summaryrefslogtreecommitdiff
path: root/src/pluto/kernel_netlink.c
diff options
context:
space:
mode:
authorRene Mayrhofer <rene@mayrhofer.eu.org>2009-10-21 11:18:20 +0000
committerRene Mayrhofer <rene@mayrhofer.eu.org>2009-10-21 11:18:20 +0000
commita9b7f8d4a4a4202facd9690580b38542e7933f00 (patch)
treed82a9d506c62cff257e5292845b68df3ca5c60dc /src/pluto/kernel_netlink.c
parent12263dccbbb6747d53b97333c3d6f0f17e1bffea (diff)
downloadvyos-strongswan-a9b7f8d4a4a4202facd9690580b38542e7933f00.tar.gz
vyos-strongswan-a9b7f8d4a4a4202facd9690580b38542e7933f00.zip
- New upstream release.
- Don't disable internal crypto plugins, pluto expects to find them in some cases. - Enable integrity checking.
Diffstat (limited to 'src/pluto/kernel_netlink.c')
-rw-r--r--src/pluto/kernel_netlink.c357
1 files changed, 211 insertions, 146 deletions
diff --git a/src/pluto/kernel_netlink.c b/src/pluto/kernel_netlink.c
index b4b4774c7..0376e817b 100644
--- a/src/pluto/kernel_netlink.c
+++ b/src/pluto/kernel_netlink.c
@@ -49,69 +49,76 @@ static int netlink_bcast_fd = NULL_FD;
#define NE(x) { x, #x } /* Name Entry -- shorthand for sparse_names */
static sparse_names xfrm_type_names = {
- NE(NLMSG_NOOP),
- NE(NLMSG_ERROR),
- NE(NLMSG_DONE),
- NE(NLMSG_OVERRUN),
+ NE(NLMSG_NOOP),
+ NE(NLMSG_ERROR),
+ NE(NLMSG_DONE),
+ NE(NLMSG_OVERRUN),
- NE(XFRM_MSG_NEWSA),
- NE(XFRM_MSG_DELSA),
- NE(XFRM_MSG_GETSA),
+ NE(XFRM_MSG_NEWSA),
+ NE(XFRM_MSG_DELSA),
+ NE(XFRM_MSG_GETSA),
- NE(XFRM_MSG_NEWPOLICY),
- NE(XFRM_MSG_DELPOLICY),
- NE(XFRM_MSG_GETPOLICY),
+ NE(XFRM_MSG_NEWPOLICY),
+ NE(XFRM_MSG_DELPOLICY),
+ NE(XFRM_MSG_GETPOLICY),
- NE(XFRM_MSG_ALLOCSPI),
- NE(XFRM_MSG_ACQUIRE),
- NE(XFRM_MSG_EXPIRE),
+ NE(XFRM_MSG_ALLOCSPI),
+ NE(XFRM_MSG_ACQUIRE),
+ NE(XFRM_MSG_EXPIRE),
- NE(XFRM_MSG_UPDPOLICY),
- NE(XFRM_MSG_UPDSA),
+ NE(XFRM_MSG_UPDPOLICY),
+ NE(XFRM_MSG_UPDSA),
- NE(XFRM_MSG_POLEXPIRE),
+ NE(XFRM_MSG_POLEXPIRE),
- NE(XFRM_MSG_MAX),
+ NE(XFRM_MSG_MAX),
- { 0, sparse_end }
+ { 0, sparse_end }
};
#undef NE
/* Authentication algorithms */
static sparse_names aalg_list = {
- { SADB_X_AALG_NULL, "digest_null" },
- { SADB_AALG_MD5HMAC, "md5" },
- { SADB_AALG_SHA1HMAC, "sha1" },
- { SADB_X_AALG_SHA2_256HMAC, "sha256" },
- { SADB_X_AALG_SHA2_384HMAC, "sha384" },
- { SADB_X_AALG_SHA2_512HMAC, "sha512" },
- { SADB_X_AALG_RIPEMD160HMAC, "ripemd160" },
- { SADB_X_AALG_AES_XCBC_MAC, "xcbc(aes)"},
- { SADB_X_AALG_NULL, "null" },
- { 0, sparse_end }
