pfkey_v2_build.c

This a good VPN source

{
	int error = 0;
	int i;
	struct sadb_x_debug *pfkey_x_debug = (struct sadb_x_debug *)*pfkey_ext;

	DEBUGGING(PF_KEY_DEBUG_BUILD,
		"pfkey_x_debug_build:\n");
	/* sanity checks... */
	if(pfkey_x_debug) {
		ERROR("pfkey_x_debug_build: "
			"why is pfkey_x_debug already pointing to something?\n");
		SENDERR(EINVAL);
	}
	
	DEBUGGING(PF_KEY_DEBUG_BUILD,
		"pfkey_x_debug_build: "
		"tunnel=%x netlink=%x xform=%x eroute=%x spi=%x radij=%x esp=%x ah=%x rcv=%x pfkey=%x ipcomp=%x verbose=%x?\n",
		tunnel, netlink, xform, eroute, spi, radij, esp, ah, rcv, pfkey, ipcomp, verbose);

	pfkey_x_debug = (struct sadb_x_debug*)
	  MALLOC(sizeof(struct sadb_x_debug));

	*pfkey_ext = (struct sadb_ext*)pfkey_x_debug;

	if(pfkey_x_debug == NULL) {
		ERROR("pfkey_x_debug_build: "
			"memory allocation failed\n");
		SENDERR(ENOMEM);
	}
#if 0
	memset(pfkey_x_debug,
	       0,
	       sizeof(struct sadb_x_debug));
#endif
	
        pfkey_x_debug->sadb_x_debug_len = sizeof(struct sadb_x_debug) / IPSEC_PFKEYv2_ALIGN;
	pfkey_x_debug->sadb_x_debug_exttype = SADB_X_EXT_DEBUG;

	pfkey_x_debug->sadb_x_debug_tunnel = tunnel;
	pfkey_x_debug->sadb_x_debug_netlink = netlink;
	pfkey_x_debug->sadb_x_debug_xform = xform;
	pfkey_x_debug->sadb_x_debug_eroute = eroute;
	pfkey_x_debug->sadb_x_debug_spi = spi;
	pfkey_x_debug->sadb_x_debug_radij = radij;
	pfkey_x_debug->sadb_x_debug_esp = esp;
	pfkey_x_debug->sadb_x_debug_ah = ah;
	pfkey_x_debug->sadb_x_debug_rcv = rcv;
	pfkey_x_debug->sadb_x_debug_pfkey = pfkey;
	pfkey_x_debug->sadb_x_debug_ipcomp = ipcomp;
	pfkey_x_debug->sadb_x_debug_verbose = verbose;

	for(i=0; i<4; i++) {
		pfkey_x_debug->sadb_x_debug_reserved[i] = 0;
	}

errlab:
	return error;
}

int
pfkey_x_nat_t_type_build(struct sadb_ext**	pfkey_ext,
			 uint8_t         type)
{
	int error = 0;
	int i;
	struct sadb_x_nat_t_type *pfkey_x_nat_t_type = (struct sadb_x_nat_t_type *)*pfkey_ext;

	DEBUGGING(PF_KEY_DEBUG_BUILD,
		"pfkey_x_nat_t_type_build:\n");
	/* sanity checks... */
	if(pfkey_x_nat_t_type) {
		DEBUGGING(PF_KEY_DEBUG_BUILD,
			"pfkey_x_nat_t_type_build: "
			"why is pfkey_x_nat_t_type already pointing to something?\n");
		SENDERR(EINVAL);
	}
	
	DEBUGGING(PF_KEY_DEBUG_BUILD,
		"pfkey_x_nat_t_type_build: "
		"type=%d\n", type);

	pfkey_x_nat_t_type = (struct sadb_x_nat_t_type*)
	  MALLOC(sizeof(struct sadb_x_nat_t_type));

