📄 spi.c
字号:
SADB_EXT_IDENTITY_SRC, SADB_IDENTTYPE_PREFIX, 0, strlen(pfkey_ident_s_ska), pfkey_ident_s_ska))) { fprintf(stderr, "%s: Trouble building ident_s extension, error=%d.\n", progname, error); pfkey_extensions_free(extensions); exit(1); } if(subnettoa(addr, mask, format, pfkey_ident_s_ska, sizeof(pfkey_ident_s_ska) ) != sizeof(pfkey_ident_s_ska) ) { exit (1); } if((error = pfkey_ident_build(&extensions[SADB_EXT_IDENTITY_DST], SADB_EXT_IDENTITY_DST, SADB_IDENTTYPE_PREFIX, 0, strlen(pfkey_ident_d_ska), pfkey_ident_d_ska))) { fprintf(stderr, "%s: Trouble building ident_d extension, error=%d.\n", progname, error); pfkey_extensions_free(extensions); exit(1); } if(subnettoa(addr, mask, format, pfkey_ident_d_ska, sizeof(pfkey_ident_d_ska) ) != sizeof(pfkey_ident_d_ska) ) { exit (1); } if(debug) { fprintf(stdout, "%s: ident extensions assembled.\n", progname); }#endif /* PFKEY_IDENT */ } #ifdef NAT_TRAVERSAL if(natt != 0) { bool success; int err; err = pfkey_x_nat_t_type_build(&extensions[SADB_X_EXT_NAT_T_TYPE] , natt); success = pfkey_build(err , "pfkey_nat_t_type Add ESP SA" , ipsaid_txt, extensions); if(!success) return FALSE; if(debug) fprintf(stderr, "setting natt_type to %d\n", natt); if(sport != 0) { err = pfkey_x_nat_t_port_build(&extensions[SADB_X_EXT_NAT_T_SPORT] , SADB_X_EXT_NAT_T_SPORT , sport); success = pfkey_build(err , "pfkey_nat_t_sport Add ESP SA" , ipsaid_txt, extensions); if(debug) fprintf(stderr, "setting natt_sport to %d\n", sport); if(!success) return FALSE; } if(dport != 0) { err = pfkey_x_nat_t_port_build(&extensions[SADB_X_EXT_NAT_T_DPORT] , SADB_X_EXT_NAT_T_DPORT , dport); success = pfkey_build(err , "pfkey_nat_t_dport Add ESP SA" , ipsaid_txt, extensions); if(debug) fprintf(stderr, "setting natt_dport to %d\n", dport); if(!success) return FALSE; } #if 0 /* not yet implemented */ if(natt!=0 && !isanyaddr(&natt_oa)) { success = pfkeyext_address(SADB_X_EXT_NAT_T_OA, &natt_oa , "pfkey_nat_t_oa Add ESP SA" , ipsaid_txt, extensions); if(debug) fprintf(stderr, "setting nat_oa to %s\n" , ip_str(&natt_oa)); if(!success) return FALSE; }#endif }#endif /* NAT_TRAVERSAL */ if(debug) { fprintf(stdout, "%s: assembling pfkey msg....\n", progname); } if((error = pfkey_msg_build(&pfkey_msg, extensions, EXT_BITS_IN))) { fprintf(stderr, "%s: Trouble building pfkey message, error=%d.\n", progname, error); pfkey_extensions_free(extensions); pfkey_msg_free(&pfkey_msg); exit(1); } if(debug) { fprintf(stdout, "%s: assembled.\n", progname); } if(debug) { fprintf(stdout, "%s: writing pfkey msg.\n", progname); } io_error = write(pfkey_sock, pfkey_msg, pfkey_msg->sadb_msg_len * IPSEC_PFKEYv2_ALIGN); if(io_error < 0) { fprintf(stderr, "%s: pfkey write failed (errno=%d): ", progname, errno); pfkey_extensions_free(extensions); pfkey_msg_free(&pfkey_msg); switch(errno) { case EACCES: fprintf(stderr, "access denied. "); if(getuid() == 0) { fprintf(stderr, "Check permissions. Should be 600.\n"); } else { fprintf(stderr, "You must be root to open this file.\n"); } break; case EUNATCH: fprintf(stderr, "Netlink not enabled OR KLIPS not loaded.\n"); break; case EBUSY: fprintf(stderr, "KLIPS is busy. Most likely a serious internal error occured in a previous command. Please report as much detail as possible to development team.\n"); break; case EINVAL: fprintf(stderr, "Invalid argument, check kernel log messages for specifics.