1 /*	$NetBSD: pfkey.c,v 1.62 2021/12/05 04:54:20 msaitoh Exp $	*/
2 
3 /* $Id: pfkey.c,v 1.62 2021/12/05 04:54:20 msaitoh Exp $ */
4 
5 /*
6  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
7  * All rights reserved.
8  *
9  * Redistribution and use in source and binary forms, with or without
10  * modification, are permitted provided that the following conditions
11  * are met:
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions and the following disclaimer.
14  * 2. Redistributions in binary form must reproduce the above copyright
15  *    notice, this list of conditions and the following disclaimer in the
16  *    documentation and/or other materials provided with the distribution.
17  * 3. Neither the name of the project nor the names of its contributors
18  *    may be used to endorse or promote products derived from this software
19  *    without specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31  * SUCH DAMAGE.
32  */
33 
34 #include "config.h"
35 
36 #include <stdlib.h>
37 #include <string.h>
38 #include <stdio.h>
39 #include <netdb.h>
40 #include <errno.h>
41 #ifdef HAVE_UNISTD_H
42 #include <unistd.h>
43 #endif
44 #include <netdb.h>
45 #include <netinet/in.h>
46 #include <arpa/inet.h>
47 
48 #ifdef ENABLE_NATT
49 # ifdef __linux__
50 #  include <linux/udp.h>
51 # endif
52 # if defined(__NetBSD__) || defined(__FreeBSD__) ||	\
53   (defined(__APPLE__) && defined(__MACH__))
54 #  include <netinet/udp.h>
55 # endif
56 #endif
57 
58 #include <sys/types.h>
59 #include <sys/param.h>
60 #include <sys/socket.h>
61 #include <sys/queue.h>
62 #include <sys/sysctl.h>
63 
64 #include <net/route.h>
65 #include <net/pfkeyv2.h>
66 
67 #include <netinet/in.h>
68 #include PATH_IPSEC_H
69 #include <fcntl.h>
70 
71 #include "libpfkey.h"
72 
73 #include "var.h"
74 #include "misc.h"
75 #include "vmbuf.h"
76 #include "plog.h"
77 #include "sockmisc.h"
78 #include "session.h"
79 #include "debug.h"
80 
81 #include "schedule.h"
82 #include "localconf.h"
83 #include "remoteconf.h"
84 #include "handler.h"
85 #include "policy.h"
86 #include "proposal.h"
87 #include "isakmp_var.h"
88 #include "isakmp.h"
89 #include "isakmp_inf.h"
90 #include "ipsec_doi.h"
91 #include "oakley.h"
92 #include "pfkey.h"
93 #include "algorithm.h"
94 #include "sainfo.h"
95 #include "admin.h"
96 #include "evt.h"
97 #include "privsep.h"
98 #include "strnames.h"
99 #include "backupsa.h"
100 #include "gcmalloc.h"
101 #include "nattraversal.h"
102 #include "crypto_openssl.h"
103 #include "grabmyaddr.h"
104 
105 #if defined(SADB_X_EALG_RIJNDAELCBC) && !defined(SADB_X_EALG_AESCBC)
106 #define SADB_X_EALG_AESCBC  SADB_X_EALG_RIJNDAELCBC
107 #endif
108 
109 /* prototype */
110 static u_int ipsecdoi2pfkey_aalg __P((u_int));
111 static u_int ipsecdoi2pfkey_ealg __P((u_int));
112 static u_int ipsecdoi2pfkey_calg __P((u_int));
113 static u_int ipsecdoi2pfkey_alg __P((u_int, u_int));
114 static u_int keylen_aalg __P((u_int));
115 static u_int keylen_ealg __P((u_int, int));
116 
117 static int pk_recvgetspi __P((caddr_t *));
118 static int pk_recvupdate __P((caddr_t *));
119 static int pk_recvadd __P((caddr_t *));
120 static int pk_recvdelete __P((caddr_t *));
121 static int pk_recvacquire __P((caddr_t *));
122 static int pk_recvexpire __P((caddr_t *));
123 static int pk_recvflush __P((caddr_t *));
124 static int getsadbpolicy __P((caddr_t *, int *, int, struct ph2handle *));
125 static int pk_recvspdupdate __P((caddr_t *));
126 static int pk_recvspdadd __P((caddr_t *));
127 static int pk_recvspddelete __P((caddr_t *));
128 static int pk_recvspdexpire __P((caddr_t *));
129 static int pk_recvspdget __P((caddr_t *));
130 static int pk_recvspddump __P((caddr_t *));
131 static int pk_recvspdflush __P((caddr_t *));
132 #if defined(SADB_X_MIGRATE) && defined(SADB_X_EXT_KMADDRESS)
133 static int pk_recvmigrate __P((caddr_t *));
134 #endif
135 static struct sadb_msg *pk_recv __P((int, int *));
136 
137 static int (*pkrecvf[]) __P((caddr_t *)) = {
138 NULL,
139 pk_recvgetspi,
140 pk_recvupdate,
141 pk_recvadd,
142 pk_recvdelete,
143 NULL,	/* SADB_GET */
144 pk_recvacquire,
145 NULL,	/* SABD_REGISTER */
146 pk_recvexpire,
147 pk_recvflush,
148 NULL,	/* SADB_DUMP */
149 NULL,	/* SADB_X_PROMISC */
150 NULL,	/* SADB_X_PCHANGE */
151 pk_recvspdupdate,
152 pk_recvspdadd,
153 pk_recvspddelete,
154 pk_recvspdget,
155 NULL,	/* SADB_X_SPDACQUIRE */
156 pk_recvspddump,
157 pk_recvspdflush,
158 NULL,	/* SADB_X_SPDSETIDX */
159 pk_recvspdexpire,
160 NULL,	/* SADB_X_SPDDELETE2 */
161 NULL,	/* SADB_X_NAT_T_NEW_MAPPING */
162 #if defined(SADB_X_MIGRATE) && defined(SADB_X_EXT_KMADDRESS)
163 pk_recvmigrate,
164 #else
165 NULL,	/* SADB_X_MIGRATE */
166 #endif
167 #if (SADB_MAX > 24)
168 #error "SADB extra message?"
169 #endif
170 };
171 
172 static int addnewsp __P((caddr_t *, struct sockaddr *, struct sockaddr *));
173 
174 /* cope with old kame headers - ugly */
175 #ifndef SADB_X_AALG_MD5
176 #define SADB_X_AALG_MD5		SADB_AALG_MD5
177 #endif
178 #ifndef SADB_X_AALG_SHA
179 #define SADB_X_AALG_SHA		SADB_AALG_SHA
180 #endif
181 #ifndef SADB_X_AALG_NULL
182 #define SADB_X_AALG_NULL	SADB_AALG_NULL
183 #endif
184 
185 #ifndef SADB_X_EALG_BLOWFISHCBC
186 #define SADB_X_EALG_BLOWFISHCBC	SADB_EALG_BLOWFISHCBC
187 #endif
188 #ifndef SADB_X_EALG_CAST128CBC
189 #define SADB_X_EALG_CAST128CBC	SADB_EALG_CAST128CBC
190 #endif
191 #ifndef SADB_X_EALG_RC5CBC
192 #ifdef SADB_EALG_RC5CBC
193 #define SADB_X_EALG_RC5CBC	SADB_EALG_RC5CBC
194 #endif
195 #endif
196 
197 /*
198  * PF_KEY packet handler
199  *	0: success
200  *	-1: fail
201  */
202 static int
pfkey_handler(void * ctx,int fd)203 pfkey_handler(void *ctx, int fd)
204 {
205 	struct sadb_msg *msg;
206 	int len;
207 	caddr_t mhp[SADB_EXT_MAX + 1];
208 	int error = -1;
209 
210 	/* receive pfkey message. */
211 	len = 0;
212 	msg = (struct sadb_msg *) pk_recv(fd, &len);
213 	if (msg == NULL) {
214 		if (len < 0) {
215 		        /* do not report EAGAIN as error; well get
216 		         * called from main loop later. and it's normal
217 		         * when spd dump is received during reload and
218 		         * this function is called in loop. */
219 		        if (errno == EAGAIN)
220 		                goto end;
221 
222 			plog(LLV_ERROR, LOCATION, NULL,
223 				"failed to recv from pfkey (%s)\n",
224 				strerror(errno));
225 			goto end;
226 		} else {
227 			/* short message - msg not ready */
228 			return 0;
229 		}
230 	}
231 
232 	plog(LLV_DEBUG, LOCATION, NULL, "got pfkey %s message\n",
233 		s_pfkey_type(msg->sadb_msg_type));
234 	plogdump(LLV_DEBUG2, msg, msg->sadb_msg_len << 3);
235 
236 	/* validity check */
237 	if (msg->sadb_msg_errno) {
238 		int pri;
239 
240 		/* when SPD is empty, treat the state as no error. */
241 		if (msg->sadb_msg_type == SADB_X_SPDDUMP &&
242 		    msg->sadb_msg_errno == ENOENT)
243 			pri = LLV_DEBUG;
244 		else
245 			pri = LLV_ERROR;
246 
247 		plog(pri, LOCATION, NULL,
248 			"pfkey %s failed: %s\n",
249 			s_pfkey_type(msg->sadb_msg_type),
250 			strerror(msg->sadb_msg_errno));
251 
252 		goto end;
253 	}
254 
255 	/* check pfkey message. */
256 	if (pfkey_align(msg, mhp)) {
257 		plog(LLV_ERROR, LOCATION, NULL,
258 			"libipsec failed pfkey align (%s)\n",
259 			ipsec_strerror());
260 		goto end;
261 	}
262 	if (pfkey_check(mhp)) {
263 		plog(LLV_ERROR, LOCATION, NULL,
264 			"libipsec failed pfkey check (%s)\n",
265 			ipsec_strerror());
266 		goto end;
267 	}
268 	msg = (struct sadb_msg *)mhp[0];
269 
270 	/* safety check */
271 	if (msg->sadb_msg_type >= ARRAYLEN(pkrecvf)) {
272 		plog(LLV_ERROR, LOCATION, NULL,
273 			"unknown PF_KEY message type=%u\n",
274 			msg->sadb_msg_type);
275 		goto end;
276 	}
277 
278 	if (pkrecvf[msg->sadb_msg_type] == NULL) {
279 		plog(LLV_INFO, LOCATION, NULL,
280 			"unsupported PF_KEY message %s\n",
281 			s_pfkey_type(msg->sadb_msg_type));
282 		goto end;
283 	}
284 
285 	if ((pkrecvf[msg->sadb_msg_type])(mhp) < 0)
286 		goto end;
287 
288 	error = 1;
289 end:
290 	if (msg)
291 		racoon_free(msg);
292 	return(error);
293 }
294 
295 /*
296  * dump SADB
297  */
298 vchar_t *
pfkey_dump_sadb(satype)299 pfkey_dump_sadb(satype)
300 	int satype;
301 {
302 	int s;
303 	vchar_t *buf = NULL;
304 	pid_t pid = getpid();
305 	struct sadb_msg *msg = NULL;
306 	size_t bl, ml;
307 	int len;
308 	int bufsiz;
309 
310 	if ((s = privsep_socket(PF_KEY, SOCK_RAW, PF_KEY_V2)) < 0) {
311 		plog(LLV_ERROR, LOCATION, NULL,
312 			"libipsec failed pfkey open: %s\n",
313 			ipsec_strerror());
314 		return NULL;
315 	}
316 
317 	if ((bufsiz = pfkey_set_buffer_size(s, lcconf->pfkey_buffer_size)) < 0) {
318 		plog(LLV_ERROR, LOCATION, NULL,
319 		     "libipsec failed pfkey set buffer size to %d: %s\n",
320 		     lcconf->pfkey_buffer_size, ipsec_strerror());
321 		return NULL;
322 	} else if (bufsiz < lcconf->pfkey_buffer_size) {
323 		plog(LLV_WARNING, LOCATION, NULL,
324 		     "pfkey socket receive buffer set to %dKB, instead of %d\n",
325 		     bufsiz, lcconf->pfkey_buffer_size);
326 	}
327 
328 	plog(LLV_DEBUG, LOCATION, NULL, "call pfkey_send_dump\n");
329 	if (pfkey_send_dump(s, satype) < 0) {
330 		plog(LLV_ERROR, LOCATION, NULL,
331 			"libipsec failed dump: %s\n", ipsec_strerror());
332 		goto fail;
333 	}
334 
335 	while (1) {
336 		if (msg)
337 			racoon_free(msg);
338 		msg = pk_recv(s, &len);
339 		if (msg == NULL) {
340 			if (len < 0)
341 				goto done;
342 			else
343 				continue;
344 		}
345 
346 		if (msg->sadb_msg_type != SADB_DUMP || msg->sadb_msg_pid != pid)
347 		{
348 		    plog(LLV_DEBUG, LOCATION, NULL,
349 			 "discarding non-sadb dump msg %p, our pid=%i\n", msg, pid);
350 		    plog(LLV_DEBUG, LOCATION, NULL,
351 			 "type %i, pid %i\n", msg->sadb_msg_type, msg->sadb_msg_pid);
352 		    continue;
353 		}
354 
355 
356 		ml = msg->sadb_msg_len << 3;
357 		bl = buf ? buf->l : 0;
358 		buf = vrealloc(buf, bl + ml);
359 		if (buf == NULL) {
360 			plog(LLV_ERROR, LOCATION, NULL,
361 				"failed to reallocate buffer to dump.\n");
362 			goto fail;
363 		}
364 		memcpy(buf->v + bl, msg, ml);
365 
366 		if (msg->sadb_msg_seq == 0)
367 			break;
368 	}
369 	goto done;
370 
371 fail:
372 	if (buf)
373 		vfree(buf);
374 	buf = NULL;
375 done:
376 	if (msg)
377 		racoon_free(msg);
378 	close(s);
379 	return buf;
380 }
381 
382 #ifdef ENABLE_ADMINPORT
383 /*
384  * flush SADB
385  */
386 void
pfkey_flush_sadb(proto)387 pfkey_flush_sadb(proto)
388 	u_int proto;
389 {
390 	int satype;
391 
392 	/* convert to SADB_SATYPE */
393 	if ((satype = admin2pfkey_proto(proto)) < 0)
394 		return;
395 
396 	plog(LLV_DEBUG, LOCATION, NULL, "call pfkey_send_flush\n");
397 	if (pfkey_send_flush(lcconf->sock_pfkey, satype) < 0) {
398 		plog(LLV_ERROR, LOCATION, NULL,
399 			"libipsec failed send flush (%s)\n", ipsec_strerror());
400 		return;
401 	}
402 
403 	return;
404 }
405 #endif
406 
407 /*
408  * These are the SATYPEs that we manage.  We register to get
409  * PF_KEY messages related to these SATYPEs, and we also use
410  * this list to determine which SATYPEs to delete SAs for when
411  * we receive an INITIAL-CONTACT.
