diff options
Diffstat (limited to 'linux/lib/libfreeswan/pfkey_v2_parse.c')
| -rw-r--r-- | linux/lib/libfreeswan/pfkey_v2_parse.c | 1832 |
1 files changed, 0 insertions, 1832 deletions
diff --git a/linux/lib/libfreeswan/pfkey_v2_parse.c b/linux/lib/libfreeswan/pfkey_v2_parse.c deleted file mode 100644 index bb6962fa8..000000000 --- a/linux/lib/libfreeswan/pfkey_v2_parse.c +++ /dev/null @@ -1,1832 +0,0 @@ -/* - * RFC2367 PF_KEYv2 Key management API message parser - * Copyright (C) 1999, 2000, 2001 Richard Guy Briggs. - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - * - * RCSID $Id: pfkey_v2_parse.c,v 1.4 2004/06/13 20:35:07 as Exp $ - */ - -/* - * Template from klips/net/ipsec/ipsec/ipsec_parser.c. - */ - -char pfkey_v2_parse_c_version[] = "$Id: pfkey_v2_parse.c,v 1.4 2004/06/13 20:35:07 as Exp $"; - -/* - * Some ugly stuff to allow consistent debugging code for use in the - * kernel and in user space -*/ - -#ifdef __KERNEL__ - -# include <linux/kernel.h> /* for printk */ - -#include "freeswan/ipsec_kversion.h" /* for malloc switch */ - -# ifdef MALLOC_SLAB -# include <linux/slab.h> /* kmalloc() */ -# else /* MALLOC_SLAB */ -# include <linux/malloc.h> /* kmalloc() */ -# endif /* MALLOC_SLAB */ -# include <linux/errno.h> /* error codes */ -# include <linux/types.h> /* size_t */ -# include <linux/interrupt.h> /* mark_bh */ - -# include <linux/netdevice.h> /* struct device, and other headers */ -# include <linux/etherdevice.h> /* eth_type_trans */ -# include <linux/ip.h> /* struct iphdr */ -# if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -# include <linux/ipv6.h> /* struct ipv6hdr */ -# endif /* if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) */ -extern int debug_pfkey; - -# include <freeswan.h> - -#include "freeswan/ipsec_encap.h" - -#else /* __KERNEL__ */ - -# include <sys/types.h> -# include <linux/types.h> -# include <linux/errno.h> - -# include <freeswan.h> -# include "programs/pluto/constants.h" -# include "programs/pluto/defs.h" /* for PRINTF_LIKE */ -# include "programs/pluto/log.h" /* for debugging and DBG_log */ - -/* #define PLUTO */ - -# ifdef PLUTO -# define DEBUGGING(level, args...) { DBG_log("pfkey_lib_debug:" args); } -# else -# define DEBUGGING(level, args...) if(pfkey_lib_debug & level) { printf("pfkey_lib_debug:" args); } else { ; } -# endif - -#endif /* __KERNEL__ */ - - -#include <pfkeyv2.h> -#include <pfkey.h> - -#ifdef __KERNEL__ -extern int sysctl_ipsec_debug_verbose; -# define DEBUGGING(level, args...) \ - KLIPS_PRINT( \ - ((debug_pfkey & level & (PF_KEY_DEBUG_PARSE_STRUCT | PF_KEY_DEBUG_PARSE_PROBLEM)) \ - || (sysctl_ipsec_debug_verbose && (debug_pfkey & level & PF_KEY_DEBUG_PARSE_FLOW))) \ - , "klips_debug:" args) -#endif /* __KERNEL__ */ -#include "freeswan/ipsec_sa.h" /* IPSEC_SAREF_NULL, IPSEC_SA_REF_TABLE_IDX_WIDTH */ - - -#define SENDERR(_x) do { error = -(_x); goto errlab; } while (0) - -struct satype_tbl { - uint8_t proto; - uint8_t satype; - char* name; -} static satype_tbl[] = { -#ifdef __KERNEL__ - { IPPROTO_ESP, SADB_SATYPE_ESP, "ESP" }, - { IPPROTO_AH, SADB_SATYPE_AH, "AH" }, - { IPPROTO_IPIP, SADB_X_SATYPE_IPIP, "IPIP" }, -#ifdef CONFIG_IPSEC_IPCOMP - { IPPROTO_COMP, SADB_X_SATYPE_COMP, "COMP" }, -#endif /* CONFIG_IPSEC_IPCOMP */ - { IPPROTO_INT, SADB_X_SATYPE_INT, "INT" }, -#else /* __KERNEL__ */ - { SA_ESP, SADB_SATYPE_ESP, "ESP" }, - { SA_AH, SADB_SATYPE_AH, "AH" }, - { SA_IPIP, SADB_X_SATYPE_IPIP, "IPIP" }, - { SA_COMP, SADB_X_SATYPE_COMP, "COMP" }, - { SA_INT, SADB_X_SATYPE_INT, "INT" }, -#endif /* __KERNEL__ */ - { 0, 0, "UNKNOWN" } -}; - -uint8_t -satype2proto(uint8_t satype) -{ - int i =0; - - while(satype_tbl[i].satype != satype && satype_tbl[i].satype != 0) { - i++; - } - return satype_tbl[i].proto; -} - -uint8_t -proto2satype(uint8_t proto) -{ - int i = 0; - - while(satype_tbl[i].proto != proto && satype_tbl[i].proto != 0) { - i++; - } - return satype_tbl[i].satype; -} - -char* -satype2name(uint8_t satype) -{ - int i = 0; - - while(satype_tbl[i].satype != satype && satype_tbl[i].satype != 0) { - i++; - } - return satype_tbl[i].name; -} - -char* -proto2name(uint8_t proto) -{ - int i = 0; - - while(satype_tbl[i].proto != proto && satype_tbl[i].proto != 0) { - i++; - } - return satype_tbl[i].name; -} - -/* Default extension parsers taken from the KLIPS code */ - -DEBUG_NO_STATIC int -pfkey_sa_parse(struct sadb_ext *pfkey_ext) -{ - int error = 0; - struct sadb_sa *pfkey_sa = (struct sadb_sa *)pfkey_ext; -#if 0 - struct sadb_sa sav2; -#endif - - DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW, - "pfkey_sa_parse: entry\n"); - /* sanity checks... */ - if(!pfkey_sa) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_sa_parse: " - "NULL pointer passed in.\n"); - SENDERR(EINVAL); - } - -#if 0 - /* check if this structure is short, and if so, fix it up. - * XXX this is NOT the way to do things. - */ - if(pfkey_sa->sadb_sa_len == sizeof(struct sadb_sa_v1)/IPSEC_PFKEYv2_ALIGN) { - - /* yes, so clear out a temporary structure, and copy first */ - memset(&sav2, 0, sizeof(sav2)); - memcpy(&sav2, pfkey_sa, sizeof(struct sadb_sa_v1)); - sav2.sadb_x_sa_ref=-1; - sav2.sadb_sa_len = sizeof(struct sadb_sa) / IPSEC_PFKEYv2_ALIGN; - - pfkey_sa = &sav2; - } -#endif - - - if(pfkey_sa->sadb_sa_len != sizeof(struct sadb_sa) / IPSEC_PFKEYv2_ALIGN) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_sa_parse: " - "length wrong pfkey_sa->sadb_sa_len=%d sizeof(struct sadb_sa)=%d.\n", - pfkey_sa->sadb_sa_len, - (int)sizeof(struct sadb_sa)); - SENDERR(EINVAL); - } - - if(pfkey_sa->sadb_sa_encrypt > SADB_EALG_MAX) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_sa_parse: " - "pfkey_sa->sadb_sa_encrypt=%d > SADB_EALG_MAX=%d.\n", - pfkey_sa->sadb_sa_encrypt, - SADB_EALG_MAX); - SENDERR(EINVAL); - } - - if(pfkey_sa->sadb_sa_auth > SADB_AALG_MAX) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_sa_parse: " - "pfkey_sa->sadb_sa_auth=%d > SADB_AALG_MAX=%d.\n", - pfkey_sa->sadb_sa_auth, - SADB_AALG_MAX); - SENDERR(EINVAL); - } - - if(pfkey_sa->sadb_sa_state > SADB_SASTATE_MAX) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_sa_parse: " - "state=%d exceeds MAX=%d.\n", - pfkey_sa->sadb_sa_state, - SADB_SASTATE_MAX); - SENDERR(EINVAL); - } - - if(pfkey_sa->sadb_sa_state == SADB_SASTATE_DEAD) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_sa_parse: " - "state=%d is DEAD=%d.\n", - pfkey_sa->sadb_sa_state, - SADB_SASTATE_DEAD); - SENDERR(EINVAL); - } - - if(pfkey_sa->sadb_sa_replay > 64) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_sa_parse: " - "replay window size: %d -- must be 0 <= size <= 64\n", - pfkey_sa->sadb_sa_replay); - SENDERR(EINVAL); - } - - if(! ((pfkey_sa->sadb_sa_exttype == SADB_EXT_SA) || - (pfkey_sa->sadb_sa_exttype == SADB_X_EXT_SA2))) - { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_sa_parse: " - "unknown exttype=%d, expecting SADB_EXT_SA=%d or SADB_X_EXT_SA2=%d.