2
* RFC2367 PF_KEYv2 Key management API message parser
3
* Copyright (C) 1999, 2000, 2001 Richard Guy Briggs.
5
* This program is free software; you can redistribute it and/or modify it
6
* under the terms of the GNU General Public License as published by the
7
* Free Software Foundation; either version 2 of the License, or (at your
8
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10
* This program is distributed in the hope that it will be useful, but
11
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15
* RCSID $Id: pfkey_v2_build.c,v 1.51 2004/10/03 01:26:36 mcr Exp $
19
* Template from klips/net/ipsec/ipsec/ipsec_parser.c.
22
char pfkey_v2_build_c_version[] = "$Id: pfkey_v2_build.c,v 1.51 2004/10/03 01:26:36 mcr Exp $";
25
* Some ugly stuff to allow consistent debugging code for use in the
26
* kernel and in user space
31
# include <linux/kernel.h> /* for printk */
33
# include "openswan/ipsec_kversion.h" /* for malloc switch */
35
# include <linux/slab.h> /* kmalloc() */
36
# else /* MALLOC_SLAB */
37
# include <linux/malloc.h> /* kmalloc() */
38
# endif /* MALLOC_SLAB */
39
# include <linux/errno.h> /* error codes */
40
# include <linux/types.h> /* size_t */
41
# include <linux/interrupt.h> /* mark_bh */
43
# include <linux/netdevice.h> /* struct device, and other headers */
44
# include <linux/etherdevice.h> /* eth_type_trans */
45
# include <linux/ip.h> /* struct iphdr */
46
# if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
47
# include <linux/ipv6.h> /* struct ipv6hdr */
48
# endif /* if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) */
50
# define MALLOC(size) kmalloc(size, GFP_ATOMIC)
51
# define FREE(obj) kfree(obj)
52
# include <openswan.h>
53
#else /* __KERNEL__ */
55
# include <sys/types.h>
56
# include <linux/types.h>
57
# include <linux/errno.h>
59
# include <string.h> /* memset */
61
# include <openswan.h>
63
#endif /* __KERNEL__ */
69
#include "openswan/radij.h" /* rd_nodes */
70
#include "openswan/ipsec_encap.h" /* sockaddr_encap */
71
#endif /* __KERNEL__ */
74
#include "openswan/ipsec_sa.h" /* IPSEC_SAREF_NULL, IPSEC_SA_REF_TABLE_IDX_WIDTH */
75
#include "openswan/pfkey_debug.h"
78
#define SENDERR(_x) do { error = -(_x); goto errlab; } while (0)
81
pfkey_extensions_init(struct sadb_ext *extensions[SADB_EXT_MAX + 1])
85
for (i = 0; i != SADB_EXT_MAX + 1; i++) {
91
pfkey_extensions_free(struct sadb_ext *extensions[SADB_EXT_MAX + 1])
100
memset(extensions[0], 0, sizeof(struct sadb_msg));
102
extensions[0] = NULL;
105
for (i = 1; i != SADB_EXT_MAX + 1; i++) {
107
memset(extensions[i], 0, extensions[i]->sadb_ext_len * IPSEC_PFKEYv2_ALIGN);
109
extensions[i] = NULL;
115
pfkey_msg_free(struct sadb_msg **pfkey_msg)
118
memset(*pfkey_msg, 0, (*pfkey_msg)->sadb_msg_len * IPSEC_PFKEYv2_ALIGN);
124
/* Default extension builders taken from the KLIPS code */
127
pfkey_msg_hdr_build(struct sadb_ext** pfkey_ext,
135
struct sadb_msg *pfkey_msg = (struct sadb_msg *)*pfkey_ext;
137
DEBUGGING(PF_KEY_DEBUG_BUILD,
138
"pfkey_msg_hdr_build:\n");
139
DEBUGGING(PF_KEY_DEBUG_BUILD,
140
"pfkey_msg_hdr_build: "
141
"on_entry &pfkey_ext=0p%p pfkey_ext=0p%p *pfkey_ext=0p%p.\n",
145
/* sanity checks... */
147
DEBUGGING(PF_KEY_DEBUG_BUILD,
148
"pfkey_msg_hdr_build: "
149
"why is pfkey_msg already pointing to something?\n");
154
DEBUGGING(PF_KEY_DEBUG_BUILD,
155
"pfkey_msg_hdr_build: "
156
"msg type not set, must be non-zero..\n");
160
if(msg_type > SADB_MAX) {
161
DEBUGGING(PF_KEY_DEBUG_BUILD,
162
"pfkey_msg_hdr_build: "
163
"msg type too large:%d.\n",
168
if(satype > SADB_SATYPE_MAX) {
169
DEBUGGING(PF_KEY_DEBUG_BUILD,
170
"pfkey_msg_hdr_build: "
171
"satype %d > max %d\n",
172
satype, SADB_SATYPE_MAX);
176
pfkey_msg = (struct sadb_msg*)MALLOC(sizeof(struct sadb_msg));
177
*pfkey_ext = (struct sadb_ext*)pfkey_msg;
179
if(pfkey_msg == NULL) {
180
DEBUGGING(PF_KEY_DEBUG_BUILD,
181
"pfkey_msg_hdr_build: "
182
"memory allocation failed\n");
185
memset(pfkey_msg, 0, sizeof(struct sadb_msg));
187
pfkey_msg->sadb_msg_len = sizeof(struct sadb_msg) / IPSEC_PFKEYv2_ALIGN;
189
pfkey_msg->sadb_msg_type = msg_type;
190
pfkey_msg->sadb_msg_satype = satype;
192
pfkey_msg->sadb_msg_version = PF_KEY_V2;
193
pfkey_msg->sadb_msg_errno = msg_errno;
194
pfkey_msg->sadb_msg_reserved = 0;
195
pfkey_msg->sadb_msg_seq = seq;
196
pfkey_msg->sadb_msg_pid = pid;
197
DEBUGGING(PF_KEY_DEBUG_BUILD,
198
"pfkey_msg_hdr_build: "
199
"on_exit &pfkey_ext=0p%p pfkey_ext=0p%p *pfkey_ext=0p%p.\n",
208
pfkey_sa_ref_build(struct sadb_ext ** pfkey_ext,
211
uint8_t replay_window,
216
uint32_t/*IPsecSAref_t*/ ref)
219
struct sadb_sa *pfkey_sa = (struct sadb_sa *)*pfkey_ext;
221
DEBUGGING(PF_KEY_DEBUG_BUILD,
223
