]> git.saurik.com Git - apple/ipsec.git/blob - ipsec-tools/racoon/sainfo.c
projects / apple / ipsec.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
ipsec-146.1.tar.gz
[apple/ipsec.git] / ipsec-tools / racoon / sainfo.c
1 /* $KAME: sainfo.c,v 1.16 2003/06/27 07:32:39 sakane Exp $ */
2
3 /*
4 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the project nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE.
30 */
31
32 #include "config.h"
33
34 #include <sys/param.h>
35 #include <sys/types.h>
36 #include <sys/socket.h>
37 #include <sys/queue.h>
38
39 #include <netinet/in.h>
40 #include <netinet/in.h>
41 #ifdef HAVE_NETINET6_IPSEC
42 # include <netinet6/ipsec.h>
43 #else
44 # include <netinet/ipsec.h>
45 #endif
46
47 #include <stdlib.h>
48 #include <stdio.h>
49 #include <string.h>
50 #include <errno.h>
51
52 #include "var.h"
53 #include "misc.h"
54 #include "vmbuf.h"
55 #include "plog.h"
56 #include "sockmisc.h"
57 #include "debug.h"
58
59 #include "localconf.h"
60 #include "isakmp_var.h"
61 #include "isakmp.h"
62 #include "ipsec_doi.h"
63 #include "oakley.h"
64 #include "handler.h"
65 #include "algorithm.h"
66 #include "sainfo.h"
67 #include "gcmalloc.h"
68
69 static LIST_HEAD(_sitree, sainfo) sitree;
70
71 /* %%%
72 * modules for ipsec sa info
73 */
74 /*
75 * return matching entry.
76 * no matching entry found and if there is anonymous entry, return it.
77 * else return NULL.
78 * XXX by each data type, should be changed to compare the buffer.
79 * First pass is for sainfo from a specified peer, second for others.
80 */
81 struct sainfo *
82 getsainfo(src, dst, peer, use_nat_addr)
83 const vchar_t *src, *dst, *peer;
84 int use_nat_addr;
85 {
86 struct sainfo *s = NULL;
87 struct sainfo *anonymous = NULL;
88 int pass = 1;
89
90 if (use_nat_addr && lcconf->ext_nat_id == NULL)
91 return NULL;
92
93 plog(LLV_DEBUG2, LOCATION, NULL, "getsainfo - src id:\n");
94 if (src != NULL)
95 plogdump(LLV_DEBUG2, src->v, src->l);
96 else
97 plog(LLV_DEBUG2, LOCATION, NULL, " anonymous\n");
98 plog(LLV_DEBUG2, LOCATION, NULL, "getsainfo - dst id:\n");
99 if (dst != NULL)
100 plogdump(LLV_DEBUG2, dst->v, dst->l);
101 else
102 plog(LLV_DEBUG2, LOCATION, NULL, " anonymous\n");
103 if (peer == NULL)
104 pass = 2;
105 again:
106 LIST_FOREACH(s, &sitree, chain) {
107 if (s->to_delete || s->to_remove) {
108 continue;
109 }
110 if (s->idsrc != NULL) {
111 plog(LLV_DEBUG2, LOCATION, NULL, "getsainfo - sainfo id - src & dst:\n");
112 plogdump(LLV_DEBUG2, s->idsrc->v, s->idsrc->l);
113 plogdump(LLV_DEBUG2, s->iddst->v, s->iddst->l);
114 } else {
115 plog(LLV_DEBUG2, LOCATION, NULL, "getsainfo - sainfo id = anonymous\n");
116 }
117 if (s->id_i != NULL) {
118 if (pass == 2)
119 continue;
120 if (memcmp(peer->v, s->id_i->v, s->id_i->l) != 0)
121 continue;
122 } else if (pass == 1)
123 continue;
124 if (s->idsrc == NULL) {
125 anonymous = s;
126 continue;
127 }
128
129 /* anonymous ? */
130 if (src == NULL) {
131 if (anonymous != NULL)
132 break;
133 continue;
134 }
135
136 if (memcmp(src->v, s->idsrc->v, s->idsrc->l) == 0) {
137 if (use_nat_addr) {
138 if (memcmp(lcconf->ext_nat_id->v, s->iddst->v, s->iddst->l) == 0) {
139 plog(LLV_DEBUG, LOCATION, NULL,
140 "matched external nat address.\n");
141 plogdump(LLV_DEBUG2, lcconf->ext_nat_id->v, lcconf->ext_nat_id->l);
142 return s;
143 }
144 } else if (memcmp(dst->v, s->iddst->v, s->iddst->l) == 0)
145 return s;
146 }
147 }
148
149 if (anonymous) {
150 plog(LLV_DEBUG, LOCATION, NULL,
151 "anonymous sainfo selected.\n");
152 } else if (pass == 1) {
153 pass = 2;
154 goto again;
155 }
156
157 return anonymous;
158 }
159
160 /*
161 * return matching entry.
