2
2
* @(#) RFC2367 PF_KEYv2 Key management API message parser
3
* Copyright (C) 1999, 2000, 2001 Richard Guy Briggs <rgb@freeswan.org>
3
* Copyright (C) 1998-2003 Richard Guy Briggs.
4
* Copyright (C) 2004 Michael Richardson <mcr@xelerance.com>
5
6
* This program is free software; you can redistribute it and/or modify it
6
7
* under the terms of the GNU General Public License as published by the
12
13
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13
14
* for more details.
15
* RCSID $Id: pfkey_v2_ext_process.c,v 1.14 2004/02/03 03:13:59 mcr Exp $
16
* RCSID $Id: pfkey_v2_ext_process.c,v 1.19 2004/12/04 07:14:18 mcr Exp $
19
20
* Template from klips/net/ipsec/ipsec/ipsec_netlink.c.
22
char pfkey_v2_ext_process_c_version[] = "$Id: pfkey_v2_ext_process.c,v 1.14 2004/02/03 03:13:59 mcr Exp $";
23
char pfkey_v2_ext_process_c_version[] = "$Id: pfkey_v2_ext_process.c,v 1.19 2004/12/04 07:14:18 mcr Exp $";
24
25
#include <linux/config.h>
25
26
#include <linux/version.h>
26
27
#include <linux/kernel.h> /* printk() */
28
#include "freeswan/ipsec_param.h"
29
#include "openswan/ipsec_param.h"
31
32
# include <linux/slab.h> /* kmalloc() */
69
70
#include <linux/random.h> /* get_random_bytes() */
71
#include "freeswan/radij.h"
72
#include "freeswan/ipsec_encap.h"
73
#include "freeswan/ipsec_sa.h"
72
#include "openswan/radij.h"
73
#include "openswan/ipsec_encap.h"
74
#include "openswan/ipsec_sa.h"
75
#include "freeswan/ipsec_radij.h"
76
#include "freeswan/ipsec_xform.h"
77
#include "freeswan/ipsec_ah.h"
78
#include "freeswan/ipsec_esp.h"
79
#include "freeswan/ipsec_tunnel.h"
80
#include "freeswan/ipsec_rcv.h"
81
#include "freeswan/ipcomp.h"
76
#include "openswan/ipsec_radij.h"
77
#include "openswan/ipsec_xform.h"
78
#include "openswan/ipsec_ah.h"
79
#include "openswan/ipsec_esp.h"
80
#include "openswan/ipsec_tunnel.h"
81
#include "openswan/ipsec_rcv.h"
82
#include "openswan/ipcomp.h"
83
84
#include <pfkeyv2.h>
86
#include "freeswan/ipsec_proto.h"
87
#include "openswan/ipsec_proto.h"
88
#include "openswan/ipsec_alg.h"
88
90
#define SENDERR(_x) do { error = -(_x); goto errlab; } while (0)
140
142
case IPPROTO_ESP:
141
143
ipsp->ips_authalg = pfkey_sa->sadb_sa_auth;
142
144
ipsp->ips_encalg = pfkey_sa->sadb_sa_encrypt;
145
#ifdef CONFIG_KLIPS_ALG
146
ipsec_alg_sa_init(ipsp);
147
#endif /* CONFIG_KLIPS_ALG */
144
149
case IPPROTO_IPIP:
145
150
ipsp->ips_authalg = AH_NONE;
146
151
ipsp->ips_encalg = ESP_NONE;
148
#ifdef CONFIG_IPSEC_IPCOMP
153
#ifdef CONFIG_KLIPS_IPCOMP
149
154
case IPPROTO_COMP:
150
155
ipsp->ips_authalg = AH_NONE;
151
156
ipsp->ips_encalg = pfkey_sa->sadb_sa_encrypt;
153
#endif /* CONFIG_IPSEC_IPCOMP */
158
#endif /* CONFIG_KLIPS_IPCOMP */
154
159
case IPPROTO_INT:
155
160
ipsp->ips_authalg = AH_NONE;
156
161
ipsp->ips_encalg = ESP_NONE;
396
401