\n", - pfkey_sa->sadb_sa_exttype, - SADB_EXT_SA, - SADB_X_EXT_SA2); - SENDERR(EINVAL); - } - - if((IPSEC_SAREF_NULL != pfkey_sa->sadb_x_sa_ref) && (pfkey_sa->sadb_x_sa_ref >= (1 << IPSEC_SA_REF_TABLE_IDX_WIDTH))) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_sa_parse: " - "SAref=%d must be (SAref == IPSEC_SAREF_NULL(%d) || SAref < IPSEC_SA_REF_TABLE_NUM_ENTRIES(%d)).\n", - pfkey_sa->sadb_x_sa_ref, - IPSEC_SAREF_NULL, - IPSEC_SA_REF_TABLE_NUM_ENTRIES); - SENDERR(EINVAL); - } - - DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT, - "pfkey_sa_parse: " - "successfully found len=%d exttype=%d(%s) spi=%08lx replay=%d state=%d auth=%d encrypt=%d flags=%d ref=%d.\n", - pfkey_sa->sadb_sa_len, - pfkey_sa->sadb_sa_exttype, - pfkey_v2_sadb_ext_string(pfkey_sa->sadb_sa_exttype), - (long unsigned int)ntohl(pfkey_sa->sadb_sa_spi), - pfkey_sa->sadb_sa_replay, - pfkey_sa->sadb_sa_state, - pfkey_sa->sadb_sa_auth, - pfkey_sa->sadb_sa_encrypt, - pfkey_sa->sadb_sa_flags, - pfkey_sa->sadb_x_sa_ref); - - errlab: - return error; -} - -DEBUG_NO_STATIC int -pfkey_lifetime_parse(struct sadb_ext *pfkey_ext) -{ - int error = 0; - struct sadb_lifetime *pfkey_lifetime = (struct sadb_lifetime *)pfkey_ext; - - DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW, - "pfkey_lifetime_parse:enter\n"); - /* sanity checks... */ - if(!pfkey_lifetime) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_lifetime_parse: " - "NULL pointer passed in.\n"); - SENDERR(EINVAL); - } - - if(pfkey_lifetime->sadb_lifetime_len != - sizeof(struct sadb_lifetime) / IPSEC_PFKEYv2_ALIGN) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_lifetime_parse: " - "length wrong pfkey_lifetime->sadb_lifetime_len=%d sizeof(struct sadb_lifetime)=%d.\n", - pfkey_lifetime->sadb_lifetime_len, - (int)sizeof(struct sadb_lifetime)); - SENDERR(EINVAL); - } - - if((pfkey_lifetime->sadb_lifetime_exttype != SADB_EXT_LIFETIME_HARD) && - (pfkey_lifetime->sadb_lifetime_exttype != SADB_EXT_LIFETIME_SOFT) && - (pfkey_lifetime->sadb_lifetime_exttype != SADB_EXT_LIFETIME_CURRENT)) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_lifetime_parse: " - "unexpected ext_type=%d.\n", - pfkey_lifetime->sadb_lifetime_exttype); - SENDERR(EINVAL); - } - - DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT, - "pfkey_lifetime_parse: " - "life_type=%d(%s) alloc=%u bytes=%u add=%u use=%u pkts=%u.\n", - pfkey_lifetime->sadb_lifetime_exttype, - pfkey_v2_sadb_ext_string(pfkey_lifetime->sadb_lifetime_exttype), - pfkey_lifetime->sadb_lifetime_allocations, - (unsigned)pfkey_lifetime->sadb_lifetime_bytes, - (unsigned)pfkey_lifetime->sadb_lifetime_addtime, - (unsigned)pfkey_lifetime->sadb_lifetime_usetime, - pfkey_lifetime->sadb_x_lifetime_packets); -errlab: - return error; -} - -DEBUG_NO_STATIC int -pfkey_address_parse(struct sadb_ext *pfkey_ext) -{ - int error = 0; - int saddr_len = 0; - struct sadb_address *pfkey_address = (struct sadb_address *)pfkey_ext; - struct sockaddr* s = (struct sockaddr*)((char*)pfkey_address + sizeof(*pfkey_address)); - char ipaddr_txt[ADDRTOT_BUF]; - - DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW, - "pfkey_address_parse:enter\n"); - /* sanity checks... */ - if(!pfkey_address) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_address_parse: " - "NULL pointer passed in.\n"); - SENDERR(EINVAL); - } - - if(pfkey_address->sadb_address_len < - (sizeof(struct sadb_address) + sizeof(struct sockaddr))/ - IPSEC_PFKEYv2_ALIGN) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_address_parse: " - "size wrong 1 ext_len=%d, adr_ext_len=%d, saddr_len=%d.\n", - pfkey_address->sadb_address_len, - (int)sizeof(struct sadb_address), - (int)sizeof(struct sockaddr)); - SENDERR(EINVAL); - } - - if(pfkey_address->sadb_address_reserved) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_address_parse: " - "res=%d, must be zero.\n", - pfkey_address->sadb_address_reserved); - SENDERR(EINVAL); - } - - switch(pfkey_address->sadb_address_exttype) { - case SADB_EXT_ADDRESS_SRC: - case SADB_EXT_ADDRESS_DST: - case SADB_EXT_ADDRESS_PROXY: - case SADB_X_EXT_ADDRESS_DST2: - case SADB_X_EXT_ADDRESS_SRC_FLOW: - case SADB_X_EXT_ADDRESS_DST_FLOW: - case SADB_X_EXT_ADDRESS_SRC_MASK: - case SADB_X_EXT_ADDRESS_DST_MASK: -#ifdef NAT_TRAVERSAL - case SADB_X_EXT_NAT_T_OA: -#endif - break; - default: - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_address_parse: " - "unexpected ext_type=%d.\n", - pfkey_address->sadb_address_exttype); - SENDERR(EINVAL); - } - - switch(s->sa_family) { - case AF_INET: - saddr_len = sizeof(struct sockaddr_in); - sprintf(ipaddr_txt, "%d.%d.%d.%d" - , (((struct sockaddr_in*)s)->sin_addr.s_addr >> 0) & 0xFF - , (((struct sockaddr_in*)s)->sin_addr.s_addr >> 8) & 0xFF - , (((struct sockaddr_in*)s)->sin_addr.s_addr >> 16) & 0xFF - , (((struct sockaddr_in*)s)->sin_addr.s_addr >> 24) & 0xFF); - DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT, - "pfkey_address_parse: " - "found exttype=%u(%s) family=%d(AF_INET) address=%s proto=%u port=%u.\n", - pfkey_address->sadb_address_exttype, - pfkey_v2_sadb_ext_string(pfkey_address->sadb_address_exttype), - s->sa_family, - ipaddr_txt, - pfkey_address->sadb_address_proto, - ntohs(((struct sockaddr_in*)s)->sin_port)); - break; - case AF_INET6: - saddr_len = sizeof(struct sockaddr_in6); - sprintf(ipaddr_txt, "%x:%x:%x:%x:%x:%x:%x:%x" - , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr16[0]) - , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr16[1]) - , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr16[2]) - , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr16[3]) - , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr16[4]) - , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr16[5]) - , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr16[6]) - , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr16[7])); - DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT, - "pfkey_address_parse: " - "found exttype=%u(%s) family=%d(AF_INET6) address=%s proto=%u port=%u.\n", - pfkey_address->sadb_address_exttype, - pfkey_v2_sadb_ext_string(pfkey_address->sadb_address_exttype), - s->sa_family, - ipaddr_txt, - pfkey_address->sadb_address_proto, - ((struct sockaddr_in6*)s)->sin6_port); - break; - default: - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_address_parse: " - "s->sa_family=%d not supported.\n", - s->sa_family); - SENDERR(EPFNOSUPPORT); - } - - if(pfkey_address->sadb_address_len != - DIVUP(sizeof(struct sadb_address) + saddr_len, IPSEC_PFKEYv2_ALIGN)) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_address_parse: " - "size wrong 2 ext_len=%d, adr_ext_len=%d, saddr_len=%d.\n", - pfkey_address->sadb_address_len, - (int)sizeof(struct sadb_address), - saddr_len); - SENDERR(EINVAL); - } - - if(pfkey_address->sadb_address_prefixlen != 0) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_address_parse: " - "address prefixes not supported yet.\n"); - SENDERR(EAFNOSUPPORT); /* not supported yet */ - } - - /* XXX check if port!=0 */ - - DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW, - "pfkey_address_parse: successful.