#include "ike_session.h"
struct natt_ka_addrs {
- struct sockaddr *src;
- struct sockaddr *dst;
+ struct sockaddr_storage *src;
+ struct sockaddr_storage *dst;
unsigned in_use;
TAILQ_ENTRY(natt_ka_addrs) chain;
};
-static TAILQ_HEAD(_natt_ka_addrs, natt_ka_addrs) ka_tree;
-
/*
* check if the given vid is NAT-T.
*/
}
vchar_t *
-natt_hash_addr (struct ph1handle *iph1, struct sockaddr *addr)
+natt_hash_addr (phase1_handle_t *iph1, struct sockaddr_storage *addr)
{
vchar_t *natd;
vchar_t *buf;
void *addr_ptr, *addr_port;
size_t buf_size, addr_size;
- plog (LLV_INFO, LOCATION, addr, "Hashing %s with algo #%d %s\n",
- saddr2str(addr), iph1->approval->hashtype,
- (iph1->rmconf->nat_traversal == NATT_FORCE)?"(NAT-T forced)":"");
+ if (iph1->approval) {
+ plog(ASL_LEVEL_NOTICE, "Hashing %s with algo #%d %s\n",
+ saddr2str((struct sockaddr *)addr), iph1->approval->hashtype,
+ (iph1->rmconf->nat_traversal == NATT_FORCE)?"(NAT-T forced)":"");
+ }
- if (addr->sa_family == AF_INET) {
+ if (addr->ss_family == AF_INET) {
addr_size = sizeof (struct in_addr); /* IPv4 address */
addr_ptr = &((struct sockaddr_in *)addr)->sin_addr;
addr_port = &((struct sockaddr_in *)addr)->sin_port;
}
- else if (addr->sa_family == AF_INET6) {
+ else if (addr->ss_family == AF_INET6) {
addr_size = sizeof (struct in6_addr); /* IPv6 address */
addr_ptr = &((struct sockaddr_in6 *)addr)->sin6_addr;
addr_port = &((struct sockaddr_in6 *)addr)->sin6_port;
}
else {
- plog (LLV_ERROR, LOCATION, addr, "Unsupported address family #0x%x\n", addr->sa_family);
+ plog(ASL_LEVEL_ERR, "Unsupported address family #0x%x\n", addr->ss_family);
return NULL;
}
}
int
-natt_compare_addr_hash (struct ph1handle *iph1, vchar_t *natd_received,
+natt_compare_addr_hash (phase1_handle_t *iph1, vchar_t *natd_received,
int natd_seq)
{
vchar_t *natd_computed;
opts->encaps_type = UDP_ENCAP_ESPINUDP;
break;
default:
- plog(LLV_ERROR, LOCATION, NULL,
+ plog(ASL_LEVEL_ERR,
"unsupported NAT-T version: %s\n",
vid_string_by_id(version));
return -1;
}
int
-create_natoa_payloads(struct ph2handle *iph2, vchar_t **natoa_i, vchar_t **natoa_r)
+create_natoa_payloads(phase2_handle_t *iph2, vchar_t **natoa_i, vchar_t **natoa_r)
{
int natoa_type = 0;
vchar_t *i;
vchar_t *r;
u_int8_t *p;
- struct sockaddr *i_addr;
- struct sockaddr *r_addr;
+ struct sockaddr_storage *i_addr;
+ struct sockaddr_storage *r_addr;
size_t i_size;
size_t r_size;
r_addr = iph2->src;
}
- switch (i_addr->sa_family) {
+ switch (i_addr->ss_family) {
case AF_INET:
i_size = sizeof(in_addr_t);
break;
break;
#endif
default:
- plog(LLV_ERROR, LOCATION, NULL,
- "invalid address family: %d\n", i_addr->sa_family);
+ plog(ASL_LEVEL_ERR,
+ "invalid address family: %d\n", i_addr->ss_family);
return -1;
}
- switch (r_addr->sa_family) {
+ switch (r_addr->ss_family) {
case AF_INET:
r_size = sizeof(in_addr_t);
break;
break;
#endif
default:
- plog(LLV_ERROR, LOCATION, NULL,
- "invalid address family: %d\n", r_addr->sa_family);
+ plog(ASL_LEVEL_ERR,
+ "invalid address family: %d\n", r_addr->ss_family);
return -1;
}
i = vmalloc(sizeof(struct isakmp_pl_natoa) + i_size - sizeof(struct isakmp_gen));
if (i == NULL) {
