1 /*	$NetBSD: pfkey.c,v 1.18.4.5 2008/03/05 22:14:24 mgrooms Exp $	*/
2 
3 /* $Id: pfkey.c,v 1.18.4.5 2008/03/05 22:14:24 mgrooms Exp $ */
4 
5 /*
6  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
7  * All rights reserved.
8  *
9  * Redistribution and use in source and binary forms, with or without
10  * modification, are permitted provided that the following conditions
11  * are met:
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions and the following disclaimer.
14  * 2. Redistributions in binary form must reproduce the above copyright
15  *    notice, this list of conditions and the following disclaimer in the
16  *    documentation and/or other materials provided with the distribution.
17  * 3. Neither the name of the project nor the names of its contributors
18  *    may be used to endorse or promote products derived from this software
19  *    without specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31  * SUCH DAMAGE.
32  */
33 
34 #include "config.h"
35 
36 #include <stdlib.h>
37 #include <string.h>
38 #include <stdio.h>
39 #include <netdb.h>
40 #include <errno.h>
41 #ifdef HAVE_UNISTD_H
42 #include <unistd.h>
43 #endif
44 #include <netdb.h>
45 #include <netinet/in.h>
46 #include <arpa/inet.h>
47 
48 #ifdef ENABLE_NATT
49 # ifdef __linux__
50 #  include <linux/udp.h>
51 # endif
52 # if defined(__NetBSD__) || defined(__FreeBSD__) ||	\
53   (defined(__APPLE__) && defined(__MACH__))
54 #  include <netinet/udp.h>
55 # endif
56 #endif
57 
58 #include <sys/types.h>
59 #include <sys/param.h>
60 #include <sys/socket.h>
61 #include <sys/queue.h>
62 #ifndef ANDROID_CHANGES
63 #include <sys/sysctl.h>
64 #endif
65 
66 #include <net/route.h>
67 #include <net/pfkeyv2.h>
68 
69 #include <netinet/in.h>
70 #include PATH_IPSEC_H
71 #include <fcntl.h>
72 
73 #include "libpfkey.h"
74 
75 #include "var.h"
76 #include "misc.h"
77 #include "vmbuf.h"
78 #include "plog.h"
79 #include "sockmisc.h"
80 #include "debug.h"
81 
82 #include "schedule.h"
83 #include "localconf.h"
84 #include "remoteconf.h"
85 #include "handler.h"
86 #include "policy.h"
87 #include "proposal.h"
88 #include "isakmp_var.h"
89 #include "isakmp.h"
90 #include "isakmp_inf.h"
91 #include "ipsec_doi.h"
92 #include "oakley.h"
93 #include "pfkey.h"
94 #include "algorithm.h"
95 #include "sainfo.h"
96 #include "admin.h"
97 #include "privsep.h"
98 #include "strnames.h"
99 #include "backupsa.h"
100 #include "gcmalloc.h"
101 #include "nattraversal.h"
102 #include "crypto_openssl.h"
103 #include "grabmyaddr.h"
104 
105 #if defined(SADB_X_EALG_RIJNDAELCBC) && !defined(SADB_X_EALG_AESCBC)
106 #define SADB_X_EALG_AESCBC  SADB_X_EALG_RIJNDAELCBC
107 #endif
108 
109 /* prototype */
110 static u_int ipsecdoi2pfkey_aalg __P((u_int));
111 static u_int ipsecdoi2pfkey_ealg __P((u_int));
112 static u_int ipsecdoi2pfkey_calg __P((u_int));
113 static u_int ipsecdoi2pfkey_alg __P((u_int, u_int));
114 static u_int keylen_aalg __P((u_int));
115 static u_int keylen_ealg __P((u_int, int));
116 
117 static int pk_recvgetspi __P((caddr_t *));
118 static int pk_recvupdate __P((caddr_t *));
119 static int pk_recvadd __P((caddr_t *));
120 static int pk_recvdelete __P((caddr_t *));
121 static int pk_recvacquire __P((caddr_t *));
122 static int pk_recvexpire __P((caddr_t *));
123 static int pk_recvflush __P((caddr_t *));
124 static int getsadbpolicy __P((caddr_t *, int *, int, struct ph2handle *));
125 static int pk_recvspdupdate __P((caddr_t *));
126 static int pk_recvspdadd __P((caddr_t *));
127 static int pk_recvspddelete __P((caddr_t *));
128 static int pk_recvspdexpire __P((caddr_t *));
129 static int pk_recvspdget __P((caddr_t *));
130 static int pk_recvspddump __P((caddr_t *));
131 static int pk_recvspdflush __P((caddr_t *));
132 static struct sadb_msg *pk_recv __P((int, int *));
133 
134 static int (*pkrecvf[]) __P((caddr_t *)) = {
135 NULL,
136 pk_recvgetspi,
137 pk_recvupdate,
138 pk_recvadd,
139 pk_recvdelete,
140 NULL,	/* SADB_GET */
141 pk_recvacquire,
142 NULL,	/* SABD_REGISTER */
143 pk_recvexpire,
144 pk_recvflush,
145 NULL,	/* SADB_DUMP */
146 NULL,	/* SADB_X_PROMISC */
147 NULL,	/* SADB_X_PCHANGE */
148 pk_recvspdupdate,
149 pk_recvspdadd,
150 pk_recvspddelete,
151 pk_recvspdget,
152 NULL,	/* SADB_X_SPDACQUIRE */
153 pk_recvspddump,
154 pk_recvspdflush,
155 NULL,	/* SADB_X_SPDSETIDX */
156 pk_recvspdexpire,
157 NULL,	/* SADB_X_SPDDELETE2 */
158 NULL,	/* SADB_X_NAT_T_NEW_MAPPING */
159 NULL,	/* SADB_X_MIGRATE */
160 #if (SADB_MAX > 24)
161 #error "SADB extra message?"
162 #endif
163 };
164 
165 static int addnewsp __P((caddr_t *));
166 
167 /* cope with old kame headers - ugly */
168 #ifndef SADB_X_AALG_MD5
169 #define SADB_X_AALG_MD5		SADB_AALG_MD5
170 #endif
171 #ifndef SADB_X_AALG_SHA
172 #define SADB_X_AALG_SHA		SADB_AALG_SHA
173 #endif
174 #ifndef SADB_X_AALG_NULL
175 #define SADB_X_AALG_NULL	SADB_AALG_NULL
176 #endif
177 
178 #ifndef SADB_X_EALG_BLOWFISHCBC
179 #define SADB_X_EALG_BLOWFISHCBC	SADB_EALG_BLOWFISHCBC
180 #endif
181 #ifndef SADB_X_EALG_CAST128CBC
182 #define SADB_X_EALG_CAST128CBC	SADB_EALG_CAST128CBC
183 #endif
184 #ifndef SADB_X_EALG_RC5CBC
185 #ifdef SADB_EALG_RC5CBC
186 #define SADB_X_EALG_RC5CBC	SADB_EALG_RC5CBC
187 #endif
188 #endif
189 
190 /*
191  * PF_KEY packet handler
192  *	0: success
193  *	-1: fail
194  */
195 int
pfkey_handler()196 pfkey_handler()
197 {
198 	struct sadb_msg *msg;
199 	int len;
200 	caddr_t mhp[SADB_EXT_MAX + 1];
201 	int error = -1;
202 
203 	/* receive pfkey message. */
204 	len = 0;
205 	msg = (struct sadb_msg *)pk_recv(lcconf->sock_pfkey, &len);
206 	if (msg == NULL) {
207 		if (len < 0) {
208 			plog(LLV_ERROR, LOCATION, NULL,
209 				"failed to recv from pfkey (%s)\n",
210 				strerror(errno));
211 			goto end;
212 		} else {
213 			/* short message - msg not ready */
214 			return 0;
215 		}
216 	}
217 
218 	plog(LLV_DEBUG, LOCATION, NULL, "get pfkey %s message\n",
219 		s_pfkey_type(msg->sadb_msg_type));
220 	plogdump(LLV_DEBUG2, msg, msg->sadb_msg_len << 3);
221 
222 	/* validity check */
223 	if (msg->sadb_msg_errno) {
224 		int pri;
225 
226 		/* when SPD is empty, treat the state as no error. */
227 		if (msg->sadb_msg_type == SADB_X_SPDDUMP &&
228 		    msg->sadb_msg_errno == ENOENT)
229 			pri = LLV_DEBUG;
230 		else
231 			pri = LLV_ERROR;
232 
233 		plog(pri, LOCATION, NULL,
234 			"pfkey %s failed: %s\n",
235 			s_pfkey_type(msg->sadb_msg_type),
236 			strerror(msg->sadb_msg_errno));
237 
238 		goto end;
239 	}
240 
241 	/* check pfkey message. */
242 	if (pfkey_align(msg, mhp)) {
243 		plog(LLV_ERROR, LOCATION, NULL,
244 			"libipsec failed pfkey align (%s)\n",
245 			ipsec_strerror());
246 		goto end;
247 	}
248 	if (pfkey_check(mhp)) {
249 		plog(LLV_ERROR, LOCATION, NULL,
250 			"libipsec failed pfkey check (%s)\n",
251 			ipsec_strerror());
252 		goto end;
253 	}
254 	msg = (struct sadb_msg *)mhp[0];
255 
256 	/* safety check */
257 	if (msg->sadb_msg_type >= ARRAYLEN(pkrecvf)) {
258 		plog(LLV_ERROR, LOCATION, NULL,
259 			"unknown PF_KEY message type=%u\n",
260 			msg->sadb_msg_type);
261 		goto end;
262 	}
263 
264 	if (pkrecvf[msg->sadb_msg_type] == NULL) {
265 		plog(LLV_INFO, LOCATION, NULL,
266 			"unsupported PF_KEY message %s\n",
267 			s_pfkey_type(msg->sadb_msg_type));
268 		goto end;
269 	}
270 
271 	if ((pkrecvf[msg->sadb_msg_type])(mhp) < 0)
272 		goto end;
273 
274 	error = 0;
275 end:
276 	if (msg)
277 		racoon_free(msg);
278 	return(error);
279 }
280 
281 /*
282  * dump SADB
283  */
284 vchar_t *
pfkey_dump_sadb(satype)285 pfkey_dump_sadb(satype)
286 	int satype;
287 {
288 	int s = -1;
289 	vchar_t *buf = NULL;
290 	pid_t pid = getpid();
291 	struct sadb_msg *msg = NULL;
292 	size_t bl, ml;
293 	int len;
294 
295 	if ((s = privsep_pfkey_open()) < 0) {
296 		plog(LLV_ERROR, LOCATION, NULL,
297 			"libipsec failed pfkey open: %s\n",
298 			ipsec_strerror());
299 		return NULL;
300 	}
301 
302 	plog(LLV_DEBUG, LOCATION, NULL, "call pfkey_send_dump\n");
303 	if (pfkey_send_dump(s, satype) < 0) {
304 		plog(LLV_ERROR, LOCATION, NULL,
305 			"libipsec failed dump: %s\n", ipsec_strerror());
306 		goto fail;
307 	}
308 
309 	while (1) {
310 		if (msg)
311 			racoon_free(msg);
312 		msg = pk_recv(s, &len);
313 		if (msg == NULL) {
314 			if (len < 0)
315 				goto done;
316 			else
317 				continue;
318 		}
319 
320 		if (msg->sadb_msg_type != SADB_DUMP || msg->sadb_msg_pid != pid)
321 		{
322 		    plog(LLV_DEBUG, LOCATION, NULL,
323 			 "discarding non-sadb dump msg %p, our pid=%i\n", msg, pid);
324 		    plog(LLV_DEBUG, LOCATION, NULL,
325 			 "type %i, pid %i\n", msg->sadb_msg_type, msg->sadb_msg_pid);
326 		    continue;
327 		}
328 
329 
330 		ml = msg->sadb_msg_len << 3;
331 		bl = buf ? buf->l : 0;
332 		buf = vrealloc(buf, bl + ml);
333 		if (buf == NULL) {
334 			plog(LLV_ERROR, LOCATION, NULL,
335 				"failed to reallocate buffer to dump.\n");
336 			goto fail;
337 		}
338 		memcpy(buf->v + bl, msg, ml);
339 
340 		if (msg->sadb_msg_seq == 0)
341 			break;
342 	}
343 	goto done;
344 
345 fail:
346 	if (buf)
347 		vfree(buf);
348 	buf = NULL;
349 done:
350 	if (msg)
351 		racoon_free(msg);
352 	if (s >= 0)
353 		privsep_pfkey_close(s);
354 	return buf;
355 }
356 
357 #ifdef ENABLE_ADMINPORT
358 /*
359  * flush SADB
360  */
361 void
pfkey_flush_sadb(proto)362 pfkey_flush_sadb(proto)
363 	u_int proto;
364 {
365 	int satype;
366 
367 	/* convert to SADB_SATYPE */
368 	if ((satype = admin2pfkey_proto(proto)) < 0)
369 		return;
370 
371 	plog(LLV_DEBUG, LOCATION, NULL, "call pfkey_send_flush\n");
372 	if (pfkey_send_flush(lcconf->sock_pfkey, satype) < 0) {
373 		plog(LLV_ERROR, LOCATION, NULL,
374 			"libipsec failed send flush (%s)\n", ipsec_strerror());
375 		return;
376 	}
377 
378 	return;
379 }
380 #endif
381 
382 /*
383  * These are the SATYPEs that we manage.  We register to get
384  * PF_KEY messages related to these SATYPEs, and we also use
385  * this list to determine which SATYPEs to delete SAs for when
386  * we receive an INITIAL-CONTACT.