412  */
413 const struct pfkey_satype pfkey_satypes[] = {
414 	{ SADB_SATYPE_AH,	"AH" },
415 	{ SADB_SATYPE_ESP,	"ESP" },
416 	{ SADB_X_SATYPE_IPCOMP,	"IPCOMP" },
417 };
418 const int pfkey_nsatypes =
419     sizeof(pfkey_satypes) / sizeof(pfkey_satypes[0]);
420 
421 /*
422  * PF_KEY initialization
423  */
424 int
pfkey_init()425 pfkey_init()
426 {
427 	int i, reg_fail;
428 	int bufsiz;
429 
430 	if ((lcconf->sock_pfkey = pfkey_open()) < 0) {
431 		plog(LLV_ERROR, LOCATION, NULL,
432 			"libipsec failed pfkey open (%s)\n", ipsec_strerror());
433 		return -1;
434 	}
435 	if ((bufsiz = pfkey_set_buffer_size(lcconf->sock_pfkey,
436 					    lcconf->pfkey_buffer_size)) < 0) {
437 		plog(LLV_ERROR, LOCATION, NULL,
438 		     "libipsec failed to set pfkey buffer size to %d (%s)\n",
439 		     lcconf->pfkey_buffer_size, ipsec_strerror());
440 		return -1;
441 	} else if (bufsiz < lcconf->pfkey_buffer_size) {
442 		plog(LLV_WARNING, LOCATION, NULL,
443 		     "pfkey socket receive buffer set to %dKB, instead of %d\n",
444 		     bufsiz, lcconf->pfkey_buffer_size);
445 	}
446 
447 	if (fcntl(lcconf->sock_pfkey, F_SETFL, O_NONBLOCK) == -1)
448 		plog(LLV_WARNING, LOCATION, NULL,
449 		    "failed to set the pfkey socket to NONBLOCK\n");
450 
451 	for (i = 0, reg_fail = 0; i < pfkey_nsatypes; i++) {
452 		plog(LLV_DEBUG, LOCATION, NULL,
453 		    "call pfkey_send_register for %s\n",
454 		    pfkey_satypes[i].ps_name);
455 		if (pfkey_send_register(lcconf->sock_pfkey,
456 					pfkey_satypes[i].ps_satype) < 0 ||
457 		    pfkey_recv_register(lcconf->sock_pfkey) < 0) {
458 			plog(LLV_WARNING, LOCATION, NULL,
459 			    "failed to register %s (%s)\n",
460 			    pfkey_satypes[i].ps_name,
461 			    ipsec_strerror());
462 			reg_fail++;
463 		}
464 	}
465 
466 	if (reg_fail == pfkey_nsatypes) {
467 		plog(LLV_ERROR, LOCATION, NULL,
468 			"failed to regist any protocol.\n");
469 		pfkey_close(lcconf->sock_pfkey);
470 		return -1;
471 	}
472 
473 	initsp();
474 
475 	if (pfkey_send_spddump(lcconf->sock_pfkey) < 0) {
476 		plog(LLV_ERROR, LOCATION, NULL,
477 			"libipsec sending spddump failed: %s\n",
478 			ipsec_strerror());
479 		pfkey_close(lcconf->sock_pfkey);
480 		return -1;
481 	}
482 #if 0
483 	if (pfkey_promisc_toggle(1) < 0) {
484 		pfkey_close(lcconf->sock_pfkey);
485 		return -1;
486 	}
487 #endif
488 	monitor_fd(lcconf->sock_pfkey, pfkey_handler, NULL, 0);
489 	return 0;
490 }
491 
492 int
pfkey_reload()493 pfkey_reload()
494 {
495 	flushsp();
496 
497 	if (pfkey_send_spddump(lcconf->sock_pfkey) < 0) {
498 		plog(LLV_ERROR, LOCATION, NULL,
499 			"libipsec sending spddump failed: %s\n",
500 			ipsec_strerror());
501 		return -1;
502 	}
503 
504 	while (pfkey_handler(NULL, lcconf->sock_pfkey) > 0)
505 		continue;
506 
507 	return 0;
508 }
509 
510 /* %%% for conversion */
511 /* IPSECDOI_ATTR_AUTH -> SADB_AALG */
512 static u_int
ipsecdoi2pfkey_aalg(hashtype)513 ipsecdoi2pfkey_aalg(hashtype)
514 	u_int hashtype;
515 {
516 	switch (hashtype) {
517 	case IPSECDOI_ATTR_AUTH_HMAC_MD5:
518 		return SADB_AALG_MD5HMAC;
519 	case IPSECDOI_ATTR_AUTH_HMAC_SHA1:
520 		return SADB_AALG_SHA1HMAC;
521 	case IPSECDOI_ATTR_AUTH_HMAC_SHA2_256:
522 #if (defined SADB_X_AALG_SHA2_256) && !defined(SADB_X_AALG_SHA2_256HMAC)
523 		return SADB_X_AALG_SHA2_256;
524 #else
525 		return SADB_X_AALG_SHA2_256HMAC;
526 #endif
527 	case IPSECDOI_ATTR_AUTH_HMAC_SHA2_384:
528 #if (defined SADB_X_AALG_SHA2_384) && !defined(SADB_X_AALG_SHA2_384HMAC)
529 		return SADB_X_AALG_SHA2_384;
530 #else
531 		return SADB_X_AALG_SHA2_384HMAC;
532 #endif
533 	case IPSECDOI_ATTR_AUTH_HMAC_SHA2_512:
534 #if (defined SADB_X_AALG_SHA2_512) && !defined(SADB_X_AALG_SHA2_512HMAC)
535 		return SADB_X_AALG_SHA2_512;
536 #else
537 		return SADB_X_AALG_SHA2_512HMAC;
538 #endif
539 	case IPSECDOI_ATTR_AUTH_KPDK:		/* need special care */
540 		return SADB_AALG_NONE;
541 
542 	/* not supported */
543 	case IPSECDOI_ATTR_AUTH_DES_MAC:
544 		plog(LLV_ERROR, LOCATION, NULL,
545 			"Not supported hash type: %u\n", hashtype);
546 		return ~0;
547 
548 	case 0: /* reserved */
549 	default:
550 		return SADB_AALG_NONE;
551 
552 		plog(LLV_ERROR, LOCATION, NULL,
553 			"Invalid hash type: %u\n", hashtype);
554 		return ~0;
555 	}
556 	/*NOTREACHED*/
557 }
558 
559 /* IPSECDOI_ESP -> SADB_EALG */
560 static u_int
ipsecdoi2pfkey_ealg(t_id)561 ipsecdoi2pfkey_ealg(t_id)
562 	u_int t_id;
563 {
564 	switch (t_id) {
565 	case IPSECDOI_ESP_DES_IV64:		/* sa_flags |= SADB_X_EXT_OLD */
566 		return SADB_EALG_DESCBC;
567 	case IPSECDOI_ESP_DES:
568 		return SADB_EALG_DESCBC;
569 	case IPSECDOI_ESP_3DES:
570 		return SADB_EALG_3DESCBC;
571 #ifdef SADB_X_EALG_RC5CBC
572 	case IPSECDOI_ESP_RC5:
573 		return SADB_X_EALG_RC5CBC;
574 #endif
575 	case IPSECDOI_ESP_CAST:
576 		return SADB_X_EALG_CAST128CBC;
577 	case IPSECDOI_ESP_BLOWFISH:
578 		return SADB_X_EALG_BLOWFISHCBC;
579 	case IPSECDOI_ESP_DES_IV32:	/* flags |= (SADB_X_EXT_OLD|
580 							SADB_X_EXT_IV4B)*/
581 		return SADB_EALG_DESCBC;
582 	case IPSECDOI_ESP_NULL:
583 		return SADB_EALG_NULL;
584 #ifdef SADB_X_EALG_AESCBC
585 	case IPSECDOI_ESP_AES:
586 		return SADB_X_EALG_AESCBC;
587 #endif
588 #ifdef SADB_X_EALG_AESGCM16
589 	case IPSECDOI_ESP_AESGCM16:
590 		return SADB_X_EALG_AESGCM16;
591 #endif
592 #ifdef SADB_X_EALG_TWOFISHCBC
593 	case IPSECDOI_ESP_TWOFISH:
594 		return SADB_X_EALG_TWOFISHCBC;
595 #endif
596 #ifdef SADB_X_EALG_CAMELLIACBC
597 	case IPSECDOI_ESP_CAMELLIA:
598 		return SADB_X_EALG_CAMELLIACBC;
599 #endif
600 
601 	/* not supported */
602 	case IPSECDOI_ESP_3IDEA:
603 	case IPSECDOI_ESP_IDEA:
604 	case IPSECDOI_ESP_RC4:
605 		plog(LLV_ERROR, LOCATION, NULL,
606 			"Not supported transform: %u\n", t_id);
607 		return ~0;
608 
609 	case 0: /* reserved */
610 	default:
611 		plog(LLV_ERROR, LOCATION, NULL,
612 			"Invalid transform id: %u\n", t_id);
613 		return ~0;
614 	}
615 	/*NOTREACHED*/
616 }
617 
618 /* IPCOMP -> SADB_CALG */
619 static u_int
ipsecdoi2pfkey_calg(t_id)620 ipsecdoi2pfkey_calg(t_id)
621 	u_int t_id;
622 {
623 	switch (t_id) {
624 	case IPSECDOI_IPCOMP_OUI:
625 		return SADB_X_CALG_OUI;
626 	case IPSECDOI_IPCOMP_DEFLATE:
627 		return SADB_X_CALG_DEFLATE;
628 	case IPSECDOI_IPCOMP_LZS:
629 		return SADB_X_CALG_LZS;
630 
631 	case 0: /* reserved */
632 	default:
633 		plog(LLV_ERROR, LOCATION, NULL,
634 			"Invalid transform id: %u\n", t_id);
635 		return ~0;
636 	}
637 	/*NOTREACHED*/
638 }
639 
640 /* IPSECDOI_PROTO -> SADB_SATYPE */
641 u_int
ipsecdoi2pfkey_proto(proto)642 ipsecdoi2pfkey_proto(proto)
643 	u_int proto;
644 {
645 	switch (proto) {
646 	case IPSECDOI_PROTO_IPSEC_AH:
647 		return SADB_SATYPE_AH;
648 	case IPSECDOI_PROTO_IPSEC_ESP:
649 		return SADB_SATYPE_ESP;
650 	case IPSECDOI_PROTO_IPCOMP:
651 		return SADB_X_SATYPE_IPCOMP;
652 
653 	default:
654 		plog(LLV_ERROR, LOCATION, NULL,
655 			"Invalid ipsec_doi proto: %u\n", proto);
656 		return ~0;
657 	}
658 	/*NOTREACHED*/
659 }
660 
661 static u_int
ipsecdoi2pfkey_alg(algclass,type)662 ipsecdoi2pfkey_alg(algclass, type)
663 	u_int algclass, type;
664 {
665 	switch (algclass) {
666 	case IPSECDOI_ATTR_AUTH:
667 		return ipsecdoi2pfkey_aalg(type);
668 	case IPSECDOI_PROTO_IPSEC_ESP:
669 		return ipsecdoi2pfkey_ealg(type);
670 	case IPSECDOI_PROTO_IPCOMP:
671 		return ipsecdoi2pfkey_calg(type);
672 	default:
673 		plog(LLV_ERROR, LOCATION, NULL,
674 			"Invalid ipsec_doi algclass: %u\n", algclass);
675 		return ~0;
676 	}
677 	/*NOTREACHED*/
678 }
679 
680 /* SADB_SATYPE -> IPSECDOI_PROTO */
681 u_int
pfkey2ipsecdoi_proto(satype)682 pfkey2ipsecdoi_proto(satype)
683 	u_int satype;
684 {
685 	switch (satype) {
686 	case SADB_SATYPE_AH:
687 		return IPSECDOI_PROTO_IPSEC_AH;
688 	case SADB_SATYPE_ESP:
689 		return IPSECDOI_PROTO_IPSEC_ESP;
690 	case SADB_X_SATYPE_IPCOMP:
691 		return IPSECDOI_PROTO_IPCOMP;
692 
693 	default:
694 		plog(LLV_ERROR, LOCATION, NULL,
695 			"Invalid pfkey proto: %u\n", satype);
696 		return ~0;
697 	}
698 	/*NOTREACHED*/
699 }
700 
701 /* IPSECDOI_ATTR_ENC_MODE -> IPSEC_MODE */
702 u_int
ipsecdoi2pfkey_mode(mode)703 ipsecdoi2pfkey_mode(mode)
704 	u_int mode;
705 {
706 	switch (mode) {
707 	case IPSECDOI_ATTR_ENC_MODE_TUNNEL:
708 #ifdef ENABLE_NATT
709 	case IPSECDOI_ATTR_ENC_MODE_UDPTUNNEL_RFC:
710 	case IPSECDOI_ATTR_ENC_MODE_UDPTUNNEL_DRAFT:
711 #endif
712 		return IPSEC_MODE_TUNNEL;
713 	case IPSECDOI_ATTR_ENC_MODE_TRNS:
714 #ifdef ENABLE_NATT
715 	case IPSECDOI_ATTR_ENC_MODE_UDPTRNS_RFC:
716 	case IPSECDOI_ATTR_ENC_MODE_UDPTRNS_DRAFT:
717 #endif
718 		return IPSEC_MODE_TRANSPORT;
719 	default:
720 		plog(LLV_ERROR, LOCATION, NULL, "Invalid mode type: %u\n", mode);
721 		return ~0;
722 	}
723 	/*NOTREACHED*/
724 }
725 
726 /* IPSECDOI_ATTR_ENC_MODE -> IPSEC_MODE */
727 u_int
pfkey2ipsecdoi_mode(mode)728 pfkey2ipsecdoi_mode(mode)
729 	u_int mode;
730 {
731 	switch (mode) {
732 	case IPSEC_MODE_TUNNEL:
733 		return IPSECDOI_ATTR_ENC_MODE_TUNNEL;
734 	case IPSEC_MODE_TRANSPORT:
735 		return IPSECDOI_ATTR_ENC_MODE_TRNS;
736 	case IPSEC_MODE_ANY:
737 		return IPSECDOI_ATTR_ENC_MODE_ANY;
738 	default:
739 		plog(LLV_ERROR, LOCATION, NULL, "Invalid mode type: %u\n", mode);
740 		return ~0;
741 	}
742 	/*NOTREACHED*/
743 }
744 
745 /* default key length for encryption algorithm */
746 static u_int
keylen_aalg(hashtype)747 keylen_aalg(hashtype)
748 	u_int hashtype;
749 {
750 	int res;
751 
752 	if (hashtype == 0)
753 		return SADB_AALG_NONE;
754 
755 	res = alg_ipsec_hmacdef_hashlen(hashtype);
756 	if (res == -1) {
757 		plog(LLV_ERROR, LOCATION, NULL,
758 			"invalid hmac algorithm %u.\n", hashtype);
759 		return ~0;
760 	}
761 	return res;
762 }
763 
764 /* default key length for encryption algorithm */
765 static u_int
keylen_ealg(enctype,encklen)766 keylen_ealg(enctype, encklen)
767 	u_int enctype;
768 	int encklen;
769 {
770 	int res;
771 
772 	res = alg_ipsec_encdef_keylen(enctype, encklen);
773 	if (res == -1) {
774 		plog(LLV_ERROR, LOCATION, NULL,
775 			"invalid encryption algorithm %u.\n", enctype);
776 		return ~0;
777 	}
778 	return res;
779 }
780 
781 void
pk_fixup_sa_addresses(mhp)782 pk_fixup_sa_addresses(mhp)
783 	caddr_t *mhp;
784 {
785 	struct sockaddr *src, *dst;
786 
787 	src = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_SRC]);
788 	dst = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_DST]);
789 	set_port(src, PORT_ISAKMP);
790 	set_port(dst, PORT_ISAKMP);
791 
792 #ifdef ENABLE_NATT
793 	if (PFKEY_ADDR_X_NATTYPE(mhp[SADB_X_EXT_NAT_T_TYPE])) {
794 		/* NAT-T is enabled for this SADB entry; copy
795 		 * the ports from NAT-T extensions */
796 		if(mhp[SADB_X_EXT_NAT_T_SPORT] != NULL)
797 			set_port(src, PFKEY_ADDR_X_PORT(mhp[SADB_X_EXT_NAT_T_SPORT]));
798 		if(mhp[SADB_X_EXT_NAT_T_DPORT] != NULL)
799 			set_port(dst, PFKEY_ADDR_X_PORT(mhp[SADB_X_EXT_NAT_T_DPORT]));
800 	}
801 #endif
802 }
803 
804 int
pfkey_convertfromipsecdoi(proto_id,t_id,hashtype,e_type,e_keylen,a_type,a_keylen,flags)805 pfkey_convertfromipsecdoi(proto_id, t_id, hashtype,
806 		e_type, e_keylen, a_type, a_keylen, flags)
807 	u_int proto_id;
808 	u_int t_id;
809 	u_int hashtype;
810 	u_int *e_type;
811 	u_int *e_keylen;
812 	u_int *a_type;
813 	u_int *a_keylen;
814 	u_int *flags;
815 {
816 	*flags = 0;
817 	switch (proto_id) {
818 	case IPSECDOI_PROTO_IPSEC_ESP:
819 		if ((*e_type = ipsecdoi2pfkey_ealg(t_id)) == ~0)
820 			goto bad;
821 		if ((*e_keylen = keylen_ealg(t_id, *e_keylen)) == ~0)
822 			goto bad;
823 		*e_keylen >>= 3;
824 
825 		if ((*a_type = ipsecdoi2pfkey_aalg(hashtype)) == ~0)
826 			goto bad;
827 		if ((*a_keylen = keylen_aalg(hashtype)) == ~0)
828 			goto bad;
829 		*a_keylen >>= 3;
830 
831 		if (*e_type == SADB_EALG_NONE) {
832 			plog(LLV_ERROR, LOCATION, NULL, "no ESP algorithm.\n");
833 			goto bad;
834 		}
835 		break;
836 
837 	case IPSECDOI_PROTO_IPSEC_AH:
838 		if ((*a_type = ipsecdoi2pfkey_aalg(hashtype)) == ~0)
839 			goto bad;
840 		if ((*a_keylen = keylen_aalg(hashtype)) == ~0)
841 			goto bad;
842 		*a_keylen >>= 3;
843 
844 		if (t_id == IPSECDOI_ATTR_AUTH_HMAC_MD5
845 		 && hashtype == IPSECDOI_ATTR_AUTH_KPDK) {
846 			/* AH_MD5 + Auth(KPDK) = RFC1826 keyed-MD5 */
847 			*a_type = SADB_X_AALG_MD5;
848 			*flags |= SADB_X_EXT_OLD;
849 		}
850 		*e_type = SADB_EALG_NONE;
851 		*e_keylen = 0;
852 		if (*a_type == SADB_AALG_NONE) {
853 			plog(LLV_ERROR, LOCATION, NULL, "no AH algorithm.\n");
854 			goto bad;
855 		}
856 		break;
857 
858 	case IPSECDOI_PROTO_IPCOMP:
859 		if ((*e_type = ipsecdoi2pfkey_calg(t_id)) == ~0)
860 			goto bad;
861 		*e_keylen = 0;
862 
863 		*flags = SADB_X_EXT_RAWCPI;
864 
865 		*a_type = SADB_AALG_NONE;
866 		*a_keylen = 0;
867 		if (*e_type == SADB_X_CALG_NONE) {
868 			plog(LLV_ERROR, LOCATION, NULL, "no IPCOMP algorithm.\n");
869 			goto bad;
870 		}
871 		break;
872 
873 	default:
874 		plog(LLV_ERROR, LOCATION, NULL, "unknown IPsec protocol.\n");
875 		goto bad;
876 	}
877 
878 	return 0;
879 
880     bad:
881 	errno = EINVAL;
882 	return -1;
883 }
884 
885 /*%%%*/
886 /* send getspi message per ipsec protocol per remote address */
887 /*
888  * the local address and remote address in ph1handle are dealed
889  * with destination address and source address respectively.
890  * Because SPI is decided by responder.
891  */
892 int
pk_sendgetspi(iph2)893 pk_sendgetspi(iph2)
894 	struct ph2handle *iph2;
895 {
896 	struct sockaddr *src = NULL, *dst = NULL;
897 	u_int satype, mode;
898 	struct saprop *pp;
899 	struct saproto *pr;
900 	u_int32_t minspi, maxspi;
901 	u_int8_t natt_type = 0;
902 	u_int16_t sport = 0, dport = 0;
903 
904 	if (iph2->side == INITIATOR)
905 		pp = iph2->proposal;
906 	else
907 		pp = iph2->approval;
908 
909 	if (iph2->sa_src && iph2->sa_dst) {
910 		/* MIPv6: Use SA addresses, not IKE ones */
911 		src = dupsaddr(iph2->sa_src);
912 		dst = dupsaddr(iph2->sa_dst);
913 	} else {
914 		/* Common case: SA addresses and IKE ones are the same */
915 		src = dupsaddr(iph2->src);
916 		dst = dupsaddr(iph2->dst);
917 	}
918 
919 	if (src == NULL || dst == NULL) {
920 		racoon_free(src);
921 		racoon_free(dst);
922 		return -1;
923 	}
924 
925 	for (pr = pp->head; pr != NULL; pr = pr->next) {
926 
927 		/* validity check */
928 		satype = ipsecdoi2pfkey_proto(pr->proto_id);
929 		if (satype == ~0) {
930 			plog(LLV_ERROR, LOCATION, NULL,
931 				"invalid proto_id %d\n", pr->proto_id);
932 			racoon_free(src);
933 			racoon_free(dst);
934 			return -1;
935 		}
936 		/* this works around a bug in Linux kernel where it allocates 4 byte
937 		   spi's for IPCOMP */
938 		else if (satype == SADB_X_SATYPE_IPCOMP) {
939 			minspi = 0x100;
940 			maxspi = 0xffff;
941 		}
942 		else {
943 			minspi = 0;
944 			maxspi = 0;
945 		}
946 		mode = ipsecdoi2pfkey_mode(pr->encmode);
947 		if (mode == ~0) {
948 			plog(LLV_ERROR, LOCATION, NULL,
949 				"invalid encmode %d\n", pr->encmode);
950 			racoon_free(src);
951 			racoon_free(dst);
952 			return -1;
953 		}
954 
955 #ifdef ENABLE_NATT
956 		if (pr->udp_encap) {
957 			natt_type = iph2->ph1->natt_options->encaps_type;
958 			sport=extract_port(src);
959 			dport=extract_port(dst);
960 		}
961 #endif
962 
963 		plog(LLV_DEBUG, LOCATION, NULL, "call pfkey_send_getspi\n");
964 		if (pfkey_send_getspi_nat(
965 				lcconf->sock_pfkey,
966 				satype,
967 				mode,
968 				dst,			/* src of SA */
969 				src,			/* dst of SA */
970 				natt_type,
971 				dport,
972 				sport,
973 				minspi, maxspi,
974 				pr->reqid_in, iph2->seq) < 0) {
975 			plog(LLV_ERROR, LOCATION, NULL,
976 				"ipseclib failed send getspi (%s)\n",
977 				ipsec_strerror());
978 			racoon_free(src);
979 			racoon_free(dst);
980 			return -1;
981 		}
982 		plog(LLV_DEBUG, LOCATION, NULL,
983 			"pfkey GETSPI sent: %s\n",
984 			sadbsecas2str(dst, src, satype, 0, mode));
985 	}
986 
987 	racoon_free(src);
988 	racoon_free(dst);
989 	return 0;
990 }
991 
992 /*
993  * receive GETSPI from kernel.
