2
* Program to list all the available algorithms.
4
* Copyright (C) 2004 Michael Richardson <mcr@xelerance.com>
6
* This program is free software; you can redistribute it and/or modify it
7
* under the terms of the GNU General Public License as published by the
8
* Free Software Foundation; either version 2 of the License, or (at your
9
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11
* This program is distributed in the hope that it will be useful, but
12
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
17
char spi_c_version[] = "RCSID $Id: algoinfo.c,v 1.1 2004/04/29 04:13:02 mcr Exp $";
19
#include <asm/types.h>
20
#include <sys/types.h>
21
#include <sys/ioctl.h>
22
/* #include <linux/netdevice.h> */
24
/* #include <linux/types.h> */ /* new */
30
/* #include <sys/socket.h> */
32
#include <netinet/in.h>
33
#include <arpa/inet.h>
34
/* #include <linux/ip.h> */
44
#include <linux/autoconf.h> /* CONFIG_IPSEC_PFKEYv2 */
47
#include <sys/socket.h>
51
#include "openswan/radij.h"
52
#include "openswan/ipsec_encap.h"
53
#include "openswan/ipsec_xform.h"
54
#include "openswan/ipsec_ipe4.h"
55
#include "openswan/ipsec_ah.h"
56
#include "openswan/ipsec_esp.h"
57
#include "openswan/ipsec_sa.h" /* IPSEC_SAREF_NULL */
60
#include "kernel_alg.h"
62
struct encap_msghdr *em;
65
* Manual conn support for ipsec_alg (modular algos).
66
* Rather ugly to include from pluto dir but avoids
74
extern int optind, opterr, optopt;
76
char *iv = NULL, *enckey = NULL, *authkey = NULL;
77
size_t ivlen = 0, enckeylen = 0, authkeylen = 0;
78
ip_address edst, dst, src;
79
int address_family = 0;
80
unsigned char proto = 0;
85
* Manual connection support for modular algos (ipsec_alg) --Juanjo.
87
#define XF_OTHER_ALG (XF_CLR-1) /* define magic XF_ symbol for alg_info's */
89
const char *alg_string = NULL; /* algorithm string */
90
struct alg_info_esp *alg_info = NULL; /* algorithm info got from string */
91
struct esp_info *esp_info = NULL; /* esp info from 1st (only) element */
92
const char *alg_err; /* auxiliar for parsing errors */
93
int proc_read_ok = 0; /* /proc/net/pf_key_support read ok */
94
#endif /* KERNEL_ALG */
96
int replay_window = 0;
99
extern unsigned int pfkey_lib_debug; /* used by libfreeswan/pfkey_v2_build */
102
uint32_t pfkey_seq = 0;
117
#define streql(_a,_b) (!strcmp((_a),(_b)))
119
static const char *usage_string = "\
121
in the following, <SA> is: --af <inet | inet6> --edst <dstaddr> --spi <spi> --proto <proto>\n\
122
OR: --said <proto><.|:><spi>@<dstaddr>\n\
123
<life> is: --life <soft|hard>-<allocations|bytes|addtime|usetime|packets>=<value>[,...]\n\
129
spi --ip4 <SA> --src <encap-src> --dst <encap-dst>\n\
130
spi --ip6 <SA> --src <encap-src> --dst <encap-dst>\n\
131
spi --ah <algo> <SA> [<life> ][ --replay_window <replay_window> ] --authkey <key>\n\
132
where <algo> is one of: hmac-md5-96 | hmac-sha1-96 | something-loaded \n\
133
spi --esp <algo> <SA> [<life> ][ --replay_window <replay-window> ] --enckey <ekey> --authkey <akey>\n\
134
where <algo> is one of: 3des-md5-96 | 3des-sha1-96\n | something-loaded\
135
spi --esp <algo> <SA> [<life> ][ --replay_window <replay-window> ] --enckey <ekey>\n\
136
where <algo> is: 3des\n\
137
spi --comp <algo> <SA>\n\
138
where <algo> is: deflate\n\
139
[ --debug ] is optional to any spi command.\n\
140
[ --label <label> ] is optional to any spi command.\n\
141
[ --listenreply ] is optional, and causes the command to stick\n\
142
around and listen to what the PF_KEY socket says.\n\
147
usage(char *s, FILE *f)
149
/* s argument is actually ignored, at present */
150
fprintf(f, "%s:%s", s, usage_string);
155
parse_life_options(uint32_t life[life_maxsever][life_maxtype],
156
char *life_opt[life_maxsever][life_maxtype],
159
char *optargp = optarg;
163
int life_severity, life_type;
164
char *optargt = optargp;
166
if(strncmp(optargp, "soft", sizeof("soft")-1) == 0) {
167
life_severity = life_soft;
168
optargp += sizeof("soft")-1;
169
} else if(strncmp(optargp, "hard", sizeof("hard")-1) == 0) {
170
life_severity = life_hard;
171
optargp += sizeof("hard")-1;
174
"%s: missing lifetime severity in %s, optargt=0p%p, optargp=0p%p, sizeof(\"soft\")=%d\n",
179
(int)sizeof("soft"));
180
usage(program_name, stderr);
185
"%s: debug: life_severity=%d, optargt=0p%p=\"%s\", optargp=0p%p=\"%s\", sizeof(\"soft\")=%d\n",
192
(int)sizeof("soft"));
194
if(*(optargp++) != '-') {
196
"%s: expected '-' after severity of lifetime parameter to --life option.\n",
198
usage(program_name, stderr);
203
"%s: debug: optargt=0p%p=\"%s\", optargp=0p%p=\"%s\", strlen(optargt)=%d, strlen(optargp)=%d, strncmp(optargp, \"addtime\", sizeof(\"addtime\")-1)=%d\n",
209
(int)strlen(optargt),
210
(int)strlen(optargp),
211
strncmp(optargp, "addtime", sizeof("addtime")-1));
213
if(strncmp(optargp, "allocations", sizeof("allocations")-1) == 0) {
214
life_type = life_alloc;
215
optargp += sizeof("allocations")-1;
216
} else if(strncmp(optargp, "bytes", sizeof("bytes")-1) == 0) {
217
life_type = life_bytes;
218
optargp += sizeof("bytes")-1;
219
} else if(strncmp(optargp, "addtime", sizeof("addtime")-1) == 0) {
220
life_type = life_addtime;
221
optargp += sizeof("addtime")-1;
222