+ { SADB_X_AALG_NULL, "digest_null" },
+ { SADB_AALG_MD5HMAC, "md5" },
+ { SADB_AALG_SHA1HMAC, "sha1" },
+ { SADB_X_AALG_SHA2_256HMAC, "sha256" },
+ { SADB_X_AALG_SHA2_384HMAC, "sha384" },
+ { SADB_X_AALG_SHA2_512HMAC, "sha512" },
+ { SADB_X_AALG_RIPEMD160HMAC, "ripemd160" },
+ { SADB_X_AALG_AES_XCBC_MAC, "xcbc(aes)"},
+ { SADB_X_AALG_NULL, "null" },
+ { 0, sparse_end }
};
/* Encryption algorithms */
static sparse_names ealg_list = {
- { SADB_EALG_NULL, "cipher_null" },
- { SADB_EALG_DESCBC, "des" },
- { SADB_EALG_3DESCBC, "des3_ede" },
- { SADB_X_EALG_CASTCBC, "cast128" },
- { SADB_X_EALG_BLOWFISHCBC, "blowfish" },
- { SADB_X_EALG_AESCBC, "aes" },
- { SADB_X_EALG_CAMELLIACBC, "cbc(camellia)" },
- { SADB_X_EALG_SERPENTCBC, "serpent" },
- { SADB_X_EALG_TWOFISHCBC, "twofish" },
- { 0, sparse_end }
+ { SADB_EALG_NULL, "cipher_null" },
+ { SADB_EALG_DESCBC, "des" },
+ { SADB_EALG_3DESCBC, "des3_ede" },
+ { SADB_X_EALG_CASTCBC, "cast128" },
+ { SADB_X_EALG_BLOWFISHCBC, "blowfish" },
+ { SADB_X_EALG_AESCBC, "aes" },
+ { SADB_X_EALG_AESCTR, "rfc3686(ctr(aes))" },
+ { SADB_X_EALG_AES_CCM_ICV8, "rfc4309(ccm(aes))" },
+ { SADB_X_EALG_AES_CCM_ICV12, "rfc4309(ccm(aes))" },
+ { SADB_X_EALG_AES_CCM_ICV16, "rfc4309(ccm(aes))" },
+ { SADB_X_EALG_AES_GCM_ICV8, "rfc4106(gcm(aes))" },
+ { SADB_X_EALG_AES_GCM_ICV12, "rfc4106(gcm(aes))" },
+ { SADB_X_EALG_AES_GCM_ICV16, "rfc4106(gcm(aes))" },
+ { SADB_X_EALG_CAMELLIACBC, "cbc(camellia)" },
+ { SADB_X_EALG_SERPENTCBC, "serpent" },
+ { SADB_X_EALG_TWOFISHCBC, "twofish" },
+ { 0, sparse_end }
};
/* Compression algorithms */
static sparse_names calg_list = {
- { SADB_X_CALG_DEFLATE, "deflate" },
- { SADB_X_CALG_LZS, "lzs" },
- { SADB_X_CALG_LZJH, "lzjh" },
- { 0, sparse_end }
+ { SADB_X_CALG_DEFLATE, "deflate" },
+ { SADB_X_CALG_LZS, "lzs" },
+ { SADB_X_CALG_LZJH, "lzjh" },
+ { 0, sparse_end }
};
/** ip2xfrm - Take an IP address and convert to an xfrm.
@@ -119,8 +126,7 @@ static sparse_names calg_list = {
* @param addr ip_address
* @param xaddr xfrm_address_t - IPv[46] Address from addr is copied here.
*/
-static void
-ip2xfrm(const ip_address *addr, xfrm_address_t *xaddr)
+static void ip2xfrm(const ip_address *addr, xfrm_address_t *xaddr)
{
if (addr->u.v4.sin_family == AF_INET)
{
@@ -135,35 +141,41 @@ ip2xfrm(const ip_address *addr, xfrm_address_t *xaddr)
/** init_netlink - Initialize the netlink inferface. Opens the sockets and
* then binds to the broadcast socket.
