1 /* $KAME: sainfo.c,v 1.16 2003/06/27 07:32:39 sakane Exp $ */
4 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the project nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
19 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include <sys/param.h>
35 #include <sys/types.h>
36 #include <sys/socket.h>
37 #include <sys/queue.h>
39 #include <netinet/in.h>
40 #include <netinet/in.h>
41 #ifdef HAVE_NETINET6_IPSEC
42 # include <netinet6/ipsec.h>
44 # include <netinet/ipsec.h>
59 #include "localconf.h"
60 #include "isakmp_var.h"
62 #include "ipsec_doi.h"
65 #include "algorithm.h"
69 static LIST_HEAD(_sitree, sainfo) sitree;
72 * modules for ipsec sa info
75 * return matching entry.
76 * no matching entry found and if there is anonymous entry, return it.
78 * XXX by each data type, should be changed to compare the buffer.
79 * First pass is for sainfo from a specified peer, second for others.
82 getsainfo(src, dst, peer)
83 const vchar_t *src, *dst, *peer;
85 struct sainfo *s = NULL;
86 struct sainfo *anonymous = NULL;
92 LIST_FOREACH(s, &sitree, chain) {
93 if (s->id_i != NULL) {
96 if (memcmp(peer->v, s->id_i->v, s->id_i->l) != 0)
100 if (s->idsrc == NULL) {
107 if (anonymous != NULL)
112 if (memcmp(src->v, s->idsrc->v, s->idsrc->l) == 0
113 && memcmp(dst->v, s->iddst->v, s->iddst->l) == 0)
118 plog(LLV_DEBUG, LOCATION, NULL,
119 "anonymous sainfo selected.\n");
120 } else if (pass == 1) {
133 new = racoon_calloc(1, sizeof(*new));
137 new->lifetime = IPSECDOI_ATTR_SA_LD_SEC_DEFAULT;
138 new->lifebyte = IPSECDOI_ATTR_SA_LD_KB_MAX;
149 for (i = 0; i < MAXALGCLASS; i++)
150 delsainfoalg(si->algs[i]);
164 LIST_INSERT_HEAD(&sitree, new, chain);
171 LIST_REMOVE(si, chain);
177 struct sainfo *s, *next;
179 for (s = LIST_FIRST(&sitree); s; s = next) {
180 next = LIST_NEXT(s, chain);
195 struct sainfoalg *new;
197 new = racoon_calloc(1, sizeof(*new));
206 struct sainfoalg *alg;
208 struct sainfoalg *a, *next;
210 for (a = alg; a; a = next) {
217 inssainfoalg(head, new)
218 struct sainfoalg **head;
219 struct sainfoalg *new;
223 for (a = *head; a && a->next; a = a->next)
233 const struct sainfo *si;
235 static char buf[256];
237 if (si->idsrc == NULL)
238 snprintf(buf, sizeof(buf), "anonymous");
240 snprintf(buf, sizeof(buf), "%s", ipsecdoi_id2str(si->idsrc));
241 snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf),
242 " %s", ipsecdoi_id2str(si->iddst));
245 if (si->id_i != NULL)
246 snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf),
247 " from %s", ipsecdoi_id2str(si->id_i));