162 * no matching entry found and if there is anonymous entry, return it.
163 * else return NULL.
164 * XXX by each data type, should be changed to compare the buffer.
165 */
166 struct sainfo *
167 getsainfo_by_dst_id(dst, peer)
168 const vchar_t *dst, *peer;
169 {
170 struct sainfo *s = NULL;
171 struct sainfo *anonymous = NULL;
172
173 plog(LLV_DEBUG2, LOCATION, NULL, "getsainfo_by_dst_id - dst id:\n");
174 if (dst != NULL)
175 plogdump(LLV_DEBUG2, dst->v, dst->l);
176 else
177 return NULL;
178
179 LIST_FOREACH(s, &sitree, chain) {
180 if (s->to_delete || s->to_remove) {
181 continue;
182 }
183 if (s->idsrc != NULL) {
184 plog(LLV_DEBUG2, LOCATION, NULL, "getsainfo_by_dst_id - sainfo id - src & dst:\n");
185 plogdump(LLV_DEBUG2, s->idsrc->v, s->idsrc->l);
186 plogdump(LLV_DEBUG2, s->iddst->v, s->iddst->l);
187 } else {
188 plog(LLV_DEBUG2, LOCATION, NULL, "getsainfo_by_dst_id - sainfo id = anonymous\n");
189 }
190 if (s->id_i != NULL) {
191 plog(LLV_DEBUG2, LOCATION, NULL, "getsainfo_by_dst_id - sainfo id_i:\n");
192 plogdump(LLV_DEBUG2, s->id_i->v, s->id_i->l);
193 if (peer == NULL)
194 continue;
195 if (memcmp(peer->v, s->id_i->v, s->id_i->l) != 0)
196 continue;
197 }
198 if (s->idsrc == NULL) {
199 anonymous = s;
200 continue;
201 }
202
203 if (memcmp(dst->v, s->iddst->v, s->iddst->l) == 0)
204 return s;
205 }
206
207 if (anonymous) {
208 plog(LLV_DEBUG, LOCATION, NULL,
209 "anonymous sainfo selected.\n");
210 }
211
212 return anonymous;
213 }
214
215 int
216 link_sainfo_to_ph2 (struct sainfo *new)
217 {
218 if (!new) {
219 return(-1);
220 }
221 if (new->to_delete ||
222 new->to_remove) {
223 return(-1);
224 }
225 new->linked_to_ph2++;
226 return(0);
227 }
228
229 int
230 unlink_sainfo_from_ph2 (struct sainfo *old)
231 {
232 if (!old) {
233 return(-1);
234 }
235 if (old->linked_to_ph2 <= 0) {
236 return(-1);
237 }
238 old->linked_to_ph2--;
239 if (old->linked_to_ph2 == 0) {
240 if (old->to_remove) {
241 remsainfo(old);
242 }
243 if (old->to_delete) {
244 delsainfo(old);
245 }
246 }
247 return(0);
248 }
249
250 struct sainfo *
251 newsainfo()
252 {
253 struct sainfo *new;
254
255 new = racoon_calloc(1, sizeof(*new));
256 if (new == NULL)
257 return NULL;
258
259 new->lifetime = IPSECDOI_ATTR_SA_LD_SEC_DEFAULT;
260 new->lifebyte = IPSECDOI_ATTR_SA_LD_KB_MAX;
261 new->to_remove = FALSE;
262 new->to_delete = FALSE;
263 new->linked_to_ph2 = 0;
264
265 return new;
266 }
267
268 void
269 delsainfo(si)
270 struct sainfo *si;
271 {
272 int i;
273
274 if (si->linked_to_ph2) {
275 si->to_delete = TRUE;
276 return;
277 }
278
