ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity
strongswan/src/libfreeswan/pfkey_v2_parse.c

1833 lines
55 KiB
C
Raw Blame History

/*
* RFC2367 PF_KEYv2 Key management API message parser
* Copyright (C) 1999, 2000, 2001 Richard Guy Briggs.
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
* RCSID $Id: pfkey_v2_parse.c,v 1.4 2004/06/13 20:35:07 as Exp $
*/
/*
* Template from klips/net/ipsec/ipsec/ipsec_parser.c.
*/
char pfkey_v2_parse_c_version[] = "$Id: pfkey_v2_parse.c,v 1.4 2004/06/13 20:35:07 as Exp $";
/*
* Some ugly stuff to allow consistent debugging code for use in the
* kernel and in user space
*/
#ifdef __KERNEL__
# include <linux/kernel.h> /* for printk */
#include "freeswan/ipsec_kversion.h" /* for malloc switch */
# ifdef MALLOC_SLAB
# include <linux/slab.h> /* kmalloc() */
# else /* MALLOC_SLAB */
# include <linux/malloc.h> /* kmalloc() */
# endif /* MALLOC_SLAB */
# include <linux/errno.h> /* error codes */
# include <linux/types.h> /* size_t */
# include <linux/interrupt.h> /* mark_bh */
# include <linux/netdevice.h> /* struct device, and other headers */
# include <linux/etherdevice.h> /* eth_type_trans */
# include <linux/ip.h> /* struct iphdr */
# if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
# include <linux/ipv6.h> /* struct ipv6hdr */
# endif /* if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) */
extern int debug_pfkey;
# include freeswan.h"
#include "ipsec_encap.h"
#else /* __KERNEL__ */
# include <sys/types.h>
# include <linux/types.h>
# include <linux/errno.h>
# include <freeswan.h>
# include <constants.h>
# include <defs.h> /* for PRINTF_LIKE */
# include <log.h> /* for debugging and DBG_log */
/* #define PLUTO */
# ifdef PLUTO
# define DEBUGGING(level, args...) { DBG_log("pfkey_lib_debug:" args); }
# else
# define DEBUGGING(level, args...) if(pfkey_lib_debug & level) { printf("pfkey_lib_debug:" args); } else { ; }
# endif
#endif /* __KERNEL__ */
#include <pfkeyv2.h>
#include <pfkey.h>
#ifdef __KERNEL__
extern int sysctl_ipsec_debug_verbose;
# define DEBUGGING(level, args...) \
KLIPS_PRINT( \
((debug_pfkey & level & (PF_KEY_DEBUG_PARSE_STRUCT | PF_KEY_DEBUG_PARSE_PROBLEM)) \
|| (sysctl_ipsec_debug_verbose && (debug_pfkey & level & PF_KEY_DEBUG_PARSE_FLOW))) \
, "klips_debug:" args)
#endif /* __KERNEL__ */
#include "ipsec_sa.h" /* IPSEC_SAREF_NULL, IPSEC_SA_REF_TABLE_IDX_WIDTH */
#define SENDERR(_x) do { error = -(_x); goto errlab; } while (0)
struct satype_tbl {
uint8_t proto;
uint8_t satype;
char* name;
} static satype_tbl[] = {
#ifdef __KERNEL__
{ IPPROTO_ESP, SADB_SATYPE_ESP, "ESP" },
{ IPPROTO_AH, SADB_SATYPE_AH, "AH" },
{ IPPROTO_IPIP, SADB_X_SATYPE_IPIP, "IPIP" },
#ifdef CONFIG_IPSEC_IPCOMP
{ IPPROTO_COMP, SADB_X_SATYPE_COMP, "COMP" },
#endif /* CONFIG_IPSEC_IPCOMP */
{ IPPROTO_INT, SADB_X_SATYPE_INT, "INT" },
#else /* __KERNEL__ */
{ SA_ESP, SADB_SATYPE_ESP, "ESP" },
{ SA_AH, SADB_SATYPE_AH, "AH" },
{ SA_IPIP, SADB_X_SATYPE_IPIP, "IPIP" },
{ SA_COMP, SADB_X_SATYPE_COMP, "COMP" },
{ SA_INT, SADB_X_SATYPE_INT, "INT" },
#endif /* __KERNEL__ */
{ 0, 0, "UNKNOWN" }
};
uint8_t
satype2proto(uint8_t satype)
{
int i =0;
while(satype_tbl[i].satype != satype && satype_tbl[i].satype != 0) {
i++;
}
return satype_tbl[i].proto;
}
uint8_t
proto2satype(uint8_t proto)
{
int i = 0;
while(satype_tbl[i].proto != proto && satype_tbl[i].proto != 0) {
i++;
}
return satype_tbl[i].satype;
}
char*
satype2name(uint8_t satype)
{
int i = 0;
while(satype_tbl[i].satype != satype && satype_tbl[i].satype != 0) {
i++;
}
return satype_tbl[i].name;
}
char*
proto2name(uint8_t proto)
{
int i = 0;
while(satype_tbl[i].proto != proto && satype_tbl[i].proto != 0) {
i++;
}
return satype_tbl[i].name;
}
/* Default extension parsers taken from the KLIPS code */
DEBUG_NO_STATIC int
pfkey_sa_parse(struct sadb_ext *pfkey_ext)
{
int error = 0;
struct sadb_sa *pfkey_sa = (struct sadb_sa *)pfkey_ext;
#if 0
struct sadb_sa sav2;
#endif
DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW,
"pfkey_sa_parse: entry\n");
/* sanity checks... */
if(!pfkey_sa) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_sa_parse: "
"NULL pointer passed in.\n");
SENDERR(EINVAL);
}
#if 0
/* check if this structure is short, and if so, fix it up.
* XXX this is NOT the way to do things.
*/
if(pfkey_sa->sadb_sa_len == sizeof(struct sadb_sa_v1)/IPSEC_PFKEYv2_ALIGN) {
/* yes, so clear out a temporary structure, and copy first */
memset(&sav2, 0, sizeof(sav2));
memcpy(&sav2, pfkey_sa, sizeof(struct sadb_sa_v1));
sav2.sadb_x_sa_ref=-1;
sav2.sadb_sa_len = sizeof(struct sadb_sa) / IPSEC_PFKEYv2_ALIGN;
pfkey_sa = &sav2;
}
#endif
if(pfkey_sa->sadb_sa_len != sizeof(struct sadb_sa) / IPSEC_PFKEYv2_ALIGN) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_sa_parse: "
"length wrong pfkey_sa->sadb_sa_len=%d sizeof(struct sadb_sa)=%d.\n",
pfkey_sa->sadb_sa_len,
(int)sizeof(struct sadb_sa));
SENDERR(EINVAL);
}
if(pfkey_sa->sadb_sa_encrypt > SADB_EALG_MAX) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_sa_parse: "
"pfkey_sa->sadb_sa_encrypt=%d > SADB_EALG_MAX=%d.\n",
pfkey_sa->sadb_sa_encrypt,
SADB_EALG_MAX);
SENDERR(EINVAL);
}
if(pfkey_sa->sadb_sa_auth > SADB_AALG_MAX) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_sa_parse: "
"pfkey_sa->sadb_sa_auth=%d > SADB_AALG_MAX=%d.\n",
pfkey_sa->sadb_sa_auth,
SADB_AALG_MAX);
SENDERR(EINVAL);
}
if(pfkey_sa->sadb_sa_state > SADB_SASTATE_MAX) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_sa_parse: "
"state=%d exceeds MAX=%d.\n",
pfkey_sa->sadb_sa_state,
SADB_SASTATE_MAX);
SENDERR(EINVAL);
}
if(pfkey_sa->sadb_sa_state == SADB_SASTATE_DEAD) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_sa_parse: "
"state=%d is DEAD=%d.\n",
pfkey_sa->sadb_sa_state,
SADB_SASTATE_DEAD);
SENDERR(EINVAL);
}
if(pfkey_sa->sadb_sa_replay > 64) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_sa_parse: "
"replay window size: %d -- must be 0 <= size <= 64\n",
pfkey_sa->sadb_sa_replay);
SENDERR(EINVAL);
}
if(! ((pfkey_sa->sadb_sa_exttype == SADB_EXT_SA) ||
(pfkey_sa->sadb_sa_exttype == SADB_X_EXT_SA2)))
{
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_sa_parse: "
"unknown exttype=%d, expecting SADB_EXT_SA=%d or SADB_X_EXT_SA2=%d.\n",
pfkey_sa->sadb_sa_exttype,
SADB_EXT_SA,
SADB_X_EXT_SA2);
SENDERR(EINVAL);
}
