 errlab:
600 return error;
601 }
602
603 int
604 pfkey_prop_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr)
605 {
606 int error = 0;
607
608 KLIPS_PRINT(debug_pfkey,
609 "klips_debug:pfkey_prop_process: "
610 "Sorry, I can't process exttype=%d yet.\n",
611 pfkey_ext->sadb_ext_type);
612 SENDERR(EINVAL); /* don't process these yet */
613
614 errlab:
615 return error;
616 }
617
618 int
619 pfkey_supported_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr)
620 {
621 int error = 0;
622
623 KLIPS_PRINT(debug_pfkey,
624 "klips_debug:pfkey_supported_process: "
625 "Sorry, I can't process exttype=%d yet.\n",
626 pfkey_ext->sadb_ext_type);
627 SENDERR(EINVAL); /* don't process these yet */
628
629 errlab:
630 return error;
631 }
632
633 int
634 pfkey_spirange_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr)
635 {
636 int error = 0;
637
638 KLIPS_PRINT(debug_pfkey,
639 "klips_debug:pfkey_spirange_process: .\n");
640 /* errlab: */
641 return error;
642 }
643
644 int
645 pfkey_x_kmprivate_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr)
646 {
647 int error = 0;
648
649 KLIPS_PRINT(debug_pfkey,
650 "klips_debug:pfkey_x_kmprivate_process: "
651 "Sorry, I can't process exttype=%d yet.\n",
652 pfkey_ext->sadb_ext_type);
653 SENDERR(EINVAL); /* don't process these yet */
654
655 errlab:
656 return error;
657 }
658
659 int
660 pfkey_x_satype_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr)
661 {
662 int error = 0;
663 struct sadb_x_satype *pfkey_x_satype = (struct sadb_x_satype *)pfkey_ext;
664
665 KLIPS_PRINT(debug_pfkey,
666 "klips_debug:pfkey_x_satype_process: .\n");
667
668 if(!extr || !extr->ips) {
669 KLIPS_PRINT(debug_pfkey,
670 "klips_debug:pfkey_x_satype_process: "
671 "extr or extr->ips is NULL, fatal\n");
672 SENDERR(EINVAL);
673 }
674
675 if(extr->ips2 == NULL) {
676 extr->ips2 = ipsec_sa_alloc(&error); /* pass error var by pointer */
677 }
678 if(extr->ips2 == NULL) {
679 SENDERR(-error);
680 }
681 if(!(extr->ips2->ips_said.proto = satype2proto(pfkey_x_satype->sadb_x_satype_satype))) {
682 KLIPS_PRINT(debug_pfkey,
683 "klips_debug:pfkey_x_satype_process: "
684 "proto lookup from satype=%d failed.\n",
685 pfkey_x_satype->sadb_x_satype_satype);
686 SENDERR(EINVAL);
687 }
688 KLIPS_PRINT(debug_pfkey,
689 "klips_debug:pfkey_x_satype_process: "
690 "protocol==%d decoded from satype==%d(%s).\n",
691 extr->ips2->ips_said.proto,
692 pfkey_x_satype->sadb_x_satype_satype,
693 satype2name(pfkey_x_satype->sadb_x_satype_satype));
694
695 errlab:
696 return error;
697 }
698
699
700 #ifdef CONFIG_IPSEC_NAT_TRAVERSAL
701 int
702 pfkey_x_nat_t_type_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr)
703 {
704 int error = 0;
705 struct sadb_x_nat_t_type *pfkey_x_nat_t_type = (struct sadb_x_nat_t_type *)pfkey_ext;
706
707 if(!pfkey_x_nat_t_type) {
708 printk("klips_debug:pfkey_x_nat_t_type_process: "
709 "null pointer passed in\n");
710 SENDERR(EINVAL);
711 }
712
713 KLIPS_PRINT(debug_pfkey,
714 "klips_debug:pfkey_x_nat_t_type_process: %d.\n",
715 pfkey_x_nat_t_type->sadb_x_nat_t_type_type);
716
717 if(!extr || !extr->ips) {
718 KLIPS_PRINT(debug_pfkey,
719 "klips_debug:pfkey_nat_t_type_process: "
720 "extr or extr->ips is NULL, fatal\n");
721 SENDERR(EINVAL);
722 }
723
724 switch(pfkey_x_nat_t_type->sadb_x_nat_t_type_type) {
725 case ESPINUDP_WITH_NON_IKE: /* with Non-IKE */
726 case ESPINUDP_WITH_NON_ESP: /* with Non-ESP */
727 extr->ips->ips_natt_type = pfkey_x_nat_t_type->sadb_x_nat_t_type_type;
728 break;
729 default:
730 KLIPS_PRINT(debug_pfkey,
731 "klips_debug:pfkey_x_nat_t_type_process: "
732 "unknown type %d.\n",
733 pfkey_x_nat_t_type->sadb_x_nat_t_type_type);
734 SENDERR(EINVAL);
735 break;
736 }
737
738 errlab:
739 return error;
740 }
741
742 int
743 pfkey_x_nat_t_port_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr)