"spi=%08x replay=%d sa_state=%d auth=%d encrypt=%d flags=%d\n",
224
ntohl(spi), /* in network order */
230
/* sanity checks... */
232
DEBUGGING(PF_KEY_DEBUG_BUILD,
234
"why is pfkey_sa already pointing to something?\n");
238
if(exttype != SADB_EXT_SA &&
239
exttype != SADB_X_EXT_SA2) {
240
DEBUGGING(PF_KEY_DEBUG_BUILD,
242
"invalid exttype=%d.\n",
247
if(replay_window > 64) {
248
DEBUGGING(PF_KEY_DEBUG_BUILD,
250
"replay window size: %d -- must be 0 <= size <= 64\n",
255
if(auth > SADB_AALG_MAX) {
256
DEBUGGING(PF_KEY_DEBUG_BUILD,
258
"auth=%d > SADB_AALG_MAX=%d.\n",
264
#if SADB_EALG_MAX < 255
265
if(encrypt > SADB_EALG_MAX) {
266
DEBUGGING(PF_KEY_DEBUG_BUILD,
268
"encrypt=%d > SADB_EALG_MAX=%d.\n",
275
if(sa_state > SADB_SASTATE_MAX) {
276
DEBUGGING(PF_KEY_DEBUG_BUILD,
278
"sa_state=%d exceeds MAX=%d.\n",
284
if(sa_state == SADB_SASTATE_DEAD) {
285
DEBUGGING(PF_KEY_DEBUG_BUILD,
287
"sa_state=%d is DEAD=%d is not allowed.\n",
293
if((IPSEC_SAREF_NULL != ref) && (ref >= (1 << IPSEC_SA_REF_TABLE_IDX_WIDTH))) {
294
DEBUGGING(PF_KEY_DEBUG_BUILD,
296
"SAref=%d must be (SAref == IPSEC_SAREF_NULL(%d) || SAref < IPSEC_SA_REF_TABLE_NUM_ENTRIES(%d)).\n",
299
IPSEC_SA_REF_TABLE_NUM_ENTRIES);
303
pfkey_sa = (struct sadb_sa*)MALLOC(sizeof(struct sadb_sa));
304
*pfkey_ext = (struct sadb_ext*)pfkey_sa;
306
if(pfkey_sa == NULL) {
307
DEBUGGING(PF_KEY_DEBUG_BUILD,
309
"memory allocation failed\n");
312
memset(pfkey_sa, 0, sizeof(struct sadb_sa));
314
pfkey_sa->sadb_sa_len = sizeof(*pfkey_sa) / IPSEC_PFKEYv2_ALIGN;
315
pfkey_sa->sadb_sa_exttype = exttype;
316
pfkey_sa->sadb_sa_spi = spi;
317
pfkey_sa->sadb_sa_replay = replay_window;
318
pfkey_sa->sadb_sa_state = sa_state;
319
pfkey_sa->sadb_sa_auth = auth;
320
pfkey_sa->sadb_sa_encrypt = encrypt;
321
pfkey_sa->sadb_sa_flags = flags;
322
pfkey_sa->sadb_x_sa_ref = ref;
329
pfkey_sa_build(struct sadb_ext ** pfkey_ext,
332
uint8_t replay_window,
338
return pfkey_sa_ref_build(pfkey_ext,
350
pfkey_lifetime_build(struct sadb_ext ** pfkey_ext,
352
uint32_t allocations,
359
struct sadb_lifetime *pfkey_lifetime = (struct sadb_lifetime *)*pfkey_ext;
361
DEBUGGING(PF_KEY_DEBUG_BUILD,
362
"pfkey_lifetime_build:\n");
363
/* sanity checks... */
365
DEBUGGING(PF_KEY_DEBUG_BUILD,
366
"pfkey_lifetime_build: "
367
"why is pfkey_lifetime already pointing to something?\n");
371
if(exttype != SADB_EXT_LIFETIME_CURRENT &&
372
exttype != SADB_EXT_LIFETIME_HARD &&
373
exttype != SADB_EXT_LIFETIME_SOFT) {
374
DEBUGGING(PF_KEY_DEBUG_BUILD,
375
"pfkey_lifetime_build: "
376
"invalid exttype=%d.\n",
381
pfkey_lifetime = (struct sadb_lifetime*)MALLOC(sizeof(struct sadb_lifetime));
382
*pfkey_ext = (struct sadb_ext*) pfkey_lifetime;
384
if(pfkey_lifetime == NULL) {
385
DEBUGGING(PF_KEY_DEBUG_BUILD,
386
"pfkey_lifetime_build: "
387
"memory allocation failed\n");
390
memset(pfkey_lifetime, 0, sizeof(struct sadb_lifetime));
392
pfkey_lifetime->sadb_lifetime_len = sizeof(struct sadb_lifetime) / IPSEC_PFKEYv2_ALIGN;
393
pfkey_lifetime->sadb_lifetime_exttype = exttype;
394
pfkey_lifetime->sadb_lifetime_allocations = allocations;
395
pfkey_lifetime->sadb_lifetime_bytes = bytes;
396
pfkey_lifetime->sadb_lifetime_addtime = addtime;
397
pfkey_lifetime->sadb_lifetime_usetime = usetime;
398
pfkey_lifetime->sadb_x_lifetime_packets = packets;
405
pfkey_address_build(struct sadb_ext** pfkey_ext,
409
struct sockaddr* address)
413
char ipaddr_txt[ADDRTOT_BUF + 6/*extra for port number*/];
414
struct sadb_address *pfkey_address = (struct sadb_address *)*pfkey_ext;
416
DEBUGGING(PF_KEY_DEBUG_BUILD,
417
"pfkey_address_build: "
418
"exttype=%d proto=%d prefixlen=%d\n",
422
/* sanity checks... */
424
ERROR("pfkey_address_build: "
425
"why is pfkey_address already pointing to something?\n");
430
ERROR("pfkey_address_build: " "address is NULL\n");
435
case SADB_EXT_ADDRESS_SRC:
436
case SADB_EXT_ADDRESS_DST:
437
case SADB_EXT_ADDRESS_PROXY:
438
case SADB_X_EXT_ADDRESS_DST2:
439
case SADB_X_EXT_ADDRESS_SRC_FLOW:
440
case SADB_X_EXT_ADDRESS_DST_FLOW:
441
case SADB_X_EXT_ADDRESS_SRC_MASK:
442
case SADB_X_EXT_ADDRESS_DST_MASK:
444
case SADB_X_EXT_NAT_T_OA:
448
ERROR("pfkey_address_build: "
449
"unrecognised ext_type=%d.\n",
454
switch(address->sa_family) {
456
DEBUGGING(PF_KEY_DEBUG_BUILD,
457
"pfkey_address_build: "
458
"found address family AF_INET.\n");
459
saddr_len = sizeof(struct sockaddr_in);
460
sprintf(ipaddr_txt, "%d.%d.%d.%d:%d"
461
, (((struct sockaddr_in*)address)->sin_addr.s_addr >> 0) & 0xFF
462
, (((struct sockaddr_in*)address)->sin_addr.s_addr >> 8) & 0xFF
463
, (((struct sockaddr_in*)address)->sin_addr.s_addr >> 16) & 0xFF
464
, (((struct sockaddr_in*)address)->sin_addr.s_addr >> 24) & 0xFF
465
, ntohs(((struct sockaddr_in*)address)->sin_port));
468
