PageRenderTime 31ms CodeModel.GetById 40ms RepoModel.GetById 0ms app.codeStats 1ms

/source/libpfk/libpfk.cpp

https://gitlab.com/mvives/ike
C++ | 1848 lines | 1228 code | 454 blank | 166 comment | 212 complexity | bef65096ad30a8d28fd577a91cda0eaf MD5 | raw file
    

  1. 

    2. 

  2. /*

    3. 

  3.  * Copyright (c) 2007

    4. 

  4.  *      Shrew Soft Inc.  All rights reserved.

    5. 

  5.  *

    6. 

  6.  * Redistribution and use in source and binary forms, with or without

    7. 

  7.  * modification, are permitted provided that the following conditions

    8. 

  8.  * are met:

    9. 

  9.  * 1. Redistributions of source code must retain the above copyright

    10. 

  10.  *    notice, this list of conditions and the following disclaimer.

    11. 

  11.  * 2. Redistributions in binary form must reproduce the above copyright

    12. 

  12.  *    notice, this list of conditions and the following disclaimer in the

    13. 

  13.  *    documentation and/or other materials provided with the distribution.

    14. 

  14.  * 3. Redistributions in any form must be accompanied by information on

    15. 

  15.  *    how to obtain complete source code for the software and any

    16. 

  16.  *    accompanying software that uses the software.  The source code

    17. 

  17.  *    must either be included in the distribution or be available for no

    18. 

  18.  *    more than the cost of distribution plus a nominal fee, and must be

    19. 

  19.  *    freely redistributable under reasonable conditions.  For an

    20. 

  20.  *    executable file, complete source code means the source code for all

    21. 

  21.  *    modules it contains.  It does not include source code for modules or

    22. 

  22.  *    files that typically accompany the major components of the operating

    23. 

  23.  *    system on which the executable file runs.

    24. 

  24.  *

    25. 

  25.  * THIS SOFTWARE IS PROVIDED BY SHREW SOFT INC ``AS IS'' AND ANY EXPRESS

    26. 

  26.  * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED

    27. 

  27.  * WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR

    28. 

  28.  * NON-INFRINGEMENT, ARE DISCLAIMED.  IN NO EVENT SHALL SHREW SOFT INC

    29. 

  29.  * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR

    30. 

  30.  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF

    31. 

  31.  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS

    32. 

  32.  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN

    33. 

  33.  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

    34. 

  34.  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF

    35. 

  35.  * THE POSSIBILITY OF SUCH DAMAGE.

    36. 

  36.  *

    37. 

  37.  * AUTHOR : Matthew Grooms

    38. 

  38.  *          mgrooms@shrew.net

    39. 

  39.  *

    40. 

  40.  */

    41. 

  41. 

    42. 

  42. #include "libpfk.h"

    43. 

  43. 

    44. 

  44. //==============================================================================

    45. 

  45. // message class

    46. 

  46. //==============================================================================

    47. 

  47. 

    48. 

  48. bool _PFKI_MSG::local()

    49. 

  49. {

    50. 

  50. 	return ( ( long ) header.sadb_msg_pid == getpid() );

    51. 

  51. 

    52. 

  52. 	return false;

    53. 

  53. }

    54. 

  54. 

    55. 

  55. //==============================================================================

    56. 

  56. // client interface class

    57. 

  57. //==============================================================================

    58. 

  58. 

    59. 

  59. #ifdef UNIX

    60. 

  60. 

    61. 

  61. long _PFKI::send_message( PFKI_MSG & msg )

    62. 

  62. {

    63. 

  63. 	if( conn == -1 )

    64. 

  64. 		return IPCERR_CLOSED;

    65. 

  65. 

    66. 

  66. 	size_t msg_size = msg.size() + sizeof( sadb_msg );

    67. 

  67. 	msg.header.sadb_msg_len = ( u_int16_t ) PFKEY_UNIT64( msg_size );

    68. 

  68. 	msg.ins( &msg.header, sizeof( msg.header ) );

    69. 

  69. 	msg.size( msg_size );

    70. 

  70. 

    71. 

  71. 	return io_send( msg.buff(), msg_size );

    72. 

  72. }

    73. 

  73. 

    74. 

  74. long _PFKI::recv_message( PFKI_MSG & msg )

    75. 

  75. {

    76. 

  76. 	if( conn == -1 )

    77. 

  77. 		return IPCERR_CLOSED;

    78. 

  78. 

    79. 

  79. 	fd_set fds;

    80. 

  80. 	FD_ZERO( &fds );

    81. 

  81. 	FD_SET( conn, &fds );

    82. 

  82. 	FD_SET( conn_wake[ 0 ], &fds );

    83. 

  83. 

    84. 

  84. 	int max = conn_wake[ 0 ];

    85. 

  85. 	if( max < conn )

    86. 

  86. 		max = conn;

    87. 

  87. 

    88. 

  88. 	if( select( max + 1, &fds, NULL, NULL, NULL ) <= 0 )

    89. 

  89. 		return IPCERR_FAILED;

    90. 

  90. 

    91. 

  91. 	if( FD_ISSET( conn, &fds ) )

    92. 

  92. 	{

    93. 

  93. 		msg.size( sizeof( sadb_msg ) );

    94. 

  94. 		size_t msg_size = msg.size();

    95. 

  95. 

    96. 

  96. 		long result = recv( conn, msg.buff(), msg_size, MSG_PEEK );

    97. 

  97. 		if( result < 0 )

    98. 

  98. 			return IPCERR_FAILED;

    99. 

  99. 

    100. 

  100. 		if( result == 0 )

    101. 

  101. 			return IPCERR_CLOSED;

    102. 

  102. 

    103. 

  103. 		msg.size( result );

    104. 

  104. 

    105. 

  105. 		msg.oset( 0 );

    106. 

  106. 		if( !msg.get( &msg.header, sizeof( sadb_msg ) ) )

    107. 

  107. 			return IPCERR_FAILED;

    108. 

  108. 

    109. 

  109. 		msg_size = PFKEY_UNUNIT64( msg.header.sadb_msg_len );

    110. 

  110. 		msg.size( msg_size );

    111. 

  111. 

    112. 

  112. 		return io_recv( msg.buff(), msg_size );

    113. 

  113.         }

    114. 

  114. 

    115. 

  115.         if( FD_ISSET( conn_wake[ 0 ], &fds ) )

    116. 

  116.         {

    117. 

  117.                 char c;

    118. 

  118.                 recv( conn_wake[ 0 ], &c, 1, 0 );

    119. 

  119. 

    120. 

  120.                 return IPCERR_WAKEUP;

    121. 

  121.         }

    122. 

  122. 

    123. 

  123. 	return IPCERR_NODATA;

    124. 

  124. }

    125. 

  125. 

    126. 

  126. long _PFKI::attach( long timeout )

    127. 

  127. {

    128. 

  128. 	detach();

    129. 

  129. 

    130. 

  130. 	//

    131. 

  131. 	// open our pfkey socket

    132. 

  132. 	//

    133. 

  133. 

    134. 

  134. 	conn = socket( PF_KEY, SOCK_RAW, PF_KEY_V2 );

    135. 

  135. 	if( conn < 0 )

    136. 

  136. 		return IPCERR_FAILED;

    137. 

  137. 

    138. 

  138. 	//

    139. 

  139. 	// set socket buffer size

    140. 

  140. 	//

    141. 

  141. 

    142. 

  142. 	const int buffsize = PFKEY_BUFFSIZE;

    143. 

  143. 	setsockopt( conn, SOL_SOCKET, SO_SNDBUF, &buffsize, sizeof( buffsize ) );

    144. 

  144. 	setsockopt( conn, SOL_SOCKET, SO_RCVBUF, &buffsize, sizeof( buffsize ) );

    145. 

  145. 

    146. 

  146. 	//

    147. 

  147. 	// set socket to non-blocking

    148. 

  148. 	//

    149. 

  149. 

    150. 

  150. 	if( fcntl( conn, F_SETFL, O_NONBLOCK ) == -1 )

    151. 

  151. 		return IPCERR_FAILED;

    152. 

  152. 

    153. 

  153. 	return IPCERR_OK;

    154. 

  154. }

    155. 

  155. 

    156. 

  156. void _PFKI::wakeup()

    157. 

  157. {

    158. 

  158. 	ITH_IPCC::wakeup();

    159. 

  159. }

    160. 

  160. 

    161. 

  161. void _PFKI::detach()

    162. 

  162. {

    163. 

  163. 	if( conn != -1 )

    164. 

  164. 		close( conn );

    165. 

  165. }

    166. 

  166. 

    167. 

  167. #endif

    168. 

  168. 

    169. 

  169. //

    170. 

  170. // PFKI WIN32 Specific

    171. 

  171. //

    172. 

  172. 

    173. 

  173. #ifdef WIN32

    174. 

  174. 

    175. 

  175. long _PFKI::send_message( PFKI_MSG & msg )

    176. 

  176. {

    177. 

  177. 	size_t msg_size = msg.size() + sizeof( sadb_msg );

    178. 

  178. 	msg.header.sadb_msg_len = ( u_int16_t ) PFKEY_UNIT64( msg_size );

    179. 

  179. 	msg.ins( &msg.header, sizeof( msg.header ) );

    180. 

  180. 	msg.size( msg_size );

    181. 

  181. 

    182. 

  182. 	return io_send( msg.buff(), msg_size );

    183. 

  183. }

    184. 

  184. 

    185. 

  185. long _PFKI::recv_message( PFKI_MSG & msg )

    186. 

  186. {

    187. 

  187. 	msg.size( sizeof( sadb_msg ) );

    188. 

  188. 	size_t msg_read = msg.size();

    189. 

  189. 	size_t msg_size = 0;

    190. 

  190. 

    191. 

  191. 	long result = io_recv( msg.buff(), msg_read );

    192. 

  192. 

    193. 

  193. 	if( ( result == IPCERR_OK ) || ( result == IPCERR_BUFFER ) )

    194. 

  194. 	{

    195. 

  195. 		msg.oset( 0 );

    196. 

  196. 		if( !msg.get( &msg.header, sizeof( sadb_msg ) ) )

    197. 

  197. 			return IPCERR_FAILED;

    198. 

  198. 

    199. 

  199. 		msg_size = PFKEY_UNUNIT64( msg.header.sadb_msg_len );

    200. 

  200. 		msg.size( msg_size );

    201. 

  201. 

    202. 

  202. 		result = io_recv( msg.buff() + msg_read, msg_size - msg_read );

    203. 

  203. 	}

    204. 

  204. 

    205. 

  205. 	return result;

    206. 

  206. }

    207. 

  207. 

    208. 

  208. long _PFKI::attach( long timeout )

    209. 

  209. {

    210. 

  210. 	return ITH_IPCC::attach( PFKI_PIPE_NAME, timeout );

    211. 

  211. }

    212. 

  212. 

    213. 

  213. void _PFKI::wakeup()

    214. 

  214. {

    215. 

  215. 	ITH_IPCC::wakeup();

    216. 

  216. }

    217. 

  217. 

    218. 

  218. void _PFKI::detach()

    219. 

  219. {

    220. 

  220. 	ITH_IPCC::detach();

    221. 

  221. }

    222. 

  222. 

    223. 

  223. #endif

    224. 

  224. 

    225. 

  225. const char * _PFKI::name( long type, long value )

    226. 

  226. {

    227. 

  227. 	static const char * unknown = "unknown";

    228. 

  228. 

    229. 

  229. 	switch( type )

    230. 

  230. 	{

    231. 

  231. 		case NAME_MSGTYPE:

    232. 

  232. 		{

    233. 

  233. 			static const char * msgtype_00 = "RESERVED";

    234. 

  234. 			static const char * msgtype_01 = "GETSPI";

    235. 

  235. 			static const char * msgtype_02 = "UPDATE";

    236. 

  236. 			static const char * msgtype_03 = "ADD";

    237. 

  237. 			static const char * msgtype_04 = "DELETE";

    238. 

  238. 			static const char * msgtype_05 = "GET";

    239. 

  239. 			static const char * msgtype_06 = "ACQUIRE";

    240. 

  240. 			static const char * msgtype_07 = "REGISTER";

    241. 