if((IPSEC_SAREF_NULL != pfkey_sa->sadb_x_sa_ref) && (pfkey_sa->sadb_x_sa_ref >= (1 << IPSEC_SA_REF_TABLE_IDX_WIDTH))) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_sa_parse: "
"SAref=%d must be (SAref == IPSEC_SAREF_NULL(%d) || SAref < IPSEC_SA_REF_TABLE_NUM_ENTRIES(%d)).\n",
pfkey_sa->sadb_x_sa_ref,
IPSEC_SAREF_NULL,
IPSEC_SA_REF_TABLE_NUM_ENTRIES);
SENDERR(EINVAL);
}
DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT,
"pfkey_sa_parse: "
"successfully found len=%d exttype=%d(%s) spi=%08lx replay=%d state=%d auth=%d encrypt=%d flags=%d ref=%d.\n",
pfkey_sa->sadb_sa_len,
pfkey_sa->sadb_sa_exttype,
pfkey_v2_sadb_ext_string(pfkey_sa->sadb_sa_exttype),
(long unsigned int)ntohl(pfkey_sa->sadb_sa_spi),
pfkey_sa->sadb_sa_replay,
pfkey_sa->sadb_sa_state,
pfkey_sa->sadb_sa_auth,
pfkey_sa->sadb_sa_encrypt,
pfkey_sa->sadb_sa_flags,
pfkey_sa->sadb_x_sa_ref);
errlab:
return error;
}
DEBUG_NO_STATIC int
pfkey_lifetime_parse(struct sadb_ext *pfkey_ext)
{
int error = 0;
struct sadb_lifetime *pfkey_lifetime = (struct sadb_lifetime *)pfkey_ext;
DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW,
"pfkey_lifetime_parse:enter\n");
/* sanity checks... */
if(!pfkey_lifetime) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_lifetime_parse: "
"NULL pointer passed in.\n");
SENDERR(EINVAL);
}
if(pfkey_lifetime->sadb_lifetime_len !=
sizeof(struct sadb_lifetime) / IPSEC_PFKEYv2_ALIGN) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_lifetime_parse: "
"length wrong pfkey_lifetime->sadb_lifetime_len=%d sizeof(struct sadb_lifetime)=%d.\n",
pfkey_lifetime->sadb_lifetime_len,
(int)sizeof(struct sadb_lifetime));
SENDERR(EINVAL);
}
if((pfkey_lifetime->sadb_lifetime_exttype != SADB_EXT_LIFETIME_HARD) &&
(pfkey_lifetime->sadb_lifetime_exttype != SADB_EXT_LIFETIME_SOFT) &&
(pfkey_lifetime->sadb_lifetime_exttype != SADB_EXT_LIFETIME_CURRENT)) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_lifetime_parse: "
"unexpected ext_type=%d.\n",
pfkey_lifetime->sadb_lifetime_exttype);
SENDERR(EINVAL);
}
DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT,
"pfkey_lifetime_parse: "
"life_type=%d(%s) alloc=%u bytes=%u add=%u use=%u pkts=%u.\n",
pfkey_lifetime->sadb_lifetime_exttype,
pfkey_v2_sadb_ext_string(pfkey_lifetime->sadb_lifetime_exttype),
pfkey_lifetime->sadb_lifetime_allocations,
(unsigned)pfkey_lifetime->sadb_lifetime_bytes,
(unsigned)pfkey_lifetime->sadb_lifetime_addtime,
(unsigned)pfkey_lifetime->sadb_lifetime_usetime,
pfkey_lifetime->sadb_x_lifetime_packets);
errlab:
return error;
}
DEBUG_NO_STATIC int
pfkey_address_parse(struct sadb_ext *pfkey_ext)
{
int error = 0;
int saddr_len = 0;
struct sadb_address *pfkey_address = (struct sadb_address *)pfkey_ext;
struct sockaddr* s = (struct sockaddr*)((char*)pfkey_address + sizeof(*pfkey_address));
char ipaddr_txt[ADDRTOT_BUF];
DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW,
"pfkey_address_parse:enter\n");
/* sanity checks... */
if(!pfkey_address) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_address_parse: "
"NULL pointer passed in.\n");
SENDERR(EINVAL);
}
if(pfkey_address->sadb_address_len <
(sizeof(struct sadb_address) + sizeof(struct sockaddr))/
IPSEC_PFKEYv2_ALIGN) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_address_parse: "
"size wrong 1 ext_len=%d, adr_ext_len=%d, saddr_len=%d.\n",
pfkey_address->sadb_address_len,
(int)sizeof(struct sadb_address),
(int)sizeof(struct sockaddr));
SENDERR(EINVAL);
}
if(pfkey_address->sadb_address_reserved) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_address_parse: "
"res=%d, must be zero.\n",
pfkey_address->sadb_address_reserved);
SENDERR(EINVAL);
}
switch(pfkey_address->sadb_address_exttype) {
case SADB_EXT_ADDRESS_SRC:
case SADB_EXT_ADDRESS_DST:
case SADB_EXT_ADDRESS_PROXY:
case SADB_X_EXT_ADDRESS_DST2:
case SADB_X_EXT_ADDRESS_SRC_FLOW:
case SADB_X_EXT_ADDRESS_DST_FLOW:
case SADB_X_EXT_ADDRESS_SRC_MASK:
case SADB_X_EXT_ADDRESS_DST_MASK:
#ifdef NAT_TRAVERSAL
case SADB_X_EXT_NAT_T_OA:
#endif
break;
default:
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_address_parse: "
"unexpected ext_type=%d.\n",
pfkey_address->sadb_address_exttype);
SENDERR(EINVAL);
}
switch(s->sa_family) {
case AF_INET:
saddr_len = sizeof(struct sockaddr_in);
sprintf(ipaddr_txt, "%d.%d.%d.%d"
, (((struct sockaddr_in*)s)->sin_addr.s_addr >> 0) & 0xFF
, (((struct sockaddr_in*)s)->sin_addr.s_addr >> 8) & 0xFF
, (((struct sockaddr_in*)s)->sin_addr.s_addr >> 16) & 0xFF
, (((struct sockaddr_in*)s)->sin_addr.s_addr >> 24) & 0xFF);
DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT,
"pfkey_address_parse: "
"found exttype=%u(%s) family=%d(AF_INET) address=%s proto=%u port=%u.\n",
pfkey_address->sadb_address_exttype,
pfkey_v2_sadb_ext_string(pfkey_address->sadb_address_exttype),
s->sa_family,
ipaddr_txt,
pfkey_address->sadb_address_proto,
ntohs(((struct sockaddr_in*)s)->sin_port));
break;
case AF_INET6:
saddr_len = sizeof(struct sockaddr_in6);
sprintf(ipaddr_txt, "%x:%x:%x:%x:%x:%x:%x:%x"
, ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr16[0])
, ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr16[1])
, ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr16[2])
, ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr16[3])
, ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr16[4])
, ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr16[5])
, ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr16[6])
, ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr16[7]));
DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT,
"pfkey_address_parse: "
"found exttype=%u(%s) family=%d(AF_INET6) address=%s proto=%u port=%u.\n",
pfkey_address->sadb_address_exttype,
pfkey_v2_sadb_ext_string(pfkey_address->sadb_address_exttype),
s->sa_family,
ipaddr_txt,
pfkey_address->sadb_address_proto,
((struct sockaddr_in6*)s)->sin6_port);
break;
default:
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_address_parse: "
"s->sa_family=%d not supported.\n",
s->sa_family);
SENDERR(EPFNOSUPPORT);
}
if(pfkey_address->sadb_address_len !=
DIVUP(sizeof(struct sadb_address) + saddr_len, IPSEC_PFKEYv2_ALIGN)) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_address_parse: "
"size wrong 2 ext_len=%d, adr_ext_len=%d, saddr_len=%d.\n",
pfkey_address->sadb_address_len,
(int)sizeof(struct sadb_address),