DEBUGGING(PF_KEY_DEBUG_BUILD,
469
"pfkey_address_build: "
470
"found address family AF_INET6.\n");
471
saddr_len = sizeof(struct sockaddr_in6);
472
sprintf(ipaddr_txt, "%x:%x:%x:%x:%x:%x:%x:%x-%x"
473
, ntohs(((struct sockaddr_in6*)address)->sin6_addr.s6_addr16[0])
474
, ntohs(((struct sockaddr_in6*)address)->sin6_addr.s6_addr16[1])
475
, ntohs(((struct sockaddr_in6*)address)->sin6_addr.s6_addr16[2])
476
, ntohs(((struct sockaddr_in6*)address)->sin6_addr.s6_addr16[3])
477
, ntohs(((struct sockaddr_in6*)address)->sin6_addr.s6_addr16[4])
478
, ntohs(((struct sockaddr_in6*)address)->sin6_addr.s6_addr16[5])
479
, ntohs(((struct sockaddr_in6*)address)->sin6_addr.s6_addr16[6])
480
, ntohs(((struct sockaddr_in6*)address)->sin6_addr.s6_addr16[7])
481
, ntohs(((struct sockaddr_in6*)address)->sin6_port));
484
ERROR("pfkey_address_build: "
485
"address->sa_family=%d not supported.\n",
487
SENDERR(EPFNOSUPPORT);
490
DEBUGGING(PF_KEY_DEBUG_BUILD,
491
"pfkey_address_build: "
492
"found address=%s.\n",
495
ERROR("pfkey_address_build: "
496
"address prefixes not supported yet.\n");
497
SENDERR(EAFNOSUPPORT); /* not supported yet */
500
/* allocate some memory for the extension */
501
pfkey_address = (struct sadb_address*)
502
MALLOC(ALIGN_N(sizeof(struct sadb_address) + saddr_len, IPSEC_PFKEYv2_ALIGN));
503
*pfkey_ext = (struct sadb_ext*)pfkey_address;
505
if(pfkey_address == NULL ) {
506
ERROR("pfkey_lifetime_build: "
507
"memory allocation failed\n");
510
memset(pfkey_address,
512
ALIGN_N(sizeof(struct sadb_address) + saddr_len,
513
IPSEC_PFKEYv2_ALIGN));
515
pfkey_address->sadb_address_len = DIVUP(sizeof(struct sadb_address) + saddr_len,
516
IPSEC_PFKEYv2_ALIGN);
518
pfkey_address->sadb_address_exttype = exttype;
519
pfkey_address->sadb_address_proto = proto;
520
pfkey_address->sadb_address_prefixlen = prefixlen;
521
pfkey_address->sadb_address_reserved = 0;
523
memcpy((char*)pfkey_address + sizeof(struct sadb_address),
528
for(i = 0; i < sizeof(struct sockaddr_in) - offsetof(struct sockaddr_in, sin_zero); i++) {
529
pfkey_address_s_ska.sin_zero[i] = 0;
532
DEBUGGING(PF_KEY_DEBUG_BUILD,
533
"pfkey_address_build: "
534
"successful created len: %d.\n", pfkey_address->sadb_address_len);
541
pfkey_key_build(struct sadb_ext** pfkey_ext,
547
struct sadb_key *pfkey_key = (struct sadb_key *)*pfkey_ext;
549
DEBUGGING(PF_KEY_DEBUG_BUILD,
550
"pfkey_key_build:\n");
551
/* sanity checks... */
553
ERROR("pfkey_key_build: "
554
"why is pfkey_key already pointing to something?\n");
559
ERROR("pfkey_key_build: "
560
"key_bits is zero, it must be non-zero.\n");
564
if( !((exttype == SADB_EXT_KEY_AUTH) || (exttype == SADB_EXT_KEY_ENCRYPT))) {
565
ERROR("pfkey_key_build: "
566
"unsupported extension type=%d.\n",
571
pfkey_key = (struct sadb_key*)
572
MALLOC(sizeof(struct sadb_key) +
573
DIVUP(key_bits, 64) * IPSEC_PFKEYv2_ALIGN);
575
*pfkey_ext = (struct sadb_ext*)pfkey_key;
577
if(pfkey_key == NULL) {
578
ERROR("pfkey_key_build: "
579
"memory allocation failed\n");
584
sizeof(struct sadb_key) +
585
DIVUP(key_bits, 64) * IPSEC_PFKEYv2_ALIGN);
587
pfkey_key->sadb_key_len = DIVUP(sizeof(struct sadb_key) * IPSEC_PFKEYv2_ALIGN + key_bits,
589
pfkey_key->sadb_key_exttype = exttype;
590
pfkey_key->sadb_key_bits = key_bits;
591
pfkey_key->sadb_key_reserved = 0;
592
memcpy((char*)pfkey_key + sizeof(struct sadb_key),
601
pfkey_ident_build(struct sadb_ext** pfkey_ext,
609
struct sadb_ident *pfkey_ident = (struct sadb_ident *)*pfkey_ext;
610
int data_len = ident_len * IPSEC_PFKEYv2_ALIGN - sizeof(struct sadb_ident);
612
DEBUGGING(PF_KEY_DEBUG_BUILD,
613
"pfkey_ident_build:\n");
614
/* sanity checks... */
616
ERROR("pfkey_ident_build: "
617
"why is pfkey_ident already pointing to something?\n");
621
if( ! ((exttype == SADB_EXT_IDENTITY_SRC) ||
622
(exttype == SADB_EXT_IDENTITY_DST))) {
623
ERROR("pfkey_ident_build: "
624
"unsupported extension type=%d.\n",
629
if((ident_type == SADB_IDENTTYPE_RESERVED)) {
630
ERROR("pfkey_ident_build: "
631
"ident_type must be non-zero.\n");
635
if(ident_type > SADB_IDENTTYPE_MAX) {
636
ERROR("pfkey_ident_build: "
637
"identtype=%d out of range.\n",
642
if(((ident_type == SADB_IDENTTYPE_PREFIX) ||
643
(ident_type == SADB_IDENTTYPE_FQDN)) &&
645
ERROR("pfkey_ident_build: "
646
"string required to allocate size of extension.\n");
651
if((ident_type == SADB_IDENTTYPE_USERFQDN) ) {
655
pfkey_ident = (struct sadb_ident*)
656
MALLOC(ident_len * IPSEC_PFKEYv2_ALIGN);
658
*pfkey_ext = (struct sadb_ext*)pfkey_ident;
660
if(pfkey_ident == NULL) {
661
ERROR("pfkey_ident_build: "
662
"memory allocation failed\n");
665
memset(pfkey_ident, 0, ident_len * IPSEC_PFKEYv2_ALIGN);
667
pfkey_ident->sadb_ident_len = ident_len;
668