  241. 			static const char * msgtype_08 = "EXPIRE";

    242. 

  242. 			static const char * msgtype_09 = "FLUSH";

    243. 

  243. 			static const char * msgtype_10 = "DUMP";

    244. 

  244. 			static const char * msgtype_11 = "X_PROMISC";

    245. 

  245. 			static const char * msgtype_12 = "X_PCHANGE";

    246. 

  246. 			static const char * msgtype_13 = "X_SPDUPDATE";

    247. 

  247. 			static const char * msgtype_14 = "X_SPDADD";

    248. 

  248. 			static const char * msgtype_15 = "X_SPDDELETE";

    249. 

  249. 			static const char * msgtype_16 = "X_SPDGET";

    250. 

  250. 			static const char * msgtype_17 = "X_SPDACQUIRE";

    251. 

  251. 			static const char * msgtype_18 = "X_SPDDUMP";

    252. 

  252. 			static const char * msgtype_19 = "X_SPDFLUSH";

    253. 

  253. 			static const char * msgtype_20 = "X_SPDSETIDX";

    254. 

  254. 			static const char * msgtype_21 = "X_SPDEXPIRE";

    255. 

  255. 			static const char * msgtype_22 = "X_SPDDELETE2";

    256. 

  256. //			static const char * msgtype_23 = "X_NAT_T_NEW_MAPPING";

    257. 

  257. 

    258. 

  258. 			switch( value )

    259. 

  259. 			{

    260. 

  260. 				case SADB_RESERVED:

    261. 

  261. 					return msgtype_00;

    262. 

  262. 

    263. 

  263. 				case SADB_GETSPI:

    264. 

  264. 					return msgtype_01;

    265. 

  265. 

    266. 

  266. 				case SADB_UPDATE:

    267. 

  267. 					return msgtype_02;

    268. 

  268. 

    269. 

  269. 				case SADB_ADD:

    270. 

  270. 					return msgtype_03;

    271. 

  271. 

    272. 

  272. 				case SADB_DELETE:

    273. 

  273. 					return msgtype_04;

    274. 

  274. 

    275. 

  275. 				case SADB_GET:

    276. 

  276. 					return msgtype_05;

    277. 

  277. 

    278. 

  278. 				case SADB_ACQUIRE:

    279. 

  279. 					return msgtype_06;

    280. 

  280. 

    281. 

  281. 				case SADB_REGISTER:

    282. 

  282. 					return msgtype_07;

    283. 

  283. 

    284. 

  284. 				case SADB_EXPIRE:

    285. 

  285. 					return msgtype_08;

    286. 

  286. 

    287. 

  287. 				case SADB_FLUSH:

    288. 

  288. 					return msgtype_09;

    289. 

  289. 

    290. 

  290. 				case SADB_DUMP:

    291. 

  291. 					return msgtype_10;

    292. 

  292. 

    293. 

  293. 				case SADB_X_PROMISC:

    294. 

  294. 					return msgtype_11;

    295. 

  295. 

    296. 

  296. 				case SADB_X_PCHANGE:

    297. 

  297. 					return msgtype_12;

    298. 

  298. 

    299. 

  299. 				case SADB_X_SPDUPDATE:

    300. 

  300. 					return msgtype_13;

    301. 

  301. 

    302. 

  302. 				case SADB_X_SPDADD:

    303. 

  303. 					return msgtype_14;

    304. 

  304. 

    305. 

  305. 				case SADB_X_SPDDELETE:

    306. 

  306. 					return msgtype_15;

    307. 

  307. 

    308. 

  308. 				case SADB_X_SPDGET:

    309. 

  309. 					return msgtype_16;

    310. 

  310. 

    311. 

  311. 				case SADB_X_SPDACQUIRE:

    312. 

  312. 					return msgtype_17;

    313. 

  313. 

    314. 

  314. 				case SADB_X_SPDDUMP:

    315. 

  315. 					return msgtype_18;

    316. 

  316. 

    317. 

  317. 				case SADB_X_SPDFLUSH:

    318. 

  318. 					return msgtype_19;

    319. 

  319. 

    320. 

  320. 				case SADB_X_SPDSETIDX:

    321. 

  321. 					return msgtype_20;

    322. 

  322. 

    323. 

  323. 				case SADB_X_SPDEXPIRE:

    324. 

  324. 					return msgtype_21;

    325. 

  325. 

    326. 

  326. 				case SADB_X_SPDDELETE2:

    327. 

  327. 					return msgtype_22;

    328. 

  328. 

    329. 

  329. //				case SADB_X_NAT_T_NEW_MAPPING:

    330. 

  330. //					return msgtype_23;

    331. 

  331. 

    332. 

  332. 				default:

    333. 

  333. 					return unknown;

    334. 

  334. 

    335. 

  335. 			}

    336. 

  336. 		}

    337. 

  337. 

    338. 

  338. 		case NAME_SAENCR:

    339. 

  339. 		{

    340. 

  340. 			static const char * encrtype_02 = "DES-CBC";

    341. 

  341. 			static const char * encrtype_03 = "3DES-CBC";

    342. 

  342. 			static const char * encrtype_06 = "CAST128-CBC";

    343. 

  343. 			static const char * encrtype_07 = "BLOWFISH-CBC";

    344. 

  344. 			static const char * encrtype_12 = "AES-CBC";

    345. 

  345. 

    346. 

  346. 			switch( value )

    347. 

  347. 			{

    348. 

  348. 				case SADB_EALG_DESCBC:

    349. 

  349. 					return encrtype_02;

    350. 

  350. 

    351. 

  351. 				case SADB_EALG_3DESCBC:

    352. 

  352. 					return encrtype_03;

    353. 

  353. 

    354. 

  354. 				case SADB_X_EALG_CAST128CBC:

    355. 

  355. 					return encrtype_06;

    356. 

  356. 

    357. 

  357. 				case SADB_X_EALG_BLOWFISHCBC:

    358. 

  358. 					return encrtype_07;

    359. 

  359. 

    360. 

  360. 				case SADB_X_EALG_AESCBC:

    361. 

  361. 					return encrtype_12;

    362. 

  362. 

    363. 

  363. 				default:

    364. 

  364. 					return unknown;

    365. 

  365. 			}

    366. 

  366. 		}

    367. 

  367. 

    368. 

  368. 		case NAME_SACOMP:

    369. 

  369. 		{

    370. 

  370. 			static const char * comptype_01 = "OUI";

    371. 

  371. 			static const char * comptype_02 = "DEFLATE";

    372. 

  372. 			static const char * comptype_03 = "LZS";

    373. 

  373. 

    374. 

  374. 			switch( value )

    375. 

  375. 			{

    376. 

  376. 				case SADB_X_CALG_OUI:

    377. 

  377. 					return comptype_01;

    378. 

  378. 

    379. 

  379. 				case SADB_X_CALG_DEFLATE:

    380. 

  380. 					return comptype_02;

    381. 

  381. 

    382. 

  382. 				case SADB_X_CALG_LZS:

    383. 

  383. 					return comptype_03;

    384. 

  384. 

    385. 

  385. 				default:

    386. 

  386. 					return unknown;

    387. 

  387. 			}

    388. 

  388. 		}

    389. 

  389. 

    390. 

  390. 		case NAME_SAAUTH:

    391. 

  391. 		{

    392. 

  392. 			static const char * authtype_02 = "HMAC-MD5";

    393. 

  393. 			static const char * authtype_03 = "HMAC-SHA1";

    394. 

  394. 			static const char * authtype_04 = "HMAC-SHA2-256";

    395. 

  395. 			static const char * authtype_05 = "HMAC-SHA2-384";

    396. 

  396. 			static const char * authtype_06 = "HMAC-SHA2-512";

    397. 

  397. 

    398. 

  398. 			switch( value )

    399. 

  399. 			{

    400. 

  400. 				case SADB_AALG_MD5HMAC:

    401. 

  401. 					return authtype_02;

    402. 

  402. 

    403. 

  403. 				case SADB_AALG_SHA1HMAC:

    404. 

  404. 					return authtype_03;

    405. 

  405. 

    406. 

  406. 				case SADB_X_AALG_SHA2_256HMAC:

    407. 

  407. 					return authtype_04;

    408. 

  408. 

    409. 

  409. 				case SADB_X_AALG_SHA2_384HMAC:

    410. 

  410. 					return authtype_05;

    411. 

  411. 

    412. 

  412. 				case SADB_X_AALG_SHA2_512HMAC:

    413. 

  413. 					return authtype_06;

    414. 

  414. 

    415. 

  415. 				default:

    416. 

  416. 					return unknown;

    417. 

  417. 			}

    418. 

  418. 		}

    419. 

  419. 

    420. 

  420. 

    421. 

  421. 		case NAME_SATYPE:

    422. 

  422. 		{

    423. 

  423. 			static const char * satype_00 = "UNSPEC";

    424. 

  424. 			static const char * satype_02 = "AH";

    425. 

  425. 			static const char * satype_03 = "ESP";

    426. 

  426. 			static const char * satype_05 = "RSVP";

    427. 

  427. 			static const char * satype_06 = "OSPFV2";

    428. 

  428. 			static const char * satype_07 = "RIPV2";

    429. 

  429. 			static const char * satype_08 = "MIP";

    430. 

  430. 			static const char * satype_09 = "IPCOMP";

    431. 

  431. 			static const char * satype_11 = "TCPSIGNATURE";

    432. 

  432. 

    433. 

  433. 			switch( value )

    434. 

  434. 			{

    435. 

  435. 				case SADB_SATYPE_UNSPEC:

    436. 

  436. 					return satype_00;

    437. 

  437. 

    438. 

  438. 				case SADB_SATYPE_AH:

    439. 

  439. 					return satype_02;

    440. 

  440. 

    441. 

  441. 				case SADB_SATYPE_ESP:

    442. 

  442. 					return satype_03;

    443. 

  443. 

    444. 

  444. 				case SADB_SATYPE_RSVP:

    445. 

  445. 					return satype_05;

    446. 

  446. 

    447. 

  447. 				case SADB_SATYPE_OSPFV2:

    448. 

  448. 					return satype_06;

    449. 

  449. 

    450. 

  450. 				case SADB_SATYPE_RIPV2:

    451. 

  451. 					return satype_07;

    452. 

  452. 

    453. 

  453. 				case SADB_SATYPE_MIP:

    454. 

  454. 					return satype_08;

    455. 

  455. 

    456. 

  456. 				case SADB_X_SATYPE_IPCOMP:

    457. 

  457. 					return satype_09;

    458. 

  458. 

    459. 

  459. //				case SADB_X_SATYPE_TCPSIGNATURE:

    460. 

  460. //					return satype_11;

    461. 

  461. 

    462. 

  462. 				default:

    463. 

  463. 					return unknown;

    464. 

  464. 			}

    465. 

  465. 		}

    466. 

  466. 

    467. 

  467. 		case NAME_SPMODE:

    468. 

  468. 		{

    469. 

  469. 			static const char * plcymode_00 = "ANY";

    470. 

  470. 			static const char * plcymode_01 = "TANSPORT";

    471. 

  471. 			static const char * plcymode_02 = "TUNNEL";

    472. 

  472. 

    473. 

  473. 			switch( value )

    474. 

  474. 			{

    475. 

  475. 				case IPSEC_MODE_ANY:

    476. 

  476. 					return plcymode_00;

    477. 

  477. 

    478. 

  478. 				case IPSEC_MODE_TRANSPORT:

    479. 

  479. 					return plcymode_01;

    480. 

  480. 

    481. 

  481. 				case IPSEC_MODE_TUNNEL:

    482. 

  482. 					return plcymode_02;

    483. 

  483. 

    484. 

  484. 				default:

    485. 

  485. 					return unknown;

    486. 

  486. 			}

    487. 

  487. 		}

    488. 

  488. 

    489. 

  489. 		case NAME_SPTYPE:

    490. 

  490. 		{

    491. 

  491. 			static const char * plcytype_00 = "DISCARD";

    492. 

  492. 			static const char * plcytype_01 = "NONE";

    493. 

  493. 			static const char * plcytype_02 = "IPSEC";

    494. 

  494. 			static const char * plcytype_03 = "ENTRUST";

    495. 

  495. 			static const char * plcytype_04 = "BYPASS";

    496. 

