[apple/ipsec.git] / ipsec-tools / racoon / sainfo.c

/*	$KAME: sainfo.c,v 1.16 2003/06/27 07:32:39 sakane Exp $	*/

/*
 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
 * All rights reserved.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. Neither the name of the project nor the names of its contributors
 *    may be used to endorse or promote products derived from this software
 *    without specific prior written permission.
 * 
 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 */

#include "config.h"

#include <sys/param.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/queue.h>

#include <netinet/in.h>
#include <netinet/in.h> 
#ifdef HAVE_NETINET6_IPSEC
#  include <netinet6/ipsec.h>
#else 
#  include <netinet/ipsec.h>
#endif

#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <errno.h>

#include "var.h"
#include "misc.h"
#include "vmbuf.h"
#include "plog.h"
#include "sockmisc.h"
#include "debug.h"

#include "localconf.h"
#include "isakmp_var.h"
#include "isakmp.h"
#include "ipsec_doi.h"
#include "oakley.h"
#include "handler.h"
#include "algorithm.h"
#include "sainfo.h"
#include "gcmalloc.h"

static LIST_HEAD(_sitree, sainfo) sitree;

/* %%%
 * modules for ipsec sa info
 */
/*
 * return matching entry.
 * no matching entry found and if there is anonymous entry, return it.
 * else return NULL.
 * XXX by each data type, should be changed to compare the buffer.
 * First pass is for sainfo from a specified peer, second for others.
 */
struct sainfo *
getsainfo(const vchar_t *src, const vchar_t *dst, const vchar_t *peer, int use_nat_addr)
{
	struct sainfo *s = NULL;
	struct sainfo *anonymous = NULL;
	int pass = 1;
	
	if (use_nat_addr && lcconf->ext_nat_id == NULL)
		return NULL;

	if (peer == NULL)
		pass = 2;
    again:
	LIST_FOREACH(s, &sitree, chain) {
		if (s->id_i != NULL) {
			if (pass == 2)
				continue;
			if (memcmp(peer->v, s->id_i->v, s->id_i->l) != 0)
				continue;
		} else if (pass == 1)
			continue;
		if (s->idsrc == NULL) {
			anonymous = s;
			continue;
		}

		/* anonymous ? */
		if (src == NULL) {
			if (anonymous != NULL)
				break;
			continue;
		}

        // TODO: handle wildcard port numbers in the id		
		if ((src->l == s->idsrc->l) && memcmp(src->v, s->idsrc->v, s->idsrc->l) == 0) {
			if (use_nat_addr) {
				if (memcmp(lcconf->ext_nat_id->v, s->iddst->v, s->iddst->l) == 0) {
					plogdump(ASL_LEVEL_DEBUG, lcconf->ext_nat_id->v, lcconf->ext_nat_id->l, "matched external nat address.\n");
					return s;
				}
			} else if ((dst->l == s->iddst->l) && memcmp(dst->v, s->iddst->v, s->iddst->l) == 0) {
				return s;
			}
		}
	}

	if (anonymous) {
		plog(ASL_LEVEL_DEBUG, 
			"anonymous sainfo selected.\n");
	} else if (pass == 1) {
		pass = 2;
		goto again;
	}

	return anonymous;
}

/*
 * return matching entry.
 * no matching entry found and if there is anonymous entry, return it.
 * else return NULL.
 * XXX by each data type, should be changed to compare the buffer.
 */
struct sainfo *
getsainfo_by_dst_id(const vchar_t *dst, const vchar_t *peer)
{
	struct sainfo *s = NULL;
	struct sainfo *anonymous = NULL;

	plog(ASL_LEVEL_DEBUG, "getsainfo_by_dst_id - dst id:\n");
	if (dst != NULL)
		plogdump(ASL_LEVEL_DEBUG, dst->v, dst->l, "getsainfo_by_dst_id - dst id:\n");
	else
		return NULL;