pfkey_ident->sadb_ident_exttype = exttype;
669
pfkey_ident->sadb_ident_type = ident_type;
670
pfkey_ident->sadb_ident_reserved = 0;
671
pfkey_ident->sadb_ident_id = ident_id;
672
memcpy((char*)pfkey_ident + sizeof(struct sadb_ident),
681
pfkey_sens_build(struct sadb_ext** pfkey_ext,
685
uint64_t* sens_bitmap,
688
uint64_t* integ_bitmap)
691
struct sadb_sens *pfkey_sens = (struct sadb_sens *)*pfkey_ext;
695
DEBUGGING(PF_KEY_DEBUG_BUILD,
696
"pfkey_sens_build:\n");
697
/* sanity checks... */
699
ERROR("pfkey_sens_build: "
700
"why is pfkey_sens already pointing to something?\n");
704
DEBUGGING(PF_KEY_DEBUG_BUILD,
706
"Sorry, I can't build exttype=%d yet.\n",
707
(*pfkey_ext)->sadb_ext_type);
708
SENDERR(EINVAL); /* don't process these yet */
710
pfkey_sens = (struct sadb_sens*)
711
MALLOC(sizeof(struct sadb_sens) +
712
(sens_len + integ_len) * sizeof(uint64_t));
714
*pfkey_ext = (struct sadb_ext*)pfkey_sens;
716
if(pfkey_sens == NULL) {
717
ERROR("pfkey_sens_build: "
718
"memory allocation failed\n");
723
sizeof(struct sadb_sens) +
724
(sens_len + integ_len) * sizeof(uint64_t));
726
pfkey_sens->sadb_sens_len = (sizeof(struct sadb_sens) +
727
(sens_len + integ_len) * sizeof(uint64_t)) / IPSEC_PFKEYv2_ALIGN;
728
pfkey_sens->sadb_sens_exttype = SADB_EXT_SENSITIVITY;
729
pfkey_sens->sadb_sens_dpd = dpd;
730
pfkey_sens->sadb_sens_sens_level = sens_level;
731
pfkey_sens->sadb_sens_sens_len = sens_len;
732
pfkey_sens->sadb_sens_integ_level = integ_level;
733
pfkey_sens->sadb_sens_integ_len = integ_len;
734
pfkey_sens->sadb_sens_reserved = 0;
736
bitmap = (uint64_t*)((char*)pfkey_ext + sizeof(struct sadb_sens));
737
for(i = 0; i < sens_len; i++) {
738
*bitmap = sens_bitmap[i];
741
for(i = 0; i < integ_len; i++) {
742
*bitmap = integ_bitmap[i];
751
pfkey_prop_build(struct sadb_ext** pfkey_ext,
753
unsigned int comb_num,
754
struct sadb_comb* comb)
758
struct sadb_prop *pfkey_prop = (struct sadb_prop *)*pfkey_ext;
759
struct sadb_comb *combp;
761
DEBUGGING(PF_KEY_DEBUG_BUILD,
762
"pfkey_prop_build:\n");
763
/* sanity checks... */
765
ERROR("pfkey_prop_build: "
766
"why is pfkey_prop already pointing to something?\n");
770
pfkey_prop = (struct sadb_prop*)
771
MALLOC(sizeof(struct sadb_prop) +
772
comb_num * sizeof(struct sadb_comb));
774
*pfkey_ext = (struct sadb_ext*)pfkey_prop;
776
if(pfkey_prop == NULL) {
777
ERROR("pfkey_prop_build: "
778
"memory allocation failed\n");
783
sizeof(struct sadb_prop) +
784
comb_num * sizeof(struct sadb_comb));
786
pfkey_prop->sadb_prop_len = (sizeof(struct sadb_prop) +
787
comb_num * sizeof(struct sadb_comb)) / IPSEC_PFKEYv2_ALIGN;
789
pfkey_prop->sadb_prop_exttype = SADB_EXT_PROPOSAL;
790
pfkey_prop->sadb_prop_replay = replay;
793
pfkey_prop->sadb_prop_reserved[i] = 0;
796
combp = (struct sadb_comb*)((char*)*pfkey_ext + sizeof(struct sadb_prop));
797
for(i = 0; i < comb_num; i++) {
798
memcpy (combp, &(comb[i]), sizeof(struct sadb_comb));
803
uint8_t sadb_comb_auth;
804
uint8_t sadb_comb_encrypt;
805
uint16_t sadb_comb_flags;
806
uint16_t sadb_comb_auth_minbits;
807
uint16_t sadb_comb_auth_maxbits;
808
uint16_t sadb_comb_encrypt_minbits;
809
uint16_t sadb_comb_encrypt_maxbits;
810
uint32_t sadb_comb_reserved;
811
uint32_t sadb_comb_soft_allocations;
812
uint32_t sadb_comb_hard_allocations;
813
uint64_t sadb_comb_soft_bytes;
814
uint64_t sadb_comb_hard_bytes;
815
uint64_t sadb_comb_soft_addtime;
816
uint64_t sadb_comb_hard_addtime;
817
uint64_t sadb_comb_soft_usetime;
818
uint64_t sadb_comb_hard_usetime;
819
uint32_t sadb_comb_soft_packets;
820
uint32_t sadb_comb_hard_packets;
827
pfkey_supported_build(struct sadb_ext** pfkey_ext,
829
unsigned int alg_num,
830
struct sadb_alg* alg)
834
struct sadb_supported *pfkey_supported = (struct sadb_supported *)*pfkey_ext;
835
struct sadb_alg *pfkey_alg;
837
/* sanity checks... */
838
if(pfkey_supported) {
839
DEBUGGING(PF_KEY_DEBUG_BUILD,
840
"pfkey_supported_build: "
841
"why is pfkey_supported already pointing to something?\n");
845
if( !((exttype == SADB_EXT_SUPPORTED_AUTH) || (exttype == SADB_EXT_SUPPORTED_ENCRYPT))) {
846
DEBUGGING(PF_KEY_DEBUG_BUILD,
847
"pfkey_supported_build: "
848
"unsupported extension type=%d.\n",
853
pfkey_supported = (struct sadb_supported*)
854
MALLOC(sizeof(struct sadb_supported) +
856
sizeof(struct sadb_alg));
858
*pfkey_ext = (struct sadb_ext*)pfkey_supported;
860
if(pfkey_supported == NULL) {
861
DEBUGGING(PF_KEY_DEBUG_BUILD,
862
"pfkey_supported_build: "
863
"memory allocation failed\n");
866
memset(pfkey_supported,
868
sizeof(struct sadb_supported) +
870
sizeof(struct sadb_alg));
872
pfkey_supported->sadb_supported_len = (sizeof(struct sadb_supported) +
874
sizeof(struct sadb_alg)) /
876
pfkey_supported->sadb_supported_exttype = exttype;