- plog(LLV_ERROR, LOCATION, NULL,
+ plog(ASL_LEVEL_ERR,
"failed to get buffer for natoa payload.\n");
return -1;
}
r = vmalloc(sizeof(struct isakmp_pl_natoa) + r_size - sizeof(struct isakmp_gen));
if (r == NULL) {
vfree(i);
- plog(LLV_ERROR, LOCATION, NULL,
+ plog(ASL_LEVEL_ERR,
"failed to get buffer for natoa payload.\n");
return -1;
}
/* copy src address */
p = (__typeof__(p))i->v;
- switch (i_addr->sa_family) {
+ switch (i_addr->ss_family) {
case AF_INET:
*p = IPSECDOI_ID_IPV4_ADDR;
bcopy(&(((struct sockaddr_in *)i_addr)->sin_addr.s_addr), p + sizeof(u_int32_t), i_size);
/* copy dst address */
p = (__typeof__(p))r->v;
- switch (r_addr->sa_family) {
+ switch (r_addr->ss_family) {
case AF_INET:
*p = IPSECDOI_ID_IPV4_ADDR;
bcopy(&(((struct sockaddr_in *)r_addr)->sin_addr.s_addr), p + sizeof(u_int32_t), r_size);
return natoa_type;
}
-struct sockaddr *
+struct sockaddr_storage *
process_natoa_payload(vchar_t *buf)
{
- struct sockaddr *saddr = NULL;
- struct ipsecdoi_id_b *id_b = (struct ipsecdoi_id_b *)buf->v;
+ struct sockaddr_storage *saddr = NULL;
+ struct ipsecdoi_id_b *id_b = ALIGNED_CAST(struct ipsecdoi_id_b *)buf->v;
switch (id_b->type) {
case IPSECDOI_ID_IPV4_ADDR:
saddr = racoon_malloc(sizeof(struct sockaddr_in));
if (!saddr) {
- plog(LLV_ERROR, LOCATION, NULL,
+ plog(ASL_LEVEL_ERR,
"error allocating addr for NAT-OA payload\n");
return NULL;
}
- saddr->sa_len = sizeof(struct sockaddr_in);
- saddr->sa_family = AF_INET;
+ saddr->ss_len = sizeof(struct sockaddr_in);
+ saddr->ss_family = AF_INET;
((struct sockaddr_in *)saddr)->sin_port = IPSEC_PORT_ANY;
memcpy(&((struct sockaddr_in *)saddr)->sin_addr,
buf->v + sizeof(*id_b), sizeof(struct in_addr));
case IPSECDOI_ID_IPV6_ADDR:
saddr = racoon_malloc(sizeof(struct sockaddr_in6));
if (!saddr) {
- plog(LLV_ERROR, LOCATION, NULL,
+ plog(ASL_LEVEL_ERR,
"error allocating addr for NAT-OA payload\n");
return NULL;
}
- saddr->sa_len = sizeof(struct sockaddr_in6);
- saddr->sa_family = AF_INET6;
+ saddr->ss_len = sizeof(struct sockaddr_in6);
+ saddr->ss_family = AF_INET6;
((struct sockaddr_in6 *)saddr)->sin6_port = IPSEC_PORT_ANY;
memcpy(&((struct sockaddr_in6 *)saddr)->sin6_addr,
buf->v + sizeof(*id_b), sizeof(struct in6_addr));
break;
#endif
default:
- plog(LLV_ERROR, LOCATION, NULL,
+ plog(ASL_LEVEL_ERR,
"invalid NAT-OA payload %d\n", id_b->type);
return NULL;
}
}
void
-natt_float_ports (struct ph1handle *iph1)
+natt_float_ports (phase1_handle_t *iph1)
{
if (! (iph1->natt_flags & NAT_DETECTED) )
set_port (iph1->remote, iph1->natt_options->float_port);
iph1->natt_flags |= NAT_PORTS_CHANGED | NAT_ADD_NON_ESP_MARKER;
- ike_session_ikev1_float_ports(iph1);
+ if (iph1->version == ISAKMP_VERSION_NUMBER_IKEV1)
+ ike_session_ikev1_float_ports(iph1);
}
void
-natt_handle_vendorid (struct ph1handle *iph1, int vid_numeric)
+natt_handle_vendorid (phase1_handle_t *iph1, int vid_numeric)
{
int version;
iph1->natt_options = racoon_calloc (1, sizeof (*iph1->natt_options));
if (! iph1->natt_options) {
- plog (LLV_ERROR, LOCATION, NULL,
+ plog (ASL_LEVEL_ERR,
"Allocating memory for natt_options failed!\n");
return;
}
projects / apple / ipsec.git / blobdiff