saddr_len);
SENDERR(EINVAL);
}
if(pfkey_address->sadb_address_prefixlen != 0) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_address_parse: "
"address prefixes not supported yet.\n");
SENDERR(EAFNOSUPPORT); /* not supported yet */
}
/* XXX check if port!=0 */
DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW,
"pfkey_address_parse: successful.\n");
errlab:
return error;
}
DEBUG_NO_STATIC int
pfkey_key_parse(struct sadb_ext *pfkey_ext)
{
int error = 0;
struct sadb_key *pfkey_key = (struct sadb_key *)pfkey_ext;
DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW,
"pfkey_key_parse:enter\n");
/* sanity checks... */
if(!pfkey_key) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_key_parse: "
"NULL pointer passed in.\n");
SENDERR(EINVAL);
}
if(pfkey_key->sadb_key_len < sizeof(struct sadb_key) / IPSEC_PFKEYv2_ALIGN) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_key_parse: "
"size wrong ext_len=%d, key_ext_len=%d.\n",
pfkey_key->sadb_key_len,
(int)sizeof(struct sadb_key));
SENDERR(EINVAL);
}
if(!pfkey_key->sadb_key_bits) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_key_parse: "
"key length set to zero, must be non-zero.\n");
SENDERR(EINVAL);
}
if(pfkey_key->sadb_key_len !=
DIVUP(sizeof(struct sadb_key) * OCTETBITS + pfkey_key->sadb_key_bits,
PFKEYBITS)) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_key_parse: "
"key length=%d does not agree with extension length=%d.\n",
pfkey_key->sadb_key_bits,
pfkey_key->sadb_key_len);
SENDERR(EINVAL);
}
if(pfkey_key->sadb_key_reserved) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_key_parse: "
"res=%d, must be zero.\n",
pfkey_key->sadb_key_reserved);
SENDERR(EINVAL);
}
if(! ( (pfkey_key->sadb_key_exttype == SADB_EXT_KEY_AUTH) ||
(pfkey_key->sadb_key_exttype == SADB_EXT_KEY_ENCRYPT))) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_key_parse: "
"expecting extension type AUTH or ENCRYPT, got %d.\n",
pfkey_key->sadb_key_exttype);
SENDERR(EINVAL);
}
DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT,
"pfkey_key_parse: "
"success, found len=%d exttype=%d(%s) bits=%d reserved=%d.\n",
pfkey_key->sadb_key_len,
pfkey_key->sadb_key_exttype,
pfkey_v2_sadb_ext_string(pfkey_key->sadb_key_exttype),
pfkey_key->sadb_key_bits,
pfkey_key->sadb_key_reserved);
errlab:
return error;
}
DEBUG_NO_STATIC int
pfkey_ident_parse(struct sadb_ext *pfkey_ext)
{
int error = 0;
struct sadb_ident *pfkey_ident = (struct sadb_ident *)pfkey_ext;
/* sanity checks... */
if(pfkey_ident->sadb_ident_len < sizeof(struct sadb_ident) / IPSEC_PFKEYv2_ALIGN) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_ident_parse: "
"size wrong ext_len=%d, key_ext_len=%d.\n",
pfkey_ident->sadb_ident_len,
(int)sizeof(struct sadb_ident));
SENDERR(EINVAL);
}
if(pfkey_ident->sadb_ident_type > SADB_IDENTTYPE_MAX) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_ident_parse: "
"ident_type=%d out of range, must be less than %d.\n",
pfkey_ident->sadb_ident_type,
SADB_IDENTTYPE_MAX);
SENDERR(EINVAL);
}
if(pfkey_ident->sadb_ident_reserved) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_ident_parse: "
"res=%d, must be zero.\n",
pfkey_ident->sadb_ident_reserved);
SENDERR(EINVAL);
}
/* string terminator/padding must be zero */
if(pfkey_ident->sadb_ident_len > sizeof(struct sadb_ident) / IPSEC_PFKEYv2_ALIGN) {
if(*((char*)pfkey_ident + pfkey_ident->sadb_ident_len * IPSEC_PFKEYv2_ALIGN - 1)) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_ident_parse: "
"string padding must be zero, last is 0x%02x.\n",
*((char*)pfkey_ident +
pfkey_ident->sadb_ident_len * IPSEC_PFKEYv2_ALIGN - 1));
SENDERR(EINVAL);
}
}
if( ! ((pfkey_ident->sadb_ident_exttype == SADB_EXT_IDENTITY_SRC) ||
(pfkey_ident->sadb_ident_exttype == SADB_EXT_IDENTITY_DST))) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_key_parse: "
"expecting extension type IDENTITY_SRC or IDENTITY_DST, got %d.\n",
pfkey_ident->sadb_ident_exttype);
SENDERR(EINVAL);
}
errlab:
return error;
}
DEBUG_NO_STATIC int
pfkey_sens_parse(struct sadb_ext *pfkey_ext)
{
int error = 0;
struct sadb_sens *pfkey_sens = (struct sadb_sens *)pfkey_ext;
/* sanity checks... */
if(pfkey_sens->sadb_sens_len < sizeof(struct sadb_sens) / IPSEC_PFKEYv2_ALIGN) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_sens_parse: "
"size wrong ext_len=%d, key_ext_len=%d.\n",
pfkey_sens->sadb_sens_len,
(int)sizeof(struct sadb_sens));
SENDERR(EINVAL);
}
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_sens_parse: "
"Sorry, I can't parse exttype=%d yet.\n",
pfkey_ext->sadb_ext_type);
#if 0
SENDERR(EINVAL); /* don't process these yet */
#endif
errlab:
return error;
}
DEBUG_NO_STATIC int
pfkey_prop_parse(struct sadb_ext *pfkey_ext)
{
int error = 0;
int i, num_comb;
struct sadb_prop *pfkey_prop = (struct sadb_prop *)pfkey_ext;
struct sadb_comb *pfkey_comb = (struct sadb_comb *)((char*)pfkey_ext + sizeof(struct sadb_prop));
/* sanity checks... */
if((pfkey_prop->sadb_prop_len < sizeof(struct sadb_prop) / IPSEC_PFKEYv2_ALIGN) ||
(((pfkey_prop->sadb_prop_len * IPSEC_PFKEYv2_ALIGN) - sizeof(struct sadb_prop)) % sizeof(struct sadb_comb))) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_prop_parse: "
"size wrong ext_len=%d, prop_ext_len=%d comb_ext_len=%d.\n",
pfkey_prop->sadb_prop_len,
(int)sizeof(struct sadb_prop),
(int)sizeof(struct sadb_comb));
SENDERR(EINVAL);
}
if(pfkey_prop->sadb_prop_replay > 64) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_prop_parse: "
"replay window size: %d -- must be 0 <= size <= 64\n",
pfkey_prop->sadb_prop_replay);
SENDERR(EINVAL);
}
for(i=0; i<3; i++) {
if(pfkey_prop->sadb_prop_reserved[i]) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_prop_parse: "
"res[%d]=%d, must be zero.\n",
i, pfkey_prop->sadb_prop_reserved[i]);
SENDERR(EINVAL);
}
}
num_comb = ((pfkey_prop->sadb_prop_len * IPSEC_PFKEYv2_ALIGN) - sizeof(struct sadb_prop)) / sizeof(struct sadb_comb);
for(i = 0; i < num_comb; i++) {
if(pfkey_comb->sadb_comb_auth > SADB_AALG_MAX) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_prop_parse: "
"pfkey_comb[%d]->sadb_comb_auth=%d > SADB_AALG_MAX=%d.\n",
i,
pfkey_comb->sadb_comb_auth,
SADB_AALG_MAX);
SENDERR(EINVAL);
}
if(pfkey_comb->sadb_comb_auth) {
if(!pfkey_comb->sadb_comb_auth_minbits) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_prop_parse: "