877
pfkey_supported->sadb_supported_reserved = 0;
879
pfkey_alg = (struct sadb_alg*)((char*)pfkey_supported + sizeof(struct sadb_supported));
880
for(i = 0; i < alg_num; i++) {
881
memcpy (pfkey_alg, &(alg[i]), sizeof(struct sadb_alg));
882
pfkey_alg->sadb_alg_reserved = 0;
887
DEBUGGING(PF_KEY_DEBUG_BUILD,
888
"pfkey_supported_build: "
889
"Sorry, I can't build exttype=%d yet.\n",
890
(*pfkey_ext)->sadb_ext_type);
891
SENDERR(EINVAL); /* don't process these yet */
894
uint8_t sadb_alg_ivlen;
895
uint16_t sadb_alg_minbits;
896
uint16_t sadb_alg_maxbits;
897
uint16_t sadb_alg_reserved;
904
pfkey_spirange_build(struct sadb_ext** pfkey_ext,
906
uint32_t min, /* in network order */
907
uint32_t max) /* in network order */
910
struct sadb_spirange *pfkey_spirange = (struct sadb_spirange *)*pfkey_ext;
912
/* sanity checks... */
914
DEBUGGING(PF_KEY_DEBUG_BUILD,
915
"pfkey_spirange_build: "
916
"why is pfkey_spirange already pointing to something?\n");
920
if(ntohl(max) < ntohl(min)) {
921
DEBUGGING(PF_KEY_DEBUG_BUILD,
922
"pfkey_spirange_build: "
923
"minspi=%08x must be < maxspi=%08x.\n",
929
if(ntohl(min) <= 255) {
930
DEBUGGING(PF_KEY_DEBUG_BUILD,
931
"pfkey_spirange_build: "
932
"minspi=%08x must be > 255.\n",
937
pfkey_spirange = (struct sadb_spirange*)
938
MALLOC(sizeof(struct sadb_spirange));
940
*pfkey_ext = (struct sadb_ext*)pfkey_spirange;
942
if(pfkey_spirange == NULL) {
943
DEBUGGING(PF_KEY_DEBUG_BUILD,
944
"pfkey_spirange_build: "
945
"memory allocation failed\n");
948
memset(pfkey_spirange,
950
sizeof(struct sadb_spirange));
952
pfkey_spirange->sadb_spirange_len = sizeof(struct sadb_spirange) / IPSEC_PFKEYv2_ALIGN;
954
pfkey_spirange->sadb_spirange_exttype = SADB_EXT_SPIRANGE;
955
pfkey_spirange->sadb_spirange_min = min;
956
pfkey_spirange->sadb_spirange_max = max;
957
pfkey_spirange->sadb_spirange_reserved = 0;
963
pfkey_x_kmprivate_build(struct sadb_ext** pfkey_ext)
966
struct sadb_x_kmprivate *pfkey_x_kmprivate = (struct sadb_x_kmprivate *)*pfkey_ext;
968
/* sanity checks... */
969
if(pfkey_x_kmprivate) {
970
DEBUGGING(PF_KEY_DEBUG_BUILD,
971
"pfkey_x_kmprivate_build: "
972
"why is pfkey_x_kmprivate already pointing to something?\n");
976
pfkey_x_kmprivate->sadb_x_kmprivate_reserved = 0;
978
DEBUGGING(PF_KEY_DEBUG_BUILD,
979
"pfkey_x_kmprivate_build: "
980
"Sorry, I can't build exttype=%d yet.\n",
981
(*pfkey_ext)->sadb_ext_type);
982
SENDERR(EINVAL); /* don't process these yet */
984
pfkey_x_kmprivate = (struct sadb_x_kmprivate*)
985
MALLOC(sizeof(struct sadb_x_kmprivate));
987
*pfkey_ext = (struct sadb_ext*)pfkey_x_kmprivate;
989
if(pfkey_x_kmprivate == NULL) {
990
DEBUGGING(PF_KEY_DEBUG_BUILD,
991
"pfkey_x_kmprivate_build: "
992
"memory allocation failed\n");
995
memset(pfkey_x_kmprivate,
997
sizeof(struct sadb_x_kmprivate));
999
pfkey_x_kmprivate->sadb_x_kmprivate_len =
1000
sizeof(struct sadb_x_kmprivate) / IPSEC_PFKEYv2_ALIGN;
1002
pfkey_x_kmprivate->sadb_x_kmprivate_exttype = SADB_X_EXT_KMPRIVATE;
1003
pfkey_x_kmprivate->sadb_x_kmprivate_reserved = 0;
1009
pfkey_x_satype_build(struct sadb_ext** pfkey_ext,
1014
struct sadb_x_satype *pfkey_x_satype = (struct sadb_x_satype *)*pfkey_ext;
1016
DEBUGGING(PF_KEY_DEBUG_BUILD,
1017
"pfkey_x_satype_build:\n");
1018
/* sanity checks... */
1019
if(pfkey_x_satype) {
1020
ERROR("pfkey_x_satype_build: "
1021
"why is pfkey_x_satype already pointing to something?\n");
1026
ERROR("pfkey_x_satype_build: "
1027
"SA type not set, must be non-zero.\n");
1031
if(satype > SADB_SATYPE_MAX) {
1032
ERROR("pfkey_x_satype_build: "
1033
"satype %d > max %d\n",
1034
satype, SADB_SATYPE_MAX);
1038
pfkey_x_satype = (struct sadb_x_satype*)
1039
MALLOC(sizeof(struct sadb_x_satype));
1041
*pfkey_ext = (struct sadb_ext*)pfkey_x_satype;
1042
if(pfkey_x_satype == NULL) {
1043
ERROR("pfkey_x_satype_build: "
1044
"memory allocation failed\n");
1047
memset(pfkey_x_satype,
1049
sizeof(struct sadb_x_satype));
1051
pfkey_x_satype->sadb_x_satype_len = sizeof(struct sadb_x_satype) / IPSEC_PFKEYv2_ALIGN;
1053
pfkey_x_satype->sadb_x_satype_exttype = SADB_X_EXT_SATYPE2;
1054
pfkey_x_satype->sadb_x_satype_satype = satype;
1055
for(i=0; i<3; i++) {
1056
pfkey_x_satype->sadb_x_satype_reserved[i] = 0;
1064
pfkey_x_debug_build(struct sadb_ext** pfkey_ext,
1080
struct sadb_x_debug *pfkey_x_debug = (struct sadb_x_debug *)*pfkey_ext;
1082
DEBUGGING(PF_KEY_DEBUG_BUILD,
1083
"pfkey_x_debug_build:\n");
1084
/* sanity checks... */
1086
ERROR("pfkey_x_debug_build: "
1087
"why is pfkey_x_debug already pointing to something?\n");
1091
DEBUGGING(PF_KEY_DEBUG_BUILD,
1092
"pfkey_x_debug_build: "
1093
"tunnel=%x netlink=%x xform=%x eroute=%x spi=%x radij=%x esp=%x ah=%x rcv=%x pfkey=%x ipcomp=%x verbose=%x?\n",
