diff options
| author | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2009-03-01 10:48:08 +0000 |
|---|---|---|
| committer | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2009-03-01 10:48:08 +0000 |
| commit | a6f902baed7abb17a1a9c014e01bb100077f8198 (patch) | |
| tree | 82114e22e251e9260d9a712f1232e52e1ef494e3 /src/charon/plugins/kernel_pfkey | |
| parent | 1450c9df799b0870477f6e63357f4bcb63537f4f (diff) | |
| download | vyos-strongswan-a6f902baed7abb17a1a9c014e01bb100077f8198.tar.gz vyos-strongswan-a6f902baed7abb17a1a9c014e01bb100077f8198.zip | |
- Updated to new upstream revision.
Diffstat (limited to 'src/charon/plugins/kernel_pfkey')
| -rw-r--r-- | src/charon/plugins/kernel_pfkey/Makefile.in | 18 | ||||
| -rw-r--r-- | src/charon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c | 143 |
2 files changed, 66 insertions, 95 deletions
diff --git a/src/charon/plugins/kernel_pfkey/Makefile.in b/src/charon/plugins/kernel_pfkey/Makefile.in index 41bad9715..d606f4a23 100644 --- a/src/charon/plugins/kernel_pfkey/Makefile.in +++ b/src/charon/plugins/kernel_pfkey/Makefile.in @@ -87,22 +87,17 @@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ -CXX = @CXX@ -CXXCPP = @CXXCPP@ -CXXDEPMODE = @CXXDEPMODE@ -CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DSYMUTIL = @DSYMUTIL@ -ECHO = @ECHO@ +DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ -F77 = @F77@ -FFLAGS = @FFLAGS@ +FGREP = @FGREP@ GPERF = @GPERF@ GREP = @GREP@ INSTALL = @INSTALL@ @@ -112,6 +107,7 @@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ +LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ @@ -120,12 +116,16 @@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LINUX_HEADERS = @LINUX_HEADERS@ +LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +NM = @NM@ NMEDIT = @NMEDIT@ OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ @@ -148,8 +148,7 @@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ -ac_ct_CXX = @ac_ct_CXX@ -ac_ct_F77 = @ac_ct_F77@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ @@ -188,6 +187,7 @@ libstrongswan_plugins = @libstrongswan_plugins@ linuxdir = @linuxdir@ localedir = @localedir@ localstatedir = @localstatedir@ +lt_ECHO = @lt_ECHO@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ diff --git a/src/charon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/charon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c index 77f3cbed8..656c83083 100644 --- a/src/charon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c +++ b/src/charon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: kernel_pfkey_ipsec.c 4662 2008-11-16 21:19:58Z andreas $ + * $Id: kernel_pfkey_ipsec.c 4793 2008-12-11 13:39:30Z tobias $ */ #include <sys/types.h> @@ -43,6 +43,11 @@ #define IP_IPSEC_POLICY 16 #endif +/* missing on uclibc */ +#ifndef IPV6_IPSEC_POLICY +#define IPV6_IPSEC_POLICY 34 +#endif /*IPV6_IPSEC_POLICY*/ + /** default priority of installed policies */ #define PRIO_LOW 3000 #define PRIO_HIGH 2000 @@ -533,6 +538,35 @@ static void host2ext(host_t *host, struct