994  */
995 static int
pk_recvgetspi(mhp)996 pk_recvgetspi(mhp)
997 	caddr_t *mhp;
998 {
999 	struct sadb_msg *msg;
1000 	struct sadb_sa *sa;
1001 	struct ph2handle *iph2;
1002 	struct sockaddr *src, *dst;
1003 	int proto_id;
1004 	int allspiok, notfound;
1005 	struct saprop *pp;
1006 	struct saproto *pr;
1007 
1008 	/* validity check */
1009 	if (mhp[SADB_EXT_SA] == NULL
1010 	 || mhp[SADB_EXT_ADDRESS_DST] == NULL
1011 	 || mhp[SADB_EXT_ADDRESS_SRC] == NULL) {
1012 		plog(LLV_ERROR, LOCATION, NULL,
1013 			"inappropriate sadb getspi message passed.\n");
1014 		return -1;
1015 	}
1016 	msg = (struct sadb_msg *)mhp[0];
1017 	sa = (struct sadb_sa *)mhp[SADB_EXT_SA];
1018 	pk_fixup_sa_addresses(mhp);
1019 	dst = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_SRC]); /* note SA dir */
1020 	src = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_DST]);
1021 
1022 	/* the message has to be processed or not ? */
1023 	if (msg->sadb_msg_pid != getpid()) {
1024 		plog(LLV_DEBUG, LOCATION, NULL,
1025 			"%s message is not interesting "
1026 			"because pid %d is not mine.\n",
1027 			s_pfkey_type(msg->sadb_msg_type),
1028 			msg->sadb_msg_pid);
1029 		return -1;
1030 	}
1031 
1032 	iph2 = getph2byseq(msg->sadb_msg_seq);
1033 	if (iph2 == NULL) {
1034 		plog(LLV_DEBUG, LOCATION, NULL,
1035 			"seq %d of %s message not interesting.\n",
1036 			msg->sadb_msg_seq,
1037 			s_pfkey_type(msg->sadb_msg_type));
1038 		return -1;
1039 	}
1040 
1041 	if (iph2->status != PHASE2ST_GETSPISENT) {
1042 		plog(LLV_ERROR, LOCATION, NULL,
1043 			"status mismatch (db:%d msg:%d)\n",
1044 			iph2->status, PHASE2ST_GETSPISENT);
1045 		return -1;
1046 	}
1047 
1048 	/* set SPI, and check to get all spi whether or not */
1049 	allspiok = 1;
1050 	notfound = 1;
1051 	proto_id = pfkey2ipsecdoi_proto(msg->sadb_msg_satype);
1052 	pp = iph2->side == INITIATOR ? iph2->proposal : iph2->approval;
1053 
1054 	for (pr = pp->head; pr != NULL; pr = pr->next) {
1055 		if (pr->proto_id == proto_id && pr->spi == 0) {
1056 			pr->spi = sa->sadb_sa_spi;
1057 			notfound = 0;
1058 			plog(LLV_DEBUG, LOCATION, NULL,
1059 				"pfkey GETSPI succeeded: %s\n",
1060 				sadbsecas2str(dst, src,
1061 				    msg->sadb_msg_satype,
1062 				    sa->sadb_sa_spi,
1063 				    ipsecdoi2pfkey_mode(pr->encmode)));
1064 		}
1065 		if (pr->spi == 0)
1066 			allspiok = 0;	/* not get all spi */
1067 	}
1068 
1069 	if (notfound) {
1070 		plog(LLV_ERROR, LOCATION, NULL,
1071 			"get spi for unknown address %s\n",
1072 			saddrwop2str(dst));
1073 		return -1;
1074 	}
1075 
1076 	if (allspiok) {
1077 		/* update status */
1078 		iph2->status = PHASE2ST_GETSPIDONE;
1079 		if (isakmp_post_getspi(iph2) < 0) {
1080 			plog(LLV_ERROR, LOCATION, NULL,
1081 				"failed to start post getspi.\n");
1082 			remph2(iph2);
1083 			delph2(iph2);
1084 			iph2 = NULL;
1085 			return -1;
1086 		}
1087 	}
1088 
1089 	return 0;
1090 }
1091 
1092 /*
1093  * set inbound SA
1094  */
1095 int
pk_sendupdate(iph2)1096 pk_sendupdate(iph2)
1097 	struct ph2handle *iph2;
1098 {
1099 	struct saproto *pr;
1100 	struct pfkey_send_sa_args sa_args;
1101 
1102 	/* sanity check */
1103 	if (iph2->approval == NULL) {
1104 		plog(LLV_ERROR, LOCATION, NULL,
1105 			"no approvaled SAs found.\n");
1106 		return -1;
1107 	}
1108 
1109 	/* fill in some needed for pfkey_send_update2 */
1110 	memset (&sa_args, 0, sizeof (sa_args));
1111 	sa_args.so = lcconf->sock_pfkey;
1112 	if (iph2->lifetime_secs)
1113 		sa_args.l_addtime = iph2->lifetime_secs;
1114 	else
1115 		sa_args.l_addtime = iph2->approval->lifetime;
1116 	sa_args.seq = iph2->seq;
1117 	sa_args.wsize = 4;
1118 
1119 	if (iph2->sa_src && iph2->sa_dst) {
1120 		/* MIPv6: Use SA addresses, not IKE ones */
1121 		sa_args.dst = dupsaddr(iph2->sa_src);
1122 		sa_args.src = dupsaddr(iph2->sa_dst);
1123 	} else {
1124 		/* Common case: SA addresses and IKE ones are the same */
1125 		sa_args.dst = dupsaddr(iph2->src);
1126 		sa_args.src = dupsaddr(iph2->dst);
1127 	}
1128 
1129 	if (sa_args.src == NULL || sa_args.dst == NULL) {
1130 		racoon_free(sa_args.src);
1131 		racoon_free(sa_args.dst);
1132 		return -1;
1133 	}
1134 
1135 	for (pr = iph2->approval->head; pr != NULL; pr = pr->next) {
1136 		/* validity check */
1137 		sa_args.satype = ipsecdoi2pfkey_proto(pr->proto_id);
1138 		if (sa_args.satype == ~0) {
1139 			plog(LLV_ERROR, LOCATION, NULL,
1140 				"invalid proto_id %d\n", pr->proto_id);
1141 			racoon_free(sa_args.src);
1142 			racoon_free(sa_args.dst);
1143 			return -1;
1144 		}
1145 		else if (sa_args.satype == SADB_X_SATYPE_IPCOMP) {
1146 			/* IPCOMP has no replay window */
1147 			sa_args.wsize = 0;
1148 		}
1149 #ifdef ENABLE_SAMODE_UNSPECIFIED
1150 		sa_args.mode = IPSEC_MODE_ANY;
1151 #else
1152 		sa_args.mode = ipsecdoi2pfkey_mode(pr->encmode);
1153 		if (sa_args.mode == ~0) {
1154 			plog(LLV_ERROR, LOCATION, NULL,
1155 				"invalid encmode %d\n", pr->encmode);
1156 			racoon_free(sa_args.src);
1157 			racoon_free(sa_args.dst);
1158 			return -1;
1159 		}
1160 #endif
1161 		/* set algorithm type and key length */
1162 		sa_args.e_keylen = pr->head->encklen;
1163 		if (pfkey_convertfromipsecdoi(
1164 				pr->proto_id,
1165 				pr->head->trns_id,
1166 				pr->head->authtype,
1167 				&sa_args.e_type, &sa_args.e_keylen,
1168 				&sa_args.a_type, &sa_args.a_keylen,
1169 				&sa_args.flags) < 0){
1170 			racoon_free(sa_args.src);
1171 			racoon_free(sa_args.dst);
1172 			return -1;
1173 		}
1174 
1175 #if 0
1176 		sa_args.l_bytes = iph2->approval->lifebyte * 1024,
1177 #else
1178 		sa_args.l_bytes = 0;
1179 #endif
1180 
1181 #ifdef HAVE_SECCTX
1182 		if (*iph2->approval->sctx.ctx_str) {
1183 			sa_args.ctxdoi = iph2->approval->sctx.ctx_doi;
1184 			sa_args.ctxalg = iph2->approval->sctx.ctx_alg;
1185 			sa_args.ctxstrlen = iph2->approval->sctx.ctx_strlen;
1186 			sa_args.ctxstr = iph2->approval->sctx.ctx_str;
1187 		}
1188 #endif /* HAVE_SECCTX */
1189 
1190 #ifdef ENABLE_NATT
1191 		if (pr->udp_encap) {
1192 			sa_args.l_natt_type = iph2->ph1->natt_options->encaps_type;
1193 			sa_args.l_natt_sport = extract_port(iph2->ph1->remote);
1194 			sa_args.l_natt_dport = extract_port(iph2->ph1->local);
1195 			sa_args.l_natt_oa = iph2->natoa_src;
1196 #ifdef SADB_X_EXT_NAT_T_FRAG
1197 			sa_args.l_natt_frag = iph2->ph1->rmconf->esp_frag;
1198 #endif
1199 		}
1200 #endif
1201 
1202 		/* more info to fill in */
1203 		sa_args.spi = pr->spi;
1204 		sa_args.reqid = pr->reqid_in;
1205 		sa_args.keymat = pr->keymat->v;
1206 
1207 		plog(LLV_DEBUG, LOCATION, NULL, "call pfkey_send_update2\n");
1208 		if (pfkey_send_update2(&sa_args) < 0) {
1209 			plog(LLV_ERROR, LOCATION, NULL,
1210 				"libipsec failed send update (%s)\n",
1211 				ipsec_strerror());
1212 			racoon_free(sa_args.src);
1213 			racoon_free(sa_args.dst);
1214 			return -1;
1215 		}
1216 
1217 		if (!lcconf->pathinfo[LC_PATHTYPE_BACKUPSA])
1218 			continue;
1219 
1220 		/*
1221 		 * It maybe good idea to call backupsa_to_file() after
1222 		 * racoon will receive the sadb_update messages.
1223 		 * But it is impossible because there is not key in the
1224 		 * information from the kernel.
1225 		 */
1226 
1227 		/* change some things before backing up */
1228 		sa_args.wsize = 4;
1229 		sa_args.l_bytes = iph2->approval->lifebyte * 1024;
1230 
1231 		if (backupsa_to_file(&sa_args) < 0) {
1232 			plog(LLV_ERROR, LOCATION, NULL,
1233 				"backuped SA failed: %s\n",
1234 				sadbsecas2str(sa_args.src, sa_args.dst,
1235 				sa_args.satype, sa_args.spi, sa_args.mode));
1236 		}
1237 		plog(LLV_DEBUG, LOCATION, NULL,
1238 			"backuped SA: %s\n",
1239 			sadbsecas2str(sa_args.src, sa_args.dst,
1240 			sa_args.satype, sa_args.spi, sa_args.mode));
1241 	}
1242 
1243 	racoon_free(sa_args.src);
1244 	racoon_free(sa_args.dst);
1245 	return 0;
1246 }
1247 
1248 static int
pk_recvupdate(mhp)1249 pk_recvupdate(mhp)
1250 	caddr_t *mhp;
1251 {
1252 	struct sadb_msg *msg;
1253 	struct sadb_sa *sa;
1254 	struct sockaddr *src, *dst;
1255 	struct ph2handle *iph2;
1256 	u_int proto_id, encmode, sa_mode;
1257 	int incomplete = 0;
1258 	struct saproto *pr;
1259 
1260 	/* ignore this message because of local test mode. */
1261 	if (f_local)
1262 		return 0;
1263 
1264 	/* sanity check */
1265 	if (mhp[0] == NULL
1266 	 || mhp[SADB_EXT_SA] == NULL
1267 	 || mhp[SADB_EXT_ADDRESS_SRC] == NULL
1268 	 || mhp[SADB_EXT_ADDRESS_DST] == NULL) {
1269 		plog(LLV_ERROR, LOCATION, NULL,
1270 			"inappropriate sadb update message passed.\n");
1271 		return -1;
1272 	}
1273 	msg = (struct sadb_msg *)mhp[0];
1274 	pk_fixup_sa_addresses(mhp);
1275 	src = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_SRC]);
1276 	dst = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_DST]);
1277 	sa = (struct sadb_sa *)mhp[SADB_EXT_SA];
1278 
1279 	sa_mode = mhp[SADB_X_EXT_SA2] == NULL
1280 		? IPSEC_MODE_ANY
1281 		: ((struct sadb_x_sa2 *)mhp[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
1282 
1283 	/* the message has to be processed or not ? */
1284 	if (msg->sadb_msg_pid != getpid()) {
1285 		plog(LLV_DEBUG, LOCATION, NULL,
1286 			"%s message is not interesting "
1287 			"because pid %d is not mine.\n",
1288 			s_pfkey_type(msg->sadb_msg_type),
1289 			msg->sadb_msg_pid);
1290 		return -1;
1291 	}
1292 
1293 	iph2 = getph2byseq(msg->sadb_msg_seq);
1294 	if (iph2 == NULL) {
1295 		plog(LLV_DEBUG, LOCATION, NULL,
1296 			"seq %d of %s message not interesting.\n",
1297 			msg->sadb_msg_seq,
1298 			s_pfkey_type(msg->sadb_msg_type));
1299 		return -1;
1300 	}
1301 
1302 	if (iph2->status != PHASE2ST_ADDSA) {
1303 		plog(LLV_ERROR, LOCATION, NULL,
1304 			"status mismatch (db:%d msg:%d)\n",
1305 			iph2->status, PHASE2ST_ADDSA);
1306 		return -1;
1307 	}
1308 
1309 	/* check to complete all keys ? */
1310 	for (pr = iph2->approval->head; pr != NULL; pr = pr->next) {
1311 		proto_id = pfkey2ipsecdoi_proto(msg->sadb_msg_satype);
1312 		if (proto_id == ~0) {
1313 			plog(LLV_ERROR, LOCATION, NULL,
1314 				"invalid proto_id %d\n", msg->sadb_msg_satype);
1315 			return -1;
1316 		}
1317 		encmode = pfkey2ipsecdoi_mode(sa_mode);
1318 		if (encmode == ~0) {
1319 			plog(LLV_ERROR, LOCATION, NULL,
1320 				"invalid encmode %d\n", sa_mode);
1321 			return -1;
1322 		}
1323 
1324 		if (pr->proto_id == proto_id
1325 		 && pr->spi == sa->sadb_sa_spi) {
1326 			pr->ok = 1;
1327 			plog(LLV_DEBUG, LOCATION, NULL,
1328 				"pfkey UPDATE succeeded: %s\n",
1329 				sadbsecas2str(dst, src,
1330 				    msg->sadb_msg_satype,
1331 				    sa->sadb_sa_spi,
1332 				    sa_mode));
1333 
1334 			plog(LLV_INFO, LOCATION, NULL,
1335 				"IPsec-SA established: %s\n",
1336 				sadbsecas2str(dst, src,
1337 					msg->sadb_msg_satype, sa->sadb_sa_spi,
1338 					sa_mode));
1339 		}
1340 
1341 		if (pr->ok == 0)
1342 			incomplete = 1;
1343 	}
1344 
1345 	if (incomplete)
1346 		return 0;
1347 
1348 	/* turn off the timer for calling pfkey_timeover() */
1349 	sched_cancel(&iph2->sce);
1350 
1351 	/* update status */
1352 	iph2->status = PHASE2ST_ESTABLISHED;
1353 	evt_phase2(iph2, EVT_PHASE2_UP, NULL);
1354 
1355 #ifdef ENABLE_STATS
1356 	gettimeofday(&iph2->end, NULL);
1357 	syslog(LOG_NOTICE, "%s(%s): %8.6f",
1358 		"phase2", "quick", timedelta(&iph2->start, &iph2->end));
1359 #endif
1360 
1361 	/* turn off schedule */
1362 	sched_cancel(&iph2->scr);
1363 
1364 	/*
1365 	 * since we are going to reuse the phase2 handler, we need to
1366 	 * remain it and refresh all the references between ph1 and ph2 to use.
1367 	 */
1368 	sched_schedule(&iph2->sce, iph2->approval->lifetime,
1369 		       isakmp_ph2expire_stub);
1370 
1371 	plog(LLV_DEBUG, LOCATION, NULL, "===\n");
1372 	return 0;
1373 }
1374 
1375 /*
1376  * set outbound SA
1377  */
1378 int
pk_sendadd(iph2)1379 pk_sendadd(iph2)
1380 	struct ph2handle *iph2;
1381 {
1382 	struct saproto *pr;
1383 	struct pfkey_send_sa_args sa_args;
1384 
1385 	/* sanity check */
1386 	if (iph2->approval == NULL) {
1387 		plog(LLV_ERROR, LOCATION, NULL,
1388 			"no approvaled SAs found.\n");
1389 		return -1;
1390 	}
1391 
1392 	/* fill in some needed for pfkey_send_update2 */
1393 	memset (&sa_args, 0, sizeof (sa_args));
1394 	sa_args.so = lcconf->sock_pfkey;
1395 	if (iph2->lifetime_secs)
1396 		sa_args.l_addtime = iph2->lifetime_secs;
1397 	else
1398 		sa_args.l_addtime = iph2->approval->lifetime;
1399 	sa_args.seq = iph2->seq;
1400 	sa_args.wsize = 4;
1401 
1402 	if (iph2->sa_src && iph2->sa_dst) {
1403 		/* MIPv6: Use SA addresses, not IKE ones */
1404 		sa_args.src = dupsaddr(iph2->sa_src);
1405 		sa_args.dst = dupsaddr(iph2->sa_dst);
1406 	} else {
1407 		/* Common case: SA addresses and IKE ones are the same */
1408 		sa_args.src = dupsaddr(iph2->src);
1409 		sa_args.dst = dupsaddr(iph2->dst);
1410 	}
1411 
1412 	if (sa_args.src == NULL || sa_args.dst == NULL) {
1413 		racoon_free(sa_args.src);
1414 		racoon_free(sa_args.dst);
1415 		return -1;
1416 	}
1417 
1418 	for (pr = iph2->approval->head; pr != NULL; pr = pr->next) {
1419 		/* validity check */
1420 		sa_args.satype = ipsecdoi2pfkey_proto(pr->proto_id);
1421 		if (sa_args.satype == ~0) {
1422 			plog(LLV_ERROR, LOCATION, NULL,
1423 				"invalid proto_id %d\n", pr->proto_id);
1424 			racoon_free(sa_args.src);
1425 			racoon_free(sa_args.dst);
1426 			return -1;
1427 		}
1428 		else if (sa_args.satype == SADB_X_SATYPE_IPCOMP) {
1429 			/* no replay window for IPCOMP */
1430 			sa_args.wsize = 0;
1431 		}
1432 #ifdef ENABLE_SAMODE_UNSPECIFIED
1433 		sa_args.mode = IPSEC_MODE_ANY;
1434 #else
1435 		sa_args.mode = ipsecdoi2pfkey_mode(pr->encmode);
1436 		if (sa_args.mode == ~0) {
1437 			plog(LLV_ERROR, LOCATION, NULL,
1438 				"invalid encmode %d\n", pr->encmode);
1439 			racoon_free(sa_args.src);
1440 			racoon_free(sa_args.dst);
1441 			return -1;
1442 		}
1443 #endif
1444 
1445 		/* set algorithm type and key length */
1446 		sa_args.e_keylen = pr->head->encklen;
1447 		if (pfkey_convertfromipsecdoi(
1448 				pr->proto_id,
1449 				pr->head->trns_id,
1450 				pr->head->authtype,
1451 				&sa_args.e_type, &sa_args.e_keylen,
1452 				&sa_args.a_type, &sa_args.a_keylen,
1453 				&sa_args.flags) < 0){
1454 			racoon_free(sa_args.src);
1455 			racoon_free(sa_args.dst);
1456 			return -1;
1457 		}
1458 
1459 #if 0
1460 		sa_args.l_bytes = iph2->approval->lifebyte * 1024,
1461 #else
1462 		sa_args.l_bytes = 0;
1463 #endif
1464 
1465 #ifdef HAVE_SECCTX
1466 		if (*iph2->approval->sctx.ctx_str) {
1467 			sa_args.ctxdoi = iph2->approval->sctx.ctx_doi;
1468 			sa_args.ctxalg = iph2->approval->sctx.ctx_alg;
1469 			sa_args.ctxstrlen = iph2->approval->sctx.ctx_strlen;
1470 			sa_args.ctxstr = iph2->approval->sctx.ctx_str;
1471 		}
1472 #endif /* HAVE_SECCTX */
1473 
1474 #ifdef ENABLE_NATT
1475 		plog(LLV_DEBUG, LOCATION, NULL, "call pfkey_send_add2 "
1476 		    "(NAT flavor)\n");
1477 
1478 		if (pr->udp_encap) {
1479 			sa_args.l_natt_type = UDP_ENCAP_ESPINUDP;
1480 			sa_args.l_natt_sport = extract_port(iph2->ph1->local);
1481 			sa_args.l_natt_dport = extract_port(iph2->ph1->remote);
1482 			sa_args.l_natt_oa = iph2->natoa_dst;
1483 #ifdef SADB_X_EXT_NAT_T_FRAG
1484 			sa_args.l_natt_frag = iph2->ph1->rmconf->esp_frag;
1485 #endif
1486 		}
1487 #endif
1488 		/* more info to fill in */
1489 		sa_args.spi = pr->spi_p;
1490 		sa_args.reqid = pr->reqid_out;
1491 		sa_args.keymat = pr->keymat_p->v;
1492 
1493 		plog(LLV_DEBUG, LOCATION, NULL, "call pfkey_send_add2\n");
1494 		if (pfkey_send_add2(&sa_args) < 0) {
1495 			plog(LLV_ERROR, LOCATION, NULL,
1496 				"libipsec failed send add (%s)\n",
1497 				ipsec_strerror());
1498 			racoon_free(sa_args.src);
1499 			racoon_free(sa_args.dst);
1500 			return -1;
1501 		}
1502 
1503 		if (!lcconf->pathinfo[LC_PATHTYPE_BACKUPSA])
1504 			continue;
1505 
1506 		/*
1507 		 * It maybe good idea to call backupsa_to_file() after
1508 		 * racoon will receive the sadb_update messages.
1509 		 * But it is impossible because there is not key in the
1510 		 * information from the kernel.