*/
-static void
-init_netlink(void)
+static void init_netlink(void)
{
struct sockaddr_nl addr;
netlinkfd = socket(AF_NETLINK, SOCK_DGRAM, NETLINK_XFRM);
if (netlinkfd < 0)
+ {
exit_log_errno((e, "socket() in init_netlink()"));
-
+ }
if (fcntl(netlinkfd, F_SETFD, FD_CLOEXEC) != 0)
+ {
exit_log_errno((e, "fcntl(FD_CLOEXEC) in init_netlink()"));
-
+ }
netlink_bcast_fd = socket(AF_NETLINK, SOCK_DGRAM, NETLINK_XFRM);
if (netlink_bcast_fd < 0)
+ {
exit_log_errno((e, "socket() for bcast in init_netlink()"));
-
+ }
if (fcntl(netlink_bcast_fd, F_SETFD, FD_CLOEXEC) != 0)
+ {
exit_log_errno((e, "fcntl(FD_CLOEXEC) for bcast in init_netlink()"));
-
+ }
if (fcntl(netlink_bcast_fd, F_SETFL, O_NONBLOCK) != 0)
+ {
exit_log_errno((e, "fcntl(O_NONBLOCK) for bcast in init_netlink()"));
-
+ }
addr.nl_family = AF_NETLINK;
addr.nl_pid = getpid();
addr.nl_groups = XFRMGRP_ACQUIRE | XFRMGRP_EXPIRE;
if (bind(netlink_bcast_fd, (struct sockaddr *)&addr, sizeof(addr)) != 0)
+ {
exit_log_errno((e, "Failed to bind bcast socket in init_netlink()"));
+ }
}
/** send_netlink_msg
@@ -176,9 +188,9 @@ init_netlink(void)
* @param text_said - String
* @return bool True if the message was succesfully sent.
*/
-static bool
-send_netlink_msg(struct nlmsghdr *hdr, struct nlmsghdr *rbuf, size_t rbuf_len
-, const char *description, const char *text_said)
+static bool send_netlink_msg(struct nlmsghdr *hdr, struct nlmsghdr *rbuf,
+ size_t rbuf_len, const char *description,
+ const char *text_said)
{
struct {
struct nlmsghdr n;
@@ -200,7 +212,9 @@ send_netlink_msg(struct nlmsghdr *hdr, struct nlmsghdr *rbuf, size_t rbuf_len
len = hdr->nlmsg_len;
do {
r = write(netlinkfd, hdr, len);
- } while (r < 0 && errno == EINTR);
+ }
+ while (r < 0 && errno == EINTR);
+
if (r < 0)
{
log_errno((e
@@ -221,7 +235,8 @@ send_netlink_msg(struct nlmsghdr *hdr, struct nlmsghdr *rbuf, size_t rbuf_len
return FALSE;
}
- for (;;) {
+ for (;;)
+ {
socklen_t alen;
alen = sizeof(addr);
@@ -322,8 +337,8 @@ send_netlink_msg(struct nlmsghdr *hdr, struct nlmsghdr *rbuf, size_t rbuf_len
* @param text_said - String
* @return boolean
*/
-static bool
-netlink_policy(struct nlmsghdr *hdr, bool enoent_ok, const char *text_said)
+static bool netlink_policy(struct nlmsghdr *hdr, bool enoent_ok,
+ const char *text_said)
{
struct {
struct nlmsghdr n;
@@ -372,18 +387,17 @@ netlink_policy(struct nlmsghdr *hdr, bool enoent_ok, const char *text_said)
* @param ip int
* @return boolean True if successful
*/
-static bool
-netlink_raw_eroute(const ip_address *this_host
- , const ip_subnet *this_client
- , const ip_address *that_host
- , const ip_subnet *that_client
- , ipsec_spi_t spi
- , unsigned int satype
- , unsigned int transport_proto
- , const struct pfkey_proto_info *proto_info
- , time_t use_lifetime UNUSED
- , unsigned int op
- , const char *text_said)