387  */
388 const struct pfkey_satype pfkey_satypes[] = {
389 	{ SADB_SATYPE_AH,	"AH" },
390 	{ SADB_SATYPE_ESP,	"ESP" },
391 	{ SADB_X_SATYPE_IPCOMP,	"IPCOMP" },
392 };
393 const int pfkey_nsatypes =
394     sizeof(pfkey_satypes) / sizeof(pfkey_satypes[0]);
395 
396 /*
397  * PF_KEY initialization
398  */
399 int
pfkey_init()400 pfkey_init()
401 {
402 	int i, reg_fail;
403 
404 	if ((lcconf->sock_pfkey = privsep_pfkey_open()) < 0) {
405 		plog(LLV_ERROR, LOCATION, NULL,
406 			"libipsec failed pfkey open (%s)\n", ipsec_strerror());
407 		return -1;
408 	}
409 	if (fcntl(lcconf->sock_pfkey, F_SETFL, O_NONBLOCK) == -1)
410 		plog(LLV_WARNING, LOCATION, NULL,
411 		    "failed to set the pfkey socket to NONBLOCK\n");
412 
413 	for (i = 0, reg_fail = 0; i < pfkey_nsatypes; i++) {
414 		plog(LLV_DEBUG, LOCATION, NULL,
415 		    "call pfkey_send_register for %s\n",
416 		    pfkey_satypes[i].ps_name);
417 		if (pfkey_send_register(lcconf->sock_pfkey,
418 					pfkey_satypes[i].ps_satype) < 0 ||
419 		    pfkey_recv_register(lcconf->sock_pfkey) < 0) {
420 			plog(LLV_WARNING, LOCATION, NULL,
421 			    "failed to register %s (%s)\n",
422 			    pfkey_satypes[i].ps_name,
423 			    ipsec_strerror());
424 			reg_fail++;
425 		}
426 	}
427 
428 	if (reg_fail == pfkey_nsatypes) {
429 		plog(LLV_ERROR, LOCATION, NULL,
430 			"failed to regist any protocol.\n");
431 		pfkey_close(lcconf->sock_pfkey);
432 		return -1;
433 	}
434 
435 	initsp();
436 
437 	if (pfkey_send_spddump(lcconf->sock_pfkey) < 0) {
438 		plog(LLV_ERROR, LOCATION, NULL,
439 			"libipsec sending spddump failed: %s\n",
440 			ipsec_strerror());
441 		pfkey_close(lcconf->sock_pfkey);
442 		return -1;
443 	}
444 #if 0
445 	if (pfkey_promisc_toggle(1) < 0) {
446 		pfkey_close(lcconf->sock_pfkey);
447 		return -1;
448 	}
449 #endif
450 	return 0;
451 }
452 
453 /* %%% for conversion */
454 /* IPSECDOI_ATTR_AUTH -> SADB_AALG */
455 static u_int
ipsecdoi2pfkey_aalg(hashtype)456 ipsecdoi2pfkey_aalg(hashtype)
457 	u_int hashtype;
458 {
459 	switch (hashtype) {
460 	case IPSECDOI_ATTR_AUTH_HMAC_MD5:
461 		return SADB_AALG_MD5HMAC;
462 	case IPSECDOI_ATTR_AUTH_HMAC_SHA1:
463 		return SADB_AALG_SHA1HMAC;
464 	case IPSECDOI_ATTR_AUTH_HMAC_SHA2_256:
465 #if (defined SADB_X_AALG_SHA2_256) && !defined(SADB_X_AALG_SHA2_256HMAC)
466 		return SADB_X_AALG_SHA2_256;
467 #else
468 		return SADB_X_AALG_SHA2_256HMAC;
469 #endif
470 	case IPSECDOI_ATTR_AUTH_HMAC_SHA2_384:
471 #if (defined SADB_X_AALG_SHA2_384) && !defined(SADB_X_AALG_SHA2_384HMAC)
472 		return SADB_X_AALG_SHA2_384;
473 #else
474 		return SADB_X_AALG_SHA2_384HMAC;
475 #endif
476 	case IPSECDOI_ATTR_AUTH_HMAC_SHA2_512:
477 #if (defined SADB_X_AALG_SHA2_512) && !defined(SADB_X_AALG_SHA2_512HMAC)
478 		return SADB_X_AALG_SHA2_512;
479 #else
480 		return SADB_X_AALG_SHA2_512HMAC;
481 #endif
482 	case IPSECDOI_ATTR_AUTH_KPDK:		/* need special care */
483 		return SADB_AALG_NONE;
484 
485 	/* not supported */
486 	case IPSECDOI_ATTR_AUTH_DES_MAC:
487 		plog(LLV_ERROR, LOCATION, NULL,
488 			"Not supported hash type: %u\n", hashtype);
489 		return ~0;
490 
491 	case 0: /* reserved */
492 	default:
493 		return SADB_AALG_NONE;
494 
495 		plog(LLV_ERROR, LOCATION, NULL,
496 			"Invalid hash type: %u\n", hashtype);
497 		return ~0;
498 	}
499 	/*NOTREACHED*/
500 }
501 
502 /* IPSECDOI_ESP -> SADB_EALG */
503 static u_int
ipsecdoi2pfkey_ealg(t_id)504 ipsecdoi2pfkey_ealg(t_id)
505 	u_int t_id;
506 {
507 	switch (t_id) {
508 	case IPSECDOI_ESP_DES_IV64:		/* sa_flags |= SADB_X_EXT_OLD */
509 		return SADB_EALG_DESCBC;
510 	case IPSECDOI_ESP_DES:
511 		return SADB_EALG_DESCBC;
512 	case IPSECDOI_ESP_3DES:
513 		return SADB_EALG_3DESCBC;
514 #ifdef SADB_X_EALG_RC5CBC
515 	case IPSECDOI_ESP_RC5:
516 		return SADB_X_EALG_RC5CBC;
517 #endif
518 	case IPSECDOI_ESP_CAST:
519 		return SADB_X_EALG_CAST128CBC;
520 	case IPSECDOI_ESP_BLOWFISH:
521 		return SADB_X_EALG_BLOWFISHCBC;
522 	case IPSECDOI_ESP_DES_IV32:	/* flags |= (SADB_X_EXT_OLD|
523 							SADB_X_EXT_IV4B)*/
524 		return SADB_EALG_DESCBC;
525 	case IPSECDOI_ESP_NULL:
526 		return SADB_EALG_NULL;
527 #ifdef SADB_X_EALG_AESCBC
528 	case IPSECDOI_ESP_AES:
529 		return SADB_X_EALG_AESCBC;
530 #endif
531 #ifdef SADB_X_EALG_TWOFISHCBC
532 	case IPSECDOI_ESP_TWOFISH:
533 		return SADB_X_EALG_TWOFISHCBC;
534 #endif
535 #ifdef SADB_X_EALG_CAMELLIACBC
536 	case IPSECDOI_ESP_CAMELLIA:
537 		return SADB_X_EALG_CAMELLIACBC;
538 #endif
539 
540 	/* not supported */
541 	case IPSECDOI_ESP_3IDEA:
542 	case IPSECDOI_ESP_IDEA:
543 	case IPSECDOI_ESP_RC4:
544 		plog(LLV_ERROR, LOCATION, NULL,
545 			"Not supported transform: %u\n", t_id);
546 		return ~0;
547 
548 	case 0: /* reserved */
549 	default:
550 		plog(LLV_ERROR, LOCATION, NULL,
551 			"Invalid transform id: %u\n", t_id);
552 		return ~0;
553 	}
554 	/*NOTREACHED*/
555 }
556 
557 /* IPCOMP -> SADB_CALG */
558 static u_int
ipsecdoi2pfkey_calg(t_id)559 ipsecdoi2pfkey_calg(t_id)
560 	u_int t_id;
561 {
562 	switch (t_id) {
563 	case IPSECDOI_IPCOMP_OUI:
564 		return SADB_X_CALG_OUI;
565 	case IPSECDOI_IPCOMP_DEFLATE:
566 		return SADB_X_CALG_DEFLATE;
567 	case IPSECDOI_IPCOMP_LZS:
568 		return SADB_X_CALG_LZS;
569 
570 	case 0: /* reserved */
571 	default:
572 		plog(LLV_ERROR, LOCATION, NULL,
573 			"Invalid transform id: %u\n", t_id);
574 		return ~0;
575 	}
576 	/*NOTREACHED*/
577 }
578 
579 /* IPSECDOI_PROTO -> SADB_SATYPE */
580 u_int
ipsecdoi2pfkey_proto(proto)581 ipsecdoi2pfkey_proto(proto)
582 	u_int proto;
583 {
584 	switch (proto) {
585 	case IPSECDOI_PROTO_IPSEC_AH:
586 		return SADB_SATYPE_AH;
587 	case IPSECDOI_PROTO_IPSEC_ESP:
588 		return SADB_SATYPE_ESP;
589 	case IPSECDOI_PROTO_IPCOMP:
590 		return SADB_X_SATYPE_IPCOMP;
591 
592 	default:
593 		plog(LLV_ERROR, LOCATION, NULL,
594 			"Invalid ipsec_doi proto: %u\n", proto);
595 		return ~0;
596 	}
597 	/*NOTREACHED*/
598 }
599 
600 static u_int
ipsecdoi2pfkey_alg(algclass,type)601 ipsecdoi2pfkey_alg(algclass, type)
602 	u_int algclass, type;
603 {
604 	switch (algclass) {
605 	case IPSECDOI_ATTR_AUTH:
606 		return ipsecdoi2pfkey_aalg(type);
607 	case IPSECDOI_PROTO_IPSEC_ESP:
608 		return ipsecdoi2pfkey_ealg(type);
609 	case IPSECDOI_PROTO_IPCOMP:
610 		return ipsecdoi2pfkey_calg(type);
611 	default:
612 		plog(LLV_ERROR, LOCATION, NULL,
613 			"Invalid ipsec_doi algclass: %u\n", algclass);
614 		return ~0;
615 	}
616 	/*NOTREACHED*/
617 }
618 
619 /* SADB_SATYPE -> IPSECDOI_PROTO */
620 u_int
pfkey2ipsecdoi_proto(satype)621 pfkey2ipsecdoi_proto(satype)
622 	u_int satype;
623 {
624 	switch (satype) {
625 	case SADB_SATYPE_AH:
626 		return IPSECDOI_PROTO_IPSEC_AH;
627 	case SADB_SATYPE_ESP:
628 		return IPSECDOI_PROTO_IPSEC_ESP;
629 	case SADB_X_SATYPE_IPCOMP:
630 		return IPSECDOI_PROTO_IPCOMP;
631 
632 	default:
633 		plog(LLV_ERROR, LOCATION, NULL,
634 			"Invalid pfkey proto: %u\n", satype);
635 		return ~0;
636 	}
637 	/*NOTREACHED*/
638 }
639 
640 /* IPSECDOI_ATTR_ENC_MODE -> IPSEC_MODE */
641 u_int
ipsecdoi2pfkey_mode(mode)642 ipsecdoi2pfkey_mode(mode)
643 	u_int mode;
644 {
645 	switch (mode) {
646 	case IPSECDOI_ATTR_ENC_MODE_TUNNEL:
647 #ifdef ENABLE_NATT
648 	case IPSECDOI_ATTR_ENC_MODE_UDPTUNNEL_RFC:
649 	case IPSECDOI_ATTR_ENC_MODE_UDPTUNNEL_DRAFT:
650 #endif
651 		return IPSEC_MODE_TUNNEL;
652 	case IPSECDOI_ATTR_ENC_MODE_TRNS:
653 #ifdef ENABLE_NATT
654 	case IPSECDOI_ATTR_ENC_MODE_UDPTRNS_RFC:
655 	case IPSECDOI_ATTR_ENC_MODE_UDPTRNS_DRAFT:
656 #endif
657 		return IPSEC_MODE_TRANSPORT;
658 	default:
659 		plog(LLV_ERROR, LOCATION, NULL, "Invalid mode type: %u\n", mode);
660 		return ~0;
661 	}
662 	/*NOTREACHED*/
663 }
664 
665 /* IPSECDOI_ATTR_ENC_MODE -> IPSEC_MODE */
666 u_int
pfkey2ipsecdoi_mode(mode)667 pfkey2ipsecdoi_mode(mode)
668 	u_int mode;
669 {
670 	switch (mode) {
671 	case IPSEC_MODE_TUNNEL:
672 		return IPSECDOI_ATTR_ENC_MODE_TUNNEL;
673 	case IPSEC_MODE_TRANSPORT:
674 		return IPSECDOI_ATTR_ENC_MODE_TRNS;
675 	case IPSEC_MODE_ANY:
676 		return IPSECDOI_ATTR_ENC_MODE_ANY;
677 	default:
678 		plog(LLV_ERROR, LOCATION, NULL, "Invalid mode type: %u\n", mode);
679 		return ~0;
680 	}
681 	/*NOTREACHED*/
682 }
683 
684 /* default key length for encryption algorithm */
685 static u_int
keylen_aalg(hashtype)686 keylen_aalg(hashtype)
687 	u_int hashtype;
688 {
689 	int res;
690 
691 	if (hashtype == 0)
692 		return SADB_AALG_NONE;
693 
694 	res = alg_ipsec_hmacdef_hashlen(hashtype);
695 	if (res == -1) {
696 		plog(LLV_ERROR, LOCATION, NULL,
697 			"invalid hmac algorithm %u.\n", hashtype);
698 		return ~0;
699 	}
700 	return res;
701 }
702 
703 /* default key length for encryption algorithm */
704 static u_int
keylen_ealg(enctype,encklen)705 keylen_ealg(enctype, encklen)
706 	u_int enctype;
707 	int encklen;
708 {
709 	int res;
710 
711 	res = alg_ipsec_encdef_keylen(enctype, encklen);
712 	if (res == -1) {
713 		plog(LLV_ERROR, LOCATION, NULL,
714 			"invalid encryption algorithm %u.\n", enctype);
715 		return ~0;
716 	}
717 	return res;
718 }
719 
720 int
pfkey_convertfromipsecdoi(proto_id,t_id,hashtype,e_type,e_keylen,a_type,a_keylen,flags)721 pfkey_convertfromipsecdoi(proto_id, t_id, hashtype,
722 		e_type, e_keylen, a_type, a_keylen, flags)
723 	u_int proto_id;
724 	u_int t_id;
725 	u_int hashtype;
726 	u_int *e_type;
727 	u_int *e_keylen;
728 	u_int *a_type;
729 	u_int *a_keylen;
730 	u_int *flags;
731 {
732 	*flags = 0;
733 	switch (proto_id) {
734 	case IPSECDOI_PROTO_IPSEC_ESP:
735 		if ((*e_type = ipsecdoi2pfkey_ealg(t_id)) == ~0)
736 			goto bad;
737 		if ((*e_keylen = keylen_ealg(t_id, *e_keylen)) == ~0)
738 			goto bad;
739 		*e_keylen >>= 3;
740 
741 		if ((*a_type = ipsecdoi2pfkey_aalg(hashtype)) == ~0)
742 			goto bad;
743 		if ((*a_keylen = keylen_aalg(hashtype)) == ~0)
744 			goto bad;
745 		*a_keylen >>= 3;
746 
747 		if (*e_type == SADB_EALG_NONE) {
748 			plog(LLV_ERROR, LOCATION, NULL, "no ESP algorithm.\n");
749 			goto bad;
750 		}
751 		break;
752 
753 	case IPSECDOI_PROTO_IPSEC_AH:
754 		if ((*a_type = ipsecdoi2pfkey_aalg(hashtype)) == ~0)
755 			goto bad;
756 		if ((*a_keylen = keylen_aalg(hashtype)) == ~0)
757 			goto bad;
758 		*a_keylen >>= 3;
759 
760 		if (t_id == IPSECDOI_ATTR_AUTH_HMAC_MD5
761 		 && hashtype == IPSECDOI_ATTR_AUTH_KPDK) {
762 			/* AH_MD5 + Auth(KPDK) = RFC1826 keyed-MD5 */
763 			*a_type = SADB_X_AALG_MD5;
764 			*flags |= SADB_X_EXT_OLD;
765 		}
766 		*e_type = SADB_EALG_NONE;
767 		*e_keylen = 0;
768 		if (*a_type == SADB_AALG_NONE) {
769 			plog(LLV_ERROR, LOCATION, NULL, "no AH algorithm.\n");
770 			goto bad;
771 		}
772 		break;
773 
774 	case IPSECDOI_PROTO_IPCOMP:
775 		if ((*e_type = ipsecdoi2pfkey_calg(t_id)) == ~0)
776 			goto bad;
777 		*e_keylen = 0;
778 
779 		*flags = SADB_X_EXT_RAWCPI;
780 
781 		*a_type = SADB_AALG_NONE;
782 		*a_keylen = 0;
783 		if (*e_type == SADB_X_CALG_NONE) {
784 			plog(LLV_ERROR, LOCATION, NULL, "no IPCOMP algorithm.\n");
785 			goto bad;
786 		}
787 		break;
788 
789 	default:
790 		plog(LLV_ERROR, LOCATION, NULL, "unknown IPsec protocol.\n");
791 		goto bad;
792 	}
793 
794 	return 0;
795 
796     bad:
797 	errno = EINVAL;
798 	return -1;
799 }
800 
801 /* called from scheduler */
802 void
pfkey_timeover_stub(p)803 pfkey_timeover_stub(p)
804 	void *p;
805 {
806 
807 	pfkey_timeover((struct ph2handle *)p);
808 }
809 
810 void
pfkey_timeover(iph2)811 pfkey_timeover(iph2)
812 	struct ph2handle *iph2;
813 {
814 	plog(LLV_ERROR, LOCATION, NULL,
815 		"%s give up to get IPsec-SA due to time up to wait.\n",
816 		saddrwop2str(iph2->dst));
817 	SCHED_KILL(iph2->sce);
818 
819 	/* If initiator side, send error to kernel by SADB_ACQUIRE. */
820 	if (iph2->side == INITIATOR)
821 		pk_sendeacquire(iph2);
822 
823 	unbindph12(iph2);
824 	remph2(iph2);
825 	delph2(iph2);
826 
827 	return;
828 }
829 
830 /*%%%*/
831 /* send getspi message per ipsec protocol per remote address */
832 /*
833  * the local address and remote address in ph1handle are dealed
834  * with destination address and source address respectively.
835  * Because SPI is decided by responder.