"pfkey_comb[%d]->sadb_comb_auth_minbits=0, fatal.\n",
i);
SENDERR(EINVAL);
}
if(!pfkey_comb->sadb_comb_auth_maxbits) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_prop_parse: "
"pfkey_comb[%d]->sadb_comb_auth_maxbits=0, fatal.\n",
i);
SENDERR(EINVAL);
}
if(pfkey_comb->sadb_comb_auth_minbits > pfkey_comb->sadb_comb_auth_maxbits) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_prop_parse: "
"pfkey_comb[%d]->sadb_comb_auth_minbits=%d > maxbits=%d, fatal.\n",
i,
pfkey_comb->sadb_comb_auth_minbits,
pfkey_comb->sadb_comb_auth_maxbits);
SENDERR(EINVAL);
}
} else {
if(pfkey_comb->sadb_comb_auth_minbits) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_prop_parse: "
"pfkey_comb[%d]->sadb_comb_auth_minbits=%d != 0, fatal.\n",
i,
pfkey_comb->sadb_comb_auth_minbits);
SENDERR(EINVAL);
}
if(pfkey_comb->sadb_comb_auth_maxbits) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_prop_parse: "
"pfkey_comb[%d]->sadb_comb_auth_maxbits=%d != 0, fatal.\n",
i,
pfkey_comb->sadb_comb_auth_maxbits);
SENDERR(EINVAL);
}
}
if(pfkey_comb->sadb_comb_encrypt > SADB_EALG_MAX) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_comb_parse: "
"pfkey_comb[%d]->sadb_comb_encrypt=%d > SADB_EALG_MAX=%d.\n",
i,
pfkey_comb->sadb_comb_encrypt,
SADB_EALG_MAX);
SENDERR(EINVAL);
}
if(pfkey_comb->sadb_comb_encrypt) {
if(!pfkey_comb->sadb_comb_encrypt_minbits) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_prop_parse: "
"pfkey_comb[%d]->sadb_comb_encrypt_minbits=0, fatal.\n",
i);
SENDERR(EINVAL);
}
if(!pfkey_comb->sadb_comb_encrypt_maxbits) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_prop_parse: "
"pfkey_comb[%d]->sadb_comb_encrypt_maxbits=0, fatal.\n",
i);
SENDERR(EINVAL);
}
if(pfkey_comb->sadb_comb_encrypt_minbits > pfkey_comb->sadb_comb_encrypt_maxbits) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_prop_parse: "
"pfkey_comb[%d]->sadb_comb_encrypt_minbits=%d > maxbits=%d, fatal.\n",
i,
pfkey_comb->sadb_comb_encrypt_minbits,
pfkey_comb->sadb_comb_encrypt_maxbits);
SENDERR(EINVAL);
}
} else {
if(pfkey_comb->sadb_comb_encrypt_minbits) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_prop_parse: "
"pfkey_comb[%d]->sadb_comb_encrypt_minbits=%d != 0, fatal.\n",
i,
pfkey_comb->sadb_comb_encrypt_minbits);
SENDERR(EINVAL);
}
if(pfkey_comb->sadb_comb_encrypt_maxbits) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_prop_parse: "
"pfkey_comb[%d]->sadb_comb_encrypt_maxbits=%d != 0, fatal.\n",
i,
pfkey_comb->sadb_comb_encrypt_maxbits);
SENDERR(EINVAL);
}
}
/* XXX do sanity check on flags */
if(pfkey_comb->sadb_comb_hard_allocations && pfkey_comb->sadb_comb_soft_allocations > pfkey_comb->sadb_comb_hard_allocations) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_prop_parse: "
"pfkey_comb[%d]->sadb_comb_soft_allocations=%d > hard_allocations=%d, fatal.\n",
i,
pfkey_comb->sadb_comb_soft_allocations,
pfkey_comb->sadb_comb_hard_allocations);
SENDERR(EINVAL);
}
if(pfkey_comb->sadb_comb_hard_bytes && pfkey_comb->sadb_comb_soft_bytes > pfkey_comb->sadb_comb_hard_bytes) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_prop_parse: "
"pfkey_comb[%d]->sadb_comb_soft_bytes=%Ld > hard_bytes=%Ld, fatal.\n",
i,
(unsigned long long int)pfkey_comb->sadb_comb_soft_bytes,
(unsigned long long int)pfkey_comb->sadb_comb_hard_bytes);
SENDERR(EINVAL);
}
if(pfkey_comb->sadb_comb_hard_addtime && pfkey_comb->sadb_comb_soft_addtime > pfkey_comb->sadb_comb_hard_addtime) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_prop_parse: "
"pfkey_comb[%d]->sadb_comb_soft_addtime=%Ld > hard_addtime=%Ld, fatal.\n",
i,
(unsigned long long int)pfkey_comb->sadb_comb_soft_addtime,
(unsigned long long int)pfkey_comb->sadb_comb_hard_addtime);
SENDERR(EINVAL);
}
if(pfkey_comb->sadb_comb_hard_usetime && pfkey_comb->sadb_comb_soft_usetime > pfkey_comb->sadb_comb_hard_usetime) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_prop_parse: "
"pfkey_comb[%d]->sadb_comb_soft_usetime=%Ld > hard_usetime=%Ld, fatal.\n",
i,
(unsigned long long int)pfkey_comb->sadb_comb_soft_usetime,
(unsigned long long int)pfkey_comb->sadb_comb_hard_usetime);
SENDERR(EINVAL);
}
if(pfkey_comb->sadb_x_comb_hard_packets && pfkey_comb->sadb_x_comb_soft_packets > pfkey_comb->sadb_x_comb_hard_packets) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_prop_parse: "
"pfkey_comb[%d]->sadb_x_comb_soft_packets=%d > hard_packets=%d, fatal.\n",
i,
pfkey_comb->sadb_x_comb_soft_packets,
pfkey_comb->sadb_x_comb_hard_packets);
SENDERR(EINVAL);
}
if(pfkey_comb->sadb_comb_reserved) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_prop_parse: "
"comb[%d].res=%d, must be zero.\n",
i,
pfkey_comb->sadb_comb_reserved);
SENDERR(EINVAL);
}
pfkey_comb++;
}
errlab:
return error;
}
DEBUG_NO_STATIC int
pfkey_supported_parse(struct sadb_ext *pfkey_ext)
{
int error = 0;
unsigned int i, num_alg;
struct sadb_supported *pfkey_supported = (struct sadb_supported *)pfkey_ext;
struct sadb_alg *pfkey_alg = (struct sadb_alg*)((char*)pfkey_ext + sizeof(struct sadb_supported));
/* sanity checks... */
if((pfkey_supported->sadb_supported_len <
sizeof(struct sadb_supported) / IPSEC_PFKEYv2_ALIGN) ||
(((pfkey_supported->sadb_supported_len * IPSEC_PFKEYv2_ALIGN) -
sizeof(struct sadb_supported)) % sizeof(struct sadb_alg))) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_supported_parse: "
"size wrong ext_len=%d, supported_ext_len=%d alg_ext_len=%d.\n",
pfkey_supported->sadb_supported_len,
(int)sizeof(struct sadb_supported),
(int)sizeof(struct sadb_alg));
SENDERR(EINVAL);
}
if(pfkey_supported->sadb_supported_reserved) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_supported_parse: "
"res=%d, must be zero.\n",
pfkey_supported->sadb_supported_reserved);
SENDERR(EINVAL);
}
num_alg = ((pfkey_supported->sadb_supported_len * IPSEC_PFKEYv2_ALIGN) - sizeof(struct sadb_supported)) / sizeof(struct sadb_alg);
for(i = 0; i < num_alg; i++) {
/* process algo description */
if(pfkey_alg->sadb_alg_reserved) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_supported_parse: "
"alg[%d], id=%d, ivlen=%d, minbits=%d, maxbits=%d, res=%d, must be zero.\n",
i,
pfkey_alg->sadb_alg_id,
pfkey_alg->sadb_alg_ivlen,
pfkey_alg->sadb_alg_minbits,
pfkey_alg->sadb_alg_maxbits,
pfkey_alg->sadb_alg_reserved);
SENDERR(EINVAL);
}
/* XXX can alg_id auth/enc be determined from info given?