+static bool netlink_raw_eroute(const ip_address *this_host
+ , const ip_subnet *this_client
+ , const ip_address *that_host
+ , const ip_subnet *that_client
+ , ipsec_spi_t spi
+ , unsigned int satype
+ , unsigned int transport_proto
+ , const struct pfkey_proto_info *proto_info
+ , time_t use_lifetime UNUSED
+ , unsigned int op
+ , const char *text_said)
{
struct {
struct nlmsghdr n;
@@ -568,8 +582,7 @@ netlink_raw_eroute(const ip_address *this_host
* @param replace boolean - true if this replaces an existing SA
* @return bool True if successfull
*/
-static bool
-netlink_add_sa(const struct kernel_sa *sa, bool replace)
+static bool netlink_add_sa(const struct kernel_sa *sa, bool replace)
{
struct {
struct nlmsghdr n;
@@ -577,6 +590,7 @@ netlink_add_sa(const struct kernel_sa *sa, bool replace)
char data[1024];
} req;
struct rtattr *attr;
+ u_int16_t icv_size = 64;
memset(&req, 0, sizeof(req));
req.n.nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK;
@@ -606,11 +620,17 @@ netlink_add_sa(const struct kernel_sa *sa, bool replace)
const char *name;
name = sparse_name(aalg_list, sa->authalg);
- if (!name) {
+ if (!name)
+ {
loglog(RC_LOG_SERIOUS, "unknown authentication algorithm: %u"
, sa->authalg);
return FALSE;
}
+ DBG(DBG_CRYPT,
+ DBG_log("configured authentication algorithm %s with key size %d",
+ enum_show(&auth_alg_names, sa->authalg),
+ sa->authkeylen * BITS_PER_BYTE)
+ )
strcpy(algo.alg_name, name);
algo.alg_key_len = sa->authkeylen * BITS_PER_BYTE;
@@ -626,30 +646,78 @@ netlink_add_sa(const struct kernel_sa *sa, bool replace)
attr = (struct rtattr *)((char *)attr + attr->rta_len);
}
- if (sa->encalg)
+ switch (sa->encalg)
{
- struct xfrm_algo algo;
- const char *name;
+ case SADB_EALG_NONE:
+ /* no encryption */
+ break;
+ case SADB_X_EALG_AES_CCM_ICV16:
+ case SADB_X_EALG_AES_GCM_ICV16:
+ icv_size += 32;
+ /* FALL */
+ case SADB_X_EALG_AES_CCM_ICV12:
+ case SADB_X_EALG_AES_GCM_ICV12:
+ icv_size += 32;
+ /* FALL */
+ case SADB_X_EALG_AES_CCM_ICV8:
+ case SADB_X_EALG_AES_GCM_ICV8:
+ {
+ struct xfrm_algo_aead *algo;
+ const char *name;
- name = sparse_name(ealg_list, sa->encalg);
- if (!name) {
- loglog(RC_LOG_SERIOUS, "unknown encryption algorithm: %u"
- , sa->encalg);
- return FALSE;
+ name = sparse_name(ealg_list, sa->encalg);
+ if (!name)
+ {
+ loglog(RC_LOG_SERIOUS, "unknown encryption algorithm: %u",
+ sa->encalg);
+ return FALSE;
+ }
+ DBG(DBG_CRYPT,
+ DBG_log("configured esp encryption algorithm %s with key size %d",
+ enum_show(&esp_transformid_names, sa->encalg),
+ sa->enckeylen * BITS_PER_BYTE)
+ )
+ attr->rta_type = XFRMA_ALG_AEAD;
+ attr->rta_len = RTA_LENGTH(sizeof(struct xfrm_algo_aead) + sa->enckeylen);
+ req.n.nlmsg_len += attr->rta_len;
+
+ algo = (struct xfrm_algo_aead*)RTA_DATA(attr);
+ algo->alg_key_len = sa->enckeylen * BITS_PER_BYTE;
+ algo->alg_icv_len = icv_size;
+ strcpy(algo->alg_name, name);