836  */
837 int
pk_sendgetspi(iph2)838 pk_sendgetspi(iph2)
839 	struct ph2handle *iph2;
840 {
841 	struct sockaddr *src = NULL, *dst = NULL;
842 	u_int satype, mode;
843 	struct saprop *pp;
844 	struct saproto *pr;
845 	u_int32_t minspi, maxspi;
846 	int proxy = 0;
847 
848 	if (iph2->side == INITIATOR) {
849 		pp = iph2->proposal;
850 		proxy = iph2->ph1->rmconf->support_proxy;
851 	} else {
852 		pp = iph2->approval;
853 		if (iph2->sainfo && iph2->sainfo->id_i)
854 			proxy = 1;
855 	}
856 
857 	/* for mobile IPv6 */
858 	if (proxy && iph2->src_id && iph2->dst_id &&
859 	    ipsecdoi_transportmode(pp)) {
860 		src = iph2->src_id;
861 		dst = iph2->dst_id;
862 	} else {
863 		src = iph2->src;
864 		dst = iph2->dst;
865 	}
866 
867 	for (pr = pp->head; pr != NULL; pr = pr->next) {
868 
869 		/* validity check */
870 		satype = ipsecdoi2pfkey_proto(pr->proto_id);
871 		if (satype == ~0) {
872 			plog(LLV_ERROR, LOCATION, NULL,
873 				"invalid proto_id %d\n", pr->proto_id);
874 			return -1;
875 		}
876 		/* this works around a bug in Linux kernel where it allocates 4 byte
877 		   spi's for IPCOMP */
878 		else if (satype == SADB_X_SATYPE_IPCOMP) {
879 			minspi = 0x100;
880 			maxspi = 0xffff;
881 		}
882 		else {
883 			minspi = 0;
884 			maxspi = 0;
885 		}
886 		mode = ipsecdoi2pfkey_mode(pr->encmode);
887 		if (mode == ~0) {
888 			plog(LLV_ERROR, LOCATION, NULL,
889 				"invalid encmode %d\n", pr->encmode);
890 			return -1;
891 		}
892 
893 #ifdef ENABLE_NATT
894 		/* XXX should we do a copy of src/dst for each pr ?
895 		 */
896 		if (! pr->udp_encap) {
897 			/* Remove port information, that SA doesn't use it */
898 			set_port(src, 0);
899 			set_port(dst, 0);
900 		}
901 #endif
902 		plog(LLV_DEBUG, LOCATION, NULL, "call pfkey_send_getspi\n");
903 		if (pfkey_send_getspi(
904 				lcconf->sock_pfkey,
905 				satype,
906 				mode,
907 				dst,			/* src of SA */
908 				src,			/* dst of SA */
909 				minspi, maxspi,
910 				pr->reqid_in, iph2->seq) < 0) {
911 			plog(LLV_ERROR, LOCATION, NULL,
912 				"ipseclib failed send getspi (%s)\n",
913 				ipsec_strerror());
914 			return -1;
915 		}
916 		plog(LLV_DEBUG, LOCATION, NULL,
917 			"pfkey GETSPI sent: %s\n",
918 			sadbsecas2str(dst, src, satype, 0, mode));
919 	}
920 
921 	return 0;
922 }
923 
924 /*
925  * receive GETSPI from kernel.
926  */
927 static int
pk_recvgetspi(mhp)928 pk_recvgetspi(mhp)
929 	caddr_t *mhp;
930 {
931 	struct sadb_msg *msg;
932 	struct sadb_sa *sa;
933 	struct ph2handle *iph2;
934 	struct sockaddr *dst;
935 	int proto_id;
936 	int allspiok, notfound;
937 	struct saprop *pp;
938 	struct saproto *pr;
939 
940 	/* validity check */
941 	if (mhp[SADB_EXT_SA] == NULL
942 	 || mhp[SADB_EXT_ADDRESS_DST] == NULL) {
943 		plog(LLV_ERROR, LOCATION, NULL,
944 			"inappropriate sadb getspi message passed.\n");
945 		return -1;
946 	}
947 	msg = (struct sadb_msg *)mhp[0];
948 	sa = (struct sadb_sa *)mhp[SADB_EXT_SA];
949 	dst = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_SRC]); /* note SA dir */
950 
951 	/* the message has to be processed or not ? */
952 	if (msg->sadb_msg_pid != getpid()) {
953 		plog(LLV_DEBUG, LOCATION, NULL,
954 			"%s message is not interesting "
955 			"because pid %d is not mine.\n",
956 			s_pfkey_type(msg->sadb_msg_type),
957 			msg->sadb_msg_pid);
958 		return -1;
959 	}
960 
961 	iph2 = getph2byseq(msg->sadb_msg_seq);
962 	if (iph2 == NULL) {
963 		plog(LLV_DEBUG, LOCATION, NULL,
964 			"seq %d of %s message not interesting.\n",
965 			msg->sadb_msg_seq,
966 			s_pfkey_type(msg->sadb_msg_type));
967 		return -1;
968 	}
969 
970 	if (iph2->status != PHASE2ST_GETSPISENT) {
971 		plog(LLV_ERROR, LOCATION, NULL,
972 			"status mismatch (db:%d msg:%d)\n",
973 			iph2->status, PHASE2ST_GETSPISENT);
974 		return -1;
975 	}
976 
977 	/* set SPI, and check to get all spi whether or not */
978 	allspiok = 1;
979 	notfound = 1;
980 	proto_id = pfkey2ipsecdoi_proto(msg->sadb_msg_satype);
981 	pp = iph2->side == INITIATOR ? iph2->proposal : iph2->approval;
982 
983 	for (pr = pp->head; pr != NULL; pr = pr->next) {
984 		if (pr->proto_id == proto_id && pr->spi == 0) {
985 			pr->spi = sa->sadb_sa_spi;
986 			notfound = 0;
987 			plog(LLV_DEBUG, LOCATION, NULL,
988 				"pfkey GETSPI succeeded: %s\n",
989 				sadbsecas2str(iph2->dst, iph2->src,
990 				    msg->sadb_msg_satype,
991 				    sa->sadb_sa_spi,
992 				    ipsecdoi2pfkey_mode(pr->encmode)));
993 		}
994 		if (pr->spi == 0)
995 			allspiok = 0;	/* not get all spi */
996 	}
997 
998 	if (notfound) {
999 		plog(LLV_ERROR, LOCATION, NULL,
1000 			"get spi for unknown address %s\n",
1001 			saddrwop2str(iph2->dst));
1002 		return -1;
1003 	}
1004 
1005 	if (allspiok) {
1006 		/* update status */
1007 		iph2->status = PHASE2ST_GETSPIDONE;
1008 		if (isakmp_post_getspi(iph2) < 0) {
1009 			plog(LLV_ERROR, LOCATION, NULL,
1010 				"failed to start post getspi.\n");
1011 			unbindph12(iph2);
1012 			remph2(iph2);
1013 			delph2(iph2);
1014 			iph2 = NULL;
1015 			return -1;
1016 		}
1017 	}
1018 
1019 	return 0;
1020 }
1021 
1022 /*
1023  * set inbound SA
1024  */
1025 int
pk_sendupdate(iph2)1026 pk_sendupdate(iph2)
1027 	struct ph2handle *iph2;
1028 {
1029 	struct saproto *pr;
1030 	struct pfkey_send_sa_args sa_args;
1031 	int proxy = 0;
1032 
1033 	/* sanity check */
1034 	if (iph2->approval == NULL) {
1035 		plog(LLV_ERROR, LOCATION, NULL,
1036 			"no approvaled SAs found.\n");
1037 	}
1038 
1039 	if (iph2->side == INITIATOR)
1040 		proxy = iph2->ph1->rmconf->support_proxy;
1041 	else if (iph2->sainfo && iph2->sainfo->id_i)
1042 		proxy = 1;
1043 
1044 	/* fill in some needed for pfkey_send_update2 */
1045 	memset (&sa_args, 0, sizeof (sa_args));
1046 	sa_args.so = lcconf->sock_pfkey;
1047 	sa_args.l_addtime = iph2->approval->lifetime;
1048 	sa_args.seq = iph2->seq;
1049 	sa_args.wsize = 4;
1050 
1051 	/* for mobile IPv6 */
1052 	if (proxy && iph2->src_id && iph2->dst_id &&
1053 	    ipsecdoi_transportmode(iph2->approval)) {
1054 		sa_args.dst = iph2->src_id;
1055 		sa_args.src = iph2->dst_id;
1056 	} else {
1057 		sa_args.dst = iph2->src;
1058 		sa_args.src = iph2->dst;
1059 	}
1060 
1061 	for (pr = iph2->approval->head; pr != NULL; pr = pr->next) {
1062 		/* validity check */
1063 		sa_args.satype = ipsecdoi2pfkey_proto(pr->proto_id);
1064 		if (sa_args.satype == ~0) {
1065 			plog(LLV_ERROR, LOCATION, NULL,
1066 				"invalid proto_id %d\n", pr->proto_id);
1067 			return -1;
1068 		}
1069 		else if (sa_args.satype == SADB_X_SATYPE_IPCOMP) {
1070 			/* IPCOMP has no replay window */
1071 			sa_args.wsize = 0;
1072 		}
1073 #ifdef ENABLE_SAMODE_UNSPECIFIED
1074 		sa_args.mode = IPSEC_MODE_ANY;
1075 #else
1076 		sa_args.mode = ipsecdoi2pfkey_mode(pr->encmode);
1077 		if (sa_args.mode == ~0) {
1078 			plog(LLV_ERROR, LOCATION, NULL,
1079 				"invalid encmode %d\n", pr->encmode);
1080 			return -1;
1081 		}
1082 #endif
1083 		/* set algorithm type and key length */
1084 		sa_args.e_keylen = pr->head->encklen;
1085 		if (pfkey_convertfromipsecdoi(
1086 				pr->proto_id,
1087 				pr->head->trns_id,
1088 				pr->head->authtype,
1089 				&sa_args.e_type, &sa_args.e_keylen,
1090 				&sa_args.a_type, &sa_args.a_keylen,
1091 				&sa_args.flags) < 0)
1092 			return -1;
1093 
1094 #if 0
1095 		sa_args.l_bytes = iph2->approval->lifebyte * 1024,
1096 #else
1097 		sa_args.l_bytes = 0;
1098 #endif
1099 
1100 #ifdef HAVE_SECCTX
1101 		if (*iph2->approval->sctx.ctx_str) {
1102 			sa_args.ctxdoi = iph2->approval->sctx.ctx_doi;
1103 			sa_args.ctxalg = iph2->approval->sctx.ctx_alg;
1104 			sa_args.ctxstrlen = iph2->approval->sctx.ctx_strlen;
1105 			sa_args.ctxstr = iph2->approval->sctx.ctx_str;
1106 		}
1107 #endif /* HAVE_SECCTX */
1108 
1109 #ifdef ENABLE_NATT
1110 		if (pr->udp_encap) {
1111 			sa_args.l_natt_type = iph2->ph1->natt_options->encaps_type;
1112 			sa_args.l_natt_sport = extract_port (iph2->ph1->remote);
1113 			sa_args.l_natt_dport = extract_port (iph2->ph1->local);
1114 			sa_args.l_natt_oa = NULL;  // FIXME: Here comes OA!!!
1115 #ifdef SADB_X_EXT_NAT_T_FRAG
1116 			sa_args.l_natt_frag = iph2->ph1->rmconf->esp_frag;
1117 #endif
1118 		} else {
1119 			/* Remove port information, that SA doesn't use it */
1120 			set_port(sa_args.src, 0);
1121 			set_port(sa_args.dst, 0);
1122 		}
1123 
1124 #endif
1125 		/* more info to fill in */
1126 		sa_args.spi = pr->spi;
1127 		sa_args.reqid = pr->reqid_in;
1128 		sa_args.keymat = pr->keymat->v;
1129 
1130 		plog(LLV_DEBUG, LOCATION, NULL, "call pfkey_send_update2\n");
1131 		if (pfkey_send_update2(&sa_args) < 0) {
1132 			plog(LLV_ERROR, LOCATION, NULL,
1133 				"libipsec failed send update (%s)\n",
1134 				ipsec_strerror());
1135 			return -1;
1136 		}
1137 
1138 #ifndef ANDROID_PATCHED
1139 		if (!lcconf->pathinfo[LC_PATHTYPE_BACKUPSA])
1140 			continue;
1141 
1142 		/*
1143 		 * It maybe good idea to call backupsa_to_file() after
1144 		 * racoon will receive the sadb_update messages.
1145 		 * But it is impossible because there is not key in the
1146 		 * information from the kernel.
1147 		 */
1148 
1149 		/* change some things before backing up */
1150 		sa_args.wsize = 4;
1151 		sa_args.l_bytes = iph2->approval->lifebyte * 1024;
1152 
1153 		if (backupsa_to_file(&sa_args) < 0) {
1154 			plog(LLV_ERROR, LOCATION, NULL,
1155 				"backuped SA failed: %s\n",
1156 				sadbsecas2str(sa_args.src, sa_args.dst,
1157 				sa_args.satype, sa_args.spi, sa_args.mode));
1158 		}
1159 		plog(LLV_DEBUG, LOCATION, NULL,
1160 			"backuped SA: %s\n",
1161 			sadbsecas2str(sa_args.src, sa_args.dst,
1162 			sa_args.satype, sa_args.spi, sa_args.mode));
1163 #endif
1164 	}
1165 
1166 	return 0;
1167 }
1168 
1169 static int
pk_recvupdate(mhp)1170 pk_recvupdate(mhp)
1171 	caddr_t *mhp;
1172 {
1173 	struct sadb_msg *msg;
1174 	struct sadb_sa *sa;
1175 	struct sockaddr *src, *dst;
1176 	struct ph2handle *iph2;
1177 	u_int proto_id, encmode, sa_mode;
1178 	int incomplete = 0;
1179 	struct saproto *pr;
1180 
1181 	/* ignore this message because of local test mode. */
1182 	if (f_local)
1183 		return 0;
1184 
1185 	/* sanity check */
1186 	if (mhp[0] == NULL
1187 	 || mhp[SADB_EXT_SA] == NULL
1188 	 || mhp[SADB_EXT_ADDRESS_SRC] == NULL
1189 	 || mhp[SADB_EXT_ADDRESS_DST] == NULL) {
1190 		plog(LLV_ERROR, LOCATION, NULL,
1191 			"inappropriate sadb update message passed.\n");
1192 		return -1;
1193 	}
1194 	msg = (struct sadb_msg *)mhp[0];
1195 	src = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_SRC]);
1196 	dst = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_DST]);
1197 	sa = (struct sadb_sa *)mhp[SADB_EXT_SA];
1198 
1199 	sa_mode = mhp[SADB_X_EXT_SA2] == NULL
1200 		? IPSEC_MODE_ANY
1201 		: ((struct sadb_x_sa2 *)mhp[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
1202 
1203 	/* the message has to be processed or not ? */
1204 	if (msg->sadb_msg_pid != getpid()) {
1205 		plog(LLV_DEBUG, LOCATION, NULL,
1206 			"%s message is not interesting "
1207 			"because pid %d is not mine.\n",
1208 			s_pfkey_type(msg->sadb_msg_type),
1209 			msg->sadb_msg_pid);
1210 		return -1;
1211 	}
1212 
1213 	iph2 = getph2byseq(msg->sadb_msg_seq);
1214 	if (iph2 == NULL) {
1215 		plog(LLV_DEBUG, LOCATION, NULL,
1216 			"seq %d of %s message not interesting.\n",
1217 			msg->sadb_msg_seq,
1218 			s_pfkey_type(msg->sadb_msg_type));
1219 		return -1;
1220 	}
1221 
1222 	if (iph2->status != PHASE2ST_ADDSA) {
1223 		plog(LLV_ERROR, LOCATION, NULL,
1224 			"status mismatch (db:%d msg:%d)\n",
1225 			iph2->status, PHASE2ST_ADDSA);
1226 		return -1;
1227 	}
1228 
1229 	/* check to complete all keys ? */
1230 	for (pr = iph2->approval->head; pr != NULL; pr = pr->next) {
1231 		proto_id = pfkey2ipsecdoi_proto(msg->sadb_msg_satype);
1232 		if (proto_id == ~0) {
1233 			plog(LLV_ERROR, LOCATION, NULL,
1234 				"invalid proto_id %d\n", msg->sadb_msg_satype);
1235 			return -1;
1236 		}
1237 		encmode = pfkey2ipsecdoi_mode(sa_mode);
1238 		if (encmode == ~0) {
1239 			plog(LLV_ERROR, LOCATION, NULL,
1240 				"invalid encmode %d\n", sa_mode);
1241 			return -1;
1242 		}
1243 
1244 		if (pr->proto_id == proto_id
1245 		 && pr->spi == sa->sadb_sa_spi) {
1246 			pr->ok = 1;
1247 			plog(LLV_DEBUG, LOCATION, NULL,
1248 				"pfkey UPDATE succeeded: %s\n",
1249 				sadbsecas2str(iph2->dst, iph2->src,
1250 				    msg->sadb_msg_satype,
1251 				    sa->sadb_sa_spi,
1252 				    sa_mode));
1253 
1254 			plog(LLV_INFO, LOCATION, NULL,
1255 				"IPsec-SA established: %s\n",
1256 				sadbsecas2str(iph2->dst, iph2->src,
1257 					msg->sadb_msg_satype, sa->sadb_sa_spi,
1258 					sa_mode));
1259 		}
1260 
1261 		if (pr->ok == 0)
1262 			incomplete = 1;
1263 	}
1264 
1265 	if (incomplete)
1266 		return 0;
1267 
1268 	/* turn off the timer for calling pfkey_timeover() */
1269 	SCHED_KILL(iph2->sce);
1270 
1271 	/* update status */
1272 	iph2->status = PHASE2ST_ESTABLISHED;
1273 
1274 #ifdef ENABLE_STATS
1275 	gettimeofday(&iph2->end, NULL);
1276 	syslog(LOG_NOTICE, "%s(%s): %8.6f",
1277 		"phase2", "quick", timedelta(&iph2->start, &iph2->end));
1278 #endif
1279 
1280 	/* count up */
1281 	iph2->ph1->ph2cnt++;
1282 
1283 	/* turn off schedule */
1284 	SCHED_KILL(iph2->scr);
1285 
1286 	/* Force the update of ph2's ports, as there is at least one
1287 	 * situation where they'll mismatch with ph1's values
1288 	 */
1289 
1290 #ifdef ENABLE_NATT
1291 	set_port(iph2->src, extract_port(iph2->ph1->local));
1292 	set_port(iph2->dst, extract_port(iph2->ph1->remote));
1293 #endif
1294 
1295 	/*
1296 	 * since we are going to reuse the phase2 handler, we need to
1297 	 * remain it and refresh all the references between ph1 and ph2 to use.