1511 		 */
1512 		if (backupsa_to_file(&sa_args) < 0) {
1513 			plog(LLV_ERROR, LOCATION, NULL,
1514 				"backuped SA failed: %s\n",
1515 				sadbsecas2str(sa_args.src, sa_args.dst,
1516 				sa_args.satype, sa_args.spi, sa_args.mode));
1517 		}
1518 		plog(LLV_DEBUG, LOCATION, NULL,
1519 			"backuped SA: %s\n",
1520 			sadbsecas2str(sa_args.src, sa_args.dst,
1521 			sa_args.satype, sa_args.spi, sa_args.mode));
1522 	}
1523 	racoon_free(sa_args.src);
1524 	racoon_free(sa_args.dst);
1525 	return 0;
1526 }
1527 
1528 static int
pk_recvadd(mhp)1529 pk_recvadd(mhp)
1530 	caddr_t *mhp;
1531 {
1532 	struct sadb_msg *msg;
1533 	struct sadb_sa *sa;
1534 	struct sockaddr *src, *dst;
1535 	struct ph2handle *iph2;
1536 	u_int sa_mode;
1537 
1538 	/* ignore this message because of local test mode. */
1539 	if (f_local)
1540 		return 0;
1541 
1542 	/* sanity check */
1543 	if (mhp[0] == NULL
1544 	 || mhp[SADB_EXT_SA] == NULL
1545 	 || mhp[SADB_EXT_ADDRESS_SRC] == NULL
1546 	 || mhp[SADB_EXT_ADDRESS_DST] == NULL) {
1547 		plog(LLV_ERROR, LOCATION, NULL,
1548 			"inappropriate sadb add message passed.\n");
1549 		return -1;
1550 	}
1551 	msg = (struct sadb_msg *)mhp[0];
1552 	pk_fixup_sa_addresses(mhp);
1553 	src = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_SRC]);
1554 	dst = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_DST]);
1555 	sa = (struct sadb_sa *)mhp[SADB_EXT_SA];
1556 
1557 	sa_mode = mhp[SADB_X_EXT_SA2] == NULL
1558 		? IPSEC_MODE_ANY
1559 		: ((struct sadb_x_sa2 *)mhp[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
1560 
1561 	/* the message has to be processed or not ? */
1562 	if (msg->sadb_msg_pid != getpid()) {
1563 		plog(LLV_DEBUG, LOCATION, NULL,
1564 			"%s message is not interesting "
1565 			"because pid %d is not mine.\n",
1566 			s_pfkey_type(msg->sadb_msg_type),
1567 			msg->sadb_msg_pid);
1568 		return -1;
1569 	}
1570 
1571 	iph2 = getph2byseq(msg->sadb_msg_seq);
1572 	if (iph2 == NULL) {
1573 		plog(LLV_DEBUG, LOCATION, NULL,
1574 			"seq %d of %s message not interesting.\n",
1575 			msg->sadb_msg_seq,
1576 			s_pfkey_type(msg->sadb_msg_type));
1577 		return -1;
1578 	}
1579 
1580 	/*
1581 	 * NOTE don't update any status of phase2 handle
1582 	 * because they must be updated by SADB_UPDATE message
1583 	 */
1584 
1585 	plog(LLV_INFO, LOCATION, NULL,
1586 		"IPsec-SA established: %s\n",
1587 		sadbsecas2str(src, dst,
1588 			msg->sadb_msg_satype, sa->sadb_sa_spi, sa_mode));
1589 
1590 	plog(LLV_DEBUG, LOCATION, NULL, "===\n");
1591 	return 0;
1592 }
1593 
1594 static int
pk_recvexpire(mhp)1595 pk_recvexpire(mhp)
1596 	caddr_t *mhp;
1597 {
1598 	struct sadb_msg *msg;
1599 	struct sadb_sa *sa;
1600 	struct sockaddr *src, *dst;
1601 	struct ph2handle *iph2;
1602 	u_int proto_id, sa_mode;
1603 
1604 	/* sanity check */
1605 	if (mhp[0] == NULL
1606 	 || mhp[SADB_EXT_SA] == NULL
1607 	 || mhp[SADB_EXT_ADDRESS_SRC] == NULL
1608 	 || mhp[SADB_EXT_ADDRESS_DST] == NULL
1609 	 || (mhp[SADB_EXT_LIFETIME_HARD] != NULL
1610 	  && mhp[SADB_EXT_LIFETIME_SOFT] != NULL)) {
1611 		plog(LLV_ERROR, LOCATION, NULL,
1612 			"inappropriate sadb expire message passed.\n");
1613 		return -1;
1614 	}
1615 	msg = (struct sadb_msg *)mhp[0];
1616 	sa = (struct sadb_sa *)mhp[SADB_EXT_SA];
1617 	pk_fixup_sa_addresses(mhp);
1618 	src = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_SRC]);
1619 	dst = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_DST]);
1620 
1621 	sa_mode = mhp[SADB_X_EXT_SA2] == NULL
1622 		? IPSEC_MODE_ANY
1623 		: ((struct sadb_x_sa2 *)mhp[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
1624 
1625 	proto_id = pfkey2ipsecdoi_proto(msg->sadb_msg_satype);
1626 	if (proto_id == ~0) {
1627 		plog(LLV_ERROR, LOCATION, NULL,
1628 			"invalid proto_id %d\n", msg->sadb_msg_satype);
1629 		return -1;
1630 	}
1631 
1632 	plog(LLV_INFO, LOCATION, NULL,
1633 		"IPsec-SA expired: %s\n",
1634 		sadbsecas2str(src, dst,
1635 			msg->sadb_msg_satype, sa->sadb_sa_spi, sa_mode));
1636 
1637 	iph2 = getph2bysaidx(src, dst, proto_id, sa->sadb_sa_spi);
1638 	if (iph2 == NULL) {
1639 		/*
1640 		 * Ignore it because two expire messages are come up.
1641 		 * phase2 handler has been deleted already when 2nd message
1642 		 * is received.
1643 		 */
1644 		plog(LLV_DEBUG, LOCATION, NULL,
1645 			"no such a SA found: %s\n",
1646 			sadbsecas2str(src, dst,
1647 			    msg->sadb_msg_satype, sa->sadb_sa_spi,
1648 			    sa_mode));
1649 		return 0;
1650 	}
1651 
1652 	/* resent expiry message? */
1653 	if (iph2->status > PHASE2ST_ESTABLISHED)
1654 		return 0;
1655 
1656 	/* still negotiating? */
1657 	if (iph2->status < PHASE2ST_ESTABLISHED) {
1658 		/* not a hard timeout? */
1659 		if (mhp[SADB_EXT_LIFETIME_HARD] == NULL)
1660 			return 0;
1661 
1662 		/*
1663 		 * We were negotiating for that SA (w/o much success
1664 		 * from current status) and kernel has decided our time
1665 		 * is over trying (xfrm_larval_drop controls that and
1666 		 * is enabled by default on Linux >= 2.6.28 kernels).
1667 		 */
1668 		plog(LLV_WARNING, LOCATION, NULL,
1669 		     "PF_KEY EXPIRE message received from kernel for SA"
1670 		     " being negotiated. Stopping negotiation.\n");
1671 	}
1672 
1673 	/* turn off the timer for calling isakmp_ph2expire() */
1674 	sched_cancel(&iph2->sce);
1675 
1676 	if (iph2->status == PHASE2ST_ESTABLISHED &&
1677 	    iph2->side == INITIATOR) {
1678 		struct ph1handle *iph1hint;
1679 		/*
1680 		 * Active phase 2 expired and we were initiator.
1681 		 * Begin new phase 2 exchange, so we can keep on sending
1682 		 * traffic.
1683 		 */
1684 
1685 		/* update status for re-use */
1686 		iph1hint = iph2->ph1;
1687 		initph2(iph2);
1688 		iph2->status = PHASE2ST_STATUS2;
1689 
1690 		/* start quick exchange */
1691 		if (isakmp_post_acquire(iph2, iph1hint, FALSE) < 0) {
1692 			plog(LLV_ERROR, LOCATION, iph2->dst,
1693 				"failed to begin ipsec sa "
1694 				"re-negotication.\n");
1695 			remph2(iph2);
1696 			delph2(iph2);
1697 			return -1;
1698 		}
1699 
1700 		return 0;
1701 	}
1702 
1703 	/*
1704 	 * We are responder or the phase 2 was not established.
1705 	 * Just remove the ph2handle to reflect SADB.
1706 	 */
1707 	iph2->status = PHASE2ST_EXPIRED;
1708 	remph2(iph2);
1709 	delph2(iph2);
1710 
1711 	return 0;
1712 }
1713 
1714 static int
pk_recvacquire(mhp)1715 pk_recvacquire(mhp)
1716 	caddr_t *mhp;
1717 {
1718 	struct sadb_msg *msg;
1719 	struct sadb_x_policy *xpl;
1720 	struct secpolicy *sp_out = NULL, *sp_in = NULL;
1721 	struct ph2handle *iph2;
1722 	struct sockaddr *src, *dst;     /* IKE addresses (for exchanges) */
1723 	struct sockaddr *sp_src, *sp_dst;   /* SP addresses (selectors). */
1724 	struct sockaddr *sa_src = NULL, *sa_dst = NULL ; /* SA addresses */
1725 #ifdef HAVE_SECCTX
1726 	struct sadb_x_sec_ctx *m_sec_ctx;
1727 #endif /* HAVE_SECCTX */
1728 	struct policyindex spidx;
1729 
1730 	/* ignore this message because of local test mode. */
1731 	if (f_local)
1732 		return 0;
1733 
1734 	/* sanity check */
1735 	if (mhp[0] == NULL
1736 	 || mhp[SADB_EXT_ADDRESS_SRC] == NULL
1737 	 || mhp[SADB_EXT_ADDRESS_DST] == NULL
1738 	 || mhp[SADB_X_EXT_POLICY] == NULL) {
1739 		plog(LLV_ERROR, LOCATION, NULL,
1740 			"inappropriate sadb acquire message passed.\n");
1741 		return -1;
1742 	}
1743 	msg = (struct sadb_msg *)mhp[0];
1744 	xpl = (struct sadb_x_policy *)mhp[SADB_X_EXT_POLICY];
1745 	/* acquire does not have nat-t ports; so do not bother setting
1746 	 * the default port 500; just use the port zero for wildcard
1747 	 * matching the get a valid natted destination */
1748 	sp_src = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_SRC]);
1749 	sp_dst = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_DST]);
1750 
1751 #ifdef HAVE_SECCTX
1752 	m_sec_ctx = (struct sadb_x_sec_ctx *)mhp[SADB_X_EXT_SEC_CTX];
1753 
1754 	if (m_sec_ctx != NULL) {
1755 		plog(LLV_INFO, LOCATION, NULL, "security context doi: %u\n",
1756 		     m_sec_ctx->sadb_x_ctx_doi);
1757 		plog(LLV_INFO, LOCATION, NULL,
1758 		     "security context algorithm: %u\n",
1759 		     m_sec_ctx->sadb_x_ctx_alg);
1760 		plog(LLV_INFO, LOCATION, NULL, "security context length: %u\n",
1761 		     m_sec_ctx->sadb_x_ctx_len);
1762 		plog(LLV_INFO, LOCATION, NULL, "security context: %s\n",
1763 		     ((char *)m_sec_ctx + sizeof(struct sadb_x_sec_ctx)));
1764 	}
1765 #endif /* HAVE_SECCTX */
1766 
1767 	/* ignore if type is not IPSEC_POLICY_IPSEC */
1768 	if (xpl->sadb_x_policy_type != IPSEC_POLICY_IPSEC) {
1769 		plog(LLV_DEBUG, LOCATION, NULL,
1770 			"ignore ACQUIRE message. type is not IPsec.\n");
1771 		return 0;
1772 	}
1773 
1774 	/* ignore it if src or dst are multicast addresses. */
1775 	if ((sp_dst->sa_family == AF_INET
1776 	  && IN_MULTICAST(ntohl(((struct sockaddr_in *)sp_dst)->sin_addr.s_addr)))
1777 #ifdef INET6
1778 	 || (sp_dst->sa_family == AF_INET6
1779 	  && IN6_IS_ADDR_MULTICAST(&((struct sockaddr_in6 *)sp_dst)->sin6_addr))
1780 #endif
1781 	) {
1782 		plog(LLV_DEBUG, LOCATION, NULL,
1783 			"ignore due to multicast destination address: %s.\n",
1784 			saddrwop2str(sp_dst));
1785 		return 0;
1786 	}
1787 
1788 	if ((sp_src->sa_family == AF_INET
1789 	  && IN_MULTICAST(ntohl(((struct sockaddr_in *)sp_src)->sin_addr.s_addr)))
1790 #ifdef INET6
1791 	 || (sp_src->sa_family == AF_INET6
1792 	  && IN6_IS_ADDR_MULTICAST(&((struct sockaddr_in6 *)sp_src)->sin6_addr))
1793 #endif
1794 	) {
1795 		plog(LLV_DEBUG, LOCATION, NULL,
1796 			"ignore due to multicast source address: %s.\n",
1797 			saddrwop2str(sp_src));
1798 		return 0;
1799 	}
1800 
1801 	/* search for proper policyindex */
1802 	sp_out = getspbyspid(xpl->sadb_x_policy_id);
1803 	if (sp_out == NULL) {
1804 		plog(LLV_ERROR, LOCATION, NULL, "no policy found: id:%d.\n",
1805 			xpl->sadb_x_policy_id);
1806 		return -1;
1807 	}
1808 	plog(LLV_DEBUG, LOCATION, NULL,
1809 		"suitable outbound SP found: %s.\n", spidx2str(&sp_out->spidx));
1810 
1811 	/* Before going further, let first get the source and destination
1812 	 * address that would be used for IKE negotiation. The logic is:
1813 	 * - if SP from SPD image contains local and remote hints, we
1814 	 *   use them (provided by MIGRATE).
1815 	 * - otherwise, we use the ones from the ipsecrequest, which means:
1816 	 *   - the addresses from the request for transport mode
1817 	 *   - the endpoints addresses for tunnel mode
1818 	 *
1819 	 * Note that:
1820 	 * 1) racoon does not support negotiation of bundles which
1821 	 *    simplifies the lookup for the addresses in the ipsecrequest
1822 	 *    list, as we expect only one.
1823 	 * 2) We do source and destination parts all together and do not
1824 	 *    accept semi-defined information. This is just a decision,
1825 	 *    there might be needs.
1826 	 *
1827 	 * --arno
1828 	 */
1829 	if (sp_out->req && sp_out->req->saidx.mode == IPSEC_MODE_TUNNEL) {
1830 		/* For Tunnel mode, SA addresses are the endpoints */
1831 		src = (struct sockaddr *) &sp_out->req->saidx.src;
1832 		dst = (struct sockaddr *) &sp_out->req->saidx.dst;
1833 	} else {
1834 		/* Otherwise use requested addresses.
1835 		 *
1836 		 * We need to explicitly setup sa_src and sa_dst too,
1837 		 * since the SA ports are different from IKE port. And
1838 		 * src/dst ports will be overwritten when the matching
1839 		 * phase1 is found. */
1840 		src = sa_src = sp_src;
1841 		dst = sa_dst = sp_dst;
1842 	}
1843 	if (sp_out->local && sp_out->remote) {
1844 		/* hints available, let's use them */
1845 		sa_src = src;
1846 		sa_dst = dst;
1847 		src = (struct sockaddr *) sp_out->local;
1848 		dst = (struct sockaddr *) sp_out->remote;
1849 	}
1850 
1851 	/*
1852 	 * If there is a phase 2 handler against the policy identifier in
1853 	 * the acquire message, and if
1854 	 *    1. its state is less than PHASE2ST_ESTABLISHED, then racoon
1855 	 *       should ignore such a acquire message because the phase 2
1856 	 *       is just negotiating.
1857 	 *    2. its state is equal to PHASE2ST_ESTABLISHED, then racoon
1858 	 *       has to process such an acquire message because racoon may
1859 	 *       have lost the expire message.
1860 	 */
1861 	iph2 = getph2byid(src, dst, xpl->sadb_x_policy_id);
1862 	if (iph2 != NULL) {
1863 		if (iph2->status < PHASE2ST_ESTABLISHED) {
1864 			plog(LLV_DEBUG, LOCATION, NULL,
1865 				"ignore the acquire because ph2 found\n");
1866 			return -1;
1867 		}
1868 		if (iph2->status == PHASE2ST_EXPIRED)
1869 			iph2 = NULL;
1870 		/*FALLTHROUGH*/
1871 	}
1872 
1873 	/* Check we are listening on source address. If not, ignore. */
1874 	if (myaddr_getsport(src) == -1) {
1875 		plog(LLV_DEBUG, LOCATION, NULL,
1876 		     "Not listening on source address %s. Ignoring ACQUIRE.\n",
1877 		     saddrwop2str(src));
1878 		return 0;
1879 	}
1880 
1881 	/* get inbound policy */
1882     {
1883 
1884 	memset(&spidx, 0, sizeof(spidx));
1885 	spidx.dir = IPSEC_DIR_INBOUND;
1886 	memcpy(&spidx.src, &sp_out->spidx.dst, sizeof(spidx.src));
1887 	memcpy(&spidx.dst, &sp_out->spidx.src, sizeof(spidx.dst));
1888 	spidx.prefs = sp_out->spidx.prefd;
1889 	spidx.prefd = sp_out->spidx.prefs;
1890 	spidx.ul_proto = sp_out->spidx.ul_proto;
1891 
1892 #ifdef HAVE_SECCTX
1893 	if (m_sec_ctx) {
1894 		spidx.sec_ctx.ctx_doi = m_sec_ctx->sadb_x_ctx_doi;
1895 		spidx.sec_ctx.ctx_alg = m_sec_ctx->sadb_x_ctx_alg;
1896 		spidx.sec_ctx.ctx_strlen = m_sec_ctx->sadb_x_ctx_len;
1897 		memcpy(spidx.sec_ctx.ctx_str,
1898 		      ((char *)m_sec_ctx + sizeof(struct sadb_x_sec_ctx)),
1899 		      spidx.sec_ctx.ctx_strlen);
1900 	}
1901 #endif /* HAVE_SECCTX */
1902 
1903 	sp_in = getsp(&spidx);
1904 	if (sp_in) {
1905 		plog(LLV_DEBUG, LOCATION, NULL,
1906 			"suitable inbound SP found: %s.\n",
1907 			spidx2str(&sp_in->spidx));
1908 	} else {
1909 		plog(LLV_NOTIFY, LOCATION, NULL,
1910 			"no in-bound policy found: %s\n",
1911 			spidx2str(&spidx));
1912 	}
1913     }
1914 
1915 	/* allocate a phase 2 */
1916 	iph2 = newph2();
1917 	if (iph2 == NULL) {
1918 		plog(LLV_ERROR, LOCATION, NULL,
1919 			"failed to allocate phase2 entry.\n");
1920 		return -1;
1921 	}
1922 	iph2->side = INITIATOR;
1923 	iph2->spid = xpl->sadb_x_policy_id;
1924 	iph2->satype = msg->sadb_msg_satype;
1925 	iph2->seq = msg->sadb_msg_seq;
1926 	iph2->status = PHASE2ST_STATUS2;
1927 
1928 	/* set address used by IKE for the negotiation (might differ from
1929 	 * SA address, i.e. might not be tunnel endpoints or addresses
1930 	 * of transport mode SA) */
1931 	iph2->dst = dupsaddr(dst);
1932 	if (iph2->dst == NULL) {
1933 		delph2(iph2);
1934 		return -1;
1935 	}
1936 	iph2->src = dupsaddr(src);
1937 	if (iph2->src == NULL) {
1938 		delph2(iph2);
1939 		return -1;
1940 	}
1941 
1942 	/* If sa_src and sa_dst have been set, this mean we have to
1943 	 * set iph2->sa_src and iph2->sa_dst to provide the addresses
1944 	 * of the SA because iph2->src and iph2->dst are only the ones
1945 	 * used for the IKE exchanges. Those that need these addresses
1946 	 * are for instance pk_sendupdate() or pk_sendgetspi() */
1947 	if (sa_src) {
1948 		iph2->sa_src = dupsaddr(sa_src);
1949 		iph2->sa_dst = dupsaddr(sa_dst);
1950 	}
1951 
1952 	if (isakmp_get_sainfo(iph2, sp_out, sp_in) < 0) {
1953 		delph2(iph2);
1954 		return -1;
1955 	}
1956 
1957 #ifdef HAVE_SECCTX
1958 	if (m_sec_ctx) {
1959 		set_secctx_in_proposal(iph2, spidx);
1960 	}
1961 #endif /* HAVE_SECCTX */
1962 
1963 	insph2(iph2);
1964 
1965 	/* start isakmp initiation by using ident exchange */
1966 	/* XXX should be looped if there are multiple phase 2 handler. */
1967 	if (isakmp_post_acquire(iph2, NULL, TRUE) < 0) {
1968 		plog(LLV_ERROR, LOCATION, NULL,
1969 			"failed to begin ipsec sa negotication.\n");
1970 		remph2(iph2);
1971 		delph2(iph2);