	*pfkey_ext = (struct sadb_ext*)pfkey_x_nat_t_type;

	if(pfkey_x_nat_t_type == NULL) {
		DEBUGGING(PF_KEY_DEBUG_BUILD,
			"pfkey_x_nat_t_type_build: "
			"memory allocation failed\n");
		SENDERR(ENOMEM);
	}
	
	pfkey_x_nat_t_type->sadb_x_nat_t_type_len = sizeof(struct sadb_x_nat_t_type) / IPSEC_PFKEYv2_ALIGN;
	pfkey_x_nat_t_type->sadb_x_nat_t_type_exttype = SADB_X_EXT_NAT_T_TYPE;
	pfkey_x_nat_t_type->sadb_x_nat_t_type_type = type;
	for(i=0; i<3; i++) {
		pfkey_x_nat_t_type->sadb_x_nat_t_type_reserved[i] = 0;
	}

errlab:
	return error;
}
int
pfkey_x_nat_t_port_build(struct sadb_ext**	pfkey_ext,
		    uint16_t         exttype,
		    uint16_t         port)
{
	int error = 0;
	struct sadb_x_nat_t_port *pfkey_x_nat_t_port = (struct sadb_x_nat_t_port *)*pfkey_ext;

	DEBUGGING(PF_KEY_DEBUG_BUILD,
		"pfkey_x_nat_t_port_build:\n");
	/* sanity checks... */
	if(pfkey_x_nat_t_port) {
		DEBUGGING(PF_KEY_DEBUG_BUILD,
			"pfkey_x_nat_t_port_build: "
			"why is pfkey_x_nat_t_port already pointing to something?\n");
		SENDERR(EINVAL);
	}
	
	switch(exttype) {	
	case SADB_X_EXT_NAT_T_SPORT:
	case SADB_X_EXT_NAT_T_DPORT:
		break;
	default:
		DEBUGGING(PF_KEY_DEBUG_BUILD,
			"pfkey_nat_t_port_build: "
			"unrecognised ext_type=%d.\n", 
			exttype); 
		SENDERR(EINVAL); 
	}

	DEBUGGING(PF_KEY_DEBUG_BUILD,
		"pfkey_x_nat_t_port_build: "
		"ext=%d, port=%d\n", exttype, port);

	pfkey_x_nat_t_port = (struct sadb_x_nat_t_port*)
	  MALLOC(sizeof(struct sadb_x_nat_t_port));

	*pfkey_ext = (struct sadb_ext*)pfkey_x_nat_t_port;

	if(pfkey_x_nat_t_port == NULL) {
		DEBUGGING(PF_KEY_DEBUG_BUILD,
			"pfkey_x_nat_t_port_build: "
			"memory allocation failed\n");
		SENDERR(ENOMEM);
	}
	
	pfkey_x_nat_t_port->sadb_x_nat_t_port_len = sizeof(struct sadb_x_nat_t_port) / IPSEC_PFKEYv2_ALIGN;
	pfkey_x_nat_t_port->sadb_x_nat_t_port_exttype = exttype;
	pfkey_x_nat_t_port->sadb_x_nat_t_port_port = port;
	pfkey_x_nat_t_port->sadb_x_nat_t_port_reserved = 0;

errlab:
	return error;
}

int pfkey_x_protocol_build(struct sadb_ext **pfkey_ext,
			   uint8_t protocol)
{
	int error = 0;
	struct sadb_protocol * p = (struct sadb_protocol *)*pfkey_ext;
	DEBUGGING(PF_KEY_DEBUG_BUILD,"pfkey_x_protocol_build: protocol=%u\n", protocol);
	/* sanity checks... */
	if  (p != 0) {
		ERROR("pfkey_x_protocol_build: bogus protocol pointer\n");
		SENDERR(EINVAL);
	}
	if ((p = (struct sadb_protocol*)MALLOC(sizeof(*p))) == 0) {
		ERROR("pfkey_build: memory allocation failed\n");
		SENDERR(ENOMEM);
	}
	*pfkey_ext = (struct sadb_ext *)p;
	p->sadb_protocol_len = sizeof(*p) / sizeof(uint64_t);
	p->sadb_protocol_exttype = SADB_X_EXT_PROTOCOL;
	p->sadb_protocol_proto = protocol;
	p->sadb_protocol_flags = 0;
	p->sadb_protocol_reserved2 = 0;
 errlab:
	return error;
}