} else if(strncmp(optargp, "usetime", sizeof("usetime")-1) == 0) {
223
life_type = life_usetime;
224
optargp += sizeof("usetime")-1;
225
} else if(strncmp(optargp, "packets", sizeof("packets")-1) == 0) {
226
life_type = life_packets;
227
optargp += sizeof("packets")-1;
230
"%s: missing lifetime type after '-' in %s\n",
233
usage(program_name, stderr);
238
"%s: debug: life_type=%d\n",
242
if(life_opt[life_severity][life_type] != NULL) {
244
"%s: Error, lifetime parameter redefined:%s, already defined as:0p%p\n",
247
life_opt[life_severity][life_type]);
250
if(*(optargp++) != '=') {
252
"%s: expected '=' after type of lifetime parameter to --life option.\n",
254
usage(program_name, stderr);
259
"%s: debug: optargt=0p%p, optargt+strlen(optargt)=0p%p, optargp=0p%p, strlen(optargp)=%d\n",
262
optargt+strlen(optargt),
264
(int)strlen(optargp));
266
if(strlen(optargp) == 0) {
268
"%s: expected value after '=' in --life option. optargt=0p%p, optargt+strlen(optargt)=0p%p, optargp=0p%p\n",
271
optargt+strlen(optargt),
273
usage(program_name, stderr);
276
life[life_severity][life_type] = strtoul(optargp, &endptr, 0);
278
if(!((endptr == optargp + strlen(optargp)) || (endptr == optargp + strcspn(optargp, ", ")))) {
280
"%s: Invalid character='%c' at offset %d in lifetime option parameter: '%s', parameter string is %d characters long, %d valid value characters found.\n",
283
(int)(endptr - optarg),
286
(int)(strcspn(optargp, ", ") - 1));
289
life_opt[life_severity][life_type] = optargt;
291
fprintf(stdout, "%s lifetime %s set to %d.\n",
292
program_name, optargt, life[life_severity][life_type]);
295
} while(*endptr==',' || isspace(*endptr));
301
pfkey_register(uint8_t satype) {
302
/* for registering SA types that can be negotiated */
305
struct sadb_ext *extensions[SADB_EXT_MAX + 1];
306
struct sadb_msg *pfkey_msg;
308
pfkey_extensions_init(extensions);
309
error = pfkey_msg_hdr_build(&extensions[0],
316
fprintf(stderr, "%s: Trouble building message header, error=%d.\n",
317
program_name, error);
318
pfkey_extensions_free(extensions);
322
error = pfkey_msg_build(&pfkey_msg, extensions, EXT_BITS_IN);
324
fprintf(stderr, "%s: Trouble building pfkey message, error=%d.\n",
325
program_name, error);
326
pfkey_extensions_free(extensions);
327
pfkey_msg_free(&pfkey_msg);
330
wlen = write(pfkey_sock, pfkey_msg,
331
pfkey_msg->sadb_msg_len * IPSEC_PFKEYv2_ALIGN);
332
if(wlen != (ssize_t)(pfkey_msg->sadb_msg_len * IPSEC_PFKEYv2_ALIGN)) {
333
/* cleanup code here */
335
fprintf(stderr, "%s: Trouble writing to channel PF_KEY: %s\n",
339
fprintf(stderr, "%s: write to channel PF_KEY truncated.\n",
341
pfkey_extensions_free(extensions);
342
pfkey_msg_free(&pfkey_msg);
345
pfkey_extensions_free(extensions);
346
pfkey_msg_free(&pfkey_msg);
351
static struct option const longopts[] =
360
{"authkey", 1, 0, 'A'},
361
{"enckey", 1, 0, 'E'},
364
{"proto", 1, 0, 'p'},
366
{"replay_window", 1, 0, 'w'},
373
{"version", 0, 0, 'v'},
374
{"clear", 0, 0, 'c'},
375
{"label", 1, 0, 'l'},
376
{"debug", 0, 0, 'g'},
377
{"optionsfrom", 1, 0, '+'},
379
{"saref", 0, 0, 'r'},
380
{"listenreply", 0, 0, 'R'},
385
main(int argc, char *argv[])
389
int c, previous = -1;
394
char ipaddr_txt[ADDRTOT_BUF];
395
char ipsaid_txt[SATOT_BUF];
403
unsigned char authalg, encryptalg;
404
struct sadb_ext *extensions[SADB_EXT_MAX + 1];
405
struct sadb_msg *pfkey_msg;
406
char *iv_opt, *akey_opt, *ekey_opt, *alg_opt, *edst_opt, *spi_opt, *proto_opt, *af_opt, *said_opt, *dst_opt, *src_opt;
408
ip_address pfkey_address_p_ska;
409
ip_address pfkey_ident_s_ska;
410
ip_address pfkey_ident_d_ska;
412
uint32_t life[life_maxsever][life_maxtype];
413
char *life_opt[life_maxsever][life_maxtype];
415
program_name = argv[0];
418
memset(&said, 0, sizeof(said));
419
iv_opt = akey_opt = ekey_opt = alg_opt = edst_opt = spi_opt = proto_opt = af_opt = said_opt = dst_opt = src_opt = NULL;
422
for(i = 0; i < life_maxsever; i++) {
423
for(j = 0; j < life_maxtype; j++) {
424
life_opt[i][j] = NULL;
430
while((c = getopt_long(argc, argv, ""/*"H:P:Z:46dcA:E:e:s:a:w:i:D:S:hvgl:+:f:"*/, longopts, 0)) != EOF) {
434
pfkey_lib_debug = PF_KEY_DEBUG_PARSE_MAX;
449
program_name = malloc(strlen(argv[0])
450
+ 10 /* update this when changing the sprintf() */
452
sprintf(program_name, "%s --label %s",
459
fprintf(stderr, "%s: Only one of '--ah', '--esp', '--comp', '--ip4', '--ip6', '--del' or '--clear' options permitted.\n",
463
if (!strcmp(optarg, "hmac-md5-96")) {
465
} else if(!strcmp(optarg, "hmac-sha1-96")) {
468
fprintf(stderr, "%s: Unknown authentication algorithm '%s' follows '--ah' option.\n",
469
program_name, optarg);
473
fprintf(stdout, "%s: Algorithm %d selected.\n",
481
fprintf(stderr, "%s: Only one of '--ah', '--esp', '--comp', '--ip4', '--ip6', '--del' or '--clear' options permitted.\n",
485
if (!strcmp(optarg, "3des-md5-96")) {
486
alg = XF_ESP3DESMD596;
487
} else if(!strcmp(optarg, "3des-sha1-96")) {
488
alg = XF_ESP3DESSHA196;
489
} else if(!strcmp(optarg, "3des")) {
492
} else if((alg_info=alg_info_esp_create_from_str(optarg, &alg_err, FALSE))) {
493
int esp_ealg_id, esp_aalg_id;
495
if (alg_info->alg_info_cnt>1) {
496
fprintf(stderr, "%s: Invalid encryption algorithm '%s' "
497
"follows '--esp' option: lead too many(%d) "