	LIST_FOREACH(s, &sitree, chain) {
		if (s->idsrc != NULL) {
			plogdump(ASL_LEVEL_DEBUG, s->idsrc->v, s->idsrc->l, "getsainfo_by_dst_id - sainfo id - src:\n");
			plogdump(ASL_LEVEL_DEBUG, s->iddst->v, s->iddst->l, "getsainfo_by_dst_id - sainfo id - dst:\n");
		} else {
			plog(ASL_LEVEL_DEBUG, "getsainfo_by_dst_id - sainfo id = anonymous\n");
		}
		if (s->id_i != NULL) {
			plogdump(ASL_LEVEL_DEBUG, s->id_i->v, s->id_i->l, "getsainfo_by_dst_id - sainfo id_i:\n");
			if (peer == NULL)
				continue;
			if (memcmp(peer->v, s->id_i->v, s->id_i->l) != 0)
				continue;
		}
		if (s->idsrc == NULL) {
			anonymous = s;
			continue;
		}

		if (memcmp(dst->v, s->iddst->v, s->iddst->l) == 0)
			return s;
	}

	if (anonymous) {
		plog(ASL_LEVEL_DEBUG, 
			 "anonymous sainfo selected.\n");
	}
	
	return anonymous;
}


struct sainfo *
create_sainfo()
{
	struct sainfo *new;

	new = racoon_calloc(1, sizeof(*new));
	if (new == NULL)
		return NULL;

	new->lifetime = IPSECDOI_ATTR_SA_LD_SEC_DEFAULT;
	new->lifebyte = IPSECDOI_ATTR_SA_LD_KB_MAX;
	new->refcount = 1;
    new->in_list = 0;

	return new;
}


void
delsainfo(struct sainfo *si)
{
	int i;
	
	for (i = 0; i < MAXALGCLASS; i++)
		delsainfoalg(si->algs[i]);

	if (si->idsrc)
		vfree(si->idsrc);
	if (si->iddst)
		vfree(si->iddst);

#ifdef ENABLE_HYBRID
	if (si->group)
		vfree(si->group);
#endif

	racoon_free(si);
}

void
inssainfo(struct sainfo *new)
{
	LIST_INSERT_HEAD(&sitree, new, chain);
    new->in_list = 1;
}

void
remsainfo(struct sainfo *si)
{
    if (si->in_list) {
        LIST_REMOVE(si, chain);
        si->in_list = 0;
    }
}

// remove sainfos from linked list
// if not used - delete it
void
flushsainfo()
{
	struct sainfo *s, *next;

	LIST_FOREACH_SAFE(s, &sitree, chain, next) {
		if (s->dynamic == 0) {
            remsainfo(s);
            if (--(s->refcount) <= 0)
                delsainfo(s);
		}
	}
}

// remove sainfos from linked list
// if not used - delete it
void
flushsainfo_dynamic(u_int32_t addr)
{
	struct sainfo *s, *next;

	LIST_FOREACH_SAFE(s, &sitree, chain, next) {
		if (s->dynamic == addr) {
            remsainfo(s);
            if (--(s->refcount) <= 0)
                delsainfo(s);
		}
	}
}

void
retain_sainfo(struct sainfo *si)
{
	(si->refcount)++;
}

void
release_sainfo(struct sainfo *si)
{
	if (--(si->refcount) <= 0) {
        remsainfo(si);
        delsainfo(si);
    }
}

void
initsainfo()
{
	LIST_INIT(&sitree);
}

struct sainfoalg *
newsainfoalg()
{
	struct sainfoalg *new;

	new = racoon_calloc(1, sizeof(*new));
	if (new == NULL)
		return NULL;

	return new;
}

void
delsainfoalg(struct sainfoalg *alg)
{
	struct sainfoalg *a, *next;

	for (a = alg; a; a = next) {
		next = a->next;
		racoon_free(a);
	}
}

void
inssainfoalg(struct sainfoalg **head, struct sainfoalg *new)
{
	struct sainfoalg *a;

	for (a = *head; a && a->next; a = a->next)
		;
	if (a)
		a->next = new;
	else
		*head = new;
}


const char *
sainfo2str(const struct sainfo *si)
{
	char *idsrc_str;
	char *iddst_str;
	char *idi_str;
	static char buf[256];

	if (si->idsrc == NULL)
		snprintf(buf, sizeof(buf), "anonymous");
	else {
		idsrc_str = ipsecdoi_id2str(si->idsrc);
		if (idsrc_str) {
			snprintf(buf, sizeof(buf), "%s", idsrc_str);
			racoon_free(idsrc_str);
		}
		if (si->iddst == NULL) {
			snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), " anonymous");
		} else {
			iddst_str = ipsecdoi_id2str(si->iddst);
			if (iddst_str) {
				snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf),
					" %s", iddst_str);
				racoon_free(iddst_str);
			}
		}
	}

	if (si->id_i != NULL) {
		idi_str = ipsecdoi_id2str(si->id_i);
		if (idi_str) {
			snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf),
				" from %s", idi_str);
			racoon_free(idi_str);
		}
	}