1298 	 */
1299 	unbindph12(iph2);
1300 
1301 	iph2->sce = sched_new(iph2->approval->lifetime,
1302 	    isakmp_ph2expire_stub, iph2);
1303 
1304 	plog(LLV_DEBUG, LOCATION, NULL, "===\n");
1305 	return 0;
1306 }
1307 
1308 /*
1309  * set outbound SA
1310  */
1311 int
pk_sendadd(iph2)1312 pk_sendadd(iph2)
1313 	struct ph2handle *iph2;
1314 {
1315 	struct saproto *pr;
1316 	int proxy = 0;
1317 	struct pfkey_send_sa_args sa_args;
1318 
1319 	/* sanity check */
1320 	if (iph2->approval == NULL) {
1321 		plog(LLV_ERROR, LOCATION, NULL,
1322 			"no approvaled SAs found.\n");
1323 		return -1;
1324 	}
1325 
1326 	if (iph2->side == INITIATOR)
1327 		proxy = iph2->ph1->rmconf->support_proxy;
1328 	else if (iph2->sainfo && iph2->sainfo->id_i)
1329 		proxy = 1;
1330 
1331 	/* fill in some needed for pfkey_send_update2 */
1332 	memset (&sa_args, 0, sizeof (sa_args));
1333 	sa_args.so = lcconf->sock_pfkey;
1334 	sa_args.l_addtime = iph2->approval->lifetime;
1335 	sa_args.seq = iph2->seq;
1336 	sa_args.wsize = 4;
1337 
1338 	/* for mobile IPv6 */
1339 	if (proxy && iph2->src_id && iph2->dst_id &&
1340 	    ipsecdoi_transportmode(iph2->approval)) {
1341 		sa_args.src = iph2->src_id;
1342 		sa_args.dst = iph2->dst_id;
1343 	} else {
1344 		sa_args.src = iph2->src;
1345 		sa_args.dst = iph2->dst;
1346 	}
1347 
1348 	for (pr = iph2->approval->head; pr != NULL; pr = pr->next) {
1349 		/* validity check */
1350 		sa_args.satype = ipsecdoi2pfkey_proto(pr->proto_id);
1351 		if (sa_args.satype == ~0) {
1352 			plog(LLV_ERROR, LOCATION, NULL,
1353 				"invalid proto_id %d\n", pr->proto_id);
1354 			return -1;
1355 		}
1356 		else if (sa_args.satype == SADB_X_SATYPE_IPCOMP) {
1357 			/* no replay window for IPCOMP */
1358 			sa_args.wsize = 0;
1359 		}
1360 #ifdef ENABLE_SAMODE_UNSPECIFIED
1361 		sa_args.mode = IPSEC_MODE_ANY;
1362 #else
1363 		sa_args.mode = ipsecdoi2pfkey_mode(pr->encmode);
1364 		if (sa_args.mode == ~0) {
1365 			plog(LLV_ERROR, LOCATION, NULL,
1366 				"invalid encmode %d\n", pr->encmode);
1367 			return -1;
1368 		}
1369 #endif
1370 
1371 		/* set algorithm type and key length */
1372 		sa_args.e_keylen = pr->head->encklen;
1373 		if (pfkey_convertfromipsecdoi(
1374 				pr->proto_id,
1375 				pr->head->trns_id,
1376 				pr->head->authtype,
1377 				&sa_args.e_type, &sa_args.e_keylen,
1378 				&sa_args.a_type, &sa_args.a_keylen,
1379 				&sa_args.flags) < 0)
1380 			return -1;
1381 
1382 #if 0
1383 		sa_args.l_bytes = iph2->approval->lifebyte * 1024,
1384 #else
1385 		sa_args.l_bytes = 0;
1386 #endif
1387 
1388 #ifdef HAVE_SECCTX
1389 		if (*iph2->approval->sctx.ctx_str) {
1390 			sa_args.ctxdoi = iph2->approval->sctx.ctx_doi;
1391 			sa_args.ctxalg = iph2->approval->sctx.ctx_alg;
1392 			sa_args.ctxstrlen = iph2->approval->sctx.ctx_strlen;
1393 			sa_args.ctxstr = iph2->approval->sctx.ctx_str;
1394 		}
1395 #endif /* HAVE_SECCTX */
1396 
1397 #ifdef ENABLE_NATT
1398 		plog(LLV_DEBUG, LOCATION, NULL, "call pfkey_send_add2 "
1399 		    "(NAT flavor)\n");
1400 
1401 		if (pr->udp_encap) {
1402 			sa_args.l_natt_type = UDP_ENCAP_ESPINUDP;
1403 			sa_args.l_natt_sport = extract_port(iph2->ph1->local);
1404 			sa_args.l_natt_dport = extract_port(iph2->ph1->remote);
1405 			sa_args.l_natt_oa = NULL; // FIXME: Here comes OA!!!
1406 #ifdef SADB_X_EXT_NAT_T_FRAG
1407 			sa_args.l_natt_frag = iph2->ph1->rmconf->esp_frag;
1408 #endif
1409 		} else {
1410 			/* Remove port information, that SA doesn't use it */
1411 			set_port(sa_args.src, 0);
1412 			set_port(sa_args.dst, 0);
1413 		}
1414 
1415 #else
1416 		/* Remove port information, it is not used without NAT-T */
1417 		set_port(sa_args.src, 0);
1418 		set_port(sa_args.dst, 0);
1419 #endif
1420 
1421 		/* more info to fill in */
1422 		sa_args.spi = pr->spi_p;
1423 		sa_args.reqid = pr->reqid_out;
1424 		sa_args.keymat = pr->keymat_p->v;
1425 
1426 		plog(LLV_DEBUG, LOCATION, NULL, "call pfkey_send_add2\n");
1427 		if (pfkey_send_add2(&sa_args) < 0) {
1428 			plog(LLV_ERROR, LOCATION, NULL,
1429 				"libipsec failed send add (%s)\n",
1430 				ipsec_strerror());
1431 			return -1;
1432 		}
1433 
1434 #ifndef ANDROID_PATCHED
1435 		if (!lcconf->pathinfo[LC_PATHTYPE_BACKUPSA])
1436 			continue;
1437 
1438 		/*
1439 		 * It maybe good idea to call backupsa_to_file() after
1440 		 * racoon will receive the sadb_update messages.
1441 		 * But it is impossible because there is not key in the
1442 		 * information from the kernel.
1443 		 */
1444 		if (backupsa_to_file(&sa_args) < 0) {
1445 			plog(LLV_ERROR, LOCATION, NULL,
1446 				"backuped SA failed: %s\n",
1447 				sadbsecas2str(sa_args.src, sa_args.dst,
1448 				sa_args.satype, sa_args.spi, sa_args.mode));
1449 		}
1450 		plog(LLV_DEBUG, LOCATION, NULL,
1451 			"backuped SA: %s\n",
1452 			sadbsecas2str(sa_args.src, sa_args.dst,
1453 			sa_args.satype, sa_args.spi, sa_args.mode));
1454 #endif
1455 	}
1456 	return 0;
1457 }
1458 
1459 static int
pk_recvadd(mhp)1460 pk_recvadd(mhp)
1461 	caddr_t *mhp;
1462 {
1463 	struct sadb_msg *msg;
1464 	struct sadb_sa *sa;
1465 	struct sockaddr *src, *dst;
1466 	struct ph2handle *iph2;
1467 	u_int sa_mode;
1468 
1469 	/* ignore this message because of local test mode. */
1470 	if (f_local)
1471 		return 0;
1472 
1473 	/* sanity check */
1474 	if (mhp[0] == NULL
1475 	 || mhp[SADB_EXT_SA] == NULL
1476 	 || mhp[SADB_EXT_ADDRESS_SRC] == NULL
1477 	 || mhp[SADB_EXT_ADDRESS_DST] == NULL) {
1478 		plog(LLV_ERROR, LOCATION, NULL,
1479 			"inappropriate sadb add message passed.\n");
1480 		return -1;
1481 	}
1482 	msg = (struct sadb_msg *)mhp[0];
1483 	src = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_SRC]);
1484 	dst = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_DST]);
1485 	sa = (struct sadb_sa *)mhp[SADB_EXT_SA];
1486 
1487 	sa_mode = mhp[SADB_X_EXT_SA2] == NULL
1488 		? IPSEC_MODE_ANY
1489 		: ((struct sadb_x_sa2 *)mhp[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
1490 
1491 	/* the message has to be processed or not ? */
1492 	if (msg->sadb_msg_pid != getpid()) {
1493 		plog(LLV_DEBUG, LOCATION, NULL,
1494 			"%s message is not interesting "
1495 			"because pid %d is not mine.\n",
1496 			s_pfkey_type(msg->sadb_msg_type),
1497 			msg->sadb_msg_pid);
1498 		return -1;
1499 	}
1500 
1501 	iph2 = getph2byseq(msg->sadb_msg_seq);
1502 	if (iph2 == NULL) {
1503 		plog(LLV_DEBUG, LOCATION, NULL,
1504 			"seq %d of %s message not interesting.\n",
1505 			msg->sadb_msg_seq,
1506 			s_pfkey_type(msg->sadb_msg_type));
1507 		return -1;
1508 	}
1509 
1510 	/*
1511 	 * NOTE don't update any status of phase2 handle
1512 	 * because they must be updated by SADB_UPDATE message
1513 	 */
1514 
1515 	plog(LLV_INFO, LOCATION, NULL,
1516 		"IPsec-SA established: %s\n",
1517 		sadbsecas2str(iph2->src, iph2->dst,
1518 			msg->sadb_msg_satype, sa->sadb_sa_spi, sa_mode));
1519 
1520 	plog(LLV_DEBUG, LOCATION, NULL, "===\n");
1521 	return 0;
1522 }
1523 
1524 static int
pk_recvexpire(mhp)1525 pk_recvexpire(mhp)
1526 	caddr_t *mhp;
1527 {
1528 	struct sadb_msg *msg;
1529 	struct sadb_sa *sa;
1530 	struct sockaddr *src, *dst;
1531 	struct ph2handle *iph2;
1532 	u_int proto_id, sa_mode;
1533 
1534 	/* sanity check */
1535 	if (mhp[0] == NULL
1536 	 || mhp[SADB_EXT_SA] == NULL
1537 	 || mhp[SADB_EXT_ADDRESS_SRC] == NULL
1538 	 || mhp[SADB_EXT_ADDRESS_DST] == NULL
1539 	 || (mhp[SADB_EXT_LIFETIME_HARD] != NULL
1540 	  && mhp[SADB_EXT_LIFETIME_SOFT] != NULL)) {
1541 		plog(LLV_ERROR, LOCATION, NULL,
1542 			"inappropriate sadb expire message passed.\n");
1543 		return -1;
1544 	}
1545 	msg = (struct sadb_msg *)mhp[0];
1546 	sa = (struct sadb_sa *)mhp[SADB_EXT_SA];
1547 	src = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_SRC]);
1548 	dst = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_DST]);
1549 
1550 	sa_mode = mhp[SADB_X_EXT_SA2] == NULL
1551 		? IPSEC_MODE_ANY
1552 		: ((struct sadb_x_sa2 *)mhp[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
1553 
1554 	proto_id = pfkey2ipsecdoi_proto(msg->sadb_msg_satype);
1555 	if (proto_id == ~0) {
1556 		plog(LLV_ERROR, LOCATION, NULL,
1557 			"invalid proto_id %d\n", msg->sadb_msg_satype);
1558 		return -1;
1559 	}
1560 
1561 	plog(LLV_INFO, LOCATION, NULL,
1562 		"IPsec-SA expired: %s\n",
1563 		sadbsecas2str(src, dst,
1564 			msg->sadb_msg_satype, sa->sadb_sa_spi, sa_mode));
1565 
1566 	iph2 = getph2bysaidx(src, dst, proto_id, sa->sadb_sa_spi);
1567 	if (iph2 == NULL) {
1568 		/*
1569 		 * Ignore it because two expire messages are come up.
1570 		 * phase2 handler has been deleted already when 2nd message
1571 		 * is received.
1572 		 */
1573 		plog(LLV_DEBUG, LOCATION, NULL,
1574 			"no such a SA found: %s\n",
1575 			sadbsecas2str(src, dst,
1576 			    msg->sadb_msg_satype, sa->sadb_sa_spi,
1577 			    sa_mode));
1578 		return 0;
1579 	}
1580 	if (iph2->status != PHASE2ST_ESTABLISHED) {
1581 		/*
1582 		 * If the status is not equal to PHASE2ST_ESTABLISHED,
1583 		 * racoon ignores this expire message.  There are two reason.
1584 		 * One is that the phase 2 probably starts because there is
1585 		 * a potential that racoon receives the acquire message
1586 		 * without receiving a expire message.  Another is that racoon
1587 		 * may receive the multiple expire messages from the kernel.