Yes, but OpenBSD's method does not iteroperate with rfc2367.
rgb, 2000-04-06 */
switch(pfkey_supported->sadb_supported_exttype) {
case SADB_EXT_SUPPORTED_AUTH:
if(pfkey_alg->sadb_alg_id > SADB_AALG_MAX) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_supported_parse: "
"alg[%d], alg_id=%d > SADB_AALG_MAX=%d, fatal.\n",
i,
pfkey_alg->sadb_alg_id,
SADB_AALG_MAX);
SENDERR(EINVAL);
}
break;
case SADB_EXT_SUPPORTED_ENCRYPT:
if(pfkey_alg->sadb_alg_id > SADB_EALG_MAX) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_supported_parse: "
"alg[%d], alg_id=%d > SADB_EALG_MAX=%d, fatal.\n",
i,
pfkey_alg->sadb_alg_id,
SADB_EALG_MAX);
SENDERR(EINVAL);
}
break;
default:
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_supported_parse: "
"alg[%d], alg_id=%d > SADB_EALG_MAX=%d, fatal.\n",
i,
pfkey_alg->sadb_alg_id,
SADB_EALG_MAX);
SENDERR(EINVAL);
}
pfkey_alg++;
}
errlab:
return error;
}
DEBUG_NO_STATIC int
pfkey_spirange_parse(struct sadb_ext *pfkey_ext)
{
int error = 0;
struct sadb_spirange *pfkey_spirange = (struct sadb_spirange *)pfkey_ext;
/* sanity checks... */
if(pfkey_spirange->sadb_spirange_len !=
sizeof(struct sadb_spirange) / IPSEC_PFKEYv2_ALIGN) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_spirange_parse: "
"size wrong ext_len=%d, key_ext_len=%d.\n",
pfkey_spirange->sadb_spirange_len,
(int)sizeof(struct sadb_spirange));
SENDERR(EINVAL);
}
if(pfkey_spirange->sadb_spirange_reserved) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_spirange_parse: "
"reserved=%d must be set to zero.\n",
pfkey_spirange->sadb_spirange_reserved);
SENDERR(EINVAL);
}
if(ntohl(pfkey_spirange->sadb_spirange_max) < ntohl(pfkey_spirange->sadb_spirange_min)) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_spirange_parse: "
"minspi=%08x must be < maxspi=%08x.\n",
ntohl(pfkey_spirange->sadb_spirange_min),
ntohl(pfkey_spirange->sadb_spirange_max));
SENDERR(EINVAL);
}
if(ntohl(pfkey_spirange->sadb_spirange_min) <= 255) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_spirange_parse: "
"minspi=%08x must be > 255.\n",
ntohl(pfkey_spirange->sadb_spirange_min));
SENDERR(EEXIST);
}
DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT,
"pfkey_spirange_parse: "
"ext_len=%u ext_type=%u(%s) min=%u max=%u res=%u.\n",
pfkey_spirange->sadb_spirange_len,
pfkey_spirange->sadb_spirange_exttype,
pfkey_v2_sadb_ext_string(pfkey_spirange->sadb_spirange_exttype),
pfkey_spirange->sadb_spirange_min,
pfkey_spirange->sadb_spirange_max,
pfkey_spirange->sadb_spirange_reserved);
errlab:
return error;
}
DEBUG_NO_STATIC int
pfkey_x_kmprivate_parse(struct sadb_ext *pfkey_ext)
{
int error = 0;
struct sadb_x_kmprivate *pfkey_x_kmprivate = (struct sadb_x_kmprivate *)pfkey_ext;
/* sanity checks... */
if(pfkey_x_kmprivate->sadb_x_kmprivate_len <
sizeof(struct sadb_x_kmprivate) / IPSEC_PFKEYv2_ALIGN) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_x_kmprivate_parse: "
"size wrong ext_len=%d, key_ext_len=%d.\n",
pfkey_x_kmprivate->sadb_x_kmprivate_len,
(int)sizeof(struct sadb_x_kmprivate));
SENDERR(EINVAL);
}
if(pfkey_x_kmprivate->sadb_x_kmprivate_reserved) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_x_kmprivate_parse: "
"reserved=%d must be set to zero.\n",
pfkey_x_kmprivate->sadb_x_kmprivate_reserved);
SENDERR(EINVAL);
}
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_x_kmprivate_parse: "
"Sorry, I can't parse exttype=%d yet.\n",
pfkey_ext->sadb_ext_type);
SENDERR(EINVAL); /* don't process these yet */
errlab:
return error;
}
DEBUG_NO_STATIC int
pfkey_x_satype_parse(struct sadb_ext *pfkey_ext)
{
int error = 0;
int i;
struct sadb_x_satype *pfkey_x_satype = (struct sadb_x_satype *)pfkey_ext;
DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW,
"pfkey_x_satype_parse: enter\n");
/* sanity checks... */
if(pfkey_x_satype->sadb_x_satype_len !=
sizeof(struct sadb_x_satype) / IPSEC_PFKEYv2_ALIGN) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_x_satype_parse: "
"size wrong ext_len=%d, key_ext_len=%d.\n",
pfkey_x_satype->sadb_x_satype_len,
(int)sizeof(struct sadb_x_satype));
SENDERR(EINVAL);
}
if(!pfkey_x_satype->sadb_x_satype_satype) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_x_satype_parse: "
"satype is zero, must be non-zero.\n");
SENDERR(EINVAL);
}
if(pfkey_x_satype->sadb_x_satype_satype > SADB_SATYPE_MAX) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_x_satype_parse: "
"satype %d > max %d, invalid.\n",
pfkey_x_satype->sadb_x_satype_satype, SADB_SATYPE_MAX);
SENDERR(EINVAL);
}
if(!(satype2proto(pfkey_x_satype->sadb_x_satype_satype))) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_x_satype_parse: "
"proto lookup from satype=%d failed.\n",
pfkey_x_satype->sadb_x_satype_satype);
SENDERR(EINVAL);
}
for(i = 0; i < 3; i++) {
if(pfkey_x_satype->sadb_x_satype_reserved[i]) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_x_satype_parse: "
"reserved[%d]=%d must be set to zero.\n",
i, pfkey_x_satype->sadb_x_satype_reserved[i]);
SENDERR(EINVAL);
}
}
DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT,
"pfkey_x_satype_parse: "
"len=%u ext=%u(%s) satype=%u(%s) res=%u,%u,%u.\n",
pfkey_x_satype->sadb_x_satype_len,
pfkey_x_satype->sadb_x_satype_exttype,
pfkey_v2_sadb_ext_string(pfkey_x_satype->sadb_x_satype_exttype),
pfkey_x_satype->sadb_x_satype_satype,
satype2name(pfkey_x_satype->sadb_x_satype_satype),
pfkey_x_satype->sadb_x_satype_reserved[0],
pfkey_x_satype->sadb_x_satype_reserved[1],
pfkey_x_satype->sadb_x_satype_reserved[2]);
errlab:
return error;
}
DEBUG_NO_STATIC int
pfkey_x_ext_debug_parse(struct sadb_ext *pfkey_ext)
{
int error = 0;
int i;
struct sadb_x_debug *pfkey_x_debug = (struct sadb_x_debug *)pfkey_ext;
DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW,
"pfkey_x_debug_parse: enter\n");
/* sanity checks... */
if(pfkey_x_debug->sadb_x_debug_len !=
sizeof(struct sadb_x_debug) / IPSEC_PFKEYv2_ALIGN) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_x_debug_parse: "
"size wrong ext_len=%d, key_ext_len=%d.\n",
pfkey_x_debug->sadb_x_debug_len,
(int)sizeof(struct sadb_x_debug));
SENDERR(EINVAL);
}
for(i = 0; i < 4; i++) {
if(pfkey_x_debug->sadb_x_debug_reserved[i]) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_x_debug_parse: "
"reserved[%d]=%d must be set to zero.\n",
i, pfkey_x_debug->sadb_x_debug_reserved[i]);
SENDERR(EINVAL);
}
}
errlab:
return error;
}
DEBUG_NO_STATIC int
pfkey_x_ext_protocol_parse(struct sadb_ext *pfkey_ext)
{
int error = 0;
struct sadb_protocol *p = (struct sadb_protocol *)pfkey_ext;
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, "pfkey_x_protocol_parse:\n");
/* sanity checks... */
if (p->sadb_protocol_len != sizeof(*p)/IPSEC_PFKEYv2_ALIGN) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_x_protocol_parse: size wrong ext_len=%d, key_ext_len=%d.\n",
p->sadb_protocol_len, (int)sizeof(*p));
SENDERR(EINVAL);
}
if (p->sadb_protocol_reserved2 != 0) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_protocol_parse: res=%d, must be zero.\n",
p->sadb_protocol_reserved2);
SENDERR(EINVAL);
}
errlab:
return error;
}
#ifdef NAT_TRAVERSAL