	return buf;
}
Commit	Line	Data
52b7d2ce A	1	/* $KAME: sainfo.c,v 1.16 2003/06/27 07:32:39 sakane Exp $ */
	2
	3	/*
	4	* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
	5	* All rights reserved.
	6	*
	7	* Redistribution and use in source and binary forms, with or without
	8	* modification, are permitted provided that the following conditions
	9	* are met:
	10	* 1. Redistributions of source code must retain the above copyright
	11	* notice, this list of conditions and the following disclaimer.
	12	* 2. Redistributions in binary form must reproduce the above copyright
	13	* notice, this list of conditions and the following disclaimer in the
	14	* documentation and/or other materials provided with the distribution.
	15	* 3. Neither the name of the project nor the names of its contributors
	16	* may be used to endorse or promote products derived from this software
	17	* without specific prior written permission.
	18	*
	19	* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
	20	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	21	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	22	* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
	23	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	24	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	25	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	26	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	27	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	28	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	29	* SUCH DAMAGE.
	30	*/
	31
	32	#include "config.h"
	33
	34	#include <sys/param.h>
	35	#include <sys/types.h>
	36	#include <sys/socket.h>
	37	#include <sys/queue.h>
	38
	39	#include <netinet/in.h>
	40	#include <netinet/in.h>
	41	#ifdef HAVE_NETINET6_IPSEC
	42	# include <netinet6/ipsec.h>
	43	#else
	44	# include <netinet/ipsec.h>
	45	#endif
	46
	47	#include <stdlib.h>
	48	#include <stdio.h>
	49	#include <string.h>
	50	#include <errno.h>
	51
	52	#include "var.h"
	53	#include "misc.h"
	54	#include "vmbuf.h"
	55	#include "plog.h"
	56	#include "sockmisc.h"
	57	#include "debug.h"
	58
	59	#include "localconf.h"
	60	#include "isakmp_var.h"
	61	#include "isakmp.h"
	62	#include "ipsec_doi.h"
	63	#include "oakley.h"
	64	#include "handler.h"
65	#include "algorithm.h"
66	#include "sainfo.h"
67	#include "gcmalloc.h"
68
69	static LIST_HEAD(_sitree, sainfo) sitree;
70
71	/* %%%
72	* modules for ipsec sa info
73	*/
74	/*
75	* return matching entry.
76	* no matching entry found and if there is anonymous entry, return it.
77	* else return NULL.
78	* XXX by each data type, should be changed to compare the buffer.
79	* First pass is for sainfo from a specified peer, second for others.
80	*/
81	struct sainfo *
65c25746	82	getsainfo(const vchar_t src, const vchar_t dst, const vchar_t *peer, int use_nat_addr)
52b7d2ce A	83	{
	84	struct sainfo *s = NULL;
	85	struct sainfo *anonymous = NULL;
	86	int pass = 1;
05434fec A	87
	88	if (use_nat_addr && lcconf->ext_nat_id == NULL)
	89	return NULL;
52b7d2ce A	90
	91	if (peer == NULL)
	92	pass = 2;
	93	again:
	94	LIST_FOREACH(s, &sitree, chain) {
	95	if (s->id_i != NULL) {
	96	if (pass == 2)
	97	continue;
	98	if (memcmp(peer->v, s->id_i->v, s->id_i->l) != 0)
	99	continue;
	100	} else if (pass == 1)
	101	continue;
	102	if (s->idsrc == NULL) {
	103	anonymous = s;
	104	continue;
	105	}