499
program_name, optarg, alg_info->alg_info_cnt);
503
esp_info=&alg_info->esp[0];
505
fprintf(stdout, "%s: alg_info: cnt=%d ealg[0]=%d aalg[0]=%d\n",
507
alg_info->alg_info_cnt,
508
esp_info->encryptalg,
511
esp_ealg_id=esp_info->esp_ealg_id;
512
esp_aalg_id=esp_info->esp_aalg_id;
513
if (kernel_alg_proc_read()==0) {
515
if (!kernel_alg_esp_enc_ok(esp_ealg_id, 0, 0))
517
fprintf(stderr, "%s: ESP encryptalg=%d (\"%s\") "
521
enum_name(&esp_transformid_names, esp_ealg_id));
524
if (!kernel_alg_esp_auth_ok(esp_aalg_id, 0))
526
fprintf(stderr, "%s: ESP authalg=%d (\"%s\")"
530
enum_name(&auth_alg_names, esp_aalg_id));
534
#endif /* KERNEL_ALG */
536
fprintf(stderr, "%s: Invalid encryption algorithm '%s' follows '--esp' option.\n",
537
program_name, optarg);
541
fprintf(stdout, "%s: Algorithm %d selected.\n",
549
fprintf(stderr, "%s: Only one of '--ah', '--esp', '--comp', '--ip4', '--ip6', '--del' or '--clear' options permitted.\n",
553
if (!strcmp(optarg, "deflate")) {
554
alg = XF_COMPDEFLATE;
556
fprintf(stderr, "%s: Unknown compression algorithm '%s' follows '--comp' option.\n",
557
program_name, optarg);
561
fprintf(stdout, "%s: Algorithm %d selected.\n",
569
fprintf(stderr, "%s: Only one of '--ah', '--esp', '--comp', '--ip4', '--ip6', '--del' or '--clear' options permitted.\n",
574
address_family = AF_INET;
576
fprintf(stdout, "%s: Algorithm %d selected.\n",
584
fprintf(stderr, "%s: Only one of '--ah', '--esp', '--comp', '--ip4', '--ip6', '--del' or '--clear' options permitted.\n",
589
address_family = AF_INET6;
591
fprintf(stdout, "%s: Algorithm %d selected.\n",
599
fprintf(stderr, "%s: Only one of '--ah', '--esp', '--comp', '--ip4', '--ip6', '--del' or '--clear' options permitted.\n",
605
fprintf(stdout, "%s: Algorithm %d selected.\n",
613
fprintf(stderr, "%s: Only one of '--ah', '--esp', '--comp', '--ip4', '--ip6', '--del' or '--clear' options permitted.\n",
619
fprintf(stdout, "%s: Algorithm %d selected.\n",
627
fprintf(stderr, "%s: Error, EDST parameter redefined:%s, already defined in SA:%s\n",
628
program_name, optarg, said_opt);
632
fprintf(stderr, "%s: Error, EDST parameter redefined:%s, already defined as:%s\n",
633
program_name, optarg, edst_opt);
636
error_s = ttoaddr(optarg, 0, address_family, &edst);
637
if(error_s != NULL) {
639
fprintf(stderr, "%s: Error, %s converting --edst argument:%s\n",
640
program_name, error_s, optarg);
646
addrtot(&edst, 0, ipaddr_txt, sizeof(ipaddr_txt));
647
fprintf(stdout, "%s: edst=%s.\n",
654
fprintf(stderr, "%s: Error, SPI parameter redefined:%s, already defined in SA:%s\n",
655
program_name, optarg, said_opt);
659
fprintf(stderr, "%s: Error, SPI parameter redefined:%s, already defined as:%s\n",
660
program_name, optarg, spi_opt);
663
spi = strtoul(optarg, &endptr, 0);
664
if(!(endptr == optarg + strlen(optarg))) {
665
fprintf(stderr, "%s: Invalid character in SPI parameter: %s\n",
666
program_name, optarg);
670
fprintf(stderr, "%s: Illegal reserved spi: %s => 0x%x Must be larger than 0x100.\n",
671
program_name, optarg, spi);
678
fprintf(stderr, "%s: Error, PROTO parameter redefined:%s, already defined in SA:%s\n",
679
program_name, optarg, said_opt);
683
fprintf(stderr, "%s: Error, PROTO parameter redefined:%s, already defined as:%s\n",
684
program_name, optarg, proto_opt);
687
if(!strcmp(optarg, "ah"))
689
if(!strcmp(optarg, "esp"))
691
if(!strcmp(optarg, "tun"))
693
if(!strcmp(optarg, "comp"))
696
fprintf(stderr, "%s: Invalid PROTO parameter: %s\n",
697
program_name, optarg);
704
fprintf(stderr, "%s: Error, ADDRESS FAMILY parameter redefined:%s, already defined in SA:%s\n",
705
program_name, optarg, said_opt);
709
fprintf(stderr, "%s: Error, ADDRESS FAMILY parameter redefined:%s, already defined as:%s\n",
710
program_name, optarg, af_opt);
713
if(strcmp(optarg, "inet") == 0) {
714
address_family = AF_INET;
715
/* currently we ensure that all addresses belong to the same address family */
716
anyaddr(address_family, &dst);
717
anyaddr(address_family, &edst);
718
anyaddr(address_family, &src);
720
if(strcmp(optarg, "inet6") == 0) {
721
address_family = AF_INET6;
722
/* currently we ensure that all addresses belong to the same address family */
723
anyaddr(address_family, &dst);
724
anyaddr(address_family, &edst);
725
anyaddr(address_family, &src);
727
if((strcmp(optarg, "inet") != 0) && (strcmp(optarg, "inet6") != 0)) {
728
fprintf(stderr, "%s: Invalid ADDRESS FAMILY parameter: %s.\n",
729
program_name, optarg);
736
fprintf(stderr, "%s: Error, SAID parameter redefined:%s, already defined in SA:%s\n",
737
program_name, optarg, said_opt);
741
fprintf(stderr, "%s: Error, PROTO parameter redefined in SA:%s, already defined as:%s\n",
742
program_name, optarg, proto_opt);
746
fprintf(stderr, "%s: Error, EDST parameter redefined in SA:%s, already defined as:%s\n",
747
program_name, optarg, edst_opt);
751
fprintf(stderr, "%s: Error, SPI parameter redefined in SA:%s, already defined as:%s\n",
752
program_name, optarg, spi_opt);
755
error_s = ttosa(optarg, 0, &said);
756
if(error_s != NULL) {
757
fprintf(stderr, "%s: Error, %s converting --sa argument:%s\n",
758
program_name, error_s, optarg);
762
satot(&said, 0, ipsaid_txt, sizeof(ipsaid_txt));
