PageRenderTime 42ms CodeModel.GetById 11ms RepoModel.GetById 0ms app.codeStats 0ms

/ike/source/libpfk/libpfk.cpp

#
C++ | 1813 lines | 1202 code | 445 blank | 166 comment | 206 complexity | 6d24ff629381548795c2d7694e1e44ef MD5 | raw file
    

  1. 

    2. 

  2. /*

    3. 

  3.  * Copyright (c) 2007

    4. 

  4.  *      Shrew Soft Inc.  All rights reserved.

    5. 

  5.  *

    6. 

  6.  * Redistribution and use in source and binary forms, with or without

    7. 

  7.  * modification, are permitted provided that the following conditions

    8. 

  8.  * are met:

    9. 

  9.  * 1. Redistributions of source code must retain the above copyright

    10. 

  10.  *    notice, this list of conditions and the following disclaimer.

    11. 

  11.  * 2. Redistributions in binary form must reproduce the above copyright

    12. 

  12.  *    notice, this list of conditions and the following disclaimer in the

    13. 

  13.  *    documentation and/or other materials provided with the distribution.

    14. 

  14.  * 3. Redistributions in any form must be accompanied by information on

    15. 

  15.  *    how to obtain complete source code for the software and any

    16. 

  16.  *    accompanying software that uses the software.  The source code

    17. 

  17.  *    must either be included in the distribution or be available for no

    18. 

  18.  *    more than the cost of distribution plus a nominal fee, and must be

    19. 

  19.  *    freely redistributable under reasonable conditions.  For an

    20. 

  20.  *    executable file, complete source code means the source code for all

    21. 

  21.  *    modules it contains.  It does not include source code for modules or

    22. 

  22.  *    files that typically accompany the major components of the operating

    23. 

  23.  *    system on which the executable file runs.

    24. 

  24.  *

    25. 

  25.  * THIS SOFTWARE IS PROVIDED BY SHREW SOFT INC ``AS IS'' AND ANY EXPRESS

    26. 

  26.  * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED

    27. 

  27.  * WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR

    28. 

  28.  * NON-INFRINGEMENT, ARE DISCLAIMED.  IN NO EVENT SHALL SHREW SOFT INC

    29. 

  29.  * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR

    30. 

  30.  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF

    31. 

  31.  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS

    32. 

  32.  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN

    33. 

  33.  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

    34. 

  34.  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF

    35. 

  35.  * THE POSSIBILITY OF SUCH DAMAGE.

    36. 

  36.  *

    37. 

  37.  * AUTHOR : Matthew Grooms

    38. 

  38.  *          mgrooms@shrew.net

    39. 

  39.  *

    40. 

  40.  */

    41. 

  41. 

    42. 

  42. #include "libpfk.h"

    43. 

  43. 

    44. 

  44. //==============================================================================

    45. 

  45. // message class

    46. 

  46. //==============================================================================

    47. 

  47. 

    48. 

  48. bool _PFKI_MSG::local()

    49. 

  49. {

    50. 

  50. 	return ( ( long ) header.sadb_msg_pid == getpid() );

    51. 

  51. 

    52. 

  52. 	return false;

    53. 

  53. }

    54. 

  54. 

    55. 

  55. //==============================================================================

    56. 

  56. // client interface class

    57. 

  57. //==============================================================================

    58. 

  58. 

    59. 

  59. #ifdef UNIX

    60. 

  60. 

    61. 

  61. long _PFKI::send_message( PFKI_MSG & msg )

    62. 

  62. {

    63. 

  63. 	if( conn == -1 )

    64. 

  64. 		return IPCERR_CLOSED;

    65. 

  65. 

    66. 

  66. 	size_t msg_size = msg.size() + sizeof( sadb_msg );

    67. 

  67. 	msg.header.sadb_msg_len = ( u_int16_t ) PFKEY_UNIT64( msg_size );

    68. 

  68. 	msg.ins( &msg.header, sizeof( msg.header ) );

    69. 

  69. 	msg.size( msg_size );

    70. 

  70. 

    71. 

  71. 	return io_send( msg.buff(), msg_size );

    72. 

  72. }

    73. 

  73. 

    74. 

  74. long _PFKI::recv_message( PFKI_MSG & msg )

    75. 

  75. {

    76. 

  76. 	if( conn == -1 )

    77. 

  77. 		return IPCERR_CLOSED;

    78. 

  78. 

    79. 

  79. 	fd_set fds;

    80. 

  80. 	FD_ZERO( &fds );

    81. 

  81. 	FD_SET( conn, &fds );

    82. 

  82. 	FD_SET( conn_wake[ 0 ], &fds );

    83. 

  83. 

    84. 

  84. 	int max = conn_wake[ 0 ];

    85. 

  85. 	if( max < conn )

    86. 

  86. 		max = conn;

    87. 

  87. 

    88. 

  88. 	if( select( max + 1, &fds, NULL, NULL, NULL ) <= 0 )

    89. 

  89. 		return IPCERR_FAILED;

    90. 

  90. 

    91. 

  91. 	if( FD_ISSET( conn, &fds ) )

    92. 

  92. 	{

    93. 

  93. 		msg.size( sizeof( sadb_msg ) );

    94. 

  94. 		size_t msg_size = msg.size();

    95. 

  95. 

    96. 

  96. 		long result = recv( conn, msg.buff(), msg_size, MSG_PEEK );

    97. 

  97. 		if( result < 0 )

    98. 

  98. 			return IPCERR_FAILED;

    99. 

  99. 

    100. 

  100. 		if( result == 0 )

    101. 

  101. 			return IPCERR_CLOSED;

    102. 

  102. 

    103. 

  103. 		msg.size( result );

    104. 

  104. 

    105. 

  105. 		msg.oset( 0 );

    106. 

  106. 		if( !msg.get( &msg.header, sizeof( sadb_msg ) ) )

    107. 

  107. 			return IPCERR_FAILED;

    108. 

  108. 

    109. 

  109. 		msg_size = PFKEY_UNUNIT64( msg.header.sadb_msg_len );

    110. 

  110. 		msg.size( msg_size );

    111. 

  111. 

    112. 

  112. 		return io_recv( msg.buff(), msg_size );

    113. 

  113.         }

    114. 

  114. 

    115. 

  115.         if( FD_ISSET( conn_wake[ 0 ], &fds ) )

    116. 

  116.         {

    117. 

  117.                 char c;

    118. 

  118.                 recv( conn_wake[ 0 ], &c, 1, 0 );

    119. 

  119. 

    120. 

  120.                 return IPCERR_WAKEUP;

    121. 

  121.         }

    122. 

  122. 

    123. 

  123. 	return IPCERR_NODATA;

    124. 

  124. }

    125. 

  125. 

    126. 

  126. long _PFKI::attach( long timeout )

    127. 

  127. {

    128. 

  128. 	detach();

    129. 

  129. 

    130. 

  130. 	//

    131. 

  131. 	// open our pfkey socket

    132. 

  132. 	//

    133. 

  133. 

    134. 

  134. 	conn = socket( PF_KEY, SOCK_RAW, PF_KEY_V2 );

    135. 

  135. 	if( conn < 0 )

    136. 

  136. 		return IPCERR_FAILED;

    137. 

  137. 

    138. 

  138. 	//

    139. 

  139. 	// set socket buffer size

    140. 

  140. 	//

    141. 

  141. 

    142. 

  142. 	const int buffsize = PFKEY_BUFFSIZE;

    143. 

  143. 	setsockopt( conn, SOL_SOCKET, SO_SNDBUF, &buffsize, sizeof( buffsize ) );

    144. 

  144. 	setsockopt( conn, SOL_SOCKET, SO_RCVBUF, &buffsize, sizeof( buffsize ) );

    145. 

  145. 

    146. 

  146. 	//

    147. 

  147. 	// set socket to non-blocking

    148. 

  148. 	//

    149. 

  149. 

    150. 

  150. 	if( fcntl( conn, F_SETFL, O_NONBLOCK ) == -1 )

    151. 

  151. 		return IPCERR_FAILED;

    152. 

  152. 

    153. 

  153. 	return IPCERR_OK;

    154. 

  154. }

    155. 

  155. 

    156. 

  156. void _PFKI::wakeup()

    157. 

  157. {

    158. 

  158. 	ITH_IPCC::wakeup();

    159. 

  159. }

    160. 

  160. 

    161. 

  161. void _PFKI::detach()

    162. 

  162. {

    163. 

  163. 	if( conn != -1 )

    164. 

  164. 		close( conn );

    165. 

  165. }

    166. 

  166. 

    167. 

  167. #endif

    168. 

  168. 

    169. 

  169. //

    170. 

  170. // PFKI WIN32 Specific

    171. 

  171. //

    172. 

  172. 

    173. 

  173. #ifdef WIN32

    174. 

  174. 

    175. 

  175. long _PFKI::send_message( PFKI_MSG & msg )

    176. 

  176. {

    177. 

  177. 	size_t msg_size = msg.size() + sizeof( sadb_msg );

    178. 

  178. 	msg.header.sadb_msg_len = ( u_int16_t ) PFKEY_UNIT64( msg_size );

    179. 

  179. 	msg.ins( &msg.header, sizeof( msg.header ) );

    180. 

  180. 	msg.size( msg_size );

    181. 

  181. 

    182. 

  182. 	return io_send( msg.buff(), msg_size );

    183. 

  183. }

    184. 

  184. 

    185. 

  185. long _PFKI::recv_message( PFKI_MSG & msg )

    186. 

  186. {

    187. 

  187. 	msg.size( sizeof( sadb_msg ) );

    188. 

  188. 	size_t msg_read = msg.size();

    189. 

  189. 	size_t msg_size = 0;

    190. 

  190. 

    191. 

  191. 	long result = io_recv( msg.buff(), msg_read );

    192. 

  192. 

    193. 

  193. 	if( ( result == IPCERR_OK ) || ( result == IPCERR_BUFFER ) )

    194. 

  194. 	{

    195. 

  195. 		msg.oset( 0 );

    196. 

  196. 		if( !msg.get( &msg.header, sizeof( sadb_msg ) ) )

    197. 

  197. 			return IPCERR_FAILED;

    198. 

  198. 

    199. 

  199. 		msg_size = PFKEY_UNUNIT64( msg.header.sadb_msg_len );

    200. 

  200. 		msg.size( msg_size );

    201. 

  201. 

    202. 

  202. 		result = io_recv( msg.buff() + msg_read, msg_size - msg_read );

    203. 

  203. 	}

    204. 

  204. 

    205. 

  205. 	return result;

    206. 

  206. }

    207. 

  207. 

    208. 

  208. long _PFKI::attach( long timeout )

    209. 

  209. {

    210. 

  210. 	return ITH_IPCC::attach( PFKI_PIPE_NAME, timeout );

    211. 

  211. }

    212. 

  212. 

    213. 

  213. void _PFKI::wakeup()

    214. 

  214. {

    215. 

  215. 	ITH_IPCC::wakeup();

    216. 

  216. }

    217. 

  217. 

    218. 

  218. void _PFKI::detach()

    219. 

  219. {

    220. 

  220. 	ITH_IPCC::detach();

    221. 

  221. }

    222. 

  222. 

    223. 

  223. #endif

    224. 

  224. 

    225. 

  225. const char * _PFKI::name( long type, long value )

    226. 

  226. {

    227. 

  227. 	static const char * unknown = "unknown";

    228. 

  228. 

    229. 

  229. 	switch( type )

    230. 

  230. 	{

    231. 

  231. 		case NAME_MSGTYPE:

    232. 

  232. 		{

    233. 

  233. 			static const char * msgtype_00 = "RESERVED";

    234. 

  234. 			static const char * msgtype_01 = "GETSPI";

    235. 

  235. 			static const char * msgtype_02 = "UPDATE";

    236. 

  236. 			static const char * msgtype_03 = "ADD";

    237. 