  496. 

    497. 

  497. 			switch( value )

    498. 

  498. 			{

    499. 

  499. 				case IPSEC_POLICY_DISCARD:

    500. 

  500. 					return plcytype_00;

    501. 

  501. 

    502. 

  502. 				case IPSEC_POLICY_NONE:

    503. 

  503. 					return plcytype_01;

    504. 

  504. 

    505. 

  505. 				case IPSEC_POLICY_IPSEC:

    506. 

  506. 					return plcytype_02;

    507. 

  507. 

    508. 

  508. 				case IPSEC_POLICY_ENTRUST:

    509. 

  509. 					return plcytype_03;

    510. 

  510. 

    511. 

  511. 				case IPSEC_POLICY_BYPASS:

    512. 

  512. 					return plcytype_04;

    513. 

  513. 

    514. 

  514. 				default:

    515. 

  515. 					return unknown;

    516. 

  516. 			}

    517. 

  517. 		}

    518. 

  518. 

    519. 

  519. 		case NAME_SPDIR:

    520. 

  520. 		{

    521. 

  521. 			static const char * plcydir_00 = "ANY";

    522. 

  522. 			static const char * plcydir_01 = "INBOUND";

    523. 

  523. 			static const char * plcydir_02 = "OUTBOUND";

    524. 

  524. 			static const char * plcydir_03 = "MAX";

    525. 

  525. 			static const char * plcydir_04 = "INVALID";

    526. 

  526. 

    527. 

  527. 			switch( value )

    528. 

  528. 			{

    529. 

  529. 				case IPSEC_DIR_ANY:

    530. 

  530. 					return plcydir_00;

    531. 

  531. 

    532. 

  532. 				case IPSEC_DIR_INBOUND:

    533. 

  533. 					return plcydir_01;

    534. 

  534. 

    535. 

  535. 				case IPSEC_DIR_OUTBOUND:

    536. 

  536. 					return plcydir_02;

    537. 

  537. 

    538. 

  538. 				case IPSEC_DIR_MAX:

    539. 

  539. 					return plcydir_03;

    540. 

  540. 

    541. 

  541. 				case IPSEC_DIR_INVALID:

    542. 

  542. 					return plcydir_04;

    543. 

  543. 

    544. 

  544. 				default:

    545. 

  545. 					return unknown;

    546. 

  546. 			}

    547. 

  547. 		}

    548. 

  548. 

    549. 

  549. 		case NAME_SPLEVEL:

    550. 

  550. 		{

    551. 

  551. 			static const char * plcylevel_00 = "ANY";

    552. 

  552. 			static const char * plcylevel_01 = "USE";

    553. 

  553. 			static const char * plcylevel_02 = "REQUIRE";

    554. 

  554. 			static const char * plcylevel_03 = "UNIQUE";

    555. 

  555. 

    556. 

  556. 			switch( value )

    557. 

  557. 			{

    558. 

  558. 				case IPSEC_LEVEL_DEFAULT:

    559. 

  559. 					return plcylevel_00;

    560. 

  560. 

    561. 

  561. 				case IPSEC_LEVEL_USE:

    562. 

  562. 					return plcylevel_01;

    563. 

  563. 

    564. 

  564. 				case IPSEC_LEVEL_REQUIRE:

    565. 

  565. 					return plcylevel_02;

    566. 

  566. 

    567. 

  567. 				case IPSEC_LEVEL_UNIQUE:

    568. 

  568. 					return plcylevel_03;

    569. 

  569. 

    570. 

  570. 				default:

    571. 

  571. 					return unknown;

    572. 

  572. 			}

    573. 

  573. 		}

    574. 

  574. 

    575. 

  575. 		case NAME_NTTYPE:

    576. 

  576. 		{

    577. 

  577. 			static const char * nattype_00 = "NONE";

    578. 

  578. 			static const char * nattype_01 = "ESPINUDP-NON-IKE";

    579. 

  579. 			static const char * nattype_02 = "ESPINUDP";

    580. 

  580. 

    581. 

  581. 			switch( value )

    582. 

  582. 			{

    583. 

  583. 				case 0:

    584. 

  584. 					return nattype_00;

    585. 

  585. #ifdef OPT_NATT

    586. 

  586. 				case UDP_ENCAP_ESPINUDP_NON_IKE:

    587. 

  587. 					return nattype_01;

    588. 

  588. 

    589. 

  589. 				case UDP_ENCAP_ESPINUDP:

    590. 

  590. 					return nattype_02;

    591. 

  591. #endif

    592. 

  592. 				default:

    593. 

  593. 					return unknown;

    594. 

  594. 			}

    595. 

  595. 		}

    596. 

  596. 	}

    597. 

  597. 

    598. 

  598. 	return unknown;

    599. 

  599. }

    600. 

  600. 

    601. 

  601. //==============================================================================

    602. 

  602. // buffer management functions

    603. 

  603. //==============================================================================

    604. 

  604. 

    605. 

  605. bool _PFKI::sockaddr_len( int safam, int & salen )

    606. 

  606. {

    607. 

  607. 	switch( safam )

    608. 

  608. 	{

    609. 

  609. 		case AF_INET:

    610. 

  610. 			salen = sizeof( sockaddr_in );

    611. 

  611. 			return true;

    612. 

  612. 	}

    613. 

  613. 

    614. 

  614. 	printf( "XX : address family %i unhandled\n", safam );

    615. 

  615. 

    616. 

  616. 	return false;

    617. 

  617. }

    618. 

  618. 

    619. 

  619. long _PFKI::buff_get_ext( PFKI_MSG & msg, sadb_ext ** ext, long type )

    620. 

  620. {

    621. 

  621. 	unsigned char * buff = msg.buff();

    622. 

  622. 	size_t			size = msg.size();

    623. 

  623. 

    624. 

  624. 	buff += sizeof( sadb_msg );

    625. 

  625. 	size -= sizeof( sadb_msg );

    626. 

  626. 

    627. 

  627. 	while( 1 )

    628. 

  628. 	{

    629. 

  629. 		//

    630. 

  630. 		// make sure the buffer holds

    631. 

  631. 		// enough data to contain an

    632. 

  632. 		// extension header

    633. 

  633. 		//

    634. 

  634. 

    635. 

  635. 		if( long( sizeof( sadb_ext ) ) > size )

    636. 

  636. 		{

    637. 

  637. 			printf( "XX : extension not found\n" );

    638. 

  638. 

    639. 

  639. 			return IPCERR_FAILED;

    640. 

  640. 		}

    641. 

  641. 

    642. 

  642. 		sadb_ext * ext_head = ( sadb_ext * ) buff;

    643. 

  643. 

    644. 

  644. 		//

    645. 

  645. 		// make sure the buffer holds

    646. 

  646. 		// enough data to contain the

    647. 

  647. 		// extension body

    648. 

  648. 		//

    649. 

  649. 

    650. 

  650. 		if( PFKEY_EXTLEN( ext_head ) > size )

    651. 

  651. 		{

    652. 

  652. 			printf( "XX : buffer too small for ext body ( %i bytes )\n",

    653. 

  653. 				PFKEY_EXTLEN( ext_head ) );

    654. 

  654. 

    655. 

  655. 			return IPCERR_FAILED;

    656. 

  656. 		}

    657. 

  657. 

    658. 

  658. 		//

    659. 

  659. 		// stop evaluation if this is

    660. 

  660. 		// the requested extension

    661. 

  661. 		//

    662. 

  662. 

    663. 

  663. 		if( ext_head->sadb_ext_type == type )

    664. 

  664. 		{

    665. 

  665. 			//

    666. 

  666. 			// sainfo the pointers and size

    667. 

  667. 			//

    668. 

  668. 

    669. 

  669. 			*ext = ( sadb_ext * ) buff;

    670. 

  670. 

    671. 

  671. 			break;

    672. 

  672. 		}

    673. 

  673. 

    674. 

  674. 		//

    675. 

  675. 		// move to next extension

    676. 

  676. 		//

    677. 

  677. 

    678. 

  678. 		buff += PFKEY_EXTLEN( ext_head );

    679. 

  679. 		size -= PFKEY_EXTLEN( ext_head );

    680. 

  680. 	}

    681. 

  681. 

    682. 

  682. 	return IPCERR_OK;

    683. 

  683. }

    684. 

  684. 

    685. 

  685. long _PFKI::buff_add_ext( PFKI_MSG & msg, sadb_ext ** ext, long xlen, bool unit64 )

    686. 

  686. {

    687. 

  687. 	size_t oset = msg.size();

    688. 

  688. 	xlen = PFKEY_ALIGN8( xlen );

    689. 

  689. 

    690. 

  690. 	msg.add( 0, xlen );

    691. 

  691. 	*ext = ( sadb_ext * )( msg.buff() + oset );

    692. 

  692. 

    693. 

  693. 	if( unit64 )

    694. 

  694. 		( *ext )->sadb_ext_len = ( u_int16_t ) PFKEY_UNIT64( xlen );

    695. 

  695. 	else

    696. 

  696. 		( *ext )->sadb_ext_len = ( u_int16_t ) xlen;

    697. 

  697. 

    698. 

  698. 	return IPCERR_OK;

    699. 

  699. }

    700. 

  700. 

    701. 

  701. long _PFKI::buff_get_address( sadb_address * ext, PFKI_ADDR & addr )

    702. 

  702. {

    703. 

  703. 	unsigned char * buff = ( unsigned char * ) ext;

    704. 

  704. 	int size = PFKEY_UNUNIT64( ext->sadb_address_len );

    705. 

  705. 

    706. 

  706. 	addr.proto = ext->sadb_address_proto;

    707. 

  707. 	addr.prefix = ext->sadb_address_prefixlen;

    708. 

  708. 

    709. 

  709. 	buff += sizeof( sadb_address );

    710. 

  710. 	size -= sizeof( sadb_address );

    711. 

  711. 

    712. 

  712. 	sockaddr * saddr = ( sockaddr * ) buff;

    713. 

  713. 

    714. 

  714. 	int salen;

    715. 

  715. 	if( !sockaddr_len( saddr->sa_family, salen ) )

    716. 

  716. 		return IPCERR_FAILED;

    717. 

  717. 

    718. 

  718. 	if( size < salen )

    719. 

  719. 	{

    720. 

  720. 		printf( "!! : pfkey address size mismatch\n" );

    721. 

  721. 		return IPCERR_FAILED;

    722. 

  722. 	}

    723. 

  723. 

    724. 

  724. 	memcpy( &addr.saddr, saddr, salen );

    725. 

  725. 

    726. 

  726. 	return IPCERR_OK;

    727. 

  727. }

    728. 

  728. 

    729. 

  729. long _PFKI::buff_set_address( sadb_address * ext, PFKI_ADDR & addr )

    730. 

  730. {

    731. 

  731. 	unsigned char * buff = ( unsigned char * ) ext;

    732. 

  732. 	int size = PFKEY_UNUNIT64( ext->sadb_address_len );

    733. 

  733. 

    734. 

  734. 	ext->sadb_address_proto = addr.proto;

    735. 

  735. 	ext->sadb_address_prefixlen = addr.prefix;

    736. 

  736. 

    737. 

  737. 	buff += sizeof( sadb_address );

    738. 

  738. 	size -= sizeof( sadb_address );

    739. 

  739. 

    740. 

  740. 	int salen;

    741. 

  741. 	if( !sockaddr_len( addr.saddr.sa_family, salen ) )

    742. 

  742. 		return IPCERR_FAILED;

    743. 

  743. 

    744. 

  744. 	if( size < salen )

    745. 

  745. 	{

    746. 

  746. 		printf( "!! : pfkey address size mismatch\n" );

    747. 

  747. 		return IPCERR_FAILED;

    748. 

  748. 	}

    749. 

  749. 

    750. 

  750. 	memcpy( buff, &addr.saddr, salen );

    751. 

  751. 

    752. 

  752. 	return IPCERR_OK;

    753. 

  753. }

    754. 

  754. 

    755. 

  755. long _PFKI::buff_set_key( sadb_key * ext, PFKI_KEY & key )

    756. 

  756. {

    757. 

  757. 	unsigned char * buff = ( unsigned char * ) ext;

    758. 