763
fprintf(stdout, "%s: said=%s.\n",
767
/* init the src and dst with the same address family */
768
if(address_family == 0) {
769
address_family = addrtypeof(&said.dst);
770
} else if(address_family != addrtypeof(&said.dst)) {
771
fprintf(stderr, "%s: Error, specified address family (%d) is different that of SAID: %s\n",
772
program_name, address_family, optarg);
775
anyaddr(address_family, &dst);
776
anyaddr(address_family, &edst);
777
anyaddr(address_family, &src);
781
if(optarg[0] == '0') {
788
fprintf(stderr, "%s: Authentication key must have a '0x', '0t' or '0s' prefix to select the format: %s\n",
789
program_name, optarg);
793
authkeylen = atodata(optarg, 0, NULL, 0);
795
fprintf(stderr, "%s: unknown format or syntax error in authentication key: %s\n",
796
program_name, optarg);
799
authkey = malloc(authkeylen);
800
if(authkey == NULL) {
801
fprintf(stderr, "%s: Memory allocation error.\n", program_name);
804
memset(authkey, 0, authkeylen);
805
authkeylen = atodata(optarg, 0, authkey, authkeylen);
809
if(optarg[0] == '0') {
816
fprintf(stderr, "%s: Encryption key must have a '0x', '0t' or '0s' prefix to select the format: %s\n",
817
program_name, optarg);
821
enckeylen = atodata(optarg, 0, NULL, 0);
823
fprintf(stderr, "%s: unknown format or syntax error in encryption key: %s\n",
824
program_name, optarg);
827
enckey = malloc(enckeylen);
829
fprintf(stderr, "%s: Memory allocation error.\n", program_name);
832
memset(enckey, 0, enckeylen);
833
enckeylen = atodata(optarg, 0, enckey, enckeylen);
837
replay_window = strtoul(optarg, &endptr, 0);
838
if(!(endptr == optarg + strlen(optarg))) {
839
fprintf(stderr, "%s: Invalid character in replay_window parameter: %s\n",
840
program_name, optarg);
843
if((replay_window < 0x1) || (replay_window > 64)) {
844
fprintf(stderr, "%s: Failed -- Illegal window size: arg=%s, replay_window=%d, must be 1 <= size <= 64.\n",
845
program_name, optarg, replay_window);
850
if(optarg[0] == '0') {
857
fprintf(stderr, "%s: IV must have a '0x', '0t' or '0s' prefix to select the format, found '%c'.\n",
858
program_name, optarg[1]);
862
ivlen = atodata(optarg, 0, NULL, 0);
864
fprintf(stderr, "%s: unknown format or syntax error in IV: %s\n",
865
program_name, optarg);
870
fprintf(stderr, "%s: Memory allocation error.\n", program_name);
873
memset(iv, 0, ivlen);
874
ivlen = atodata(optarg, 0, iv, ivlen);
879
fprintf(stderr, "%s: Error, DST parameter redefined:%s, already defined as:%s\n",
880
program_name, optarg, dst_opt);
883
error_s = ttoaddr(optarg, 0, address_family, &dst);
884
if(error_s != NULL) {
885
fprintf(stderr, "%s: Error, %s converting --dst argument:%s\n",
886
program_name, error_s, optarg);
891
addrtot(&dst, 0, ipaddr_txt, sizeof(ipaddr_txt));
892
fprintf(stdout, "%s: dst=%s.\n",
899
fprintf(stderr, "%s: Error, SRC parameter redefined:%s, already defined as:%s\n",
900
program_name, optarg, src_opt);
903
error_s = ttoaddr(optarg, 0, address_family, &src);
904
if(error_s != NULL) {
905
fprintf(stderr, "%s: Error, %s converting --src argument:%s\n",
906
program_name, error_s, optarg);
911
addrtot(&src, 0, ipaddr_txt, sizeof(ipaddr_txt));
912
fprintf(stdout, "%s: src=%s.\n",
918
usage(program_name, stdout);
921
usage(program_name, stderr);
924
fprintf(stdout, "%s, %s\n", program_name, spi_c_version);
926
case '+': /* optionsfrom */
927
optionsfrom(optarg, &argc, &argv, optind, stderr);
928
/* no return on error */
931
if(parse_life_options(life,
938
fprintf(stderr, "%s: unrecognized option '%c', update option processing.\n",
945
fprintf(stdout, "%s: All options processed.\n",
950
system("cat /proc/net/ipsec_spi");
957
/* validate keysizes */
959
const struct sadb_alg *alg_p;
960
int keylen, minbits, maxbits;
961
alg_p=kernel_alg_sadb_alg_get(SADB_SATYPE_ESP,SADB_EXT_SUPPORTED_ENCRYPT,
962
esp_info->encryptalg);
964
keylen=enckeylen * 8;
966
if (alg_p->sadb_alg_id==ESP_3DES || alg_p->sadb_alg_id==ESP_DES) {
967
maxbits=minbits=alg_p->sadb_alg_minbits * 8 /7;
969
minbits=alg_p->sadb_alg_minbits;
970
maxbits=alg_p->sadb_alg_maxbits;
973
* if explicit keylen told in encrypt algo, eg "aes128"
974
* check actual keylen "equality"
976
if (esp_info->esp_ealg_keylen &&
977
esp_info->esp_ealg_keylen!=keylen) {
978
fprintf(stderr, "%s: invalid encryption keylen=%d, "
979
"required %d by encrypt algo string=\"%s\"\n",
982
(int)esp_info->esp_ealg_keylen,
987
/* thanks DES for this sh*t */
989
if (minbits > keylen || maxbits < keylen) {
990
fprintf(stderr, "%s: invalid encryption keylen=%d, "
991
"must be between %d and %d bits\n",
993
keylen, minbits, maxbits);
996
alg_p=kernel_alg_sadb_alg_get(SADB_SATYPE_ESP,SADB_EXT_SUPPORTED_AUTH,
999
keylen=authkeylen * 8;
1000
minbits=alg_p->sadb_alg_minbits;
1001
maxbits=alg_p->sadb_alg_maxbits;
1002
if (minbits > keylen || maxbits < keylen) {
1003
fprintf(stderr, "%s: invalid auth keylen=%d, "
1004
"must be between %d and %d bits\n",
1006
keylen, minbits, maxbits);
1011
#endif /* KERNEL_ALG */
1017
case XF_ESP3DESMD596:
1018
case XF_ESP3DESSHA196:
1020
case XF_COMPDEFLATE:
1022
if(isanyaddr(&edst)) {
1023
fprintf(stderr, "%s: SA destination not specified.\n",
1028
fprintf(stderr, "%s: SA SPI not specified.\n",
1033