\n"); break; case ENODEV: fprintf(stderr, "KLIPS not loaded or enabled.\n"); fprintf(stderr, "No device?!?\n"); break; case ENOBUFS: fprintf(stderr, "No kernel memory to allocate SA.\n"); break; case ESOCKTNOSUPPORT: fprintf(stderr, "Algorithm support not available in the kernel. Please compile in support.\n"); break; case EEXIST: fprintf(stderr, "SA already in use. Delete old one first.\n"); break; case ENOENT: fprintf(stderr, "device does not exist. See FreeS/WAN installation procedure.\n"); break; case ENXIO: case ESRCH: fprintf(stderr, "SA does not exist. Cannot delete.\n"); break; case ENOSPC: fprintf(stderr, "no room in kernel SAref table. Cannot process request.\n"); break; case ESPIPE: fprintf(stderr, "kernel SAref table internal error. Cannot process request.\n"); break; default: fprintf(stderr, "Unknown socket write error %d (%s). Please report as much detail as possible to development team.\n", errno, strerror(errno)); } exit(1); } else if (io_error != (ssize_t)(pfkey_msg->sadb_msg_len * IPSEC_PFKEYv2_ALIGN)) { fprintf(stderr, "%s: pfkey write truncated to %d bytes\n", progname, (int)io_error); pfkey_extensions_free(extensions); pfkey_msg_free(&pfkey_msg); exit(1); } if(debug) { fprintf(stdout, "%s: pfkey command written to socket.\n", progname); } if(pfkey_msg) { pfkey_extensions_free(extensions); pfkey_msg_free(&pfkey_msg); } if(debug) { fprintf(stdout, "%s: pfkey message buffer freed.\n", progname); } if(authkey) { memset((caddr_t)authkey, 0, authkeylen); free(authkey); } if(enckey) { memset((caddr_t)enckey, 0, enckeylen); free(enckey); } if(iv) { memset((caddr_t)iv, 0, ivlen); free(iv); } if(listenreply || saref) { ssize_t readlen; unsigned char pfkey_buf[PFKEYv2_MAX_MSGSIZE]; while((readlen = read(pfkey_sock, pfkey_buf, sizeof(pfkey_buf))) > 0) { struct sadb_ext *extensions[SADB_EXT_MAX + 1]; pfkey_extensions_init(extensions); pfkey_msg = (struct sadb_msg *)pfkey_buf; /* first, see if we got enough for an sadb_msg */ if((size_t)readlen < sizeof(struct sadb_msg)) { if(debug) { printf("%s: runt packet of size: %ld (<%lu)\n", progname, (long)readlen, (unsigned long)sizeof(struct sadb_msg)); } continue; } /* okay, we got enough for a message, print it out */ if(debug) { printf("%s: pfkey v%d msg received. type=%d(%s) seq=%d len=%d pid=%d errno=%d satype=%d(%s)\n", progname, pfkey_msg->sadb_msg_version, pfkey_msg->sadb_msg_type, pfkey_v2_sadb_type_string(pfkey_msg->sadb_msg_type), pfkey_msg->sadb_msg_seq, pfkey_msg->sadb_msg_len, pfkey_msg->sadb_msg_pid, pfkey_msg->sadb_msg_errno, pfkey_msg->sadb_msg_satype, satype2name(pfkey_msg->sadb_msg_satype)); } if(readlen != (ssize_t)(pfkey_msg->sadb_msg_len * IPSEC_PFKEYv2_ALIGN)) { if(debug) { printf("%s: packet size read from socket=%d doesn't equal sadb_msg_len %u * %u; message not decoded\n", progname, (int)readlen, (unsigned)pfkey_msg->sadb_msg_len, (unsigned)IPSEC_PFKEYv2_ALIGN); } continue; } if (pfkey_msg_parse(pfkey_msg, NULL, extensions, EXT_BITS_OUT)) { if(debug) { printf("%s: unparseable PF_KEY message.\n", progname); } continue; } else { if(debug) { printf("%s: parseable PF_KEY message.