#include <sys/stat.h>
#include <sys/un.h>
-#ifdef __APPLE__
#include <System/net/pfkeyv2.h>
-#else
-#include <net/pfkeyv2.h>
-#endif
#include <netinet/in.h>
#ifndef HAVE_NETINET6_IPSEC
#include "vpn_control_var.h"
#include "strnames.h"
#include "ike_session.h"
+#include "ipsecMessageTracer.h"
static int vpn_get_ph2pfs(struct ph1handle *);
int
-vpn_connect(struct bound_addr *srv)
+vpn_connect(struct bound_addr *srv, int oper)
{
int error = -1;
- struct sockaddr *dst;
+ struct sockaddr_storage *dst;
struct remoteconf *rmconf;
- struct sockaddr *remote = NULL;
- struct sockaddr *local = NULL;
+ struct sockaddr_storage *remote = NULL;
+ struct sockaddr_storage *local = NULL;
u_int16_t port;
- dst = racoon_calloc(1, sizeof(struct sockaddr)); // this should come from the bound_addr parameter
+ dst = racoon_calloc(1, sizeof(struct sockaddr_storage)); // this should come from the bound_addr parameter
if (dst == NULL)
goto out;
((struct sockaddr_in *)(dst))->sin_len = sizeof(struct sockaddr_in);
/*
* Find the source address
*/
- if ((local = getlocaladdr(dst)) == NULL) {
+ if ((local = getlocaladdr((struct sockaddr *)dst)) == NULL) {
plog(LLV_ERROR, LOCATION, NULL,
"cannot get local address\n");
goto out1;
if (rmconf == NULL) {
plog(LLV_ERROR, LOCATION, NULL,
"no configuration found "
- "for %s\n", saddrwop2str(dst));
+ "for %s\n", saddrwop2str((struct sockaddr *)dst));
goto out1;
}
/* get remote IP address and port number. */
- if ((remote = dupsaddr(dst)) == NULL) {
+ if ((remote = dupsaddr((struct sockaddr *)dst)) == NULL) {
plog(LLV_ERROR, LOCATION, NULL,
"failed to duplicate address\n");
goto out1;
}
- switch (remote->sa_family) {
+ switch (remote->ss_family) {
case AF_INET:
((struct sockaddr_in *)remote)->sin_port =
((struct sockaddr_in *)rmconf->remote)->sin_port;
default:
plog(LLV_ERROR, LOCATION, NULL,
"invalid family: %d\n",
- remote->sa_family);
+ remote->ss_family);
goto out1;
break;
}
plog(LLV_INFO, LOCATION, NULL,
"accept a request to establish IKE-SA: "
- "%s\n", saddrwop2str(remote));
+ "%s\n", saddrwop2str((struct sockaddr *)remote));
+
+ IPSECLOGASLMSG("IPSec connecting to server %s\n",
+ saddrwop2str((struct sockaddr *)remote));
/* begin ident mode */
- if (isakmp_ph1begin_i(rmconf, remote, local, 1) < 0)
+ if (isakmp_ph1begin_i(rmconf, remote, local, oper) < 0)
goto out1;
error = 0;
}
int
-vpn_disconnect(struct bound_addr *srv)
+vpn_disconnect(struct bound_addr *srv, const char *reason)
{
- struct sockaddr_in saddr;
+ union { // Wcast-align fix - force alignment
+ struct sockaddr_storage ss;
+ struct sockaddr_in saddr;
+ } u;
- bzero(&saddr, sizeof(saddr));
- saddr.sin_len = sizeof(saddr);
- saddr.sin_addr.s_addr = srv->address;
- saddr.sin_port = 0;
- saddr.sin_family = AF_INET;
- ike_sessions_stopped_by_controller(&saddr,
+ bzero(&u.saddr, sizeof(u.saddr));
+ u.saddr.sin_len = sizeof(u.saddr);
+ u.saddr.sin_addr.s_addr = srv->address;