fprintf(stderr, "%s: SA PROTO not specified.\n",
1037
initsaid(&edst, htonl(spi), proto, &said);
1040
spi = ntohl(said.spi);
1043
if((address_family != 0) && (address_family != addrtypeof(&said.dst))) {
1044
fprintf(stderr, "%s: Defined address family and address family of SA missmatch.\n",
1048
sa_len = satot(&said, 0, sa, sizeof(sa));
1051
fprintf(stdout, "%s: SA valid.\n",
1058
fprintf(stderr, "%s: No action chosen. See '%s --help' for usage.\n",
1059
program_name, program_name);
1070
case XF_ESP3DESMD596:
1071
case XF_ESP3DESSHA196:
1073
case XF_COMPDEFLATE:
1076
#endif /* NO_KERNEL_ALG */
1079
fprintf(stderr, "%s: No action chosen. See '%s --help' for usage.\n",
1080
program_name, program_name);
1084
fprintf(stdout, "%s: Algorithm ok.\n",
1088
if((pfkey_sock = socket(PF_KEY, SOCK_RAW, PF_KEY_V2) ) < 0) {
1089
fprintf(stderr, "%s: Trouble opening PF_KEY family socket with error: ",
1093
fprintf(stderr, "device does not exist. See FreeS/WAN installation procedure.\n");
1096
fprintf(stderr, "access denied. ");
1098
fprintf(stderr, "Check permissions. Should be 600.\n");
1100
fprintf(stderr, "You must be root to open this file.\n");
1104
fprintf(stderr, "Netlink not enabled OR KLIPS not loaded.\n");
1107
fprintf(stderr, "KLIPS not loaded or enabled.\n");
1110
fprintf(stderr, "KLIPS is busy. Most likely a serious internal error occured in a previous command. Please report as much detail as possible to development team.\n");
1113
fprintf(stderr, "Invalid argument, KLIPS not loaded or check kernel log messages for specifics.\n");
1116
fprintf(stderr, "No kernel memory to allocate SA.\n");
1118
case ESOCKTNOSUPPORT:
1119
fprintf(stderr, "Algorithm support not available in the kernel. Please compile in support.\n");
1122
fprintf(stderr, "SA already in use. Delete old one first.\n");
1125
fprintf(stderr, "SA does not exist. Cannot delete.\n");
1128
fprintf(stderr, "KLIPS not loaded or enabled.\n");
1131
fprintf(stderr, "Unknown file open error %d. Please report as much detail as possible to development team.\n", errno);
1136
#ifdef MANUAL_IS_NOT_ABLE_TO_NEGOTIATE
1137
/* for registering SA types that can be negotiated */
1138
if(pfkey_register(SADB_SATYPE_AH) != 0) {
1141
if(pfkey_register(SADB_SATYPE_ESP) != 0) {
1144
if(pfkey_register(SADB_X_SATYPE_IPIP) != 0) {
1147
if(pfkey_register(SADB_X_SATYPE_COMP) != 0) {
1150
#endif /* MANUAL_IS_NOT_ABLE_TO_NEGOTIATE */
1152
/* Build an SADB_ADD message to send down. */
1153
/* It needs <base, SA, address(SD), key(AE)> minimum. */
1154
/* Lifetime(HS) could be added before addresses. */
1155
pfkey_extensions_init(extensions);
1157
fprintf(stdout, "%s: extensions=0p%p &extensions=0p%p extensions[0]=0p%p &extensions[0]=0p%p cleared.\n",
1164
if((error = pfkey_msg_hdr_build(&extensions[0],
1165
(alg == XF_DEL ? SADB_DELETE : alg == XF_CLR ? SADB_FLUSH : SADB_ADD),
1166
proto2satype(proto),
1170
fprintf(stderr, "%s: Trouble building message header, error=%d.\n",
1171
program_name, error);
1172
pfkey_extensions_free(extensions);
1176
fprintf(stdout, "%s: extensions=0p%p &extensions=0p%p extensions[0]=0p%p &extensions[0]=0p%p set w/msghdr.\n",
1184
fprintf(stdout, "%s: base message assembled.\n", program_name);
1189
case XF_ESP3DESMD596:
1190
authalg = SADB_AALG_MD5HMAC;
1193
case XF_ESP3DESSHA196:
1194
authalg = SADB_AALG_SHA1HMAC;
1198
authalg= esp_info->authalg;
1200
fprintf(stdout, "%s: debug: authalg=%d\n",
1201
program_name, authalg);
1204
#endif /* KERNEL_ALG */
1207
authalg = SADB_AALG_NONE;
1211
case XF_ESP3DESMD596:
1212
case XF_ESP3DESSHA196:
1213
encryptalg = SADB_EALG_3DESCBC;
1215
case XF_COMPDEFLATE:
1216
encryptalg = SADB_X_CALG_DEFLATE;
1220
encryptalg= esp_info->encryptalg;
1222
fprintf(stdout, "%s: debug: encryptalg=%d\n",
1223
program_name, encryptalg);
1226
#endif /* KERNEL_ALG */
1228
encryptalg = SADB_EALG_NONE;
1230
if(!(alg == XF_CLR /* IE: pfkey_msg->sadb_msg_type == SADB_FLUSH */)) {
1231
if((error = pfkey_sa_build(&extensions[SADB_EXT_SA],
1233
htonl(spi), /* in network order */
1235
SADB_SASTATE_MATURE,
1239
fprintf(stderr, "%s: Trouble building sa extension, error=%d.\n",
1240
program_name, error);
1241
pfkey_extensions_free(extensions);
1245
fprintf(stdout, "%s: extensions[0]=0p%p previously set with msg_hdr.\n",
1250
fprintf(stdout, "%s: assembled SA extension, pfkey msg authalg=%d encalg=%d.\n",
1258
for(i = 0; i < life_maxsever; i++) {
1259
for(j = 0; j < life_maxtype; j++) {
1260
fprintf(stdout, "%s: i=%d, j=%d, life_opt[%d][%d]=0p%p, life[%d][%d]=%d\n",
1262
i, j, i, j, life_opt[i][j], i, j, life[i][j]);
1266
if(life_opt[life_soft][life_alloc] != NULL ||
1267
life_opt[life_soft][life_bytes] != NULL ||
1268
life_opt[life_soft][life_addtime] != NULL ||
1269
life_opt[life_soft][life_usetime] != NULL ||
1270
life_opt[life_soft][life_packets] != NULL) {
1271
if((error = pfkey_lifetime_build(&extensions[SADB_EXT_LIFETIME_SOFT],
1272
SADB_EXT_LIFETIME_SOFT,
1273
life[life_soft][life_alloc],/*-1,*/ /*allocations*/
1274
life[life_soft][life_bytes],/*-1,*/ /*bytes*/
1275
life[life_soft][life_addtime],/*-1,*/ /*addtime*/
1276
life[life_soft][life_usetime],/*-1,*/ /*usetime*/
1277
life[life_soft][life_packets]/*-1*/))) { /*packets*/
1278