#if I_DONT_THINK_THIS_WILL_BE_USEFUL
int (*ext_default_builders[SADB_EXT_MAX +1])(struct sadb_msg*, struct sadb_ext*)
 =
{
	NULL, /* pfkey_msg_build, */
	pfkey_sa_build,
	pfkey_lifetime_build,
	pfkey_lifetime_build,
	pfkey_lifetime_build,
	pfkey_address_build,
	pfkey_address_build,
	pfkey_address_build,
	pfkey_key_build,
	pfkey_key_build,
	pfkey_ident_build,
	pfkey_ident_build,
	pfkey_sens_build,
	pfkey_prop_build,
	pfkey_supported_build,
	pfkey_supported_build,
	pfkey_spirange_build,
	pfkey_x_kmprivate_build,
	pfkey_x_satype_build,
	pfkey_sa_build,
	pfkey_address_build,
	pfkey_address_build,
	pfkey_address_build,
	pfkey_address_build,
	pfkey_address_build,
	pfkey_x_ext_debug_build
};
#endif

int
pfkey_msg_build(struct sadb_msg **pfkey_msg, struct sadb_ext *extensions[], int dir)
{
	int error = 0;
	unsigned ext;
	unsigned total_size;
	struct sadb_ext *pfkey_ext;
	int extensions_seen = 0;
#ifndef __KERNEL__	
	struct sadb_ext *extensions_check[SADB_EXT_MAX + 1];
#endif
	
	if(!extensions[0]) {
		ERROR("pfkey_msg_build: "
			"extensions[0] must be specified (struct sadb_msg).\n");
		SENDERR(EINVAL);
	}

	/* figure out the total size for all the requested extensions */
	total_size = IPSEC_PFKEYv2_WORDS(sizeof(struct sadb_msg));
	for(ext = 1; ext <= SADB_EXT_MAX; ext++) {
		if(extensions[ext]) {
			total_size += (extensions[ext])->sadb_ext_len;
		}
        }                

	/* allocate that much space */
	*pfkey_msg = (struct sadb_msg*)MALLOC(total_size * IPSEC_PFKEYv2_ALIGN);
	if(*pfkey_msg == NULL) {
		ERROR("pfkey_msg_build: "
		      "memory allocation failed\n");
		SENDERR(ENOMEM);
	}
	
	DEBUGGING(PF_KEY_DEBUG_BUILD,
		  "pfkey_msg_build: "
		  "pfkey_msg=0p%p allocated %lu bytes, &(extensions[0])=0p%p\n",
		  *pfkey_msg,
		  (unsigned long)(total_size * IPSEC_PFKEYv2_ALIGN),
		  &(extensions[0]));

	memcpy(*pfkey_msg,
	       extensions[0],
	       sizeof(struct sadb_msg));
	(*pfkey_msg)->sadb_msg_len = total_size;
	(*pfkey_msg)->sadb_msg_reserved = 0;
	extensions_seen =  1 ;
	
	/*
	 * point pfkey_ext to immediately after the space for the header,
	 * i.e. at the first extension location.
	 */
	pfkey_ext = (struct sadb_ext*)(((char*)(*pfkey_msg)) + sizeof(struct sadb_msg));

	for(ext = 1; ext <= SADB_EXT_MAX; ext++) {
		/* copy from extension[ext] to buffer */
		if(extensions[ext]) {    
			/* Is this type of extension permitted for this type of message? */
			if(!(extensions_bitmaps[dir][EXT_BITS_PERM][(*pfkey_msg)->sadb_msg_type] &
			     1<<ext)) {
				ERROR("pfkey_msg_build: "
					"ext type %d not permitted, exts_perm=%08x, 1<<type=%08x\n", 
					ext, 
					extensions_bitmaps[dir][EXT_BITS_PERM][(*pfkey_msg)->sadb_msg_type],
					1<<ext);
				SENDERR(EINVAL);
			}