+ u.saddr.sin_port = 0;
+ u.saddr.sin_family = AF_INET;
+
+ IPSECLOGASLMSG("IPSec disconnecting from server %s\n",
+ saddrwop2str((struct sockaddr *)&u.ss));
+
+ ike_sessions_stopped_by_controller(&u.ss,
0,
- ike_session_stopped_by_vpn_disconnect);
- if (purgephXbydstaddrwop((struct sockaddr *)(&saddr)) > 0) {
+ reason);
+ if (purgephXbydstaddrwop(&u.ss) > 0) {
return 0;
} else {
return -1;
saddr.sin_addr.s_addr = addr->address;
saddr.sin_port = 0;
saddr.sin_family = AF_INET;
- ph1 = getph1bydstaddrwop((struct sockaddr *)(&saddr));
+ ph1 = getph1bydstaddrwop((struct sockaddr_storage *)(&saddr));
if (ph1 == NULL) {
plog(LLV_ERROR, LOCATION, NULL,
"cannot start phase2 - no phase1 found.\n");
goto fail;
}
- id_ptr = (struct id *)new_sainfo->idsrc->v;
+ id_ptr = ALIGNED_CAST(struct id *)new_sainfo->idsrc->v;
if (ntohl(selector_ptr->src_tunnel_mask) == 0xFFFFFFFF)
id_ptr->type = IPSECDOI_ID_IPV4_ADDR;
else {
id_ptr->port = selector_ptr->src_tunnel_port;
id_ptr->proto_id = selector_ptr->ul_protocol;
- id_ptr = (struct id *)new_sainfo->iddst->v;
+ id_ptr = ALIGNED_CAST(struct id *)new_sainfo->iddst->v;
if (selector_ptr->dst_tunnel_mask == 0xFFFFFFFF)
id_ptr->type = IPSECDOI_ID_IPV4_ADDR;
else {
plog(LLV_ERROR, LOCATION, NULL,"duplicated sainfo: %s\n", sainfo2str(new_sainfo));
goto fail;
}
- plog(LLV_DEBUG2, LOCATION, NULL, "create sainfo: %s\n", sainfo2str(new_sainfo));
+ //plog(LLV_DEBUG2, LOCATION, NULL, "create sainfo: %s\n", sainfo2str(new_sainfo));
inssainfo(new_sainfo);
new_sainfo = NULL;
}
fail:
if (new_sainfo)
delsainfo(new_sainfo);
- flushsainfo_dynamic(addr);
+ flushsainfo_dynamic((u_int32_t)addr->address);
return -1;
}
if (iph1->mode_cfg->attr_list == NULL)
return 1; /* haven't received configuration yet */
- myaddr = find_myaddr(iph1->local, 0);
+ myaddr = find_myaddr((struct sockaddr *)iph1->local, 0);
if (myaddr == NULL) {
plog(LLV_ERROR, LOCATION, NULL,
"unable to find address structure.\n");
memcpy(cptr, iph1->mode_cfg->attr_list->v, iph1->mode_cfg->attr_list->l);
*msg_size = msize;
+ IPSECLOGASLMSG("IPSec Network Configuration established.\n");
+
return 0;
}
saddr.sin_addr.s_addr = address;
saddr.sin_port = 0;
saddr.sin_family = AF_INET;
- iph1 = getph1bydstaddrwop((struct sockaddr *)(&saddr));
+ iph1 = getph1bydstaddrwop((struct sockaddr_storage *)(&saddr));
if (iph1 == NULL) {
plog(LLV_ERROR, LOCATION, NULL,
"cannot reply to xauth request - no ph1 found.\n");
VPTRINIT(iph1->xauth_awaiting_userinput_msg);
ike_session_stop_xauth_timer(iph1);
+ IPSECLOGASLMSG("IPSec Extended Authentication sent.\n");
+
end:
if (payload)
vfree(payload);
return error;
}
+int
+vpn_assert(struct sockaddr_storage *src_addr, struct sockaddr_storage *dst_addr)
+{
+ if (ike_session_assert(src_addr, dst_addr)) {
+ plog(LLV_ERROR, LOCATION, NULL,
+ "cannot assert - no matching session.\n");
+ return -1;
+ }
+
+ return 0;
+}
projects / apple / ipsec.git / blobdiff