fprintf(stderr, "%s: Trouble building lifetime_s extension, error=%d.\n",
1279
program_name, error);
1280
pfkey_extensions_free(extensions);
1284
fprintf(stdout, "%s: lifetime_s extension assembled.\n",
1289
if(life_opt[life_hard][life_alloc] != NULL ||
1290
life_opt[life_hard][life_bytes] != NULL ||
1291
life_opt[life_hard][life_addtime] != NULL ||
1292
life_opt[life_hard][life_usetime] != NULL ||
1293
life_opt[life_hard][life_packets] != NULL) {
1294
if((error = pfkey_lifetime_build(&extensions[SADB_EXT_LIFETIME_HARD],
1295
SADB_EXT_LIFETIME_HARD,
1296
life[life_hard][life_alloc],/*-1,*/ /*allocations*/
1297
life[life_hard][life_bytes],/*-1,*/ /*bytes*/
1298
life[life_hard][life_addtime],/*-1,*/ /*addtime*/
1299
life[life_hard][life_usetime],/*-1,*/ /*usetime*/
1300
life[life_hard][life_packets]/*-1*/))) { /*packets*/
1301
fprintf(stderr, "%s: Trouble building lifetime_h extension, error=%d.\n",
1302
program_name, error);
1303
pfkey_extensions_free(extensions);
1307
fprintf(stdout, "%s: lifetime_h extension assembled.\n",
1313
addrtot(&src, 0, ipaddr_txt, sizeof(ipaddr_txt));
1314
fprintf(stdout, "%s: assembling address_s extension (%s).\n",
1315
program_name, ipaddr_txt);
1318
if((error = pfkey_address_build(&extensions[SADB_EXT_ADDRESS_SRC],
1319
SADB_EXT_ADDRESS_SRC,
1322
sockaddrof(&src)))) {
1323
addrtot(&src, 0, ipaddr_txt, sizeof(ipaddr_txt));
1324
fprintf(stderr, "%s: Trouble building address_s extension (%s), error=%d.\n",
1325
program_name, ipaddr_txt, error);
1326
pfkey_extensions_free(extensions);
1330
ip_address temp_addr;
1332
switch(address_family) {
1334
initaddr((const unsigned char *)&(((struct sockaddr_in*)( ((struct sadb_address*)(extensions[SADB_EXT_ADDRESS_SRC])) + 1))->sin_addr),
1335
sockaddrlenof(&src), address_family, &temp_addr);
1338
initaddr((const unsigned char *)&(((struct sockaddr_in6*)( ((struct sadb_address*)(extensions[SADB_EXT_ADDRESS_SRC])) + 1))->sin6_addr),
1339
sockaddrlenof(&src), address_family, &temp_addr);
1342
fprintf(stdout, "%s: unknown address family (%d).\n",
1343
program_name, address_family);
1346
addrtot(&temp_addr, 0, ipaddr_txt, sizeof(ipaddr_txt));
1347
fprintf(stdout, "%s: address_s extension assembled (%s).\n",
1348
program_name, ipaddr_txt);
1352
addrtot(&edst, 0, ipaddr_txt, sizeof(ipaddr_txt));
1353
fprintf(stdout, "%s: assembling address_d extension (%s).\n",
1354
program_name, ipaddr_txt);
1357
if((error = pfkey_address_build(&extensions[SADB_EXT_ADDRESS_DST],
1358
SADB_EXT_ADDRESS_DST,
1361
sockaddrof(&edst)))) {
1362
addrtot(&edst, 0, ipaddr_txt, sizeof(ipaddr_txt));
1363
fprintf(stderr, "%s: Trouble building address_d extension (%s), error=%d.\n",
1364
program_name, ipaddr_txt, error);
1365
pfkey_extensions_free(extensions);
1369
ip_address temp_addr;
1370
switch(address_family) {
1372
initaddr((const unsigned char *)&(((struct sockaddr_in*)( ((struct sadb_address*)(extensions[SADB_EXT_ADDRESS_DST])) + 1))->sin_addr),
1373
4, address_family, &temp_addr);
1376
initaddr((const unsigned char *)&(((struct sockaddr_in6*)( ((struct sadb_address*)(extensions[SADB_EXT_ADDRESS_DST])) + 1))->sin6_addr),
1377
16, address_family, &temp_addr);
1380
fprintf(stdout, "%s: unknown address family (%d).\n",
1381
program_name, address_family);
1384
addrtot(&temp_addr, 0, ipaddr_txt, sizeof(ipaddr_txt));
1385
fprintf(stdout, "%s: address_d extension assembled (%s).\n",
1386
program_name, ipaddr_txt);
1390
anyaddr(address_family, &pfkey_address_p_ska);
1391
if((error = pfkey_address_build(&extensions[SADB_EXT_ADDRESS_PROXY],
1392
SADB_EXT_ADDRESS_PROXY,
1395
sockaddrof(&pfkey_address_p_ska)))) {
1396
fprintf(stderr, "%s: Trouble building address_p extension, error=%d.\n",
1397
program_name, error);
1398
pfkey_extensions_free(extensions);
1402
fprintf(stdout, "%s: address_p extension assembled.\n", program_name);
1404
#endif /* PFKEY_PROXY */
1408
/* Allow no auth ... after all is local root decision 8) */
1412
#endif /* KERNEL_ALG */
1414
case XF_ESP3DESMD596:
1416
case XF_ESP3DESSHA196:
1417
if((error = pfkey_key_build(&extensions[SADB_EXT_KEY_AUTH],
1421
fprintf(stderr, "%s: Trouble building key_a extension, error=%d.\n",
1422
program_name, error);
1423
pfkey_extensions_free(extensions);
1427
fprintf(stdout, "%s: key_a extension assembled.\n",
1437
case XF_ESP3DESMD596:
1438
case XF_ESP3DESSHA196:
1441
#endif /* KERNEL_ALG */
1442
if((error = pfkey_key_build(&extensions[SADB_EXT_KEY_ENCRYPT],
1443
SADB_EXT_KEY_ENCRYPT,
1446
fprintf(stderr, "%s: Trouble building key_e extension, error=%d.\n",
1447
program_name, error);
1448
pfkey_extensions_free(extensions);
1452
fprintf(stdout, "%s: key_e extension assembled.\n",
1460
#ifdef PFKEY_IDENT /* GG: looks wierd, not touched */
1461
if((pfkey_ident_build(&extensions[SADB_EXT_IDENTITY_SRC],
1462
SADB_EXT_IDENTITY_SRC,
1463
SADB_IDENTTYPE_PREFIX,
1465
strlen(pfkey_ident_s_ska),
1466
pfkey_ident_s_ska))) {
1467
fprintf(stderr, "%s: Trouble building ident_s extension, error=%d.\n",
1468
program_name, error);
1469
pfkey_extensions_free(extensions);
1472
if(subnettoa(addr, mask, format, pfkey_ident_s_ska,
1473
sizeof(pfkey_ident_s_ska) ) !=
1474
sizeof(pfkey_ident_s_ska) ) {
1478
if((error = pfkey_ident_build(&extensions[SADB_EXT_IDENTITY_DST],