DEBUG_NO_STATIC int
pfkey_x_ext_nat_t_type_parse(struct sadb_ext *pfkey_ext)
{
return 0;
}
DEBUG_NO_STATIC int
pfkey_x_ext_nat_t_port_parse(struct sadb_ext *pfkey_ext)
{
return 0;
}
#endif
#define DEFINEPARSER(NAME) static struct pf_key_ext_parsers_def NAME##_def={NAME, #NAME};
DEFINEPARSER(pfkey_sa_parse);
DEFINEPARSER(pfkey_lifetime_parse);
DEFINEPARSER(pfkey_address_parse);
DEFINEPARSER(pfkey_key_parse);
DEFINEPARSER(pfkey_ident_parse);
DEFINEPARSER(pfkey_sens_parse);
DEFINEPARSER(pfkey_prop_parse);
DEFINEPARSER(pfkey_supported_parse);
DEFINEPARSER(pfkey_spirange_parse);
DEFINEPARSER(pfkey_x_kmprivate_parse);
DEFINEPARSER(pfkey_x_satype_parse);
DEFINEPARSER(pfkey_x_ext_debug_parse);
DEFINEPARSER(pfkey_x_ext_protocol_parse);
#ifdef NAT_TRAVERSAL
DEFINEPARSER(pfkey_x_ext_nat_t_type_parse);
DEFINEPARSER(pfkey_x_ext_nat_t_port_parse);
#endif
struct pf_key_ext_parsers_def *ext_default_parsers[]=
{
NULL, /* pfkey_msg_parse, */
&pfkey_sa_parse_def,
&pfkey_lifetime_parse_def,
&pfkey_lifetime_parse_def,
&pfkey_lifetime_parse_def,
&pfkey_address_parse_def,
&pfkey_address_parse_def,
&pfkey_address_parse_def,
&pfkey_key_parse_def,
&pfkey_key_parse_def,
&pfkey_ident_parse_def,
&pfkey_ident_parse_def,
&pfkey_sens_parse_def,
&pfkey_prop_parse_def,
&pfkey_supported_parse_def,
&pfkey_supported_parse_def,
&pfkey_spirange_parse_def,
&pfkey_x_kmprivate_parse_def,
&pfkey_x_satype_parse_def,
&pfkey_sa_parse_def,
&pfkey_address_parse_def,
&pfkey_address_parse_def,
&pfkey_address_parse_def,
&pfkey_address_parse_def,
&pfkey_address_parse_def,
&pfkey_x_ext_debug_parse_def,
&pfkey_x_ext_protocol_parse_def
#ifdef NAT_TRAVERSAL
,
&pfkey_x_ext_nat_t_type_parse_def,
&pfkey_x_ext_nat_t_port_parse_def,
&pfkey_x_ext_nat_t_port_parse_def,
&pfkey_address_parse_def
#endif
};
int
pfkey_msg_parse(struct sadb_msg *pfkey_msg,
struct pf_key_ext_parsers_def *ext_parsers[],
struct sadb_ext *extensions[],
int dir)
{
int error = 0;
int remain;
struct sadb_ext *pfkey_ext;
int extensions_seen = 0;
DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT,
"pfkey_msg_parse: "
"parsing message ver=%d, type=%d(%s), errno=%d, satype=%d(%s), len=%d, res=%d, seq=%d, pid=%d.\n",
pfkey_msg->sadb_msg_version,
pfkey_msg->sadb_msg_type,
pfkey_v2_sadb_type_string(pfkey_msg->sadb_msg_type),
pfkey_msg->sadb_msg_errno,
pfkey_msg->sadb_msg_satype,
satype2name(pfkey_msg->sadb_msg_satype),
pfkey_msg->sadb_msg_len,
pfkey_msg->sadb_msg_reserved,
pfkey_msg->sadb_msg_seq,
pfkey_msg->sadb_msg_pid);
if(ext_parsers == NULL) ext_parsers = ext_default_parsers;
pfkey_extensions_init(extensions);
remain = pfkey_msg->sadb_msg_len;
remain -= sizeof(struct sadb_msg) / IPSEC_PFKEYv2_ALIGN;
pfkey_ext = (struct sadb_ext*)((char*)pfkey_msg +
sizeof(struct sadb_msg));
extensions[0] = (struct sadb_ext *) pfkey_msg;
if(pfkey_msg->sadb_msg_version != PF_KEY_V2) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_msg_parse: "
"not PF_KEY_V2 msg, found %d, should be %d.\n",
pfkey_msg->sadb_msg_version,
PF_KEY_V2);
SENDERR(EINVAL);
}
if(!pfkey_msg->sadb_msg_type) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_msg_parse: "
"msg type not set, must be non-zero..\n");
SENDERR(EINVAL);
}
if(pfkey_msg->sadb_msg_type > SADB_MAX) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_msg_parse: "
"msg type=%d > max=%d.\n",
pfkey_msg->sadb_msg_type,
SADB_MAX);
SENDERR(EINVAL);
}
switch(pfkey_msg->sadb_msg_type) {
case SADB_GETSPI:
case SADB_UPDATE:
case SADB_ADD:
case SADB_DELETE:
case SADB_GET:
case SADB_X_GRPSA:
case SADB_X_ADDFLOW:
if(!satype2proto(pfkey_msg->sadb_msg_satype)) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_msg_parse: "
"satype %d conversion to proto failed for msg_type %d (%s).\n",
pfkey_msg->sadb_msg_satype,
pfkey_msg->sadb_msg_type,
pfkey_v2_sadb_type_string(pfkey_msg->sadb_msg_type));
SENDERR(EINVAL);
} else {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_msg_parse: "
"satype %d(%s) conversion to proto gives %d for msg_type %d(%s).\n",
pfkey_msg->sadb_msg_satype,
satype2name(pfkey_msg->sadb_msg_satype),
satype2proto(pfkey_msg->sadb_msg_satype),
pfkey_msg->sadb_msg_type,
pfkey_v2_sadb_type_string(pfkey_msg->sadb_msg_type));
}
case SADB_ACQUIRE:
case SADB_REGISTER:
case SADB_EXPIRE:
if(!pfkey_msg->sadb_msg_satype) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_msg_parse: "
"satype is zero, must be non-zero for msg_type %d(%s).\n",
pfkey_msg->sadb_msg_type,
pfkey_v2_sadb_type_string(pfkey_msg->sadb_msg_type));
SENDERR(EINVAL);
}
default:
break;
}
/* errno must not be set in downward messages */
/* this is not entirely true... a response to an ACQUIRE could return an error */
if((dir == EXT_BITS_IN) && (pfkey_msg->sadb_msg_type != SADB_ACQUIRE) && pfkey_msg->sadb_msg_errno) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_msg_parse: "
"errno set to %d.\n",
pfkey_msg->sadb_msg_errno);
SENDERR(EINVAL);
}
DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW,
"pfkey_msg_parse: "
"remain=%d, ext_type=%d(%s), ext_len=%d.\n",
remain,
pfkey_ext->sadb_ext_type,
pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type),
pfkey_ext->sadb_ext_len);
DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW,
"pfkey_msg_parse: "
"extensions permitted=%08x, required=%08x.\n",
extensions_bitmaps[dir][EXT_BITS_PERM][pfkey_msg->sadb_msg_type],
extensions_bitmaps[dir][EXT_BITS_REQ][pfkey_msg->sadb_msg_type]);
extensions_seen = 1;
while( (remain * IPSEC_PFKEYv2_ALIGN) >= sizeof(struct sadb_ext) ) {
/* Is there enough message left to support another extension header? */
if(remain < pfkey_ext->sadb_ext_len) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_msg_parse: "
"remain %d less than ext len %d.\n",
remain, pfkey_ext->sadb_ext_len);
SENDERR(EINVAL);
}
DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW,
"pfkey_msg_parse: "
"parsing ext type=%d(%s) remain=%d.\n",
pfkey_ext->sadb_ext_type,
pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type),
remain);
/* Is the extension header type valid? */
if((pfkey_ext->sadb_ext_type > SADB_EXT_MAX) || (!pfkey_ext->sadb_ext_type)) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_msg_parse: "
"ext type %d(%s) invalid, SADB_EXT_MAX=%d.\n",
pfkey_ext->sadb_ext_type,
pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type),
SADB_EXT_MAX);
SENDERR(EINVAL);
}
/* Have we already seen this type of extension? */
if((extensions_seen & ( 1 << pfkey_ext->sadb_ext_type )) != 0)
{
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_msg_parse: "
"ext type %d(%s) already seen.\n",
pfkey_ext->sadb_ext_type,
pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type));
SENDERR(EINVAL);
}
/* Do I even know about this type of extension? */
if(ext_parsers[pfkey_ext->sadb_ext_type]==NULL) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_msg_parse: "
"ext type %d(%s) unknown, ignoring.\n",
pfkey_ext->sadb_ext_type,
pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type));
goto next_ext;
}
/* Is this type of extension permitted for this type of message? */
if(!(extensions_bitmaps[dir][EXT_BITS_PERM][pfkey_msg->sadb_msg_type] &