1094
tunnel, netlink, xform, eroute, spi, radij, esp, ah, rcv, pfkey, ipcomp, verbose);
1096
pfkey_x_debug = (struct sadb_x_debug*)
1097
MALLOC(sizeof(struct sadb_x_debug));
1099
*pfkey_ext = (struct sadb_ext*)pfkey_x_debug;
1101
if(pfkey_x_debug == NULL) {
1102
ERROR("pfkey_x_debug_build: "
1103
"memory allocation failed\n");
1107
memset(pfkey_x_debug,
1109
sizeof(struct sadb_x_debug));
1112
pfkey_x_debug->sadb_x_debug_len = sizeof(struct sadb_x_debug) / IPSEC_PFKEYv2_ALIGN;
1113
pfkey_x_debug->sadb_x_debug_exttype = SADB_X_EXT_DEBUG;
1115
pfkey_x_debug->sadb_x_debug_tunnel = tunnel;
1116
pfkey_x_debug->sadb_x_debug_netlink = netlink;
1117
pfkey_x_debug->sadb_x_debug_xform = xform;
1118
pfkey_x_debug->sadb_x_debug_eroute = eroute;
1119
pfkey_x_debug->sadb_x_debug_spi = spi;
1120
pfkey_x_debug->sadb_x_debug_radij = radij;
1121
pfkey_x_debug->sadb_x_debug_esp = esp;
1122
pfkey_x_debug->sadb_x_debug_ah = ah;
1123
pfkey_x_debug->sadb_x_debug_rcv = rcv;
1124
pfkey_x_debug->sadb_x_debug_pfkey = pfkey;
1125
pfkey_x_debug->sadb_x_debug_ipcomp = ipcomp;
1126
pfkey_x_debug->sadb_x_debug_verbose = verbose;
1128
for(i=0; i<4; i++) {
1129
pfkey_x_debug->sadb_x_debug_reserved[i] = 0;
1137
pfkey_x_nat_t_type_build(struct sadb_ext** pfkey_ext,
1142
struct sadb_x_nat_t_type *pfkey_x_nat_t_type = (struct sadb_x_nat_t_type *)*pfkey_ext;
1144
DEBUGGING(PF_KEY_DEBUG_BUILD,
1145
"pfkey_x_nat_t_type_build:\n");
1146
/* sanity checks... */
1147
if(pfkey_x_nat_t_type) {
1148
DEBUGGING(PF_KEY_DEBUG_BUILD,
1149
"pfkey_x_nat_t_type_build: "
1150
"why is pfkey_x_nat_t_type already pointing to something?\n");
1154
DEBUGGING(PF_KEY_DEBUG_BUILD,
1155
"pfkey_x_nat_t_type_build: "
1158
pfkey_x_nat_t_type = (struct sadb_x_nat_t_type*)
1159
MALLOC(sizeof(struct sadb_x_nat_t_type));
1161
*pfkey_ext = (struct sadb_ext*)pfkey_x_nat_t_type;
1163
if(pfkey_x_nat_t_type == NULL) {
1164
DEBUGGING(PF_KEY_DEBUG_BUILD,
1165
"pfkey_x_nat_t_type_build: "
1166
"memory allocation failed\n");
1170
pfkey_x_nat_t_type->sadb_x_nat_t_type_len = sizeof(struct sadb_x_nat_t_type) / IPSEC_PFKEYv2_ALIGN;
1171
pfkey_x_nat_t_type->sadb_x_nat_t_type_exttype = SADB_X_EXT_NAT_T_TYPE;
1172
pfkey_x_nat_t_type->sadb_x_nat_t_type_type = type;
1173
for(i=0; i<3; i++) {
1174
pfkey_x_nat_t_type->sadb_x_nat_t_type_reserved[i] = 0;
1181
pfkey_x_nat_t_port_build(struct sadb_ext** pfkey_ext,
1186
struct sadb_x_nat_t_port *pfkey_x_nat_t_port = (struct sadb_x_nat_t_port *)*pfkey_ext;
1188
DEBUGGING(PF_KEY_DEBUG_BUILD,
1189
"pfkey_x_nat_t_port_build:\n");
1190
/* sanity checks... */
1191
if(pfkey_x_nat_t_port) {
1192
DEBUGGING(PF_KEY_DEBUG_BUILD,
1193
"pfkey_x_nat_t_port_build: "
1194
"why is pfkey_x_nat_t_port already pointing to something?\n");
1199
case SADB_X_EXT_NAT_T_SPORT:
1200
case SADB_X_EXT_NAT_T_DPORT:
1203
DEBUGGING(PF_KEY_DEBUG_BUILD,
1204
"pfkey_nat_t_port_build: "
1205
"unrecognised ext_type=%d.\n",
1210
DEBUGGING(PF_KEY_DEBUG_BUILD,
1211
"pfkey_x_nat_t_port_build: "
1212
"ext=%d, port=%d\n", exttype, port);
1214
pfkey_x_nat_t_port = (struct sadb_x_nat_t_port*)
1215
MALLOC(sizeof(struct sadb_x_nat_t_port));
1217
*pfkey_ext = (struct sadb_ext*)pfkey_x_nat_t_port;
1219
if(pfkey_x_nat_t_port == NULL) {
1220
DEBUGGING(PF_KEY_DEBUG_BUILD,
1221
"pfkey_x_nat_t_port_build: "
1222
"memory allocation failed\n");
1226
pfkey_x_nat_t_port->sadb_x_nat_t_port_len = sizeof(struct sadb_x_nat_t_port) / IPSEC_PFKEYv2_ALIGN;
1227
pfkey_x_nat_t_port->sadb_x_nat_t_port_exttype = exttype;
1228
pfkey_x_nat_t_port->sadb_x_nat_t_port_port = port;
1229
pfkey_x_nat_t_port->sadb_x_nat_t_port_reserved = 0;
1235
int pfkey_x_protocol_build(struct sadb_ext **pfkey_ext,
1239
struct sadb_protocol * p = (struct sadb_protocol *)*pfkey_ext;
1240
DEBUGGING(PF_KEY_DEBUG_BUILD,"pfkey_x_protocol_build: protocol=%u\n", protocol);
1241
/* sanity checks... */
1243
ERROR("pfkey_x_protocol_build: bogus protocol pointer\n");
1246
if ((p = (struct sadb_protocol*)MALLOC(sizeof(*p))) == 0) {
1247
ERROR("pfkey_build: memory allocation failed\n");
1250
*pfkey_ext = (struct sadb_ext *)p;
1251
p->sadb_protocol_len = sizeof(*p) / sizeof(uint64_t);
1252
p->sadb_protocol_exttype = SADB_X_EXT_PROTOCOL;
1253
p->sadb_protocol_proto = protocol;
1254
p->sadb_protocol_flags = 0;
1255
p->sadb_protocol_reserved2 = 0;
1261
#if I_DONT_THINK_THIS_WILL_BE_USEFUL
1262
int (*ext_default_builders[SADB_EXT_MAX +1])(struct sadb_msg*, struct sadb_ext*)
1265
NULL, /* pfkey_msg_build, */
1267
pfkey_lifetime_build,
1268
pfkey_lifetime_build,
1269
pfkey_lifetime_build,
1270
pfkey_address_build,
1271
pfkey_address_build,
1272
pfkey_address_build,
1279
pfkey_supported_build,
1280
pfkey_supported_build,
1281
pfkey_spirange_build,
1282