1479
SADB_EXT_IDENTITY_DST,
1480
SADB_IDENTTYPE_PREFIX,
1482
strlen(pfkey_ident_d_ska),
1483
pfkey_ident_d_ska))) {
1484
fprintf(stderr, "%s: Trouble building ident_d extension, error=%d.\n",
1485
program_name, error);
1486
pfkey_extensions_free(extensions);
1489
if(subnettoa(addr, mask, format, pfkey_ident_d_ska,
1490
sizeof(pfkey_ident_d_ska) ) !=
1491
sizeof(pfkey_ident_d_ska) ) {
1496
fprintf(stdout, "%s: ident extensions assembled.\n",
1499
#endif /* PFKEY_IDENT */
1503
fprintf(stdout, "%s: assembling pfkey msg....\n",
1506
if((error = pfkey_msg_build(&pfkey_msg, extensions, EXT_BITS_IN))) {
1507
fprintf(stderr, "%s: Trouble building pfkey message, error=%d.\n",
1508
program_name, error);
1509
pfkey_extensions_free(extensions);
1510
pfkey_msg_free(&pfkey_msg);
1514
fprintf(stdout, "%s: assembled.\n",
1518
fprintf(stdout, "%s: writing pfkey msg.\n",
1521
io_error = write(pfkey_sock,
1523
pfkey_msg->sadb_msg_len * IPSEC_PFKEYv2_ALIGN);
1525
fprintf(stderr, "%s: pfkey write failed (errno=%d): ",
1526
program_name, errno);
1527
pfkey_extensions_free(extensions);
1528
pfkey_msg_free(&pfkey_msg);
1531
fprintf(stderr, "access denied. ");
1533
fprintf(stderr, "Check permissions. Should be 600.\n");
1535
fprintf(stderr, "You must be root to open this file.\n");
1539
fprintf(stderr, "Netlink not enabled OR KLIPS not loaded.\n");
1542
fprintf(stderr, "KLIPS is busy. Most likely a serious internal error occured in a previous command. Please report as much detail as possible to development team.\n");
1545
fprintf(stderr, "Invalid argument, check kernel log messages for specifics.\n");
1548
fprintf(stderr, "KLIPS not loaded or enabled.\n");
1549
fprintf(stderr, "No device?!?\n");
1552
fprintf(stderr, "No kernel memory to allocate SA.\n");
1554
case ESOCKTNOSUPPORT:
1555
fprintf(stderr, "Algorithm support not available in the kernel. Please compile in support.\n");
1558
fprintf(stderr, "SA already in use. Delete old one first.\n");
1561
fprintf(stderr, "device does not exist. See FreeS/WAN installation procedure.\n");
1565
fprintf(stderr, "SA does not exist. Cannot delete.\n");
1568
fprintf(stderr, "no room in kernel SAref table. Cannot process request.\n");
1571
fprintf(stderr, "kernel SAref table internal error. Cannot process request.\n");
1574
fprintf(stderr, "Unknown socket write error %d (%s). Please report as much detail as possible to development team.\n",
1575
errno, strerror(errno));
1578
} else if (io_error != (ssize_t)(pfkey_msg->sadb_msg_len * IPSEC_PFKEYv2_ALIGN)) {
1579
fprintf(stderr, "%s: pfkey write truncated to %d bytes\n",
1580
program_name, (int)io_error);
1581
pfkey_extensions_free(extensions);
1582
pfkey_msg_free(&pfkey_msg);
1587
fprintf(stdout, "%s: pfkey command written to socket.\n",
1592
pfkey_extensions_free(extensions);
1593
pfkey_msg_free(&pfkey_msg);
1596
fprintf(stdout, "%s: pfkey message buffer freed.\n",
1600
memset((caddr_t)authkey, 0, authkeylen);
1604
memset((caddr_t)enckey, 0, enckeylen);
1608
memset((caddr_t)iv, 0, ivlen);
1612
if(listenreply || saref) {
1614
unsigned char pfkey_buf[PFKEYv2_MAX_MSGSIZE];
1616
while((readlen = read(pfkey_sock, pfkey_buf, sizeof(pfkey_buf))) > 0) {
1617
struct sadb_ext *extensions[SADB_EXT_MAX + 1];
1618
pfkey_extensions_init(extensions);
1619
pfkey_msg = (struct sadb_msg *)pfkey_buf;
1621
/* first, see if we got enough for an sadb_msg */
1622
if((size_t)readlen < sizeof(struct sadb_msg)) {
1624
printf("%s: runt packet of size: %ld (<%lu)\n",
1625
program_name, (long)readlen, (unsigned long)sizeof(struct sadb_msg));
1630
/* okay, we got enough for a message, print it out */
1632
printf("%s: pfkey v%d msg received. type=%d(%s) seq=%d len=%d pid=%d errno=%d satype=%d(%s)\n",
1634
pfkey_msg->sadb_msg_version,
1635
pfkey_msg->sadb_msg_type,
1636
pfkey_v2_sadb_type_string(pfkey_msg->sadb_msg_type),
1637
pfkey_msg->sadb_msg_seq,
1638
pfkey_msg->sadb_msg_len,
1639
pfkey_msg->sadb_msg_pid,
1640
pfkey_msg->sadb_msg_errno,
1641
pfkey_msg->sadb_msg_satype,
1642
satype2name(pfkey_msg->sadb_msg_satype));
1645
if(readlen != (ssize_t)(pfkey_msg->sadb_msg_len * IPSEC_PFKEYv2_ALIGN))
1648
printf("%s: packet size read from socket=%d doesn't equal sadb_msg_len %u * %u; message not decoded\n",
1651
(unsigned)pfkey_msg->sadb_msg_len,
1652
(unsigned)IPSEC_PFKEYv2_ALIGN);
1657
if (pfkey_msg_parse(pfkey_msg, NULL, extensions, EXT_BITS_OUT)) {
1659
printf("%s: unparseable PF_KEY message.\n",
1665
printf("%s: parseable PF_KEY message.\n",
1669
if((pid_t)pfkey_msg->sadb_msg_pid == mypid) {
1671
printf("%s: saref=%d\n",
1673
(extensions[SADB_EXT_SA] != NULL)
1674
? ((struct sadb_sa*)(extensions[SADB_EXT_SA]))->sadb_x_sa_ref
1675
: IPSEC_SAREF_NULL);
1681
(void) close(pfkey_sock); /* close the socket */
1682
if(debug || listenreply) {
1683
printf("%s: exited normally\n", program_name);
1689
* $Log: algoinfo.c,v $
1690
* Revision 1.1 2004/04/29 04:13:02 mcr
1691
* diagnostic program for algorithm code.
1693
* Revision 1.105 2004/04/26 05:05:04 ken
1694
* Cast properly on 64bit platforms
1696
* Revision 1.104 2004/04/18 03:08:02 mcr
1697
* use common files from libopenswan.
1699
* Revision 1.103 2004/04/06 03:04:54 mcr
1700
* pullup of algo code from alg-branch.