1<<pfkey_ext->sadb_ext_type)) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_msg_parse: "
"ext type %d(%s) not permitted, exts_perm_in=%08x, 1<<type=%08x\n",
pfkey_ext->sadb_ext_type,
pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type),
extensions_bitmaps[dir][EXT_BITS_PERM][pfkey_msg->sadb_msg_type],
1<<pfkey_ext->sadb_ext_type);
SENDERR(EINVAL);
}
DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT,
"pfkey_msg_parse: "
"remain=%d ext_type=%d(%s) ext_len=%d parsing ext 0p%p with parser %s.\n",
remain,
pfkey_ext->sadb_ext_type,
pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type),
pfkey_ext->sadb_ext_len,
pfkey_ext,
ext_parsers[pfkey_ext->sadb_ext_type]->parser_name);
/* Parse the extension */
if((error =
(*ext_parsers[pfkey_ext->sadb_ext_type]->parser)(pfkey_ext))) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_msg_parse: "
"extension parsing for type %d(%s) failed with error %d.\n",
pfkey_ext->sadb_ext_type,
pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type),
error);
SENDERR(-error);
}
DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW,
"pfkey_msg_parse: "
"Extension %d(%s) parsed.\n",
pfkey_ext->sadb_ext_type,
pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type));
/* Mark that we have seen this extension and remember the header location */
extensions_seen |= ( 1 << pfkey_ext->sadb_ext_type );
extensions[pfkey_ext->sadb_ext_type] = pfkey_ext;
next_ext:
/* Calculate how much message remains */
remain -= pfkey_ext->sadb_ext_len;
if(!remain) {
break;
}
/* Find the next extension header */
pfkey_ext = (struct sadb_ext*)((char*)pfkey_ext +
pfkey_ext->sadb_ext_len * IPSEC_PFKEYv2_ALIGN);
}
if(remain) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_msg_parse: "
"unexpected remainder of %d.\n",
remain);
/* why is there still something remaining? */
SENDERR(EINVAL);
}
/* check required extensions */
DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT,
"pfkey_msg_parse: "
"extensions permitted=%08x, seen=%08x, required=%08x.\n",
extensions_bitmaps[dir][EXT_BITS_PERM][pfkey_msg->sadb_msg_type],
extensions_seen,
extensions_bitmaps[dir][EXT_BITS_REQ][pfkey_msg->sadb_msg_type]);
/* don't check further if it is an error return message since it
may not have a body */
if(pfkey_msg->sadb_msg_errno) {
SENDERR(-error);
}
if((extensions_seen &
extensions_bitmaps[dir][EXT_BITS_REQ][pfkey_msg->sadb_msg_type]) !=
extensions_bitmaps[dir][EXT_BITS_REQ][pfkey_msg->sadb_msg_type]) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_msg_parse: "
"required extensions missing:%08x.\n",
extensions_bitmaps[dir][EXT_BITS_REQ][pfkey_msg->sadb_msg_type] -
(extensions_seen &
extensions_bitmaps[dir][EXT_BITS_REQ][pfkey_msg->sadb_msg_type]));
SENDERR(EINVAL);
}
if((dir == EXT_BITS_IN) && (pfkey_msg->sadb_msg_type == SADB_X_DELFLOW)
&& ((extensions_seen & SADB_X_EXT_ADDRESS_DELFLOW)
!= SADB_X_EXT_ADDRESS_DELFLOW)
&& (((extensions_seen & (1<<SADB_EXT_SA)) != (1<<SADB_EXT_SA))
|| ((((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_flags
& SADB_X_SAFLAGS_CLEARFLOW)
!= SADB_X_SAFLAGS_CLEARFLOW))) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_msg_parse: "
"required SADB_X_DELFLOW extensions missing: either %08x must be present or %08x must be present with SADB_X_SAFLAGS_CLEARFLOW set.\n",
SADB_X_EXT_ADDRESS_DELFLOW
- (extensions_seen & SADB_X_EXT_ADDRESS_DELFLOW),
(1<<SADB_EXT_SA) - (extensions_seen & (1<<SADB_EXT_SA)));
SENDERR(EINVAL);
}
switch(pfkey_msg->sadb_msg_type) {
case SADB_ADD:
case SADB_UPDATE:
/* check maturity */
if(((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_state !=
SADB_SASTATE_MATURE) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_msg_parse: "
"state=%d for add or update should be MATURE=%d.\n",
((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_state,
SADB_SASTATE_MATURE);
SENDERR(EINVAL);
}
/* check AH and ESP */
switch(((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_satype) {
case SADB_SATYPE_AH:
if(!(((struct sadb_sa*)extensions[SADB_EXT_SA]) &&
((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_auth !=
SADB_AALG_NONE)) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_msg_parse: "
"auth alg is zero, must be non-zero for AH SAs.\n");
SENDERR(EINVAL);
}
if(((struct sadb_sa*)(extensions[SADB_EXT_SA]))->sadb_sa_encrypt !=
SADB_EALG_NONE) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_msg_parse: "
"AH handed encalg=%d, must be zero.\n",
((struct sadb_sa*)(extensions[SADB_EXT_SA]))->sadb_sa_encrypt);
SENDERR(EINVAL);
}
break;
case SADB_SATYPE_ESP:
if(!(((struct sadb_sa*)extensions[SADB_EXT_SA]) &&
((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_encrypt !=
SADB_EALG_NONE)) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_msg_parse: "
"encrypt alg=%d is zero, must be non-zero for ESP=%d SAs.\n",
((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_encrypt,
((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_satype);
SENDERR(EINVAL);
}
if((((struct sadb_sa*)(extensions[SADB_EXT_SA]))->sadb_sa_encrypt ==
SADB_EALG_NULL) &&
(((struct sadb_sa*)(extensions[SADB_EXT_SA]))->sadb_sa_auth ==
SADB_AALG_NONE) ) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_msg_parse: "
"ESP handed encNULL+authNONE, illegal combination.\n");
SENDERR(EINVAL);
}
break;
case SADB_X_SATYPE_COMP:
if(!(((struct sadb_sa*)extensions[SADB_EXT_SA]) &&
((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_encrypt !=
SADB_EALG_NONE)) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_msg_parse: "
"encrypt alg=%d is zero, must be non-zero for COMP=%d SAs.\n",
((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_encrypt,
((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_satype);
SENDERR(EINVAL);
}
if(((struct sadb_sa*)(extensions[SADB_EXT_SA]))->sadb_sa_auth !=
SADB_AALG_NONE) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_msg_parse: "
"COMP handed auth=%d, must be zero.\n",
((struct sadb_sa*)(extensions[SADB_EXT_SA]))->sadb_sa_auth);
SENDERR(EINVAL);
}
break;
default:
break;
}
if(ntohl(((struct sadb_sa*)(extensions[SADB_EXT_SA]))->sadb_sa_spi) <= 255) {
DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
"pfkey_msg_parse: "
"spi=%08x must be > 255.\n",
ntohl(((struct sadb_sa*)(extensions[SADB_EXT_SA]))->sadb_sa_spi));
SENDERR(EINVAL);
}
default:
break;
}
errlab:
return error;
}
/*
* $Log: pfkey_v2_parse.c,v $
* Revision 1.4 2004/06/13 20:35:07 as
* removed references to ipsec_netlink.h
*
* Revision 1.3 2004/03/30 10:00:17 as
* 64 bit issues
*
* Revision 1.2 2004/03/22 21:53:18 as
* merged alg-0.8.1 branch with HEAD
*
* Revision 1.1.2.1 2004/03/15 22:30:06 as
* nat-0.6c patch merged
*
* Revision 1.1 2004/03/15 20:35:26 as
* added files from freeswan-2.04-x509-1.5.3
*
* Revision 1.53 2003/01/30 02:32:09 rgb
*
* Rename SAref table macro names for clarity.
* Convert IPsecSAref_t from signed to unsigned to fix apparent SAref exhaustion bug.
*
* Revision 1.52 2002/12/30 06:53:07 mcr
* deal with short SA structures... #if 0 out for now. Probably
* not quite the right way.