pfkey_x_kmprivate_build,
1283
pfkey_x_satype_build,
1285
pfkey_address_build,
1286
pfkey_address_build,
1287
pfkey_address_build,
1288
pfkey_address_build,
1289
pfkey_address_build,
1290
pfkey_x_ext_debug_build
1295
pfkey_msg_build(struct sadb_msg **pfkey_msg, struct sadb_ext *extensions[], int dir)
1299
unsigned total_size;
1300
struct sadb_ext *pfkey_ext;
1301
int extensions_seen = 0;
1303
struct sadb_ext *extensions_check[SADB_EXT_MAX + 1];
1306
if(!extensions[0]) {
1307
ERROR("pfkey_msg_build: "
1308
"extensions[0] must be specified (struct sadb_msg).\n");
1312
/* figure out the total size for all the requested extensions */
1313
total_size = IPSEC_PFKEYv2_WORDS(sizeof(struct sadb_msg));
1314
for(ext = 1; ext <= SADB_EXT_MAX; ext++) {
1315
if(extensions[ext]) {
1316
total_size += (extensions[ext])->sadb_ext_len;
1320
/* allocate that much space */
1321
*pfkey_msg = (struct sadb_msg*)MALLOC(total_size * IPSEC_PFKEYv2_ALIGN);
1322
if(*pfkey_msg == NULL) {
1323
ERROR("pfkey_msg_build: "
1324
"memory allocation failed\n");
1328
DEBUGGING(PF_KEY_DEBUG_BUILD,
1330
"pfkey_msg=0p%p allocated %lu bytes, &(extensions[0])=0p%p\n",
1332
(unsigned long)(total_size * IPSEC_PFKEYv2_ALIGN),
1337
sizeof(struct sadb_msg));
1338
(*pfkey_msg)->sadb_msg_len = total_size;
1339
(*pfkey_msg)->sadb_msg_reserved = 0;
1340
extensions_seen = 1 ;
1343
* point pfkey_ext to immediately after the space for the header,
1344
* i.e. at the first extension location.
1346
pfkey_ext = (struct sadb_ext*)(((char*)(*pfkey_msg)) + sizeof(struct sadb_msg));
1348
for(ext = 1; ext <= SADB_EXT_MAX; ext++) {
1349
/* copy from extension[ext] to buffer */
1350
if(extensions[ext]) {
1351
/* Is this type of extension permitted for this type of message? */
1352
if(!(extensions_bitmaps[dir][EXT_BITS_PERM][(*pfkey_msg)->sadb_msg_type] &
1354
ERROR("pfkey_msg_build: "
1355
"ext type %d not permitted, exts_perm=%08x, 1<<type=%08x\n",
1357
extensions_bitmaps[dir][EXT_BITS_PERM][(*pfkey_msg)->sadb_msg_type],
1362
DEBUGGING(PF_KEY_DEBUG_BUILD,
1364
"copying %lu bytes from extensions[%u] (type=%d)\n",
1365
(unsigned long)(extensions[ext]->sadb_ext_len * IPSEC_PFKEYv2_ALIGN),
1367
extensions[ext]->sadb_ext_type);
1371
(extensions[ext])->sadb_ext_len * IPSEC_PFKEYv2_ALIGN);
1373
char *pfkey_ext_c = (char *)pfkey_ext;
1375
pfkey_ext_c += (extensions[ext])->sadb_ext_len * IPSEC_PFKEYv2_ALIGN;
1376
pfkey_ext = (struct sadb_ext *)pfkey_ext_c;
1379
/* Mark that we have seen this extension and remember the header location */
1380
extensions_seen |= ( 1 << ext );
1384
/* check required extensions */
1385
DEBUGGING(PF_KEY_DEBUG_BUILD,
1387
"extensions permitted=%08x, seen=%08x, required=%08x.\n",
1388
extensions_bitmaps[dir][EXT_BITS_PERM][(*pfkey_msg)->sadb_msg_type],
1390
extensions_bitmaps[dir][EXT_BITS_REQ][(*pfkey_msg)->sadb_msg_type]);
1392
if((extensions_seen &
1393
extensions_bitmaps[dir][EXT_BITS_REQ][(*pfkey_msg)->sadb_msg_type]) !=
1394
extensions_bitmaps[dir][EXT_BITS_REQ][(*pfkey_msg)->sadb_msg_type]) {
1395
DEBUGGING(PF_KEY_DEBUG_BUILD,
1397
"required extensions missing:%08x.\n",
1398
extensions_bitmaps[dir][EXT_BITS_REQ][(*pfkey_msg)->sadb_msg_type] -
1400
extensions_bitmaps[dir][EXT_BITS_REQ][(*pfkey_msg)->sadb_msg_type]) );
1406
* this is silly, there is no need to reparse the message that we just built.
1409
if((error = pfkey_msg_parse(*pfkey_msg, NULL, extensions_check, dir))) {
1412
"Trouble parsing newly built pfkey message, error=%d.\n",
1424
* $Log: pfkey_v2_build.c,v $
1425
* Revision 1.51 2004/10/03 01:26:36 mcr
1426
* fixes for gcc 3.4 compilation.
1428
* Revision 1.50 2004/07/10 07:48:35 mcr
1429
* Moved from linux/lib/libfreeswan/pfkey_v2_build.c,v
1431
* Revision 1.49 2004/04/12 02:59:06 mcr
1432
* erroneously moved pfkey_v2_build.c
1434
* Revision 1.48 2004/04/09 18:00:40 mcr
1435
* Moved from linux/lib/libfreeswan/pfkey_v2_build.c,v
1437
* Revision 1.47 2004/03/08 01:59:08 ken
1438
* freeswan.h -> openswan.h
1440
* Revision 1.46 2003/12/10 01:20:19 mcr
1441
* NAT-traversal patches to KLIPS.
1443
* Revision 1.45 2003/12/04 23:01:12 mcr
1444
* removed ipsec_netlink.h
1446
* Revision 1.44 2003/10/31 02:27:12 mcr
1447
* pulled up port-selector patches and sa_id elimination.
1449
* Revision 1.43.4.2 2003/10/29 01:11:32 mcr
1450
* added debugging for pfkey library.
1452
* Revision 1.43.4.1 2003/09/21 13:59:44 mcr
1453
* pre-liminary X.509 patch - does not yet pass tests.
1455
* Revision 1.43 2003/05/07 17:29:17 mcr
1456
* new function pfkey_debug_func added for us in debugging from
1459
* Revision 1.42 2003/01/30 02:32:09 rgb
1461
* Rename SAref table macro names for clarity.
1462
* Convert IPsecSAref_t from signed to unsigned to fix apparent SAref exhaustion bug.