SENDERR(EPFNOSUPPORT);
398
(unsigned long)(*sap) = ((struct sockaddr_in*)s)->sin_addr.s_addr;
404
unsigned long *ulsap = (unsigned long *)sap;
405
*ulsap = ((struct sockaddr_in*)s)->sin_addr.s_addr;
400
409
*portp = ((struct sockaddr_in*)s)->sin_port;
401
#ifdef CONFIG_IPSEC_DEBUG
410
#ifdef CONFIG_KLIPS_DEBUG
402
411
if(extr->eroute) {
403
412
char buf1[64], buf2[64];
404
413
if (debug_pfkey) {
797
806
KLIPS_PRINT(debug_pfkey,
798
807
"klips_debug:pfkey_x_debug_process: .\n");
800
#ifdef CONFIG_IPSEC_DEBUG
809
#ifdef CONFIG_KLIPS_DEBUG
801
810
if(pfkey_x_debug->sadb_x_debug_netlink >>
802
811
(sizeof(pfkey_x_debug->sadb_x_debug_netlink) * 8 - 1)) {
803
812
pfkey_x_debug->sadb_x_debug_netlink &=
812
821
debug_ah |= pfkey_x_debug->sadb_x_debug_ah;
813
822
debug_rcv |= pfkey_x_debug->sadb_x_debug_rcv;
814
823
debug_pfkey |= pfkey_x_debug->sadb_x_debug_pfkey;
815
#ifdef CONFIG_IPSEC_IPCOMP
824
#ifdef CONFIG_KLIPS_IPCOMP
816
825
sysctl_ipsec_debug_ipcomp |= pfkey_x_debug->sadb_x_debug_ipcomp;
817
#endif /* CONFIG_IPSEC_IPCOMP */
826
#endif /* CONFIG_KLIPS_IPCOMP */
818
827
sysctl_ipsec_debug_verbose |= pfkey_x_debug->sadb_x_debug_verbose;
819
828
KLIPS_PRINT(debug_pfkey,
820
829
"klips_debug:pfkey_x_debug_process: "
833
842
debug_ah &= pfkey_x_debug->sadb_x_debug_ah;
834
843
debug_rcv &= pfkey_x_debug->sadb_x_debug_rcv;
835
844
debug_pfkey &= pfkey_x_debug->sadb_x_debug_pfkey;
836
#ifdef CONFIG_IPSEC_IPCOMP
845
#ifdef CONFIG_KLIPS_IPCOMP
837
846
sysctl_ipsec_debug_ipcomp &= pfkey_x_debug->sadb_x_debug_ipcomp;
838
#endif /* CONFIG_IPSEC_IPCOMP */
847
#endif /* CONFIG_KLIPS_IPCOMP */
839
848
sysctl_ipsec_debug_verbose &= pfkey_x_debug->sadb_x_debug_verbose;
841
#else /* CONFIG_IPSEC_DEBUG */
850
#else /* CONFIG_KLIPS_DEBUG */
842
851
printk("klips_debug:pfkey_x_debug_process: "
843
852
"debugging not enabled\n");
845
#endif /* CONFIG_IPSEC_DEBUG */
854
#endif /* CONFIG_KLIPS_DEBUG */
852
861
* $Log: pfkey_v2_ext_process.c,v $
862
* Revision 1.19 2004/12/04 07:14:18 mcr
863
* resolution to gcc3-ism was wrong. fixed to assign correct
866
* Revision 1.18 2004/12/03 21:25:57 mcr
867
* compile time fixes for running on 2.6.
868
* still experimental.
870
* Revision 1.17 2004/08/21 00:45:04 mcr
871
* CONFIG_KLIPS_NAT was wrong, also need to include udp.h.
873
* Revision 1.16 2004/07/10 19:11:18 mcr
874
* CONFIG_IPSEC -> CONFIG_KLIPS.
876
* Revision 1.15 2004/04/06 02:49:26 mcr
877
* pullup of algo code from alg-branch.
853
879
* Revision 1.14 2004/02/03 03:13:59 mcr
854
880
* no longer #ifdef out NON_ESP mode. That was a mistake.
858
884
* kernel has been patched, unless CONFIG_IPSEC_NAT_NON_ESP
887
* Revision 1.12.2.1 2003/12/22 15:25:52 jjo
888
* Merged algo-0.8.1-rc11-test1 into alg-branch
861
890
* Revision 1.12 2003/12/10 01:14:27 mcr
862
891
* NAT-traversal patches to KLIPS.