sadb_address *ext) } /** + * add a host to the given sadb_msg + */ +static void add_addr_ext(struct sadb_msg *msg, host_t *host, u_int16_t type, + u_int8_t proto, u_int8_t prefixlen) +{ + struct sadb_address *addr = (struct sadb_address*)PFKEY_EXT_ADD_NEXT(msg); + addr->sadb_address_exttype = type; + addr->sadb_address_proto = proto; + addr->sadb_address_prefixlen = prefixlen; + host2ext(host, addr); + PFKEY_EXT_ADD(msg, addr); +} + +/** + * adds an empty address extension to the given sadb_msg + */ +static void add_anyaddr_ext(struct sadb_msg *msg, int family, u_int8_t type) +{ + socklen_t len = (family == AF_INET) ? sizeof(struct sockaddr_in) : + sizeof(struct sockaddr_in6); + struct sadb_address *addr = (struct sadb_address*)PFKEY_EXT_ADD_NEXT(msg); + addr->sadb_address_exttype = type; + sockaddr_t *saddr = (sockaddr_t*)(addr + 1); + saddr->sa_family = family; + addr->sadb_address_len = PFKEY_LEN(sizeof(*addr) + len); + PFKEY_EXT_ADD(msg, addr); +} + +/** * add udp encap extensions to a sadb_msg */ static void add_encap_ext(struct sadb_msg *msg, host_t *src, host_t *dst) @@ -573,7 +607,6 @@ static traffic_selector_t* sadb_address2ts(struct sadb_address *address) host = host_create_from_sockaddr((sockaddr_t*)&address[1]) ; ts = traffic_selector_create_from_subnet(host, address->sadb_address_prefixlen, address->sadb_address_proto, host->get_port(host)); - host->destroy(host); return ts; } @@ -1026,7 +1059,6 @@ static status_t get_spi(private_kernel_pfkey_ipsec_t *this, unsigned char request[PFKEY_BUFFER_SIZE]; struct sadb_msg *msg, *out; struct sadb_x_sa2 *sa2; - struct sadb_address *addr; struct sadb_spirange *range; pfkey_msg_t response; u_int32_t received_spi = 0; @@ -1046,15 +1078,8 @@ static status_t get_spi(private_kernel_pfkey_ipsec_t *this, sa2->sadb_x_sa2_reqid = reqid; PFKEY_EXT_ADD(msg, sa2); - addr = (struct sadb_address*)PFKEY_EXT_ADD_NEXT(msg); - addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC; - host2ext(src, addr); - PFKEY_EXT_ADD(msg, addr); - - addr = (struct sadb_address*)PFKEY_EXT_ADD_NEXT(msg); - addr->sadb_address_exttype = SADB_EXT_ADDRESS_DST; - host2ext(dst, addr); - PFKEY_EXT_ADD(msg, addr); + add_addr_ext(msg, src, SADB_EXT_ADDRESS_SRC, 0, 0); + add_addr_ext(msg, dst, SADB_EXT_ADDRESS_DST, 0, 0); range = (struct sadb_spirange*)PFKEY_EXT_ADD_NEXT(msg); range->sadb_spirange_exttype = SADB_EXT_SPIRANGE; @@ -1112,7 +1137,6 @@ static status_t add_sa(private_kernel_pfkey_ipsec_t *this, struct sadb_msg *msg, *out; struct sadb_sa *sa; struct sadb_x_sa2 *sa2; - struct sadb_address *addr; struct sadb_lifetime *lft; struct sadb_key *key; size_t len; @@ -1143,15 +1167,8 @@ static status_t add_sa(private_kernel_pfkey_ipsec_t *this, sa2->sadb_x_sa2_reqid = reqid; PFKEY_EXT_ADD(msg, sa2); - addr = (struct sadb_address*)PFKEY_EXT_ADD_NEXT(msg); - addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC; - host2ext(src, addr); - PFKEY_EXT_ADD(msg, addr); - - addr = (struct sadb_address*)PFKEY_EXT_ADD_NEXT(msg); - addr->sadb_address_exttype = SADB_EXT_ADDRESS_DST; - host2ext(dst, addr); - PFKEY_EXT_ADD(msg, addr); + add_addr_ext(msg, src, SADB_EXT_ADDRESS_SRC, 0, 0); + add_addr_ext(msg, dst, SADB_EXT_ADDRESS_DST, 0, 0); lft = (struct sadb_lifetime*)PFKEY_EXT_ADD_NEXT(msg); lft->sadb_lifetime_exttype = SADB_EXT_LIFETIME_SOFT; @@ -1244,7 +1261,6 @@ static status_t update_sa(private_kernel_pfkey_ipsec_t *this, unsigned char request[PFKEY_BUFFER_SIZE]; struct sadb_msg *msg, *out; struct sadb_sa *sa; - struct sadb_address *addr; pfkey_msg_t response; size_t len; @@ -1276,16 +1292,9 @@ static status_t update_sa(private_kernel_pfkey_ipsec_t *this, PFKEY_EXT_ADD(msg, sa); /* the kernel wants a SADB_EXT_ADDRESS_SRC to be present even though - * it is not used for anything, so we just send dst twice */ - addr = (struct sadb_address*)PFKEY_EXT_ADD_NEXT(msg); - addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC; - host2ext(dst, addr); - PFKEY_EXT_ADD(msg, addr); - - addr = (struct sadb_address*)PFKEY_EXT_ADD_NEXT(msg); - addr->sadb_address_exttype = SADB_EXT_ADDRESS_DST; - host2ext(dst, addr); - PFKEY_EXT_ADD(msg, addr); + * it is not used for anything. */ + add_anyaddr_ext(msg, dst->get_family(dst), SADB_EXT_ADDRESS_SRC); + add_addr_ext(msg, dst, SADB_EXT_ADDRESS_DST, 0, 0); if (pfkey_send(this, msg, &out, &len) != SUCCESS) { @@ -1371,7 +1380,6 @@ static status_t del_sa(private_kernel_pfkey_ipsec_t *this, host_t *dst, unsigned char request[PFKEY_BUFFER_SIZE]; struct sadb_msg *msg, *out; struct sadb_sa *sa; - struct sadb_address *addr; size_t len; memset(&request, 0, sizeof(request)); @@ -1391,16 +1399,9 @@ static status_t del_sa(private_kernel_pfkey_ipsec_t *this, host_t *dst, PFKEY_EXT_ADD(msg, sa); /* the kernel wants a SADB_EXT_ADDRESS_SRC to be present even though - * it is not used for anything, so we just send dst twice */ - addr = (struct sadb_address*)PFKEY_EXT_ADD_NEXT(msg); - addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC; - host2ext(dst, addr); - PFKEY_EXT_ADD(msg, addr); - - addr = (struct sadb_address*)PFKEY_EXT_ADD_NEXT(msg); - addr->sadb_address_exttype = SADB_EXT_ADDRESS_DST; - host2ext(dst, addr); - PFKEY_EXT_ADD(msg, addr); + * it is not used for anything. */ + add_anyaddr_ext(msg, dst->get_family(dst), SADB_EXT_ADDRESS_SRC); + add_addr_ext(msg, dst, SADB_EXT_ADDRESS_DST, 0, 0); if (pfkey_send(this, msg, &out, &len) != SUCCESS) { @@ -1435,7 +1436,6 @@ static status_t add_policy(private_kernel_pfkey_ipsec_t *this, unsigned char request[PFKEY_BUFFER_SIZE]; struct sadb_msg *msg, *out; struct sadb_x_policy *pol; - struct sadb_address *addr; struct sadb_x_ipsecrequest *req; policy_entry_t *policy, *found = NULL; pfkey_msg_t response; @@ -1510,19 +1510,10 @@ static status_t add_policy(private_kernel_pfkey_ipsec_t *this, pol->sadb_x_policy_len += PFKEY_LEN(req->sadb_x_ipsecrequest_len); PFKEY_EXT_ADD(msg, pol); - addr = (struct sadb_address*)PFKEY_EXT_ADD_NEXT(msg); - addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC; - addr->sadb_address_proto = policy->src.proto; - addr->sadb_address_prefixlen = policy->src.mask; - host2ext(policy->src.net, addr); - PFKEY_EXT_ADD(msg, addr); - - addr = (struct sadb_address*)PFKEY_EXT_ADD_NEXT(msg); - addr->sadb_address_exttype = SADB_EXT_ADDRESS_DST; - addr->sadb_address_proto = policy->dst.proto; - addr->sadb_address_prefixlen = policy->dst.mask; - host2ext(policy->dst.net, addr); - PFKEY_EXT_ADD(msg, addr); + add_addr_ext(msg, policy->src.net, SADB_EXT_ADDRESS_SRC, policy->src.proto, + policy->src.mask); + add_addr_ext(msg, policy->dst.net, SADB_EXT_ADDRESS_DST, policy->dst.proto, + policy->dst.mask); this->mutex->unlock(this->mutex); @@ -1626,7 +1617,6 @@ static status_t query_policy(private_kernel_pfkey_ipsec_t *this, unsigned char request[PFKEY_BUFFER_SIZE]; struct sadb_msg *msg, *out; struct sadb_x_policy *pol; - struct sadb_address *addr; policy_entry_t *policy, *found = NULL; pfkey_msg_t response; size_t len; @@ -1667,19 +1657,10 @@ static status_t query_policy(private_kernel_pfkey_ipsec_t *this, pol->sadb_x_policy_type = IPSEC_POLICY_IPSEC; PFKEY_EXT_ADD(msg, pol); - addr = (struct sadb_address*)PFKEY_EXT_ADD_NEXT(msg); - addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC; - addr->sadb_address_proto = policy->src.proto; - addr->sadb_address_prefixlen = policy->src.mask; - host2ext(policy->src.net, addr); - PFKEY_EXT_ADD(msg, addr); - - addr = (struct sadb_address*)PFKEY_EXT_ADD_NEXT(msg); - addr->sadb_address_exttype = SADB_EXT_ADDRESS_DST; - addr->sadb_address_proto = policy->dst.proto; - addr->sadb_address_prefixlen = policy->dst.mask; - host2ext(policy->dst.net, addr); - PFKEY_EXT_ADD(msg, addr); + add_addr_ext(msg, policy->src.net, SADB_EXT_ADDRESS_SRC, policy->src.proto, + policy->src.mask); + add_addr_ext(msg, policy->dst.net, SADB_EXT_ADDRESS_DST, policy->dst.proto, + policy->dst.mask); this->mutex->unlock(this->mutex); @@ -1723,7 +1704,6 @@ static status_t del_policy(private_kernel_pfkey_ipsec_t *this, unsigned char request[PFKEY_BUFFER_SIZE]; struct sadb_msg *msg, *out; struct sadb_x_policy *pol; - struct sadb_address *addr; policy_entry_t *policy, *found = NULL; route_entry_t *route; size_t len; @@ -1777,19 +1757,10 @@ static status_t del_policy(private_kernel_pfkey_ipsec_t *this, pol->sadb_x_policy_type = IPSEC_POLICY_IPSEC; PFKEY_EXT_ADD(msg, pol); - addr = (struct sadb_address*)PFKEY_EXT_ADD_NEXT(msg); - addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC; - addr->sadb_address_proto = policy->src.proto; - addr->sadb_address_prefixlen = policy->src.mask; - host2ext(policy->src.net, addr); - PFKEY_EXT_ADD(msg, addr); - - addr = (struct sadb_address*)PFKEY_EXT_ADD_NEXT(msg); - addr->sadb_address_exttype = SADB_EXT_ADDRESS_DST; - addr->sadb_address_proto = policy->dst.proto; - addr->sadb_address_prefixlen = policy->dst.mask; - host2ext(policy->dst.net, addr); - PFKEY_EXT_ADD(msg, addr); + add_addr_ext(msg, policy->src.net, SADB_EXT_ADDRESS_SRC, policy->src.proto, + policy->src.mask); + add_addr_ext(msg, policy->dst.net, SADB_EXT_ADDRESS_DST, policy->dst.proto, + policy->dst.mask); route = policy->route; policy->route = NULL; |