*
* Revision 1.51 2002/12/13 18:16:02 mcr
* restored sa_ref code
*
* Revision 1.50 2002/12/13 18:06:52 mcr
* temporarily removed sadb_x_sa_ref reference for 2.xx
*
* Revision 1.49 2002/10/05 05:02:58 dhr
*
* C labels go on statements
*
* Revision 1.48 2002/09/20 15:40:45 rgb
* Added sadb_x_sa_ref to struct sadb_sa.
*
* Revision 1.47 2002/09/20 05:01:31 rgb
* Fixed usage of pfkey_lib_debug.
* Format for function declaration style consistency.
* Added text labels to elucidate numeric values presented.
* Re-organised debug output to reduce noise in output.
*
* Revision 1.46 2002/07/24 18:44:54 rgb
* Type fiddling to tame ia64 compiler.
*
* Revision 1.45 2002/05/23 07:14:11 rgb
* Cleaned up %p variants to 0p%p for test suite cleanup.
*
* Revision 1.44 2002/04/24 07:55:32 mcr
* #include patches and Makefiles for post-reorg compilation.
*
* Revision 1.43 2002/04/24 07:36:40 mcr
* Moved from ./lib/pfkey_v2_parse.c,v
*
* Revision 1.42 2002/01/29 22:25:36 rgb
* Re-add ipsec_kversion.h to keep MALLOC happy.
*
* Revision 1.41 2002/01/29 01:59:10 mcr
* removal of kversions.h - sources that needed it now use ipsec_param.h.
* updating of IPv6 structures to match latest in6.h version.
* removed dead code from freeswan.h that also duplicated kversions.h
* code.
*
* Revision 1.40 2002/01/20 20:34:50 mcr
* added pfkey_v2_sadb_type_string to decode sadb_type to string.
*
* Revision 1.39 2001/11/27 05:29:22 mcr
* pfkey parses are now maintained by a structure
* that includes their name for debug purposes.
* DEBUGGING() macro changed so that it takes a debug
* level so that pf_key() can use this to decode the
* structures without innundanting humans.
* Also uses pfkey_v2_sadb_ext_string() in messages.
*
* Revision 1.38 2001/11/06 19:47:47 rgb
* Added packet parameter to lifetime and comb structures.
*
* Revision 1.37 2001/10/18 04:45:24 rgb
* 2.4.9 kernel deprecates linux/malloc.h in favour of linux/slab.h,
* lib/freeswan.h version macros moved to lib/kversions.h.
* Other compiler directive cleanups.
*
* Revision 1.36 2001/06/14 19:35:16 rgb
* Update copyright date.
*
* Revision 1.35 2001/05/03 19:44:51 rgb
* Standardise on SENDERR() macro.
*
* Revision 1.34 2001/03/16 07:41:51 rgb
* Put freeswan.h include before pluto includes.
*
* Revision 1.33 2001/02/27 07:13:51 rgb
* Added satype2name() function.
* Added text to default satype_tbl entry.
* Added satype2name() conversions for most satype debug output.
*
* Revision 1.32 2001/02/26 20:01:09 rgb
* Added internal IP protocol 61 for magic SAs.
* Ditch unused sadb_satype2proto[], replaced by satype2proto().
* Re-formatted debug output (split lines, consistent spacing).
* Removed acquire, register and expire requirements for a known satype.
* Changed message type checking to a switch structure.
* Verify expected NULL auth for IPCOMP.
* Enforced spi > 0x100 requirement, now that pass uses a magic SA for
* appropriate message types.
*
* Revision 1.31 2000/12/01 07:09:00 rgb
* Added ipcomp sanity check to require encalgo is set.
*
* Revision 1.30 2000/11/17 18:10:30 rgb
* Fixed bugs mostly relating to spirange, to treat all spi variables as
* network byte order since this is the way PF_KEYv2 stored spis.
*
* Revision 1.29 2000/10/12 00:02:39 rgb
* Removed 'format, ##' nonsense from debug macros for RH7.0.
*
* Revision 1.28 2000/09/20 16:23:04 rgb
* Remove over-paranoid extension check in the presence of sadb_msg_errno.
*
* Revision 1.27 2000/09/20 04:04:21 rgb
* Changed static functions to DEBUG_NO_STATIC to reveal function names in
* oopsen.
*
* Revision 1.26 2000/09/15 11:37:02 rgb
* Merge in heavily modified Svenning Soerensen's <svenning@post5.tele.dk>
* IPCOMP zlib deflate code.
*
* Revision 1.25 2000/09/12 22:35:37 rgb
* Restructured to remove unused extensions from CLEARFLOW messages.
*
* Revision 1.24 2000/09/12 18:59:54 rgb
* Added Gerhard's IPv6 support to pfkey parts of libfreeswan.
*
* Revision 1.23 2000/09/12 03:27:00 rgb
* Moved DEBUGGING definition to compile kernel with debug off.
*
* Revision 1.22 2000/09/09 06:39:27 rgb
* Restrict pfkey errno check to downward messages only.
*
* Revision 1.21 2000/09/08 19:22:34 rgb
* Enabled pfkey_sens_parse().
* Added check for errno on downward acquire messages only.
*
* Revision 1.20 2000/09/01 18:48:23 rgb
* Fixed reserved check bug and added debug output in
* pfkey_supported_parse().
* Fixed debug output label bug in pfkey_ident_parse().
*
* Revision 1.19 2000/08/27 01:55:26 rgb
* Define OCTETBITS and PFKEYBITS to avoid using 'magic' numbers in code.
*
* Revision 1.18 2000/08/24 17:00:36 rgb
* Ignore unknown extensions instead of failing.
*
* Revision 1.17 2000/06/02 22:54:14 rgb
* Added Gerhard Gessler's struct sockaddr_storage mods for IPv6 support.
*
* Revision 1.16 2000/05/10 19:25:11 rgb
* Fleshed out proposal and supported extensions.
*
* Revision 1.15 2000/01/24 21:15:31 rgb
* Added disabled pluto pfkey lib debug flag.
* Added algo debugging reporting.
*
* Revision 1.14 2000/01/22 23:24:29 rgb
* Added new functions proto2satype() and satype2proto() and lookup
* table satype_tbl. Also added proto2name() since it was easy.
*
* Revision 1.13 2000/01/21 09:43:59 rgb
* Cast ntohl(spi) as (unsigned long int) to shut up compiler.
*
* Revision 1.12 2000/01/21 06:28:19 rgb
* Added address cases for eroute flows.
* Indented compiler directives for readability.
* Added klipsdebug switching capability.
*
* Revision 1.11 1999/12/29 21:14:59 rgb
* Fixed debug text cut and paste typo.
*
* Revision 1.10 1999/12/10 17:45:24 rgb
* Added address debugging.
*
* Revision 1.9 1999/12/09 23:11:42 rgb
* Ditched <string.h> include since we no longer use memset().
* Use new pfkey_extensions_init() instead of memset().
* Added check for SATYPE in pfkey_msg_build().
* Tidy up comments and debugging comments.
*
* Revision 1.8 1999/12/07 19:55:26 rgb
* Removed unused first argument from extension parsers.
* Removed static pluto debug flag.
* Moved message type and state checking to pfkey_msg_parse().
* Changed print[fk] type from lx to x to quiet compiler.
* Removed redundant remain check.
* Changed __u* types to uint* to avoid use of asm/types.h and
* sys/types.h in userspace code.
*
* Revision 1.7 1999/12/01 22:20:51 rgb
* Moved pfkey_lib_debug variable into the library.
* Added pfkey version check into header parsing.
* Added check for SATYPE only for those extensions that require a
* non-zero value.
*
* Revision 1.6 1999/11/27 11:58:05 rgb
* Added ipv6 headers.
* Moved sadb_satype2proto protocol lookup table from
* klips/net/ipsec/pfkey_v2_parser.c.
* Enable lifetime_current checking.
* Debugging error messages added.
* Add argument to pfkey_msg_parse() for direction.
* Consolidated the 4 1-d extension bitmap arrays into one 4-d array.
* Add CVS log entry to bottom of file.
* Moved auth and enc alg check to pfkey_msg_parse().
* Enable accidentally disabled spirange parsing.
* Moved protocol/algorithm checks from klips/net/ipsec/pfkey_v2_parser.c
*
* Local variables:
* c-file-style: "linux"
* End:
*
*/
View Git Blame Copy Permalink