1588 		 */
1589 		plog(LLV_WARNING, LOCATION, NULL,
1590 			"the expire message is received "
1591 			"but the handler has not been established.\n");
1592 		return 0;
1593 	}
1594 
1595 	/* turn off the timer for calling isakmp_ph2expire() */
1596 	SCHED_KILL(iph2->sce);
1597 
1598 	iph2->status = PHASE2ST_EXPIRED;
1599 
1600 	/* INITIATOR, begin phase 2 exchange. */
1601 	/* allocate buffer for status management of pfkey message */
1602 	if (iph2->side == INITIATOR) {
1603 
1604 		initph2(iph2);
1605 
1606 		/* update status for re-use */
1607 		iph2->status = PHASE2ST_STATUS2;
1608 
1609 		/* start isakmp initiation by using ident exchange */
1610 		if (isakmp_post_acquire(iph2) < 0) {
1611 			plog(LLV_ERROR, LOCATION, iph2->dst,
1612 				"failed to begin ipsec sa "
1613 				"re-negotication.\n");
1614 			unbindph12(iph2);
1615 			remph2(iph2);
1616 			delph2(iph2);
1617 			return -1;
1618 		}
1619 
1620 		return 0;
1621 		/*NOTREACHED*/
1622 	}
1623 
1624 	/* If not received SADB_EXPIRE, INITIATOR delete ph2handle. */
1625 	/* RESPONDER always delete ph2handle, keep silent.  RESPONDER doesn't
1626 	 * manage IPsec SA, so delete the list */
1627 	unbindph12(iph2);
1628 	remph2(iph2);
1629 	delph2(iph2);
1630 
1631 	return 0;
1632 }
1633 
1634 static int
pk_recvacquire(mhp)1635 pk_recvacquire(mhp)
1636 	caddr_t *mhp;
1637 {
1638 	struct sadb_msg *msg;
1639 	struct sadb_x_policy *xpl;
1640 	struct secpolicy *sp_out = NULL, *sp_in = NULL;
1641 #define MAXNESTEDSA	5	/* XXX */
1642 	struct ph2handle *iph2[MAXNESTEDSA];
1643 	struct sockaddr *src, *dst;
1644 	int n;	/* # of phase 2 handler */
1645 	int remoteid=0;
1646 #ifdef HAVE_SECCTX
1647 	struct sadb_x_sec_ctx *m_sec_ctx;
1648 #endif /* HAVE_SECCTX */
1649 	struct policyindex spidx;
1650 
1651 
1652 	/* ignore this message because of local test mode. */
1653 	if (f_local)
1654 		return 0;
1655 
1656 	/* sanity check */
1657 	if (mhp[0] == NULL
1658 	 || mhp[SADB_EXT_ADDRESS_SRC] == NULL
1659 	 || mhp[SADB_EXT_ADDRESS_DST] == NULL
1660 	 || mhp[SADB_X_EXT_POLICY] == NULL) {
1661 		plog(LLV_ERROR, LOCATION, NULL,
1662 			"inappropriate sadb acquire message passed.\n");
1663 		return -1;
1664 	}
1665 	msg = (struct sadb_msg *)mhp[0];
1666 	xpl = (struct sadb_x_policy *)mhp[SADB_X_EXT_POLICY];
1667 	src = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_SRC]);
1668 	dst = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_DST]);
1669 
1670 #ifdef HAVE_SECCTX
1671 	m_sec_ctx = (struct sadb_x_sec_ctx *)mhp[SADB_X_EXT_SEC_CTX];
1672 
1673 	if (m_sec_ctx != NULL) {
1674 		plog(LLV_INFO, LOCATION, NULL, "security context doi: %u\n",
1675 		     m_sec_ctx->sadb_x_ctx_doi);
1676 		plog(LLV_INFO, LOCATION, NULL,
1677 		     "security context algorithm: %u\n",
1678 		     m_sec_ctx->sadb_x_ctx_alg);
1679 		plog(LLV_INFO, LOCATION, NULL, "security context length: %u\n",
1680 		     m_sec_ctx->sadb_x_ctx_len);
1681 		plog(LLV_INFO, LOCATION, NULL, "security context: %s\n",
1682 		     ((char *)m_sec_ctx + sizeof(struct sadb_x_sec_ctx)));
1683 	}
1684 #endif /* HAVE_SECCTX */
1685 
1686 	/* ignore if type is not IPSEC_POLICY_IPSEC */
1687 	if (xpl->sadb_x_policy_type != IPSEC_POLICY_IPSEC) {
1688 		plog(LLV_DEBUG, LOCATION, NULL,
1689 			"ignore ACQUIRE message. type is not IPsec.\n");
1690 		return 0;
1691 	}
1692 
1693 	/* ignore it if src is multicast address */
1694     {
1695 	struct sockaddr *sa = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_DST]);
1696 
1697 	if ((sa->sa_family == AF_INET
1698 	  && IN_MULTICAST(ntohl(((struct sockaddr_in *)sa)->sin_addr.s_addr)))
1699 #ifdef INET6
1700 	 || (sa->sa_family == AF_INET6
1701 	  && IN6_IS_ADDR_MULTICAST(&((struct sockaddr_in6 *)sa)->sin6_addr))
1702 #endif
1703 	) {
1704 		plog(LLV_DEBUG, LOCATION, NULL,
1705 			"ignore due to multicast address: %s.\n",
1706 			saddrwop2str(sa));
1707 		return 0;
1708 	}
1709     }
1710 
1711     	/* ignore, if we do not listen on source address */
1712 	{
1713 		/* reasons behind:
1714 		 * - if we'll contact peer from address we do not listen -
1715 		 *   we will be unable to complete negotiation;
1716 		 * - if we'll negotiate using address we're listening -
1717 		 *   remote peer will send packets to address different
1718 		 *   than one in the policy, so kernel will drop them;
1719 		 * => therefore this acquire is not for us! --Aidas
1720 		 */
1721 		struct sockaddr *sa = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_SRC]);
1722 		struct myaddrs *p;
1723 		int do_listen = 0;
1724 		for (p = lcconf->myaddrs; p; p = p->next) {
1725 			if (!cmpsaddrwop(p->addr, sa)) {
1726 				do_listen = 1;
1727 				break;
1728 			}
1729 		}
1730 
1731 		if (!do_listen) {
1732 			plog(LLV_DEBUG, LOCATION, NULL,
1733 				"ignore because do not listen on source address : %s.\n",
1734 				saddrwop2str(sa));
1735 			return 0;
1736 		}
1737 	}
1738 
1739 	/*
1740 	 * If there is a phase 2 handler against the policy identifier in
1741 	 * the acquire message, and if
1742 	 *    1. its state is less than PHASE2ST_ESTABLISHED, then racoon
1743 	 *       should ignore such a acquire message because the phase 2
1744 	 *       is just negotiating.
1745 	 *    2. its state is equal to PHASE2ST_ESTABLISHED, then racoon
1746 	 *       has to prcesss such a acquire message because racoon may
1747 	 *       lost the expire message.
1748 	 */
1749 	iph2[0] = getph2byid(src, dst, xpl->sadb_x_policy_id);
1750 	if (iph2[0] != NULL) {
1751 		if (iph2[0]->status < PHASE2ST_ESTABLISHED) {
1752 			plog(LLV_DEBUG, LOCATION, NULL,
1753 				"ignore the acquire because ph2 found\n");
1754 			return -1;
1755 		}
1756 		if (iph2[0]->status == PHASE2ST_EXPIRED)
1757 			iph2[0] = NULL;
1758 		/*FALLTHROUGH*/
1759 	}
1760 
1761 	/* search for proper policyindex */
1762 	sp_out = getspbyspid(xpl->sadb_x_policy_id);
1763 	if (sp_out == NULL) {
1764 		plog(LLV_ERROR, LOCATION, NULL, "no policy found: id:%d.\n",
1765 			xpl->sadb_x_policy_id);
1766 		return -1;
1767 	}
1768 	plog(LLV_DEBUG, LOCATION, NULL,
1769 		"suitable outbound SP found: %s.\n", spidx2str(&sp_out->spidx));
1770 
1771 	/* get inbound policy */
1772     {
1773 
1774 	memset(&spidx, 0, sizeof(spidx));
1775 	spidx.dir = IPSEC_DIR_INBOUND;
1776 	memcpy(&spidx.src, &sp_out->spidx.dst, sizeof(spidx.src));
1777 	memcpy(&spidx.dst, &sp_out->spidx.src, sizeof(spidx.dst));
1778 	spidx.prefs = sp_out->spidx.prefd;
1779 	spidx.prefd = sp_out->spidx.prefs;
1780 	spidx.ul_proto = sp_out->spidx.ul_proto;
1781 
1782 #ifdef HAVE_SECCTX
1783 	if (m_sec_ctx) {
1784 		spidx.sec_ctx.ctx_doi = m_sec_ctx->sadb_x_ctx_doi;
1785 		spidx.sec_ctx.ctx_alg = m_sec_ctx->sadb_x_ctx_alg;
1786 		spidx.sec_ctx.ctx_strlen = m_sec_ctx->sadb_x_ctx_len;
1787 		memcpy(spidx.sec_ctx.ctx_str,
1788 		      ((char *)m_sec_ctx + sizeof(struct sadb_x_sec_ctx)),
1789 		      spidx.sec_ctx.ctx_strlen);
1790 	}
1791 #endif /* HAVE_SECCTX */
1792 
1793 	sp_in = getsp(&spidx);
1794 	if (sp_in) {
1795 		plog(LLV_DEBUG, LOCATION, NULL,
1796 			"suitable inbound SP found: %s.\n",
1797 			spidx2str(&sp_in->spidx));
1798 	} else {
1799 		plog(LLV_NOTIFY, LOCATION, NULL,
1800 			"no in-bound policy found: %s\n",
1801 			spidx2str(&spidx));
1802 	}
1803     }
1804 
1805 	memset(iph2, 0, MAXNESTEDSA);
1806 
1807 	n = 0;
1808 
1809 	/* allocate a phase 2 */
1810 	iph2[n] = newph2();
1811 	if (iph2[n] == NULL) {
1812 		plog(LLV_ERROR, LOCATION, NULL,
1813 			"failed to allocate phase2 entry.\n");
1814 		return -1;
1815 	}
1816 	iph2[n]->side = INITIATOR;
1817 	iph2[n]->spid = xpl->sadb_x_policy_id;
1818 	iph2[n]->satype = msg->sadb_msg_satype;
1819 	iph2[n]->seq = msg->sadb_msg_seq;
1820 	iph2[n]->status = PHASE2ST_STATUS2;
1821 
1822 	/* set end addresses of SA */
1823 	iph2[n]->dst = dupsaddr(PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_DST]));
1824 	if (iph2[n]->dst == NULL) {
1825 		delph2(iph2[n]);
1826 		return -1;
1827 	}
1828 	iph2[n]->src = dupsaddr(PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_SRC]));
1829 	if (iph2[n]->src == NULL) {
1830 		delph2(iph2[n]);
1831 		return -1;
1832 	}
1833 
1834 	plog(LLV_DEBUG, LOCATION, NULL,
1835 		"new acquire %s\n", spidx2str(&sp_out->spidx));
1836 
1837 	/* get sainfo */
1838     {
1839 	vchar_t *idsrc, *iddst;
1840 
1841 	idsrc = ipsecdoi_sockaddr2id((struct sockaddr *)&sp_out->spidx.src,
1842 				sp_out->spidx.prefs, sp_out->spidx.ul_proto);
1843 	if (idsrc == NULL) {
1844 		plog(LLV_ERROR, LOCATION, NULL,
1845 			"failed to get ID for %s\n",
1846 			spidx2str(&sp_out->spidx));
1847 		delph2(iph2[n]);
1848 		return -1;
1849 	}
1850 	iddst = ipsecdoi_sockaddr2id((struct sockaddr *)&sp_out->spidx.dst,
1851 				sp_out->spidx.prefd, sp_out->spidx.ul_proto);
1852 	if (iddst == NULL) {
1853 		plog(LLV_ERROR, LOCATION, NULL,
1854 			"failed to get ID for %s\n",
1855 			spidx2str(&sp_out->spidx));
1856 		vfree(idsrc);
1857 		delph2(iph2[n]);
1858 		return -1;
1859 	}
1860 	{
1861 		struct remoteconf *conf;
1862 		conf = getrmconf(iph2[n]->dst);
1863 		if (conf != NULL)
1864 			remoteid=conf->ph1id;
1865 		else{
1866 			plog(LLV_DEBUG, LOCATION, NULL, "Warning: no valid rmconf !\n");
1867 			remoteid=0;
1868 		}
1869 	}
1870 	iph2[n]->sainfo = getsainfo(idsrc, iddst, NULL, remoteid);
1871 	vfree(idsrc);
1872 	vfree(iddst);
1873 	if (iph2[n]->sainfo == NULL) {
1874 		plog(LLV_ERROR, LOCATION, NULL,
1875 			"failed to get sainfo.\n");
1876 		delph2(iph2[n]);
1877 		return -1;
1878 		/* XXX should use the algorithm list from register message */
1879 	}
1880 
1881 	plog(LLV_DEBUG, LOCATION, NULL,
1882 		"selected sainfo: %s\n", sainfo2str(iph2[n]->sainfo));
1883     }
1884 
1885 	if (set_proposal_from_policy(iph2[n], sp_out, sp_in) < 0) {
1886 		plog(LLV_ERROR, LOCATION, NULL,
1887 			"failed to create saprop.\n");
1888 		delph2(iph2[n]);
1889 		return -1;
1890 	}
1891 #ifdef HAVE_SECCTX
1892 	if (m_sec_ctx) {
1893 		set_secctx_in_proposal(iph2[n], spidx);
1894 	}
1895 #endif /* HAVE_SECCTX */
1896 
1897 	insph2(iph2[n]);
1898 
1899 	/* start isakmp initiation by using ident exchange */
1900 	/* XXX should be looped if there are multiple phase 2 handler. */
1901 	if (isakmp_post_acquire(iph2[n]) < 0) {
1902 		plog(LLV_ERROR, LOCATION, NULL,
1903 			"failed to begin ipsec sa negotication.\n");
1904 		goto err;
1905 	}
1906 
1907 	return 0;
1908 
1909 err:
1910 	while (n >= 0) {
1911 		unbindph12(iph2[n]);
1912 		remph2(iph2[n]);
1913 		delph2(iph2[n]);
1914 		iph2[n] = NULL;
1915 		n--;
1916 	}
1917 	return -1;
1918 }
1919 
1920 static int
pk_recvdelete(mhp)1921 pk_recvdelete(mhp)
1922 	caddr_t *mhp;
1923 {
1924 	struct sadb_msg *msg;
1925 	struct sadb_sa *sa;
1926 	struct sockaddr *src, *dst;
1927 	struct ph2handle *iph2 = NULL;
1928 	u_int proto_id;
1929 
1930 	/* ignore this message because of local test mode. */