+ memcpy(algo->alg_key, sa->enckey, sa->enckeylen);
+
+ attr = (struct rtattr *)((char *)attr + attr->rta_len);
+ break;
}
+ default:
+ {
+ struct xfrm_algo *algo;
+ const char *name;
- strcpy(algo.alg_name, name);
- algo.alg_key_len = sa->enckeylen * BITS_PER_BYTE;
-
- attr->rta_type = XFRMA_ALG_CRYPT;
- attr->rta_len = RTA_LENGTH(sizeof(algo) + sa->enckeylen);
-
- memcpy(RTA_DATA(attr), &algo, sizeof(algo));
- memcpy((char *)RTA_DATA(attr) + sizeof(algo), sa->enckey
- , sa->enckeylen);
-
- req.n.nlmsg_len += attr->rta_len;
- attr = (struct rtattr *)((char *)attr + attr->rta_len);
+ name = sparse_name(ealg_list, sa->encalg);
+ if (!name)
+ {
+ loglog(RC_LOG_SERIOUS, "unknown encryption algorithm: %u",
+ sa->encalg);
+ return FALSE;
+ }
+ DBG(DBG_CRYPT,
+ DBG_log("configured esp encryption algorithm %s with key size %d",
+ enum_show(&esp_transformid_names, sa->encalg),
+ sa->enckeylen * BITS_PER_BYTE)
+ )
+ attr->rta_type = XFRMA_ALG_CRYPT;
+ attr->rta_len = RTA_LENGTH(sizeof(struct xfrm_algo) + sa->enckeylen);
+ req.n.nlmsg_len += attr->rta_len;
+
+ algo = (struct xfrm_algo*)RTA_DATA(attr);
+ algo->alg_key_len = sa->enckeylen * BITS_PER_BYTE;
+ strcpy(algo->alg_name, name);
+ memcpy(algo->alg_key, sa->enckey, sa->enckeylen);
+
+ attr = (struct rtattr *)((char *)attr + attr->rta_len);
+ }
}
if (sa->compalg)
@@ -658,7 +726,8 @@ netlink_add_sa(const struct kernel_sa *sa, bool replace)
const char *name;
name = sparse_name(calg_list, sa->compalg);
- if (!name) {
+ if (!name)
+ {
loglog(RC_LOG_SERIOUS, "unknown compression algorithm: %u"
, sa->compalg);
return FALSE;
@@ -702,8 +771,7 @@ netlink_add_sa(const struct kernel_sa *sa, bool replace)
* @param sa Kernel SA to be deleted
* @return bool True if successfull
*/
-static bool
-netlink_del_sa(const struct kernel_sa *sa)
+static bool netlink_del_sa(const struct kernel_sa *sa)
{
struct {
struct nlmsghdr n;
@@ -726,9 +794,8 @@ netlink_del_sa(const struct kernel_sa *sa)
return send_netlink_msg(&req.n, NULL, 0, "Del SA", sa->text_said);
}
-static bool
-netlink_error(const char *req_type, const struct nlmsghdr *n
-, const struct nlmsgerr *e, int rsp_size)
+static bool netlink_error(const char *req_type, const struct nlmsghdr *n,
+ const struct nlmsgerr *e, int rsp_size)
{
if (n->nlmsg_type == NLMSG_ERROR)
{
@@ -751,8 +818,8 @@ netlink_error(const char *req_type, const struct nlmsghdr *n
return FALSE;
}
-static bool
-netlink_get_policy(const struct kernel_sa *sa, bool inbound, time_t *use_time)
+static bool netlink_get_policy(const struct kernel_sa *sa, bool inbound,
+ time_t *use_time)
{
struct {
struct nlmsghdr n;
@@ -789,11 +856,13 @@ netlink_get_policy(const struct kernel_sa *sa, bool inbound, time_t *use_time)
req.id.dir = (inbound)? XFRM_POLICY_IN:XFRM_POLICY_OUT;
if (!send_netlink_msg(&req.n, &rsp.n, sizeof(rsp), "Get policy", "?"))