  758. 	int size = PFKEY_UNUNIT64( ext->sadb_key_len );

    759. 

  759. 

    760. 

  760. 	ext->sadb_key_bits = key.length * 8;

    761. 

  761. 

    762. 

  762. 	buff += sizeof( sadb_key );

    763. 

  763. 	size -= sizeof( sadb_key );

    764. 

  764. 

    765. 

  765. 	if( size < key.length )

    766. 

  766. 	{

    767. 

  767. 		printf( "!! : pfkey key size mismatch ( %i < %i )\n", size, key.length );

    768. 

  768. 		return IPCERR_FAILED;

    769. 

  769. 	}

    770. 

  770. 

    771. 

  771. 	assert( PFKI_MAX_KEYLEN >= key.length );

    772. 

  772. 	memcpy( buff, key.keydata, key.length );

    773. 

  773. 

    774. 

  774. 	return IPCERR_OK;

    775. 

  775. }

    776. 

  776. 

    777. 

  777. long _PFKI::buff_get_key( sadb_key * ext, PFKI_KEY & key )

    778. 

  778. {

    779. 

  779. 	unsigned char * buff = ( unsigned char * ) ext;

    780. 

  780. 	int size = PFKEY_UNUNIT64( ext->sadb_key_len );

    781. 

  781. 

    782. 

  782. 	buff += sizeof( sadb_key );

    783. 

  783. 	size -= sizeof( sadb_key );

    784. 

  784. 

    785. 

  785. 	if( !ext->sadb_key_bits )

    786. 

  786. 		return IPCERR_FAILED;

    787. 

  787. 

    788. 

  788. 	key.length = ext->sadb_key_bits / 8;

    789. 

  789. 

    790. 

  790. 	if( size < key.length )

    791. 

  791. 	{

    792. 

  792. 		printf( "!! : pfkey key size mismatch ( %i < %i )\n", size, key.length );

    793. 

  793. 		return IPCERR_FAILED;

    794. 

  794. 	}

    795. 

  795. 

    796. 

  796. 	memcpy( key.keydata, buff, key.length );

    797. 

  797. 

    798. 

  798. 	return IPCERR_OK;

    799. 

  799. }

    800. 

  800. 

    801. 

  801. long _PFKI::buff_get_ipsec( sadb_x_policy * ext, PFKI_SPINFO & spinfo )

    802. 

  802. {

    803. 

  803. 	unsigned char * buff = ( unsigned char * ) ext;

    804. 

  804. 	int size = PFKEY_UNUNIT64( ext->sadb_x_policy_len );

    805. 

  805. 

    806. 

  806. 	buff += sizeof( sadb_x_policy );

    807. 

  807. 	size -= sizeof( sadb_x_policy );

    808. 

  808. 

    809. 

  809. 	long xindex = 0;

    810. 

  810. 

    811. 

  811. 	while( size >= long( sizeof( sadb_x_ipsecrequest ) ) )

    812. 

  812. 	{

    813. 

  813. 		sadb_x_ipsecrequest * ipsr = ( sadb_x_ipsecrequest * ) buff;

    814. 

  814. 

    815. 

  815. 		if( xindex >= PFKI_MAX_XFORMS )

    816. 

  816. 			break;

    817. 

  817. 

    818. 

  818. 		spinfo.xforms[ xindex ].proto	= ipsr->sadb_x_ipsecrequest_proto;

    819. 

  819. 		spinfo.xforms[ xindex ].mode	= ipsr->sadb_x_ipsecrequest_mode;

    820. 

  820. 		spinfo.xforms[ xindex ].level	= ipsr->sadb_x_ipsecrequest_level;

    821. 

  821. 		spinfo.xforms[ xindex ].reqid	= ipsr->sadb_x_ipsecrequest_reqid;

    822. 

  822. 

    823. 

  823. 		unsigned char * addr_buff = buff;

    824. 

  824. 		long addr_size = size;

    825. 

  825. 

    826. 

  826. 		addr_buff += sizeof( sadb_x_ipsecrequest );

    827. 

  827. 		addr_size -= sizeof( sadb_x_ipsecrequest );

    828. 

  828. 

    829. 

  829. 		if( addr_size >= 0 )

    830. 

  830. 		{

    831. 

  831. 			sockaddr * saddr_src = ( sockaddr * )( addr_buff );

    832. 

  832. 

    833. 

  833. 			switch( saddr_src->sa_family )

    834. 

  834. 			{

    835. 

  835. 				case AF_INET:

    836. 

  836. 				{

    837. 

  837. 					if( addr_size < long( sizeof( sockaddr_in ) ) )

    838. 

  838. 						break;

    839. 

  839. 

    840. 

  840. 					memcpy(

    841. 

  841. 						&spinfo.xforms[ xindex ].saddr_src,

    842. 

  842. 						saddr_src,

    843. 

  843. 						sizeof( sockaddr_in ) );

    844. 

  844. 

    845. 

  845. 					addr_buff += sizeof( sockaddr_in );

    846. 

  846. 					addr_size -= sizeof( sockaddr_in );

    847. 

  847. 				}

    848. 

  848. 			}

    849. 

  849. 

    850. 

  850. 			sockaddr * saddr_dst = ( sockaddr * )( addr_buff );

    851. 

  851. 

    852. 

  852. 			switch( saddr_dst->sa_family )

    853. 

  853. 			{

    854. 

  854. 				case AF_INET:

    855. 

  855. 				{

    856. 

  856. 					if( addr_size < long( sizeof( sockaddr_in ) ) )

    857. 

  857. 						break;

    858. 

  858. 

    859. 

  859. 					memcpy(

    860. 

  860. 						&spinfo.xforms[ xindex ].saddr_dst,

    861. 

  861. 						saddr_dst,

    862. 

  862. 						sizeof( sockaddr_in ) );

    863. 

  863. 

    864. 

  864. 					addr_buff += sizeof( sockaddr_in );

    865. 

  865. 					addr_size -= sizeof( sockaddr_in );

    866. 

  866. 				}

    867. 

  867. 			}

    868. 

  868. 		}

    869. 

  869. 

    870. 

  870. 		buff += ipsr->sadb_x_ipsecrequest_len;

    871. 

  871. 		size -= ipsr->sadb_x_ipsecrequest_len;

    872. 

  872. 

    873. 

  873. 		xindex++;

    874. 

  874. 	}

    875. 

  875. 

    876. 

  876. 	return IPCERR_OK;

    877. 

  877. }

    878. 

  878. 

    879. 

  879. long _PFKI::buff_add_ipsec( PFKI_MSG & msg, PFKI_SPINFO & spinfo )

    880. 

  880. {

    881. 

  881. 	size_t size = sizeof( sadb_x_policy );

    882. 

  882. 	size_t oset = msg.size() - size;

    883. 

  883. 

    884. 

  884. 	long result;

    885. 

  885. 

    886. 

  886. 	long xindex = 0;

    887. 

  887. 

    888. 

  888. 	while( spinfo.xforms[ xindex ].proto )

    889. 

  889. 	{

    890. 

  890. 		if( xindex >= PFKI_MAX_XFORMS )

    891. 

  891. 			break;

    892. 

  892. 

    893. 

  893. 		long ext_size = sizeof( sadb_x_ipsecrequest );

    894. 

  894. 

    895. 

  895. 		int salen_src = 0;

    896. 

  896. 		int salen_dst = 0;

    897. 

  897. 

    898. 

  898. 		if( spinfo.xforms[ xindex ].mode == IPSEC_MODE_TUNNEL )

    899. 

  899. 		{

    900. 

  900. 			if( !sockaddr_len( spinfo.xforms[ xindex ].saddr_src.sa_family, salen_src ) )

    901. 

  901. 				return IPCERR_FAILED;

    902. 

  902. 

    903. 

  903. 			if( !sockaddr_len( spinfo.xforms[ xindex ].saddr_dst.sa_family, salen_dst ) )

    904. 

  904. 				return IPCERR_FAILED;

    905. 

  905. 

    906. 

  906. 			if( salen_src != salen_dst )

    907. 

  907. 				return IPCERR_FAILED;

    908. 

  908. 

    909. 

  909. 			ext_size += ( salen_src + salen_dst );

    910. 

  910. 		}

    911. 

  911. 

    912. 

  912. 		sadb_x_ipsecrequest * ipsr;

    913. 

  913. 

    914. 

  914. 		result = buff_add_ext( msg, ( sadb_ext ** ) &ipsr, ext_size, false );

    915. 

  915. 		if( result != IPCERR_OK )

    916. 

  916. 			return result;

    917. 

  917. 

    918. 

  918. 		ipsr->sadb_x_ipsecrequest_proto	= spinfo.xforms[ xindex ].proto;

    919. 

  919. 		ipsr->sadb_x_ipsecrequest_mode	= spinfo.xforms[ xindex ].mode;

    920. 

  920. 		ipsr->sadb_x_ipsecrequest_level	= spinfo.xforms[ xindex ].level;

    921. 

  921. 		ipsr->sadb_x_ipsecrequest_reqid	= spinfo.xforms[ xindex ].reqid;

    922. 

  922. 

    923. 

  923. 		unsigned char * ext_buff = ( unsigned char * ) ipsr;

    924. 

  924. 

    925. 

  925. 		ext_buff += sizeof( sadb_x_ipsecrequest );

    926. 

  926. 

    927. 

  927. 		if( salen_src )

    928. 

  928. 			memcpy( ext_buff, &spinfo.xforms[ xindex ].saddr_src, salen_src );

    929. 

  929. 

    930. 

  930. 		ext_buff += salen_src;

    931. 

  931. 

    932. 

  932. 		if( salen_dst )

    933. 

  933. 			memcpy( ext_buff, &spinfo.xforms[ xindex ].saddr_dst, salen_dst );

    934. 

  934. 

    935. 

  935. 		size += ext_size;

    936. 

  936. 

    937. 

  937. 		xindex++;

    938. 

  938. 	}

    939. 

  939. 

    940. 

  940. 	//

    941. 

  941. 	// reset the policy size

    942. 

  942. 	//

    943. 

  943. 

    944. 

  944. 	unsigned char * buff = msg.buff() + oset;

    945. 

  945. 	sadb_x_policy * xpl = ( sadb_x_policy * ) buff;

    946. 

  946. 	xpl->sadb_x_policy_len = ( u_int16_t ) PFKEY_UNIT64( size );

    947. 

  947. 

    948. 

  948. 	return IPCERR_OK;

    949. 

  949. }

    950. 

  950. 

    951. 

  951. //==============================================================================

    952. 

  952. // message handler functions

    953. 

  953. //==============================================================================

    954. 

  954. 

    955. 

  955. long _PFKI::send_sainfo( u_int8_t sadb_msg_type, PFKI_SAINFO & sainfo, bool serv )

    956. 

  956. {

    957. 

  957. 	PFKI_MSG msg;

    958. 

  958. 

    959. 

  959. #if defined( OPT_NATT ) && defined( __APPLE__ )

    960. 

  960. 

    961. 

  961. 	sadb_sa_natt * xsa;

    962. 

  962. 

    963. 

  963. #else

    964. 

  964. 

    965. 

  965. 	sadb_sa * xsa;

    966. 

  966. 

    967. 

  967. #endif

    968. 

  968. 

    969. 

  969. 	sadb_x_sa2 * xsa2;

    970. 

  970. 	sadb_address *xas, *xad;

    971. 

  971. 	sadb_lifetime *xlh, *xls, *xlc;

    972. 

  972. 	sadb_key *xke, *xka;

    973. 

  973. 	sadb_spirange *xsr;

    974. 

  974. 

    975. 

  975. 	long result;

    976. 

  976. 

    977. 

  977. 	//

    978. 

  978. 	// sa extension

    979. 

  979. 	//

    980. 

  980. 

    981. 

  981. 	switch( sadb_msg_type )

    982. 

  982. 	{

    983. 

  983. 		case SADB_DUMP:

    984. 

  984. 		case SADB_ADD:

    985. 

  985. 		case SADB_GET:

    986. 

  986. 		case SADB_DELETE:

    987. 

  987. 		case SADB_GETSPI:

    988. 

  988. 		case SADB_UPDATE:

    989. 

  989. 

    990. 

  990. 			if( ( sadb_msg_type == SADB_DUMP ) && !serv )

    991. 

  991. 				break;

    992. 

  992. 

    993. 

  993. 			if( ( sadb_msg_type == SADB_GETSPI ) && !serv )

    994. 

  994. 				break;

    995. 

  995. 

    996. 

  996. #if defined( OPT_NATT ) && defined( __APPLE__ )

    997. 

  997. 

    998. 

  998. 			result = buff_add_ext( msg, ( sadb_ext ** ) &xsa, sizeof( sadb_sa_natt ) );

    999. 

  999. 			if( result != IPCERR_OK )

    1000. 

  1000. 				return result;

    1001. 

  1001. 

    1002. 

  1002. 			xsa->sa.sadb_sa_exttype = SADB_EXT_SA;

    1003. 

  1003. 			xsa->sa.sadb_sa_spi = sainfo.sa.spi;

    1004. 

  1004. 			xsa->sa.sadb_sa_replay = sainfo.sa.replay;

    1005. 

  1005. 			xsa->sa.sadb_sa_state = sainfo.sa.state;

    1006. 

  1006. 			xsa->sa.sadb_sa_auth = sainfo.sa.auth;

    1007. 

  1007. 			xsa->sa.sadb_sa_encrypt = sainfo.sa.encrypt;

    1008. 

  1008. 			xsa->sa.sadb_sa_flags = sainfo.sa.flags;

    1009. 

  1009. 			xsa->sadb_sa_natt_port = sainfo.sa.natt_port;

    1010. 

  1010. 

    1011. 

  1011. #else

    1012. 

  1012. 

    1013. 

  1013. 			result = buff_add_ext( msg, ( sadb_ext ** ) &xsa, sizeof( sadb_sa ) );

    1014. 

  1014. 			if( result != IPCERR_OK )

    1015. 

  1015. 				return result;

    1016. 

  1016. 

    1017. 

  1017. 			xsa->sadb_sa_exttype = SADB_EXT_SA;

    1018. 

  1018. 			xsa->sadb_sa_spi = sainfo.sa.spi;

    1019. 

  1019. 			xsa->sadb_sa_replay = sainfo.sa.replay;

    1020. 

  1020. 			xsa->sadb_sa_state = sainfo.sa.state;

    1021. 

  1021. 			xsa->sadb_sa_auth = sainfo.sa.auth;

    1022. 

  1022. 			xsa->sadb_sa_encrypt = sainfo.sa.encrypt;

    1023. 

  1023. 			xsa->sadb_sa_flags = sainfo.sa.flags;

    1024. 

  1024. 

    1025. 

  1025. #endif

    1026. 

  1026. 

    1027. 

  1027. 			break;

    1028. 

  1028. 	}

    1029. 

  1029. 

    1030. 

  1030. 	if( sainfo.error )

    1031. 

  1031. 		goto sainfo_error;

    1032. 

  1032. 

    1033. 

  1033. 	//

    1034. 

  1034. 	// sa2 extension

    1035. 

  1035. 	//

    1036. 

  1036. 

    1037. 

  1037. 	switch( sadb_msg_type )

    1038. 

  1038. 	{

    1039. 

  1039. 		case SADB_DUMP:

    1040. 

  1040. 		case SADB_ADD:

    1041. 

  1041. 		case SADB_GET:

    1042. 

  1042. 		case SADB_GETSPI:

    1043. 

  1043. 		case SADB_UPDATE:

    1044. 

  1044. 

    1045. 

  1045. 			if( ( sadb_msg_type == SADB_DUMP ) && !serv )

    1046. 

  1046. 				break;

    1047. 

  1047. 

    1048. 

  1048. 			if( ( sadb_msg_type == SADB_GET ) && !serv )

    1049. 

  1049. 				break;

    1050. 

  1050. 

    1051. 

  1051. 			if( ( sadb_msg_type == SADB_GETSPI ) && serv )

    1052. 

  1052. 				break;

    1053. 

  1053. 

    1054. 

  1054. 			result = buff_add_ext( msg, ( sadb_ext ** ) &xsa2, sizeof( sadb_x_sa2 ) );

    1055. 

  1055. 			if( result != IPCERR_OK )

    1056. 

  1056. 				return result;

    1057. 

  1057. 

    1058. 

  1058. 			xsa2->sadb_x_sa2_exttype = SADB_X_EXT_SA2;

    1059. 

  1059. 			xsa2->sadb_x_sa2_mode = sainfo.sa2.mode;

    1060. 

  1060. 			xsa2->sadb_x_sa2_reqid = sainfo.sa2.reqid;

    1061. 

  1061. 			xsa2->sadb_x_sa2_sequence = sainfo.sa2.sequence;

    1062. 

  1062. 

    1063. 

  1063. 			break;

    1064. 

  1064. 	}

    1065. 

  1065. 

    1066. 

  1066. 	//

    1067. 

  1067. 	// address extensions

    1068. 

  1068. 	//

    1069. 

  1069. 

    1070. 

  1070. 	switch( sadb_msg_type )

    1071. 

  1071. 	{

    1072. 

  1072. 		case SADB_DUMP:

    1073. 

  1073. 		case SADB_ADD:

    1074. 

  1074. 		case SADB_GET:

    1075. 

  1075. 		case SADB_DELETE:

    1076. 

  1076. 		case SADB_GETSPI:

    1077. 

  1077. 		case SADB_UPDATE:

    1078. 

  1078. 

    1079. 

  1079. 			if( ( sadb_msg_type == SADB_DUMP ) && !serv )

    1080. 

  1080. 				break;

    1081. 

  1081. 

    1082. 

  1082. 			if( ( sadb_msg_type == SADB_GET ) && !serv )

    1083. 

  1083. 				break;

    1084. 

  1084. 

    1085. 

  1085. 			int salen_src;

    1086. 

  1086. 			if( !sockaddr_len( sainfo.paddr_src.saddr.sa_family, salen_src ) )

    1087. 

  1087. 				return IPCERR_FAILED;

    1088. 

  1088. 

    1089. 

  1089. 			result = buff_add_ext( msg, ( sadb_ext ** ) &xas, sizeof( sadb_address ) + salen_src );

    1090. 

  1090. 			if( result != IPCERR_OK )

    1091. 

  1091. 				return result;

    1092. 

  1092. 

    1093. 

  1093. 			xas->sadb_address_exttype = SADB_EXT_ADDRESS_SRC;

    1094. 

  1094. 			result = buff_set_address( xas, sainfo.paddr_src );

    1095. 

  1095. 			if( result != IPCERR_OK )

    1096. 

  1096. 				return result;

    1097. 

  1097. 

    1098. 

  1098. 			int salen_dst;

    1099. 

  1099. 			if( !sockaddr_len( sainfo.paddr_dst.saddr.sa_family, salen_dst ) )

    1100. 

  1100. 				return IPCERR_FAILED;

    1101. 

  1101. 

    1102. 

  1102. 			result = buff_add_ext( msg, ( sadb_ext ** ) &xad, sizeof( sadb_address ) + salen_dst );

    1103. 

  1103. 			if( result != IPCERR_OK )

    1104. 

  1104. 				return result;

    1105. 

  1105. 

    1106. 

  1106. 			xad->sadb_address_exttype = SADB_EXT_ADDRESS_DST;

    1107. 

  1107. 			result = buff_set_address( xad, sainfo.paddr_dst );

    1108. 

  1108. 			if( result != IPCERR_OK )

    1109. 

  1109. 				return result;

    1110. 

  1110. 

    1111. 

  1111. 			break;

    1112. 

  1112. 	}

    1113. 

  1113. 

    1114. 

  1114. 	//

    1115. 

  1115. 	// soft and hard lifetime extensions

    1116. 

  1116. 	//

    1117. 

  1117. 

    1118. 

  1118. 	switch( sadb_msg_type )

    1119. 

  1119. 	{

    1120. 

  1120. 		case SADB_DUMP:

    1121. 

  1121. 		case SADB_ADD:

    1122. 

  1122. 		case SADB_GET:

    1123. 

  1123. 		case SADB_UPDATE:

    1124. 

  1124. 

    1125. 

  1125. 			if( ( sadb_msg_type == SADB_DUMP ) && !serv )

    1126. 

  1126. 				break;

    1127. 

  1127. 

    1128. 

  1128. 			if( ( sadb_msg_type == SADB_GET ) && !serv )

    1129. 

  1129. 				break;

    1130. 

  1130. 

    1131. 

  1131. 			result = buff_add_ext( msg, ( sadb_ext ** ) &xlh, sizeof( sadb_lifetime ) );

    1132. 

  1132. 			if( result != IPCERR_OK )

    1133. 

  1133. 				return result;

    1134. 

  1134. 

    1135. 

  1135. 			xlh->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD;

    1136. 

  1136. 			xlh->sadb_lifetime_allocations = sainfo.ltime_hard.allocations;

    1137. 

  1137. 			xlh->sadb_lifetime_bytes = sainfo.ltime_hard.bytes;

    1138. 

  1138. 			xlh->sadb_lifetime_addtime = sainfo.ltime_hard.addtime;

    1139. 

  1139. 			xlh->sadb_lifetime_usetime = sainfo.ltime_hard.usetime;

    1140. 

  1140. 

    1141. 

  1141. 			result = buff_add_ext( msg, ( sadb_ext ** ) &xls, sizeof( sadb_lifetime ) );

    1142. 

  1142. 			if( result != IPCERR_OK )

    1143. 

  1143. 				return result;

    1144. 

  1144. 

    1145. 

  1145. 			xls->sadb_lifetime_exttype = SADB_EXT_LIFETIME_SOFT;

    1146. 

  1146. 			xls->sadb_lifetime_allocations = sainfo.ltime_soft.allocations;

    1147. 

  1147. 			xls->sadb_lifetime_bytes = sainfo.ltime_soft.bytes;

    1148. 

  1148. 			xls->sadb_lifetime_addtime = sainfo.ltime_soft.addtime;

    1149. 

  1149. 			xls->sadb_lifetime_usetime = sainfo.ltime_soft.usetime;

    1150. 

  1150. 

    1151. 

  1151. 			break;

    1152. 

  1152. 	}

    1153. 

  1153. 

    1154. 

  1154. 	//

    1155. 

  1155. 	// current lifetime extension

    1156. 

  1156. 	//

    1157. 

  1157. 

    1158. 

  1158. 	switch( sadb_msg_type )

    1159. 

  1159. 	{

    1160. 

  1160. 		case SADB_DUMP:

    1161. 

  1161. 		case SADB_ADD:

    1162. 

  1162. 		case SADB_GET:

    1163. 

  1163. 		case SADB_UPDATE:

    1164. 

  1164. 

    1165. 

  1165. 			if( ( sadb_msg_type == SADB_DUMP ) && !serv )

    1166. 

  1166. 				break;

    1167. 

  1167. 

    1168. 

  1168. 			if( ( sadb_msg_type == SADB_GET ) && !serv )

    1169. 

  1169. 				break;

    1170. 

  1170. 

    1171. 

  1171. 			result = buff_add_ext( msg, ( sadb_ext ** ) &xlc, sizeof( sadb_lifetime ) );

    1172. 

  1172. 			if( result != IPCERR_OK )

    1173. 

  1173. 				return result;

    1174. 

  1174. 

    1175. 

  1175. 			xlc->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;

    1176. 

  1176. 			xlc->sadb_lifetime_allocations = sainfo.ltime_curr.allocations;

    1177. 

  1177. 			xlc->sadb_lifetime_bytes = sainfo.ltime_curr.bytes;

    1178. 

  1178. 			xlc->sadb_lifetime_addtime = sainfo.ltime_curr.addtime;

    1179. 

  1179. 			xlc->sadb_lifetime_usetime = sainfo.ltime_curr.usetime;

    1180. 

  1180. 

    1181. 

  1181. 			break;

    1182. 

  1182. 	}

    1183. 

  1183. 

    1184. 

  1184. 	//

    1185. 

  1185. 	// key data extension

    1186. 

  1186. 	//

    1187. 

  1187. 

    1188. 

  1188. 	switch( sadb_msg_type )

    1189. 

  1189. 	{

    1190. 

  1190. 		case SADB_DUMP:

    1191. 

  1191. 		case SADB_ADD:

    1192. 

  1192. 		case SADB_GET:

    1193. 

  1193. 		case SADB_UPDATE:

    1194. 

  1194. 

    1195. 

  1195. 			if( ( sadb_msg_type == SADB_DUMP ) && !serv )

    1196. 

  1196. 				break;

    1197. 

  1197. 

    1198. 

  1198. 			if( ( sadb_msg_type == SADB_GET ) && !serv )

    1199. 

  1199. 				break;

    1200. 

  1200. 

    1201. 

  1201. 			if( sainfo.ekey.length )

    1202. 

  1202. 			{

    1203. 

  1203. 				result = buff_add_ext( msg, ( sadb_ext ** ) &xke, sizeof( sadb_key ) + sainfo.ekey.length );

    1204. 

  1204. 				if( result != IPCERR_OK )

    1205. 

  1205. 					return result;

    1206. 

  1206. 

    1207. 

  1207. 				xke->sadb_key_exttype = SADB_EXT_KEY_ENCRYPT;

    1208. 

  1208. 				result = buff_set_key( xke, sainfo.ekey );

    1209. 

  1209. 				if( result != IPCERR_OK )

    1210. 

  1210. 					return result;

    1211. 

  1211. 			}

    1212. 

  1212. 

    1213. 

  1213. 			if( sainfo.akey.length )

    1214. 

  1214. 			{

    1215. 

  1215. 				result = buff_add_ext( msg, ( sadb_ext ** ) &xka, sizeof( sadb_key ) + sainfo.akey.length );

    1216. 

  1216. 				if( result != IPCERR_OK )

    1217. 

  1217. 					return result;

    1218. 

  1218. 

    1219. 

  1219. 				xka->sadb_key_exttype = SADB_EXT_KEY_AUTH;

    1220. 

  1220. 				result = buff_set_key( xka, sainfo.akey );

    1221. 

  1221. 				if( result != IPCERR_OK )

    1222. 

  1222. 					return result;

    1223. 

  1223. 			}

    1224. 

  1224. 

    1225. 

  1225. 			break;

    1226. 

  1226. 	}

    1227. 

  1227. 

    1228. 

  1228. #if defined( OPT_NATT ) && !defined( __APPLE__ )

    1229. 

  1229. 

    1230. 

  1230. 	//

    1231. 

  1231. 	// natt extension

    1232. 

  1232. 	//

    1233. 

  1233. 

    1234. 

  1234. 	switch( sadb_msg_type )

    1235. 

  1235. 	{

    1236. 

  1236. 		case SADB_DUMP:

    1237. 

  1237. 		case SADB_ADD:

    1238. 

  1238. 		case SADB_GET:

    1239. 

  1239. 		case SADB_UPDATE:

    1240. 

  1240. 

    1241. 

  1241. 			if( ( sadb_msg_type == SADB_DUMP ) && !serv )

    1242. 

  1242. 				break;

    1243. 

  1243. 

    1244. 

  1244. 			if( ( sadb_msg_type == SADB_GET ) && !serv )

    1245. 

  1245. 				break;

    1246. 

  1246. 

    1247. 

  1247. 			if( sainfo.natt.type )

    1248. 

  1248. 			{

    1249. 

  1249. 				sadb_x_nat_t_type *xnt;

    1250. 

  1250. 				sadb_x_nat_t_port *xnps, *xnpd;

    1251. 

  1251. 

    1252. 

  1252. 				result = buff_add_ext( msg, ( sadb_ext ** ) &xnt, sizeof( sadb_x_nat_t_type ) );

    1253. 

  1253. 				if( result != IPCERR_OK )

    1254. 

  1254. 					return result;

    1255. 

  1255. 

    1256. 

  1256. 				xnt->sadb_x_nat_t_type_exttype = SADB_X_EXT_NAT_T_TYPE;

    1257. 

  1257. 				xnt->sadb_x_nat_t_type_type = sainfo.natt.type;

    1258. 

  1258. 

    1259. 

  1259. 				result = buff_add_ext( msg, ( sadb_ext ** ) &xnps, sizeof( sadb_x_nat_t_port ) );

    1260. 

  1260. 				if( result != IPCERR_OK )

    1261. 

  1261. 					return result;

    1262. 

  1262. 

    1263. 

  1263. 				xnps->sadb_x_nat_t_port_exttype = SADB_X_EXT_NAT_T_SPORT;

    1264. 

  1264. 				xnps->sadb_x_nat_t_port_port = sainfo.natt.port_src;

    1265. 

  1265. 

    1266. 

  1266. 				result = buff_add_ext( msg, ( sadb_ext ** ) &xnpd, sizeof( sadb_x_nat_t_port ) );

    1267. 

  1267. 				if( result != IPCERR_OK )

    1268. 

  1268. 					return result;

    1269. 

  1269. 

    1270. 

  1270. 				xnpd->sadb_x_nat_t_port_exttype = SADB_X_EXT_NAT_T_DPORT;

    1271. 

  1271. 				xnpd->sadb_x_nat_t_port_port = sainfo.natt.port_dst;

    1272. 

  1272. 			}

    1273. 

  1273. 

    1274. 

  1274. 			break;

    1275. 

  1275. 	}

    1276. 

  1276. 

    1277. 

  1277. #endif

    1278. 

  1278. 

    1279. 

  1279. 	//

    1280. 

  1280. 	// spi range extension

    1281. 

  1281. 	//

    1282. 

  1282. 

    1283. 

  1283. 	switch( sadb_msg_type )

    1284. 

  1284. 	{

    1285. 

  1285. 		case SADB_GETSPI:

    1286. 

  1286. 

    1287. 

  1287. 			if( sainfo.range.min || sainfo.range.max )

    1288. 

  1288. 			{

    1289. 

  1289. 				result = buff_add_ext( msg, ( sadb_ext ** ) &xsr, sizeof( sadb_spirange ) );

    1290. 

  1290. 				if( result != IPCERR_OK )

    1291. 

  1291. 					return result;

    1292. 

  1292. 				

    1293. 

  1293. 				xsr->sadb_spirange_exttype = SADB_EXT_SPIRANGE;

    1294. 

  1294. 				xsr->sadb_spirange_min = sainfo.range.min;

    1295. 

  1295. 				xsr->sadb_spirange_max = sainfo.range.max;

    1296. 

  1296. 			}

    1297. 

  1297. 

    1298. 

  1298. 			break;

    1299. 

  1299. 	}

    1300. 

  1300. 

    1301. 

  1301. 	sainfo_error:

    1302. 

  1302. 

    1303. 

  1303. 	if( !serv )

    1304. 

  1304. 		sainfo.pid = getpid();

    1305. 

  1305. 

    1306. 

  1306. 	msg.header.sadb_msg_version = PF_KEY_V2;

    1307. 

  1307. 	msg.header.sadb_msg_type = sadb_msg_type;

    1308. 

  1308. 	msg.header.sadb_msg_errno = sainfo.error;

    1309. 

  1309. 	msg.header.sadb_msg_satype = sainfo.satype;

    1310. 

  1310. 	msg.header.sadb_msg_reserved = 0;

    1311. 

  1311. 	msg.header.sadb_msg_seq = sainfo.seq;

    1312. 

  1312. 	msg.header.sadb_msg_pid = sainfo.pid;

    1313. 

  1313. 

    1314. 

  1314. 	return send_message( msg );

    1315. 

  1315. }

    1316. 

  1316. 

    1317. 

  1317. long _PFKI::send_spinfo( u_int8_t sadb_msg_type, PFKI_SPINFO & spinfo, bool serv )

    1318. 

  1318. {

    1319. 

  1319. 	PFKI_MSG msg;

    1320. 

  1320. 

    1321. 

  1321. 	sadb_x_policy * xpl;

    1322. 

  1322. 	sadb_address *xas, *xad;

    1323. 

  1323. 

    1324. 

  1324. 	long result;

    1325. 

  1325. 

    1326. 

  1326. 	if( spinfo.error )

    1327. 

  1327. 		goto spinfo_error;

    1328. 

  1328. 

    1329. 

  1329. 	//

    1330. 

  1330. 	// sp extension

    1331. 

  1331. 	//

    1332. 

  1332. 

    1333. 

  1333. 	switch( sadb_msg_type )

    1334. 

  1334. 	{

    1335. 

  1335. 		case SADB_ACQUIRE:

    1336. 

  1336. 		case SADB_X_SPDDUMP:

    1337. 

  1337. 		case SADB_X_SPDADD:

    1338. 

  1338. 		case SADB_X_SPDDELETE2:

    1339. 

  1339. 

    1340. 

  1340. 			if( ( sadb_msg_type == SADB_X_SPDDUMP ) && !serv )

    1341. 

  1341. 				break;

    1342. 

  1342. 

    1343. 

  1343. 			result = buff_add_ext( msg, ( sadb_ext ** ) &xpl, sizeof( sadb_x_policy ) );

    1344. 

  1344. 			if( result != IPCERR_OK )

    1345. 

  1345. 				return result;

    1346. 

  1346. 

    1347. 

  1347. 			xpl->sadb_x_policy_exttype = SADB_X_EXT_POLICY;

    1348. 

  1348. 			xpl->sadb_x_policy_type = spinfo.sp.type;

    1349. 

  1349. 			xpl->sadb_x_policy_id = spinfo.sp.id;

    1350. 

  1350. 			xpl->sadb_x_policy_dir = spinfo.sp.dir;

    1351. 

  1351. 

    1352. 

  1352. 			if( spinfo.sp.type == IPSEC_POLICY_IPSEC )

    1353. 

  1353. 			{

    1354. 

  1354. 				result = buff_add_ipsec( msg, spinfo );

    1355. 

  1355. 				if( result != IPCERR_OK )

    1356. 

  1356. 					return result;

    1357. 

  1357. 			}

    1358. 

  1358. 

    1359. 

  1359. 			break;

    1360. 

  1360. 	}

    1361. 

  1361. 

    1362. 

  1362. 	//

    1363. 

  1363. 	// address extensions

    1364. 

  1364. 	//

    1365. 

  1365. 

    1366. 

  1366. 	switch( sadb_msg_type )

    1367. 

  1367. 	{

    1368. 

  1368. 		case SADB_ACQUIRE:

    1369. 

  1369. 		case SADB_X_SPDDUMP:

    1370. 

  1370. 		case SADB_X_SPDADD:

    1371. 

  1371. 

    1372. 

  1372. 			if( ( sadb_msg_type == SADB_X_SPDDUMP ) && !serv )

    1373. 

  1373. 				break;

    1374. 

  1374. 

    1375. 

  1375. 			int salen_src;

    1376. 

  1376. 			if( !sockaddr_len( spinfo.paddr_src.saddr.sa_family, salen_src ) )

    1377. 

  1377. 				return IPCERR_FAILED;

    1378. 

  1378. 

    1379. 

  1379. 			result = buff_add_ext( msg, ( sadb_ext ** ) &xas, sizeof( sadb_address ) + salen_src );

    1380. 

  1380. 			if( result != IPCERR_OK )

    1381. 

  1381. 				return result;

    1382. 

  1382. 

    1383. 

  1383. 			xas->sadb_address_exttype = SADB_EXT_ADDRESS_SRC;

    1384. 

  1384. 			result = buff_set_address( xas, spinfo.paddr_src );

    1385. 

  1385. 			if( result != IPCERR_OK )

    1386. 

  1386. 				return result;

    1387. 

  1387. 

    1388. 

  1388. 			int salen_dst;

    1389. 

  1389. 			if( !sockaddr_len( spinfo.paddr_dst.saddr.sa_family, salen_dst ) )

    1390. 

  1390. 				return IPCERR_FAILED;

    1391. 

  1391. 

    1392. 

  1392. 			result = buff_add_ext( msg, ( sadb_ext ** ) &xad, sizeof( sadb_address ) + salen_dst );

    1393. 

  1393. 			if( result != IPCERR_OK )

    1394. 

  1394. 				return result;

    1395. 

  1395. 

    1396. 

  1396. 			xad->sadb_address_exttype = SADB_EXT_ADDRESS_DST;

    1397. 

  1397. 			result = buff_set_address( xad, spinfo.paddr_dst );

    1398. 

  1398. 			if( result != IPCERR_OK )

    1399. 

  1399. 				return result;

    1400. 

  1400. 

    1401. 

  1401. 			break;

    1402. 

  1402. 	}

    1403. 

  1403. 

    1404. 

  1404. 	spinfo_error:

    1405. 

  1405. 

    1406. 

  1406. 	if( !serv )

    1407. 

  1407. 		spinfo.pid = getpid();

    1408. 

  1408. 

    1409. 

  1409. 	msg.header.sadb_msg_version = PF_KEY_V2;

    1410. 

  1410. 	msg.header.sadb_msg_type = sadb_msg_type;

    1411. 

  1411. 	msg.header.sadb_msg_errno = spinfo.error;

    1412. 

  1412. 	msg.header.sadb_msg_satype = SADB_SATYPE_UNSPEC;

    1413. 

  1413. 	msg.header.sadb_msg_reserved = 0;

    1414. 

  1414. 	msg.header.sadb_msg_seq = spinfo.seq;

    1415. 

  1415. 	msg.header.sadb_msg_pid = spinfo.pid;

    1416. 

  1416. 

    1417. 

  1417. 	return send_message( msg );

    1418. 

  1418. }

    1419. 

  1419. 

    1420. 

  1420. //

    1421. 

  1421. // extension functions

    1422. 

  1422. //

    1423. 

  1423. 

    1424. 

  1424. long _PFKI::read_sa( PFKI_MSG & msg, PFKI_SA & sa )

    1425. 

  1425. {

    1426. 

  1426. 	//

    1427. 

  1427. 	// read policy extension

    1428. 

  1428. 	//

    1429. 

  1429. 

    1430. 

  1430. 	sadb_sa * xsa;

    1431. 

  1431. 

    1432. 

  1432. 	long result = buff_get_ext( msg, ( sadb_ext ** ) &xsa, SADB_EXT_SA );

    1433. 

  1433. 	if( result != IPCERR_OK )

    1434. 

  1434. 		return result;

    1435. 

  1435. 

    1436. 

  1436. 	sa.spi		= xsa->sadb_sa_spi;

    1437. 

  1437. 	sa.replay	= xsa->sadb_sa_replay;

    1438. 

  1438. 	sa.state	= xsa->sadb_sa_state;

    1439. 

  1439. 	sa.auth		= xsa->sadb_sa_auth;

    1440. 

  1440. 	sa.encrypt	= xsa->sadb_sa_encrypt;

    1441. 

  1441. 	sa.flags	= xsa->sadb_sa_flags;

    1442. 

  1442. 

    1443. 

  1443. 	return IPCERR_OK;

    1444. 

  1444. }

    1445. 

  1445. 

    1446. 

  1446. long _PFKI::read_sa2( PFKI_MSG & msg, PFKI_SA2 & sa2 )

    1447. 

  1447. {

    1448. 

  1448. 	//

    1449. 

  1449. 	// read policy extension

    1450. 

  1450. 	//

    1451. 

  1451. 

    1452. 

  1452. 	sadb_x_sa2 * xsa2;

    1453. 

  1453. 

    1454. 

  1454. 	long result = buff_get_ext( msg, ( sadb_ext ** ) &xsa2, SADB_X_EXT_SA2 );

    1455. 

  1455. 	if( result != IPCERR_OK )

    1456. 

  1456. 		return result;

    1457. 

  1457. 

    1458. 

  1458. 	sa2.mode		= xsa2->sadb_x_sa2_mode;

    1459. 

  1459. 	sa2.sequence	= xsa2->sadb_x_sa2_sequence;

    1460. 

  1460. 	sa2.reqid		= xsa2->sadb_x_sa2_reqid;

    1461. 

  1461. 

    1462. 

  1462. 	return true;

    1463. 

  1463. }

    1464. 

  1464. 

    1465. 

  1465. long _PFKI::read_range( PFKI_MSG & msg, PFKI_RANGE & range )

    1466. 

  1466. {

    1467. 

  1467. 	//

    1468. 

  1468. 	// read address extension

    1469. 

  1469. 	//

    1470. 

  1470. 

    1471. 

  1471. 	sadb_spirange * xsr;

    1472. 

  1472. 

    1473. 

  1473. 	long result;

    1474. 

  1474. 

    1475. 

  1475. 	result = buff_get_ext( msg, ( sadb_ext ** ) &xsr, SADB_EXT_SPIRANGE );

    1476. 

  1476. 	if( result != IPCERR_OK )

    1477. 

  1477. 		return result;

    1478. 

  1478. 

    1479. 

  1479. 	range.min = xsr->sadb_spirange_min;

    1480. 

  1480. 	range.max = xsr->sadb_spirange_max;

    1481. 

  1481. 

    1482. 

  1482. 	return IPCERR_OK;

    1483. 

  1483. }

    1484. 

  1484. 

    1485. 

  1485. long _PFKI::read_ltime_curr( PFKI_MSG & msg, PFKI_LTIME & ltime )

    1486. 

  1486. {

    1487. 

  1487. 	//

    1488. 

  1488. 	// read lifetime extension

    1489. 

  1489. 	//

    1490. 

  1490. 

    1491. 

  1491. 	sadb_lifetime * xlt;

    1492. 

  1492. 

    1493. 

  1493. 	long result;

    1494. 

  1494. 

    1495. 

  1495. 	result = buff_get_ext( msg, ( sadb_ext ** ) &xlt, SADB_EXT_LIFETIME_CURRENT );

    1496. 

  1496. 	if( result != IPCERR_OK )

    1497. 

  1497. 		return result;

    1498. 

  1498. 

    1499. 

  1499. 	ltime.allocations = xlt->sadb_lifetime_allocations;

    1500. 

  1500. 	ltime.addtime = xlt->sadb_lifetime_addtime;

    1501. 

  1501. 	ltime.usetime = xlt->sadb_lifetime_usetime;

    1502. 

  1502. 	ltime.bytes = xlt->sadb_lifetime_bytes;

    1503. 

  1503. 

    1504. 

  1504. 	return IPCERR_OK;

    1505. 

  1505. }

    1506. 

  1506. 

    1507. 

  1507. long _PFKI::read_ltime_hard( PFKI_MSG & msg, PFKI_LTIME & ltime )

    1508. 

  1508. {

    1509. 

  1509. 	//

    1510. 

  1510. 	// read lifetime extension

    1511. 

  1511. 	//

    1512. 

  1512. 

    1513. 

  1513. 	sadb_lifetime * xlt;

    1514. 

  1514. 

    1515. 

  1515. 	long result;

    1516. 

  1516. 

    1517. 

  1517. 	result = buff_get_ext( msg, ( sadb_ext ** ) &xlt, SADB_EXT_LIFETIME_HARD );

    1518. 

  1518. 	if( result != IPCERR_OK )

    1519. 

  1519. 		return result;

    1520. 

  1520. 

    1521. 

  1521. 	ltime.allocations = xlt->sadb_lifetime_allocations;

    1522. 

  1522. 	ltime.addtime = xlt->sadb_lifetime_addtime;

    1523. 

  1523. 	ltime.usetime = xlt->sadb_lifetime_usetime;

    1524. 

  1524. 	ltime.bytes = xlt->sadb_lifetime_bytes;

    1525. 

  1525. 

    1526. 

  1526. 	return IPCERR_OK;

    1527. 

  1527. }

    1528. 

  1528. 

    1529. 

  1529. long _PFKI::read_ltime_soft( PFKI_MSG & msg, PFKI_LTIME & ltime )

    1530. 

  1530. {

    1531. 

  1531. 	//

    1532. 

  1532. 	// read lifetime extension

    1533. 

  1533. 	//

    1534. 

  1534. 

    1535. 

  1535. 	sadb_lifetime * xlt;

    1536. 

  1536. 

    1537. 

  1537. 	long result;

    1538. 

  1538. 

    1539. 

  1539. 	result = buff_get_ext( msg, ( sadb_ext ** ) &xlt, SADB_EXT_LIFETIME_SOFT );

    1540. 

  1540. 	if( result != IPCERR_OK )

    1541. 

  1541. 		return result;

    1542. 

  1542. 

    1543. 

  1543. 	ltime.allocations = xlt->sadb_lifetime_allocations;

    1544. 

  1544. 	ltime.addtime = xlt->sadb_lifetime_addtime;

    1545. 

  1545. 	ltime.usetime = xlt->sadb_lifetime_usetime;

    1546. 

  1546. 	ltime.bytes = xlt->sadb_lifetime_bytes;

    1547. 

  1547. 

    1548. 

  1548. 	return IPCERR_OK;

    1549. 

  1549. }

    1550. 

  1550. 

    1551. 

  1551. long _PFKI::read_key_a( PFKI_MSG & msg, PFKI_KEY & akey )

    1552. 

  1552. {

    1553. 

  1553. 	//

    1554. 

  1554. 	// read key extension

    1555. 

  1555. 	//

    1556. 

  1556. 

    1557. 

  1557. 	sadb_key * xka;

    1558. 

  1558. 

    1559. 

  1559. 	long result;

    1560. 

  1560. 

    1561. 

  1561. 	result = buff_get_ext( msg, ( sadb_ext ** ) &xka, SADB_EXT_KEY_AUTH );

    1562. 

  1562. 	if( result != IPCERR_OK )

    1563. 

  1563. 		return result;

    1564. 

  1564. 

    1565. 

  1565. 	result = buff_get_key( xka, akey );

    1566. 

  1566. 	if( result != IPCERR_OK )

    1567. 

  1567. 		return result;

    1568. 

  1568. 

    1569. 

  1569. 	return IPCERR_OK;

    1570. 

  1570. }

    1571. 

  1571. 

    1572. 

  1572. long _PFKI::read_key_e( PFKI_MSG & msg, PFKI_KEY & ekey )

    1573. 

  1573. {

    1574. 

  1574. 	//

    1575. 

  1575. 	// read key extension

    1576. 

  1576. 	//

    1577. 

  1577. 

    1578. 

  1578. 	sadb_key * xke;

    1579. 

  1579. 

    1580. 

  1580. 	long result;

    1581. 

  1581. 

    1582. 

  1582. 	result = buff_get_ext( msg, ( sadb_ext ** ) &xke, SADB_EXT_KEY_ENCRYPT );

    1583. 

  1583. 	if( result != IPCERR_OK )

    1584. 

  1584. 		return result;

    1585. 

  1585. 

    1586. 

  1586. 	result = buff_get_key( xke, ekey );

    1587. 

  1587. 	if( result != IPCERR_OK )

    1588. 

  1588. 		return result;

    1589. 

  1589. 

    1590. 

  1590. 	return IPCERR_OK;

    1591. 

  1591. }

    1592. 

  1592. 

    1593. 

  1593. long _PFKI::read_address_src( PFKI_MSG & msg, PFKI_ADDR & addr )

    1594. 

  1594. {

    1595. 

  1595. 	//

    1596. 

  1596. 	// read address extension

    1597. 

  1597. 	//

    1598. 

  1598. 

    1599. 

  1599. 	sadb_address * xad;

    1600. 

  1600. 

    1601. 

  1601. 	long result;

    1602. 

  1602. 

    1603. 

  1603. 	result = buff_get_ext( msg, ( sadb_ext ** ) &xad, SADB_EXT_ADDRESS_SRC );

    1604. 

  1604. 	if( result != IPCERR_OK )

    1605. 

  1605. 		return result;

    1606. 

  1606. 

    1607. 

  1607. 	result = buff_get_address( xad, addr );

    1608. 

  1608. 	if( result != IPCERR_OK )

    1609. 

  1609. 		return result;

    1610. 

  1610. 

    1611. 

  1611. 	return IPCERR_OK;

    1612. 

  1612. }

    1613. 

  1613. 

    1614. 

  1614. long _PFKI::read_address_dst( PFKI_MSG & msg, PFKI_ADDR & addr )

    1615. 

  1615. {

    1616. 

  1616. 	//

    1617. 

  1617. 	// read address extension

    1618. 

  1618. 	//

    1619. 

  1619. 

    1620. 

  1620. 	sadb_address * xad;

    1621. 

  1621. 

    1622. 

  1622. 	long result;

    1623. 

  1623. 

    1624. 

  1624. 	result = buff_get_ext( msg, ( sadb_ext ** ) &xad, SADB_EXT_ADDRESS_DST );

    1625. 

  1625. 	if( result != IPCERR_OK )

    1626. 

  1626. 		return result;

    1627. 

  1627. 

    1628. 

  1628. 	result = buff_get_address( xad, addr );

    1629. 

  1629. 	if( result != IPCERR_OK )

    1630. 

  1630. 		return result;

    1631. 

  1631. 

    1632. 

  1632. 	return IPCERR_OK;

    1633. 

  1633. }

    1634. 

  1634. 

    1635. 

  1635. #if defined( OPT_NATT ) && !defined( __APPLE__ )

    1636. 

  1636. 

    1637. 

  1637. long _PFKI::read_natt( PFKI_MSG & msg, PFKI_NATT & natt )

    1638. 

  1638. {

    1639. 

  1639. 	sadb_x_nat_t_type * xnt;

    1640. 

  1640. 	sadb_x_nat_t_port * xnps, * xnpd;

    1641. 

  1641. 

    1642. 

  1642. 	long result;

    1643. 

  1643. 

    1644. 

  1644. 	result = buff_get_ext( msg, ( sadb_ext ** ) &xnt, SADB_X_EXT_NAT_T_TYPE );

    1645. 

  1645. 	if( result != IPCERR_OK )

    1646. 

  1646. 		return result;

    1647. 

  1647. 

    1648. 

  1648. 	natt.type = xnt->sadb_x_nat_t_type_type;

    1649. 

  1649. 

    1650. 

  1650. 	result = buff_get_ext( msg, ( sadb_ext ** ) &xnps, SADB_X_EXT_NAT_T_SPORT );

    1651. 

  1651. 	if( result != IPCERR_OK )

    1652. 

  1652. 		return result;

    1653. 

  1653. 

    1654. 

  1654. 	natt.port_src = xnps->sadb_x_nat_t_port_port;

    1655. 

  1655. 

    1656. 

  1656. 	result = buff_get_ext( msg, ( sadb_ext ** ) &xnpd, SADB_X_EXT_NAT_T_DPORT );

    1657. 

  1657. 	if( result != IPCERR_OK )

    1658. 

  1658. 		return result;

    1659. 

  1659. 

    1660. 

  1660. 	natt.port_dst = xnpd->sadb_x_nat_t_port_port;

    1661. 

  1661. 

    1662. 

  1662. 	return IPCERR_OK;

    1663. 

  1663. }

    1664. 

  1664. 

    1665. 

  1665. # endif // OPT_NATT && !__APPLE__

    1666. 

  1666. 

    1667. 

  1667. long _PFKI::read_policy( PFKI_MSG & msg, PFKI_SPINFO & spinfo )

    1668. 

  1668. {

    1669. 

  1669. 	//

    1670. 

  1670. 	// read policy extension

    1671. 

  1671. 	//

    1672. 

  1672. 

    1673. 

  1673. 	sadb_x_policy * xpl;

    1674. 

  1674. 

    1675. 

  1675. 	long result;

    1676. 

  1676. 	

    1677. 

  1677. 	result = buff_get_ext( msg, ( sadb_ext ** ) &xpl, SADB_X_EXT_POLICY );

    1678. 

  1678. 	if( result != IPCERR_OK )

    1679. 

  1679. 		return result;

    1680. 

  1680. 

    1681. 

  1681. 	spinfo.sp.type	= xpl->sadb_x_policy_type;

    1682. 

  1682. 	spinfo.sp.id	= xpl->sadb_x_policy_id;

    1683. 

  1683. 	spinfo.sp.dir	= xpl->sadb_x_policy_dir;

    1684. 

  1684. 

    1685. 

  1685. 	if( spinfo.sp.type == IPSEC_POLICY_IPSEC )

    1686. 

  1686. 	{

    1687. 

  1687. 		result = buff_get_ipsec( xpl, spinfo );

    1688. 

  1688. 		if( result != IPCERR_OK )

    1689. 

  1689. 			return result;

    1690. 

  1690. 	}

    1691. 

  1691. 

    1692. 

  1692. 	return IPCERR_OK;

    1693. 

  1693. }

    1694. 

  1694. 

    1695. 

  1695. //

    1696. 

  1696. // client functions

    1697. 

  1697. //

    1698. 

  1698. 

    1699. 

  1699. long _PFKI::send_register( u_int8_t satype )

    1700. 

  1700. {

    1701. 

  1701. 	PFKI_SAINFO sainfo;

    1702. 

  1702. 	memset( &sainfo, 0, sizeof( sainfo ) );

    1703. 

  1703. 	sainfo.satype = satype;

    1704. 

  1704. 	return send_sainfo( SADB_REGISTER, sainfo, false );

    1705. 

  1705. }

    1706. 

  1706. 

    1707. 

  1707. long _PFKI::send_dump()

    1708. 

  1708. {

    1709. 

  1709. 	PFKI_SAINFO sainfo;

    1710. 

  1710. 	memset( &sainfo, 0, sizeof( sainfo ) );

    1711. 

  1711. 	return send_sainfo( SADB_DUMP, sainfo, false );

    1712. 

  1712. }

    1713. 

  1713. 

    1714. 

  1714. long _PFKI::send_add( PFKI_SAINFO & sainfo )

    1715. 

  1715. {

    1716. 

  1716. 	return send_sainfo( SADB_ADD, sainfo, false );

    1717. 

  1717. }

    1718. 

  1718. 

    1719. 

  1719. long _PFKI::send_get( PFKI_SAINFO & sainfo )

    1720. 

  1720. {

    1721. 

  1721. 	return send_sainfo( SADB_GET, sainfo, false );

    1722. 

  1722. }

    1723. 

  1723. 

    1724. 

  1724. long _PFKI::send_del( PFKI_SAINFO & sainfo )

    1725. 

  1725. {

    1726. 

  1726. 	return send_sainfo( SADB_DELETE, sainfo, false );

    1727. 

  1727. }

    1728. 

  1728. 

    1729. 

  1729. long _PFKI::send_getspi( PFKI_SAINFO & sainfo )

    1730. 

  1730. {

    1731. 

  1731. 	return send_sainfo( SADB_GETSPI, sainfo, false );

    1732. 

  1732. }

    1733. 

  1733. 

    1734. 

  1734. long _PFKI::send_update( PFKI_SAINFO & sainfo )

    1735. 

  1735. {

    1736. 

  1736. 	return send_sainfo( SADB_UPDATE, sainfo, false );

    1737. 

  1737. }

    1738. 

  1738. 

    1739. 

  1739. long _PFKI::send_spdump()

    1740. 

  1740. {

    1741. 

  1741. 	PFKI_SPINFO spinfo;

    1742. 

  1742. 	memset( &spinfo, 0, sizeof( spinfo ) );

    1743. 

  1743. 	return send_spinfo( SADB_X_SPDDUMP, spinfo, false );

    1744. 

  1744. }

    1745. 

  1745. 

    1746. 

  1746. long _PFKI::send_spadd( PFKI_SPINFO & spinfo )

    1747. 

  1747. {

    1748. 

  1748. 	return send_spinfo( SADB_X_SPDADD, spinfo, false );

    1749. 

  1749. }

    1750. 

  1750. 

    1751. 

  1751. long _PFKI::send_spdel( PFKI_SPINFO & spinfo )

    1752. 

  1752. {

    1753. 

  1753. 	return send_spinfo( SADB_X_SPDDELETE2, spinfo, false );

    1754. 

  1754. }

    1755. 

  1755. 

    1756. 

  1756. //

    1757. 

  1757. // server functions

    1758. 

  1758. //

    1759. 

  1759. 

    1760. 

  1760. long _PFKI::serv_dump( PFKI_SAINFO & sainfo )

    1761. 

  1761. {

    1762. 

  1762.  	return send_sainfo( SADB_DUMP, sainfo, true );

    1763. 

  1763. }

    1764. 

  1764. 

    1765. 

  1765. long _PFKI::serv_add( PFKI_SAINFO & sainfo )

    1766. 

  1766. {

    1767. 

  1767. 	return send_sainfo( SADB_ADD, sainfo, true );

    1768. 

  1768. }

    1769. 

  1769. 

    1770. 

  1770. long _PFKI::serv_get( PFKI_SAINFO & sainfo )

    1771. 

  1771. {

    1772. 

  1772. 	return send_sainfo( SADB_GET, sainfo, true );

    1773. 

  1773. }

    1774. 

  1774. 

    1775. 

  1775. long _PFKI::serv_del( PFKI_SAINFO & sainfo )

    1776. 

  1776. {

    1777. 

  1777. 	return send_sainfo( SADB_DELETE, sainfo, true );

    1778. 

  1778. }

    1779. 

  1779. 

    1780. 

  1780. long _PFKI::serv_acquire( PFKI_SPINFO & spinfo )

    1781. 

  1781. {

    1782. 

  1782. 	return send_spinfo( SADB_ACQUIRE, spinfo, true );

    1783. 

  1783. }

    1784. 

  1784. 

    1785. 

  1785. long _PFKI::serv_getspi( PFKI_SAINFO & sainfo )

    1786. 

  1786. {

    1787. 

  1787. 	return send_sainfo( SADB_GETSPI, sainfo, true );

    1788. 

  1788. }

    1789. 

  1789. 

    1790. 

  1790. long _PFKI::serv_update( PFKI_SAINFO & sainfo )

    1791. 

  1791. {

    1792. 

  1792. 	return send_sainfo( SADB_UPDATE, sainfo, true );

    1793. 

  1793. }

    1794. 

  1794. 

    1795. 

  1795. long _PFKI::serv_spdump( PFKI_SPINFO & spinfo )

    1796. 

  1796. {

    1797. 

  1797.  	return send_spinfo( SADB_X_SPDDUMP, spinfo, true );

    1798. 

  1798. }

    1799. 

  1799. 

    1800. 

  1800. long _PFKI::serv_spadd( PFKI_SPINFO & spinfo )

    1801. 

  1801. {

    1802. 

  1802. 	return send_spinfo( SADB_X_SPDADD, spinfo, true );

    1803. 

  1803. }

    1804. 

  1804. 

    1805. 

  1805. long _PFKI::serv_spdel( PFKI_SPINFO & spinfo )

    1806. 

  1806. {

    1807. 

  1807. 	return send_spinfo( SADB_X_SPDDELETE2, spinfo, true );

    1808. 

  1808. }

    1809. 

  1809. 

    1810. 

  1810. //==============================================================================

    1811. 

  1811. // server interface class

    1812. 

  1812. //==============================================================================

    1813. 

  1813. 

    1814. 

  1814. #ifdef WIN32

    1815. 

  1815. 

    1816. 

  1816. long _PFKS::init()

    1817. 

  1817. {

    1818. 

  1818. 	return ITH_IPCS::init( PFKI_PIPE_NAME, true );

    1819. 

  1819. }

    1820. 

  1820. 

    1821. 

  1821. void _PFKS::done()

    1822. 

  1822. {

    1823. 

  1823. 	ITH_IPCS::done();

    1824. 

  1824. }

    1825. 

  1825. 

    1826. 

  1826. long _PFKS::inbound( PFKI ** pfki )

    1827. 

  1827. {

    1828. 

  1828. 	IPCCONN ipcconn;

    1829. 

  1829. 

    1830. 

  1830. 	long result = ITH_IPCS::inbound( PFKI_PIPE_NAME, ipcconn );

    1831. 

  1831. 

    1832. 

  1832. 	if( result == IPCERR_OK )

    1833. 

  1833. 	{

    1834. 

  1834. 		*pfki = new PFKI;

    1835. 

  1835. 		if( *pfki == NULL )

    1836. 

  1836. 			return IPCERR_FAILED;

    1837. 

  1837. 	

    1838. 

  1838. 		(*pfki)->io_conf( ipcconn );

    1839. 

  1839. 	}

    1840. 

  1840. 

    1841. 

  1841. 	return result;

    1842. 

  1842. }

    1843. 

  1843. 

    1844. 

  1844. void _PFKS::wakeup()

    1845. 

  1845. {

    1846. 

  1846. 	ITH_IPCS::wakeup();

    1847. 

  1847. }

    1848. 

  1848. #endif

    1849. 

  1849.