\n"); - errlab: - return error; -} - -DEBUG_NO_STATIC int -pfkey_key_parse(struct sadb_ext *pfkey_ext) -{ - int error = 0; - struct sadb_key *pfkey_key = (struct sadb_key *)pfkey_ext; - - DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW, - "pfkey_key_parse:enter\n"); - /* sanity checks... */ - - if(!pfkey_key) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_key_parse: " - "NULL pointer passed in.\n"); - SENDERR(EINVAL); - } - - if(pfkey_key->sadb_key_len < sizeof(struct sadb_key) / IPSEC_PFKEYv2_ALIGN) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_key_parse: " - "size wrong ext_len=%d, key_ext_len=%d.\n", - pfkey_key->sadb_key_len, - (int)sizeof(struct sadb_key)); - SENDERR(EINVAL); - } - - if(!pfkey_key->sadb_key_bits) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_key_parse: " - "key length set to zero, must be non-zero.\n"); - SENDERR(EINVAL); - } - - if(pfkey_key->sadb_key_len != - DIVUP(sizeof(struct sadb_key) * OCTETBITS + pfkey_key->sadb_key_bits, - PFKEYBITS)) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_key_parse: " - "key length=%d does not agree with extension length=%d.\n", - pfkey_key->sadb_key_bits, - pfkey_key->sadb_key_len); - SENDERR(EINVAL); - } - - if(pfkey_key->sadb_key_reserved) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_key_parse: " - "res=%d, must be zero.\n", - pfkey_key->sadb_key_reserved); - SENDERR(EINVAL); - } - - if(! ( (pfkey_key->sadb_key_exttype == SADB_EXT_KEY_AUTH) || - (pfkey_key->sadb_key_exttype == SADB_EXT_KEY_ENCRYPT))) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_key_parse: " - "expecting extension type AUTH or ENCRYPT, got %d.\n", - pfkey_key->sadb_key_exttype); - SENDERR(EINVAL); - } - - DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT, - "pfkey_key_parse: " - "success, found len=%d exttype=%d(%s) bits=%d reserved=%d.\n", - pfkey_key->sadb_key_len, - pfkey_key->sadb_key_exttype, - pfkey_v2_sadb_ext_string(pfkey_key->sadb_key_exttype), - pfkey_key->sadb_key_bits, - pfkey_key->sadb_key_reserved); - -errlab: - return error; -} - -DEBUG_NO_STATIC int -pfkey_ident_parse(struct sadb_ext *pfkey_ext) -{ - int error = 0; - struct sadb_ident *pfkey_ident = (struct sadb_ident *)pfkey_ext; - - /* sanity checks... */ - if(pfkey_ident->sadb_ident_len < sizeof(struct sadb_ident) / IPSEC_PFKEYv2_ALIGN) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_ident_parse: " - "size wrong ext_len=%d, key_ext_len=%d.\n", - pfkey_ident->sadb_ident_len, - (int)sizeof(struct sadb_ident)); - SENDERR(EINVAL); - } - - if(pfkey_ident->sadb_ident_type > SADB_IDENTTYPE_MAX) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_ident_parse: " - "ident_type=%d out of range, must be less than %d.\n", - pfkey_ident->sadb_ident_type, - SADB_IDENTTYPE_MAX); - SENDERR(EINVAL); - } - - if(pfkey_ident->sadb_ident_reserved) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_ident_parse: " - "res=%d, must be zero.\n", - pfkey_ident->sadb_ident_reserved); - SENDERR(EINVAL); - } - - /* string terminator/padding must be zero */ - if(pfkey_ident->sadb_ident_len > sizeof(struct sadb_ident) / IPSEC_PFKEYv2_ALIGN) { - if(*((char*)pfkey_ident + pfkey_ident->sadb_ident_len * IPSEC_PFKEYv2_ALIGN - 1)) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_ident_parse: " - "string padding must be zero, last is 0x%02x.\n", - *((char*)pfkey_ident + - pfkey_ident->sadb_ident_len * IPSEC_PFKEYv2_ALIGN - 1)); - SENDERR(EINVAL); - } - } - - if( ! ((pfkey_ident->sadb_ident_exttype == SADB_EXT_IDENTITY_SRC) || - (pfkey_ident->sadb_ident_exttype == SADB_EXT_IDENTITY_DST))) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_key_parse: " - "expecting extension type IDENTITY_SRC or IDENTITY_DST, got %d.\n", - pfkey_ident->sadb_ident_exttype); - SENDERR(EINVAL); - } - -errlab: - return error; -} - -DEBUG_NO_STATIC int -pfkey_sens_parse(struct sadb_ext *pfkey_ext) -{ - int error = 0; - struct sadb_sens *pfkey_sens = (struct sadb_sens *)pfkey_ext; - - /* sanity checks... */ - if(pfkey_sens->sadb_sens_len < sizeof(struct sadb_sens) / IPSEC_PFKEYv2_ALIGN) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_sens_parse: " - "size wrong ext_len=%d, key_ext_len=%d.\n", - pfkey_sens->sadb_sens_len, - (int)sizeof(struct sadb_sens)); - SENDERR(EINVAL); - } - - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_sens_parse: " - "Sorry, I can't parse exttype=%d yet.\n", - pfkey_ext->sadb_ext_type); -#if 0 - SENDERR(EINVAL); /* don't process these yet */ -#endif - -errlab: - return error; -} - -DEBUG_NO_STATIC int -pfkey_prop_parse(struct sadb_ext *pfkey_ext) -{ - int error = 0; - int i, num_comb; - struct sadb_prop *pfkey_prop = (struct sadb_prop *)pfkey_ext; - struct sadb_comb *pfkey_comb = (struct sadb_comb *)((char*)pfkey_ext + sizeof(struct sadb_prop)); - - /* sanity checks... */ - if((pfkey_prop->sadb_prop_len < sizeof(struct sadb_prop) / IPSEC_PFKEYv2_ALIGN) || - (((pfkey_prop->sadb_prop_len * IPSEC_PFKEYv2_ALIGN) - sizeof(struct sadb_prop)) % sizeof(struct sadb_comb))) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_prop_parse: " - "size wrong ext_len=%d, prop_ext_len=%d comb_ext_len=%d.\n", - pfkey_prop->sadb_prop_len, - (int)sizeof(struct sadb_prop), - (int)sizeof(struct sadb_comb)); - SENDERR(EINVAL); - } - - if(pfkey_prop->sadb_prop_replay > 64) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_prop_parse: " - "replay window size: %d -- must be 0 <= size <= 64\n", - pfkey_prop->sadb_prop_replay); - SENDERR(EINVAL); - } - - for(i=0; i<3; i++) { - if(pfkey_prop->sadb_prop_reserved[i]) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_prop_parse: " - "res[%d]=%d, must be zero.\n", - i, pfkey_prop->sadb_prop_reserved[i]); - SENDERR(EINVAL); - } - } - - num_comb = ((pfkey_prop->sadb_prop_len * IPSEC_PFKEYv2_ALIGN) - sizeof(struct sadb_prop)) / sizeof(struct sadb_comb); - - for(i = 0; i < num_comb; i++) { - if(pfkey_comb->sadb_comb_auth > SADB_AALG_MAX) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_prop_parse: " - "pfkey_comb[%d]->sadb_comb_auth=%d > SADB_AALG_MAX=%d.\n", - i, - pfkey_comb->sadb_comb_auth, - SADB_AALG_MAX); - SENDERR(EINVAL); - } - - if(pfkey_comb->sadb_comb_auth) { - if(!pfkey_comb->sadb_comb_auth_minbits) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_prop_parse: " - "pfkey_comb[%d]->sadb_comb_auth_minbits=0, fatal.\n", - i); - SENDERR(EINVAL); - } - if(!pfkey_comb->sadb_comb_auth_maxbits) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_prop_parse: " - "pfkey_comb[%d]->sadb_comb_auth_maxbits=0, fatal.\n", - i); - SENDERR(EINVAL); - } - if(pfkey_comb->sadb_comb_auth_minbits > pfkey_comb->sadb_comb_auth_maxbits) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_prop_parse: " - "pfkey_comb[%d]->sadb_comb_auth_minbits=%d > maxbits=%d, fatal.\n", - i, - pfkey_comb->sadb_comb_auth_minbits, - pfkey_comb->sadb_comb_auth_maxbits); - SENDERR(EINVAL); - } - } else { - if(pfkey_comb->sadb_comb_auth_minbits) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_prop_parse: " - "pfkey_comb[%d]->sadb_comb_auth_minbits=%d != 0, fatal.\n", - i, - pfkey_comb->sadb_comb_auth_minbits); - SENDERR(EINVAL); - } - if(pfkey_comb->sadb_comb_auth_maxbits) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_prop_parse: " - "pfkey_comb[%d]->sadb_comb_auth_maxbits=%d != 0, fatal.\n", - i, - pfkey_comb->sadb_comb_auth_maxbits); - SENDERR(EINVAL); - } - } - - if(pfkey_comb->sadb_comb_encrypt > SADB_EALG_MAX) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_comb_parse: " - "pfkey_comb[%d]->sadb_comb_encrypt=%d > SADB_EALG_MAX=%d.\n", - i, - pfkey_comb->sadb_comb_encrypt, - SADB_EALG_MAX); - SENDERR(EINVAL); - } - - if(pfkey_comb->sadb_comb_encrypt) { - if(!pfkey_comb->sadb_comb_encrypt_minbits) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_prop_parse: " - "pfkey_comb[%d]->sadb_comb_encrypt_minbits=0, fatal.\n", - i); - SENDERR(EINVAL); - } - if(!pfkey_comb->sadb_comb_encrypt_maxbits) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_prop_parse: " - "pfkey_comb[%d]->sadb_comb_encrypt_maxbits=0, fatal.\n", - i); - SENDERR(EINVAL); - } - if(pfkey_comb->sadb_comb_encrypt_minbits > pfkey_comb->sadb_comb_encrypt_maxbits) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_prop_parse: " - "pfkey_comb[%d]->sadb_comb_encrypt_minbits=%d > maxbits=%d, fatal.\n", - i, - pfkey_comb->sadb_comb_encrypt_minbits, - pfkey_comb->sadb_comb_encrypt_maxbits); - SENDERR(EINVAL); - } - } else { - if(pfkey_comb->sadb_comb_encrypt_minbits) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_prop_parse: " - "pfkey_comb[%d]->sadb_comb_encrypt_minbits=%d != 0, fatal.\n", - i, - pfkey_comb->sadb_comb_encrypt_minbits); - SENDERR(EINVAL); - } - if(pfkey_comb->sadb_comb_encrypt_maxbits) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_prop_parse: " - "pfkey_comb[%d]->sadb_comb_encrypt_maxbits=%d != 0, fatal.\n", - i, - pfkey_comb->sadb_comb_encrypt_maxbits); - SENDERR(EINVAL); - } - } - - /* XXX do sanity check on flags */ - - if(pfkey_comb->sadb_comb_hard_allocations && pfkey_comb->sadb_comb_soft_allocations > pfkey_comb->sadb_comb_hard_allocations) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_prop_parse: " - "pfkey_comb[%d]->sadb_comb_soft_allocations=%d > hard_allocations=%d, fatal.\n", - i, - pfkey_comb->sadb_comb_soft_allocations, - pfkey_comb->sadb_comb_hard_allocations); - SENDERR(EINVAL); - } - - if(pfkey_comb->sadb_comb_hard_bytes && pfkey_comb->sadb_comb_soft_bytes > pfkey_comb->sadb_comb_hard_bytes) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_prop_parse: " - "pfkey_comb[%d]->sadb_comb_soft_bytes=%Ld > hard_bytes=%Ld, fatal.\n", - i, - (unsigned long long int)pfkey_comb->sadb_comb_soft_bytes, - (unsigned long long int)pfkey_comb->sadb_comb_hard_bytes); - SENDERR(EINVAL); - } - - if(pfkey_comb->sadb_comb_hard_addtime && pfkey_comb->sadb_comb_soft_addtime > pfkey_comb->sadb_comb_hard_addtime) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_prop_parse: " - "pfkey_comb[%d]->sadb_comb_soft_addtime=%Ld > hard_addtime=%Ld, fatal.\n", - i, - (unsigned long long int)pfkey_comb->sadb_comb_soft_addtime, - (unsigned long long int)pfkey_comb->sadb_comb_hard_addtime); - SENDERR(EINVAL); - } - - if(pfkey_comb->sadb_comb_hard_usetime && pfkey_comb->sadb_comb_soft_usetime > pfkey_comb->sadb_comb_hard_usetime) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_prop_parse: " - "pfkey_comb[%d]->sadb_comb_soft_usetime=%Ld > hard_usetime=%Ld, fatal.\n", - i, - (unsigned long long int)pfkey_comb->sadb_comb_soft_usetime, - (unsigned long long int)pfkey_comb->sadb_comb_hard_usetime); - SENDERR(EINVAL); - } - - if(pfkey_comb->sadb_x_comb_hard_packets && pfkey_comb->sadb_x_comb_soft_packets > pfkey_comb->sadb_x_comb_hard_packets) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_prop_parse: " - "pfkey_comb[%d]->sadb_x_comb_soft_packets=%d > hard_packets=%d, fatal.\n", - i, - pfkey_comb->sadb_x_comb_soft_packets, - pfkey_comb->sadb_x_comb_hard_packets); - SENDERR(EINVAL); - } - - if(pfkey_comb->sadb_comb_reserved) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_prop_parse: " - "comb[%d].res=%d, must be zero.\n", - i, - pfkey_comb->sadb_comb_reserved); - SENDERR(EINVAL); - } - pfkey_comb++; - } - -errlab: - return error; -} - -DEBUG_NO_STATIC int -pfkey_supported_parse(struct sadb_ext *pfkey_ext) -{ - int error = 0; - unsigned int i, num_alg; - struct sadb_supported *pfkey_supported = (struct sadb_supported *)pfkey_ext; - struct sadb_alg *pfkey_alg = (struct sadb_alg*)((char*)pfkey_ext + sizeof(struct sadb_supported)); - - /* sanity checks... */ - if((pfkey_supported->sadb_supported_len < - sizeof(struct sadb_supported) / IPSEC_PFKEYv2_ALIGN) || - (((pfkey_supported->sadb_supported_len * IPSEC_PFKEYv2_ALIGN) - - sizeof(struct sadb_supported)) % sizeof(struct sadb_alg))) { - - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_supported_parse: " - "size wrong ext_len=%d, supported_ext_len=%d alg_ext_len=%d.\n", - pfkey_supported->sadb_supported_len, - (int)sizeof(struct sadb_supported), - (int)sizeof(struct sadb_alg)); - SENDERR(EINVAL); - } - - if(pfkey_supported->sadb_supported_reserved) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_supported_parse: " - "res=%d, must be zero.\n", - pfkey_supported->sadb_supported_reserved); - SENDERR(EINVAL); - } - - num_alg = ((pfkey_supported->sadb_supported_len * IPSEC_PFKEYv2_ALIGN) - sizeof(struct sadb_supported)) / sizeof(struct sadb_alg); - - for(i = 0; i < num_alg; i++) { - /* process algo description */ - if(pfkey_alg->sadb_alg_reserved) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_supported_parse: " - "alg[%d], id=%d, ivlen=%d, minbits=%d, maxbits=%d, res=%d, must be zero.\n", - i, - pfkey_alg->sadb_alg_id, - pfkey_alg->sadb_alg_ivlen, - pfkey_alg->sadb_alg_minbits, - pfkey_alg->sadb_alg_maxbits, - pfkey_alg->sadb_alg_reserved); - SENDERR(EINVAL); - } - - /* XXX can alg_id auth/enc be determined from info given? - Yes, but OpenBSD's method does not iteroperate with rfc2367. - rgb, 2000-04-06 */ - - switch(pfkey_supported->sadb_supported_exttype) { - case SADB_EXT_SUPPORTED_AUTH: - if(pfkey_alg->sadb_alg_id > SADB_AALG_MAX) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_supported_parse: " - "alg[%d], alg_id=%d > SADB_AALG_MAX=%d, fatal.\n", - i, - pfkey_alg->sadb_alg_id, - SADB_AALG_MAX); - SENDERR(EINVAL); - } - break; - case SADB_EXT_SUPPORTED_ENCRYPT: - if(pfkey_alg->sadb_alg_id > SADB_EALG_MAX) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_supported_parse: " - "alg[%d], alg_id=%d > SADB_EALG_MAX=%d, fatal.\n", - i, - pfkey_alg->sadb_alg_id, - SADB_EALG_MAX); - SENDERR(EINVAL); - } - break; - default: - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_supported_parse: " - "alg[%d], alg_id=%d > SADB_EALG_MAX=%d, fatal.\n", - i, - pfkey_alg->sadb_alg_id, - SADB_EALG_MAX); - SENDERR(EINVAL); - } - pfkey_alg++; - } - - errlab: - return error; -} - -DEBUG_NO_STATIC int -pfkey_spirange_parse(struct sadb_ext *pfkey_ext) -{ - int error = 0; - struct sadb_spirange *pfkey_spirange = (struct sadb_spirange *)pfkey_ext; - - /* sanity checks... */ - if(pfkey_spirange->sadb_spirange_len != - sizeof(struct sadb_spirange) / IPSEC_PFKEYv2_ALIGN) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_spirange_parse: " - "size wrong ext_len=%d, key_ext_len=%d.\n", - pfkey_spirange->sadb_spirange_len, - (int)sizeof(struct sadb_spirange)); - SENDERR(EINVAL); - } - - if(pfkey_spirange->sadb_spirange_reserved) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_spirange_parse: " - "reserved=%d must be set to zero.\n", - pfkey_spirange->sadb_spirange_reserved); - SENDERR(EINVAL); - } - - if(ntohl(pfkey_spirange->sadb_spirange_max) < ntohl(pfkey_spirange->sadb_spirange_min)) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_spirange_parse: " - "minspi=%08x must be < maxspi=%08x.\n", - ntohl(pfkey_spirange->sadb_spirange_min), - ntohl(pfkey_spirange->sadb_spirange_max)); - SENDERR(EINVAL); - } - - if(ntohl(pfkey_spirange->sadb_spirange_min) <= 255) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_spirange_parse: " - "minspi=%08x must be > 255.\n", - ntohl(pfkey_spirange->sadb_spirange_min)); - SENDERR(EEXIST); - } - - DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT, - "pfkey_spirange_parse: " - "ext_len=%u ext_type=%u(%s) min=%u max=%u res=%u.\n", - pfkey_spirange->sadb_spirange_len, - pfkey_spirange->sadb_spirange_exttype, - pfkey_v2_sadb_ext_string(pfkey_spirange->sadb_spirange_exttype), - pfkey_spirange->sadb_spirange_min, - pfkey_spirange->sadb_spirange_max, - pfkey_spirange->sadb_spirange_reserved); - errlab: - return error; -} - -DEBUG_NO_STATIC int -pfkey_x_kmprivate_parse(struct sadb_ext *pfkey_ext) -{ - int error = 0; - struct sadb_x_kmprivate *pfkey_x_kmprivate = (struct sadb_x_kmprivate *)pfkey_ext; - - /* sanity checks... */ - if(pfkey_x_kmprivate->sadb_x_kmprivate_len < - sizeof(struct sadb_x_kmprivate) / IPSEC_PFKEYv2_ALIGN) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_x_kmprivate_parse: " - "size wrong ext_len=%d, key_ext_len=%d.\n", - pfkey_x_kmprivate->sadb_x_kmprivate_len, - (int)sizeof(struct sadb_x_kmprivate)); - SENDERR(EINVAL); - } - - if(pfkey_x_kmprivate->sadb_x_kmprivate_reserved) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_x_kmprivate_parse: " - "reserved=%d must be set to zero.\n", - pfkey_x_kmprivate->sadb_x_kmprivate_reserved); - SENDERR(EINVAL); - } - - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_x_kmprivate_parse: " - "Sorry, I can't parse exttype=%d yet.\n", - pfkey_ext->sadb_ext_type); - SENDERR(EINVAL); /* don't process these yet */ - -errlab: - return error; -} - -DEBUG_NO_STATIC int -pfkey_x_satype_parse(struct sadb_ext *pfkey_ext) -{ - int error = 0; - int i; - struct sadb_x_satype *pfkey_x_satype = (struct sadb_x_satype *)pfkey_ext; - - DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW, - "pfkey_x_satype_parse: enter\n"); - /* sanity checks... */ - if(pfkey_x_satype->sadb_x_satype_len != - sizeof(struct sadb_x_satype) / IPSEC_PFKEYv2_ALIGN) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_x_satype_parse: " - "size wrong ext_len=%d, key_ext_len=%d.\n", - pfkey_x_satype->sadb_x_satype_len, - (int)sizeof(struct sadb_x_satype)); - SENDERR(EINVAL); - } - - if(!pfkey_x_satype->sadb_x_satype_satype) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_x_satype_parse: " - "satype is zero, must be non-zero.\n"); - SENDERR(EINVAL); - } - - if(pfkey_x_satype->sadb_x_satype_satype > SADB_SATYPE_MAX) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_x_satype_parse: " - "satype %d > max %d, invalid.\n", - pfkey_x_satype->sadb_x_satype_satype, SADB_SATYPE_MAX); - SENDERR(EINVAL); - } - - if(!(satype2proto(pfkey_x_satype->sadb_x_satype_satype))) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_x_satype_parse: " - "proto lookup from satype=%d failed.\n", - pfkey_x_satype->sadb_x_satype_satype); - SENDERR(EINVAL); - } - - for(i = 0; i < 3; i++) { - if(pfkey_x_satype->sadb_x_satype_reserved[i]) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_x_satype_parse: " - "reserved[%d]=%d must be set to zero.\n", - i, pfkey_x_satype->sadb_x_satype_reserved[i]); - SENDERR(EINVAL); - } - } - - DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT, - "pfkey_x_satype_parse: " - "len=%u ext=%u(%s) satype=%u(%s) res=%u,%u,%u.\n", - pfkey_x_satype->sadb_x_satype_len, - pfkey_x_satype->sadb_x_satype_exttype, - pfkey_v2_sadb_ext_string(pfkey_x_satype->sadb_x_satype_exttype), - pfkey_x_satype->sadb_x_satype_satype, - satype2name(pfkey_x_satype->sadb_x_satype_satype), - pfkey_x_satype->sadb_x_satype_reserved[0], - pfkey_x_satype->sadb_x_satype_reserved[1], - pfkey_x_satype->sadb_x_satype_reserved[2]); -errlab: - return error; -} - -DEBUG_NO_STATIC int -pfkey_x_ext_debug_parse(struct sadb_ext *pfkey_ext) -{ - int error = 0; - int i; - struct sadb_x_debug *pfkey_x_debug = (struct sadb_x_debug *)pfkey_ext; - - DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW, - "pfkey_x_debug_parse: enter\n"); - /* sanity checks... */ - if(pfkey_x_debug->sadb_x_debug_len != - sizeof(struct sadb_x_debug) / IPSEC_PFKEYv2_ALIGN) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_x_debug_parse: " - "size wrong ext_len=%d, key_ext_len=%d.\n", - pfkey_x_debug->sadb_x_debug_len, - (int)sizeof(struct sadb_x_debug)); - SENDERR(EINVAL); - } - - for(i = 0; i < 4; i++) { - if(pfkey_x_debug->sadb_x_debug_reserved[i]) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_x_debug_parse: " - "reserved[%d]=%d must be set to zero.\n", - i, pfkey_x_debug->sadb_x_debug_reserved[i]); - SENDERR(EINVAL); - } - } - -errlab: - return error; -} - -DEBUG_NO_STATIC int -pfkey_x_ext_protocol_parse(struct sadb_ext *pfkey_ext) -{ - int error = 0; - struct sadb_protocol *p = (struct sadb_protocol *)pfkey_ext; - - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, "pfkey_x_protocol_parse:\n"); - /* sanity checks... */ - - if (p->sadb_protocol_len != sizeof(*p)/IPSEC_PFKEYv2_ALIGN) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_x_protocol_parse: size wrong ext_len=%d, key_ext_len=%d.\n", - p->sadb_protocol_len, (int)sizeof(*p)); - SENDERR(EINVAL); - } - - if (p->sadb_protocol_reserved2 != 0) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_protocol_parse: res=%d, must be zero.\n", - p->sadb_protocol_reserved2); - SENDERR(EINVAL); - } - - errlab: - return error; -} - -#ifdef NAT_TRAVERSAL -DEBUG_NO_STATIC int -pfkey_x_ext_nat_t_type_parse(struct sadb_ext *pfkey_ext) -{ - return 0; -} -DEBUG_NO_STATIC int -pfkey_x_ext_nat_t_port_parse(struct sadb_ext *pfkey_ext) -{ - return 0; -} -#endif - -#define DEFINEPARSER(NAME) static struct pf_key_ext_parsers_def NAME##_def={NAME, #NAME}; - -DEFINEPARSER(pfkey_sa_parse); -DEFINEPARSER(pfkey_lifetime_parse); -DEFINEPARSER(pfkey_address_parse); -DEFINEPARSER(pfkey_key_parse); -DEFINEPARSER(pfkey_ident_parse); -DEFINEPARSER(pfkey_sens_parse); -DEFINEPARSER(pfkey_prop_parse); -DEFINEPARSER(pfkey_supported_parse); -DEFINEPARSER(pfkey_spirange_parse); -DEFINEPARSER(pfkey_x_kmprivate_parse); -DEFINEPARSER(pfkey_x_satype_parse); -DEFINEPARSER(pfkey_x_ext_debug_parse); -DEFINEPARSER(pfkey_x_ext_protocol_parse); -#ifdef NAT_TRAVERSAL -DEFINEPARSER(pfkey_x_ext_nat_t_type_parse); -DEFINEPARSER(pfkey_x_ext_nat_t_port_parse); -#endif - -struct pf_key_ext_parsers_def *ext_default_parsers[]= -{ - NULL, /* pfkey_msg_parse, */ - &pfkey_sa_parse_def, - &pfkey_lifetime_parse_def, - &pfkey_lifetime_parse_def, - &pfkey_lifetime_parse_def, - &pfkey_address_parse_def, - &pfkey_address_parse_def, - &pfkey_address_parse_def, - &pfkey_key_parse_def, - &pfkey_key_parse_def, - &pfkey_ident_parse_def, - &pfkey_ident_parse_def, - &pfkey_sens_parse_def, - &pfkey_prop_parse_def, - &pfkey_supported_parse_def, - &pfkey_supported_parse_def, - &pfkey_spirange_parse_def, - &pfkey_x_kmprivate_parse_def, - &pfkey_x_satype_parse_def, - &pfkey_sa_parse_def, - &pfkey_address_parse_def, - &pfkey_address_parse_def, - &pfkey_address_parse_def, - &pfkey_address_parse_def, - &pfkey_address_parse_def, - &pfkey_x_ext_debug_parse_def, - &pfkey_x_ext_protocol_parse_def -#ifdef NAT_TRAVERSAL - , - &pfkey_x_ext_nat_t_type_parse_def, - &pfkey_x_ext_nat_t_port_parse_def, - &pfkey_x_ext_nat_t_port_parse_def, - &pfkey_address_parse_def -#endif -}; - -int -pfkey_msg_parse(struct sadb_msg *pfkey_msg, - struct pf_key_ext_parsers_def *ext_parsers[], - struct sadb_ext *extensions[], - int dir) -{ - int error = 0; - int remain; - struct sadb_ext *pfkey_ext; - int extensions_seen = 0; - - DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT, - "pfkey_msg_parse: " - "parsing message ver=%d, type=%d(%s), errno=%d, satype=%d(%s), len=%d, res=%d, seq=%d, pid=%d.\n", - pfkey_msg->sadb_msg_version, - pfkey_msg->sadb_msg_type, - pfkey_v2_sadb_type_string(pfkey_msg->sadb_msg_type), - pfkey_msg->sadb_msg_errno, - pfkey_msg->sadb_msg_satype, - satype2name(pfkey_msg->sadb_msg_satype), - pfkey_msg->sadb_msg_len, - pfkey_msg->sadb_msg_reserved, - pfkey_msg->sadb_msg_seq, - pfkey_msg->sadb_msg_pid); - - if(ext_parsers == NULL) ext_parsers = ext_default_parsers; - - pfkey_extensions_init(extensions); - - remain = pfkey_msg->sadb_msg_len; - remain -= sizeof(struct sadb_msg) / IPSEC_PFKEYv2_ALIGN; - - pfkey_ext = (struct sadb_ext*)((char*)pfkey_msg + - sizeof(struct sadb_msg)); - - extensions[0] = (struct sadb_ext *) pfkey_msg; - - - if(pfkey_msg->sadb_msg_version != PF_KEY_V2) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_msg_parse: " - "not PF_KEY_V2 msg, found %d, should be %d.\n", - pfkey_msg->sadb_msg_version, - PF_KEY_V2); - SENDERR(EINVAL); - } - - if(!pfkey_msg->sadb_msg_type) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_msg_parse: " - "msg type not set, must be non-zero..\n"); - SENDERR(EINVAL); - } - - if(pfkey_msg->sadb_msg_type > SADB_MAX) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_msg_parse: " - "msg type=%d > max=%d.\n", - pfkey_msg->sadb_msg_type, - SADB_MAX); - SENDERR(EINVAL); - } - - switch(pfkey_msg->sadb_msg_type) { - case SADB_GETSPI: - case SADB_UPDATE: - case SADB_ADD: - case SADB_DELETE: - case SADB_GET: - case SADB_X_GRPSA: - case SADB_X_ADDFLOW: - if(!satype2proto(pfkey_msg->sadb_msg_satype)) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_msg_parse: " - "satype %d conversion to proto failed for msg_type %d (%s).\n", - pfkey_msg->sadb_msg_satype, - pfkey_msg->sadb_msg_type, - pfkey_v2_sadb_type_string(pfkey_msg->sadb_msg_type)); - SENDERR(EINVAL); - } else { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_msg_parse: " - "satype %d(%s) conversion to proto gives %d for msg_type %d(%s).\n", - pfkey_msg->sadb_msg_satype, - satype2name(pfkey_msg->sadb_msg_satype), - satype2proto(pfkey_msg->sadb_msg_satype), - pfkey_msg->sadb_msg_type, - pfkey_v2_sadb_type_string(pfkey_msg->sadb_msg_type)); - } - case SADB_ACQUIRE: - case SADB_REGISTER: - case SADB_EXPIRE: - if(!pfkey_msg->sadb_msg_satype) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_msg_parse: " - "satype is zero, must be non-zero for msg_type %d(%s).\n", - pfkey_msg->sadb_msg_type, - pfkey_v2_sadb_type_string(pfkey_msg->sadb_msg_type)); - SENDERR(EINVAL); - } - default: - break; - } - - /* errno must not be set in downward messages */ - /* this is not entirely true... a response to an ACQUIRE could return an error */ - if((dir == EXT_BITS_IN) && (pfkey_msg->sadb_msg_type != SADB_ACQUIRE) && pfkey_msg->sadb_msg_errno) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_msg_parse: " - "errno set to %d.\n", - pfkey_msg->sadb_msg_errno); - SENDERR(EINVAL); - } - - DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW, - "pfkey_msg_parse: " - "remain=%d, ext_type=%d(%s), ext_len=%d.\n", - remain, - pfkey_ext->sadb_ext_type, - pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type), - pfkey_ext->sadb_ext_len); - - DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW, - "pfkey_msg_parse: " - "extensions permitted=%08x, required=%08x.\n", - extensions_bitmaps[dir][EXT_BITS_PERM][pfkey_msg->sadb_msg_type], - extensions_bitmaps[dir][EXT_BITS_REQ][pfkey_msg->sadb_msg_type]); - - extensions_seen = 1; - - while( (remain * IPSEC_PFKEYv2_ALIGN) >= sizeof(struct sadb_ext) ) { - /* Is there enough message left to support another extension header? */ - if(remain < pfkey_ext->sadb_ext_len) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_msg_parse: " - "remain %d less than ext len %d.\n", - remain, pfkey_ext->sadb_ext_len); - SENDERR(EINVAL); - } - - DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW, - "pfkey_msg_parse: " - "parsing ext type=%d(%s) remain=%d.\n", - pfkey_ext->sadb_ext_type, - pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type), - remain); - - /* Is the extension header type valid? */ - if((pfkey_ext->sadb_ext_type > SADB_EXT_MAX) || (!pfkey_ext->sadb_ext_type)) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_msg_parse: " - "ext type %d(%s) invalid, SADB_EXT_MAX=%d.\n", - pfkey_ext->sadb_ext_type, - pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type), - SADB_EXT_MAX); - SENDERR(EINVAL); - } - - /* Have we already seen this type of extension? */ - if((extensions_seen & ( 1 << pfkey_ext->sadb_ext_type )) != 0) - { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_msg_parse: " - "ext type %d(%s) already seen.\n", - pfkey_ext->sadb_ext_type, - pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type)); - SENDERR(EINVAL); - } - - /* Do I even know about this type of extension? */ - if(ext_parsers[pfkey_ext->sadb_ext_type]==NULL) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_msg_parse: " - "ext type %d(%s) unknown, ignoring.\n", - pfkey_ext->sadb_ext_type, - pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type)); - goto next_ext; - } - - /* Is this type of extension permitted for this type of message? */ - if(!(extensions_bitmaps[dir][EXT_BITS_PERM][pfkey_msg->sadb_msg_type] & - 1<<pfkey_ext->sadb_ext_type)) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_msg_parse: " - "ext type %d(%s) not permitted, exts_perm_in=%08x, 1<<type=%08x\n", - pfkey_ext->sadb_ext_type, - pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type), - extensions_bitmaps[dir][EXT_BITS_PERM][pfkey_msg->sadb_msg_type], - 1<<pfkey_ext->sadb_ext_type); - SENDERR(EINVAL); - } - - DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT, - "pfkey_msg_parse: " - "remain=%d ext_type=%d(%s) ext_len=%d parsing ext 0p%p with parser %s.