1931 	if (f_local)
1932 		return 0;
1933 
1934 	/* sanity check */
1935 	if (mhp[0] == NULL
1936 	 || mhp[SADB_EXT_SA] == NULL
1937 	 || mhp[SADB_EXT_ADDRESS_SRC] == NULL
1938 	 || mhp[SADB_EXT_ADDRESS_DST] == NULL) {
1939 		plog(LLV_ERROR, LOCATION, NULL,
1940 			"inappropriate sadb delete message passed.\n");
1941 		return -1;
1942 	}
1943 	msg = (struct sadb_msg *)mhp[0];
1944 	sa = (struct sadb_sa *)mhp[SADB_EXT_SA];
1945 	src = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_SRC]);
1946 	dst = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_DST]);
1947 
1948 	/* the message has to be processed or not ? */
1949 	if (msg->sadb_msg_pid == getpid()) {
1950 		plog(LLV_DEBUG, LOCATION, NULL,
1951 			"%s message is not interesting "
1952 			"because the message was originated by me.\n",
1953 			s_pfkey_type(msg->sadb_msg_type));
1954 		return -1;
1955 	}
1956 
1957 	proto_id = pfkey2ipsecdoi_proto(msg->sadb_msg_satype);
1958 	if (proto_id == ~0) {
1959 		plog(LLV_ERROR, LOCATION, NULL,
1960 			"invalid proto_id %d\n", msg->sadb_msg_satype);
1961 		return -1;
1962 	}
1963 
1964 	iph2 = getph2bysaidx(src, dst, proto_id, sa->sadb_sa_spi);
1965 	if (iph2 == NULL) {
1966 		/* ignore */
1967 		plog(LLV_ERROR, LOCATION, NULL,
1968 			"no iph2 found: %s\n",
1969 			sadbsecas2str(src, dst, msg->sadb_msg_satype,
1970 				sa->sadb_sa_spi, IPSEC_MODE_ANY));
1971 		return 0;
1972 	}
1973 
1974 	plog(LLV_ERROR, LOCATION, NULL,
1975 		"pfkey DELETE received: %s\n",
1976 		sadbsecas2str(iph2->src, iph2->dst,
1977 			msg->sadb_msg_satype, sa->sadb_sa_spi, IPSEC_MODE_ANY));
1978 
1979 	/* send delete information */
1980 	if (iph2->status == PHASE2ST_ESTABLISHED)
1981 		isakmp_info_send_d2(iph2);
1982 
1983 	unbindph12(iph2);
1984 	remph2(iph2);
1985 	delph2(iph2);
1986 
1987 	return 0;
1988 }
1989 
1990 static int
pk_recvflush(mhp)1991 pk_recvflush(mhp)
1992 	caddr_t *mhp;
1993 {
1994 	/* ignore this message because of local test mode. */
1995 	if (f_local)
1996 		return 0;
1997 
1998 	/* sanity check */
1999 	if (mhp[0] == NULL) {
2000 		plog(LLV_ERROR, LOCATION, NULL,
2001 			"inappropriate sadb flush message passed.\n");
2002 		return -1;
2003 	}
2004 
2005 	flushph2();
2006 
2007 	return 0;
2008 }
2009 
2010 static int
getsadbpolicy(policy0,policylen0,type,iph2)2011 getsadbpolicy(policy0, policylen0, type, iph2)
2012 	caddr_t *policy0;
2013 	int *policylen0, type;
2014 	struct ph2handle *iph2;
2015 {
2016 	struct policyindex *spidx = (struct policyindex *)iph2->spidx_gen;
2017 	struct sadb_x_policy *xpl;
2018 	struct sadb_x_ipsecrequest *xisr;
2019 	struct saproto *pr;
2020 	struct saproto **pr_rlist;
2021 	int rlist_len = 0;
2022 	caddr_t policy, p;
2023 	int policylen;
2024 	int xisrlen;
2025 	u_int satype, mode;
2026 	int len = 0;
2027 #ifdef HAVE_SECCTX
2028 	int ctxlen = 0;
2029 #endif /* HAVE_SECCTX */
2030 
2031 
2032 	/* get policy buffer size */
2033 	policylen = sizeof(struct sadb_x_policy);
2034 	if (type != SADB_X_SPDDELETE) {
2035 		for (pr = iph2->approval->head; pr; pr = pr->next) {
2036 			xisrlen = sizeof(*xisr);
2037 			if (pr->encmode == IPSECDOI_ATTR_ENC_MODE_TUNNEL) {
2038 				xisrlen += (sysdep_sa_len(iph2->src)
2039 				          + sysdep_sa_len(iph2->dst));
2040 			}
2041 
2042 			policylen += PFKEY_ALIGN8(xisrlen);
2043 		}
2044 	}
2045 
2046 #ifdef HAVE_SECCTX
2047 	if (*spidx->sec_ctx.ctx_str) {
2048 		ctxlen = sizeof(struct sadb_x_sec_ctx)
2049 				+ PFKEY_ALIGN8(spidx->sec_ctx.ctx_strlen);
2050 		policylen += ctxlen;
2051 	}
2052 #endif /* HAVE_SECCTX */
2053 
2054 	/* make policy structure */
2055 	policy = racoon_malloc(policylen);
2056 	memset((void*)policy, 0xcd, policylen);
2057 	if (!policy) {
2058 		plog(LLV_ERROR, LOCATION, NULL,
2059 			"buffer allocation failed.\n");
2060 		return -1;
2061 	}
2062 
2063 	xpl = (struct sadb_x_policy *)policy;
2064 	xpl->sadb_x_policy_len = PFKEY_UNIT64(policylen);
2065 	xpl->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
2066 	xpl->sadb_x_policy_type = IPSEC_POLICY_IPSEC;
2067 	xpl->sadb_x_policy_dir = spidx->dir;
2068 	xpl->sadb_x_policy_id = 0;
2069 #ifdef HAVE_PFKEY_POLICY_PRIORITY
2070 	xpl->sadb_x_policy_priority = PRIORITY_DEFAULT;
2071 #endif
2072 	len++;
2073 
2074 #ifdef HAVE_SECCTX
2075 	if (*spidx->sec_ctx.ctx_str) {
2076 		struct sadb_x_sec_ctx *p;
2077 
2078 		p = (struct sadb_x_sec_ctx *)(xpl + len);
2079 		memset(p, 0, ctxlen);
2080 		p->sadb_x_sec_len = PFKEY_UNIT64(ctxlen);
2081 		p->sadb_x_sec_exttype = SADB_X_EXT_SEC_CTX;
2082 		p->sadb_x_ctx_len = spidx->sec_ctx.ctx_strlen;
2083 		p->sadb_x_ctx_doi = spidx->sec_ctx.ctx_doi;
2084 		p->sadb_x_ctx_alg = spidx->sec_ctx.ctx_alg;
2085 
2086 		memcpy(p + 1,spidx->sec_ctx.ctx_str,spidx->sec_ctx.ctx_strlen);
2087 		len += ctxlen;
2088 	}
2089 #endif /* HAVE_SECCTX */
2090 
2091 	/* no need to append policy information any more if type is SPDDELETE */
2092 	if (type == SADB_X_SPDDELETE)
2093 		goto end;
2094 
2095 	xisr = (struct sadb_x_ipsecrequest *)(xpl + len);
2096 
2097 	/* The order of things is reversed for use in add policy messages */
2098 	for (pr = iph2->approval->head; pr; pr = pr->next) rlist_len++;
2099 	pr_rlist = racoon_malloc((rlist_len+1)*sizeof(struct saproto*));
2100 	if (!pr_rlist) {
2101 		plog(LLV_ERROR, LOCATION, NULL,
2102 			"buffer allocation failed.\n");
2103 		return -1;
2104 	}
2105 	pr_rlist[rlist_len--] = NULL;
2106 	for (pr = iph2->approval->head; pr; pr = pr->next) pr_rlist[rlist_len--] = pr;
2107 	rlist_len = 0;
2108 
2109 	for (pr = pr_rlist[rlist_len++]; pr; pr = pr_rlist[rlist_len++]) {
2110 
2111 		satype = doi2ipproto(pr->proto_id);
2112 		if (satype == ~0) {
2113 			plog(LLV_ERROR, LOCATION, NULL,
2114 				"invalid proto_id %d\n", pr->proto_id);
2115 			goto err;
2116 		}
2117 		mode = ipsecdoi2pfkey_mode(pr->encmode);
2118 		if (mode == ~0) {
2119 			plog(LLV_ERROR, LOCATION, NULL,
2120 				"invalid encmode %d\n", pr->encmode);
2121 			goto err;
2122 		}
2123 
2124 		/*
2125 		 * the policy level cannot be unique because the policy
2126 		 * is defined later than SA, so req_id cannot be bound to SA.
2127 		 */
2128 		xisr->sadb_x_ipsecrequest_proto = satype;
2129 		xisr->sadb_x_ipsecrequest_mode = mode;
2130 		if(iph2->proposal->head->reqid_in > 0){
2131 			xisr->sadb_x_ipsecrequest_level = IPSEC_LEVEL_UNIQUE;
2132 			xisr->sadb_x_ipsecrequest_reqid = iph2->proposal->head->reqid_in;
2133 		}else{
2134 			xisr->sadb_x_ipsecrequest_level = IPSEC_LEVEL_REQUIRE;
2135 			xisr->sadb_x_ipsecrequest_reqid = 0;
2136 		}
2137 		p = (caddr_t)(xisr + 1);
2138 
2139 		xisrlen = sizeof(*xisr);
2140 
2141 		if (pr->encmode == IPSECDOI_ATTR_ENC_MODE_TUNNEL) {
2142 			int src_len, dst_len;
2143 
2144 			src_len = sysdep_sa_len(iph2->src);
2145 			dst_len = sysdep_sa_len(iph2->dst);
2146 			xisrlen += src_len + dst_len;
2147 
2148 			memcpy(p, iph2->src, src_len);
2149 			p += src_len;
2150 
2151 			memcpy(p, iph2->dst, dst_len);
2152 			p += dst_len;
2153 		}
2154 
2155 		xisr->sadb_x_ipsecrequest_len = PFKEY_ALIGN8(xisrlen);
2156 		xisr = (struct sadb_x_ipsecrequest *)p;
2157 
2158 	}
2159 	racoon_free(pr_rlist);
2160 
2161 end:
2162 	*policy0 = policy;
2163 	*policylen0 = policylen;
2164 
2165 	return 0;
2166 
2167 err:
2168 	if (policy)
2169 		racoon_free(policy);
2170 	if (pr_rlist) racoon_free(pr_rlist);
2171 
2172 	return -1;
2173 }
2174 
2175 int
pk_sendspdupdate2(iph2)2176 pk_sendspdupdate2(iph2)
2177 	struct ph2handle *iph2;
2178 {
2179 	struct policyindex *spidx = (struct policyindex *)iph2->spidx_gen;
2180 	caddr_t policy = NULL;
2181 	int policylen = 0;
2182 	u_int64_t ltime, vtime;
2183 
2184 	ltime = iph2->approval->lifetime;
2185 	vtime = 0;
2186 
2187 	if (getsadbpolicy(&policy, &policylen, SADB_X_SPDUPDATE, iph2)) {
2188 		plog(LLV_ERROR, LOCATION, NULL,
2189 			"getting sadb policy failed.\n");
2190 		return -1;
2191 	}
2192 
2193 	if (pfkey_send_spdupdate2(
2194 			lcconf->sock_pfkey,
2195 			(struct sockaddr *)&spidx->src,
2196 			spidx->prefs,
2197 			(struct sockaddr *)&spidx->dst,
2198 			spidx->prefd,
2199 			spidx->ul_proto,
2200 			ltime, vtime,
2201 			policy, policylen, 0) < 0) {
2202 		plog(LLV_ERROR, LOCATION, NULL,
2203 			"libipsec failed send spdupdate2 (%s)\n",
2204 			ipsec_strerror());
2205 		goto end;
2206 	}
2207 	plog(LLV_DEBUG, LOCATION, NULL, "call pfkey_send_spdupdate2\n");
2208 
2209 end:
2210 	if (policy)
2211 		racoon_free(policy);
2212 
2213 	return 0;
2214 }
2215 
2216 static int
pk_recvspdupdate(mhp)2217 pk_recvspdupdate(mhp)
2218 	caddr_t *mhp;
2219 {
2220 	struct sadb_address *saddr, *daddr;
2221 	struct sadb_x_policy *xpl;
2222  	struct sadb_lifetime *lt;
2223 	struct policyindex spidx;
2224 	struct secpolicy *sp;
2225  	u_int64_t created;
2226 
2227 	/* sanity check */
2228 	if (mhp[0] == NULL
2229 	 || mhp[SADB_EXT_ADDRESS_SRC] == NULL
2230 	 || mhp[SADB_EXT_ADDRESS_DST] == NULL
2231 	 || mhp[SADB_X_EXT_POLICY] == NULL) {
2232 		plog(LLV_ERROR, LOCATION, NULL,
2233 			"inappropriate sadb spdupdate message passed.\n");
2234 		return -1;
2235 	}
2236 	saddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_SRC];
2237 	daddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_DST];
2238 	xpl = (struct sadb_x_policy *)mhp[SADB_X_EXT_POLICY];
2239 	lt = (struct sadb_lifetime*)mhp[SADB_EXT_LIFETIME_HARD];
2240 	if(lt != NULL)
2241 		created = lt->sadb_lifetime_addtime;
2242 	else
2243 		created = 0;
2244 
2245 #ifdef HAVE_PFKEY_POLICY_PRIORITY
2246 	KEY_SETSECSPIDX(xpl->sadb_x_policy_dir,
2247 			saddr + 1,
2248 			daddr + 1,
2249 			saddr->sadb_address_prefixlen,
2250 			daddr->sadb_address_prefixlen,
2251 			saddr->sadb_address_proto,
2252 			xpl->sadb_x_policy_priority,
2253 			created,
2254 			&spidx);
2255 #else
2256 	KEY_SETSECSPIDX(xpl->sadb_x_policy_dir,
2257 			saddr + 1,
2258 			daddr + 1,
2259 			saddr->sadb_address_prefixlen,
2260 			daddr->sadb_address_prefixlen,
2261 			saddr->sadb_address_proto,
2262 			created,
2263 			&spidx);
2264 #endif
2265 
2266 #ifdef HAVE_SECCTX
2267 	if (mhp[SADB_X_EXT_SEC_CTX] != NULL) {
2268 		struct sadb_x_sec_ctx *ctx;
2269 
2270 		ctx = (struct sadb_x_sec_ctx *)mhp[SADB_X_EXT_SEC_CTX];
2271 		spidx.sec_ctx.ctx_alg = ctx->sadb_x_ctx_alg;
2272 		spidx.sec_ctx.ctx_doi = ctx->sadb_x_ctx_doi;
2273 		spidx.sec_ctx.ctx_strlen = ctx->sadb_x_ctx_len;
2274 		memcpy(spidx.sec_ctx.ctx_str, ctx + 1, ctx->sadb_x_ctx_len);
2275 	}
2276 #endif /* HAVE_SECCTX */
2277 
2278 	sp = getsp(&spidx);
2279 	if (sp == NULL) {
2280 		plog(LLV_ERROR, LOCATION, NULL,
2281 			"such policy does not already exist: \"%s\"\n",
2282 			spidx2str(&spidx));
2283 	} else {
2284 		remsp(sp);
2285 		delsp(sp);
2286 	}
2287 
2288 	if (addnewsp(mhp) < 0)
2289 		return -1;
2290 
2291 	return 0;
2292 }
2293 
2294 /*
2295  * this function has to be used by responder side.