1972 		return -1;
1973 	}
1974 
1975 	return 0;
1976 }
1977 
1978 static int
pk_recvdelete(mhp)1979 pk_recvdelete(mhp)
1980 	caddr_t *mhp;
1981 {
1982 	struct sadb_msg *msg;
1983 	struct sadb_sa *sa;
1984 	struct sockaddr *src, *dst;
1985 	struct ph2handle *iph2 = NULL;
1986 	u_int proto_id;
1987 
1988 	/* ignore this message because of local test mode. */
1989 	if (f_local)
1990 		return 0;
1991 
1992 	/* sanity check */
1993 	if (mhp[0] == NULL
1994 	 || mhp[SADB_EXT_SA] == NULL
1995 	 || mhp[SADB_EXT_ADDRESS_SRC] == NULL
1996 	 || mhp[SADB_EXT_ADDRESS_DST] == NULL) {
1997 		plog(LLV_ERROR, LOCATION, NULL,
1998 			"inappropriate sadb delete message passed.\n");
1999 		return -1;
2000 	}
2001 	msg = (struct sadb_msg *)mhp[0];
2002 	sa = (struct sadb_sa *)mhp[SADB_EXT_SA];
2003 	pk_fixup_sa_addresses(mhp);
2004 	src = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_SRC]);
2005 	dst = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_DST]);
2006 
2007 	/* the message has to be processed or not ? */
2008 	if (msg->sadb_msg_pid == getpid()) {
2009 		plog(LLV_DEBUG, LOCATION, NULL,
2010 			"%s message is not interesting "
2011 			"because the message was originated by me.\n",
2012 			s_pfkey_type(msg->sadb_msg_type));
2013 		return -1;
2014 	}
2015 
2016 	proto_id = pfkey2ipsecdoi_proto(msg->sadb_msg_satype);
2017 	if (proto_id == ~0) {
2018 		plog(LLV_ERROR, LOCATION, NULL,
2019 			"invalid proto_id %d\n", msg->sadb_msg_satype);
2020 		return -1;
2021 	}
2022 
2023 	iph2 = getph2bysaidx(src, dst, proto_id, sa->sadb_sa_spi);
2024 	if (iph2 == NULL) {
2025 		/* ignore */
2026 		plog(LLV_ERROR, LOCATION, NULL,
2027 			"no iph2 found: %s\n",
2028 			sadbsecas2str(src, dst, msg->sadb_msg_satype,
2029 				sa->sadb_sa_spi, IPSEC_MODE_ANY));
2030 		return 0;
2031 	}
2032 
2033 	plog(LLV_ERROR, LOCATION, NULL,
2034 		"pfkey DELETE received: %s\n",
2035 		sadbsecas2str(src, dst,
2036 			msg->sadb_msg_satype, sa->sadb_sa_spi, IPSEC_MODE_ANY));
2037 
2038 	/* send delete information */
2039 	if (iph2->status == PHASE2ST_ESTABLISHED)
2040 		isakmp_info_send_d2(iph2);
2041 
2042 	remph2(iph2);
2043 	delph2(iph2);
2044 
2045 	return 0;
2046 }
2047 
2048 static int
pk_recvflush(mhp)2049 pk_recvflush(mhp)
2050 	caddr_t *mhp;
2051 {
2052 	/* ignore this message because of local test mode. */
2053 	if (f_local)
2054 		return 0;
2055 
2056 	/* sanity check */
2057 	if (mhp[0] == NULL) {
2058 		plog(LLV_ERROR, LOCATION, NULL,
2059 			"inappropriate sadb flush message passed.\n");
2060 		return -1;
2061 	}
2062 
2063 	flushph2();
2064 
2065 	return 0;
2066 }
2067 
2068 static int
getsadbpolicy(policy0,policylen0,type,iph2)2069 getsadbpolicy(policy0, policylen0, type, iph2)
2070 	caddr_t *policy0;
2071 	int *policylen0, type;
2072 	struct ph2handle *iph2;
2073 {
2074 	struct policyindex *spidx = (struct policyindex *)iph2->spidx_gen;
2075 	struct sockaddr *src = NULL, *dst = NULL;
2076 	struct sadb_x_policy *xpl;
2077 	struct sadb_x_ipsecrequest *xisr;
2078 	struct saproto *pr;
2079 	struct saproto **pr_rlist;
2080 	int rlist_len = 0;
2081 	caddr_t policy, p;
2082 	int policylen;
2083 	int xisrlen;
2084 	u_int satype, mode;
2085 	int len = 0;
2086 #ifdef HAVE_SECCTX
2087 	int ctxlen = 0;
2088 #endif /* HAVE_SECCTX */
2089 
2090 
2091 	/* get policy buffer size */
2092 	policylen = sizeof(struct sadb_x_policy);
2093 	if (type != SADB_X_SPDDELETE) {
2094 		if (iph2->sa_src && iph2->sa_dst) {
2095 			src = iph2->sa_src; /* MIPv6: Use SA addresses, */
2096 			dst = iph2->sa_dst; /* not IKE ones             */
2097 		} else {
2098 			src = iph2->src; /* Common case: SA addresses */
2099 			dst = iph2->dst; /* and IKE ones are the same */
2100 		}
2101 
2102 		for (pr = iph2->approval->head; pr; pr = pr->next) {
2103 			xisrlen = sizeof(*xisr);
2104 			if (pr->encmode == IPSECDOI_ATTR_ENC_MODE_TUNNEL) {
2105 				xisrlen += (sysdep_sa_len(src) +
2106 					    sysdep_sa_len(dst));
2107 			}
2108 
2109 			policylen += PFKEY_ALIGN8(xisrlen);
2110 		}
2111 	}
2112 
2113 #ifdef HAVE_SECCTX
2114 	if (*spidx->sec_ctx.ctx_str) {
2115 		ctxlen = sizeof(struct sadb_x_sec_ctx)
2116 				+ PFKEY_ALIGN8(spidx->sec_ctx.ctx_strlen);
2117 		policylen += ctxlen;
2118 	}
2119 #endif /* HAVE_SECCTX */
2120 
2121 	/* make policy structure */
2122 	policy = racoon_malloc(policylen);
2123 	memset((void*)policy, 0xcd, policylen);
2124 	if (!policy) {
2125 		plog(LLV_ERROR, LOCATION, NULL,
2126 			"buffer allocation failed.\n");
2127 		return -1;
2128 	}
2129 
2130 	xpl = (struct sadb_x_policy *)policy;
2131 	xpl->sadb_x_policy_len = PFKEY_UNIT64(policylen);
2132 	xpl->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
2133 	xpl->sadb_x_policy_type = IPSEC_POLICY_IPSEC;
2134 	xpl->sadb_x_policy_dir = spidx->dir;
2135 	xpl->sadb_x_policy_id = 0;
2136 #ifdef HAVE_PFKEY_POLICY_PRIORITY
2137 	xpl->sadb_x_policy_priority = PRIORITY_DEFAULT;
2138 #endif
2139 	len++;
2140 
2141 #ifdef HAVE_SECCTX
2142 	if (*spidx->sec_ctx.ctx_str) {
2143 		struct sadb_x_sec_ctx *p;
2144 
2145 		p = (struct sadb_x_sec_ctx *)(xpl + len);
2146 		memset(p, 0, ctxlen);
2147 		p->sadb_x_sec_len = PFKEY_UNIT64(ctxlen);
2148 		p->sadb_x_sec_exttype = SADB_X_EXT_SEC_CTX;
2149 		p->sadb_x_ctx_len = spidx->sec_ctx.ctx_strlen;
2150 		p->sadb_x_ctx_doi = spidx->sec_ctx.ctx_doi;
2151 		p->sadb_x_ctx_alg = spidx->sec_ctx.ctx_alg;
2152 
2153 		memcpy(p + 1,spidx->sec_ctx.ctx_str,spidx->sec_ctx.ctx_strlen);
2154 		len += ctxlen;
2155 	}
2156 #endif /* HAVE_SECCTX */
2157 
2158 	/* no need to append policy information any more if type is SPDDELETE */
2159 	if (type == SADB_X_SPDDELETE)
2160 		goto end;
2161 
2162 	xisr = (struct sadb_x_ipsecrequest *)(xpl + len);
2163 
2164 	/* The order of things is reversed for use in add policy messages */
2165 	for (pr = iph2->approval->head; pr; pr = pr->next) rlist_len++;
2166 	pr_rlist = racoon_malloc((rlist_len+1)*sizeof(struct saproto*));
2167 	if (!pr_rlist) {
2168 		plog(LLV_ERROR, LOCATION, NULL,
2169 			"buffer allocation failed.\n");
2170 		return -1;
2171 	}
2172 	pr_rlist[rlist_len--] = NULL;
2173 	for (pr = iph2->approval->head; pr; pr = pr->next) pr_rlist[rlist_len--] = pr;
2174 	rlist_len = 0;
2175 
2176 	for (pr = pr_rlist[rlist_len++]; pr; pr = pr_rlist[rlist_len++]) {
2177 
2178 		satype = doi2ipproto(pr->proto_id);
2179 		if (satype == ~0) {
2180 			plog(LLV_ERROR, LOCATION, NULL,
2181 				"invalid proto_id %d\n", pr->proto_id);
2182 			goto err;
2183 		}
2184 		mode = ipsecdoi2pfkey_mode(pr->encmode);
2185 		if (mode == ~0) {
2186 			plog(LLV_ERROR, LOCATION, NULL,
2187 				"invalid encmode %d\n", pr->encmode);
2188 			goto err;
2189 		}
2190 
2191 		/*
2192 		 * the policy level cannot be unique because the policy
2193 		 * is defined later than SA, so req_id cannot be bound to SA.
2194 		 */
2195 		xisr->sadb_x_ipsecrequest_proto = satype;
2196 		xisr->sadb_x_ipsecrequest_mode = mode;
2197 		if(iph2->proposal->head->reqid_in > 0){
2198 			xisr->sadb_x_ipsecrequest_level = IPSEC_LEVEL_UNIQUE;
2199 			xisr->sadb_x_ipsecrequest_reqid = iph2->proposal->head->reqid_in;
2200 		}else{
2201 			xisr->sadb_x_ipsecrequest_level = IPSEC_LEVEL_REQUIRE;
2202 			xisr->sadb_x_ipsecrequest_reqid = 0;
2203 		}
2204 		p = (caddr_t)(xisr + 1);
2205 
2206 		xisrlen = sizeof(*xisr);
2207 
2208 		if (pr->encmode == IPSECDOI_ATTR_ENC_MODE_TUNNEL) {
2209 			int src_len, dst_len;
2210 
2211 			src_len = sysdep_sa_len(src);
2212 			dst_len = sysdep_sa_len(dst);
2213 			xisrlen += src_len + dst_len;
2214 
2215 			memcpy(p, src, src_len);
2216 			p += src_len;
2217 
2218 			memcpy(p, dst, dst_len);
2219 			p += dst_len;
2220 		}
2221 
2222 		xisr->sadb_x_ipsecrequest_len = PFKEY_ALIGN8(xisrlen);
2223 		xisr = (struct sadb_x_ipsecrequest *)p;
2224 
2225 	}
2226 	racoon_free(pr_rlist);
2227 
2228 end:
2229 	*policy0 = policy;
2230 	*policylen0 = policylen;
2231 
2232 	return 0;
2233 
2234 err:
2235 	if (policy)
2236 		racoon_free(policy);
2237 	if (pr_rlist) racoon_free(pr_rlist);
2238 
2239 	return -1;
2240 }
2241 
2242 int
pk_sendspdupdate2(iph2)2243 pk_sendspdupdate2(iph2)
2244 	struct ph2handle *iph2;
2245 {
2246 	struct policyindex *spidx = (struct policyindex *)iph2->spidx_gen;
2247 	caddr_t policy = NULL;
2248 	int policylen = 0;
2249 	u_int64_t ltime, vtime;
2250 
2251 	ltime = iph2->approval->lifetime;
2252 	vtime = 0;
2253 
2254 	if (getsadbpolicy(&policy, &policylen, SADB_X_SPDUPDATE, iph2)) {
2255 		plog(LLV_ERROR, LOCATION, NULL,
2256 			"getting sadb policy failed.\n");
2257 		return -1;
2258 	}
2259 
2260 	if (pfkey_send_spdupdate2(
2261 			lcconf->sock_pfkey,
2262 			(struct sockaddr *)&spidx->src,
2263 			spidx->prefs,
2264 			(struct sockaddr *)&spidx->dst,
2265 			spidx->prefd,
2266 			spidx->ul_proto,
2267 			ltime, vtime,
2268 			policy, policylen, 0) < 0) {
2269 		plog(LLV_ERROR, LOCATION, NULL,
2270 			"libipsec failed send spdupdate2 (%s)\n",
2271 			ipsec_strerror());
2272 		goto end;
2273 	}
2274 	plog(LLV_DEBUG, LOCATION, NULL, "call pfkey_send_spdupdate2\n");
2275 
2276 end:
2277 	if (policy)
2278 		racoon_free(policy);
2279 
2280 	return 0;
2281 }
2282 
2283 static int
pk_recvspdupdate(mhp)2284 pk_recvspdupdate(mhp)
2285 	caddr_t *mhp;
2286 {
2287 	struct sadb_address *saddr, *daddr;
2288 	struct sadb_x_policy *xpl;
2289 	struct sadb_lifetime *lt;
2290 	struct policyindex spidx;
2291 	struct secpolicy *sp;
2292 	struct sockaddr *local=NULL, *remote=NULL;
2293 	u_int64_t created;
2294 	int ret;
2295 
2296 	/* sanity check */
2297 	if (mhp[0] == NULL
2298 	 || mhp[SADB_EXT_ADDRESS_SRC] == NULL
2299 	 || mhp[SADB_EXT_ADDRESS_DST] == NULL
2300 	 || mhp[SADB_X_EXT_POLICY] == NULL) {
2301 		plog(LLV_ERROR, LOCATION, NULL,
2302 			"inappropriate sadb spdupdate message passed.\n");
2303 		return -1;
2304 	}
2305 	saddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_SRC];
2306 	daddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_DST];
2307 	xpl = (struct sadb_x_policy *)mhp[SADB_X_EXT_POLICY];
2308 	lt = (struct sadb_lifetime*)mhp[SADB_EXT_LIFETIME_HARD];
2309 	if(lt != NULL)
2310 		created = lt->sadb_lifetime_addtime;
2311 	else
2312 		created = 0;
2313 
2314 #ifdef HAVE_PFKEY_POLICY_PRIORITY
2315 	KEY_SETSECSPIDX(xpl->sadb_x_policy_dir,
2316 			saddr + 1,
2317 			daddr + 1,
2318 			saddr->sadb_address_prefixlen,
2319 			daddr->sadb_address_prefixlen,
2320 			saddr->sadb_address_proto,
2321 			xpl->sadb_x_policy_priority,
2322 			created,
2323 			&spidx);
2324 #else
2325 	KEY_SETSECSPIDX(xpl->sadb_x_policy_dir,
2326 			saddr + 1,
2327 			daddr + 1,
2328 			saddr->sadb_address_prefixlen,
2329 			daddr->sadb_address_prefixlen,
2330 			saddr->sadb_address_proto,
2331 			created,
2332 			&spidx);
2333 #endif
2334 
2335 #ifdef HAVE_SECCTX
2336 	if (mhp[SADB_X_EXT_SEC_CTX] != NULL) {
2337 		struct sadb_x_sec_ctx *ctx;
2338 
2339 		ctx = (struct sadb_x_sec_ctx *)mhp[SADB_X_EXT_SEC_CTX];
2340 		spidx.sec_ctx.ctx_alg = ctx->sadb_x_ctx_alg;
2341 		spidx.sec_ctx.ctx_doi = ctx->sadb_x_ctx_doi;
2342 		spidx.sec_ctx.ctx_strlen = ctx->sadb_x_ctx_len;
2343 		memcpy(spidx.sec_ctx.ctx_str, ctx + 1, ctx->sadb_x_ctx_len);
2344 	}
2345 #endif /* HAVE_SECCTX */
2346 
2347 	sp = getsp(&spidx);
2348 	if (sp == NULL) {
2349 		plog(LLV_DEBUG, LOCATION, NULL,
2350 			"this policy did not exist for removal: \"%s\"\n",
2351 			spidx2str(&spidx));
2352 	} else {
2353 		/* preserve hints before deleting the SP */
2354 		local = sp->local;
2355 		remote = sp->remote;
2356 		sp->local = NULL;
2357 		sp->remote = NULL;
2358 
2359 		remsp(sp);
2360 		delsp(sp);
2361 	}
2362 
2363 	/* Add new SP (with old hints) */
2364 	ret = addnewsp(mhp, local, remote);
2365 
2366 	if (local != NULL)
2367 		racoon_free(local);
2368 	if (remote != NULL)
2369 		racoon_free(remote);
2370 
2371 	if (ret < 0)
2372 		return -1;
2373 
2374 	return 0;
2375 }
2376 
2377 /*
2378  * this function has to be used by responder side.
2379  */
2380 int
pk_sendspdadd2(iph2)2381 pk_sendspdadd2(iph2)
2382 	struct ph2handle *iph2;
2383 {
2384 	struct policyindex *spidx = (struct policyindex *)iph2->spidx_gen;
2385 	caddr_t policy = NULL;
2386 	int policylen = 0;
2387 	u_int64_t ltime, vtime;
2388 
2389 	ltime = iph2->approval->lifetime;
2390 	vtime = 0;
2391 
2392 	if (getsadbpolicy(&policy, &policylen, SADB_X_SPDADD, iph2)) {
2393 		plog(LLV_ERROR, LOCATION, NULL,
2394 			"getting sadb policy failed.\n");
2395 		return -1;
2396 	}
2397 
2398 	if (pfkey_send_spdadd2(
2399 			lcconf->sock_pfkey,
2400 			(struct sockaddr *)&spidx->src,
2401 			spidx->prefs,
2402 			(struct sockaddr *)&spidx->dst,
2403 			spidx->prefd,
2404 			spidx->ul_proto,
2405 			ltime, vtime,
2406 			policy, policylen, 0) < 0) {
2407 		plog(LLV_ERROR, LOCATION, NULL,
2408 			"libipsec failed send spdadd2 (%s)\n",
2409 			ipsec_strerror());
2410 		goto end;
2411 	}
2412 	plog(LLV_DEBUG, LOCATION, NULL, "call pfkey_send_spdadd2\n");
2413 
2414 end:
2415 	if (policy)
2416 		racoon_free(policy);
2417 
2418 	return 0;
2419 }
2420 
2421 static int
pk_recvspdadd(mhp)2422 pk_recvspdadd(mhp)
2423 	caddr_t *mhp;
2424 {
2425 	struct sadb_address *saddr, *daddr;
2426 	struct sadb_x_policy *xpl;
2427 	struct sadb_lifetime *lt;
2428 	struct policyindex spidx;
2429 	struct secpolicy *sp;
2430 	struct sockaddr *local = NULL, *remote = NULL;
2431 	u_int64_t created;
2432 	int ret;
2433 
2434 	/* sanity check */
2435 	if (mhp[0] == NULL
2436 	 || mhp[SADB_EXT_ADDRESS_SRC] == NULL
2437 	 || mhp[SADB_EXT_ADDRESS_DST] == NULL
2438 	 || mhp[SADB_X_EXT_POLICY] == NULL) {
2439 		plog(LLV_ERROR, LOCATION, NULL,
2440 			"inappropriate sadb spdadd message passed.\n");
2441 		return -1;
2442 	}
2443 	saddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_SRC];
2444 	daddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_DST];
2445 	xpl = (struct sadb_x_policy *)mhp[SADB_X_EXT_POLICY];
2446 	lt = (struct sadb_lifetime*)mhp[SADB_EXT_LIFETIME_HARD];
2447 	if(lt != NULL)
2448 		created = lt->sadb_lifetime_addtime;
2449 	else
2450 		created = 0;
2451 
2452 #ifdef HAVE_PFKEY_POLICY_PRIORITY
2453 	KEY_SETSECSPIDX(xpl->sadb_x_policy_dir,
2454 			saddr + 1,
2455 			daddr + 1,
2456 			saddr->sadb_address_prefixlen,
2457 			daddr->sadb_address_prefixlen,
2458 			saddr->sadb_address_proto,
2459 			xpl->sadb_x_policy_priority,
2460 			created,
2461 			&spidx);
2462 #else
2463 	KEY_SETSECSPIDX(xpl->sadb_x_policy_dir,
2464 			saddr + 1,
2465 			daddr + 1,
2466 			saddr->sadb_address_prefixlen,
2467 			daddr->sadb_address_prefixlen,
2468 			saddr->sadb_address_proto,
2469 			created,
2470 			&spidx);
2471 #endif
2472 
2473 #ifdef HAVE_SECCTX
2474 	if (mhp[SADB_X_EXT_SEC_CTX] != NULL) {
2475 		struct sadb_x_sec_ctx *ctx;
2476 
2477 		ctx = (struct sadb_x_sec_ctx *)mhp[SADB_X_EXT_SEC_CTX];
2478 		spidx.sec_ctx.ctx_alg = ctx->sadb_x_ctx_alg;
2479 		spidx.sec_ctx.ctx_doi = ctx->sadb_x_ctx_doi;
2480 		spidx.sec_ctx.ctx_strlen = ctx->sadb_x_ctx_len;
2481 		memcpy(spidx.sec_ctx.ctx_str, ctx + 1, ctx->sadb_x_ctx_len);
2482 	}
2483 #endif /* HAVE_SECCTX */
2484 
2485 	sp = getsp(&spidx);
2486 	if (sp != NULL) {
2487 		plog(LLV_ERROR, LOCATION, NULL,
2488 			"such policy already exists. "
2489 			"anyway replace it: %s\n",
2490 			spidx2str(&spidx));
2491 
2492 		/* preserve hints before deleting the SP */
2493 		local = sp->local;
2494 		remote = sp->remote;
2495 		sp->local = NULL;
2496 		sp->remote = NULL;
2497 
2498 		remsp(sp);
2499 		delsp(sp);
2500 	}
2501 
2502 	/* Add new SP (with old hints) */
2503 	ret = addnewsp(mhp, local, remote);
2504 
2505 	if (local != NULL)
2506 		racoon_free(local);
2507 	if (remote != NULL)
2508 		racoon_free(remote);
2509 
2510 	if (ret < 0)
2511 		return -1;
2512 
2513 	return 0;
2514 }
2515 
2516 /*
2517  * this function has to be used by responder side.