  237. 			static const char * msgtype_04 = "DELETE";

    238. 

  238. 			static const char * msgtype_05 = "GET";

    239. 

  239. 			static const char * msgtype_06 = "ACQUIRE";

    240. 

  240. 			static const char * msgtype_07 = "REGISTER";

    241. 

  241. 			static const char * msgtype_08 = "EXPIRE";

    242. 

  242. 			static const char * msgtype_09 = "FLUSH";

    243. 

  243. 			static const char * msgtype_10 = "DUMP";

    244. 

  244. 			static const char * msgtype_11 = "X_PROMISC";

    245. 

  245. 			static const char * msgtype_12 = "X_PCHANGE";

    246. 

  246. 			static const char * msgtype_13 = "X_SPDUPDATE";

    247. 

  247. 			static const char * msgtype_14 = "X_SPDADD";

    248. 

  248. 			static const char * msgtype_15 = "X_SPDDELETE";

    249. 

  249. 			static const char * msgtype_16 = "X_SPDGET";

    250. 

  250. 			static const char * msgtype_17 = "X_SPDACQUIRE";

    251. 

  251. 			static const char * msgtype_18 = "X_SPDDUMP";

    252. 

  252. 			static const char * msgtype_19 = "X_SPDFLUSH";

    253. 

  253. 			static const char * msgtype_20 = "X_SPDSETIDX";

    254. 

  254. 			static const char * msgtype_21 = "X_SPDEXPIRE";

    255. 

  255. 			static const char * msgtype_22 = "X_SPDDELETE2";

    256. 

  256. //			static const char * msgtype_23 = "X_NAT_T_NEW_MAPPING";

    257. 

  257. 

    258. 

  258. 			switch( value )

    259. 

  259. 			{

    260. 

  260. 				case SADB_RESERVED:

    261. 

  261. 					return msgtype_00;

    262. 

  262. 

    263. 

  263. 				case SADB_GETSPI:

    264. 

  264. 					return msgtype_01;

    265. 

  265. 

    266. 

  266. 				case SADB_UPDATE:

    267. 

  267. 					return msgtype_02;

    268. 

  268. 

    269. 

  269. 				case SADB_ADD:

    270. 

  270. 					return msgtype_03;

    271. 

  271. 

    272. 

  272. 				case SADB_DELETE:

    273. 

  273. 					return msgtype_04;

    274. 

  274. 

    275. 

  275. 				case SADB_GET:

    276. 

  276. 					return msgtype_05;

    277. 

  277. 

    278. 

  278. 				case SADB_ACQUIRE:

    279. 

  279. 					return msgtype_06;

    280. 

  280. 

    281. 

  281. 				case SADB_REGISTER:

    282. 

  282. 					return msgtype_07;

    283. 

  283. 

    284. 

  284. 				case SADB_EXPIRE:

    285. 

  285. 					return msgtype_08;

    286. 

  286. 

    287. 

  287. 				case SADB_FLUSH:

    288. 

  288. 					return msgtype_09;

    289. 

  289. 

    290. 

  290. 				case SADB_DUMP:

    291. 

  291. 					return msgtype_10;

    292. 

  292. 

    293. 

  293. 				case SADB_X_PROMISC:

    294. 

  294. 					return msgtype_11;

    295. 

  295. 

    296. 

  296. 				case SADB_X_PCHANGE:

    297. 

  297. 					return msgtype_12;

    298. 

  298. 

    299. 

  299. 				case SADB_X_SPDUPDATE:

    300. 

  300. 					return msgtype_13;

    301. 

  301. 

    302. 

  302. 				case SADB_X_SPDADD:

    303. 

  303. 					return msgtype_14;

    304. 

  304. 

    305. 

  305. 				case SADB_X_SPDDELETE:

    306. 

  306. 					return msgtype_15;

    307. 

  307. 

    308. 

  308. 				case SADB_X_SPDGET:

    309. 

  309. 					return msgtype_16;

    310. 

  310. 

    311. 

  311. 				case SADB_X_SPDACQUIRE:

    312. 

  312. 					return msgtype_17;

    313. 

  313. 

    314. 

  314. 				case SADB_X_SPDDUMP:

    315. 

  315. 					return msgtype_18;

    316. 

  316. 

    317. 

  317. 				case SADB_X_SPDFLUSH:

    318. 

  318. 					return msgtype_19;

    319. 

  319. 

    320. 

  320. 				case SADB_X_SPDSETIDX:

    321. 

  321. 					return msgtype_20;

    322. 

  322. 

    323. 

  323. 				case SADB_X_SPDEXPIRE:

    324. 

  324. 					return msgtype_21;

    325. 

  325. 

    326. 

  326. 				case SADB_X_SPDDELETE2:

    327. 

  327. 					return msgtype_22;

    328. 

  328. 

    329. 

  329. //				case SADB_X_NAT_T_NEW_MAPPING:

    330. 

  330. //					return msgtype_23;

    331. 

  331. 

    332. 

  332. 				default:

    333. 

  333. 					return unknown;

    334. 

  334. 

    335. 

  335. 			}

    336. 

  336. 		}

    337. 

  337. 

    338. 

  338. 		case NAME_SAENCR:

    339. 

  339. 		{

    340. 

  340. 			static const char * encrtype_02 = "DES-CBC";

    341. 

  341. 			static const char * encrtype_03 = "3DES-CBC";

    342. 

  342. 			static const char * encrtype_06 = "CAST128-CBC";

    343. 

  343. 			static const char * encrtype_07 = "BLOWFISH-CBC";

    344. 

  344. 			static const char * encrtype_12 = "AES-CBC";

    345. 

  345. 

    346. 

  346. 			switch( value )

    347. 

  347. 			{

    348. 

  348. 				case SADB_EALG_DESCBC:

    349. 

  349. 					return encrtype_02;

    350. 

  350. 

    351. 

  351. 				case SADB_EALG_3DESCBC:

    352. 

  352. 					return encrtype_03;

    353. 

  353. 

    354. 

  354. 				case SADB_X_EALG_CAST128CBC:

    355. 

  355. 					return encrtype_06;

    356. 

  356. 

    357. 

  357. 				case SADB_X_EALG_BLOWFISHCBC:

    358. 

  358. 					return encrtype_07;

    359. 

  359. 

    360. 

  360. 				case SADB_X_EALG_AESCBC:

    361. 

  361. 					return encrtype_12;

    362. 

  362. 

    363. 

  363. 				default:

    364. 

  364. 					return unknown;

    365. 

  365. 			}

    366. 

  366. 		}

    367. 

  367. 

    368. 

  368. 		case NAME_SACOMP:

    369. 

  369. 		{

    370. 

  370. 			static const char * comptype_01 = "OUI";

    371. 

  371. 			static const char * comptype_02 = "DEFLATE";

    372. 

  372. 			static const char * comptype_03 = "LZS";

    373. 

  373. 

    374. 

  374. 			switch( value )

    375. 

  375. 			{

    376. 

  376. 				case SADB_X_CALG_OUI:

    377. 

  377. 					return comptype_01;

    378. 

  378. 

    379. 

  379. 				case SADB_X_CALG_DEFLATE:

    380. 

  380. 					return comptype_02;

    381. 

  381. 

    382. 

  382. 				case SADB_X_CALG_LZS:

    383. 

  383. 					return comptype_03;

    384. 

  384. 

    385. 

  385. 				default:

    386. 

  386. 					return unknown;

    387. 

  387. 			}

    388. 

  388. 		}

    389. 

  389. 

    390. 

  390. 		case NAME_SAAUTH:

    391. 

  391. 		{

    392. 

  392. 			static const char * authtype_02 = "HMAC-MD5";

    393. 

  393. 			static const char * authtype_03 = "HMAC-SHA1";

    394. 

  394. 

    395. 

  395. 			switch( value )

    396. 

  396. 			{

    397. 

  397. 				case SADB_AALG_MD5HMAC:

    398. 

  398. 					return authtype_02;

    399. 

  399. 

    400. 

  400. 				case SADB_AALG_SHA1HMAC:

    401. 

  401. 					return authtype_03;

    402. 

  402. 

    403. 

  403. 				default:

    404. 

  404. 					return unknown;

    405. 

  405. 			}

    406. 

  406. 		}

    407. 

  407. 

    408. 

  408. 

    409. 

  409. 		case NAME_SATYPE:

    410. 

  410. 		{

    411. 

  411. 			static const char * satype_00 = "UNSPEC";

    412. 

  412. 			static const char * satype_02 = "AH";

    413. 

  413. 			static const char * satype_03 = "ESP";

    414. 

  414. 			static const char * satype_05 = "RSVP";

    415. 

  415. 			static const char * satype_06 = "OSPFV2";

    416. 

  416. 			static const char * satype_07 = "RIPV2";

    417. 

  417. 			static const char * satype_08 = "MIP";

    418. 

  418. 			static const char * satype_09 = "IPCOMP";

    419. 

  419. 			static const char * satype_11 = "TCPSIGNATURE";

    420. 

  420. 

    421. 

  421. 			switch( value )

    422. 

  422. 			{

    423. 

  423. 				case SADB_SATYPE_UNSPEC:

    424. 

  424. 					return satype_00;

    425. 

  425. 

    426. 

  426. 				case SADB_SATYPE_AH:

    427. 

  427. 					return satype_02;

    428. 

  428. 

    429. 

  429. 				case SADB_SATYPE_ESP:

    430. 

  430. 					return satype_03;

    431. 

  431. 

    432. 

  432. 				case SADB_SATYPE_RSVP:

    433. 

  433. 					return satype_05;

    434. 

  434. 

    435. 

  435. 				case SADB_SATYPE_OSPFV2:

    436. 

  436. 					return satype_06;

    437. 

  437. 

    438. 

  438. 				case SADB_SATYPE_RIPV2:

    439. 

  439. 					return satype_07;

    440. 

  440. 

    441. 

  441. 				case SADB_SATYPE_MIP:

    442. 

  442. 					return satype_08;

    443. 

  443. 

    444. 

  444. 				case SADB_X_SATYPE_IPCOMP:

    445. 

  445. 					return satype_09;

    446. 

  446. 

    447. 

  447. //				case SADB_X_SATYPE_TCPSIGNATURE:

    448. 

  448. //					return satype_11;

    449. 

  449. 

    450. 

  450. 				default:

    451. 

  451. 					return unknown;

    452. 

  452. 			}

    453. 

  453. 		}

    454. 

  454. 

    455. 

  455. 		case NAME_SPMODE:

    456. 

  456. 		{

    457. 

  457. 			static const char * plcymode_00 = "ANY";

    458. 

  458. 			static const char * plcymode_01 = "TANSPORT";

    459. 

  459. 			static const char * plcymode_02 = "TUNNEL";

    460. 

  460. 

    461. 

  461. 			switch( value )

    462. 

  462. 			{

    463. 

  463. 				case IPSEC_MODE_ANY:

    464. 

  464. 					return plcymode_00;

    465. 

  465. 

    466. 

  466. 				case IPSEC_MODE_TRANSPORT:

    467. 

  467. 					return plcymode_01;

    468. 

  468. 

    469. 

  469. 				case IPSEC_MODE_TUNNEL:

    470. 

  470. 					return plcymode_02;

    471. 

  471. 

    472. 

  472. 				default:

    473. 

  473. 					return unknown;

    474. 

  474. 			}

    475. 

  475. 		}

    476. 

  476. 

    477. 

  477. 		case NAME_SPTYPE:

    478. 

  478. 		{

    479. 

  479. 			static const char * plcytype_00 = "DISCARD";

    480. 

  480. 			static const char * plcytype_01 = "NONE";

    481. 

  481. 			static const char * plcytype_02 = "IPSEC";

    482. 

  482. 			static const char * plcytype_03 = "ENTRUST";

    483. 

  483. 			static const char * plcytype_04 = "BYPASS";

    484. 

  484. 

    485. 

  485. 			switch( value )

    486. 

  486. 			{

    487. 