1702
* Revision 1.102 2004/04/04 01:53:13 ken
1703
* Use openswan includes
1705
* Revision 1.101.4.2 2004/04/06 00:53:06 mcr
1706
* code adjusted to compile on branch
1708
* Revision 1.101.4.1 2003/12/22 15:25:53 jjo
1709
* Merged algo-0.8.1-rc11-test1 into alg-branch
1711
* Revision 1.101 2003/12/05 16:44:19 mcr
1712
* patches to avoid ipsec_netlink.h, which has been obsolete for
1715
* Revision 1.100 2003/09/10 00:01:38 mcr
1716
* fixes for gcc 3.3 from Matthias Bethke <Matthias.Bethke@gmx.net>
1718
* Revision 1.99 2003/06/07 16:42:10 dhr
1720
* adjust spi.c to conform to stronger type checking of GCC 3.3
1722
* Revision 1.98 2003/01/30 02:33:07 rgb
1724
* Added ENOSPC for no room in SAref table and ESPIPE for SAref internal error.
1726
* Revision 1.97 2002/12/13 18:16:08 mcr
1727
* restored sa_ref code
1729
* Revision 1.96 2002/12/13 18:05:19 mcr
1730
* temporarily removed sadb_x_sa_ref reference for 2.xx
1732
* Revision 1.95 2002/10/09 03:12:05 dhr
1734
* [kenb+dhr] 64-bit fixes
1736
* Revision 1.94 2002/09/26 15:46:34 dhr
1738
* C labels must be on statements.
1740
* Revision 1.93 2002/09/20 15:41:24 rgb
1741
* Added --saref option to print out saref returned by pfkey.
1742
* Fixed argcount bug introduced by --listenreply option.
1744
* Revision 1.92 2002/09/20 05:02:21 rgb
1745
* Updated copyright date.
1747
* Cleaned up pfkey_lib_debug usage.
1748
* Added program_name to beginning of all output for consistency.
1750
* Revision 1.91 2002/09/11 20:29:40 mcr
1751
* turn off automatic printing of reply unless --listenreply
1754
* Revision 1.90 2002/09/11 18:48:26 mcr
1755
* have spi program read from the pfkey socket until it sees
1756
* a message with its own PID, then exit.
1758
* Revision 1.89 2002/07/24 18:44:54 rgb
1759
* Type fiddling to tame ia64 compiler.
1761
* Revision 1.88 2002/07/23 02:58:58 rgb
1762
* Fixed "opening" speeling mistake.
1764
* Revision 1.87 2002/05/23 07:14:11 rgb
1765
* Cleaned up %p variants to 0p%p for test suite cleanup.
1767
* Revision 1.86 2002/04/24 07:55:32 mcr
1768
* #include patches and Makefiles for post-reorg compilation.
1770
* Revision 1.85 2002/04/24 07:35:40 mcr
1771
* Moved from ./klips/utils/spi.c,v
1773
* Revision 1.84 2002/03/08 21:44:04 rgb
1774
* Update for all GNU-compliant --version strings.
1776
* Revision 1.83 2002/02/20 00:01:53 rgb
1777
* Cleaned out unused code.
1779
* Revision 1.82 2001/11/09 02:16:37 rgb
1780
* Fixed bug that erroneously required explicit af parameter for --said.
1781
* Fixed missing SA message on delete.
1783
* Revision 1.81 2001/11/06 20:18:47 rgb
1784
* Added lifetime parameters.
1786
* Revision 1.80 2001/10/25 06:57:10 rgb
1787
* Added space as legal delimiter in lifetime parameter list.
1789
* Revision 1.79 2001/10/24 03:23:55 rgb
1790
* Moved lifetime option parsing to a seperate function and allowed for
1791
* comma-seperated lists of lifetime parameters.
1792
* Moved SATYPE registrations to a seperate function.
1794
* Revision 1.78 2001/10/22 19:49:35 rgb
1795
* Added lifetime parameter capabilities.
1797
* Revision 1.77 2001/10/02 17:17:17 rgb
1798
* Check error return for all "tto*" calls and report errors. This, in
1799
* conjuction with the fix to "tto*" will detect AF not set.
1801
* Revision 1.76 2001/09/08 21:13:35 rgb
1802
* Added pfkey ident extension support for ISAKMPd. (NetCelo)
1804
* Revision 1.75 2001/09/07 22:24:42 rgb
1805
* Added EAFNOSUPPORT socket open error code in case KLIPS is not loaded.
1807
* Revision 1.74 2001/06/14 19:35:14 rgb
1808
* Update copyright date.
1810
* Revision 1.73 2001/05/30 08:14:05 rgb
1811
* Removed vestiges of esp-null transforms.
1813
* Revision 1.72 2001/05/21 02:02:55 rgb
1814
* Eliminate 1-letter options.
1816
* Revision 1.71 2001/05/16 05:07:20 rgb
1817
* Fixed --label option in KLIPS manual utils to add the label to the
1818
* command name rather than replace it in error text.
1819
* Fix 'print table' non-option in KLIPS manual utils to deal with --label
1820
* and --debug options.
1822
* Revision 1.70 2000/11/06 04:36:57 rgb
1823
* Display conversion on replay_window failure.
1824
* Don't register SATYPEs for manual.
1826
* Revision 1.69 2000/09/28 00:37:20 rgb
1827
* Swapped order of pfkey_registration of IPCOMP and IPIP.
1829
* Revision 1.68 2000/09/17 18:56:48 rgb
1830
* Added IPCOMP support.
1832
* Revision 1.67 2000/09/12 22:36:45 rgb
1833
* Gerhard's IPv6 support.
1835
* Revision 1.66 2000/09/08 19:17:31 rgb
1836
* Removed all references to CONFIG_IPSEC_PFKEYv2.
1838
* Revision 1.65 2000/08/30 05:34:54 rgb
1841
* Revision 1.64 2000/08/27 01:50:51 rgb
1842
* Update copyright dates and fix replay window endian bug.
1844
* Revision 1.63 2000/08/18 21:19:27 rgb
1845
* Removed no longer used resolve_ip() code.
1847
* Revision 1.62 2000/08/01 14:51:53 rgb
1848
* Removed _all_ remaining traces of DES.
1850
* Revision 1.61 2000/07/26 20:48:42 rgb
1851
* Fixed typo that caused compile failure.
1853
* Revision 1.60 2000/07/26 03:41:46 rgb
1854
* Changed all printf's to fprintf's. Fixed tncfg's usage to stderr.
1856
* Revision 1.59 2000/06/21 16:51:27 rgb
1857
* Added no additional argument option to usage text.
1859
* Revision 1.58 2000/03/16 06:40:49 rgb
1860
* Hardcode PF_KEYv2 support.
1862
* Revision 1.57 2000/01/22 23:22:46 rgb
1863
* Use new function proto2satype().
1865
* Revision 1.56 2000/01/21 09:42:32 rgb
1866
* Replace resolve_ip() with atoaddr() from freeswanlib.
1868
* Revision 1.55 2000/01/21 06:24:57 rgb
1869
* Blasted any references in usage and code to deleted algos.
1870
* Removed DES usage.
1871
* Changed usage of memset on extensions to pfkey_extensions_init().