+ {
return FALSE;
-
+ }
if (netlink_error("XFRM_MSG_GETPOLICY", &rsp.n, &rsp.u.e, sizeof(rsp.u.info)))
+ {
return FALSE;
-
+ }
*use_time = (time_t)rsp.u.info.curlft.use_time;
if (inbound && sa->encapsulation == ENCAPSULATION_MODE_TUNNEL)
@@ -803,11 +872,13 @@ netlink_get_policy(const struct kernel_sa *sa, bool inbound, time_t *use_time)
req.id.dir = XFRM_POLICY_FWD;
if (!send_netlink_msg(&req.n, &rsp.n, sizeof(rsp), "Get policy", "?"))
+ {
return FALSE;
-
+ }
if (netlink_error("XFRM_MSG_GETPOLICY", &rsp.n, &rsp.u.e, sizeof(rsp.u.info)))
+ {
return FALSE;
-
+ }
use_time_fwd = (time_t)rsp.u.info.curlft.use_time;
*use_time = (*use_time > use_time_fwd)? *use_time : use_time_fwd;
}
@@ -820,8 +891,7 @@ netlink_get_policy(const struct kernel_sa *sa, bool inbound, time_t *use_time)
* @param sa Kernel SA to be queried
* @return bool True if successfull
*/
-static bool
-netlink_get_sa(const struct kernel_sa *sa, u_int *bytes)
+static bool netlink_get_sa(const struct kernel_sa *sa, u_int *bytes)
{
struct {
struct nlmsghdr n;
@@ -851,18 +921,18 @@ netlink_get_sa(const struct kernel_sa *sa, u_int *bytes)
rsp.n.nlmsg_type = XFRM_MSG_NEWSA;
if (!send_netlink_msg(&req.n, &rsp.n, sizeof(rsp), "Get SA", sa->text_said))
+ {
return FALSE;
-
+ }
if (netlink_error("XFRM_MSG_GETSA", &rsp.n, &rsp.u.e, sizeof(rsp.u.info)))
+ {
return FALSE;
-
+ }
*bytes = (u_int) rsp.u.info.curlft.bytes;
-
return TRUE;
}
-static void
-linux_pfkey_register_response(const struct sadb_msg *msg)
+static void linux_pfkey_register_response(const struct sadb_msg *msg)
{
switch (msg->sadb_msg_satype)
{
@@ -882,8 +952,7 @@ linux_pfkey_register_response(const struct sadb_msg *msg)
/** linux_pfkey_register - Register via PFKEY our capabilities
*
*/
-static void
-linux_pfkey_register(void)
+static void linux_pfkey_register(void)
{
pfkey_register_proto(SADB_SATYPE_AH, "AH");
pfkey_register_proto(SADB_SATYPE_ESP, "ESP");
@@ -898,8 +967,8 @@ linux_pfkey_register(void)
* @param dst ip_address formatted destination
* @return err_t NULL if okay, otherwise an error
*/
-static err_t
-xfrm_to_ip_address(unsigned family, const xfrm_address_t *src, ip_address *dst)
+static err_t xfrm_to_ip_address(unsigned family, const xfrm_address_t *src,
+ ip_address *dst)
{
switch (family)
{
@@ -922,10 +991,8 @@ xfrm_to_ip_address(unsigned family, const xfrm_address_t *src, ip_address *dst)
* @param dst ip_address formatted destination
* @return err_t NULL if okay, otherwise an error
*/
-static err_t
-xfrm_sel_to_ip_pair(const struct xfrm_selector *sel
- , ip_address *src
- , ip_address *dst)
+static err_t xfrm_sel_to_ip_pair(const struct xfrm_selector *sel,
+ ip_address *src, ip_address *dst)
{
int family;
err_t ugh;
@@ -934,7 +1001,9 @@ xfrm_sel_to_ip_pair(const struct xfrm_selector *sel