2518  */
2519 int
pk_sendspddelete(iph2)2520 pk_sendspddelete(iph2)
2521 	struct ph2handle *iph2;
2522 {
2523 	struct policyindex *spidx = (struct policyindex *)iph2->spidx_gen;
2524 	caddr_t policy = NULL;
2525 	int policylen;
2526 
2527 	if (getsadbpolicy(&policy, &policylen, SADB_X_SPDDELETE, iph2)) {
2528 		plog(LLV_ERROR, LOCATION, NULL,
2529 			"getting sadb policy failed.\n");
2530 		return -1;
2531 	}
2532 
2533 	if (pfkey_send_spddelete(
2534 			lcconf->sock_pfkey,
2535 			(struct sockaddr *)&spidx->src,
2536 			spidx->prefs,
2537 			(struct sockaddr *)&spidx->dst,
2538 			spidx->prefd,
2539 			spidx->ul_proto,
2540 			policy, policylen, 0) < 0) {
2541 		plog(LLV_ERROR, LOCATION, NULL,
2542 			"libipsec failed send spddelete (%s)\n",
2543 			ipsec_strerror());
2544 		goto end;
2545 	}
2546 	plog(LLV_DEBUG, LOCATION, NULL, "call pfkey_send_spddelete\n");
2547 
2548 end:
2549 	if (policy)
2550 		racoon_free(policy);
2551 
2552 	return 0;
2553 }
2554 
2555 static int
pk_recvspddelete(mhp)2556 pk_recvspddelete(mhp)
2557 	caddr_t *mhp;
2558 {
2559 	struct sadb_address *saddr, *daddr;
2560 	struct sadb_x_policy *xpl;
2561 	struct sadb_lifetime *lt;
2562 	struct policyindex spidx;
2563 	struct secpolicy *sp;
2564 	u_int64_t created;
2565 
2566 	/* sanity check */
2567 	if (mhp[0] == NULL
2568 	 || mhp[SADB_EXT_ADDRESS_SRC] == NULL
2569 	 || mhp[SADB_EXT_ADDRESS_DST] == NULL
2570 	 || mhp[SADB_X_EXT_POLICY] == NULL) {
2571 		plog(LLV_ERROR, LOCATION, NULL,
2572 			"inappropriate sadb spddelete message passed.\n");
2573 		return -1;
2574 	}
2575 	saddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_SRC];
2576 	daddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_DST];
2577 	xpl = (struct sadb_x_policy *)mhp[SADB_X_EXT_POLICY];
2578 	lt = (struct sadb_lifetime*)mhp[SADB_EXT_LIFETIME_HARD];
2579 	if(lt != NULL)
2580 		created = lt->sadb_lifetime_addtime;
2581 	else
2582 		created = 0;
2583 
2584 #ifdef HAVE_PFKEY_POLICY_PRIORITY
2585 	KEY_SETSECSPIDX(xpl->sadb_x_policy_dir,
2586 			saddr + 1,
2587 			daddr + 1,
2588 			saddr->sadb_address_prefixlen,
2589 			daddr->sadb_address_prefixlen,
2590 			saddr->sadb_address_proto,
2591 			xpl->sadb_x_policy_priority,
2592 			created,
2593 			&spidx);
2594 #else
2595 	KEY_SETSECSPIDX(xpl->sadb_x_policy_dir,
2596 			saddr + 1,
2597 			daddr + 1,
2598 			saddr->sadb_address_prefixlen,
2599 			daddr->sadb_address_prefixlen,
2600 			saddr->sadb_address_proto,
2601 			created,
2602 			&spidx);
2603 #endif
2604 
2605 #ifdef HAVE_SECCTX
2606 	if (mhp[SADB_X_EXT_SEC_CTX] != NULL) {
2607 		struct sadb_x_sec_ctx *ctx;
2608 
2609 		ctx = (struct sadb_x_sec_ctx *)mhp[SADB_X_EXT_SEC_CTX];
2610 		spidx.sec_ctx.ctx_alg = ctx->sadb_x_ctx_alg;
2611 		spidx.sec_ctx.ctx_doi = ctx->sadb_x_ctx_doi;
2612 		spidx.sec_ctx.ctx_strlen = ctx->sadb_x_ctx_len;
2613 		memcpy(spidx.sec_ctx.ctx_str, ctx + 1, ctx->sadb_x_ctx_len);
2614 	}
2615 #endif /* HAVE_SECCTX */
2616 
2617 	sp = getsp(&spidx);
2618 	if (sp == NULL) {
2619 		plog(LLV_ERROR, LOCATION, NULL,
2620 			"no policy found: %s\n",
2621 			spidx2str(&spidx));
2622 		return -1;
2623 	}
2624 
2625 	remsp(sp);
2626 	delsp(sp);
2627 
2628 	return 0;
2629 }
2630 
2631 static int
pk_recvspdexpire(mhp)2632 pk_recvspdexpire(mhp)
2633 	caddr_t *mhp;
2634 {
2635 	struct sadb_address *saddr, *daddr;
2636 	struct sadb_x_policy *xpl;
2637 	struct sadb_lifetime *lt;
2638 	struct policyindex spidx;
2639 	struct secpolicy *sp;
2640 	u_int64_t created;
2641 
2642 	/* sanity check */
2643 	if (mhp[0] == NULL
2644 	 || mhp[SADB_EXT_ADDRESS_SRC] == NULL
2645 	 || mhp[SADB_EXT_ADDRESS_DST] == NULL
2646 	 || mhp[SADB_X_EXT_POLICY] == NULL) {
2647 		plog(LLV_ERROR, LOCATION, NULL,
2648 			"inappropriate sadb spdexpire message passed.\n");
2649 		return -1;
2650 	}
2651 	saddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_SRC];
2652 	daddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_DST];
2653 	xpl = (struct sadb_x_policy *)mhp[SADB_X_EXT_POLICY];
2654 	lt = (struct sadb_lifetime*)mhp[SADB_EXT_LIFETIME_HARD];
2655 	if(lt != NULL)
2656 		created = lt->sadb_lifetime_addtime;
2657 	else
2658 		created = 0;
2659 
2660 #ifdef HAVE_PFKEY_POLICY_PRIORITY
2661 	KEY_SETSECSPIDX(xpl->sadb_x_policy_dir,
2662 			saddr + 1,
2663 			daddr + 1,
2664 			saddr->sadb_address_prefixlen,
2665 			daddr->sadb_address_prefixlen,
2666 			saddr->sadb_address_proto,
2667 			xpl->sadb_x_policy_priority,
2668 			created,
2669 			&spidx);
2670 #else
2671 	KEY_SETSECSPIDX(xpl->sadb_x_policy_dir,
2672 			saddr + 1,
2673 			daddr + 1,
2674 			saddr->sadb_address_prefixlen,
2675 			daddr->sadb_address_prefixlen,
2676 			saddr->sadb_address_proto,
2677 			created,
2678 			&spidx);
2679 #endif
2680 
2681 #ifdef HAVE_SECCTX
2682 	if (mhp[SADB_X_EXT_SEC_CTX] != NULL) {
2683 		struct sadb_x_sec_ctx *ctx;
2684 
2685 		ctx = (struct sadb_x_sec_ctx *)mhp[SADB_X_EXT_SEC_CTX];
2686 		spidx.sec_ctx.ctx_alg = ctx->sadb_x_ctx_alg;
2687 		spidx.sec_ctx.ctx_doi = ctx->sadb_x_ctx_doi;
2688 		spidx.sec_ctx.ctx_strlen = ctx->sadb_x_ctx_len;
2689 		memcpy(spidx.sec_ctx.ctx_str, ctx + 1, ctx->sadb_x_ctx_len);
2690 	}
2691 #endif /* HAVE_SECCTX */
2692 
2693 	sp = getsp(&spidx);
2694 	if (sp == NULL) {
2695 		plog(LLV_ERROR, LOCATION, NULL,
2696 			"no policy found: %s\n",
2697 			spidx2str(&spidx));
2698 		return -1;
2699 	}
2700 
2701 	remsp(sp);
2702 	delsp(sp);
2703 
2704 	return 0;
2705 }
2706 
2707 static int
pk_recvspdget(mhp)2708 pk_recvspdget(mhp)
2709 	caddr_t *mhp;
2710 {
2711 	/* sanity check */
2712 	if (mhp[0] == NULL) {
2713 		plog(LLV_ERROR, LOCATION, NULL,
2714 			"inappropriate sadb spdget message passed.\n");
2715 		return -1;
2716 	}
2717 
2718 	return 0;
2719 }
2720 
2721 static int
pk_recvspddump(mhp)2722 pk_recvspddump(mhp)
2723 	caddr_t *mhp;
2724 {
2725 	struct sadb_msg *msg;
2726 	struct sadb_address *saddr, *daddr;
2727 	struct sadb_x_policy *xpl;
2728 	struct sadb_lifetime *lt;
2729 	struct policyindex spidx;
2730 	struct secpolicy *sp;
2731 	struct sockaddr *local=NULL, *remote=NULL;
2732 	u_int64_t created;
2733 	int ret;
2734 
2735 	/* sanity check */
2736 	if (mhp[0] == NULL) {
2737 		plog(LLV_ERROR, LOCATION, NULL,
2738 			"inappropriate sadb spddump message passed.\n");
2739 		return -1;
2740 	}
2741 	msg = (struct sadb_msg *)mhp[0];
2742 	saddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_SRC];
2743 	daddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_DST];
2744 	xpl = (struct sadb_x_policy *)mhp[SADB_X_EXT_POLICY];
2745 	lt = (struct sadb_lifetime*)mhp[SADB_EXT_LIFETIME_HARD];
2746 	if(lt != NULL)
2747 		created = lt->sadb_lifetime_addtime;
2748 	else
2749 		created = 0;
2750 
2751 	if (saddr == NULL || daddr == NULL || xpl == NULL) {
2752 		plog(LLV_ERROR, LOCATION, NULL,
2753 			"inappropriate sadb spddump message passed.\n");
2754 		return -1;
2755 	}
2756 
2757 #ifdef HAVE_PFKEY_POLICY_PRIORITY
2758 	KEY_SETSECSPIDX(xpl->sadb_x_policy_dir,
2759 			saddr + 1,
2760 			daddr + 1,
2761 			saddr->sadb_address_prefixlen,
2762 			daddr->sadb_address_prefixlen,
2763 			saddr->sadb_address_proto,
2764 			xpl->sadb_x_policy_priority,
2765 			created,
2766 			&spidx);
2767 #else
2768 	KEY_SETSECSPIDX(xpl->sadb_x_policy_dir,
2769 			saddr + 1,
2770 			daddr + 1,
2771 			saddr->sadb_address_prefixlen,
2772 			daddr->sadb_address_prefixlen,
2773 			saddr->sadb_address_proto,
2774 			created,
2775 			&spidx);
2776 #endif
2777 
2778 #ifdef HAVE_SECCTX
2779 	if (mhp[SADB_X_EXT_SEC_CTX] != NULL) {
2780 		struct sadb_x_sec_ctx *ctx;
2781 
2782 		ctx = (struct sadb_x_sec_ctx *)mhp[SADB_X_EXT_SEC_CTX];
2783 		spidx.sec_ctx.ctx_alg = ctx->sadb_x_ctx_alg;
2784 		spidx.sec_ctx.ctx_doi = ctx->sadb_x_ctx_doi;
2785 		spidx.sec_ctx.ctx_strlen = ctx->sadb_x_ctx_len;
2786 		memcpy(spidx.sec_ctx.ctx_str, ctx + 1, ctx->sadb_x_ctx_len);
2787 	}
2788 #endif /* HAVE_SECCTX */
2789 
2790 	sp = getsp(&spidx);
2791 	if (sp != NULL) {
2792 		plog(LLV_ERROR, LOCATION, NULL,
2793 			"such policy already exists. "
2794 			"anyway replace it: %s\n",
2795 			spidx2str(&spidx));
2796 
2797 		/* preserve hints before deleting the SP */
2798 		local = sp->local;
2799 		remote = sp->remote;
2800 		sp->local = NULL;
2801 		sp->remote = NULL;
2802 
2803 		remsp(sp);
2804 		delsp(sp);
2805 	}
2806 
2807 	/* Add new SP (with old hints) */
2808 	ret = addnewsp(mhp, local, remote);
2809 
2810 	if (local != NULL)
2811 		racoon_free(local);
2812 	if (remote != NULL)
2813 		racoon_free(remote);
2814 
2815 	if (ret < 0)
2816 		return -1;
2817 
2818 	return 0;
2819 }
2820 
2821 static int
pk_recvspdflush(mhp)2822 pk_recvspdflush(mhp)
2823 	caddr_t *mhp;
2824 {
2825 	/* sanity check */
2826 	if (mhp[0] == NULL) {
2827 		plog(LLV_ERROR, LOCATION, NULL,
2828 			"inappropriate sadb spdflush message passed.\n");
2829 		return -1;
2830 	}
2831 
2832 	flushsp();
2833 
2834 	return 0;
2835 }
2836 
2837 #if defined(SADB_X_MIGRATE) && defined(SADB_X_EXT_KMADDRESS)
2838 
2839 /* MIGRATE support (pk_recvmigrate() is the handler of MIGRATE message).
2840  *
2841  * pk_recvmigrate()
2842  *   1) some preprocessing and checks
2843  *   2) parsing of sadb_x_kmaddress extension
2844  *   3) SP lookup using selectors and content of policy extension from MIGRATE
2845  *   4) resolution of current local and remote IKE addresses
2846  *   5) Use of addresses to get Phase 1 handler if any
2847  *   6) Update of IKE addresses in Phase 1 (iph1->local and iph1->remote)
2848  *   7) Update of IKE addresses in Phase 2 (iph2->src and iph2->dst)
2849  *   8) Update of IKE addresses in SP (sp->local and sp->remote)
2850  *   9) Loop on sadb_x_ipsecrequests pairs from MIGRATE
2851  *      - update of associated ipsecrequests entries in sp->req (should be
2852  *        only one as racoon does not support bundles), i.e. update of
2853  *        tunnel endpoints when required.
2854  *      - If tunnel mode endpoints have been updated, lookup of associated
2855  *        Phase 2 handle to also update sa_src and sa_dst entries
2856  *
2857  * XXX Note that we do not support yet the update of SA addresses for transport
2858  *     mode, but only the update of SA addresses for tunnel mode (endpoints).
2859  *     Reasons are:
2860  *      - there is no initial need for MIPv6
2861  *      - racoon does not support bundles
2862  *      - this would imply more work to deal with sainfo update (if feasible).
2863  */
2864 
2865 /* Generic argument structure for migration callbacks */
2866 struct migrate_args {
2867 	struct sockaddr *local;
2868 	struct sockaddr *remote;
2869 };
2870 
2871 /*
2872  * Update local and remote addresses of given Phase 1. Schedule removal
2873  * if negotiation was going on and restart a one from updated address.
2874  *
2875  * -1 is returned on error. 0 if everything went right.
2876  */
2877 static int
migrate_ph1_ike_addresses(iph1,arg)2878 migrate_ph1_ike_addresses(iph1, arg)
2879         struct ph1handle *iph1;
2880         void *arg;
2881 {
2882 	struct migrate_args *ma = (struct migrate_args *) arg;
2883 	struct remoteconf *rmconf;
2884 	u_int16_t port;
2885 
2886 	/* Already up-to-date? */
2887 	if (cmpsaddr(iph1->local, ma->local) == CMPSADDR_MATCH &&
2888 	    cmpsaddr(iph1->remote, ma->remote) == CMPSADDR_MATCH)
2889 		return 0;
2890 
2891 	if (iph1->status < PHASE1ST_ESTABLISHED) {
2892 		/* Bad luck! We received a MIGRATE *while* negotiating
2893 		 * Phase 1 (i.e. it was not established yet). If we act as
2894 		 * initiator we need to restart the negotiation. As
2895 		 * responder, our best bet is to update our addresses
2896 		 * and wait for the initiator to do something */
2897 		plog(LLV_WARNING, LOCATION, NULL, "MIGRATE received *during* "
2898 		     "Phase 1 negotiation (%s).\n",
2899 		     saddr2str_fromto("%s => %s", ma->local, ma->remote));
2900 
2901 		/* If we are not acting as initiator, let's just leave and
2902 		 * let the remote peer handle the restart */
2903 		rmconf = getrmconf(ma->remote, 0);
2904 		if (rmconf == NULL || !rmconf->passive) {
2905 			iph1->status = PHASE1ST_EXPIRED;
2906 			isakmp_ph1delete(iph1);
2907 
2908 			/* This is unlikely, but let's just check if a Phase 1
2909 			 * for the new addresses already exist */
2910 			if (getph1byaddr(ma->local, ma->remote, 0)) {
2911 				plog(LLV_WARNING, LOCATION, NULL, "No need "
2912 				     "to start a new Phase 1 negotiation. One "
2913 				     "already exists.\n");
2914 				return 0;
2915 			}
2916 
2917 			plog(LLV_WARNING, LOCATION, NULL, "As initiator, "
2918 			     "restarting it.\n");
2919 			 /* Note that the insertion of the new Phase 1 will not
2920 			  * interfere with the fact we are called from enumph1,
2921 			  * because it is inserted as first element. --arno */
2922 			isakmp_ph1begin_i(rmconf, ma->local, ma->remote);
2923 
2924 			return 0;
2925 		}
2926 	}
2927 
2928 	if (iph1->local != NULL) {
2929 		plog(LLV_DEBUG, LOCATION, NULL, "Migrating Phase 1 local "
2930 		     "address from %s\n",
2931 		     saddr2str_fromto("%s to %s", iph1->local, ma->local));
2932 		port = extract_port(iph1->local);
2933 		racoon_free(iph1->local);
2934 	} else
2935 		port = 0;
2936 
2937 	iph1->local = dupsaddr(ma->local);
2938 	if (iph1->local == NULL) {
2939 		plog(LLV_ERROR, LOCATION, NULL, "unable to allocate "
2940 		     "Phase 1 local address.\n");
2941 		return -1;
2942 	}
2943 	set_port(iph1->local, port);
2944 
2945 	if (iph1->remote != NULL) {
2946 		plog(LLV_DEBUG, LOCATION, NULL, "Migrating Phase 1 remote "
2947 		     "address from %s\n",
2948 		     saddr2str_fromto("%s to %s", iph1->remote, ma->remote));
2949 		port = extract_port(iph1->remote);
2950 		racoon_free(iph1->remote);
2951 	} else
2952 		port = 0;
2953 
2954 	iph1->remote = dupsaddr(ma->remote);
2955 	if (iph1->remote == NULL) {
2956 		plog(LLV_ERROR, LOCATION, NULL, "unable to allocate "
2957 		     "Phase 1 remote address.\n");
2958 		return -1;
2959 	}
2960 	set_port(iph1->remote, port);
2961 
2962 	return 0;
2963 }
2964 
2965 /* Update src and dst of all current Phase 2 handles.
2966  * with provided local and remote addresses.
2967  * Our intent is NOT to modify IPsec SA endpoints but IKE
2968  * addresses so we need to take care to separate those if
2969  * they are different. -1 is returned on error. 0 if everything
2970  * went right.
2971  *
2972  * Note: we do not maintain port information as it is not
2973  *       expected to be meaningful --arno
2974  */
2975 static int
migrate_ph2_ike_addresses(iph2,arg)2976 migrate_ph2_ike_addresses(iph2, arg)
2977 	struct ph2handle *iph2;
2978 	void *arg;
2979 {
2980 	struct migrate_args *ma = (struct migrate_args *) arg;
2981 	struct ph1handle *iph1;
2982 
2983 	/* If Phase 2 has an associated Phase 1, migrate addresses */
2984 	if (iph2->ph1)
2985 		migrate_ph1_ike_addresses(iph2->ph1, arg);
2986 
2987 	/* Already up-to-date? */
2988 	if (cmpsaddr(iph2->src, ma->local) == CMPSADDR_MATCH &&
2989 	    cmpsaddr(iph2->dst, ma->remote) == CMPSADDR_MATCH)
2990 		return 0;
2991 
2992 	/* save src/dst as sa_src/sa_dst before rewriting */
2993 	if (iph2->sa_src == NULL && iph2->sa_dst == NULL) {
2994 		iph2->sa_src = iph2->src;
2995 		iph2->sa_dst = iph2->dst;
2996 		iph2->src = NULL;
2997 		iph2->dst = NULL;
2998 	}
2999 
3000 	if (iph2->src != NULL)
3001 		racoon_free(iph2->src);
3002 	iph2->src = dupsaddr(ma->local);
3003 	if (iph2->src == NULL) {
3004 		plog(LLV_ERROR, LOCATION, NULL,
3005 		     "unable to allocate Phase 2 src address.\n");
3006 		return -1;
3007 	}
3008 
3009 	if (iph2->dst != NULL)
3010 		racoon_free(iph2->dst);
3011 	iph2->dst = dupsaddr(ma->remote);
3012 	if (iph2->dst == NULL) {
3013 		plog(LLV_ERROR, LOCATION, NULL,
3014 		     "unable to allocate Phase 2 dst address.\n");
3015 		return -1;
3016 	}
3017 
3018 	return 0;
3019 }
3020 
3021 /* Consider existing Phase 2 handles with given spid and update their source
3022  * and destination addresses for SA. As racoon does not support bundles, if
3023  * we modify multiple occurrences, this probably imply rekeying has happened.
3024  *
3025  * Both addresses passed to the function are expected not to be NULL and of
3026  * same family. -1 is returned on error. 0 if everything went right.
3027  *
3028  * Specific care is needed to support Phase 2 for which negotiation has
3029  * already started but are which not yet established.