\n", progname); } } if((pid_t)pfkey_msg->sadb_msg_pid == mypid) { if(saref) { printf("%s: saref=%d\n", progname, (extensions[SADB_EXT_SA] != NULL) ? ((struct sadb_sa*)(extensions[SADB_EXT_SA]))->sadb_x_sa_ref : IPSEC_SAREF_NULL); } break; } } } (void) close(pfkey_sock); /* close the socket */ if(debug || listenreply) { printf("%s: exited normally\n", progname); } exit(0);}void exit_tool(int x){ exit(x);}/* * $Log: spi.c,v $ * Revision 1.112.2.3 2006/02/15 04:36:36 paul * Added #ifdef NAT_TRAVERSAL for pfkey_build. The 'unused' warning caused * a compile failure when compiling without NAT_TRAVERSAL. * * Revision 1.112.2.2 2005/08/18 14:04:51 ken * Patch from mt@suse.de to avoid GCC warnings with system() calls * * Revision 1.112.2.1 2005/08/12 16:30:32 ken * Make tree PG13 * * Revision 1.112 2005/07/08 02:55:55 paul * fix gcc warning * * Revision 1.111 2005/05/12 03:08:23 mcr * do not mess with keysize for 3des/des. * * Revision 1.110 2005/04/06 17:56:24 mcr * document the --natt options. * * Revision 1.109 2005/03/29 03:49:36 ken * Cast to int to make x86_64 happy * * Revision 1.108 2005/02/14 04:45:46 ken * int -> size_t compile fix for SuSE 8.x * * Revision 1.107 2005/01/26 01:27:33 mcr * added nat-t parameters to manual keying. * * Revision 1.106 2004/04/29 04:08:28 mcr * broke out decode_esp() function, and use new * libopenswan code. * * Revision 1.105 2004/04/26 05:05:04 ken * Cast properly on 64bit platforms * * Revision 1.104 2004/04/18 03:08:02 mcr * use common files from libopenswan. * * Revision 1.103 2004/04/06 03:04:54 mcr * pullup of algo code from alg-branch. * * Revision 1.102 2004/04/04 01:53:13 ken * Use openswan includes * * Revision 1.101.4.2 2004/04/06 00:53:06 mcr * code adjusted to compile on branch * * Revision 1.101.4.1 2003/12/22 15:25:53 jjo * Merged algo-0.8.1-rc11-test1 into alg-branch * * Revision 1.101 2003/12/05 16:44:19 mcr * patches to avoid ipsec_netlink.h, which has been obsolete for * some time now. * * Revision 1.100 2003/09/10 00:01:38 mcr * fixes for gcc 3.3 from Matthias Bethke <Matthias.Bethke@gmx.net> * * Revision 1.99 2003/06/07 16:42:10 dhr * * adjust spi.c to conform to stronger type checking of GCC 3.3 * * Revision 1.98 2003/01/30 02:33:07 rgb * * Added ENOSPC for no room in SAref table and ESPIPE for SAref internal error. * * Revision 1.97 2002/12/13 18:16:08 mcr * restored sa_ref code * * Revision 1.96 2002/12/13 18:05:19 mcr * temporarily removed sadb_x_sa_ref reference for 2.xx * * Revision 1.95 2002/10/09 03:12:05 dhr * * [kenb+dhr] 64-bit fixes * * Revision 1.94 2002/09/26 15:46:34 dhr * * C labels must be on statements. * * Revision 1.93 2002/09/20 15:41:24 rgb * Added --saref option to print out saref returned by pfkey. * Fixed argcount bug introduced by --listenreply option. * * Revision 1.92 2002/09/20 05:02:21 rgb * Updated copyright date. * Cruft clean-out. * Cleaned up pfkey_lib_debug usage. * Added program_name to beginning of all output for consistency. * * Revision 1.91 2002/09/11 20:29:40 mcr * turn off automatic printing of reply unless --listenreply * is added. * * Revision 1.90 2002/09/11 18:48:26 mcr * have spi program read from the pfkey socket until it sees * a message with its own PID, then exit. * * Revision 1.89 2002/07/24 18:44:54 rgb * Type fiddling to tame ia64 compiler. * * Revision 1.88 2002/07/23 02:58:58 rgb * Fixed "opening" speeling mistake. * * Revision 1.87 2002/05/23 07:14:11 rgb * Cleaned up %p variants to 0p%p for test suite cleanup. * * Revision 1.86 2002/04/24 07:55:32 mcr * #include patches and