  487. 				case IPSEC_POLICY_DISCARD:

    488. 

  488. 					return plcytype_00;

    489. 

  489. 

    490. 

  490. 				case IPSEC_POLICY_NONE:

    491. 

  491. 					return plcytype_01;

    492. 

  492. 

    493. 

  493. 				case IPSEC_POLICY_IPSEC:

    494. 

  494. 					return plcytype_02;

    495. 

  495. 

    496. 

  496. 				case IPSEC_POLICY_ENTRUST:

    497. 

  497. 					return plcytype_03;

    498. 

  498. 

    499. 

  499. 				case IPSEC_POLICY_BYPASS:

    500. 

  500. 					return plcytype_04;

    501. 

  501. 

    502. 

  502. 				default:

    503. 

  503. 					return unknown;

    504. 

  504. 			}

    505. 

  505. 		}

    506. 

  506. 

    507. 

  507. 		case NAME_SPDIR:

    508. 

  508. 		{

    509. 

  509. 			static const char * plcydir_00 = "ANY";

    510. 

  510. 			static const char * plcydir_01 = "INBOUND";

    511. 

  511. 			static const char * plcydir_02 = "OUTBOUND";

    512. 

  512. 			static const char * plcydir_03 = "MAX";

    513. 

  513. 			static const char * plcydir_04 = "INVALID";

    514. 

  514. 

    515. 

  515. 			switch( value )

    516. 

  516. 			{

    517. 

  517. 				case IPSEC_DIR_ANY:

    518. 

  518. 					return plcydir_00;

    519. 

  519. 

    520. 

  520. 				case IPSEC_DIR_INBOUND:

    521. 

  521. 					return plcydir_01;

    522. 

  522. 

    523. 

  523. 				case IPSEC_DIR_OUTBOUND:

    524. 

  524. 					return plcydir_02;

    525. 

  525. 

    526. 

  526. 				case IPSEC_DIR_MAX:

    527. 

  527. 					return plcydir_03;

    528. 

  528. 

    529. 

  529. 				case IPSEC_DIR_INVALID:

    530. 

  530. 					return plcydir_04;

    531. 

  531. 

    532. 

  532. 				default:

    533. 

  533. 					return unknown;

    534. 

  534. 			}

    535. 

  535. 		}

    536. 

  536. 

    537. 

  537. 		case NAME_SPLEVEL:

    538. 

  538. 		{

    539. 

  539. 			static const char * plcylevel_00 = "ANY";

    540. 

  540. 			static const char * plcylevel_01 = "USE";

    541. 

  541. 			static const char * plcylevel_02 = "REQUIRE";

    542. 

  542. 			static const char * plcylevel_03 = "UNIQUE";

    543. 

  543. 

    544. 

  544. 			switch( value )

    545. 

  545. 			{

    546. 

  546. 				case IPSEC_LEVEL_DEFAULT:

    547. 

  547. 					return plcylevel_00;

    548. 

  548. 

    549. 

  549. 				case IPSEC_LEVEL_USE:

    550. 

  550. 					return plcylevel_01;

    551. 

  551. 

    552. 

  552. 				case IPSEC_LEVEL_REQUIRE:

    553. 

  553. 					return plcylevel_02;

    554. 

  554. 

    555. 

  555. 				case IPSEC_LEVEL_UNIQUE:

    556. 

  556. 					return plcylevel_03;

    557. 

  557. 

    558. 

  558. 				default:

    559. 

  559. 					return unknown;

    560. 

  560. 			}

    561. 

  561. 		}

    562. 

  562. 

    563. 

  563. 		case NAME_NTTYPE:

    564. 

  564. 		{

    565. 

  565. 			static const char * nattype_00 = "NONE";

    566. 

  566. 			static const char * nattype_01 = "ESPINUDP-NON-IKE";

    567. 

  567. 			static const char * nattype_02 = "ESPINUDP";

    568. 

  568. 

    569. 

  569. 			switch( value )

    570. 

  570. 			{

    571. 

  571. 				case 0:

    572. 

  572. 					return nattype_00;

    573. 

  573. #ifdef OPT_NATT

    574. 

  574. 				case UDP_ENCAP_ESPINUDP_NON_IKE:

    575. 

  575. 					return nattype_01;

    576. 

  576. 

    577. 

  577. 				case UDP_ENCAP_ESPINUDP:

    578. 

  578. 					return nattype_02;

    579. 

  579. #endif

    580. 

  580. 				default:

    581. 

  581. 					return unknown;

    582. 

  582. 			}

    583. 

  583. 		}

    584. 

  584. 	}

    585. 

  585. 

    586. 

  586. 	return unknown;

    587. 

  587. }

    588. 

  588. 

    589. 

  589. //==============================================================================

    590. 

  590. // buffer management functions

    591. 

  591. //==============================================================================

    592. 

  592. 

    593. 

  593. bool _PFKI::sockaddr_len( int safam, int & salen )

    594. 

  594. {

    595. 

  595. 	switch( safam )

    596. 

  596. 	{

    597. 

  597. 		case AF_INET:

    598. 

  598. 			salen = sizeof( sockaddr_in );

    599. 

  599. 			return true;

    600. 

  600. 	}

    601. 

  601. 

    602. 

  602. 	printf( "XX : address family %i unhandled\n", safam );

    603. 

  603. 

    604. 

  604. 	return false;

    605. 

  605. }

    606. 

  606. 

    607. 

  607. long _PFKI::buff_get_ext( PFKI_MSG & msg, sadb_ext ** ext, long type )

    608. 

  608. {

    609. 

  609. 	unsigned char * buff = msg.buff();

    610. 

  610. 	size_t			size = msg.size();

    611. 

  611. 

    612. 

  612. 	buff += sizeof( sadb_msg );

    613. 

  613. 	size -= sizeof( sadb_msg );

    614. 

  614. 

    615. 

  615. 	while( 1 )

    616. 

  616. 	{

    617. 

  617. 		//

    618. 

  618. 		// make sure the buffer holds

    619. 

  619. 		// enough data to contain an

    620. 

  620. 		// extension header

    621. 

  621. 		//

    622. 

  622. 

    623. 

  623. 		if( long( sizeof( sadb_ext ) ) > size )

    624. 

  624. 		{

    625. 

  625. 			printf( "XX : extension not found\n" );

    626. 

  626. 

    627. 

  627. 			return IPCERR_FAILED;

    628. 

  628. 		}

    629. 

  629. 

    630. 

  630. 		sadb_ext * ext_head = ( sadb_ext * ) buff;

    631. 

  631. 

    632. 

  632. 		//

    633. 

  633. 		// make sure the buffer holds

    634. 

  634. 		// enough data to contain the

    635. 

  635. 		// extension body

    636. 

  636. 		//

    637. 

  637. 

    638. 

  638. 		if( PFKEY_EXTLEN( ext_head ) > size )

    639. 

  639. 		{

    640. 

  640. 			printf( "XX : buffer too small for ext body ( %i bytes )\n",

    641. 

  641. 				PFKEY_EXTLEN( ext_head ) );

    642. 

  642. 

    643. 

  643. 			return IPCERR_FAILED;

    644. 

  644. 		}

    645. 

  645. 

    646. 

  646. 		//

    647. 

  647. 		// stop evaluation if this is

    648. 

  648. 		// the requested extension

    649. 

  649. 		//

    650. 

  650. 

    651. 

  651. 		if( ext_head->sadb_ext_type == type )

    652. 

  652. 		{

    653. 

  653. 			//

    654. 

  654. 			// sainfo the pointers and size

    655. 

  655. 			//

    656. 

  656. 

    657. 

  657. 			*ext = ( sadb_ext * ) buff;

    658. 

  658. 

    659. 

  659. 			break;

    660. 

  660. 		}

    661. 

  661. 

    662. 

  662. 		//

    663. 

  663. 		// move to next extension

    664. 

  664. 		//

    665. 

  665. 

    666. 

  666. 		buff += PFKEY_EXTLEN( ext_head );

    667. 

  667. 		size -= PFKEY_EXTLEN( ext_head );

    668. 

  668. 	}

    669. 

  669. 

    670. 

  670. 	return IPCERR_OK;

    671. 

  671. }

    672. 

  672. 

    673. 

  673. long _PFKI::buff_add_ext( PFKI_MSG & msg, sadb_ext ** ext, long xlen, bool unit64 )

    674. 

  674. {

    675. 

  675. 	size_t oset = msg.size();

    676. 

  676. 	xlen = PFKEY_ALIGN8( xlen );

    677. 

  677. 

    678. 

  678. 	msg.add( 0, xlen );

    679. 

  679. 	*ext = ( sadb_ext * )( msg.buff() + oset );

    680. 

  680. 

    681. 

  681. 	if( unit64 )

    682. 

  682. 		( *ext )->sadb_ext_len = ( u_int16_t ) PFKEY_UNIT64( xlen );

    683. 

  683. 	else

    684. 

  684. 		( *ext )->sadb_ext_len = ( u_int16_t ) xlen;

    685. 

  685. 

    686. 

  686. 	return IPCERR_OK;

    687. 

  687. }

    688. 

  688. 

    689. 

  689. long _PFKI::buff_get_address( sadb_address * ext, PFKI_ADDR & addr )

    690. 

  690. {

    691. 

  691. 	unsigned char * buff = ( unsigned char * ) ext;

    692. 

  692. 	int size = PFKEY_UNUNIT64( ext->sadb_address_len );

    693. 

  693. 

    694. 

  694. 	addr.proto = ext->sadb_address_proto;

    695. 

  695. 	addr.prefix = ext->sadb_address_prefixlen;

    696. 

  696. 

    697. 

  697. 	buff += sizeof( sadb_address );

    698. 

  698. 	size -= sizeof( sadb_address );

    699. 

  699. 

    700. 

  700. 	sockaddr * saddr = ( sockaddr * ) buff;

    701. 

  701. 

    702. 

  702. 	int salen;

    703. 

  703. 	if( !sockaddr_len( saddr->sa_family, salen ) )

    704. 

  704. 		return IPCERR_FAILED;

    705. 

  705. 

    706. 

  706. 	if( size < salen )

    707. 

  707. 	{

    708. 

  708. 		printf( "!! : pfkey address size mismatch\n" );

    709. 

  709. 		return IPCERR_FAILED;

    710. 

  710. 	}

    711. 

  711. 

    712. 

  712. 	memcpy( &addr.saddr, saddr, salen );

    713. 

  713. 

    714. 

  714. 	return IPCERR_OK;

    715. 

  715. }

    716. 

  716. 

    717. 

  717. long _PFKI::buff_set_address( sadb_address * ext, PFKI_ADDR & addr )

    718. 

  718. {

    719. 

  719. 	unsigned char * buff = ( unsigned char * ) ext;

    720. 

  720. 	int size = PFKEY_UNUNIT64( ext->sadb_address_len );

    721. 

  721. 

    722. 

  722. 	ext->sadb_address_proto = addr.proto;

    723. 

  723. 	ext->sadb_address_prefixlen = addr.prefix;

    724. 

  724. 

    725. 

  725. 	buff += sizeof( sadb_address );

    726. 

  726. 	size -= sizeof( sadb_address );

    727. 

  727. 

    728. 

  728. 	int salen;

    729. 

  729. 	if( !sockaddr_len( addr.saddr.sa_family, salen ) )

    730. 

  730. 		return IPCERR_FAILED;

    731. 

  731. 

    732. 

  732. 	if( size < salen )

    733. 

  733. 	{

    734. 

  734. 		printf( "!! : pfkey address size mismatch\n" );

    735. 

  735. 		return IPCERR_FAILED;

    736. 

  736. 	}

    737. 

  737. 

    738. 

  738. 	memcpy( buff, &addr.saddr, salen );

    739. 

  739. 

    740. 

  740. 	return IPCERR_OK;

    741. 

  741. }

    742. 

  742. 

    743. 

  743. long _PFKI::buff_set_key( sadb_key * ext, PFKI_KEY & key )

    744. 

  744. {

    745. 

  745. 	unsigned char * buff = ( unsigned char * ) ext;

    746. 

  746. 	int size = PFKEY_UNUNIT64( ext->sadb_key_len );

    747. 

  747. 

    748. 

  748. 	ext->sadb_key_bits = key.length * 8;

    749. 

  749. 

    750. 

  750. 	buff += sizeof( sadb_key );

    751. 

  751. 	size -= sizeof( sadb_key );

    752. 

  752. 

    753. 

  753. 	if( size < key.length )

    754. 

  754. 	{

    755. 

  755. 		printf( "!! : pfkey key size mismatch ( %i < %i )\n", size, key.length );

    756. 

  756. 		return IPCERR_FAILED;

    757. 

  757. 	}

    758. 

  758. 

    759. 

  759. 	memcpy( buff, key.keydata, key.length );

    760. 

  760. 

    761. 

  761. 	return IPCERR_OK;

    762. 

  762. }

    763. 

  763. 

    764. 

  764. long _PFKI::buff_get_key( sadb_key * ext, PFKI_KEY & key )

    765. 

  765. {

    766. 

  766. 	unsigned char * buff = ( unsigned char * ) ext;

    767. 

  767. 	int size = PFKEY_UNUNIT64( ext->sadb_key_len );

    768. 

  768. 

    769. 

  769. 	buff += sizeof( sadb_key );

    770. 

  770. 	size -= sizeof( sadb_key );

    771. 

  771. 

    772. 

  772. 	if( !ext->sadb_key_bits )

    773. 

  773. 		return IPCERR_FAILED;

    774. 

  774. 

    775. 

  775. 	key.length = ext->sadb_key_bits / 8;

    776. 

  776. 

    777. 

  777. 	if( size < key.length )

    778. 

  778. 	{

    779. 

  779. 		printf( "!! : pfkey key size mismatch ( %i < %i )\n", size, key.length );

    780. 

  780. 		return IPCERR_FAILED;

    781. 

  781. 	}

    782. 

  782. 

    783. 

  783. 	memcpy( key.keydata, buff, key.length );

    784. 

  784. 

    785. 

  785. 	return IPCERR_OK;

    786. 

  786. }

    787. 

  787. 

    788. 

  788. long _PFKI::buff_get_ipsec( sadb_x_policy * ext, PFKI_SPINFO & spinfo )

    789. 

  789. {

    790. 

  790. 	unsigned char * buff = ( unsigned char * ) ext;

    791. 

  791. 	int size = PFKEY_UNUNIT64( ext->sadb_x_policy_len );

    792. 

  792. 

    793. 

  793. 	buff += sizeof( sadb_x_policy );

    794. 

  794. 	size -= sizeof( sadb_x_policy );

    795. 

  795. 

    796. 

  796. 	long xindex = 0;

    797. 

  797. 

    798. 

  798. 	while( size >= long( sizeof( sadb_x_ipsecrequest ) ) )

    799. 

  799. 	{

    800. 

  800. 		sadb_x_ipsecrequest * ipsr = ( sadb_x_ipsecrequest * ) buff;

    801. 

  801. 

    802. 

  802. 		if( xindex >= PFKI_MAX_XFORMS )

    803. 

  803. 			break;

    804. 

  804. 

    805. 

  805. 		spinfo.xforms[ xindex ].proto	= ipsr->sadb_x_ipsecrequest_proto;

    806. 

  806. 		spinfo.xforms[ xindex ].mode	= ipsr->sadb_x_ipsecrequest_mode;

    807. 

  807. 		spinfo.xforms[ xindex ].level	= ipsr->sadb_x_ipsecrequest_level;

    808. 

  808. 		spinfo.xforms[ xindex ].reqid	= ipsr->sadb_x_ipsecrequest_reqid;

    809. 

  809. 

    810. 

  810. 		unsigned char * addr_buff = buff;

    811. 

  811. 		long addr_size = size;

    812. 

  812. 

    813. 

  813. 		addr_buff += sizeof( sadb_x_ipsecrequest );

    814. 

  814. 		addr_size -= sizeof( sadb_x_ipsecrequest );

    815. 

  815. 

    816. 

  816. 		if( addr_size >= 0 )

    817. 

  817. 		{

    818. 

  818. 			sockaddr * saddr_src = ( sockaddr * )( addr_buff );

    819. 

  819. 

    820. 

  820. 			switch( saddr_src->sa_family )

    821. 

  821. 			{

    822. 

  822. 				case AF_INET:

    823. 

  823. 				{

    824. 

  824. 					if( addr_size < long( sizeof( sockaddr_in ) ) )

    825. 

  825. 						break;

    826. 

  826. 

    827. 

  827. 					memcpy(

    828. 

  828. 						&spinfo.xforms[ xindex ].saddr_src,

    829. 

  829. 						saddr_src,

    830. 

  830. 						sizeof( sockaddr_in ) );

    831. 

  831. 

    832. 

  832. 					addr_buff += sizeof( sockaddr_in );

    833. 

  833. 					addr_size -= sizeof( sockaddr_in );

    834. 

  834. 				}

    835. 

  835. 			}

    836. 

  836. 

    837. 

  837. 			sockaddr * saddr_dst = ( sockaddr * )( addr_buff );

    838. 

  838. 

    839. 

  839. 			switch( saddr_dst->sa_family )

    840. 

  840. 			{

    841. 

  841. 				case AF_INET:

    842. 

  842. 				{

    843. 

  843. 					if( addr_size < long( sizeof( sockaddr_in ) ) )

    844. 

  844. 						break;

    845. 

  845. 

    846. 

  846. 					memcpy(

    847. 

  847. 						&spinfo.xforms[ xindex ].saddr_dst,

    848. 

  848. 						saddr_dst,

    849. 

  849. 						sizeof( sockaddr_in ) );

    850. 

  850. 

    851. 

  851. 					addr_buff += sizeof( sockaddr_in );

    852. 

  852. 					addr_size -= sizeof( sockaddr_in );

    853. 

  853. 				}

    854. 

  854. 			}

    855. 

  855. 		}

    856. 

  856. 

    857. 

  857. 		buff += ipsr->sadb_x_ipsecrequest_len;

    858. 

  858. 		size -= ipsr->sadb_x_ipsecrequest_len;

    859. 

  859. 

    860. 

  860. 		xindex++;

    861. 

  861. 	}

    862. 

  862. 

    863. 

  863. 	return IPCERR_OK;

    864. 

  864. }

    865. 

  865. 

    866. 

  866. long _PFKI::buff_add_ipsec( PFKI_MSG & msg, PFKI_SPINFO & spinfo )

    867. 

  867. {

    868. 

  868. 	size_t size = sizeof( sadb_x_policy );

    869. 

  869. 	size_t oset = msg.size() - size;

    870. 

  870. 

    871. 

  871. 	long result;

    872. 

  872. 

    873. 

  873. 	long xindex = 0;

    874. 

  874. 

    875. 

  875. 	while( spinfo.xforms[ xindex ].proto )

    876. 

  876. 	{

    877. 

  877. 		if( xindex >= PFKI_MAX_XFORMS )

    878. 

  878. 			break;

    879. 

  879. 

    880. 

  880. 		long ext_size = sizeof( sadb_x_ipsecrequest );

    881. 

  881. 

    882. 

  882. 		int salen_src = 0;

    883. 

  883. 		int salen_dst = 0;

    884. 

  884. 

    885. 

  885. 		if( spinfo.xforms[ xindex ].mode == IPSEC_MODE_TUNNEL )

    886. 

  886. 		{

    887. 

  887. 			if( !sockaddr_len( spinfo.xforms[ xindex ].saddr_src.sa_family, salen_src ) )

    888. 

  888. 				return IPCERR_FAILED;

    889. 

  889. 

    890. 

  890. 			if( !sockaddr_len( spinfo.xforms[ xindex ].saddr_dst.sa_family, salen_dst ) )

    891. 

  891. 				return IPCERR_FAILED;

    892. 

  892. 

    893. 

  893. 			if( salen_src != salen_dst )

    894. 

  894. 				return IPCERR_FAILED;

    895. 

  895. 

    896. 

  896. 			ext_size += ( salen_src + salen_dst );

    897. 

  897. 		}

    898. 

  898. 

    899. 

  899. 		sadb_x_ipsecrequest * ipsr;

    900. 

  900. 

    901. 

  901. 		result = buff_add_ext( msg, ( sadb_ext ** ) &ipsr, ext_size, false );

    902. 

  902. 		if( result != IPCERR_OK )

    903. 

  903. 			return result;

    904. 

  904. 

    905. 

  905. 		ipsr->sadb_x_ipsecrequest_proto	= spinfo.xforms[ xindex ].proto;

    906. 

  906. 		ipsr->sadb_x_ipsecrequest_mode	= spinfo.xforms[ xindex ].mode;

    907. 

  907. 		ipsr->sadb_x_ipsecrequest_level	= spinfo.xforms[ xindex ].level;

    908. 

  908. 		ipsr->sadb_x_ipsecrequest_reqid	= spinfo.xforms[ xindex ].reqid;

    909. 

  909. 

    910. 

  910. 		unsigned char * ext_buff = ( unsigned char * ) ipsr;

    911. 

  911. 

    912. 

  912. 		ext_buff += sizeof( sadb_x_ipsecrequest );

    913. 

  913. 

    914. 

  914. 		if( salen_src )

    915. 

  915. 			memcpy( ext_buff, &spinfo.xforms[ xindex ].saddr_src, salen_src );

    916. 

  916. 

    917. 

  917. 		ext_buff += salen_src;

    918. 

  918. 

    919. 

  919. 		if( salen_dst )

    920. 

  920. 			memcpy( ext_buff, &spinfo.xforms[ xindex ].saddr_dst, salen_dst );

    921. 

  921. 

    922. 

  922. 		size += ext_size;

    923. 

  923. 

    924. 

  924. 		xindex++;

    925. 

  925. 	}

    926. 

  926. 

    927. 

  927. 	//

    928. 

  928. 	// reset the policy size

    929. 

  929. 	//

    930. 

  930. 

    931. 

  931. 	unsigned char * buff = msg.buff() + oset;

    932. 

  932. 	sadb_x_policy * xpl = ( sadb_x_policy * ) buff;

    933. 

  933. 	xpl->sadb_x_policy_len = ( u_int16_t ) PFKEY_UNIT64( size );

    934. 

  934. 

    935. 

  935. 	return IPCERR_OK;

    936. 

  936. }

    937. 

  937. 

    938. 

  938. //==============================================================================

    939. 

  939. // message handler functions

    940. 

  940. //==============================================================================

    941. 

  941. 

    942. 

  942. long _PFKI::send_sainfo( u_int8_t sadb_msg_type, PFKI_SAINFO & sainfo, bool serv )

    943. 

  943. {

    944. 

  944. 	PFKI_MSG msg;

    945. 

  945. 

    946. 

  946. 	sadb_sa * xsa;

    947. 

  947. 	sadb_x_sa2 * xsa2;

    948. 

  948. 	sadb_address *xas, *xad;

    949. 

  949. 	sadb_lifetime *xlh, *xls, *xlc;

    950. 

  950. 	sadb_key *xke, *xka;

    951. 

  951. 	sadb_spirange *xsr;

    952. 

  952. 

    953. 

  953. 	long result;

    954. 

  954. 

    955. 

  955. 	//

    956. 

  956. 	// sa extension

    957. 

  957. 	//

    958. 

  958. 

    959. 

  959. 	switch( sadb_msg_type )

    960. 

  960. 	{

    961. 

  961. 		case SADB_DUMP:

    962. 

  962. 		case SADB_ADD:

    963. 

  963. 		case SADB_GET:

    964. 

  964. 		case SADB_DELETE:

    965. 

  965. 		case SADB_GETSPI:

    966. 

  966. 		case SADB_UPDATE:

    967. 

  967. 

    968. 

  968. 			if( ( sadb_msg_type == SADB_DUMP ) && !serv )

    969. 

  969. 				break;

    970. 

  970. 

    971. 

  971. 			if( ( sadb_msg_type == SADB_GETSPI ) && !serv )

    972. 

  972. 				break;

    973. 

  973. 

    974. 

  974. 			result = buff_add_ext( msg, ( sadb_ext ** ) &xsa, sizeof( sadb_sa ) );

    975. 

  975. 			if( result != IPCERR_OK )

    976. 

  976. 				return result;

    977. 

  977. 

    978. 

  978. 			xsa->sadb_sa_exttype = SADB_EXT_SA;

    979. 

  979. 			xsa->sadb_sa_spi = sainfo.sa.spi;

    980. 

  980. 			xsa->sadb_sa_replay = sainfo.sa.replay;

    981. 

  981. 			xsa->sadb_sa_state = sainfo.sa.state;

    982. 

  982. 			xsa->sadb_sa_auth = sainfo.sa.auth;

    983. 

  983. 			xsa->sadb_sa_encrypt = sainfo.sa.encrypt;

    984. 

  984. 			xsa->sadb_sa_flags = sainfo.sa.flags;

    985. 

  985. 

    986. 

  986. 			break;

    987. 

  987. 	}

    988. 

  988. 

    989. 

  989. 	if( sainfo.error )

    990. 

  990. 		goto sainfo_error;

    991. 

  991. 

    992. 

  992. 	//

    993. 

  993. 	// sa2 extension

    994. 

  994. 	//

    995. 

  995. 

    996. 

  996. 	switch( sadb_msg_type )

    997. 

  997. 	{

    998. 

  998. 		case SADB_DUMP:

    999. 

  999. 		case SADB_ADD:

    1000. 

  1000. 		case SADB_GET:

    1001. 

  1001. 		case SADB_GETSPI:

    1002. 

  1002. 		case SADB_UPDATE:

    1003. 

  1003. 

    1004. 

  1004. 			if( ( sadb_msg_type == SADB_DUMP ) && !serv )

    1005. 

  1005. 				break;

    1006. 

  1006. 

    1007. 

  1007. 			if( ( sadb_msg_type == SADB_GET ) && !serv )

    1008. 

  1008. 				break;

    1009. 

  1009. 

    1010. 

  1010. 			if( ( sadb_msg_type == SADB_GETSPI ) && serv )

    1011. 

  1011. 				break;

    1012. 

  1012. 

    1013. 

  1013. 			result = buff_add_ext( msg, ( sadb_ext ** ) &xsa2, sizeof( sadb_x_sa2 ) );

    1014. 

  1014. 			if( result != IPCERR_OK )

    1015. 

  1015. 				return result;

    1016. 

  1016. 

    1017. 

  1017. 			xsa2->sadb_x_sa2_exttype = SADB_X_EXT_SA2;

    1018. 

  1018. 			xsa2->sadb_x_sa2_mode = sainfo.sa2.mode;

    1019. 

  1019. 			xsa2->sadb_x_sa2_reqid = sainfo.sa2.reqid;

    1020. 

  1020. 			xsa2->sadb_x_sa2_sequence = sainfo.sa2.sequence;

    1021. 

  1021. 

    1022. 

  1022. 			break;

    1023. 

  1023. 	}

    1024. 

  1024. 

    1025. 

  1025. 	//

    1026. 

  1026. 	// address extensions

    1027. 

  1027. 	//

    1028. 

  1028. 

    1029. 

  1029. 	switch( sadb_msg_type )

    1030. 

  1030. 	{

    1031. 

  1031. 		case SADB_DUMP:

    1032. 

  1032. 		case SADB_ADD:

    1033. 

  1033. 		case SADB_GET:

    1034. 

  1034. 		case SADB_DELETE:

    1035. 

  1035. 		case SADB_GETSPI:

    1036. 

  1036. 		case SADB_UPDATE:

    1037. 

  1037. 

    1038. 

  1038. 			if( ( sadb_msg_type == SADB_DUMP ) && !serv )

    1039. 

  1039. 				break;

    1040. 

  1040. 

    1041. 

  1041. 			if( ( sadb_msg_type == SADB_GET ) && !serv )

    1042. 

  1042. 				break;

    1043. 

  1043. 

    1044. 

  1044. 			int salen_src;

    1045. 

  1045. 			if( !sockaddr_len( sainfo.paddr_src.saddr.sa_family, salen_src ) )

    1046. 

  1046. 				return IPCERR_FAILED;

    1047. 

  1047. 

    1048. 

  1048. 			result = buff_add_ext( msg, ( sadb_ext ** ) &xas, sizeof( sadb_address ) + salen_src );

    1049. 

  1049. 			if( result != IPCERR_OK )

    1050. 

  1050. 				return result;

    1051. 

  1051. 

    1052. 

  1052. 			xas->sadb_address_exttype = SADB_EXT_ADDRESS_SRC;

    1053. 

  1053. 			result = buff_set_address( xas, sainfo.paddr_src );

    1054. 

  1054. 			if( result != IPCERR_OK )

    1055. 

  1055. 				return result;

    1056. 

  1056. 

    1057. 

  1057. 			int salen_dst;

    1058. 

  1058. 			if( !sockaddr_len( sainfo.paddr_dst.saddr.sa_family, salen_dst ) )

    1059. 

  1059. 				return IPCERR_FAILED;

    1060. 

  1060. 

    1061. 

  1061. 			result = buff_add_ext( msg, ( sadb_ext ** ) &xad, sizeof( sadb_address ) + salen_dst );

    1062. 

  1062. 			if( result != IPCERR_OK )

    1063. 

  1063. 				return result;

    1064. 

  1064. 

    1065. 

  1065. 			xad->sadb_address_exttype = SADB_EXT_ADDRESS_DST;

    1066. 

  1066. 			result = buff_set_address( xad, sainfo.paddr_dst );

    1067. 

  1067. 			if( result != IPCERR_OK )

    1068. 

  1068. 				return result;

    1069. 

  1069. 

    1070. 

  1070. 			break;

    1071. 

  1071. 	}

    1072. 

  1072. 

    1073. 

  1073. 	//

    1074. 

  1074. 	// soft and hard lifetime extensions

    1075. 

  1075. 	//

    1076. 

  1076. 

    1077. 

  1077. 	switch( sadb_msg_type )

    1078. 

  1078. 	{

    1079. 

  1079. 		case SADB_DUMP:

    1080. 

  1080. 		case SADB_ADD:

    1081. 

  1081. 		case SADB_GET:

    1082. 

  1082. 		case SADB_UPDATE:

    1083. 

  1083. 

    1084. 

  1084. 			if( ( sadb_msg_type == SADB_DUMP ) && !serv )

    1085. 

  1085. 				break;

    1086. 

  1086. 

    1087. 

  1087. 			if( ( sadb_msg_type == SADB_GET ) && !serv )

    1088. 

  1088. 				break;

    1089. 

  1089. 

    1090. 

  1090. 			result = buff_add_ext( msg, ( sadb_ext ** ) &xlh, sizeof( sadb_lifetime ) );

    1091. 

  1091. 			if( result != IPCERR_OK )

    1092. 

  1092. 				return result;

    1093. 

  1093. 

    1094. 

  1094. 			xlh->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD;

    1095. 

  1095. 			xlh->sadb_lifetime_allocations = sainfo.ltime_hard.allocations;

    1096. 

  1096. 			xlh->sadb_lifetime_bytes = sainfo.ltime_hard.bytes;

    1097. 

  1097. 			xlh->sadb_lifetime_addtime = sainfo.ltime_hard.addtime;

    1098. 

  1098. 			xlh->sadb_lifetime_usetime = sainfo.ltime_hard.usetime;

    1099. 

  1099. 

    1100. 

  1100. 			result = buff_add_ext( msg, ( sadb_ext ** ) &xls, sizeof( sadb_lifetime ) );

    1101. 

  1101. 			if( result != IPCERR_OK )

    1102. 

  1102. 				return result;

    1103. 

  1103. 

    1104. 

  1104. 			xls->sadb_lifetime_exttype = SADB_EXT_LIFETIME_SOFT;

    1105. 

  1105. 			xls->sadb_lifetime_allocations = sainfo.ltime_soft.allocations;

    1106. 

  1106. 			xls->sadb_lifetime_bytes = sainfo.ltime_soft.bytes;

    1107. 

  1107. 			xls->sadb_lifetime_addtime = sainfo.ltime_soft.addtime;

    1108. 

  1108. 			xls->sadb_lifetime_usetime = sainfo.ltime_soft.usetime;

    1109. 

  1109. 

    1110. 

  1110. 			break;

    1111. 

  1111. 	}

    1112. 

  1112. 

    1113. 

  1113. 	//

    1114. 

  1114. 	// current lifetime extension

    1115. 

  1115. 	//

    1116. 

  1116. 

    1117. 

  1117. 	switch( sadb_msg_type )

    1118. 

  1118. 	{

    1119. 

  1119. 		case SADB_DUMP:

    1120. 

  1120. 		case SADB_ADD:

    1121. 

  1121. 		case SADB_GET:

    1122. 

  1122. 		case SADB_UPDATE:

    1123. 

  1123. 

    1124. 

  1124. 			if( ( sadb_msg_type == SADB_DUMP ) && !serv )

    1125. 

  1125. 				break;

    1126. 

  1126. 

    1127. 

  1127. 			if( ( sadb_msg_type == SADB_GET ) && !serv )

    1128. 

  1128. 				break;

    1129. 

  1129. 

    1130. 

  1130. 			result = buff_add_ext( msg, ( sadb_ext ** ) &xlc, sizeof( sadb_lifetime ) );

    1131. 

  1131. 			if( result != IPCERR_OK )

    1132. 

  1132. 				return result;

    1133. 

  1133. 

    1134. 

  1134. 			xlc->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;

    1135. 

  1135. 			xlc->sadb_lifetime_allocations = sainfo.ltime_curr.allocations;

    1136. 

  1136. 			xlc->sadb_lifetime_bytes = sainfo.ltime_curr.bytes;

    1137. 

  1137. 			xlc->sadb_lifetime_addtime = sainfo.ltime_curr.addtime;

    1138. 

  1138. 			xlc->sadb_lifetime_usetime = sainfo.ltime_curr.usetime;

    1139. 

  1139. 

    1140. 

  1140. 			break;

    1141. 

  1141. 	}

    1142. 

  1142. 

    1143. 

  1143. 	//

    1144. 

  1144. 	// key data extension

    1145. 

  1145. 	//

    1146. 

  1146. 

    1147. 

  1147. 	switch( sadb_msg_type )

    1148. 

  1148. 	{

    1149. 

  1149. 		case SADB_DUMP:

    1150. 

  1150. 		case SADB_ADD:

    1151. 

  1151. 		case SADB_GET:

    1152. 

  1152. 		case SADB_UPDATE:

    1153. 

  1153. 

    1154. 

  1154. 			if( ( sadb_msg_type == SADB_DUMP ) && !serv )

    1155. 

  1155. 				break;

    1156. 

  1156. 

    1157. 

  1157. 			if( ( sadb_msg_type == SADB_GET ) && !serv )

    1158. 

  1158. 				break;

    1159. 

  1159. 

    1160. 

  1160. 			if( sainfo.ekey.length )

    1161. 

  1161. 			{

    1162. 

  1162. 				result = buff_add_ext( msg, ( sadb_ext ** ) &xke, sizeof( sadb_key ) + sainfo.ekey.length );

    1163. 

  1163. 				if( result != IPCERR_OK )

    1164. 

  1164. 					return result;

    1165. 

  1165. 

    1166. 

  1166. 				xke->sadb_key_exttype = SADB_EXT_KEY_ENCRYPT;

    1167. 

  1167. 				result = buff_set_key( xke, sainfo.ekey );

    1168. 

  1168. 				if( result != IPCERR_OK )

    1169. 

  1169. 					return result;

    1170. 

  1170. 			}

    1171. 

  1171. 

    1172. 

  1172. 			if( sainfo.akey.length )

    1173. 

  1173. 			{

    1174. 

  1174. 				result = buff_add_ext( msg, ( sadb_ext ** ) &xka, sizeof( sadb_key ) + sainfo.akey.length );

    1175. 

  1175. 				if( result != IPCERR_OK )

    1176. 

  1176. 					return result;

    1177. 

  1177. 

    1178. 

  1178. 				xka->sadb_key_exttype = SADB_EXT_KEY_AUTH;

    1179. 

  1179. 				result = buff_set_key( xka, sainfo.akey );

    1180. 

  1180. 				if( result != IPCERR_OK )

    1181. 

  1181. 					return result;

    1182. 

  1182. 			}

    1183. 

  1183. 

    1184. 

  1184. 			break;

    1185. 

  1185. 	}

    1186. 

  1186. 

    1187. 

  1187. #ifdef OPT_NATT

    1188. 

  1188. 

    1189. 

  1189. 	//

    1190. 

  1190. 	// natt extension

    1191. 

  1191. 	//

    1192. 

  1192. 

    1193. 

  1193. 	switch( sadb_msg_type )

    1194. 

  1194. 	{

    1195. 

  1195. 		case SADB_DUMP:

    1196. 

  1196. 		case SADB_ADD:

    1197. 

  1197. 		case SADB_GET:

    1198. 

  1198. 		case SADB_UPDATE:

    1199. 

  1199. 

    1200. 

  1200. 			if( ( sadb_msg_type == SADB_DUMP ) && !serv )

    1201. 

  1201. 				break;

    1202. 

  1202. 

    1203. 

  1203. 			if( ( sadb_msg_type == SADB_GET ) && !serv )

    1204. 

  1204. 				break;

    1205. 

  1205. 

    1206. 

  1206. 			if( sainfo.natt.type )

    1207. 

  1207. 			{

    1208. 

  1208. 				sadb_x_nat_t_type *xnt;

    1209. 

  1209. 				sadb_x_nat_t_port *xnps, *xnpd;

    1210. 

  1210. 

    1211. 

  1211. 				result = buff_add_ext( msg, ( sadb_ext ** ) &xnt, sizeof( sadb_x_nat_t_type ) );

    1212. 

  1212. 				if( result != IPCERR_OK )

    1213. 

  1213. 					return result;

    1214. 

  1214. 

    1215. 

  1215. 				xnt->sadb_x_nat_t_type_exttype = SADB_X_EXT_NAT_T_TYPE;

    1216. 

  1216. 				xnt->sadb_x_nat_t_type_type = sainfo.natt.type;

    1217. 

  1217. 

    1218. 

  1218. 				result = buff_add_ext( msg, ( sadb_ext ** ) &xnps, sizeof( sadb_x_nat_t_port ) );

    1219. 

  1219. 				if( result != IPCERR_OK )

    1220. 

  1220. 					return result;

    1221. 

  1221. 

    1222. 

  1222. 				xnps->sadb_x_nat_t_port_exttype = SADB_X_EXT_NAT_T_SPORT;

    1223. 

  1223. 				xnps->sadb_x_nat_t_port_port = sainfo.natt.port_src;

    1224. 

  1224. 

    1225. 

  1225. 				result = buff_add_ext( msg, ( sadb_ext ** ) &xnpd, sizeof( sadb_x_nat_t_port ) );

    1226. 

  1226. 				if( result != IPCERR_OK )

    1227. 

  1227. 					return result;

    1228. 

  1228. 

    1229. 

  1229. 				xnpd->sadb_x_nat_t_port_exttype = SADB_X_EXT_NAT_T_DPORT;

    1230. 

  1230. 				xnpd->sadb_x_nat_t_port_port = sainfo.natt.port_dst;

    1231. 

  1231. 			}

    1232. 

  1232. 

    1233. 

  1233. 			break;

    1234. 

  1234. 	}

    1235. 

  1235. 

    1236. 

  1236. #endif

    1237. 

  1237. 

    1238. 

  1238. 	//

    1239. 

  1239. 	// spi range extension

    1240. 

  1240. 	//

    1241. 

  1241. 

    1242. 

  1242. 	switch( sadb_msg_type )

    1243. 

  1243. 	{

    1244. 

  1244. 		case SADB_GETSPI:

    1245. 

  1245. 

    1246. 

  1246. 			if( sainfo.range.min || sainfo.range.max )

    1247. 

  1247. 			{

    1248. 

  1248. 				result = buff_add_ext( msg, ( sadb_ext ** ) &xsr, sizeof( sadb_spirange ) );

    1249. 

  1249. 				if( result != IPCERR_OK )

    1250. 

  1250. 					return result;

    1251. 

  1251. 				

    1252. 

  1252. 				xsr->sadb_spirange_exttype = SADB_EXT_SPIRANGE;

    1253. 

  1253. 				xsr->sadb_spirange_min = sainfo.range.min;

    1254. 

  1254. 				xsr->sadb_spirange_max = sainfo.range.max;

    1255. 

  1255. 			}

    1256. 

  1256. 

    1257. 

  1257. 			break;

    1258. 

  1258. 	}

    1259. 

  1259. 

    1260. 

  1260. 	sainfo_error:

    1261. 

  1261. 

    1262. 

  1262. 	if( !serv )

    1263. 

  1263. 		sainfo.pid = getpid();

    1264. 

  1264. 

    1265. 

  1265. 	msg.header.sadb_msg_version = PF_KEY_V2;

    1266. 

  1266. 	msg.header.sadb_msg_type = sadb_msg_type;

    1267. 

  1267. 	msg.header.sadb_msg_errno = sainfo.error;

    1268. 

  1268. 	msg.header.sadb_msg_satype = sainfo.satype;

    1269. 

  1269. 	msg.header.sadb_msg_reserved = 0;

    1270. 

  1270. 	msg.header.sadb_msg_seq = sainfo.seq;

    1271. 

  1271. 	msg.header.sadb_msg_pid = sainfo.pid;

    1272. 

  1272. 

    1273. 

  1273. 	return send_message( msg );

    1274. 

  1274. }

    1275. 

  1275. 

    1276. 

  1276. long _PFKI::send_spinfo( u_int8_t sadb_msg_type, PFKI_SPINFO & spinfo, bool serv )

    1277. 

  1277. {

    1278. 

  1278. 	PFKI_MSG msg;

    1279. 

  1279. 

    1280. 

  1280. 	sadb_x_policy * xpl;

    1281. 

  1281. 	sadb_address *xas, *xad;

    1282. 

  1282. 

    1283. 

  1283. 	long result;

    1284. 

  1284. 

    1285. 

  1285. 	if( spinfo.error )

    1286. 

  1286. 		goto spinfo_error;

    1287. 

  1287. 

    1288. 

  1288. 	//

    1289. 

  1289. 	// sp extension

    1290. 

  1290. 	//

    1291. 

  1291. 

    1292. 

  1292. 	switch( sadb_msg_type )

    1293. 

  1293. 	{

    1294. 

  1294. 		case SADB_ACQUIRE:

    1295. 

  1295. 		case SADB_X_SPDDUMP:

    1296. 

  1296. 		case SADB_X_SPDADD:

    1297. 

  1297. 		case SADB_X_SPDDELETE2:

    1298. 

  1298. 

    1299. 

  1299. 			if( ( sadb_msg_type == SADB_X_SPDDUMP ) && !serv )

    1300. 

  1300. 				break;

    1301. 

  1301. 

    1302. 

  1302. 			result = buff_add_ext( msg, ( sadb_ext ** ) &xpl, sizeof( sadb_x_policy ) );

    1303. 

  1303. 			if( result != IPCERR_OK )

    1304. 

  1304. 				return result;

    1305. 

  1305. 

    1306. 

  1306. 			xpl->sadb_x_policy_exttype = SADB_X_EXT_POLICY;

    1307. 

  1307. 			xpl->sadb_x_policy_type = spinfo.sp.type;

    1308. 

  1308. 			xpl->sadb_x_policy_id = spinfo.sp.id;

    1309. 

  1309. 			xpl->sadb_x_policy_dir = spinfo.sp.dir;

    1310. 

  1310. 

    1311. 

  1311. 			if( spinfo.sp.type == IPSEC_POLICY_IPSEC )

    1312. 

  1312. 			{

    1313. 

  1313. 				result = buff_add_ipsec( msg, spinfo );

    1314. 

  1314. 				if( result != IPCERR_OK )

    1315. 

  1315. 					return result;

    1316. 

  1316. 			}

    1317. 

  1317. 

    1318. 

  1318. 			break;

    1319. 

  1319. 	}

    1320. 

  1320. 

    1321. 

  1321. 	//

    1322. 

  1322. 	// address extensions

    1323. 

  1323. 	//

    1324. 

  1324. 

    1325. 

  1325. 	switch( sadb_msg_type )

    1326. 

  1326. 	{

    1327. 

  1327. 		case SADB_ACQUIRE:

    1328. 

  1328. 		case SADB_X_SPDDUMP:

    1329. 

  1329. 		case SADB_X_SPDADD:

    1330. 

  1330. 

    1331. 

  1331. 			if( ( sadb_msg_type == SADB_X_SPDDUMP ) && !serv )

    1332. 

  1332. 				break;

    1333. 

  1333. 

    1334. 

  1334. 			int salen_src;

    1335. 

  1335. 			if( !sockaddr_len( spinfo.paddr_src.saddr.sa_family, salen_src ) )

    1336. 

  1336. 				return IPCERR_FAILED;

    1337. 

  1337. 

    1338. 

  1338. 			result = buff_add_ext( msg, ( sadb_ext ** ) &xas, sizeof( sadb_address ) + salen_src );

    1339. 

  1339. 			if( result != IPCERR_OK )

    1340. 

  1340. 				return result;

    1341. 

  1341. 

    1342. 

  1342. 			xas->sadb_address_exttype = SADB_EXT_ADDRESS_SRC;

    1343. 

  1343. 			result = buff_set_address( xas, spinfo.paddr_src );

    1344. 

  1344. 			if( result != IPCERR_OK )

    1345. 

  1345. 				return result;

    1346. 

  1346. 

    1347. 

  1347. 			int salen_dst;

    1348. 

  1348. 			if( !sockaddr_len( spinfo.paddr_dst.saddr.sa_family, salen_dst ) )

    1349. 

  1349. 				return IPCERR_FAILED;

    1350. 

  1350. 

    1351. 

  1351. 			result = buff_add_ext( msg, ( sadb_ext ** ) &xad, sizeof( sadb_address ) + salen_dst );

    1352. 

  1352. 			if( result != IPCERR_OK )

    1353. 

  1353. 				return result;

    1354. 

  1354. 

    1355. 

  1355. 			xad->sadb_address_exttype = SADB_EXT_ADDRESS_DST;

    1356. 

  1356. 			result = buff_set_address( xad, spinfo.paddr_dst );

    1357. 

  1357. 			if( result != IPCERR_OK )

    1358. 

  1358. 				return result;

    1359. 

  1359. 

    1360. 

  1360. 			break;

    1361. 

  1361. 	}

    1362. 

  1362. 

    1363. 

  1363. 	spinfo_error:

    1364. 

  1364. 

    1365. 

  1365. 	if( !serv )

    1366. 

  1366. 		spinfo.pid = getpid();

    1367. 

  1367. 

    1368. 

  1368. 	msg.header.sadb_msg_version = PF_KEY_V2;

    1369. 

  1369. 	msg.header.sadb_msg_type = sadb_msg_type;

    1370. 

  1370. 	msg.header.sadb_msg_errno = spinfo.error;

    1371. 

  1371. 	msg.header.sadb_msg_satype = SADB_SATYPE_UNSPEC;

    1372. 

  1372. 	msg.header.sadb_msg_reserved = 0;

    1373. 

  1373. 	msg.header.sadb_msg_seq = spinfo.seq;

    1374. 

  1374. 	msg.header.sadb_msg_pid = spinfo.pid;

    1375. 

  1375. 

    1376. 

  1376. 	return send_message( msg );

    1377. 

  1377. }

    1378. 

  1378. 

    1379. 

  1379. //

    1380. 

  1380. // extension functions

    1381. 

  1381. //

    1382. 

  1382. 

    1383. 

  1383. long _PFKI::read_sa( PFKI_MSG & msg, PFKI_SA & sa )

    1384. 

  1384. {

    1385. 

  1385. 	//

    1386. 

  1386. 	// read policy extension

    1387. 

  1387. 	//

    1388. 

  1388. 

    1389. 

  1389. 	sadb_sa * xsa;

    1390. 

  1390. 

    1391. 

  1391. 	long result = buff_get_ext( msg, ( sadb_ext ** ) &xsa, SADB_EXT_SA );

    1392. 

  1392. 	if( result != IPCERR_OK )

    1393. 

  1393. 		return result;

    1394. 

  1394. 

    1395. 

  1395. 	sa.spi		= xsa->sadb_sa_spi;

    1396. 

  1396. 	sa.replay	= xsa->sadb_sa_replay;

    1397. 

  1397. 	sa.state	= xsa->sadb_sa_state;

    1398. 

  1398. 	sa.auth		= xsa->sadb_sa_auth;

    1399. 

  1399. 	sa.encrypt	= xsa->sadb_sa_encrypt;

    1400. 

  1400. 	sa.flags	= xsa->sadb_sa_flags;

    1401. 

  1401. 

    1402. 

  1402. 	return IPCERR_OK;

    1403. 

  1403. }

    1404. 

  1404. 

    1405. 

  1405. long _PFKI::read_sa2( PFKI_MSG & msg, PFKI_SA2 & sa2 )

    1406. 

  1406. {

    1407. 

  1407. 	//

    1408. 

  1408. 	// read policy extension

    1409. 

  1409. 	//

    1410. 

  1410. 

    1411. 

  1411. 	sadb_x_sa2 * xsa2;

    1412. 

  1412. 

    1413. 

  1413. 	long result = buff_get_ext( msg, ( sadb_ext ** ) &xsa2, SADB_X_EXT_SA2 );

    1414. 

  1414. 	if( result != IPCERR_OK )

    1415. 

  1415. 		return result;

    1416. 

  1416. 

    1417. 

  1417. 	sa2.mode		= xsa2->sadb_x_sa2_mode;

    1418. 

  1418. 	sa2.sequence	= xsa2->sadb_x_sa2_sequence;

    1419. 

  1419. 	sa2.reqid		= xsa2->sadb_x_sa2_reqid;

    1420. 

  1420. 

    1421. 

  1421. 	return true;

    1422. 

  1422. }

    1423. 

  1423. 

    1424. 

  1424. long _PFKI::read_range( PFKI_MSG & msg, PFKI_RANGE & range )

    1425. 

  1425. {

    1426. 

  1426. 	//

    1427. 

  1427. 	// read address extension

    1428. 

  1428. 	//

    1429. 

  1429. 

    1430. 

  1430. 	sadb_spirange * xsr;

    1431. 

  1431. 

    1432. 

  1432. 	long result;

    1433. 

  1433. 

    1434. 

  1434. 	result = buff_get_ext( msg, ( sadb_ext ** ) &xsr, SADB_EXT_SPIRANGE );

    1435. 

  1435. 	if( result != IPCERR_OK )

    1436. 

  1436. 		return result;

    1437. 

  1437. 

    1438. 

  1438. 	range.min = xsr->sadb_spirange_min;

    1439. 

  1439. 	range.max = xsr->sadb_spirange_max;

    1440. 

  1440. 

    1441. 

  1441. 	return IPCERR_OK;

    1442. 

  1442. }

    1443. 

  1443. 

    1444. 

  1444. long _PFKI::read_ltime_curr( PFKI_MSG & msg, PFKI_LTIME & ltime )

    1445. 

  1445. {

    1446. 

  1446. 	//

    1447. 

  1447. 	// read lifetime extension

    1448. 

  1448. 	//

    1449. 

  1449. 

    1450. 

  1450. 	sadb_lifetime * xlt;

    1451. 

  1451. 

    1452. 

  1452. 	long result;

    1453. 

  1453. 

    1454. 

  1454. 	result = buff_get_ext( msg, ( sadb_ext ** ) &xlt, SADB_EXT_LIFETIME_CURRENT );

    1455. 

  1455. 	if( result != IPCERR_OK )

    1456. 

  1456. 		return result;

    1457. 

  1457. 

    1458. 

  1458. 	ltime.allocations = xlt->sadb_lifetime_allocations;

    1459. 

  1459. 	ltime.addtime = xlt->sadb_lifetime_addtime;

    1460. 

  1460. 	ltime.usetime = xlt->sadb_lifetime_usetime;

    1461. 

  1461. 	ltime.bytes = xlt->sadb_lifetime_bytes;

    1462. 

  1462. 

    1463. 

  1463. 	return IPCERR_OK;

    1464. 

  1464. }

    1465. 

  1465. 

    1466. 

  1466. long _PFKI::read_ltime_hard( PFKI_MSG & msg, PFKI_LTIME & ltime )

    1467. 

  1467. {

    1468. 

  1468. 	//

    1469. 

  1469. 	// read lifetime extension

    1470. 

  1470. 	//

    1471. 

  1471. 

    1472. 

  1472. 	sadb_lifetime * xlt;

    1473. 

  1473. 

    1474. 

  1474. 	long result;

    1475. 

  1475. 

    1476. 

  1476. 	result = buff_get_ext( msg, ( sadb_ext ** ) &xlt, SADB_EXT_LIFETIME_HARD );

    1477. 

  1477. 	if( result != IPCERR_OK )

    1478. 

  1478. 		return result;

    1479. 

  1479. 

    1480. 

  1480. 	ltime.allocations = xlt->sadb_lifetime_allocations;

    1481. 

  1481. 	ltime.addtime = xlt->sadb_lifetime_addtime;

    1482. 

  1482. 	ltime.usetime = xlt->sadb_lifetime_usetime;

    1483. 

  1483. 	ltime.bytes = xlt->sadb_lifetime_bytes;

    1484. 

  1484. 

    1485. 

  1485. 	return IPCERR_OK;

    1486. 

  1486. }

    1487. 

  1487. 

    1488. 

  1488. long _PFKI::read_ltime_soft( PFKI_MSG & msg, PFKI_LTIME & ltime )

    1489. 

  1489. {

    1490. 

  1490. 	//

    1491. 

  1491. 	// read lifetime extension

    1492. 

  1492. 	//

    1493. 

  1493. 

    1494. 

  1494. 	sadb_lifetime * xlt;

    1495. 

  1495. 

    1496. 

  1496. 	long result;

    1497. 

  1497. 

    1498. 

  1498. 	result = buff_get_ext( msg, ( sadb_ext ** ) &xlt, SADB_EXT_LIFETIME_SOFT );

    1499. 

  1499. 	if( result != IPCERR_OK )

    1500. 

  1500. 		return result;

    1501. 

  1501. 

    1502. 

  1502. 	ltime.allocations = xlt->sadb_lifetime_allocations;

    1503. 

  1503. 	ltime.addtime = xlt->sadb_lifetime_addtime;

    1504. 

  1504. 	ltime.usetime = xlt->sadb_lifetime_usetime;

    1505. 

  1505. 	ltime.bytes = xlt->sadb_lifetime_bytes;

    1506. 

  1506. 

    1507. 

  1507. 	return IPCERR_OK;

    1508. 

  1508. }

    1509. 

  1509. 

    1510. 

  1510. long _PFKI::read_key_a( PFKI_MSG & msg, PFKI_KEY & akey )

    1511. 

  1511. {

    1512. 

  1512. 	//

    1513. 

  1513. 	// read key extension

    1514. 

  1514. 	//

    1515. 

  1515. 

    1516. 

  1516. 	sadb_key * xka;

    1517. 

  1517. 

    1518. 

  1518. 	long result;

    1519. 

  1519. 

    1520. 

  1520. 	result = buff_get_ext( msg, ( sadb_ext ** ) &xka, SADB_EXT_KEY_AUTH );

    1521. 

  1521. 	if( result != IPCERR_OK )

    1522. 

  1522. 		return result;

    1523. 

  1523. 

    1524. 

  1524. 	result = buff_get_key( xka, akey );

    1525. 

  1525. 	if( result != IPCERR_OK )

    1526. 

  1526. 		return result;

    1527. 

  1527. 

    1528. 

  1528. 	return IPCERR_OK;

    1529. 

  1529. }

    1530. 

  1530. 

    1531. 

  1531. long _PFKI::read_key_e( PFKI_MSG & msg, PFKI_KEY & ekey )

    1532. 

  1532. {

    1533. 

  1533. 	//

    1534. 

  1534. 	// read key extension

    1535. 

  1535. 	//

    1536. 

  1536. 

    1537. 

  1537. 	sadb_key * xke;

    1538. 

  1538. 

    1539. 

  1539. 	long result;

    1540. 

  1540. 

    1541. 

  1541. 	result = buff_get_ext( msg, ( sadb_ext ** ) &xke, SADB_EXT_KEY_ENCRYPT );

    1542. 

  1542. 	if( result != IPCERR_OK )

    1543. 

  1543. 		return result;

    1544. 

  1544. 

    1545. 

  1545. 	result = buff_get_key( xke, ekey );

    1546. 

  1546. 	if( result != IPCERR_OK )

    1547. 

  1547. 		return result;

    1548. 

  1548. 

    1549. 

  1549. 	return IPCERR_OK;

    1550. 

  1550. }

    1551. 

  1551. 

    1552. 

  1552. long _PFKI::read_address_src( PFKI_MSG & msg, PFKI_ADDR & addr )

    1553. 

  1553. {

    1554. 

  1554. 	//

    1555. 

  1555. 	// read address extension

    1556. 

  1556. 	//

    1557. 

  1557. 

    1558. 

  1558. 	sadb_address * xad;

    1559. 

  1559. 

    1560. 

  1560. 	long result;

    1561. 

  1561. 

    1562. 

  1562. 	result = buff_get_ext( msg, ( sadb_ext ** ) &xad, SADB_EXT_ADDRESS_SRC );

    1563. 

  1563. 	if( result != IPCERR_OK )

    1564. 

  1564. 		return result;

    1565. 

  1565. 

    1566. 

  1566. 	result = buff_get_address( xad, addr );

    1567. 

  1567. 	if( result != IPCERR_OK )

    1568. 

  1568. 		return result;

    1569. 

  1569. 

    1570. 

  1570. 	return IPCERR_OK;

    1571. 

  1571. }

    1572. 

  1572. 

    1573. 

  1573. long _PFKI::read_address_dst( PFKI_MSG & msg, PFKI_ADDR & addr )

    1574. 

  1574. {

    1575. 

  1575. 	//

    1576. 

  1576. 	// read address extension

    1577. 

  1577. 	//

    1578. 

  1578. 

    1579. 

  1579. 	sadb_address * xad;

    1580. 

  1580. 

    1581. 

  1581. 	long result;

    1582. 

  1582. 

    1583. 

  1583. 	result = buff_get_ext( msg, ( sadb_ext ** ) &xad, SADB_EXT_ADDRESS_DST );

    1584. 

  1584. 	if( result != IPCERR_OK )

    1585. 

  1585. 		return result;

    1586. 

  1586. 

    1587. 

  1587. 	result = buff_get_address( xad, addr );

    1588. 

  1588. 	if( result != IPCERR_OK )

    1589. 

  1589. 		return result;

    1590. 

  1590. 

    1591. 

  1591. 	return IPCERR_OK;

    1592. 

  1592. }

    1593. 

  1593. 

    1594. 

  1594. long _PFKI::read_natt( PFKI_MSG & msg, PFKI_NATT & natt )

    1595. 

  1595. {

    1596. 

  1596. 

    1597. 

  1597. #ifdef OPT_NATT

    1598. 

  1598. 

    1599. 

  1599. 	sadb_x_nat_t_type * xnt;

    1600. 

  1600. 	sadb_x_nat_t_port * xnps, * xnpd;

    1601. 

  1601. 

    1602. 

  1602. 	long result;

    1603. 

  1603. 

    1604. 

  1604. 	result = buff_get_ext( msg, ( sadb_ext ** ) &xnt, SADB_X_EXT_NAT_T_TYPE );

    1605. 

  1605. 	if( result != IPCERR_OK )

    1606. 

  1606. 		return result;

    1607. 

  1607. 

    1608. 

  1608. 	natt.type = xnt->sadb_x_nat_t_type_type;

    1609. 

  1609. 

    1610. 

  1610. 	result = buff_get_ext( msg, ( sadb_ext ** ) &xnps, SADB_X_EXT_NAT_T_SPORT );

    1611. 

  1611. 	if( result != IPCERR_OK )

    1612. 

  1612. 		return result;

    1613. 

  1613. 

    1614. 

  1614. 	natt.port_src = xnps->sadb_x_nat_t_port_port;

    1615. 

  1615. 

    1616. 

  1616. 	result = buff_get_ext( msg, ( sadb_ext ** ) &xnpd, SADB_X_EXT_NAT_T_DPORT );

    1617. 

  1617. 	if( result != IPCERR_OK )

    1618. 

  1618. 		return result;

    1619. 

  1619. 

    1620. 

  1620. 	natt.port_dst = xnpd->sadb_x_nat_t_port_port;

    1621. 

  1621. 

    1622. 

  1622. 	return IPCERR_OK;

    1623. 

  1623. 

    1624. 

  1624. #else

    1625. 

  1625. 

    1626. 

  1626. 	return IPCERR_FAILED;

    1627. 

  1627. 

    1628. 

  1628. #endif

    1629. 

  1629. 

    1630. 

  1630. }

    1631. 

  1631. 

    1632. 

  1632. long _PFKI::read_policy( PFKI_MSG & msg, PFKI_SPINFO & spinfo )

    1633. 

  1633. {

    1634. 

  1634. 	//

    1635. 

  1635. 	// read policy extension

    1636. 

  1636. 	//

    1637. 

  1637. 

    1638. 

  1638. 	sadb_x_policy * xpl;

    1639. 

  1639. 

    1640. 

  1640. 	long result;

    1641. 

  1641. 	

    1642. 

  1642. 	result = buff_get_ext( msg, ( sadb_ext ** ) &xpl, SADB_X_EXT_POLICY );

    1643. 

  1643. 	if( result != IPCERR_OK )

    1644. 

  1644. 		return result;

    1645. 

  1645. 

    1646. 

  1646. 	spinfo.sp.type	= xpl->sadb_x_policy_type;

    1647. 

  1647. 	spinfo.sp.id	= xpl->sadb_x_policy_id;

    1648. 

  1648. 	spinfo.sp.dir	= xpl->sadb_x_policy_dir;

    1649. 

  1649. 

    1650. 

  1650. 	if( spinfo.sp.type == IPSEC_POLICY_IPSEC )

    1651. 

  1651. 	{

    1652. 

  1652. 		result = buff_get_ipsec( xpl, spinfo );

    1653. 

  1653. 		if( result != IPCERR_OK )

    1654. 

  1654. 			return result;

    1655. 

  1655. 	}

    1656. 

  1656. 

    1657. 

  1657. 	return IPCERR_OK;

    1658. 

  1658. }

    1659. 

  1659. 

    1660. 

  1660. //

    1661. 

  1661. // client functions

    1662. 

  1662. //

    1663. 

  1663. 

    1664. 

  1664. long _PFKI::send_register( u_int8_t satype )

    1665. 

  1665. {

    1666. 

  1666. 	PFKI_SAINFO sainfo;

    1667. 

  1667. 	memset( &sainfo, 0, sizeof( sainfo ) );

    1668. 

  1668. 	sainfo.satype = satype;

    1669. 

  1669. 	return send_sainfo( SADB_REGISTER, sainfo, false );

    1670. 

  1670. }

    1671. 

  1671. 

    1672. 

  1672. long _PFKI::send_dump()

    1673. 

  1673. {

    1674. 

  1674. 	PFKI_SAINFO sainfo;

    1675. 

  1675. 	memset( &sainfo, 0, sizeof( sainfo ) );

    1676. 

  1676. 	return send_sainfo( SADB_DUMP, sainfo, false );

    1677. 

  1677. }

    1678. 

  1678. 

    1679. 

  1679. long _PFKI::send_add( PFKI_SAINFO & sainfo )

    1680. 

  1680. {

    1681. 

  1681. 	return send_sainfo( SADB_ADD, sainfo, false );

    1682. 

  1682. }

    1683. 

  1683. 

    1684. 

  1684. long _PFKI::send_get( PFKI_SAINFO & sainfo )

    1685. 

  1685. {

    1686. 

  1686. 	return send_sainfo( SADB_GET, sainfo, false );

    1687. 

  1687. }

    1688. 

  1688. 

    1689. 

  1689. long _PFKI::send_del( PFKI_SAINFO & sainfo )

    1690. 

  1690. {

    1691. 

  1691. 	return send_sainfo( SADB_DELETE, sainfo, false );

    1692. 

  1692. }

    1693. 

  1693. 

    1694. 

  1694. long _PFKI::send_getspi( PFKI_SAINFO & sainfo )

    1695. 

  1695. {

    1696. 

  1696. 	return send_sainfo( SADB_GETSPI, sainfo, false );

    1697. 

  1697. }

    1698. 

  1698. 

    1699. 

  1699. long _PFKI::send_update( PFKI_SAINFO & sainfo )

    1700. 

  1700. {

    1701. 

  1701. 	return send_sainfo( SADB_UPDATE, sainfo, false );

    1702. 

  1702. }

    1703. 

  1703. 

    1704. 

  1704. long _PFKI::send_spdump()

    1705. 

  1705. {

    1706. 

  1706. 	PFKI_SPINFO spinfo;

    1707. 

  1707. 	memset( &spinfo, 0, sizeof( spinfo ) );

    1708. 

  1708. 	return send_spinfo( SADB_X_SPDDUMP, spinfo, false );

    1709. 

  1709. }

    1710. 

  1710. 

    1711. 

  1711. long _PFKI::send_spadd( PFKI_SPINFO & spinfo )

    1712. 

  1712. {

    1713. 

  1713. 	return send_spinfo( SADB_X_SPDADD, spinfo, false );

    1714. 

  1714. }

    1715. 

  1715. 

    1716. 

  1716. long _PFKI::send_spdel( PFKI_SPINFO & spinfo )

    1717. 

  1717. {

    1718. 

  1718. 	return send_spinfo( SADB_X_SPDDELETE2, spinfo, false );

    1719. 

  1719. }

    1720. 

  1720. 

    1721. 

  1721. //

    1722. 

  1722. // server functions

    1723. 

  1723. //

    1724. 

  1724. 

    1725. 

  1725. long _PFKI::serv_dump( PFKI_SAINFO & sainfo )

    1726. 

  1726. {

    1727. 

  1727.  	return send_sainfo( SADB_DUMP, sainfo, true );

    1728. 

  1728. }

    1729. 

  1729. 

    1730. 

  1730. long _PFKI::serv_add( PFKI_SAINFO & sainfo )

    1731. 

  1731. {

    1732. 

  1732. 	return send_sainfo( SADB_ADD, sainfo, true );

    1733. 

  1733. }

    1734. 

  1734. 

    1735. 

  1735. long _PFKI::serv_get( PFKI_SAINFO & sainfo )

    1736. 

  1736. {

    1737. 

  1737. 	return send_sainfo( SADB_GET, sainfo, true );

    1738. 

  1738. }

    1739. 

  1739. 

    1740. 

  1740. long _PFKI::serv_del( PFKI_SAINFO & sainfo )

    1741. 

  1741. {

    1742. 

  1742. 	return send_sainfo( SADB_DELETE, sainfo, true );

    1743. 

  1743. }

    1744. 

  1744. 

    1745. 

  1745. long _PFKI::serv_acquire( PFKI_SPINFO & spinfo )

    1746. 

  1746. {

    1747. 

  1747. 	return send_spinfo( SADB_ACQUIRE, spinfo, true );

    1748. 

  1748. }

    1749. 

  1749. 

    1750. 

  1750. long _PFKI::serv_getspi( PFKI_SAINFO & sainfo )

    1751. 

  1751. {

    1752. 

  1752. 	return send_sainfo( SADB_GETSPI, sainfo, true );

    1753. 

  1753. }

    1754. 

  1754. 

    1755. 

  1755. long _PFKI::serv_update( PFKI_SAINFO & sainfo )

    1756. 

  1756. {

    1757. 

  1757. 	return send_sainfo( SADB_UPDATE, sainfo, true );

    1758. 

  1758. }

    1759. 

  1759. 

    1760. 

  1760. long _PFKI::serv_spdump( PFKI_SPINFO & spinfo )

    1761. 

  1761. {

    1762. 

  1762.  	return send_spinfo( SADB_X_SPDDUMP, spinfo, true );

    1763. 

  1763. }

    1764. 

  1764. 

    1765. 

  1765. long _PFKI::serv_spadd( PFKI_SPINFO & spinfo )

    1766. 

  1766. {

    1767. 

  1767. 	return send_spinfo( SADB_X_SPDADD, spinfo, true );

    1768. 

  1768. }

    1769. 

  1769. 

    1770. 

  1770. long _PFKI::serv_spdel( PFKI_SPINFO & spinfo )

    1771. 

  1771. {

    1772. 

  1772. 	return send_spinfo( SADB_X_SPDDELETE2, spinfo, true );

    1773. 

  1773. }

    1774. 

  1774. 

    1775. 

  1775. //==============================================================================

    1776. 

  1776. // server interface class

    1777. 

  1777. //==============================================================================

    1778. 

  1778. 

    1779. 

  1779. #ifdef WIN32

    1780. 

  1780. 

    1781. 

  1781. long _PFKS::init()

    1782. 

  1782. {

    1783. 

  1783. 	return ITH_IPCS::init( PFKI_PIPE_NAME, true );

    1784. 

  1784. }

    1785. 

  1785. 

    1786. 

  1786. void _PFKS::done()

    1787. 

  1787. {

    1788. 

  1788. 	ITH_IPCS::done();

    1789. 

  1789. }

    1790. 

  1790. 

    1791. 

  1791. long _PFKS::inbound( PFKI ** pfki )

    1792. 

  1792. {

    1793. 

  1793. 	IPCCONN ipcconn;

    1794. 

  1794. 

    1795. 

  1795. 	long result = ITH_IPCS::inbound( PFKI_PIPE_NAME, ipcconn );

    1796. 

  1796. 

    1797. 

  1797. 	if( result == IPCERR_OK )

    1798. 

  1798. 	{

    1799. 

  1799. 		*pfki = new PFKI;

    1800. 

  1800. 		if( *pfki == NULL )

    1801. 

  1801. 			return IPCERR_FAILED;

    1802. 

  1802. 	

    1803. 

  1803. 		(*pfki)->io_conf( ipcconn );

    1804. 

  1804. 	}

    1805. 

  1805. 

    1806. 

  1806. 	return result;

    1807. 

  1807. }

    1808. 

  1808. 

    1809. 

  1809. void _PFKS::wakeup()

    1810. 

  1810. {

    1811. 

  1811. 	ITH_IPCS::wakeup();

    1812. 

  1812. }

    1813. 

  1813. #endif

    1814. 

  1814.