3030  */
3031 static int
migrate_ph2_sa_addresses(iph2,args)3032 migrate_ph2_sa_addresses(iph2, args)
3033 	struct ph2handle *iph2;
3034 	void *args;
3035 {
3036 	struct migrate_args *ma = (struct migrate_args *) args;
3037 
3038 	if (iph2->sa_src != NULL) {
3039 		racoon_free(iph2->sa_src);
3040 		iph2->sa_src = NULL;
3041 	}
3042 
3043 	if (iph2->sa_dst != NULL) {
3044 		racoon_free(iph2->sa_dst);
3045 		iph2->sa_dst = NULL;
3046 	}
3047 
3048 	iph2->sa_src = dupsaddr(ma->local);
3049 	if (iph2->sa_src == NULL) {
3050 		plog(LLV_ERROR, LOCATION, NULL,
3051 		     "unable to allocate Phase 2 sa_src address.\n");
3052 		return -1;
3053 	}
3054 
3055 	iph2->sa_dst = dupsaddr(ma->remote);
3056 	if (iph2->sa_dst == NULL) {
3057 		plog(LLV_ERROR, LOCATION, NULL,
3058 		     "unable to allocate Phase 2 sa_dst address.\n");
3059 		return -1;
3060 	}
3061 
3062 	if (iph2->status < PHASE2ST_ESTABLISHED) {
3063 		struct remoteconf *rmconf;
3064 		/* We were negotiating for that SA when we received the MIGRATE.
3065 		 * We cannot simply update the addresses and let the exchange
3066 		 * go on. We have to restart the whole negotiation if we are
3067 		 * the initiator. Otherwise (acting as responder), we just need
3068 		 * to delete our ph2handle and wait for the initiator to start
3069 		 * a new negotiation. */
3070 
3071 		if (iph2->ph1 && iph2->ph1->rmconf)
3072 			rmconf = iph2->ph1->rmconf;
3073 		else
3074 			rmconf = getrmconf(iph2->dst, 0);
3075 
3076 		if (rmconf && !rmconf->passive) {
3077 			struct ph1handle *iph1hint;
3078 
3079 			plog(LLV_WARNING, LOCATION, iph2->dst, "MIGRATE received "
3080 			     "*during* IPsec SA negotiation. As initiator, "
3081 			     "restarting it.\n");
3082 
3083 			/* Turn off expiration timer ...*/
3084 			sched_cancel(&iph2->sce);
3085 			iph2->status = PHASE2ST_EXPIRED;
3086 
3087 			/* ... clean Phase 2 handle ... */
3088 			iph1hint = iph2->ph1;
3089 			initph2(iph2);
3090 			iph2->status = PHASE2ST_STATUS2;
3091 
3092 			/* and start a new negotiation */
3093 			if (isakmp_post_acquire(iph2, iph1hint, FALSE) < 0) {
3094 				plog(LLV_ERROR, LOCATION, iph2->dst, "failed "
3095 				     "to begin IPsec SA renegotiation after "
3096 				     "MIGRATE reception.\n");
3097 				remph2(iph2);
3098 				delph2(iph2);
3099 				return -1;
3100 			}
3101 		} else {
3102 			plog(LLV_WARNING, LOCATION, iph2->dst, "MIGRATE received "
3103 			     "*during* IPsec SA negotiation. As responder, let's"
3104 			     "wait for the initiator to act.\n");
3105 
3106 			/* Simply schedule deletion */
3107 			isakmp_ph2expire(iph2);
3108 		}
3109 	}
3110 
3111 	return 0;
3112 }
3113 
3114 /* Update SP hints (local and remote addresses) for future IKE
3115  * negotiations of SA associated with that SP. -1 is returned
3116  * on error. 0 if everything went right.
3117  *
3118  * Note: we do not maintain port information as it is not
3119  *       expected to be meaningful --arno
3120  */
3121 static int
migrate_sp_ike_addresses(sp,local,remote)3122 migrate_sp_ike_addresses(sp, local, remote)
3123         struct secpolicy *sp;
3124         struct sockaddr *local, *remote;
3125 {
3126 	if (sp == NULL || local == NULL || remote == NULL)
3127 		return -1;
3128 
3129 	if (sp->local != NULL)
3130 		racoon_free(sp->local);
3131 
3132 	sp->local = dupsaddr(local);
3133 	if (sp->local == NULL) {
3134 		plog(LLV_ERROR, LOCATION, NULL, "unable to allocate "
3135 		     "local hint for SP.\n");
3136 		return -1;
3137 	}
3138 
3139 	if (sp->remote != NULL)
3140 		racoon_free(sp->remote);
3141 
3142 	sp->remote = dupsaddr(remote);
3143 	if (sp->remote == NULL) {
3144 		plog(LLV_ERROR, LOCATION, NULL, "unable to allocate "
3145 		     "remote hint for SP.\n");
3146 		return -1;
3147 	}
3148 
3149 	return 0;
3150 }
3151 
3152 /* Given current ipsecrequest (isr_cur) to be migrated in considered
3153    tree, the function first checks that it matches the expected one
3154    (xisr_old) provided in MIGRATE message and then updates the addresses
3155    if it is tunnel mode (with content of xisr_new). Various other checks
3156    are performed. For transport mode, structures are not modified, only
3157    the checks are done. -1 is returned on error. */
3158 static int
migrate_ph2_one_isr(spid,isr_cur,xisr_old,xisr_new)3159 migrate_ph2_one_isr(spid, isr_cur, xisr_old, xisr_new)
3160         u_int32_t spid;
3161         struct ipsecrequest *isr_cur;
3162 	struct sadb_x_ipsecrequest *xisr_old, *xisr_new;
3163 {
3164 	struct secasindex *saidx = &isr_cur->saidx;
3165 	struct sockaddr *osaddr, *odaddr, *nsaddr, *ndaddr;
3166 	struct ph2selector ph2sel;
3167 	struct migrate_args ma;
3168 
3169 	/* First, check that mode and proto do match */
3170 	if (xisr_old->sadb_x_ipsecrequest_proto != saidx->proto ||
3171 	    xisr_old->sadb_x_ipsecrequest_mode != saidx->mode ||
3172 	    xisr_new->sadb_x_ipsecrequest_proto != saidx->proto ||
3173 	    xisr_new->sadb_x_ipsecrequest_mode != saidx->mode)
3174 		return -1;
3175 
3176 	/* Then, verify reqid if necessary */
3177 	if (isr_cur->saidx.reqid &&
3178 	    (xisr_old->sadb_x_ipsecrequest_level != IPSEC_LEVEL_UNIQUE ||
3179 	     xisr_new->sadb_x_ipsecrequest_level != IPSEC_LEVEL_UNIQUE ||
3180 	     isr_cur->saidx.reqid != xisr_old->sadb_x_ipsecrequest_reqid ||
3181 	     isr_cur->saidx.reqid != xisr_new->sadb_x_ipsecrequest_reqid))
3182 		return -1;
3183 
3184 	/* If not tunnel mode, our work is over */
3185 	if (saidx->mode != IPSEC_MODE_TUNNEL) {
3186 		plog(LLV_DEBUG, LOCATION, NULL, "SADB_X_MIGRATE: "
3187 		     "non tunnel mode isr, skipping SA address migration.\n");
3188 		return 0;
3189 	}
3190 
3191 	/* Tunnel mode: let's check addresses do match and then update them. */
3192 	osaddr = (struct sockaddr *)(xisr_old + 1);
3193 	odaddr = (struct sockaddr *)(((u_int8_t *)osaddr) + sysdep_sa_len(osaddr));
3194 	nsaddr = (struct sockaddr *)(xisr_new + 1);
3195 	ndaddr = (struct sockaddr *)(((u_int8_t *)nsaddr) + sysdep_sa_len(nsaddr));
3196 
3197 	/* Check family does match */
3198 	if (osaddr->sa_family != odaddr->sa_family ||
3199 	    nsaddr->sa_family != ndaddr->sa_family)
3200 		return -1;
3201 
3202 	/* Check family does match */
3203 	if (saidx->src.ss_family != osaddr->sa_family)
3204 		return -1;
3205 
3206 	/* We log IPv4 to IPv6 and IPv6 to IPv4 switches */
3207 	if (nsaddr->sa_family != osaddr->sa_family)
3208 		plog(LLV_INFO, LOCATION, NULL, "SADB_X_MIGRATE: "
3209 		     "changing address families (%d to %d) for endpoints.\n",
3210 		     osaddr->sa_family, nsaddr->sa_family);
3211 
3212 	if (cmpsaddr(osaddr, (struct sockaddr *) &saidx->src) != CMPSADDR_MATCH ||
3213 	    cmpsaddr(odaddr, (struct sockaddr *) &saidx->dst) != CMPSADDR_MATCH) {
3214 		plog(LLV_DEBUG, LOCATION, NULL, "SADB_X_MIGRATE: "
3215 		     "mismatch of addresses in saidx and xisr.\n");
3216 		return -1;
3217 	}
3218 
3219 	/* Excellent. Let's grab associated Phase 2 handle (if any)
3220 	 * and update its sa_src and sa_dst entries.  Note that we
3221 	 * make the assumption that racoon does not support bundles
3222 	 * and make the lookup using spid: we blindly update
3223 	 * sa_src and sa_dst for _all_ found Phase 2 handles */
3224 	memset(&ph2sel, 0, sizeof(ph2sel));
3225 	ph2sel.spid = spid;
3226 
3227 	memset(&ma, 0, sizeof(ma));
3228 	ma.local = nsaddr;
3229 	ma.remote = ndaddr;
3230 
3231 	if (enumph2(&ph2sel, migrate_ph2_sa_addresses, &ma) < 0)
3232 		return -1;
3233 
3234 	/* Now we can do the update of endpoints in secasindex */
3235 	memcpy(&saidx->src, nsaddr, sysdep_sa_len(nsaddr));
3236 	memcpy(&saidx->dst, ndaddr, sysdep_sa_len(ndaddr));
3237 
3238 	return 0;
3239 }
3240 
3241 /* Process the raw (unparsed yet) list of sadb_x_ipsecrequests of MIGRATE
3242  * message. For each sadb_x_ipsecrequest pair (old followed by new),
3243  * the corresponding ipsecrequest entry in the SP is updated. Associated
3244  * existing Phase 2 handle is also updated (if any) */
3245 static int
migrate_sp_isr_list(sp,xisr_list,xisr_list_len)3246 migrate_sp_isr_list(sp, xisr_list, xisr_list_len)
3247         struct secpolicy *sp;
3248 	struct sadb_x_ipsecrequest *xisr_list;
3249 	int xisr_list_len;
3250 {
3251 	struct sadb_x_ipsecrequest *xisr_new, *xisr_old = xisr_list;
3252 	int xisr_old_len, xisr_new_len;
3253 	struct ipsecrequest *isr_cur;
3254 
3255 	isr_cur = sp->req; /* ipsecrequest list from sp */
3256 
3257 	while (xisr_list_len > 0 && isr_cur != NULL) {
3258 		/* Get old xisr (length field is in bytes) */
3259 		xisr_old_len = xisr_old->sadb_x_ipsecrequest_len;
3260 		if (xisr_old_len < sizeof(*xisr_old) ||
3261 		    xisr_old_len + sizeof(*xisr_new) > xisr_list_len) {
3262 			plog(LLV_ERROR, LOCATION, NULL, "SADB_X_MIGRATE: "
3263 			     "invalid ipsecrequest length. Exiting.\n");
3264 			return -1;
3265 		}
3266 
3267 		/* Get new xisr with updated info */
3268 		xisr_new = (struct sadb_x_ipsecrequest *)(((u_int8_t *)xisr_old) + xisr_old_len);
3269 		xisr_new_len = xisr_new->sadb_x_ipsecrequest_len;
3270 		if (xisr_new_len < sizeof(*xisr_new) ||
3271 		    xisr_new_len + xisr_old_len > xisr_list_len) {
3272 			plog(LLV_ERROR, LOCATION, NULL, "SADB_X_MIGRATE: "
3273 			     "invalid ipsecrequest length. Exiting.\n");
3274 			return -1;
3275 		}
3276 
3277 		/* Start by migrating current ipsecrequest from SP */
3278 		if (migrate_ph2_one_isr(sp->id, isr_cur, xisr_old, xisr_new) == -1) {
3279 			plog(LLV_ERROR, LOCATION, NULL, "SADB_X_MIGRATE: "
3280 			     "Unable to match and migrate isr. Exiting.\n");
3281 			return -1;
3282 		}
3283 
3284 		/* Update pointers for next round */
3285 		xisr_list_len -= xisr_old_len + xisr_new_len;
3286 		xisr_old = (struct sadb_x_ipsecrequest *)(((u_int8_t *)xisr_new) +
3287 							  xisr_new_len);
3288 
3289 		isr_cur = isr_cur->next; /* Get next ipsecrequest from SP */
3290 	}
3291 
3292 	/* Check we had the same amount of pairs in the MIGRATE
3293 	   as the number of ipsecrequests in the SP */
3294 	if ((xisr_list_len != 0) || isr_cur != NULL) {
3295 		plog(LLV_ERROR, LOCATION, NULL, "SADB_X_MIGRATE: "
3296 		     "number of ipsecrequest does not match the one in SP.\n");
3297 		return -1;
3298 	}
3299 
3300 	return 0;
3301 }
3302 
3303 /* Parse sadb_x_kmaddress extension and make local and remote
3304  * parameters point to the new addresses (zero copy). -1 is
3305  * returned on error, meaning that addresses are not usable */
3306 static int
parse_kmaddress(kmaddr,local,remote)3307 parse_kmaddress(kmaddr, local, remote)
3308         struct sadb_x_kmaddress *kmaddr;
3309 	struct sockaddr **local, **remote;
3310 {
3311 	int addrslen, local_len=0;
3312 	struct ph1handle *iph1;
3313 
3314 	if (kmaddr == NULL)
3315 		return -1;
3316 
3317 	/* Grab addresses in sadb_x_kmaddress extension */
3318 	addrslen = PFKEY_EXTLEN(kmaddr) - sizeof(*kmaddr);
3319 	if (addrslen < sizeof(struct sockaddr))
3320 		return -1;
3321 
3322 	*local = (struct sockaddr *)(kmaddr + 1);
3323 
3324 	switch ((*local)->sa_family) {
3325 	case AF_INET:
3326 		local_len = sizeof(struct sockaddr_in);
3327 		break;
3328 #ifdef INET6
3329 	case AF_INET6:
3330 		local_len = sizeof(struct sockaddr_in6);
3331 		break;
3332 #endif
3333 	default:
3334 		return -1;
3335 	}
3336 
3337 	if (addrslen != PFKEY_ALIGN8(2*local_len))
3338 		return -1;
3339 
3340 	*remote = (struct sockaddr *)(((u_int8_t *)(*local)) + local_len);
3341 
3342 	if ((*local)->sa_family != (*remote)->sa_family)
3343 		return -1;
3344 
3345 	return 0;
3346 }
3347 
3348 /* Handler of PF_KEY MIGRATE message. Helpers are above */
3349 static int
pk_recvmigrate(mhp)3350 pk_recvmigrate(mhp)
3351 	caddr_t *mhp;
3352 {
3353 	struct sadb_address *saddr, *daddr;
3354 	struct sockaddr *old_saddr, *new_saddr;
3355 	struct sockaddr *old_daddr, *new_daddr;
3356 	struct sockaddr *old_local, *old_remote;
3357 	struct sockaddr *local, *remote;
3358 	struct sadb_x_kmaddress *kmaddr;
3359 	struct sadb_x_policy *xpl;
3360 	struct sadb_x_ipsecrequest *xisr_list;
3361 	struct sadb_lifetime *lt;
3362 	struct policyindex spidx;
3363 	struct secpolicy *sp;
3364 	struct ipsecrequest *isr_cur;
3365 	struct secasindex *oldsaidx;
3366 	struct ph2handle *iph2;
3367 	struct ph1handle *iph1;
3368 	struct ph2selector ph2sel;
3369 	struct ph1selector ph1sel;
3370 	u_int32_t spid;
3371 	u_int64_t created;
3372 	int xisr_list_len;
3373 	int ulproto;
3374 	struct migrate_args ma;
3375 
3376 	/* Some sanity checks */
3377 
3378 	if (mhp[0] == NULL
3379 	 || mhp[SADB_EXT_ADDRESS_SRC] == NULL
3380 	 || mhp[SADB_EXT_ADDRESS_DST] == NULL
3381 	 || mhp[SADB_X_EXT_KMADDRESS] == NULL
3382 	 || mhp[SADB_X_EXT_POLICY] == NULL) {
3383 		plog(LLV_ERROR, LOCATION, NULL,
3384 			"SADB_X_MIGRATE: invalid MIGRATE message received.\n");
3385 		return -1;
3386 	}
3387 	kmaddr = (struct sadb_x_kmaddress *)mhp[SADB_X_EXT_KMADDRESS];
3388 	saddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_SRC];
3389 	daddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_DST];
3390 	xpl = (struct sadb_x_policy *)mhp[SADB_X_EXT_POLICY];
3391 	lt = (struct sadb_lifetime*)mhp[SADB_EXT_LIFETIME_HARD];
3392 	if (lt != NULL)
3393 		created = lt->sadb_lifetime_addtime;
3394 	else
3395 		created = 0;
3396 
3397 	if (xpl->sadb_x_policy_type != IPSEC_POLICY_IPSEC) {
3398 		plog(LLV_WARNING, LOCATION, NULL,"SADB_X_MIGRATE: "
3399 		     "found non IPsec policy in MIGRATE message. Exiting.\n");
3400 		return -1;
3401 	}
3402 
3403 	if (PFKEY_EXTLEN(xpl) < sizeof(*xpl)) {
3404 		plog(LLV_ERROR, LOCATION, NULL, "SADB_X_MIGRATE: "
3405 		     "invalid size for sadb_x_policy. Exiting.\n");
3406 		return -1;
3407 	}
3408 
3409 	/* Some logging to help debbugging */
3410 	if (xpl->sadb_x_policy_dir == IPSEC_DIR_OUTBOUND)
3411 		plog(LLV_DEBUG, LOCATION, NULL,
3412 		     "SADB_X_MIGRATE: Outbound SA being migrated.\n");
3413 	else
3414 		plog(LLV_DEBUG, LOCATION, NULL,
3415 		     "SADB_X_MIGRATE: Inbound SA being migrated.\n");
3416 
3417 	/* validity check */
3418 	xisr_list = (struct sadb_x_ipsecrequest *)(xpl + 1);
3419 	xisr_list_len = PFKEY_EXTLEN(xpl) - sizeof(*xpl);
3420 	if (xisr_list_len < sizeof(*xisr_list)) {
3421 		plog(LLV_ERROR, LOCATION, NULL, "SADB_X_MIGRATE: "
3422 		     "invalid sadb_x_policy message length. Exiting.\n");
3423 		return -1;
3424 	}
3425 
3426 	if (parse_kmaddress(kmaddr, &local, &remote) == -1) {
3427 		plog(LLV_ERROR, LOCATION, NULL, "SADB_X_MIGRATE: "
3428 		     "invalid sadb_x_kmaddress extension. Exiting.\n");
3429 		return -1;
3430 	}
3431 
3432 	/* 0 means ANY */
3433 	if (saddr->sadb_address_proto == 0)
3434 		ulproto = IPSEC_ULPROTO_ANY;
3435 	else
3436 		ulproto = saddr->sadb_address_proto;
3437 
3438 #ifdef HAVE_PFKEY_POLICY_PRIORITY
3439 	KEY_SETSECSPIDX(xpl->sadb_x_policy_dir,
3440 			saddr + 1,
3441 			daddr + 1,
3442 			saddr->sadb_address_prefixlen,
3443 			daddr->sadb_address_prefixlen,
3444 			ulproto,
3445 			xpl->sadb_x_policy_priority,
3446 			created,
3447 			&spidx);
3448 #else
3449 	KEY_SETSECSPIDX(xpl->sadb_x_policy_dir,
3450 			saddr + 1,
3451 			daddr + 1,
3452 			saddr->sadb_address_prefixlen,
3453 			daddr->sadb_address_prefixlen,
3454 			ulproto,
3455 			created,
3456 			&spidx);
3457 #endif
3458 
3459 	/* Everything seems ok, let's get the SP.
3460 	 *
3461 	 * XXX We could also do the lookup using the spid from xpl.
3462 	 *     I don't know which one is better.  --arno */
3463 	sp = getsp(&spidx);
3464 	if (sp == NULL) {
3465 		plog(LLV_ERROR, LOCATION, NULL,
3466 			"SADB_X_MIGRATE: Passed policy does not exist: %s\n",
3467 			spidx2str(&spidx));
3468 		return -1;
3469 	}
3470 
3471 	/* Get the best source and destination addresses used for IKE
3472 	 * negotiation, to find and migrate existing Phase 1 */
3473 	if (sp->local && sp->remote) {
3474 		/* hints available, let's use them */
3475 		old_local  = (struct sockaddr *)sp->local;
3476 		old_remote = (struct sockaddr *)sp->remote;
3477 	} else if (sp->req && sp->req->saidx.mode == IPSEC_MODE_TUNNEL) {
3478 		/* Tunnel mode and no hint, use endpoints */
3479 		old_local  = (struct sockaddr *)&sp->req->saidx.src;
3480 		old_remote = (struct sockaddr *)&sp->req->saidx.dst;
3481 	} else {
3482 		/* default, use selectors as fallback */
3483 		old_local  = (struct sockaddr *)&sp->spidx.src;
3484 		old_remote = (struct sockaddr *)&sp->spidx.dst;
3485 	}
3486 
3487 	/* We migrate all Phase 1 that match our old local and remote
3488 	 * addresses (no matter their state).