	106
	107	/* anonymous ? */
	108	if (src == NULL) {
	109	if (anonymous != NULL)
	110	break;
	111	continue;
	112	}
	113
65c25746	114	// TODO: handle wildcard port numbers in the id
7ebaebe2	115	if ((src->l == s->idsrc->l) && memcmp(src->v, s->idsrc->v, s->idsrc->l) == 0) {
05434fec	116	if (use_nat_addr) {
d1e348cf	117	if (memcmp(lcconf->ext_nat_id->v, s->iddst->v, s->iddst->l) == 0) {
65c25746	118	plogdump(ASL_LEVEL_DEBUG, lcconf->ext_nat_id->v, lcconf->ext_nat_id->l, "matched external nat address.\n");
05434fec	119	return s;
d1e348cf	120	}
7ebaebe2	121	} else if ((dst->l == s->iddst->l) && memcmp(dst->v, s->iddst->v, s->iddst->l) == 0) {
05434fec	122	return s;
7ebaebe2	123	}
05434fec	124	}
52b7d2ce A	125	}
	126
	127	if (anonymous) {
65c25746	128	plog(ASL_LEVEL_DEBUG,
52b7d2ce A	129	"anonymous sainfo selected.\n");
	130	} else if (pass == 1) {
	131	pass = 2;
	132	goto again;
	133	}
	134
	135	return anonymous;
	136	}
	137
b8c37798 A	138	/*
	139	* return matching entry.
	140	* no matching entry found and if there is anonymous entry, return it.
	141	* else return NULL.
	142	* XXX by each data type, should be changed to compare the buffer.
	143	*/
	144	struct sainfo *
65c25746	145	getsainfo_by_dst_id(const vchar_t dst, const vchar_t peer)
b8c37798 A	146	{
	147	struct sainfo *s = NULL;
	148	struct sainfo *anonymous = NULL;
	149
65c25746	150	plog(ASL_LEVEL_DEBUG, "getsainfo_by_dst_id - dst id:\n");
b8c37798	151	if (dst != NULL)
65c25746	152	plogdump(ASL_LEVEL_DEBUG, dst->v, dst->l, "getsainfo_by_dst_id - dst id:\n");
b8c37798 A	153	else
	154	return NULL;
	155
	156	LIST_FOREACH(s, &sitree, chain) {
65c25746 A	157	if (s->idsrc != NULL) {
	158	plogdump(ASL_LEVEL_DEBUG, s->idsrc->v, s->idsrc->l, "getsainfo_by_dst_id - sainfo id - src:\n");
	159	plogdump(ASL_LEVEL_DEBUG, s->iddst->v, s->iddst->l, "getsainfo_by_dst_id - sainfo id - dst:\n");
	160	} else {
	161	plog(ASL_LEVEL_DEBUG, "getsainfo_by_dst_id - sainfo id = anonymous\n");
b8c37798	162	}
b8c37798	163	if (s->id_i != NULL) {
65c25746	164	plogdump(ASL_LEVEL_DEBUG, s->id_i->v, s->id_i->l, "getsainfo_by_dst_id - sainfo id_i:\n");
b8c37798 A	165	if (peer == NULL)
	166	continue;
	167	if (memcmp(peer->v, s->id_i->v, s->id_i->l) != 0)
	168	continue;
	169	}
	170	if (s->idsrc == NULL) {
	171	anonymous = s;
	172	continue;
	173	}
	174
	175	if (memcmp(dst->v, s->iddst->v, s->iddst->l) == 0)
	176	return s;
	177	}
	178
	179	if (anonymous) {
65c25746	180	plog(ASL_LEVEL_DEBUG,
b8c37798 A	181	"anonymous sainfo selected.\n");
	182	}
	183
	184	return anonymous;
	185	}
	186
d1e348cf	187
52b7d2ce	188	struct sainfo *
65c25746	189	create_sainfo()
52b7d2ce A	190	{
	191	struct sainfo *new;
	192
	193	new = racoon_calloc(1, sizeof(*new));
	194	if (new == NULL)
	195	return NULL;
	196
	197	new->lifetime = IPSECDOI_ATTR_SA_LD_SEC_DEFAULT;
	198	new->lifebyte = IPSECDOI_ATTR_SA_LD_KB_MAX;
65c25746 A	199	new->refcount = 1;
65c25746 A	200	new->in_list = 0;
52b7d2ce A	201
	202	return new;
	203	}
	204
65c25746	205
52b7d2ce	206	void
65c25746	207	delsainfo(struct sainfo *si)
52b7d2ce A	208	{
52b7d2ce A	209	int i;
d1e348cf	210
52b7d2ce A	211	for (i = 0; i < MAXALGCLASS; i++)
	212	delsainfoalg(si->algs[i]);
	213
	214	if (si->idsrc)
	215	vfree(si->idsrc);
	216	if (si->iddst)
	217	vfree(si->iddst);
	218
d1e348cf A	219	#ifdef ENABLE_HYBRID
	220	if (si->group)
	221	vfree(si->group);