2296  */
2297 int
pk_sendspdadd2(iph2)2298 pk_sendspdadd2(iph2)
2299 	struct ph2handle *iph2;
2300 {
2301 	struct policyindex *spidx = (struct policyindex *)iph2->spidx_gen;
2302 	caddr_t policy = NULL;
2303 	int policylen = 0;
2304 	u_int64_t ltime, vtime;
2305 
2306 	ltime = iph2->approval->lifetime;
2307 	vtime = 0;
2308 
2309 	if (getsadbpolicy(&policy, &policylen, SADB_X_SPDADD, iph2)) {
2310 		plog(LLV_ERROR, LOCATION, NULL,
2311 			"getting sadb policy failed.\n");
2312 		return -1;
2313 	}
2314 
2315 	if (pfkey_send_spdadd2(
2316 			lcconf->sock_pfkey,
2317 			(struct sockaddr *)&spidx->src,
2318 			spidx->prefs,
2319 			(struct sockaddr *)&spidx->dst,
2320 			spidx->prefd,
2321 			spidx->ul_proto,
2322 			ltime, vtime,
2323 			policy, policylen, 0) < 0) {
2324 		plog(LLV_ERROR, LOCATION, NULL,
2325 			"libipsec failed send spdadd2 (%s)\n",
2326 			ipsec_strerror());
2327 		goto end;
2328 	}
2329 	plog(LLV_DEBUG, LOCATION, NULL, "call pfkey_send_spdadd2\n");
2330 
2331 end:
2332 	if (policy)
2333 		racoon_free(policy);
2334 
2335 	return 0;
2336 }
2337 
2338 static int
pk_recvspdadd(mhp)2339 pk_recvspdadd(mhp)
2340 	caddr_t *mhp;
2341 {
2342 	struct sadb_address *saddr, *daddr;
2343 	struct sadb_x_policy *xpl;
2344 	struct sadb_lifetime *lt;
2345 	struct policyindex spidx;
2346 	struct secpolicy *sp;
2347 	u_int64_t created;
2348 
2349 	/* sanity check */
2350 	if (mhp[0] == NULL
2351 	 || mhp[SADB_EXT_ADDRESS_SRC] == NULL
2352 	 || mhp[SADB_EXT_ADDRESS_DST] == NULL
2353 	 || mhp[SADB_X_EXT_POLICY] == NULL) {
2354 		plog(LLV_ERROR, LOCATION, NULL,
2355 			"inappropriate sadb spdadd message passed.\n");
2356 		return -1;
2357 	}
2358 	saddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_SRC];
2359 	daddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_DST];
2360 	xpl = (struct sadb_x_policy *)mhp[SADB_X_EXT_POLICY];
2361 	lt = (struct sadb_lifetime*)mhp[SADB_EXT_LIFETIME_HARD];
2362 	if(lt != NULL)
2363 		created = lt->sadb_lifetime_addtime;
2364 	else
2365 		created = 0;
2366 
2367 #ifdef HAVE_PFKEY_POLICY_PRIORITY
2368 	KEY_SETSECSPIDX(xpl->sadb_x_policy_dir,
2369 			saddr + 1,
2370 			daddr + 1,
2371 			saddr->sadb_address_prefixlen,
2372 			daddr->sadb_address_prefixlen,
2373 			saddr->sadb_address_proto,
2374 			xpl->sadb_x_policy_priority,
2375 			created,
2376 			&spidx);
2377 #else
2378 	KEY_SETSECSPIDX(xpl->sadb_x_policy_dir,
2379 			saddr + 1,
2380 			daddr + 1,
2381 			saddr->sadb_address_prefixlen,
2382 			daddr->sadb_address_prefixlen,
2383 			saddr->sadb_address_proto,
2384 			created,
2385 			&spidx);
2386 #endif
2387 
2388 #ifdef HAVE_SECCTX
2389 	if (mhp[SADB_X_EXT_SEC_CTX] != NULL) {
2390 		struct sadb_x_sec_ctx *ctx;
2391 
2392 		ctx = (struct sadb_x_sec_ctx *)mhp[SADB_X_EXT_SEC_CTX];
2393 		spidx.sec_ctx.ctx_alg = ctx->sadb_x_ctx_alg;
2394 		spidx.sec_ctx.ctx_doi = ctx->sadb_x_ctx_doi;
2395 		spidx.sec_ctx.ctx_strlen = ctx->sadb_x_ctx_len;
2396 		memcpy(spidx.sec_ctx.ctx_str, ctx + 1, ctx->sadb_x_ctx_len);
2397 	}
2398 #endif /* HAVE_SECCTX */
2399 
2400 	sp = getsp(&spidx);
2401 	if (sp != NULL) {
2402 		plog(LLV_ERROR, LOCATION, NULL,
2403 			"such policy already exists. "
2404 			"anyway replace it: %s\n",
2405 			spidx2str(&spidx));
2406 		remsp(sp);
2407 		delsp(sp);
2408 	}
2409 
2410 	if (addnewsp(mhp) < 0)
2411 		return -1;
2412 
2413 	return 0;
2414 }
2415 
2416 /*
2417  * this function has to be used by responder side.
2418  */
2419 int
pk_sendspddelete(iph2)2420 pk_sendspddelete(iph2)
2421 	struct ph2handle *iph2;
2422 {
2423 	struct policyindex *spidx = (struct policyindex *)iph2->spidx_gen;
2424 	caddr_t policy = NULL;
2425 	int policylen;
2426 
2427 	if (getsadbpolicy(&policy, &policylen, SADB_X_SPDDELETE, iph2)) {
2428 		plog(LLV_ERROR, LOCATION, NULL,
2429 			"getting sadb policy failed.\n");
2430 		return -1;
2431 	}
2432 
2433 	if (pfkey_send_spddelete(
2434 			lcconf->sock_pfkey,
2435 			(struct sockaddr *)&spidx->src,
2436 			spidx->prefs,
2437 			(struct sockaddr *)&spidx->dst,
2438 			spidx->prefd,
2439 			spidx->ul_proto,
2440 			policy, policylen, 0) < 0) {
2441 		plog(LLV_ERROR, LOCATION, NULL,
2442 			"libipsec failed send spddelete (%s)\n",
2443 			ipsec_strerror());
2444 		goto end;
2445 	}
2446 	plog(LLV_DEBUG, LOCATION, NULL, "call pfkey_send_spddelete\n");
2447 
2448 end:
2449 	if (policy)
2450 		racoon_free(policy);
2451 
2452 	return 0;
2453 }
2454 
2455 static int
pk_recvspddelete(mhp)2456 pk_recvspddelete(mhp)
2457 	caddr_t *mhp;
2458 {
2459 	struct sadb_address *saddr, *daddr;
2460 	struct sadb_x_policy *xpl;
2461 	struct sadb_lifetime *lt;
2462 	struct policyindex spidx;
2463 	struct secpolicy *sp;
2464 	u_int64_t created;
2465 
2466 	/* sanity check */
2467 	if (mhp[0] == NULL
2468 	 || mhp[SADB_EXT_ADDRESS_SRC] == NULL
2469 	 || mhp[SADB_EXT_ADDRESS_DST] == NULL
2470 	 || mhp[SADB_X_EXT_POLICY] == NULL) {
2471 		plog(LLV_ERROR, LOCATION, NULL,
2472 			"inappropriate sadb spddelete message passed.\n");
2473 		return -1;
2474 	}
2475 	saddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_SRC];
2476 	daddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_DST];
2477 	xpl = (struct sadb_x_policy *)mhp[SADB_X_EXT_POLICY];
2478 	lt = (struct sadb_lifetime*)mhp[SADB_EXT_LIFETIME_HARD];
2479 	if(lt != NULL)
2480 		created = lt->sadb_lifetime_addtime;
2481 	else
2482 		created = 0;
2483 
2484 #ifdef HAVE_PFKEY_POLICY_PRIORITY
2485 	KEY_SETSECSPIDX(xpl->sadb_x_policy_dir,
2486 			saddr + 1,
2487 			daddr + 1,
2488 			saddr->sadb_address_prefixlen,
2489 			daddr->sadb_address_prefixlen,
2490 			saddr->sadb_address_proto,
2491 			xpl->sadb_x_policy_priority,
2492 			created,
2493 			&spidx);
2494 #else
2495 	KEY_SETSECSPIDX(xpl->sadb_x_policy_dir,
2496 			saddr + 1,
2497 			daddr + 1,
2498 			saddr->sadb_address_prefixlen,
2499 			daddr->sadb_address_prefixlen,
2500 			saddr->sadb_address_proto,
2501 			created,
2502 			&spidx);
2503 #endif
2504 
2505 #ifdef HAVE_SECCTX
2506 	if (mhp[SADB_X_EXT_SEC_CTX] != NULL) {
2507 		struct sadb_x_sec_ctx *ctx;
2508 
2509 		ctx = (struct sadb_x_sec_ctx *)mhp[SADB_X_EXT_SEC_CTX];
2510 		spidx.sec_ctx.ctx_alg = ctx->sadb_x_ctx_alg;
2511 		spidx.sec_ctx.ctx_doi = ctx->sadb_x_ctx_doi;
2512 		spidx.sec_ctx.ctx_strlen = ctx->sadb_x_ctx_len;
2513 		memcpy(spidx.sec_ctx.ctx_str, ctx + 1, ctx->sadb_x_ctx_len);
2514 	}
2515 #endif /* HAVE_SECCTX */
2516 
2517 	sp = getsp(&spidx);
2518 	if (sp == NULL) {
2519 		plog(LLV_ERROR, LOCATION, NULL,
2520 			"no policy found: %s\n",
2521 			spidx2str(&spidx));
2522 		return -1;
2523 	}
2524 
2525 	remsp(sp);
2526 	delsp(sp);
2527 
2528 	return 0;
2529 }
2530 
2531 static int
pk_recvspdexpire(mhp)2532 pk_recvspdexpire(mhp)
2533 	caddr_t *mhp;
2534 {
2535 	struct sadb_address *saddr, *daddr;
2536 	struct sadb_x_policy *xpl;
2537 	struct sadb_lifetime *lt;
2538 	struct policyindex spidx;
2539 	struct secpolicy *sp;
2540 	u_int64_t created;
2541 
2542 	/* sanity check */
2543 	if (mhp[0] == NULL
2544 	 || mhp[SADB_EXT_ADDRESS_SRC] == NULL
2545 	 || mhp[SADB_EXT_ADDRESS_DST] == NULL
2546 	 || mhp[SADB_X_EXT_POLICY] == NULL) {
2547 		plog(LLV_ERROR, LOCATION, NULL,
2548 			"inappropriate sadb spdexpire message passed.\n");
2549 		return -1;
2550 	}
2551 	saddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_SRC];
2552 	daddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_DST];
2553 	xpl = (struct sadb_x_policy *)mhp[SADB_X_EXT_POLICY];
2554 	lt = (struct sadb_lifetime*)mhp[SADB_EXT_LIFETIME_HARD];
2555 	if(lt != NULL)
2556 		created = lt->sadb_lifetime_addtime;
2557 	else
2558 		created = 0;
2559 
2560 #ifdef HAVE_PFKEY_POLICY_PRIORITY
2561 	KEY_SETSECSPIDX(xpl->sadb_x_policy_dir,
2562 			saddr + 1,
2563 			daddr + 1,
2564 			saddr->sadb_address_prefixlen,
2565 			daddr->sadb_address_prefixlen,
2566 			saddr->sadb_address_proto,
2567 			xpl->sadb_x_policy_priority,
2568 			created,
2569 			&spidx);
2570 #else
2571 	KEY_SETSECSPIDX(xpl->sadb_x_policy_dir,
2572 			saddr + 1,
2573 			daddr + 1,
2574 			saddr->sadb_address_prefixlen,
2575 			daddr->sadb_address_prefixlen,
2576 			saddr->sadb_address_proto,
2577 			created,
2578 			&spidx);
2579 #endif
2580 
2581 #ifdef HAVE_SECCTX
2582 	if (mhp[SADB_X_EXT_SEC_CTX] != NULL) {
2583 		struct sadb_x_sec_ctx *ctx;
2584 
2585 		ctx = (struct sadb_x_sec_ctx *)mhp[SADB_X_EXT_SEC_CTX];
2586 		spidx.sec_ctx.ctx_alg = ctx->sadb_x_ctx_alg;
2587 		spidx.sec_ctx.ctx_doi = ctx->sadb_x_ctx_doi;
2588 		spidx.sec_ctx.ctx_strlen = ctx->sadb_x_ctx_len;
2589 		memcpy(spidx.sec_ctx.ctx_str, ctx + 1, ctx->sadb_x_ctx_len);
2590 	}
2591 #endif /* HAVE_SECCTX */
2592 
2593 	sp = getsp(&spidx);
2594 	if (sp == NULL) {
2595 		plog(LLV_ERROR, LOCATION, NULL,
2596 			"no policy found: %s\n",
2597 			spidx2str(&spidx));
2598 		return -1;
2599 	}
2600 
2601 	remsp(sp);
2602 	delsp(sp);
2603 
2604 	return 0;
2605 }
2606 
2607 static int
pk_recvspdget(mhp)2608 pk_recvspdget(mhp)
2609 	caddr_t *mhp;
2610 {
2611 	/* sanity check */
2612 	if (mhp[0] == NULL) {
2613 		plog(LLV_ERROR, LOCATION, NULL,
2614 			"inappropriate sadb spdget message passed.\n");
2615 		return -1;
2616 	}
2617 
2618 	return 0;
2619 }
2620 
2621 static int
pk_recvspddump(mhp)2622 pk_recvspddump(mhp)
2623 	caddr_t *mhp;
2624 {
2625 	struct sadb_msg *msg;
2626 	struct sadb_address *saddr, *daddr;
2627 	struct sadb_x_policy *xpl;
2628 	struct sadb_lifetime *lt;
2629 	struct policyindex spidx;
2630 	struct secpolicy *sp;
2631 	u_int64_t created;
2632 
2633 	/* sanity check */
2634 	if (mhp[0] == NULL) {
2635 		plog(LLV_ERROR, LOCATION, NULL,
2636 			"inappropriate sadb spddump message passed.\n");
2637 		return -1;
2638 	}
2639 	msg = (struct sadb_msg *)mhp[0];
2640 
2641 	saddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_SRC];
2642 	daddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_DST];
2643 	xpl = (struct sadb_x_policy *)mhp[SADB_X_EXT_POLICY];
2644 	lt = (struct sadb_lifetime*)mhp[SADB_EXT_LIFETIME_HARD];
2645 	if(lt != NULL)
2646 		created = lt->sadb_lifetime_addtime;
2647 	else
2648 		created = 0;
2649 
2650 	if (saddr == NULL || daddr == NULL || xpl == NULL) {
2651 		plog(LLV_ERROR, LOCATION, NULL,
2652 			"inappropriate sadb spddump message passed.\n");
2653 		return -1;
2654 	}
2655 
2656 #ifdef HAVE_PFKEY_POLICY_PRIORITY
2657 	KEY_SETSECSPIDX(xpl->sadb_x_policy_dir,
2658 			saddr + 1,
2659 			daddr + 1,
2660 			saddr->sadb_address_prefixlen,
2661 			daddr->sadb_address_prefixlen,
2662 			saddr->sadb_address_proto,
2663 			xpl->sadb_x_policy_priority,
2664 			created,
2665 			&spidx);
2666 #else
2667 	KEY_SETSECSPIDX(xpl->sadb_x_policy_dir,
2668 			saddr + 1,
2669 			daddr + 1,
2670 			saddr->sadb_address_prefixlen,
2671 			daddr->sadb_address_prefixlen,
2672 			saddr->sadb_address_proto,
2673 			created,
2674 			&spidx);
2675 #endif
2676 
2677 #ifdef HAVE_SECCTX
2678 	if (mhp[SADB_X_EXT_SEC_CTX] != NULL) {
2679 		struct sadb_x_sec_ctx *ctx;
2680 
2681 		ctx = (struct sadb_x_sec_ctx *)mhp[SADB_X_EXT_SEC_CTX];
2682 		spidx.sec_ctx.ctx_alg = ctx->sadb_x_ctx_alg;
2683 		spidx.sec_ctx.ctx_doi = ctx->sadb_x_ctx_doi;
2684 		spidx.sec_ctx.ctx_strlen = ctx->sadb_x_ctx_len;
2685 		memcpy(spidx.sec_ctx.ctx_str, ctx + 1, ctx->sadb_x_ctx_len);
2686 	}
2687 #endif /* HAVE_SECCTX */
2688 
2689 	sp = getsp(&spidx);
2690 	if (sp != NULL) {
2691 		plog(LLV_ERROR, LOCATION, NULL,
2692 			"such policy already exists. "
2693 			"anyway replace it: %s\n",
2694 			spidx2str(&spidx));
2695 		remsp(sp);
2696 		delsp(sp);
2697 	}
2698 
2699 	if (addnewsp(mhp) < 0)
2700 		return -1;
2701 
2702 	return 0;
2703 }
2704 
2705 static int
pk_recvspdflush(mhp)2706 pk_recvspdflush(mhp)
2707 	caddr_t *mhp;
2708 {
2709 	/* sanity check */
2710 	if (mhp[0] == NULL) {
2711 		plog(LLV_ERROR, LOCATION, NULL,
2712 			"inappropriate sadb spdflush message passed.\n");
2713 		return -1;
2714 	}
2715 
2716 	flushsp();
2717 
2718 	return 0;
2719 }
2720 
2721 #ifndef ANDROID_PATCHED
2722 
2723 /*
2724  * send error against acquire message to kenrel.
2725  */
2726 int
pk_sendeacquire(iph2)2727 pk_sendeacquire(iph2)
2728 	struct ph2handle *iph2;
2729 {
2730 	struct sadb_msg *newmsg;
2731 	int len;
2732 
2733 	len = sizeof(struct sadb_msg);
2734 	newmsg = racoon_calloc(1, len);
2735 	if (newmsg == NULL) {
2736 		plog(LLV_ERROR, LOCATION, NULL,
2737 			"failed to get buffer to send acquire.\n");
2738 		return -1;
2739 	}
2740 
2741 	memset(newmsg, 0, len);
2742 	newmsg->sadb_msg_version = PF_KEY_V2;
2743 	newmsg->sadb_msg_type = SADB_ACQUIRE;
2744 	newmsg->sadb_msg_errno = ENOENT;	/* XXX */
2745 	newmsg->sadb_msg_satype = iph2->satype;
2746 	newmsg->sadb_msg_len = PFKEY_UNIT64(len);
2747 	newmsg->sadb_msg_reserved = 0;
2748 	newmsg->sadb_msg_seq = iph2->seq;
2749 	newmsg->sadb_msg_pid = (u_int32_t)getpid();
2750 
2751 	/* send message */
2752 	len = pfkey_send(lcconf->sock_pfkey, newmsg, len);
2753 
2754 	racoon_free(newmsg);
2755 
2756 	return 0;
2757 }
2758 
2759 #else
2760 
pk_sendeacquire(struct ph2handle * iph2)2761 int pk_sendeacquire(struct ph2handle *iph2)
2762 {
2763 	exit(1);
2764 }
2765 
2766 #endif
2767 
2768 /*
2769  * check if the algorithm is supported or not.