if ((ugh = xfrm_to_ip_address(family, &sel->saddr, src))
|| (ugh = xfrm_to_ip_address(family, &sel->daddr, dst)))
+ {
return ugh;
+ }
/* family has been verified in xfrm_to_ip_address. */
if (family == AF_INET)
@@ -951,8 +1020,7 @@ xfrm_sel_to_ip_pair(const struct xfrm_selector *sel
return NULL;
}
-static void
-netlink_acquire(struct nlmsghdr *n)
+static void netlink_acquire(struct nlmsghdr *n)
{
struct xfrm_user_acquire *acquire;
ip_address src, dst;
@@ -978,15 +1046,17 @@ netlink_acquire(struct nlmsghdr *n)
if (!(ugh = xfrm_sel_to_ip_pair(&acquire->sel, &src, &dst))
&& !(ugh = addrtosubnet(&src, &ours))
&& !(ugh = addrtosubnet(&dst, &his)))
+ {
record_and_initiate_opportunistic(&ours, &his, transport_proto
, "%acquire-netlink");
-
+ }
if (ugh != NULL)
+ {
plog("XFRM_MSG_ACQUIRE message from kernel malformed: %s", ugh);
+ }
}
-static void
-netlink_shunt_expire(struct xfrm_userpolicy_info *pol)
+static void netlink_shunt_expire(struct xfrm_userpolicy_info *pol)
{
ip_address src, dst;
unsigned transport_proto;
@@ -1004,8 +1074,7 @@ netlink_shunt_expire(struct xfrm_userpolicy_info *pol)
, "delete expired bare shunt");
}
-static void
-netlink_policy_expire(struct nlmsghdr *n)
+static void netlink_policy_expire(struct nlmsghdr *n)
{
struct xfrm_user_polexpire *upe;
struct {
@@ -1040,11 +1109,13 @@ netlink_policy_expire(struct nlmsghdr *n)
rsp.n.nlmsg_type = XFRM_MSG_NEWPOLICY;
if (!send_netlink_msg(&req.n, &rsp.n, sizeof(rsp), "Get policy", "?"))
+ {
return;
-
+ }
if (netlink_error("XFRM_MSG_GETPOLICY", &rsp.n, &rsp.u.e, sizeof(rsp.u.pol)))
+ {
return;
-
+ }
if (req.id.index != rsp.u.pol.index)
{
DBG(DBG_KLIPS,
@@ -1072,8 +1143,7 @@ netlink_policy_expire(struct nlmsghdr *n)
}
}
-static bool
-netlink_get(void)
+static bool netlink_get(void)
{
struct {
struct nlmsghdr n;
@@ -1137,22 +1207,15 @@ netlink_get(void)
return TRUE;
}
-static void
-netlink_process_msg(void)
+static void netlink_process_msg(void)
{
- while (netlink_get())
- ;
+ while (netlink_get());
}
-static ipsec_spi_t
-netlink_get_spi(const ip_address *src
-, const ip_address *dst
-, int proto
-, bool tunnel_mode
-, unsigned reqid
-, ipsec_spi_t min
-, ipsec_spi_t max
-, const char *text_said)
+static ipsec_spi_t netlink_get_spi(const ip_address *src, const ip_address *dst,
+ int proto, bool tunnel_mode, unsigned reqid,
+ ipsec_spi_t min, ipsec_spi_t max,
+ const char *text_said)
{
struct {
struct nlmsghdr n;
@@ -1185,11 +1248,13 @@ netlink_get_spi(const ip_address *src
rsp.n.nlmsg_type = XFRM_MSG_NEWSA;
if (!send_netlink_msg(&req.n, &rsp.n, sizeof(rsp), "Get SPI", text_said))
+ {
return 0;
-
+ }
if (netlink_error("XFRM_MSG_ALLOCSPI", &rsp.n, &rsp.u.e, sizeof(rsp.u.sa)))
+ {
return 0;
-
+ }
DBG(DBG_KLIPS,
DBG_log("netlink_get_spi: allocated 0x%x for %s"
, ntohl(rsp.u.sa.id.spi), text_said));