	222	#endif
	223
52b7d2ce A	224	racoon_free(si);
	225	}
	226
	227	void
65c25746	228	inssainfo(struct sainfo *new)
52b7d2ce A	229	{
52b7d2ce A	230	LIST_INSERT_HEAD(&sitree, new, chain);
65c25746	231	new->in_list = 1;
52b7d2ce A	232	}
	233
	234	void
65c25746	235	remsainfo(struct sainfo *si)
52b7d2ce	236	{
65c25746 A	237	if (si->in_list) {
	238	LIST_REMOVE(si, chain);
	239	si->in_list = 0;
	240	}
52b7d2ce A	241	}
52b7d2ce A	242
65c25746 A	243	// remove sainfos from linked list
65c25746 A	244	// if not used - delete it
52b7d2ce A	245	void
	246	flushsainfo()
	247	{
	248	struct sainfo s, next;
	249
65c25746	250	LIST_FOREACH_SAFE(s, &sitree, chain, next) {
d1e348cf	251	if (s->dynamic == 0) {
65c25746 A	252	remsainfo(s);
	253	if (--(s->refcount) <= 0)
	254	delsainfo(s);
d1e348cf A	255	}
	256	}
	257	}
	258
65c25746 A	259	// remove sainfos from linked list
65c25746 A	260	// if not used - delete it
d1e348cf A	261	void
	262	flushsainfo_dynamic(u_int32_t addr)
	263	{
	264	struct sainfo s, next;
	265
65c25746	266	LIST_FOREACH_SAFE(s, &sitree, chain, next) {
d1e348cf	267	if (s->dynamic == addr) {
65c25746 A	268	remsainfo(s);
	269	if (--(s->refcount) <= 0)
	270	delsainfo(s);
d1e348cf	271	}
52b7d2ce A	272	}
	273	}
	274
65c25746 A	275	void
	276	retain_sainfo(struct sainfo *si)
	277	{
	278	(si->refcount)++;
	279	}
	280
	281	void
	282	release_sainfo(struct sainfo *si)
	283	{
	284	if (--(si->refcount) <= 0) {
	285	remsainfo(si);
	286	delsainfo(si);
	287	}
	288	}
	289
52b7d2ce A	290	void
	291	initsainfo()
	292	{
	293	LIST_INIT(&sitree);
	294	}
	295
	296	struct sainfoalg *
	297	newsainfoalg()
	298	{
	299	struct sainfoalg *new;
	300
	301	new = racoon_calloc(1, sizeof(*new));
	302	if (new == NULL)
	303	return NULL;
	304
	305	return new;
	306	}
	307
	308	void
65c25746	309	delsainfoalg(struct sainfoalg *alg)
52b7d2ce A	310	{
	311	struct sainfoalg a, next;
	312
	313	for (a = alg; a; a = next) {
	314	next = a->next;
	315	racoon_free(a);
	316	}
	317	}
	318
	319	void
65c25746	320	inssainfoalg(struct sainfoalg *head, struct sainfoalg new)
52b7d2ce A	321	{
	322	struct sainfoalg *a;
	323
	324	for (a = *head; a && a->next; a = a->next)
	325	;
	326	if (a)
	327	a->next = new;
	328	else
	329	*head = new;
	330	}
	331
65c25746 A	332
65c25746 A	333
52b7d2ce	334	const char *
65c25746	335	sainfo2str(const struct sainfo *si)
52b7d2ce	336	{
e627a751 A	337	char *idsrc_str;
	338	char *iddst_str;
	339	char *idi_str;
52b7d2ce A	340	static char buf[256];
	341
	342	if (si->idsrc == NULL)
	343	snprintf(buf, sizeof(buf), "anonymous");
	344	else {
e627a751 A	345	idsrc_str = ipsecdoi_id2str(si->idsrc);
	346	if (idsrc_str) {
	347	snprintf(buf, sizeof(buf), "%s", idsrc_str);
	348	racoon_free(idsrc_str);
	349	}
	350	if (si->iddst == NULL) {
	351	snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), " anonymous");
	352	} else {
	353	iddst_str = ipsecdoi_id2str(si->iddst);
	354	if (iddst_str) {
	355	snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf),
	356	" %s", iddst_str);
	357	racoon_free(iddst_str);
	358	}
	359	}
52b7d2ce A	360	}
52b7d2ce A	361
d1e348cf	362	if (si->id_i != NULL) {
e627a751 A	363	idi_str = ipsecdoi_id2str(si->id_i);
	364	if (idi_str) {
	365	snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf),
	366	" from %s", idi_str);
	367	racoon_free(idi_str);
	368	}
	369	}
52b7d2ce A	370
	371	return buf;
	372	}