			DEBUGGING(PF_KEY_DEBUG_BUILD,
				  "pfkey_msg_build: "
				  "copying %lu bytes from extensions[%u] (type=%d)\n",
				  (unsigned long)(extensions[ext]->sadb_ext_len * IPSEC_PFKEYv2_ALIGN),
				  ext,
				  extensions[ext]->sadb_ext_type);

			memcpy(pfkey_ext,
			       extensions[ext],
			       (extensions[ext])->sadb_ext_len * IPSEC_PFKEYv2_ALIGN);
			{
			  char *pfkey_ext_c = (char *)pfkey_ext;

			  pfkey_ext_c += (extensions[ext])->sadb_ext_len * IPSEC_PFKEYv2_ALIGN;
			  pfkey_ext = (struct sadb_ext *)pfkey_ext_c;
			}

			/* Mark that we have seen this extension and remember the header location */
			extensions_seen |= ( 1 << ext );
		}
	}

	/* check required extensions */
	DEBUGGING(PF_KEY_DEBUG_BUILD,
		"pfkey_msg_build: "
		"extensions permitted=%08x, seen=%08x, required=%08x.\n",
		extensions_bitmaps[dir][EXT_BITS_PERM][(*pfkey_msg)->sadb_msg_type],
		extensions_seen,
		extensions_bitmaps[dir][EXT_BITS_REQ][(*pfkey_msg)->sadb_msg_type]);
	
	if((extensions_seen &
	    extensions_bitmaps[dir][EXT_BITS_REQ][(*pfkey_msg)->sadb_msg_type]) !=
	   extensions_bitmaps[dir][EXT_BITS_REQ][(*pfkey_msg)->sadb_msg_type]) {
		DEBUGGING(PF_KEY_DEBUG_BUILD,
			"pfkey_msg_build: "
			"required extensions missing:%08x.\n",
			extensions_bitmaps[dir][EXT_BITS_REQ][(*pfkey_msg)->sadb_msg_type] -
			(extensions_seen &
			 extensions_bitmaps[dir][EXT_BITS_REQ][(*pfkey_msg)->sadb_msg_type]) );
		SENDERR(EINVAL);
	}

#ifndef __KERNEL__	
/*
 * this is silly, there is no need to reparse the message that we just built.
 *
 */
	if((error = pfkey_msg_parse(*pfkey_msg, NULL, extensions_check, dir))) {
		ERROR(
			"pfkey_msg_build: "
			"Trouble parsing newly built pfkey message, error=%d.\n",
			error);
		SENDERR(-error);
	}
#endif

errlab:

	return error;
}

/*
 * $Log: pfkey_v2_build.c,v $
 * Revision 1.51  2004/10/03 01:26:36  mcr
 * 	fixes for gcc 3.4 compilation.
 *
 * Revision 1.50  2004/07/10 07:48:35  mcr
 * Moved from linux/lib/libfreeswan/pfkey_v2_build.c,v
 *
 * Revision 1.49  2004/04/12 02:59:06  mcr
 *     erroneously moved pfkey_v2_build.c
 *
 * Revision 1.48  2004/04/09 18:00:40  mcr
 * Moved from linux/lib/libfreeswan/pfkey_v2_build.c,v
 *
 * Revision 1.47  2004/03/08 01:59:08  ken
 * freeswan.h -> openswan.h
 *
 * Revision 1.46  2003/12/10 01:20:19  mcr
 * 	NAT-traversal patches to KLIPS.
 *
 * Revision 1.45  2003/12/04 23:01:12  mcr
 * 	removed ipsec_netlink.h
 *
 * Revision 1.44  2003/10/31 02:27:12  mcr
 * 	pulled up port-selector patches and sa_id elimination.
 *
 * Revision 1.43.4.2  2003/10/29 01:11:32  mcr
 * 	added debugging for pfkey library.
 *
 * Revision 1.43.4.1  2003/09/21 13:59:44  mcr
 * 	pre-liminary X.509 patch - does not yet pass tests.
 *
 * Revision 1.43  2003/05/07 17:29:17  mcr
 * 	new function pfkey_debug_func added for us in debugging from
 * 	pfkey library.
 *
 * Revision 1.42  2003/01/30 02:32:09  rgb
 *
 * Rename SAref table macro names for clarity.
 * Convert IPsecSAref_t from signed to unsigned to fix apparent SAref exhaustion bug.
 *
 * Revision 1.41  2002/12/13 18:16:02  mcr
 * 	restored sa_ref code
 *
 * Revision 1.40  2002/12/13 18:06:52  mcr
 * 	temporarily removed sadb_x_sa_ref reference for 2.xx
 *
 * Revision 1.39  2002/12/13 17:43:28  mcr
 * 	commented out access to sadb_x_sa_ref for 2.xx branch
 *
 * Revision 1.38  2002/10/09 03:12:05  dhr
 *
 * [kenb+dhr] 64-bit fixes
 *
 * Revision 1.37  2002/09/20 15:40:39  rgb
 * Added new function pfkey_sa_ref_build() to accomodate saref parameter.
 *
 * Revision 1.36  2002/09/20 05:01:22  rgb
 * Generalise for platform independance: fix (ia64) using unsigned for sizes.
 *
 * Revision 1.35  2002/07/24 18:44:54  rgb
 * Type fiddling to tame ia64 compiler.
 *
 * Revision 1.34  2002/05/23 07:14:11  rgb
 * Cleaned up %p variants to 0p%p for test suite cleanup.
 *
 * Revision 1.33  2002/04/24 07:55:32  mcr
 * 	#include patches and Makefiles for post-reorg compilation.
 *
 * Revision 1.32  2002/04/24 07:36:40  mcr
 * Moved from ./lib/pfkey_v2_build.c,v
 *
 * Revision 1.31  2002/01/29 22:25:35  rgb
 * Re-add ipsec_kversion.h to keep MALLOC happy.
 *
 * Revision 1.30  2002/01/29 01:59:09  mcr
 * 	removal of kversions.h - sources that needed it now use ipsec_param.h.
 * 	updating of IPv6 structures to match latest in6.h version.
 * 	removed dead code from openswan.h that also duplicated kversions.h
 * 	code.
 *
 * Revision 1.29  2001/12/19 21:06:09  rgb
 * Added port numbers to pfkey_address_build() debugging.
 *
 * Revision 1.28  2001/11/06 19:47:47  rgb
 * Added packet parameter to lifetime and comb structures.
 *
 * Revision 1.27  2001/10/18 04:45:24  rgb
 * 2.4.9 kernel deprecates linux/malloc.h in favour of linux/slab.h,
 * lib/openswan.h version macros moved to lib/kversions.h.
 * Other compiler directive cleanups.
 *
 * Revision 1.26  2001/09/08 21:13:34  rgb
 * Added pfkey ident extension support for ISAKMPd. (NetCelo)
 *
 * Revision 1.25  2001/06/14 19:35:16  rgb
 * Update copyright date.
 *
 * Revision 1.24  2001/03/20 03:49:45  rgb
 * Ditch superfluous debug_pfkey declaration.
 * Move misplaced openswan.h inclusion for kernel case.
 *
 * Revision 1.23  2001/03/16 07:41:50  rgb