\n", - remain, - pfkey_ext->sadb_ext_type, - pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type), - pfkey_ext->sadb_ext_len, - pfkey_ext, - ext_parsers[pfkey_ext->sadb_ext_type]->parser_name); - - /* Parse the extension */ - if((error = - (*ext_parsers[pfkey_ext->sadb_ext_type]->parser)(pfkey_ext))) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_msg_parse: " - "extension parsing for type %d(%s) failed with error %d.\n", - pfkey_ext->sadb_ext_type, - pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type), - error); - SENDERR(-error); - } - DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW, - "pfkey_msg_parse: " - "Extension %d(%s) parsed.\n", - pfkey_ext->sadb_ext_type, - pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type)); - - /* Mark that we have seen this extension and remember the header location */ - extensions_seen |= ( 1 << pfkey_ext->sadb_ext_type ); - extensions[pfkey_ext->sadb_ext_type] = pfkey_ext; - - next_ext: - /* Calculate how much message remains */ - remain -= pfkey_ext->sadb_ext_len; - - if(!remain) { - break; - } - /* Find the next extension header */ - pfkey_ext = (struct sadb_ext*)((char*)pfkey_ext + - pfkey_ext->sadb_ext_len * IPSEC_PFKEYv2_ALIGN); - } - - if(remain) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_msg_parse: " - "unexpected remainder of %d.\n", - remain); - /* why is there still something remaining? */ - SENDERR(EINVAL); - } - - /* check required extensions */ - DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT, - "pfkey_msg_parse: " - "extensions permitted=%08x, seen=%08x, required=%08x.\n", - extensions_bitmaps[dir][EXT_BITS_PERM][pfkey_msg->sadb_msg_type], - extensions_seen, - extensions_bitmaps[dir][EXT_BITS_REQ][pfkey_msg->sadb_msg_type]); - - /* don't check further if it is an error return message since it - may not have a body */ - if(pfkey_msg->sadb_msg_errno) { - SENDERR(-error); - } - - if((extensions_seen & - extensions_bitmaps[dir][EXT_BITS_REQ][pfkey_msg->sadb_msg_type]) != - extensions_bitmaps[dir][EXT_BITS_REQ][pfkey_msg->sadb_msg_type]) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_msg_parse: " - "required extensions missing:%08x.\n", - extensions_bitmaps[dir][EXT_BITS_REQ][pfkey_msg->sadb_msg_type] - - (extensions_seen & - extensions_bitmaps[dir][EXT_BITS_REQ][pfkey_msg->sadb_msg_type])); - SENDERR(EINVAL); - } - - if((dir == EXT_BITS_IN) && (pfkey_msg->sadb_msg_type == SADB_X_DELFLOW) - && ((extensions_seen & SADB_X_EXT_ADDRESS_DELFLOW) - != SADB_X_EXT_ADDRESS_DELFLOW) - && (((extensions_seen & (1<<SADB_EXT_SA)) != (1<<SADB_EXT_SA)) - || ((((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_flags - & SADB_X_SAFLAGS_CLEARFLOW) - != SADB_X_SAFLAGS_CLEARFLOW))) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_msg_parse: " - "required SADB_X_DELFLOW extensions missing: either %08x must be present or %08x must be present with SADB_X_SAFLAGS_CLEARFLOW set.\n", - SADB_X_EXT_ADDRESS_DELFLOW - - (extensions_seen & SADB_X_EXT_ADDRESS_DELFLOW), - (1<<SADB_EXT_SA) - (extensions_seen & (1<<SADB_EXT_SA))); - SENDERR(EINVAL); - } - - switch(pfkey_msg->sadb_msg_type) { - case SADB_ADD: - case SADB_UPDATE: - /* check maturity */ - if(((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_state != - SADB_SASTATE_MATURE) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_msg_parse: " - "state=%d for add or update should be MATURE=%d.\n", - ((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_state, - SADB_SASTATE_MATURE); - SENDERR(EINVAL); - } - - /* check AH and ESP */ - switch(((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_satype) { - case SADB_SATYPE_AH: - if(!(((struct sadb_sa*)extensions[SADB_EXT_SA]) && - ((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_auth != - SADB_AALG_NONE)) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_msg_parse: " - "auth alg is zero, must be non-zero for AH SAs.\n"); - SENDERR(EINVAL); - } - if(((struct sadb_sa*)(extensions[SADB_EXT_SA]))->sadb_sa_encrypt != - SADB_EALG_NONE) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_msg_parse: " - "AH handed encalg=%d, must be zero.\n", - ((struct sadb_sa*)(extensions[SADB_EXT_SA]))->sadb_sa_encrypt); - SENDERR(EINVAL); - } - break; - case SADB_SATYPE_ESP: - if(!(((struct sadb_sa*)extensions[SADB_EXT_SA]) && - ((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_encrypt != - SADB_EALG_NONE)) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_msg_parse: " - "encrypt alg=%d is zero, must be non-zero for ESP=%d SAs.\n", - ((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_encrypt, - ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_satype); - SENDERR(EINVAL); - } - if((((struct sadb_sa*)(extensions[SADB_EXT_SA]))->sadb_sa_encrypt == - SADB_EALG_NULL) && - (((struct sadb_sa*)(extensions[SADB_EXT_SA]))->sadb_sa_auth == - SADB_AALG_NONE) ) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_msg_parse: " - "ESP handed encNULL+authNONE, illegal combination.\n"); - SENDERR(EINVAL); - } - break; - case SADB_X_SATYPE_COMP: - if(!(((struct sadb_sa*)extensions[SADB_EXT_SA]) && - ((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_encrypt != - SADB_EALG_NONE)) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_msg_parse: " - "encrypt alg=%d is zero, must be non-zero for COMP=%d SAs.\n", - ((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_encrypt, - ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_satype); - SENDERR(EINVAL); - } - if(((struct sadb_sa*)(extensions[SADB_EXT_SA]))->sadb_sa_auth != - SADB_AALG_NONE) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_msg_parse: " - "COMP handed auth=%d, must be zero.\n", - ((struct sadb_sa*)(extensions[SADB_EXT_SA]))->sadb_sa_auth); - SENDERR(EINVAL); - } - break; - default: - break; - } - if(ntohl(((struct sadb_sa*)(extensions[SADB_EXT_SA]))->sadb_sa_spi) <= 255) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_msg_parse: " - "spi=%08x must be > 255.\n", - ntohl(((struct sadb_sa*)(extensions[SADB_EXT_SA]))->sadb_sa_spi)); - SENDERR(EINVAL); - } - default: - break; - } -errlab: - - return error; -} - -/* - * $Log: pfkey_v2_parse.c,v $ - * Revision 1.4 2004/06/13 20:35:07 as - * removed references to ipsec_netlink.h - * - * Revision 1.3 2004/03/30 10:00:17 as - * 64 bit issues - * - * Revision 1.2 2004/03/22 21:53:18 as - * merged alg-0.8.1 branch with HEAD - * - * Revision 1.1.2.1 2004/03/15 22:30:06 as - * nat-0.6c patch merged - * - * Revision 1.1 2004/03/15 20:35:26 as - * added files from freeswan-2.04-x509-1.5.3 - * - * Revision 1.53 2003/01/30 02:32:09 rgb - * - * Rename SAref table macro names for clarity. - * Convert IPsecSAref_t from signed to unsigned to fix apparent SAref exhaustion bug. - * - * Revision 1.52 2002/12/30 06:53:07 mcr - * deal with short SA structures... #if 0 out for now. Probably - * not quite the right way. - * - * Revision 1.51 2002/12/13 18:16:02 mcr - * restored sa_ref code - * - * Revision 1.50 2002/12/13 18:06:52 mcr - * temporarily removed sadb_x_sa_ref reference for 2.xx - * - * Revision 1.49 2002/10/05 05:02:58 dhr - * - * C labels go on statements - * - * Revision 1.48 2002/09/20 15:40:45 rgb - * Added sadb_x_sa_ref to struct