2770  * OUT	 0: ok
2771  *	-1: ng
2772  */
2773 int
pk_checkalg(class,calg,keylen)2774 pk_checkalg(class, calg, keylen)
2775 	int class, calg, keylen;
2776 {
2777 	int sup, error;
2778 	u_int alg;
2779 	struct sadb_alg alg0;
2780 
2781 	switch (algclass2doi(class)) {
2782 	case IPSECDOI_PROTO_IPSEC_ESP:
2783 		sup = SADB_EXT_SUPPORTED_ENCRYPT;
2784 		break;
2785 	case IPSECDOI_ATTR_AUTH:
2786 		sup = SADB_EXT_SUPPORTED_AUTH;
2787 		break;
2788 	case IPSECDOI_PROTO_IPCOMP:
2789 		plog(LLV_DEBUG, LOCATION, NULL,
2790 			"compression algorithm can not be checked "
2791 			"because sadb message doesn't support it.\n");
2792 		return 0;
2793 	default:
2794 		plog(LLV_ERROR, LOCATION, NULL,
2795 			"invalid algorithm class.\n");
2796 		return -1;
2797 	}
2798 	alg = ipsecdoi2pfkey_alg(algclass2doi(class), algtype2doi(class, calg));
2799 	if (alg == ~0)
2800 		return -1;
2801 
2802 	if (keylen == 0) {
2803 		if (ipsec_get_keylen(sup, alg, &alg0)) {
2804 			plog(LLV_ERROR, LOCATION, NULL,
2805 				"%s.\n", ipsec_strerror());
2806 			return -1;
2807 		}
2808 		keylen = alg0.sadb_alg_minbits;
2809 	}
2810 
2811 	error = ipsec_check_keylen(sup, alg, keylen);
2812 	if (error)
2813 		plog(LLV_ERROR, LOCATION, NULL,
2814 			"%s.\n", ipsec_strerror());
2815 
2816 	return error;
2817 }
2818 
2819 /*
2820  * differences with pfkey_recv() in libipsec/pfkey.c:
2821  * - never performs busy wait loop.
2822  * - returns NULL and set *lenp to negative on fatal failures
2823  * - returns NULL and set *lenp to non-negative on non-fatal failures
2824  * - returns non-NULL on success
2825  */
2826 static struct sadb_msg *
pk_recv(so,lenp)2827 pk_recv(so, lenp)
2828 	int so;
2829 	int *lenp;
2830 {
2831 	struct sadb_msg buf, *newmsg;
2832 	int reallen;
2833 	int retry = 0;
2834 
2835 	*lenp = -1;
2836 	do
2837 	{
2838 	    plog(LLV_DEBUG, LOCATION, NULL, "pk_recv: retry[%d] recv() \n", retry );
2839 	    *lenp = recv(so, (caddr_t)&buf, sizeof(buf), MSG_PEEK | MSG_DONTWAIT);
2840 	    retry++;
2841 	}
2842 	while (*lenp < 0 && errno == EAGAIN && retry < 3);
2843 
2844 	if (*lenp < 0)
2845 		return NULL;	/*fatal*/
2846 
2847 	else if (*lenp < sizeof(buf))
2848 		return NULL;
2849 
2850 	reallen = PFKEY_UNUNIT64(buf.sadb_msg_len);
2851 	if ((newmsg = racoon_calloc(1, reallen)) == NULL)
2852 		return NULL;
2853 
2854 	*lenp = recv(so, (caddr_t)newmsg, reallen, MSG_PEEK);
2855 	if (*lenp < 0) {
2856 		racoon_free(newmsg);
2857 		return NULL;	/*fatal*/
2858 	} else if (*lenp != reallen) {
2859 		racoon_free(newmsg);
2860 		return NULL;
2861 	}
2862 
2863 	*lenp = recv(so, (caddr_t)newmsg, reallen, 0);
2864 	if (*lenp < 0) {
2865 		racoon_free(newmsg);
2866 		return NULL;	/*fatal*/
2867 	} else if (*lenp != reallen) {
2868 		racoon_free(newmsg);
2869 		return NULL;
2870 	}
2871 
2872 	return newmsg;
2873 }
2874 
2875 /* see handler.h */
2876 u_int32_t
pk_getseq()2877 pk_getseq()
2878 {
2879 	return eay_random();
2880 }
2881 
2882 static int
addnewsp(mhp)2883 addnewsp(mhp)
2884 	caddr_t *mhp;
2885 {
2886 	struct secpolicy *new = NULL;
2887 	struct sadb_address *saddr, *daddr;
2888 	struct sadb_x_policy *xpl;
2889 	struct sadb_lifetime *lt;
2890 	u_int64_t created;
2891 
2892 	/* sanity check */
2893 	if (mhp[SADB_EXT_ADDRESS_SRC] == NULL
2894 	 || mhp[SADB_EXT_ADDRESS_DST] == NULL
2895 	 || mhp[SADB_X_EXT_POLICY] == NULL) {
2896 		plog(LLV_ERROR, LOCATION, NULL,
2897 			"inappropriate sadb spd management message passed.\n");
2898 		goto bad;
2899 	}
2900 
2901 	saddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_SRC];
2902 	daddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_DST];
2903 	xpl = (struct sadb_x_policy *)mhp[SADB_X_EXT_POLICY];
2904 	lt = (struct sadb_lifetime*)mhp[SADB_EXT_LIFETIME_HARD];
2905 	if(lt != NULL)
2906 		created = lt->sadb_lifetime_addtime;
2907 	else
2908 		created = 0;
2909 	lt = (struct sadb_lifetime*)mhp[SADB_EXT_LIFETIME_HARD];
2910 	if(lt != NULL)
2911 		created = lt->sadb_lifetime_addtime;
2912 	else
2913 		created = 0;
2914 
2915 #ifdef __linux__
2916 	/* bsd skips over per-socket policies because there will be no
2917 	 * src and dst extensions in spddump messages. On Linux the only
2918 	 * way to achieve the same is check for policy id.
2919 	 */
2920 	if (xpl->sadb_x_policy_id % 8 >= 3) return 0;
2921 #endif
2922 
2923 	new = newsp();
2924 	if (new == NULL) {
2925 		plog(LLV_ERROR, LOCATION, NULL,
2926 			"failed to allocate buffer\n");
2927 		goto bad;
2928 	}
2929 
2930 	new->spidx.dir = xpl->sadb_x_policy_dir;
2931 	new->id = xpl->sadb_x_policy_id;
2932 	new->policy = xpl->sadb_x_policy_type;
2933 	new->req = NULL;
2934 
2935 	/* check policy */
2936 	switch (xpl->sadb_x_policy_type) {
2937 	case IPSEC_POLICY_DISCARD:
2938 	case IPSEC_POLICY_NONE:
2939 	case IPSEC_POLICY_ENTRUST:
2940 	case IPSEC_POLICY_BYPASS:
2941 		break;
2942 
2943 	case IPSEC_POLICY_IPSEC:
2944 	    {
2945 		int tlen;
2946 		struct sadb_x_ipsecrequest *xisr;
2947 		struct ipsecrequest **p_isr = &new->req;
2948 
2949 		/* validity check */
2950 		if (PFKEY_EXTLEN(xpl) < sizeof(*xpl)) {
2951 			plog(LLV_ERROR, LOCATION, NULL,
2952 				"invalid msg length.\n");
2953 			goto bad;
2954 		}
2955 
2956 		tlen = PFKEY_EXTLEN(xpl) - sizeof(*xpl);
2957 		xisr = (struct sadb_x_ipsecrequest *)(xpl + 1);
2958 
2959 		while (tlen > 0) {
2960 
2961 			/* length check */
2962 			if (xisr->sadb_x_ipsecrequest_len < sizeof(*xisr)) {
2963 				plog(LLV_ERROR, LOCATION, NULL,
2964 					"invalid msg length.\n");
2965 				goto bad;
2966 			}
2967 
2968 			/* allocate request buffer */
2969 			*p_isr = newipsecreq();
2970 			if (*p_isr == NULL) {
2971 				plog(LLV_ERROR, LOCATION, NULL,
2972 					"failed to get new ipsecreq.\n");
2973 				goto bad;
2974 			}
2975 
2976 			/* set values */
2977 			(*p_isr)->next = NULL;
2978 
2979 			switch (xisr->sadb_x_ipsecrequest_proto) {
2980 			case IPPROTO_ESP:
2981 			case IPPROTO_AH:
2982 			case IPPROTO_IPCOMP:
2983 				break;
2984 			default:
2985 				plog(LLV_ERROR, LOCATION, NULL,
2986 					"invalid proto type: %u\n",
2987 					xisr->sadb_x_ipsecrequest_proto);
2988 				goto bad;
2989 			}
2990 			(*p_isr)->saidx.proto = xisr->sadb_x_ipsecrequest_proto;
2991 
2992 			switch (xisr->sadb_x_ipsecrequest_mode) {
2993 			case IPSEC_MODE_TRANSPORT:
2994 			case IPSEC_MODE_TUNNEL:
2995 				break;
2996 			case IPSEC_MODE_ANY:
2997 			default:
2998 				plog(LLV_ERROR, LOCATION, NULL,
2999 					"invalid mode: %u\n",
3000 					xisr->sadb_x_ipsecrequest_mode);
3001 				goto bad;
3002 			}
3003 			(*p_isr)->saidx.mode = xisr->sadb_x_ipsecrequest_mode;
3004 
3005 			switch (xisr->sadb_x_ipsecrequest_level) {
3006 			case IPSEC_LEVEL_DEFAULT:
3007 			case IPSEC_LEVEL_USE:
3008 			case IPSEC_LEVEL_REQUIRE:
3009 				break;
3010 			case IPSEC_LEVEL_UNIQUE:
3011 				(*p_isr)->saidx.reqid =
3012 					xisr->sadb_x_ipsecrequest_reqid;
3013 				break;
3014 
3015 			default:
3016 				plog(LLV_ERROR, LOCATION, NULL,
3017 					"invalid level: %u\n",
3018 					xisr->sadb_x_ipsecrequest_level);
3019 				goto bad;
3020 			}
3021 			(*p_isr)->level = xisr->sadb_x_ipsecrequest_level;
3022 
3023 			/* set IP addresses if there */
3024 			if (xisr->sadb_x_ipsecrequest_len > sizeof(*xisr)) {
3025 				struct sockaddr *paddr;
3026 
3027 				paddr = (struct sockaddr *)(xisr + 1);
3028 				bcopy(paddr, &(*p_isr)->saidx.src,
3029 					sysdep_sa_len(paddr));
3030 
3031 				paddr = (struct sockaddr *)((caddr_t)paddr
3032 							+ sysdep_sa_len(paddr));
3033 				bcopy(paddr, &(*p_isr)->saidx.dst,
3034 					sysdep_sa_len(paddr));
3035 			}
3036 
3037 			(*p_isr)->sp = new;
3038 
3039 			/* initialization for the next. */
3040 			p_isr = &(*p_isr)->next;
3041 			tlen -= xisr->sadb_x_ipsecrequest_len;
3042 
3043 			/* validity check */
3044 			if (tlen < 0) {
3045 				plog(LLV_ERROR, LOCATION, NULL,
3046 					"becoming tlen < 0\n");
3047 			}
3048 
3049 			xisr = (struct sadb_x_ipsecrequest *)((caddr_t)xisr
3050 			                 + xisr->sadb_x_ipsecrequest_len);
3051 		}
3052 	    }
3053 		break;
3054 	default:
3055 		plog(LLV_ERROR, LOCATION, NULL,
3056 			"invalid policy type.\n");
3057 		goto bad;
3058 	}
3059 
3060 #ifdef HAVE_PFKEY_POLICY_PRIORITY
3061 	KEY_SETSECSPIDX(xpl->sadb_x_policy_dir,
3062 			saddr + 1,
3063 			daddr + 1,
3064 			saddr->sadb_address_prefixlen,
3065 			daddr->sadb_address_prefixlen,
3066 			saddr->sadb_address_proto,
3067 			xpl->sadb_x_policy_priority,
3068 			created,
3069 			&new->spidx);
3070 #else
3071 	KEY_SETSECSPIDX(xpl->sadb_x_policy_dir,
3072 			saddr + 1,
3073 			daddr + 1,
3074 			saddr->sadb_address_prefixlen,
3075 			daddr->sadb_address_prefixlen,
3076 			saddr->sadb_address_proto,
3077 			created,
3078 			&new->spidx);
3079 #endif
3080 
3081 #ifdef HAVE_SECCTX
3082 	if (mhp[SADB_X_EXT_SEC_CTX] != NULL) {
3083 		struct sadb_x_sec_ctx *ctx;
3084 
3085 		ctx = (struct sadb_x_sec_ctx *)mhp[SADB_X_EXT_SEC_CTX];
3086 		new->spidx.sec_ctx.ctx_alg = ctx->sadb_x_ctx_alg;
3087 		new->spidx.sec_ctx.ctx_doi = ctx->sadb_x_ctx_doi;
3088 		new->spidx.sec_ctx.ctx_strlen = ctx->sadb_x_ctx_len;
3089 		memcpy(new->spidx.sec_ctx.ctx_str,ctx + 1,ctx->sadb_x_ctx_len);
3090 	}
3091 #endif /* HAVE_SECCTX */
3092 
3093 	inssp(new);
3094 
3095 	return 0;
3096 bad:
3097 	if (new != NULL) {
3098 		if (new->req != NULL)
3099 			racoon_free(new->req);
3100 		racoon_free(new);
3101 	}
3102 	return -1;
3103 }
3104 
3105 /* proto/mode/src->dst spi */
3106 const char *
sadbsecas2str(src,dst,proto,spi,mode)3107 sadbsecas2str(src, dst, proto, spi, mode)
3108 	struct sockaddr *src, *dst;
3109 	int proto;
3110 	u_int32_t spi;
3111 	int mode;
3112 {
3113 	static char buf[256];
3114 	u_int doi_proto, doi_mode = 0;
3115 	char *p;
3116 	int blen, i;
3117 
3118 	doi_proto = pfkey2ipsecdoi_proto(proto);
3119 	if (doi_proto == ~0)
3120 		return NULL;
3121 	if (mode) {
3122 		doi_mode = pfkey2ipsecdoi_mode(mode);
3123 		if (doi_mode == ~0)
3124 			return NULL;
3125 	}
3126 
3127 	blen = sizeof(buf) - 1;
3128 	p = buf;
3129 
3130 	i = snprintf(p, blen, "%s%s%s ",
3131 		s_ipsecdoi_proto(doi_proto),
3132 		mode ? "/" : "",
3133 		mode ? s_ipsecdoi_encmode(doi_mode) : "");
3134 	if (i < 0 || i >= blen)
3135 		return NULL;
3136 	p += i;
3137 	blen -= i;
3138 
3139 	i = snprintf(p, blen, "%s->", saddr2str(src));
3140 	if (i < 0 || i >= blen)
3141 		return NULL;
3142 	p += i;
3143 	blen -= i;
3144 
3145 	i = snprintf(p, blen, "%s ", saddr2str(dst));
3146 	if (i < 0 || i >= blen)
3147 		return NULL;
3148 	p += i;
3149 	blen -= i;
3150 
3151 	if (spi) {
3152 		snprintf(p, blen, "spi=%lu(0x%lx)", (unsigned long)ntohl(spi),
3153 		    (unsigned long)ntohl(spi));
3154 	}
3155 
3156 	return buf;
3157 }
3158