 * Put openswan.h include before pluto includes.
 *
 * Revision 1.22  2001/02/27 22:24:56  rgb
 * Re-formatting debug output (line-splitting, joining, 1arg/line).
 * Check for satoa() return codes.
 *
 * Revision 1.21  2000/11/17 18:10:30  rgb
 * Fixed bugs mostly relating to spirange, to treat all spi variables as
 * network byte order since this is the way PF_KEYv2 stored spis.
 *
 * Revision 1.20  2000/10/12 00:02:39  rgb
 * Removed 'format, ##' nonsense from debug macros for RH7.0.
 *
 * Revision 1.19  2000/10/10 20:10:20  rgb
 * Added support for debug_ipcomp and debug_verbose to klipsdebug.
 *
 * Revision 1.18  2000/09/12 18:59:54  rgb
 * Added Gerhard's IPv6 support to pfkey parts of libopenswan.
 *
 * Revision 1.17  2000/09/12 03:27:00  rgb
 * Moved DEBUGGING definition to compile kernel with debug off.
 *
 * Revision 1.16  2000/09/08 19:22:12  rgb
 * Fixed pfkey_prop_build() parameter to be only single indirection.
 * Fixed struct alg copy.
 *
 * Revision 1.15  2000/08/20 21:40:01  rgb
 * Added an address parameter sanity check to pfkey_address_build().
 *
 * Revision 1.14  2000/08/15 17:29:23  rgb
 * Fixes from SZI to untested pfkey_prop_build().
 *
 * Revision 1.13  2000/06/02 22:54:14  rgb
 * Added Gerhard Gessler's struct sockaddr_storage mods for IPv6 support.
 *
 * Revision 1.12  2000/05/10 19:24:01  rgb
 * Fleshed out sensitivity, proposal and supported extensions.
 *
 * Revision 1.11  2000/03/16 14:07:23  rgb
 * Renamed ALIGN macro to avoid fighting with others in kernel.
 *
 * Revision 1.10  2000/01/24 21:14:35  rgb
 * Added disabled pluto pfkey lib debug flag.
 *
 * Revision 1.9  2000/01/21 06:27:32  rgb
 * Added address cases for eroute flows.
 * Removed unused code.
 * Dropped unused argument to pfkey_x_satype_build().
 * Indented compiler directives for readability.
 * Added klipsdebug switching capability.
 * Fixed SADB_EXT_MAX bug not permitting last extension access.
 *
 * Revision 1.8  1999/12/29 21:17:41  rgb
 * Changed pfkey_msg_build() I/F to include a struct sadb_msg**
 * parameter for cleaner manipulation of extensions[] and to guard
 * against potential memory leaks.
 * Changed the I/F to pfkey_msg_free() for the same reason.
 *
 * Revision 1.7  1999/12/09 23:12:20  rgb
 * Removed unused cruft.
 * Added argument to pfkey_sa_build() to do eroutes.
 * Fixed exttype check in as yet unused pfkey_lifetime_build().
 *
 * Revision 1.6  1999/12/07 19:54:29  rgb
 * Removed static pluto debug flag.
 * Added functions for pfkey message and extensions initialisation
 * and cleanup.
 *
 * Revision 1.5  1999/12/01 22:20:06  rgb
 * Changed pfkey_sa_build to accept an SPI in network byte order.
 * Added <string.h> to quiet userspace compiler.
 * Moved pfkey_lib_debug variable into the library.
 * Removed SATYPE check from pfkey_msg_hdr_build so FLUSH will work.
 * Added extension assembly debugging.
 * Isolated assignment with brackets to be sure of scope.
 *
 * Revision 1.4  1999/11/27 11:57:35  rgb
 * Added ipv6 headers.
 * Remove over-zealous algorithm sanity checkers from pfkey_sa_build.
 * Debugging error messages added.
 * Fixed missing auth and encrypt assignment bug.
 * Add argument to pfkey_msg_parse() for direction.
 * Move parse-after-build check inside pfkey_msg_build().
 * Consolidated the 4 1-d extension bitmap arrays into one 4-d array.
 * Add CVS log entry to bottom of file.
 *
 */