]> git.saurik.com Git - apple/ipsec.git/blob - ipsec-tools/racoon/sainfo.c
projects / apple / ipsec.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
ipsec-332.100.1.tar.gz
[apple/ipsec.git] / ipsec-tools / racoon / sainfo.c
1 /* $KAME: sainfo.c,v 1.16 2003/06/27 07:32:39 sakane Exp $ */
2
3 /*
4 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the project nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE.
30 */
31
32 #include "config.h"
33
34 #include <sys/param.h>
35 #include <sys/types.h>
36 #include <sys/socket.h>
37 #include <sys/queue.h>
38
39 #include <netinet/in.h>
40 #include <netinet/in.h>
41 #ifdef HAVE_NETINET6_IPSEC
42 # include <netinet6/ipsec.h>
43 #else
44 # include <netinet/ipsec.h>
45 #endif
46
47 #include <stdlib.h>
48 #include <stdio.h>
49 #include <string.h>
50 #include <errno.h>
51
52 #include "var.h"
53 #include "misc.h"
54 #include "vmbuf.h"
55 #include "plog.h"
56 #include "sockmisc.h"
57 #include "debug.h"
58
59 #include "localconf.h"
60 #include "isakmp_var.h"
61 #include "isakmp.h"
62 #include "ipsec_doi.h"
63 #include "oakley.h"
64 #include "handler.h"
65 #include "algorithm.h"
66 #include "sainfo.h"
67 #include "gcmalloc.h"
68
69 static LIST_HEAD(_sitree, sainfo) sitree;
70
71 /* %%%
72 * modules for ipsec sa info
73 */
74 /*
75 * return matching entry.
76 * no matching entry found and if there is anonymous entry, return it.
77 * else return NULL.
78 * XXX by each data type, should be changed to compare the buffer.
79 * First pass is for sainfo from a specified peer, second for others.
80 */
81 struct sainfo *
82 getsainfo(const vchar_t *src, const vchar_t *dst, const vchar_t *peer, int use_nat_addr)
83 {
84 struct sainfo *s = NULL;
85 struct sainfo *anonymous = NULL;
86 int pass = 1;
87
88 if (use_nat_addr && lcconf->ext_nat_id == NULL)
89 return NULL;
90
91 if (peer == NULL)
92 pass = 2;
93 again:
94 LIST_FOREACH(s, &sitree, chain) {
95 if (s->id_i != NULL) {
96 if (pass == 2)
97 continue;
98 if (memcmp(peer->v, s->id_i->v, s->id_i->l) != 0)
99 continue;
100 } else if (pass == 1)
101 continue;
102 if (s->idsrc == NULL) {
103 anonymous = s;
104 continue;
105 }
106
107 /* anonymous ? */
108 if (src == NULL) {
109 if (anonymous != NULL)
110 break;
111 continue;
112 }
113
114 // TODO: handle wildcard port numbers in the id
115 if ((src->l == s->idsrc->l) && memcmp(src->v, s->idsrc->v, s->idsrc->l) == 0) {
116 if (use_nat_addr) {
117 if (memcmp(lcconf->ext_nat_id->v, s->iddst->v, s->iddst->l) == 0) {
118 plogdump(ASL_LEVEL_DEBUG, lcconf->ext_nat_id->v, lcconf->ext_nat_id->l, "matched external nat address.\n");
119 return s;
120 }
121 } else if ((dst->l == s->iddst->l) && memcmp(dst->v, s->iddst->v, s->iddst->l) == 0) {
122 return s;
123 }
124 }
125 }
126
127 if (anonymous) {
128 plog(ASL_LEVEL_DEBUG,
129 "anonymous sainfo selected.\n");
130 } else if (pass == 1) {
131 pass = 2;
132 goto again;
133 }
134
135 return anonymous;
136 }
137
138 /*
139 * return matching entry.
140 * no matching entry found and if there is anonymous entry, return it.
141 * else return NULL.
142 * XXX by each data type, should be changed to compare the buffer.