744 {
745 int error = 0;
746 struct sadb_x_nat_t_port *pfkey_x_nat_t_port = (struct sadb_x_nat_t_port *)pfkey_ext;
747
748 if(!pfkey_x_nat_t_port) {
749 printk("klips_debug:pfkey_x_nat_t_port_process: "
750 "null pointer passed in\n");
751 SENDERR(EINVAL);
752 }
753
754 KLIPS_PRINT(debug_pfkey,
755 "klips_debug:pfkey_x_nat_t_port_process: %d/%d.\n",
756 pfkey_x_nat_t_port->sadb_x_nat_t_port_exttype,
757 pfkey_x_nat_t_port->sadb_x_nat_t_port_port);
758
759 if(!extr || !extr->ips) {
760 KLIPS_PRINT(debug_pfkey,
761 "klips_debug:pfkey_nat_t_type_process: "
762 "extr or extr->ips is NULL, fatal\n");
763 SENDERR(EINVAL);
764 }
765
766 switch(pfkey_x_nat_t_port->sadb_x_nat_t_port_exttype) {
767 case SADB_X_EXT_NAT_T_SPORT:
768 extr->ips->ips_natt_sport = pfkey_x_nat_t_port->sadb_x_nat_t_port_port;
769 break;
770 case SADB_X_EXT_NAT_T_DPORT:
771 extr->ips->ips_natt_dport = pfkey_x_nat_t_port->sadb_x_nat_t_port_port;
772 break;
773 default:
774 KLIPS_PRINT(debug_pfkey,
775 "klips_debug:pfkey_x_nat_t_port_process: "
776 "unknown exttype %d.\n",
777 pfkey_x_nat_t_port->sadb_x_nat_t_port_exttype);
778 SENDERR(EINVAL);
779 break;
780 }
781
782 errlab:
783 return error;
784 }
785 #endif
786
787 int
788 pfkey_x_debug_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr)
789 {
790 int error = 0;
791 struct sadb_x_debug *pfkey_x_debug = (struct sadb_x_debug *)pfkey_ext;
792
793 if(!pfkey_x_debug) {
794 printk("klips_debug:pfkey_x_debug_process: "
795 "null pointer passed in\n");
796 SENDERR(EINVAL);
797 }
798
799 KLIPS_PRINT(debug_pfkey,
800 "klips_debug:pfkey_x_debug_process: .\n");
801
802 #ifdef CONFIG_IPSEC_DEBUG
803 if(pfkey_x_debug->sadb_x_debug_netlink >>
804 (sizeof(pfkey_x_debug->sadb_x_debug_netlink) * 8 - 1)) {
805 pfkey_x_debug->sadb_x_debug_netlink &=
806 ~(1 << (sizeof(pfkey_x_debug->sadb_x_debug_netlink) * 8 -1));
807 debug_tunnel |= pfkey_x_debug->sadb_x_debug_tunnel;
808 debug_netlink |= pfkey_x_debug->sadb_x_debug_netlink;
809 debug_xform |= pfkey_x_debug->sadb_x_debug_xform;
810 debug_eroute |= pfkey_x_debug->sadb_x_debug_eroute;
811 debug_spi |= pfkey_x_debug->sadb_x_debug_spi;
812 debug_radij |= pfkey_x_debug->sadb_x_debug_radij;
813 debug_esp |= pfkey_x_debug->sadb_x_debug_esp;
814 debug_ah |= pfkey_x_debug->sadb_x_debug_ah;
815 debug_rcv |= pfkey_x_debug->sadb_x_debug_rcv;
816 debug_pfkey |= pfkey_x_debug->sadb_x_debug_pfkey;
817 #ifdef CONFIG_IPSEC_IPCOMP
818 sysctl_ipsec_debug_ipcomp |= pfkey_x_debug->sadb_x_debug_ipcomp;
819 #endif /* CONFIG_IPSEC_IPCOMP */
820 sysctl_ipsec_debug_verbose |= pfkey_x_debug->sadb_x_debug_verbose;
821 KLIPS_PRINT(debug_pfkey,
822 "klips_debug:pfkey_x_debug_process: "
823 "set\n");
824 } else {
825 KLIPS_PRINT(debug_pfkey,
826 "klips_debug:pfkey_x_debug_process: "
827 "unset\n");
828 debug_tunnel &= pfkey_x_debug->sadb_x_debug_tunnel;
829 debug_netlink &= pfkey_x_debug->sadb_x_debug_netlink;
830 debug_xform &= pfkey_x_debug->sadb_x_debug_xform;
831 debug_eroute &= pfkey_x_debug->sadb_x_debug_eroute;
832 debug_spi &= pfkey_x_debug->sadb_x_debug_spi;
833 debug_radij &= pfkey_x_debug->sadb_x_debug_radij;
834 debug_esp &= pfkey_x_debug->sadb_x_debug_esp;
835 debug_ah &= pfkey_x_debug->sadb_x_debug_ah;
836 debug_rcv &= pfkey_x_debug->sadb_x_debug_rcv;
837 debug_pfkey &= pfkey_x_debug->sadb_x_debug_pfkey;
838 #ifdef CONFIG_IPSEC_IPCOMP
839 sysctl_ipsec_debug_ipcomp &= pfkey_x_debug->sadb_x_debug_ipcomp;
840 #endif /* CONFIG_IPSEC_IPCOMP */
841 sysctl_ipsec_debug_verbose &= pfkey_x_debug->sadb_x_debug_verbose;
842 }
843 #else /* CONFIG_IPSEC_DEBUG */
844 printk("klips_debug:pfkey_x_debug_process: "
845 "debugging not enabled\n");
846 SENDERR(EINVAL);
847 #endif /* CONFIG_IPSEC_DEBUG */
848
849 errlab:
850 return error;
851 }
Michael's strongswan development tree