sadb_sa. - * - * Revision 1.47 2002/09/20 05:01:31 rgb - * Fixed usage of pfkey_lib_debug. - * Format for function declaration style consistency. - * Added text labels to elucidate numeric values presented. - * Re-organised debug output to reduce noise in output. - * - * Revision 1.46 2002/07/24 18:44:54 rgb - * Type fiddling to tame ia64 compiler. - * - * Revision 1.45 2002/05/23 07:14:11 rgb - * Cleaned up %p variants to 0p%p for test suite cleanup. - * - * Revision 1.44 2002/04/24 07:55:32 mcr - * #include patches and Makefiles for post-reorg compilation. - * - * Revision 1.43 2002/04/24 07:36:40 mcr - * Moved from ./lib/pfkey_v2_parse.c,v - * - * Revision 1.42 2002/01/29 22:25:36 rgb - * Re-add ipsec_kversion.h to keep MALLOC happy. - * - * Revision 1.41 2002/01/29 01:59:10 mcr - * removal of kversions.h - sources that needed it now use ipsec_param.h. - * updating of IPv6 structures to match latest in6.h version. - * removed dead code from freeswan.h that also duplicated kversions.h - * code. - * - * Revision 1.40 2002/01/20 20:34:50 mcr - * added pfkey_v2_sadb_type_string to decode sadb_type to string. - * - * Revision 1.39 2001/11/27 05:29:22 mcr - * pfkey parses are now maintained by a structure - * that includes their name for debug purposes. - * DEBUGGING() macro changed so that it takes a debug - * level so that pf_key() can use this to decode the - * structures without innundanting humans. - * Also uses pfkey_v2_sadb_ext_string() in messages. - * - * Revision 1.38 2001/11/06 19:47:47 rgb - * Added packet parameter to lifetime and comb structures. - * - * Revision 1.37 2001/10/18 04:45:24 rgb - * 2.4.9 kernel deprecates linux/malloc.h in favour of linux/slab.h, - * lib/freeswan.h version macros moved to lib/kversions.h. - * Other compiler directive cleanups. - * - * Revision 1.36 2001/06/14 19:35:16 rgb - * Update copyright date. - * - * Revision 1.35 2001/05/03 19:44:51 rgb - * Standardise on SENDERR() macro. - * - * Revision 1.34 2001/03/16 07:41:51 rgb - * Put freeswan.h include before pluto includes. - * - * Revision 1.33 2001/02/27 07:13:51 rgb - * Added satype2name() function. - * Added text to default satype_tbl entry. - * Added satype2name() conversions for most satype debug output. - * - * Revision 1.32 2001/02/26 20:01:09 rgb - * Added internal IP protocol 61 for magic SAs. - * Ditch unused sadb_satype2proto[], replaced by satype2proto(). - * Re-formatted debug output (split lines, consistent spacing). - * Removed acquire, register and expire requirements for a known satype. - * Changed message type checking to a switch structure. - * Verify expected NULL auth for IPCOMP. - * Enforced spi > 0x100 requirement, now that pass uses a magic SA for - * appropriate message types. - * - * Revision 1.31 2000/12/01 07:09:00 rgb - * Added ipcomp sanity check to require encalgo is set. - * - * Revision 1.30 2000/11/17 18:10:30 rgb - * Fixed bugs mostly relating to spirange, to treat all spi variables as - * network byte order since this is the way PF_KEYv2 stored spis. - * - * Revision 1.29 2000/10/12 00:02:39 rgb - * Removed 'format, ##' nonsense from debug macros for RH7.0. - * - * Revision 1.28 2000/09/20 16:23:04 rgb - * Remove over-paranoid extension check in the presence of sadb_msg_errno. - * - * Revision 1.27 2000/09/20 04:04:21 rgb - * Changed static functions to DEBUG_NO_STATIC to reveal function names in - * oopsen. - * - * Revision 1.26 2000/09/15 11:37:02 rgb - * Merge in heavily modified Svenning Soerensen's <svenning@post5.tele.dk> - * IPCOMP zlib deflate code. - * - * Revision 1.25 2000/09/12 22:35:37 rgb - * Restructured to remove unused extensions from CLEARFLOW messages. - * - * Revision 1.24 2000/09/12 18:59:54 rgb - * Added Gerhard's IPv6 support to pfkey parts of libfreeswan. - * - * Revision 1.23 2000/09/12 03:27:00 rgb - * Moved DEBUGGING definition to compile kernel with debug off. - * - * Revision 1.22 2000/09/09 06:39:27 rgb - * Restrict pfkey errno check to downward messages only. - * - * Revision 1.21 2000/09/08 19:22:34 rgb - * Enabled pfkey_sens_parse(). - * Added check for errno on downward acquire messages only. - * - * Revision 1.20 2000/09/01 18:48:23 rgb - * Fixed reserved check bug and added debug output in - * pfkey_supported_parse(). - * Fixed debug output label bug in pfkey_ident_parse(). - * - * Revision 1.19 2000/08/27 01:55:26 rgb - * Define OCTETBITS and PFKEYBITS to avoid using 'magic' numbers in code. - * - * Revision 1.18 2000/08/24 17:00:36 rgb - * Ignore unknown extensions instead of failing. - * - * Revision 1.17 2000/06/02 22:54:14 rgb - * Added Gerhard Gessler's struct sockaddr_storage mods for IPv6 support. - * - * Revision 1.16 2000/05/10 19:25:11 rgb - * Fleshed out proposal and supported extensions. - * - * Revision 1.15 2000/01/24 21:15:31 rgb - * Added disabled pluto pfkey lib debug flag. - * Added algo debugging reporting. - * - * Revision 1.14 2000/01/22 23:24:29 rgb - * Added new functions proto2satype() and satype2proto() and lookup - * table satype_tbl. Also added proto2name() since it was easy. - * - * Revision 1.13 2000/01/21 09:43:59 rgb - * Cast ntohl(spi) as (unsigned long int) to shut up compiler. - * - * Revision 1.12 2000/01/21 06:28:19 rgb - * Added address cases for eroute flows. - * Indented compiler directives for readability. - * Added klipsdebug switching capability. - * - * Revision 1.11 1999/12/29 21:14:59 rgb - * Fixed debug text cut and paste typo. - * - * Revision 1.10 1999/12/10 17:45:24 rgb - * Added address debugging. - * - * Revision 1.9 1999/12/09 23:11:42 rgb - * Ditched <string.h> include since we no longer use memset(). - * Use new pfkey_extensions_init() instead of memset(). - * Added check for SATYPE in pfkey_msg_build(). - * Tidy up comments and debugging comments. - * - * Revision 1.8 1999/12/07 19:55:26 rgb - * Removed unused first argument from extension parsers. - * Removed static pluto debug flag. - * Moved message type and state checking to pfkey_msg_parse(). - * Changed print[fk] type from lx to x to quiet compiler. - * Removed redundant remain check. - * Changed __u* types to uint* to avoid use of asm/types.h and - * sys/types.h in userspace code. - * - * Revision 1.7 1999/12/01 22:20:51 rgb - * Moved pfkey_lib_debug variable into the library. - * Added pfkey version check into header parsing. - * Added check for SATYPE only for those extensions that require a - * non-zero value. - * - * Revision 1.6 1999/11/27 11:58:05 rgb - * Added ipv6 headers. - * Moved sadb_satype2proto protocol lookup table from - * klips/net/ipsec/pfkey_v2_parser.c. - * Enable lifetime_current checking. - * Debugging error messages added. - * Add argument to pfkey_msg_parse() for direction. - * Consolidated the 4 1-d extension bitmap arrays into one 4-d array. - * Add CVS log entry to bottom of file. - * Moved auth and enc alg check to pfkey_msg_parse(). - * Enable accidentally disabled spirange parsing. - * Moved protocol/algorithm checks from klips/net/ipsec/pfkey_v2_parser.c - * - * Local variables: - * c-file-style: "linux" - * End: - * - */ |