143 */
144 struct sainfo *
145 getsainfo_by_dst_id(const vchar_t *dst, const vchar_t *peer)
146 {
147 struct sainfo *s = NULL;
148 struct sainfo *anonymous = NULL;
149
150 plog(ASL_LEVEL_DEBUG, "getsainfo_by_dst_id - dst id:\n");
151 if (dst != NULL)
152 plogdump(ASL_LEVEL_DEBUG, dst->v, dst->l, "getsainfo_by_dst_id - dst id:\n");
153 else
154 return NULL;
155
156 LIST_FOREACH(s, &sitree, chain) {
157 if (s->idsrc != NULL) {
158 plogdump(ASL_LEVEL_DEBUG, s->idsrc->v, s->idsrc->l, "getsainfo_by_dst_id - sainfo id - src:\n");
159 plogdump(ASL_LEVEL_DEBUG, s->iddst->v, s->iddst->l, "getsainfo_by_dst_id - sainfo id - dst:\n");
160 } else {
161 plog(ASL_LEVEL_DEBUG, "getsainfo_by_dst_id - sainfo id = anonymous\n");
162 }
163 if (s->id_i != NULL) {
164 plogdump(ASL_LEVEL_DEBUG, s->id_i->v, s->id_i->l, "getsainfo_by_dst_id - sainfo id_i:\n");
165 if (peer == NULL)
166 continue;
167 if (memcmp(peer->v, s->id_i->v, s->id_i->l) != 0)
168 continue;
169 }
170 if (s->idsrc == NULL) {
171 anonymous = s;
172 continue;
173 }
174
175 if (memcmp(dst->v, s->iddst->v, s->iddst->l) == 0)
176 return s;
177 }
178
179 if (anonymous) {
180 plog(ASL_LEVEL_DEBUG,
181 "anonymous sainfo selected.\n");
182 }
183
184 return anonymous;
185 }
186
187
188 struct sainfo *
189 create_sainfo()
190 {
191 struct sainfo *new;
192
193 new = racoon_calloc(1, sizeof(*new));
194 if (new == NULL)
195 return NULL;
196
197 new->lifetime = IPSECDOI_ATTR_SA_LD_SEC_DEFAULT;
198 new->lifebyte = IPSECDOI_ATTR_SA_LD_KB_MAX;
199 new->refcount = 1;
200 new->in_list = 0;
201
202 return new;
203 }
204
205
206 void
207 delsainfo(struct sainfo *si)
208 {
209 int i;
210
211 for (i = 0; i < MAXALGCLASS; i++)
212 delsainfoalg(si->algs[i]);
213
214 if (si->idsrc)
215 vfree(si->idsrc);
216 if (si->iddst)
217 vfree(si->iddst);
218
219 #ifdef ENABLE_HYBRID
220 if (si->group)
221 vfree(si->group);
222 #endif
223
224 racoon_free(si);
225 }
226
227 void
228 inssainfo(struct sainfo *new)
229 {
230 LIST_INSERT_HEAD(&sitree, new, chain);
231 new->in_list = 1;
232 }
233
234 void
235 remsainfo(struct sainfo *si)
236 {
237 if (si->in_list) {
238 LIST_REMOVE(si, chain);
239 si->in_list = 0;
240 }
241 }
242
243 // remove sainfos from linked list
244 // if not used - delete it
245 void
246 flushsainfo()
247 {
248 struct sainfo *s, *next;
249
250 LIST_FOREACH_SAFE(s, &sitree, chain, next) {
251 if (s->dynamic == 0) {
252 remsainfo(s);
253 if (--(s->refcount) <= 0)
254 delsainfo(s);
255 }
256 }
257 }
258
259 // remove sainfos from linked list
260 // if not used - delete it
261 void
262 flushsainfo_dynamic(u_int32_t addr)
263 {
264 struct sainfo *s, *next;
265
266 LIST_FOREACH_SAFE(s, &sitree, chain, next) {
267 if (s->dynamic == addr) {
268 remsainfo(s);
269 if (--(s->refcount) <= 0)
270 delsainfo(s);
271 }
272 }
273 }
274
275 void
276 retain_sainfo(struct sainfo *si)
277 {
278 (si->refcount)++;
279 }
280
281 void
282 release_sainfo(struct sainfo *si)
283 {
284 if (--(si->refcount) <= 0) {
285 remsainfo(si);
286 delsainfo(si);
287 }
288 }
289
290 void
291 initsainfo()
292 {
293 LIST_INIT(&sitree);
294 }
295
296 struct sainfoalg *
297 newsainfoalg()
298 {
299 struct sainfoalg *new;
300
301 new = racoon_calloc(1, sizeof(*new));
302 if (new == NULL)
303 return NULL;
304
305 return new;
306 }
307
308 void
309 delsainfoalg(struct sainfoalg *alg)
310 {
311 struct sainfoalg *a, *next;
312
313 for (a = alg; a; a = next) {
314 next = a->next;
315 racoon_free(a);
316 }
317 }
318
319 void
320 inssainfoalg(struct sainfoalg **head, struct sainfoalg *new)
321 {
322 struct sainfoalg *a;
323
324 for (a = *head; a && a->next; a = a->next)
325 ;
326 if (a)
327 a->next = new;
328 else
329 *head = new;
330 }
331
332
333
334 const char *
335 sainfo2str(const struct sainfo *si)
336 {
337 char *idsrc_str;
338 char *iddst_str;
339 char *idi_str;
340 static char buf[256];
341
342 if (si->idsrc == NULL)
343 snprintf(buf, sizeof(buf), "anonymous");
344 else {
345 idsrc_str = ipsecdoi_id2str(si->idsrc);
346 if (idsrc_str) {
347 snprintf(buf, sizeof(buf), "%s", idsrc_str);
348 racoon_free(idsrc_str);
349 }
350 if (si->iddst == NULL) {
351 snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), " anonymous");
352 } else {
353 iddst_str = ipsecdoi_id2str(si->iddst);
354 if (iddst_str) {
355 snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf),
356 " %s", iddst_str);
357 racoon_free(iddst_str);
358 }
359 }
360 }
361
362 if (si->id_i != NULL) {
363 idi_str = ipsecdoi_id2str(si->id_i);
364 if (idi_str) {
365 snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf),
366 " from %s", idi_str);
367 racoon_free(idi_str);
368 }
369 }
370
371 return buf;
372 }
mirror of ipsec