3489 	 *
3490 	 * XXX In fact, we should probably havea special treatment for
3491 	 * Phase 1 that are being established when we receive a MIGRATE.
3492 	 * This can happen if a movement occurs during the initial IKE
3493 	 * negotiation. In that case, I wonder if should restart the
3494 	 * negotiation from the new address or just update things like
3495 	 * we do it now.
3496 	 *
3497 	 * XXX while looking at getph1byaddr(), the comment at the
3498 	 * beginning of the function expects comparison to happen
3499 	 * without ports considerations but it uses CMPSADDR() which
3500 	 * relies either on cmpsaddrstrict() or cmpsaddrwop() based
3501 	 * on NAT-T support being activated. That make me wonder if I
3502 	 * should force ports to 0 (ANY) in local and remote values
3503 	 * used below.
3504 	 *
3505 	 * -- arno */
3506 
3507 	/* Apply callback data ...*/
3508 	memset(&ma, 0, sizeof(ma));
3509 	ma.local = local;
3510 	ma.remote = remote;
3511 
3512 	/* Fill phase1 match criteria ... */
3513 	memset(&ph1sel, 0, sizeof(ph1sel));
3514 	ph1sel.local = old_local;
3515 	ph1sel.remote = old_remote;
3516 
3517 
3518 	/* Have matching Phase 1 found and addresses updated. As this is a
3519 	 * time consuming task on a busy responder, and MIGRATE messages
3520 	 * are always sent for *both* inbound and outbound (and possibly
3521 	 * forward), we only do that for outbound SP. */
3522 	if (xpl->sadb_x_policy_dir == IPSEC_DIR_OUTBOUND &&
3523 	    enumph1(&ph1sel, migrate_ph1_ike_addresses, &ma) < 0) {
3524 		plog(LLV_ERROR, LOCATION, NULL, "SADB_X_MIGRATE: Unable "
3525 		     "to migrate Phase 1 addresses.\n");
3526 		return -1;
3527 	}
3528 
3529 	/* We can now update IKE addresses in Phase 2 handle. */
3530 	memset(&ph2sel, 0, sizeof(ph2sel));
3531 	ph2sel.spid = sp->id;
3532 	if (enumph2(&ph2sel, migrate_ph2_ike_addresses, &ma) < 0) {
3533 		plog(LLV_ERROR, LOCATION, NULL, "SADB_X_MIGRATE: Unable "
3534 		     "to migrate Phase 2 IKE addresses.\n");
3535 		return -1;
3536 	}
3537 
3538 	/* and _then_ in SP. */
3539 	if (migrate_sp_ike_addresses(sp, local, remote) < 0) {
3540 		plog(LLV_ERROR, LOCATION, NULL,
3541 		     "SADB_X_MIGRATE: Unable to migrate SP IKE addresses.\n");
3542 		return -1;
3543 	}
3544 
3545 	/* Loop on sadb_x_ipsecrequest list to possibly update sp->req
3546 	 * entries and associated live Phase 2 handles (their sa_src
3547 	 * and sa_dst) */
3548 	if (migrate_sp_isr_list(sp, xisr_list, xisr_list_len) < 0) {
3549 		plog(LLV_ERROR, LOCATION, NULL,
3550 		     "SADB_X_MIGRATE: Unable to migrate isr list.\n");
3551 		return -1;
3552 	}
3553 
3554 	return 0;
3555 }
3556 #endif
3557 
3558 /*
3559  * send error against acquire message to kernel.
3560  */
3561 int
pk_sendeacquire(iph2)3562 pk_sendeacquire(iph2)
3563 	struct ph2handle *iph2;
3564 {
3565 	struct sadb_msg *newmsg;
3566 	int len;
3567 
3568 	len = sizeof(struct sadb_msg);
3569 	newmsg = racoon_calloc(1, len);
3570 	if (newmsg == NULL) {
3571 		plog(LLV_ERROR, LOCATION, NULL,
3572 			"failed to get buffer to send acquire.\n");
3573 		return -1;
3574 	}
3575 
3576 	memset(newmsg, 0, len);
3577 	newmsg->sadb_msg_version = PF_KEY_V2;
3578 	newmsg->sadb_msg_type = SADB_ACQUIRE;
3579 	newmsg->sadb_msg_errno = ENOENT;	/* XXX */
3580 	newmsg->sadb_msg_satype = iph2->satype;
3581 	newmsg->sadb_msg_len = PFKEY_UNIT64(len);
3582 	newmsg->sadb_msg_reserved = 0;
3583 	newmsg->sadb_msg_seq = iph2->seq;
3584 	newmsg->sadb_msg_pid = (u_int32_t)getpid();
3585 
3586 	/* send message */
3587 	len = pfkey_send(lcconf->sock_pfkey, newmsg, len);
3588 
3589 	racoon_free(newmsg);
3590 
3591 	return 0;
3592 }
3593 
3594 /*
3595  * check if the algorithm is supported or not.
3596  * OUT	 0: ok
3597  *	-1: ng
3598  */
3599 int
pk_checkalg(class,calg,keylen)3600 pk_checkalg(class, calg, keylen)
3601 	int class, calg, keylen;
3602 {
3603 	int sup, error;
3604 	u_int alg;
3605 	struct sadb_alg alg0;
3606 
3607 	switch (algclass2doi(class)) {
3608 	case IPSECDOI_PROTO_IPSEC_ESP:
3609 		sup = SADB_EXT_SUPPORTED_ENCRYPT;
3610 		break;
3611 	case IPSECDOI_ATTR_AUTH:
3612 		sup = SADB_EXT_SUPPORTED_AUTH;
3613 		break;
3614 	case IPSECDOI_PROTO_IPCOMP:
3615 		plog(LLV_DEBUG, LOCATION, NULL,
3616 			"no check of compression algorithm; "
3617 			"not supported in sadb message.\n");
3618 		return 0;
3619 	default:
3620 		plog(LLV_ERROR, LOCATION, NULL,
3621 			"invalid algorithm class.\n");
3622 		return -1;
3623 	}
3624 	alg = ipsecdoi2pfkey_alg(algclass2doi(class), algtype2doi(class, calg));
3625 	if (alg == ~0)
3626 		return -1;
3627 
3628 	if (keylen == 0) {
3629 		if (ipsec_get_keylen(sup, alg, &alg0)) {
3630 			plog(LLV_ERROR, LOCATION, NULL,
3631 				"%s.\n", ipsec_strerror());
3632 			return -1;
3633 		}
3634 		keylen = alg0.sadb_alg_minbits;
3635 	}
3636 
3637 	error = ipsec_check_keylen(sup, alg, keylen);
3638 	if (error)
3639 		plog(LLV_ERROR, LOCATION, NULL,
3640 			"%s.\n", ipsec_strerror());
3641 
3642 	return error;
3643 }
3644 
3645 /*
3646  * differences with pfkey_recv() in libipsec/pfkey.c:
3647  * - never performs busy wait loop.
3648  * - returns NULL and set *lenp to negative on fatal failures
3649  * - returns NULL and set *lenp to non-negative on non-fatal failures
3650  * - returns non-NULL on success
3651  */
3652 static struct sadb_msg *
pk_recv(so,lenp)3653 pk_recv(so, lenp)
3654 	int so;
3655 	int *lenp;
3656 {
3657 	struct sadb_msg buf, *newmsg;
3658 	int reallen;
3659 	int retry = 0;
3660 
3661 	*lenp = -1;
3662 	do
3663 	{
3664 	    plog(LLV_DEBUG, LOCATION, NULL, "pk_recv: retry[%d] recv() \n", retry );
3665 	    *lenp = recv(so, (caddr_t)&buf, sizeof(buf), MSG_PEEK | MSG_DONTWAIT);
3666 	    retry++;
3667 	}
3668 	while (*lenp < 0 && errno == EAGAIN && retry < 3);
3669 
3670 	if (*lenp < 0)
3671 		return NULL;	/*fatal*/
3672 
3673 	else if (*lenp < sizeof(buf))
3674 		return NULL;
3675 
3676 	reallen = PFKEY_UNUNIT64(buf.sadb_msg_len);
3677 	if (reallen < sizeof(buf)) {
3678 		*lenp = -1;
3679 		errno = EIO;
3680 		return NULL;    /*fatal*/
3681 	}
3682 	if ((newmsg = racoon_calloc(1, reallen)) == NULL)
3683 		return NULL;
3684 
3685 	*lenp = recv(so, (caddr_t)newmsg, reallen, MSG_PEEK);
3686 	if (*lenp < 0) {
3687 		racoon_free(newmsg);
3688 		return NULL;	/*fatal*/
3689 	} else if (*lenp != reallen) {
3690 		racoon_free(newmsg);
3691 		return NULL;
3692 	}
3693 
3694 	*lenp = recv(so, (caddr_t)newmsg, reallen, 0);
3695 	if (*lenp < 0) {
3696 		racoon_free(newmsg);
3697 		return NULL;	/*fatal*/
3698 	} else if (*lenp != reallen) {
3699 		racoon_free(newmsg);
3700 		return NULL;
3701 	}
3702 
3703 	return newmsg;
3704 }
3705 
3706 /* see handler.h */
3707 u_int32_t
pk_getseq()3708 pk_getseq()
3709 {
3710 	return eay_random();
3711 }
3712 
3713 static int
addnewsp(mhp,local,remote)3714 addnewsp(mhp, local, remote)
3715 	caddr_t *mhp;
3716 	struct sockaddr *local, *remote;
3717 {
3718 	struct secpolicy *new = NULL;
3719 	struct sadb_address *saddr, *daddr;
3720 	struct sadb_x_policy *xpl;
3721 	struct sadb_lifetime *lt;
3722 	u_int64_t created;
3723 
3724 	/* sanity check */
3725 	if (mhp[SADB_EXT_ADDRESS_SRC] == NULL
3726 	 || mhp[SADB_EXT_ADDRESS_DST] == NULL
3727 	 || mhp[SADB_X_EXT_POLICY] == NULL) {
3728 		plog(LLV_ERROR, LOCATION, NULL,
3729 			"inappropriate sadb spd management message passed.\n");
3730 		goto bad;
3731 	}
3732 
3733 	saddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_SRC];
3734 	daddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_DST];
3735 	xpl = (struct sadb_x_policy *)mhp[SADB_X_EXT_POLICY];
3736 	lt = (struct sadb_lifetime*)mhp[SADB_EXT_LIFETIME_HARD];
3737 	if(lt != NULL)
3738 		created = lt->sadb_lifetime_addtime;
3739 	else
3740 		created = 0;
3741 	lt = (struct sadb_lifetime*)mhp[SADB_EXT_LIFETIME_HARD];
3742 	if(lt != NULL)
3743 		created = lt->sadb_lifetime_addtime;
3744 	else
3745 		created = 0;
3746 
3747 #ifdef __linux__
3748 	/* bsd skips over per-socket policies because there will be no
3749 	 * src and dst extensions in spddump messages. On Linux the only
3750 	 * way to achieve the same is check for policy id.
3751 	 */
3752 	if (xpl->sadb_x_policy_id % 8 >= 3) return 0;
3753 #endif
3754 
3755 	new = newsp();
3756 	if (new == NULL) {
3757 		plog(LLV_ERROR, LOCATION, NULL,
3758 			"failed to allocate buffer\n");
3759 		goto bad;
3760 	}
3761 
3762 	new->spidx.dir = xpl->sadb_x_policy_dir;
3763 	new->id = xpl->sadb_x_policy_id;
3764 	new->policy = xpl->sadb_x_policy_type;
3765 	new->req = NULL;
3766 
3767 	/* check policy */
3768 	switch (xpl->sadb_x_policy_type) {
3769 	case IPSEC_POLICY_DISCARD:
3770 	case IPSEC_POLICY_NONE:
3771 	case IPSEC_POLICY_ENTRUST:
3772 	case IPSEC_POLICY_BYPASS:
3773 		break;
3774 
3775 	case IPSEC_POLICY_IPSEC:
3776 	    {
3777 		int tlen;
3778 		struct sadb_x_ipsecrequest *xisr;
3779 		struct ipsecrequest **p_isr = &new->req;
3780 
3781 		/* validity check */
3782 		if (PFKEY_EXTLEN(xpl) < sizeof(*xpl)) {
3783 			plog(LLV_ERROR, LOCATION, NULL,
3784 				"invalid msg length.\n");
3785 			goto bad;
3786 		}
3787 
3788 		tlen = PFKEY_EXTLEN(xpl) - sizeof(*xpl);
3789 		xisr = (struct sadb_x_ipsecrequest *)(xpl + 1);
3790 
3791 		while (tlen > 0) {
3792 
3793 			/* length check */
3794 			if (xisr->sadb_x_ipsecrequest_len < sizeof(*xisr)) {
3795 				plog(LLV_ERROR, LOCATION, NULL,
3796 					"invalid msg length.\n");
3797 				goto bad;
3798 			}
3799 
3800 			/* allocate request buffer */
3801 			*p_isr = newipsecreq();
3802 			if (*p_isr == NULL) {
3803 				plog(LLV_ERROR, LOCATION, NULL,
3804 					"failed to get new ipsecreq.\n");
3805 				goto bad;
3806 			}
3807 
3808 			/* set values */
3809 			(*p_isr)->next = NULL;
3810 
3811 			switch (xisr->sadb_x_ipsecrequest_proto) {
3812 			case IPPROTO_ESP:
3813 			case IPPROTO_AH:
3814 			case IPPROTO_IPCOMP:
3815 				break;
3816 			default:
3817 				plog(LLV_ERROR, LOCATION, NULL,
3818 					"invalid proto type: %u\n",
3819 					xisr->sadb_x_ipsecrequest_proto);
3820 				goto bad;
3821 			}
3822 			(*p_isr)->saidx.proto = xisr->sadb_x_ipsecrequest_proto;
3823 
3824 			switch (xisr->sadb_x_ipsecrequest_mode) {
3825 			case IPSEC_MODE_TRANSPORT:
3826 			case IPSEC_MODE_TUNNEL:
3827 				break;
3828 			case IPSEC_MODE_ANY:
3829 			default:
3830 				plog(LLV_ERROR, LOCATION, NULL,
3831 					"invalid mode: %u\n",
3832 					xisr->sadb_x_ipsecrequest_mode);
3833 				goto bad;
3834 			}
3835 			(*p_isr)->saidx.mode = xisr->sadb_x_ipsecrequest_mode;
3836 
3837 			switch (xisr->sadb_x_ipsecrequest_level) {
3838 			case IPSEC_LEVEL_DEFAULT:
3839 			case IPSEC_LEVEL_USE:
3840 			case IPSEC_LEVEL_REQUIRE:
3841 				break;
3842 			case IPSEC_LEVEL_UNIQUE:
3843 				(*p_isr)->saidx.reqid =
3844 					xisr->sadb_x_ipsecrequest_reqid;
3845 				break;
3846 
3847 			default:
3848 				plog(LLV_ERROR, LOCATION, NULL,
3849 					"invalid level: %u\n",
3850 					xisr->sadb_x_ipsecrequest_level);
3851 				goto bad;
3852 			}
3853 			(*p_isr)->level = xisr->sadb_x_ipsecrequest_level;
3854 
3855 			/* set IP addresses if there */
3856 			if (xisr->sadb_x_ipsecrequest_len > sizeof(*xisr)) {
3857 				struct sockaddr *paddr;
3858 
3859 				paddr = (struct sockaddr *)(xisr + 1);
3860 				bcopy(paddr, &(*p_isr)->saidx.src,
3861 					sysdep_sa_len(paddr));
3862 
3863 				paddr = (struct sockaddr *)((caddr_t)paddr
3864 							+ sysdep_sa_len(paddr));
3865 				bcopy(paddr, &(*p_isr)->saidx.dst,
3866 					sysdep_sa_len(paddr));
3867 			}
3868 
3869 			(*p_isr)->sp = new;
3870 
3871 			/* initialization for the next. */
3872 			p_isr = &(*p_isr)->next;
3873 			tlen -= xisr->sadb_x_ipsecrequest_len;
3874 
3875 			/* validity check */
3876 			if (tlen < 0) {
3877 				plog(LLV_ERROR, LOCATION, NULL,
3878 					"becoming tlen < 0\n");
3879 			}
3880 
3881 			xisr = (struct sadb_x_ipsecrequest *)((caddr_t)xisr
3882 			                 + xisr->sadb_x_ipsecrequest_len);
3883 		}
3884 	    }
3885 		break;
3886 	default:
3887 		plog(LLV_ERROR, LOCATION, NULL,
3888 			"invalid policy type.\n");
3889 		goto bad;
3890 	}
3891 
3892 #ifdef HAVE_PFKEY_POLICY_PRIORITY
3893 	KEY_SETSECSPIDX(xpl->sadb_x_policy_dir,
3894 			saddr + 1,
3895 			daddr + 1,
3896 			saddr->sadb_address_prefixlen,
3897 			daddr->sadb_address_prefixlen,
3898 			saddr->sadb_address_proto,
3899 			xpl->sadb_x_policy_priority,
3900 			created,
3901 			&new->spidx);
3902 #else
3903 	KEY_SETSECSPIDX(xpl->sadb_x_policy_dir,
3904 			saddr + 1,
3905 			daddr + 1,
3906 			saddr->sadb_address_prefixlen,
3907 			daddr->sadb_address_prefixlen,
3908 			saddr->sadb_address_proto,
3909 			created,
3910 			&new->spidx);
3911 #endif
3912 
3913 #ifdef HAVE_SECCTX
3914 	if (mhp[SADB_X_EXT_SEC_CTX] != NULL) {
3915 		struct sadb_x_sec_ctx *ctx;
3916 
3917 		ctx = (struct sadb_x_sec_ctx *)mhp[SADB_X_EXT_SEC_CTX];
3918 		new->spidx.sec_ctx.ctx_alg = ctx->sadb_x_ctx_alg;
3919 		new->spidx.sec_ctx.ctx_doi = ctx->sadb_x_ctx_doi;
3920 		new->spidx.sec_ctx.ctx_strlen = ctx->sadb_x_ctx_len;
3921 		memcpy(new->spidx.sec_ctx.ctx_str,ctx + 1,ctx->sadb_x_ctx_len);
3922 	}
3923 #endif /* HAVE_SECCTX */
3924 
3925 	/* Set local and remote hints for that SP, if available */
3926 	if (local && remote) {
3927 		new->local = dupsaddr(local);
3928 		new->remote = dupsaddr(remote);
3929 	}
3930 
3931 	inssp(new);
3932 
3933 	return 0;
3934 bad:
3935 	if (new != NULL) {
3936 		if (new->req != NULL)
3937 			racoon_free(new->req);
3938 		racoon_free(new);
3939 	}
3940 	return -1;
3941 }
3942 
3943 /* proto/mode/src->dst spi */
3944 const char *
sadbsecas2str(src,dst,proto,spi,mode)3945 sadbsecas2str(src, dst, proto, spi, mode)
3946 	struct sockaddr *src, *dst;
3947 	int proto;
3948 	u_int32_t spi;
3949 	int mode;
3950 {
3951 	static char buf[256];
3952 	u_int doi_proto, doi_mode = 0;
3953 	char *p;
3954 	int blen, i;
3955 
3956 	doi_proto = pfkey2ipsecdoi_proto(proto);
3957 	if (doi_proto == ~0)
3958 		return NULL;
3959 	if (mode) {
3960 		doi_mode = pfkey2ipsecdoi_mode(mode);
3961 		if (doi_mode == ~0)
3962 			return NULL;
3963 	}
3964 
3965 	blen = sizeof(buf) - 1;
3966 	p = buf;
3967 
3968 	i = snprintf(p, blen, "%s%s%s ",
3969 		s_ipsecdoi_proto(doi_proto),
3970 		mode ? "/" : "",
3971 		mode ? s_ipsecdoi_encmode(doi_mode) : "");
3972 	if (i < 0 || i >= blen)
3973 		return NULL;
3974 	p += i;
3975 	blen -= i;
3976 
3977 	i = snprintf(p, blen, "%s->", saddr2str(src));
3978 	if (i < 0 || i >= blen)
3979 		return NULL;
3980 	p += i;
3981 	blen -= i;
3982 
3983 	i = snprintf(p, blen, "%s ", saddr2str(dst));
3984 	if (i < 0 || i >= blen)
3985 		return NULL;
3986 	p += i;
3987 	blen -= i;
3988 
3989 	if (spi) {
3990 		snprintf(p, blen, "spi=%lu(0x%lx)", (unsigned long)ntohl(spi),
3991 		    (unsigned long)ntohl(spi));
3992 	}
3993 
3994 	return buf;
3995 }
3996