1464
* Revision 1.41 2002/12/13 18:16:02 mcr
1465
* restored sa_ref code
1467
* Revision 1.40 2002/12/13 18:06:52 mcr
1468
* temporarily removed sadb_x_sa_ref reference for 2.xx
1470
* Revision 1.39 2002/12/13 17:43:28 mcr
1471
* commented out access to sadb_x_sa_ref for 2.xx branch
1473
* Revision 1.38 2002/10/09 03:12:05 dhr
1475
* [kenb+dhr] 64-bit fixes
1477
* Revision 1.37 2002/09/20 15:40:39 rgb
1478
* Added new function pfkey_sa_ref_build() to accomodate saref parameter.
1480
* Revision 1.36 2002/09/20 05:01:22 rgb
1481
* Generalise for platform independance: fix (ia64) using unsigned for sizes.
1483
* Revision 1.35 2002/07/24 18:44:54 rgb
1484
* Type fiddling to tame ia64 compiler.
1486
* Revision 1.34 2002/05/23 07:14:11 rgb
1487
* Cleaned up %p variants to 0p%p for test suite cleanup.
1489
* Revision 1.33 2002/04/24 07:55:32 mcr
1490
* #include patches and Makefiles for post-reorg compilation.
1492
* Revision 1.32 2002/04/24 07:36:40 mcr
1493
* Moved from ./lib/pfkey_v2_build.c,v
1495
* Revision 1.31 2002/01/29 22:25:35 rgb
1496
* Re-add ipsec_kversion.h to keep MALLOC happy.
1498
* Revision 1.30 2002/01/29 01:59:09 mcr
1499
* removal of kversions.h - sources that needed it now use ipsec_param.h.
1500
* updating of IPv6 structures to match latest in6.h version.
1501
* removed dead code from openswan.h that also duplicated kversions.h
1504
* Revision 1.29 2001/12/19 21:06:09 rgb
1505
* Added port numbers to pfkey_address_build() debugging.
1507
* Revision 1.28 2001/11/06 19:47:47 rgb
1508
* Added packet parameter to lifetime and comb structures.
1510
* Revision 1.27 2001/10/18 04:45:24 rgb
1511
* 2.4.9 kernel deprecates linux/malloc.h in favour of linux/slab.h,
1512
* lib/openswan.h version macros moved to lib/kversions.h.
1513
* Other compiler directive cleanups.
1515
* Revision 1.26 2001/09/08 21:13:34 rgb
1516
* Added pfkey ident extension support for ISAKMPd. (NetCelo)
1518
* Revision 1.25 2001/06/14 19:35:16 rgb
1519
* Update copyright date.
1521
* Revision 1.24 2001/03/20 03:49:45 rgb
1522
* Ditch superfluous debug_pfkey declaration.
1523
* Move misplaced openswan.h inclusion for kernel case.
1525
* Revision 1.23 2001/03/16 07:41:50 rgb
1526
* Put openswan.h include before pluto includes.
1528
* Revision 1.22 2001/02/27 22:24:56 rgb
1529
* Re-formatting debug output (line-splitting, joining, 1arg/line).
1530
* Check for satoa() return codes.
1532
* Revision 1.21 2000/11/17 18:10:30 rgb
1533
* Fixed bugs mostly relating to spirange, to treat all spi variables as
1534
* network byte order since this is the way PF_KEYv2 stored spis.
1536
* Revision 1.20 2000/10/12 00:02:39 rgb
1537
* Removed 'format, ##' nonsense from debug macros for RH7.0.
1539
* Revision 1.19 2000/10/10 20:10:20 rgb
1540
* Added support for debug_ipcomp and debug_verbose to klipsdebug.
1542
* Revision 1.18 2000/09/12 18:59:54 rgb
1543
* Added Gerhard's IPv6 support to pfkey parts of libopenswan.
1545
* Revision 1.17 2000/09/12 03:27:00 rgb
1546
* Moved DEBUGGING definition to compile kernel with debug off.
1548
* Revision 1.16 2000/09/08 19:22:12 rgb
1549
* Fixed pfkey_prop_build() parameter to be only single indirection.
1550
* Fixed struct alg copy.
1552
* Revision 1.15 2000/08/20 21:40:01 rgb
1553
* Added an address parameter sanity check to pfkey_address_build().
1555
* Revision 1.14 2000/08/15 17:29:23 rgb
1556
* Fixes from SZI to untested pfkey_prop_build().
1558
* Revision 1.13 2000/06/02 22:54:14 rgb
1559
* Added Gerhard Gessler's struct sockaddr_storage mods for IPv6 support.
1561
* Revision 1.12 2000/05/10 19:24:01 rgb
1562
* Fleshed out sensitivity, proposal and supported extensions.
1564
* Revision 1.11 2000/03/16 14:07:23 rgb
1565
* Renamed ALIGN macro to avoid fighting with others in kernel.
1567
* Revision 1.10 2000/01/24 21:14:35 rgb
1568
* Added disabled pluto pfkey lib debug flag.
1570
* Revision 1.9 2000/01/21 06:27:32 rgb
1571
* Added address cases for eroute flows.
1572
* Removed unused code.
1573
* Dropped unused argument to pfkey_x_satype_build().
1574
* Indented compiler directives for readability.
1575
* Added klipsdebug switching capability.
1576
* Fixed SADB_EXT_MAX bug not permitting last extension access.
1578
* Revision 1.8 1999/12/29 21:17:41 rgb
1579
* Changed pfkey_msg_build() I/F to include a struct sadb_msg**
1580
* parameter for cleaner manipulation of extensions[] and to guard
1581
* against potential memory leaks.
1582
* Changed the I/F to pfkey_msg_free() for the same reason.
1584
* Revision 1.7 1999/12/09 23:12:20 rgb
1585
* Removed unused cruft.
1586
* Added argument to pfkey_sa_build() to do eroutes.
1587
* Fixed exttype check in as yet unused pfkey_lifetime_build().
1589
* Revision 1.6 1999/12/07 19:54:29 rgb
1590
* Removed static pluto debug flag.
1591
* Added functions for pfkey message and extensions initialisation
1594
* Revision 1.5 1999/12/01 22:20:06 rgb
1595
* Changed pfkey_sa_build to accept an SPI in network byte order.
1596
* Added <string.h> to quiet userspace compiler.
1597
* Moved pfkey_lib_debug variable into the library.
1598
* Removed SATYPE check from pfkey_msg_hdr_build so FLUSH will work.
1599
* Added extension assembly debugging.
1600
* Isolated assignment with brackets to be sure of scope.
1602
* Revision 1.4 1999/11/27 11:57:35 rgb
1603
* Added ipv6 headers.
1604
* Remove over-zealous algorithm sanity checkers from pfkey_sa_build.
1605
* Debugging error messages added.
1606
* Fixed missing auth and encrypt assignment bug.
1607
* Add argument to pfkey_msg_parse() for direction.
1608
* Move parse-after-build check inside pfkey_msg_build().
1609
* Consolidated the 4 1-d extension bitmap arrays into one 4-d array.
1610
* Add CVS log entry to bottom of file.