279 for (i = 0; i < MAXALGCLASS; i++)
280 delsainfoalg(si->algs[i]);
281
282 if (si->idsrc)
283 vfree(si->idsrc);
284 if (si->iddst)
285 vfree(si->iddst);
286
287 #ifdef ENABLE_HYBRID
288 if (si->group)
289 vfree(si->group);
290 #endif
291
292 racoon_free(si);
293 }
294
295 void
296 inssainfo(new)
297 struct sainfo *new;
298 {
299 LIST_INSERT_HEAD(&sitree, new, chain);
300 }
301
302 void
303 remsainfo(si)
304 struct sainfo *si;
305 {
306 if (si->linked_to_ph2) {
307 si->to_remove = TRUE;
308 return;
309 }
310 LIST_REMOVE(si, chain);
311 }
312
313 void
314 flushsainfo()
315 {
316 struct sainfo *s, *next;
317
318 for (s = LIST_FIRST(&sitree); s; s = next) {
319 next = LIST_NEXT(s, chain);
320 if (s->dynamic == 0) {
321 remsainfo(s);
322 delsainfo(s);
323 }
324 }
325 }
326
327 void
328 flushsainfo_dynamic(u_int32_t addr)
329 {
330 struct sainfo *s, *next;
331
332 for (s = LIST_FIRST(&sitree); s; s = next) {
333 next = LIST_NEXT(s, chain);
334 if (s->dynamic == addr) {
335 remsainfo(s);
336 delsainfo(s);
337 }
338 }
339 }
340
341 void
342 initsainfo()
343 {
344 LIST_INIT(&sitree);
345 }
346
347 struct sainfoalg *
348 newsainfoalg()
349 {
350 struct sainfoalg *new;
351
352 new = racoon_calloc(1, sizeof(*new));
353 if (new == NULL)
354 return NULL;
355
356 return new;
357 }
358
359 void
360 delsainfoalg(alg)
361 struct sainfoalg *alg;
362 {
363 struct sainfoalg *a, *next;
364
365 for (a = alg; a; a = next) {
366 next = a->next;
367 racoon_free(a);
368 }
369 }
370
371 void
372 inssainfoalg(head, new)
373 struct sainfoalg **head;
374 struct sainfoalg *new;
375 {
376 struct sainfoalg *a;
377
378 for (a = *head; a && a->next; a = a->next)
379 ;
380 if (a)
381 a->next = new;
382 else
383 *head = new;
384 }
385
386 const char *
387 sainfo2str(si)
388 const struct sainfo *si;
389 {
390 char *idsrc_str;
391 char *iddst_str;
392 char *idi_str;
393 static char buf[256];
394
395 if (si->idsrc == NULL)
396 snprintf(buf, sizeof(buf), "anonymous");
397 else {
398 idsrc_str = ipsecdoi_id2str(si->idsrc);
399 if (idsrc_str) {
400 snprintf(buf, sizeof(buf), "%s", idsrc_str);
401 racoon_free(idsrc_str);
402 }
403 iddst_str = ipsecdoi_id2str(si->iddst);
404 if (iddst_str) {
405 snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf),
406 " %s", iddst_str);
407 racoon_free(iddst_str);
408 }
409 }
410
411 if (si->id_i != NULL) {
412 idi_str = ipsecdoi_id2str(si->id_i);
413 if (idi_str) {
414 snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf),
415 " from %s", idi_str);
416 racoon_free(idi_str);
417 }
418 }
419
420 return buf;
421 }
mirror of ipsec