Makefiles for post-reorg compilation. * * Revision 1.85 2002/04/24 07:35:40 mcr * Moved from ./klips/utils/spi.c,v * * Revision 1.84 2002/03/08 21:44:04 rgb * Update for all GNU-compliant --version strings. * * Revision 1.83 2002/02/20 00:01:53 rgb * Cleaned out unused code. * * Revision 1.82 2001/11/09 02:16:37 rgb * Fixed bug that erroneously required explicit af parameter for --said. * Fixed missing SA message on delete. * * Revision 1.81 2001/11/06 20:18:47 rgb * Added lifetime parameters. * * Revision 1.80 2001/10/25 06:57:10 rgb * Added space as legal delimiter in lifetime parameter list. * * Revision 1.79 2001/10/24 03:23:55 rgb * Moved lifetime option parsing to a seperate function and allowed for * comma-seperated lists of lifetime parameters. * Moved SATYPE registrations to a seperate function. * * Revision 1.78 2001/10/22 19:49:35 rgb * Added lifetime parameter capabilities. * * Revision 1.77 2001/10/02 17:17:17 rgb * Check error return for all "tto*" calls and report errors. This, in * conjuction with the fix to "tto*" will detect AF not set. * * Revision 1.76 2001/09/08 21:13:35 rgb * Added pfkey ident extension support for ISAKMPd. (NetCelo) * * Revision 1.75 2001/09/07 22:24:42 rgb * Added EAFNOSUPPORT socket open error code in case KLIPS is not loaded. * * Revision 1.74 2001/06/14 19:35:14 rgb * Update copyright date. * * Revision 1.73 2001/05/30 08:14:05 rgb * Removed vestiges of esp-null transforms. * * Revision 1.72 2001/05/21 02:02:55 rgb * Eliminate 1-letter options. * * Revision 1.71 2001/05/16 05:07:20 rgb * Fixed --label option in KLIPS manual utils to add the label to the * command name rather than replace it in error text. * Fix 'print table' non-option in KLIPS manual utils to deal with --label * and --debug options. * * Revision 1.70 2000/11/06 04:36:57 rgb * Display conversion on replay_window failure. * Don't register SATYPEs for manual. * * Revision 1.69 2000/09/28 00:37:20 rgb * Swapped order of pfkey_registration of IPCOMP and IPIP. * * Revision 1.68 2000/09/17 18:56:48 rgb * Added IPCOMP support. * * Revision 1.67 2000/09/12 22:36:45 rgb * Gerhard's IPv6 support. * * Revision 1.66 2000/09/08 19:17:31 rgb * Removed all references to CONFIG_IPSEC_PFKEYv2. * * Revision 1.65 2000/08/30 05:34:54 rgb * Minor clean-up. * * Revision 1.64 2000/08/27 01:50:51 rgb * Update copyright dates and fix replay window endian bug. * * Revision 1.63 2000/08/18 21:19:27 rgb * Removed no longer used resolve_ip() code. * * Revision 1.62 2000/08/01 14:51:53 rgb * Removed _all_ remaining traces of DES. * * Revision 1.61 2000/07/26 20:48:42 rgb * Fixed typo that caused compile failure. * * Revision 1.60 2000/07/26 03:41:46 rgb * Changed all printf's to fprintf's. Fixed tncfg's usage to stderr. * * Revision 1.59 2000/06/21 16:51:27 rgb * Added no additional argument option to usage text. * * Revision 1.58 2000/03/16 06:40:49 rgb * Hardcode PF_KEYv2 support. * * Revision 1.57 2000/01/22 23:22:46 rgb * Use new function proto2satype(). * * Revision 1.56 2000/01/21 09:42:32 rgb * Replace resolve_ip() with atoaddr() from freeswanlib. * * Revision 1.55 2000/01/21 06:24:57 rgb * Blasted any references in usage and code to deleted algos. * Removed DES usage. * Changed usage of memset on extensions to pfkey_extensions_init(). * * */⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -