diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2012-05-15 16:59:00 +0200 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2012-06-11 17:33:32 +0200 |
| commit | fff4b74db26968bac72ade4bd6c702be7b51ec7a (patch) | |
| tree | f101045942fa34c0c93e9b828def87778feacb11 /src/libfreeswan | |
| parent | 4a54860986e34f46183eebe60d7af767de7ddf25 (diff) | |
| download | strongswan-fff4b74db26968bac72ade4bd6c702be7b51ec7a.tar.bz2 strongswan-fff4b74db26968bac72ade4bd6c702be7b51ec7a.tar.xz | |
Bye bye Pluto!
Charon will take over IKEv1 duties from here. This also removes
libfreeswan and whack.
Diffstat (limited to 'src/libfreeswan')
57 files changed, 0 insertions, 12358 deletions
diff --git a/src/libfreeswan/Android.mk b/src/libfreeswan/Android.mk deleted file mode 100644 index a834d4846..000000000 --- a/src/libfreeswan/Android.mk +++ /dev/null @@ -1,38 +0,0 @@ -LOCAL_PATH := $(call my-dir) -include $(CLEAR_VARS) - -# copy-n-paste from Makefile.am -LOCAL_SRC_FILES := \ -addrtoa.c addrtot.c addrtypeof.c anyaddr.c atoaddr.c atoasr.c \ -atosubnet.c atoul.c copyright.c datatot.c freeswan.h \ -goodmask.c initaddr.c initsaid.c initsubnet.c internal.h ipsec_param.h \ -pfkey_v2_build.c pfkey_v2_debug.c \ -pfkey_v2_ext_bits.c pfkey_v2_parse.c portof.c rangetoa.c \ -pfkey.h pfkeyv2.h rangetosubnet.c sameaddr.c \ -satot.c subnetof.c subnettoa.c subnettot.c \ -subnettypeof.c ttoaddr.c ttodata.c ttoprotoport.c ttosa.c ttosubnet.c ttoul.c \ -ultoa.c ultot.c - -# build libfreeswan ------------------------------------------------------------ - -LOCAL_C_INCLUDES += \ - $(libvstr_PATH) \ - $(strongswan_PATH)/src/include \ - $(strongswan_PATH)/src/libstrongswan \ - $(strongswan_PATH)/src/libhydra \ - $(strongswan_PATH)/src/pluto - -LOCAL_CFLAGS := $(strongswan_CFLAGS) - -LOCAL_MODULE := libfreeswan - -LOCAL_MODULE_TAGS := optional - -LOCAL_ARM_MODE := arm - -LOCAL_PRELINK_MODULE := false - -LOCAL_SHARED_LIBRARIES += libstrongswan - -include $(BUILD_SHARED_LIBRARY) - diff --git a/src/libfreeswan/Makefile.am b/src/libfreeswan/Makefile.am deleted file mode 100644 index b38343d34..000000000 --- a/src/libfreeswan/Makefile.am +++ /dev/null @@ -1,22 +0,0 @@ -noinst_LIBRARIES = libfreeswan.a -libfreeswan_a_SOURCES = \ -addrtoa.c addrtot.c addrtypeof.c anyaddr.c atoaddr.c atoasr.c \ -atosubnet.c atoul.c copyright.c datatot.c freeswan.h \ -goodmask.c initaddr.c initsaid.c initsubnet.c internal.h ipsec_param.h \ -pfkey_v2_build.c pfkey_v2_debug.c \ -pfkey_v2_ext_bits.c pfkey_v2_parse.c portof.c rangetoa.c \ -pfkey.h pfkeyv2.h rangetosubnet.c sameaddr.c \ -satot.c subnetof.c subnettoa.c subnettot.c \ -subnettypeof.c ttoaddr.c ttodata.c ttoprotoport.c ttosa.c ttosubnet.c ttoul.c \ -ultoa.c ultot.c - -INCLUDES = \ --I$(top_srcdir)/src/libstrongswan \ --I$(top_srcdir)/src/libhydra \ --I$(top_srcdir)/src/pluto - -dist_man3_MANS = anyaddr.3 atoaddr.3 atoasr.3 atoul.3 goodmask.3 initaddr.3 initsubnet.3 \ - portof.3 rangetosubnet.3 sameaddr.3 subnetof.3 \ - ttoaddr.3 ttodata.3 ttosa.3 ttoul.3 - -EXTRA_DIST = Android.mk diff --git a/src/libfreeswan/addrtoa.c b/src/libfreeswan/addrtoa.c deleted file mode 100644 index e1c71da3c..000000000 --- a/src/libfreeswan/addrtoa.c +++ /dev/null @@ -1,66 +0,0 @@ -/* - * addresses to ASCII - * Copyright (C) 1998, 1999 Henry Spencer. - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - */ -#include "internal.h" -#include "freeswan.h" - -#define NBYTES 4 /* bytes in an address */ -#define PERBYTE 4 /* three digits plus a dot or NUL */ -#define BUFLEN (NBYTES*PERBYTE) - -#if BUFLEN != ADDRTOA_BUF -#error "ADDRTOA_BUF in freeswan.h inconsistent with addrtoa() code" -#endif - -/* - - addrtoa - convert binary address to ASCII dotted decimal - */ -size_t /* space needed for full conversion */ -addrtoa(addr, format, dst, dstlen) -struct in_addr addr; -int format; /* character */ -char *dst; /* need not be valid if dstlen is 0 */ -size_t dstlen; -{ - unsigned long a = ntohl(addr.s_addr); - int i; - size_t n; - unsigned long byte; - char buf[BUFLEN]; - char *p; - - switch (format) { - case 0: - break; - default: - return 0; - break; - } - - p = buf; - for (i = NBYTES-1; i >= 0; i--) { - byte = (a >> (i*8)) & 0xff; - p += ultoa(byte, 10, p, PERBYTE); - if (i != 0) - *(p-1) = '.'; - } - n = p - buf; - - if (dstlen > 0) { - if (n > dstlen) - buf[dstlen - 1] = '\0'; - strcpy(dst, buf); - } - return n; -} diff --git a/src/libfreeswan/addrtot.c b/src/libfreeswan/addrtot.c deleted file mode 100644 index d1a338730..000000000 --- a/src/libfreeswan/addrtot.c +++ /dev/null @@ -1,302 +0,0 @@ -/* - * addresses to text - * Copyright (C) 2000 Henry Spencer. - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - */ -#include <sys/socket.h> - -#include "internal.h" -#include "freeswan.h" - -#define IP4BYTES 4 /* bytes in an IPv4 address */ -#define PERBYTE 4 /* three digits plus a dot or NUL */ -#define IP6BYTES 16 /* bytes in an IPv6 address */ - -/* forwards */ -static size_t normal4(const unsigned char *s, size_t len, char *b, char **dp); -static size_t normal6(const unsigned char *s, size_t len, char *b, char **dp, int squish); -static size_t reverse4(const unsigned char *s, size_t len, char *b, char **dp); -static size_t reverse6(const unsigned char *s, size_t len, char *b, char **dp); - -/* - - addrtot - convert binary address to text (dotted decimal or IPv6 string) - */ -size_t /* space needed for full conversion */ -addrtot(src, format, dst, dstlen) -const ip_address *src; -int format; /* character */ -char *dst; /* need not be valid if dstlen is 0 */ -size_t dstlen; -{ - const unsigned char *b; - size_t n; - char buf[1+ADDRTOT_BUF+1]; /* :address: */ - char *p; - int t = addrtypeof(src); -# define TF(t, f) (((t)<<8) | (f)) - - n = addrbytesptr(src, &b); - if (n == 0) - return 0; - - switch (TF(t, format)) { - case TF(AF_INET, 0): - n = normal4(b, n, buf, &p); - break; - case TF(AF_INET6, 0): - n = normal6(b, n, buf, &p, 1); - break; - case TF(AF_INET, 'Q'): - n = normal4(b, n, buf, &p); - break; - case TF(AF_INET6, 'Q'): - n = normal6(b, n, buf, &p, 0); - break; - case TF(AF_INET, 'r'): - n = reverse4(b, n, buf, &p); - break; - case TF(AF_INET6, 'r'): - n = reverse6(b, n, buf, &p); - break; - default: /* including (AF_INET, 'R') */ - return 0; - break; - } - - if (dstlen > 0) { - if (dstlen < n) - p[dstlen - 1] = '\0'; - strcpy(dst, p); - } - return n; -} - -/* - - normal4 - normal IPv4 address-text conversion - */ -static size_t /* size of text, including NUL */ -normal4(srcp, srclen, buf, dstp) -const unsigned char *srcp; -size_t srclen; -char *buf; /* guaranteed large enough */ -char **dstp; /* where to put result pointer */ -{ - int i; - char *p; - - if (srclen != IP4BYTES) /* "can't happen" */ - return 0; - p = buf; - for (i = 0; i < IP4BYTES; i++) { - p += ultot(srcp[i], 10, p, PERBYTE); - if (i != IP4BYTES - 1) - *(p-1) = '.'; /* overwrites the NUL */ - } - *dstp = buf; - return p - buf; -} - -/* - - normal6 - normal IPv6 address-text conversion - */ -static size_t /* size of text, including NUL */ -normal6(srcp, srclen, buf, dstp, squish) -const unsigned char *srcp; -size_t srclen; -char *buf; /* guaranteed large enough, plus 2 */ -char **dstp; /* where to put result pointer */ -int squish; /* whether to squish out 0:0 */ -{ - int i; - unsigned long piece; - char *p; - char *q; - - if (srclen != IP6BYTES) /* "can't happen" */ - return 0; - p = buf; - *p++ = ':'; - for (i = 0; i < IP6BYTES/2; i++) { - piece = (srcp[2*i] << 8) + srcp[2*i + 1]; - p += ultot(piece, 16, p, 5); /* 5 = abcd + NUL */ - *(p-1) = ':'; /* overwrites the NUL */ - } - *p = '\0'; - q = strstr(buf, ":0:0:"); - if (squish && q != NULL) { /* zero squishing is possible */ - p = q + 1; - while (*p == '0' && *(p+1) == ':') - p += 2; - q++; - *q++ = ':'; /* overwrite first 0 */ - while (*p != '\0') - *q++ = *p++; - *q = '\0'; - if (!(*(q-1) == ':' && *(q-2) == ':')) - *--q = '\0'; /* strip final : unless :: */ - p = buf; - if (!(*p == ':' && *(p+1) == ':')) - p++; /* skip initial : unless :: */ - } else { - q = p; - *--q = '\0'; /* strip final : */ - p = buf + 1; /* skip initial : */ - } - *dstp = p; - return q - p + 1; -} - -/* - - reverse4 - IPv4 reverse-lookup conversion - */ -static size_t /* size of text, including NUL */ -reverse4(srcp, srclen, buf, dstp) -const unsigned char *srcp; -size_t srclen; -char *buf; /* guaranteed large enough */ -char **dstp; /* where to put result pointer */ -{ - int i; - char *p; - - if (srclen != IP4BYTES) /* "can't happen" */ - return 0; - p = buf; - for (i = IP4BYTES-1; i >= 0; i--) { - p += ultot(srcp[i], 10, p, PERBYTE); - *(p-1) = '.'; /* overwrites the NUL */ - } - strcpy(p, "IN-ADDR.ARPA."); - *dstp = buf; - return strlen(buf) + 1; -} - -/* - - reverse6 - IPv6 reverse-lookup conversion (RFC 1886) - * A trifle inefficient, really shouldn't use ultot... - */ -static size_t /* size of text, including NUL */ -reverse6(srcp, srclen, buf, dstp) -const unsigned char *srcp; -size_t srclen; -char *buf; /* guaranteed large enough */ -char **dstp; /* where to put result pointer */ -{ - int i; - unsigned long piece; - char *p; - - if (srclen != IP6BYTES) /* "can't happen" */ - return 0; - p = buf; - for (i = IP6BYTES-1; i >= 0; i--) { - piece = srcp[i]; - p += ultot(piece&0xf, 16, p, 2); - *(p-1) = '.'; - p += ultot(piece>>4, 16, p, 2); - *(p-1) = '.'; - } - strcpy(p, "IP6.ARPA."); - *dstp = buf; - return strlen(buf) + 1; -} - -/* - - reverse6 - modern IPv6 reverse-lookup conversion (RFC 2874) - * this version removed as it was obsoleted in the end. - */ - -#ifdef ADDRTOT_MAIN - -#include <stdio.h> -#include <sys/socket.h> -#include <netinet/in.h> -#include <arpa/inet.h> - -void regress(void); - -int -main(int argc, char *argv[]) -{ - if (argc < 2) { - fprintf(stderr, "Usage: %s {addr|net/mask|begin...end|-r}\n", - argv[0]); - exit(2); - } - - if (strcmp(argv[1], "-r") == 0) { - regress(); - fprintf(stderr, "regress() returned?!?\n"); - exit(1); - } - exit(0); -} - -struct rtab { - char *input; - char format; - char *output; /* NULL means error expected */ -} rtab[] = { - {"1.2.3.0", 0, "1.2.3.0"}, - {"1:2::3:4", 0, "1:2::3:4"}, - {"1:2::3:4", 'Q', "1:2:0:0:0:0:3:4"}, - {"1:2:0:0:3:4:0:0", 0, "1:2::3:4:0:0"}, - {"1.2.3.4", 'r' , "4.3.2.1.IN-ADDR.ARPA."}, - /* 0 1 2 3 4 5 6 7 8 9 a b c d e f 0 1 2 3 4 5 6 7 8 9 a b c d e f */ - {"1:2::3:4", 'r', "4.0.0.0.3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.0.1.0.0.0.IP6.ARPA."}, - {NULL, 0, NULL} -}; - -void -regress() -{ - struct rtab *r; - int status = 0; - ip_address a; - char in[100]; - char buf[100]; - const char *oops; - size_t n; - - for (r = rtab; r->input != NULL; r++) { - strcpy(in, r->input); - - /* convert it *to* internal format */ - oops = ttoaddr(in, strlen(in), 0, &a); - - /* now convert it back */ - - n = addrtot(&a, r->format, buf, sizeof(buf)); - - if (n == 0 && r->output == NULL) - {} /* okay, error expected */ - - else if (n == 0) { - printf("`%s' atoasr failed\n", r->input); - status = 1; - - } else if (r->output == NULL) { - printf("`%s' atoasr succeeded unexpectedly '%c'\n", - r->input, r->format); - status = 1; - } else { - if (strcasecmp(r->output, buf) != 0) { - printf("`%s' '%c' gave `%s', expected `%s'\n", - r->input, r->format, buf, r->output); - status = 1; - } - } - } - exit(status); -} - -#endif /* ADDRTOT_MAIN */ diff --git a/src/libfreeswan/addrtypeof.c b/src/libfreeswan/addrtypeof.c deleted file mode 100644 index ee3cc998f..000000000 --- a/src/libfreeswan/addrtypeof.c +++ /dev/null @@ -1,94 +0,0 @@ -/* - * extract parts of an ip_address - * Copyright (C) 2000 Henry Spencer. - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - */ -#include <sys/socket.h> - -#include "internal.h" -#include "freeswan.h" - -/* - - addrtypeof - get the type of an ip_address - */ -int -addrtypeof(src) -const ip_address *src; -{ - return src->u.v4.sin_family; -} - -/* - - addrbytesptr - get pointer to the address bytes of an ip_address - */ -size_t /* 0 for error */ -addrbytesptr(src, dstp) -const ip_address *src; -const unsigned char **dstp; /* NULL means just a size query */ -{ - const unsigned char *p; - size_t n; - - switch (src->u.v4.sin_family) { - case AF_INET: - p = (const unsigned char *)&src->u.v4.sin_addr.s_addr; - n = 4; - break; - case AF_INET6: - p = (const unsigned char *)&src->u.v6.sin6_addr; - n = 16; - break; - default: - return 0; - break; - } - - if (dstp != NULL) - *dstp = p; - return n; -} - -/* - - addrlenof - get length of the address bytes of an ip_address - */ -size_t /* 0 for error */ -addrlenof(src) -const ip_address *src; -{ - return addrbytesptr(src, NULL); -} - -/* - - addrbytesof - get the address bytes of an ip_address - */ -size_t /* 0 for error */ -addrbytesof(src, dst, dstlen) -const ip_address *src; -unsigned char *dst; -size_t dstlen; -{ - const unsigned char *p; - size_t n; - size_t ncopy; - - n = addrbytesptr(src, &p); - if (n == 0) - return 0; - - if (dstlen > 0) { - ncopy = n; - if (ncopy > dstlen) - ncopy = dstlen; - memcpy(dst, p, ncopy); - } - return n; -} diff --git a/src/libfreeswan/anyaddr.3 b/src/libfreeswan/anyaddr.3 deleted file mode 100644 index 58789cf6c..000000000 --- a/src/libfreeswan/anyaddr.3 +++ /dev/null @@ -1,86 +0,0 @@ -.TH IPSEC_ANYADDR 3 "8 Sept 2000" -.SH NAME -ipsec anyaddr \- get "any" address -.br -ipsec isanyaddr \- test address for equality to "any" address -.br -ipsec unspecaddr \- get "unspecified" address -.br -ipsec isunspecaddr \- test address for equality to "unspecified" address -.br -ipsec loopbackaddr \- get loopback address -.br -ipsec isloopbackaddr \- test address for equality to loopback address -.SH SYNOPSIS -.B "#include <freeswan.h> -.sp -.B "const char *anyaddr(int af, ip_address *dst);" -.br -.B "int isanyaddr(const ip_address *src);" -.br -.B "const char *unspecaddr(int af, ip_address *dst);" -.br -.B "int isunspecaddr(const ip_address *src);" -.br -.B "const char *loopbackaddr(int af, ip_address *dst);" -.br -.B "int isloopbackaddr(const ip_address *src);" -.SH DESCRIPTION -These functions fill in, and test for, special values of the -.I ip_address -type. -.PP -.I Anyaddr -fills in the destination -.I *dst -with the ``any'' address of address family -.IR af -(normally -.B AF_INET -or -.BR AF_INET6 ). -The IPv4 ``any'' address is the one embodied in the old -.B INADDR_ANY -macro. -.PP -.I Isanyaddr -returns -.B 1 -if the -.I src -address equals the ``any'' address, -and -.B 0 -otherwise. -.PP -Similarly, -.I unspecaddr -supplies, and -.I isunspecaddr -tests for, -the ``unspecified'' address, -which may be the same as the ``any'' address. -.PP -Similarly, -.I loopbackaddr -supplies, and -.I islookbackaddr -tests for, -the loopback address. -.PP -.IR Anyaddr , -.IR unspecaddr , -and -.I loopbackaddr -return -.B NULL -for success and -a pointer to a string-literal error message for failure; -see DIAGNOSTICS. -.SH SEE ALSO -inet(3), ipsec_addrtot(3), ipsec_sameaddr(3) -.SH DIAGNOSTICS -Fatal errors in the address-supplying functions are: -unknown address family. -.SH HISTORY -Written for the FreeS/WAN project by Henry Spencer. diff --git a/src/libfreeswan/anyaddr.c b/src/libfreeswan/anyaddr.c deleted file mode 100644 index 5b7691b7b..000000000 --- a/src/libfreeswan/anyaddr.c +++ /dev/null @@ -1,147 +0,0 @@ -/* - * special addresses - * Copyright (C) 2000 Henry Spencer. - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - */ -#include <sys/socket.h> - -#include "internal.h" -#include "freeswan.h" - -/* OpenSolaris defines strange versions of these macros */ -#ifdef __sun -#undef IN6ADDR_ANY_INIT -#define IN6ADDR_ANY_INIT {{{ 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 }}} - -#undef IN6ADDR_LOOPBACK_INIT -#define IN6ADDR_LOOPBACK_INIT {{{ 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1 }}} -#endif - -static struct in6_addr v6any = IN6ADDR_ANY_INIT; -static struct in6_addr v6loop = IN6ADDR_LOOPBACK_INIT; - -/* - - anyaddr - initialize to the any-address value - */ -err_t /* NULL for success, else string literal */ -anyaddr(af, dst) -int af; /* address family */ -ip_address *dst; -{ - uint32_t v4any = htonl(INADDR_ANY); - - switch (af) { - case AF_INET: - return initaddr((unsigned char *)&v4any, sizeof(v4any), af, dst); - break; - case AF_INET6: - return initaddr((unsigned char *)&v6any, sizeof(v6any), af, dst); - break; - default: - return "unknown address family in anyaddr/unspecaddr"; - break; - } -} - -/* - - unspecaddr - initialize to the unspecified-address value - */ -err_t /* NULL for success, else string literal */ -unspecaddr(af, dst) -int af; /* address family */ -ip_address *dst; -{ - return anyaddr(af, dst); -} - -/* - - loopbackaddr - initialize to the loopback-address value - */ -err_t /* NULL for success, else string literal */ -loopbackaddr(af, dst) -int af; /* address family */ -ip_address *dst; -{ - uint32_t v4loop = htonl(INADDR_LOOPBACK); - - switch (af) { - case AF_INET: - return initaddr((unsigned char *)&v4loop, sizeof(v4loop), af, dst); - break; - case AF_INET6: - return initaddr((unsigned char *)&v6loop, sizeof(v6loop), af, dst); - break; - default: - return "unknown address family in loopbackaddr"; - break; - } -} - -/* - - isanyaddr - test for the any-address value - */ -int -isanyaddr(src) -const ip_address *src; -{ - uint32_t v4any = htonl(INADDR_ANY); - int cmp; - - switch (src->u.v4.sin_family) { - case AF_INET: - cmp = memcmp(&src->u.v4.sin_addr.s_addr, &v4any, sizeof(v4any)); - break; - case AF_INET6: - cmp = memcmp(&src->u.v6.sin6_addr, &v6any, sizeof(v6any)); - break; - default: - return 0; - break; - } - - return (cmp == 0) ? 1 : 0; -} - -/* - - isunspecaddr - test for the unspecified-address value - */ -int -isunspecaddr(src) -const ip_address *src; -{ - return isanyaddr(src); -} - -/* - - isloopbackaddr - test for the loopback-address value - */ -int -isloopbackaddr(src) -const ip_address *src; -{ - uint32_t v4loop = htonl(INADDR_LOOPBACK); - int cmp; - - switch (src->u.v4.sin_family) { - case AF_INET: - cmp = memcmp(&src->u.v4.sin_addr.s_addr, &v4loop, sizeof(v4loop)); - break; - case AF_INET6: - cmp = memcmp(&src->u.v6.sin6_addr, &v6loop, sizeof(v6loop)); - break; - default: - return 0; - break; - } - - return (cmp == 0) ? 1 : 0; -} diff --git a/src/libfreeswan/atoaddr.3 b/src/libfreeswan/atoaddr.3 deleted file mode 100644 index 10da2691c..000000000 --- a/src/libfreeswan/atoaddr.3 +++ /dev/null @@ -1,291 +0,0 @@ -.TH IPSEC_ATOADDR 3 "11 June 2001" -.SH NAME -ipsec atoaddr, addrtoa \- convert Internet addresses to and from ASCII -.br -ipsec atosubnet, subnettoa \- convert subnet/mask ASCII form to and from addresses -.SH SYNOPSIS -.B "#include <freeswan.h> -.sp -.B "const char *atoaddr(const char *src, size_t srclen," -.ti +1c -.B "struct in_addr *addr);" -.br -.B "size_t addrtoa(struct in_addr addr, int format," -.ti +1c -.B "char *dst, size_t dstlen);" -.sp -.B "const char *atosubnet(const char *src, size_t srclen," -.ti +1c -.B "struct in_addr *addr, struct in_addr *mask);" -.br -.B "size_t subnettoa(struct in_addr addr, struct in_addr mask," -.ti +1c -.B "int format, char *dst, size_t dstlen);" -.SH DESCRIPTION -These functions are obsolete; see -.IR ipsec_ttoaddr (3) -for their replacements. -.PP -.I Atoaddr -converts an ASCII name or dotted-decimal address into a binary address -(in network byte order). -.I Addrtoa -does the reverse conversion, back to an ASCII dotted-decimal address. -.I Atosubnet -and -.I subnettoa -do likewise for the ``address/mask'' ASCII form used to write a -specification of a subnet. -.PP -An address is specified in ASCII as a -dotted-decimal address (e.g. -.BR 1.2.3.4 ), -an eight-digit network-order hexadecimal number with the usual C prefix (e.g. -.BR 0x01020304 , -which is synonymous with -.BR 1.2.3.4 ), -an eight-digit host-order hexadecimal number with a -.B 0h -prefix (e.g. -.BR 0h01020304 , -which is synonymous with -.B 1.2.3.4 -on a big-endian host and -.B 4.3.2.1 -on a little-endian host), -a DNS name to be looked up via -.IR getaddrinfo (3), -or an old-style network name to be looked up via -.IR getnetbyname (3). -.PP -A dotted-decimal address may be incomplete, in which case -ASCII-to-binary conversion implicitly appends -as many instances of -.B .0 -as necessary to bring it up to four components. -The components of a dotted-decimal address are always taken as -decimal, and leading zeros are ignored. -For example, -.B 10 -is synonymous with -.BR 10.0.0.0 , -and -.B 128.009.000.032 -is synonymous with -.BR 128.9.0.32 -(the latter example is verbatim from RFC 1166). -The result of -.I addrtoa -is always complete and does not contain leading zeros. -.PP -The letters in -a hexadecimal address may be uppercase or lowercase or any mixture thereof. -Use of hexadecimal addresses is -.B strongly -.BR discouraged ; -they are included only to save hassles when dealing with -the handful of perverted programs which already print -network addresses in hexadecimal. -.PP -DNS names may be complete (optionally terminated with a ``.'') -or incomplete, and are looked up as specified by local system configuration -(see -.IR resolver (5)). -The first value returned by -.IR getaddrinfo (3) -is used, -so with current DNS implementations, -the result when the name corresponds to more than one address is -difficult to predict. -Name lookup resorts to -.IR getnetbyname (3) -only if -.IR getaddrinfo (3) -fails. -.PP -A subnet specification is of the form \fInetwork\fB/\fImask\fR. -The -.I network -and -.I mask -can be any form acceptable to -.IR atoaddr . -In addition, the -.I mask -can be a decimal integer (leading zeros ignored) giving a bit count, -in which case -it stands for a mask with that number of high bits on and all others off -(e.g., -.B 24 -means -.BR 255.255.255.0 ). -In any case, the mask must be contiguous -(a sequence of high bits on and all remaining low bits off). -As a special case, the subnet specification -.B %default -is a synonym for -.BR 0.0.0.0/0 . -.PP -.I Atosubnet -ANDs the mask with the address before returning, -so that any non-network bits in the address are turned off -(e.g., -.B 10.1.2.3/24 -is synonymous with -.BR 10.1.2.0/24 ). -.I Subnettoa -generates the decimal-integer-bit-count -form of the mask, -with no leading zeros, -unless the mask is non-contiguous. -.PP -The -.I srclen -parameter of -.I atoaddr -and -.I atosubnet -specifies the length of the ASCII string pointed to by -.IR src ; -it is an error for there to be anything else -(e.g., a terminating NUL) within that length. -As a convenience for cases where an entire NUL-terminated string is -to be converted, -a -.I srclen -value of -.B 0 -is taken to mean -.BR strlen(src) . -.PP -The -.I dstlen -parameter of -.I addrtoa -and -.I subnettoa -specifies the size of the -.I dst -parameter; -under no circumstances are more than -.I dstlen -bytes written to -.IR dst . -A result which will not fit is truncated. -.I Dstlen -can be zero, in which case -.I dst -need not be valid and no result is written, -but the return value is unaffected; -in all other cases, the (possibly truncated) result is NUL-terminated. -The -.I freeswan.h -header file defines constants, -.B ADDRTOA_BUF -and -.BR SUBNETTOA_BUF , -which are the sizes of buffers just large enough for worst-case results. -.PP -The -.I format -parameter of -.I addrtoa -and -.I subnettoa -specifies what format is to be used for the conversion. -The value -.B 0 -(not the ASCII character -.BR '0' , -but a zero value) -specifies a reasonable default, -and is in fact the only format currently available. -This parameter is a hedge against future needs. -.PP -The ASCII-to-binary functions return NULL for success and -a pointer to a string-literal error message for failure; -see DIAGNOSTICS. -The binary-to-ASCII functions return -.B 0 -for a failure, and otherwise -always return the size of buffer which would -be needed to -accommodate the full conversion result, including terminating NUL; -it is the caller's responsibility to check this against the size of -the provided buffer to determine whether truncation has occurred. -.SH SEE ALSO -inet(3) -.SH DIAGNOSTICS -Fatal errors in -.I atoaddr -are: -empty input; -attempt to allocate temporary storage for a very long name failed; -name lookup failed; -syntax error in dotted-decimal form; -dotted-decimal component too large to fit in 8 bits. -.PP -Fatal errors in -.I atosubnet -are: -no -.B / -in -.IR src ; -.I atoaddr -error in conversion of -.I network -or -.IR mask ; -bit-count mask too big; -mask non-contiguous. -.PP -Fatal errors in -.I addrtoa -and -.I subnettoa -are: -unknown format. -.SH HISTORY -Written for the FreeS/WAN project by Henry Spencer. -.SH BUGS -The interpretation of incomplete dotted-decimal addresses -(e.g. -.B 10/24 -means -.BR 10.0.0.0/24 ) -differs from that of some older conversion -functions, e.g. those of -.IR inet (3). -The behavior of the older functions has never been -particularly consistent or particularly useful. -.PP -Ignoring leading zeros in dotted-decimal components and bit counts -is arguably the most useful behavior in this application, -but it might occasionally cause confusion with the historical use of leading -zeros to denote octal numbers. -.PP -It is barely possible that somebody, somewhere, -might have a legitimate use for non-contiguous subnet masks. -.PP -.IR Getnetbyname (3) -is a historical dreg. -.PP -The restriction of ASCII-to-binary error reports to literal strings -(so that callers don't need to worry about freeing them or copying them) -does limit the precision of error reporting. -.PP -The ASCII-to-binary error-reporting convention lends itself -to slightly obscure code, -because many readers will not think of NULL as signifying success. -A good way to make it clearer is to write something like: -.PP -.RS -.nf -.B "const char *error;" -.sp -.B "error = atoaddr( /* ... */ );" -.B "if (error != NULL) {" -.B " /* something went wrong */" -.fi -.RE diff --git a/src/libfreeswan/atoaddr.c b/src/libfreeswan/atoaddr.c deleted file mode 100644 index a3643801e..000000000 --- a/src/libfreeswan/atoaddr.c +++ /dev/null @@ -1,261 +0,0 @@ -/* - * conversion from ASCII forms of addresses to internal ones - * Copyright (C) 1998, 1999 Henry Spencer. - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - */ -#include <sys/socket.h> - -#include "internal.h" -#include "freeswan.h" - -/* - * Define NOLEADINGZEROS to interpret 032 as an error, not as 32. There - * is deliberately no way to interpret it as 26 (i.e., as octal). - */ - -/* - * Legal characters in a domain name. Underscore technically is not, - * but is a common misunderstanding. - */ -static const char namechars[] = "abcdefghijklmnopqrstuvwxyz0123456789" - "ABCDEFGHIJKLMNOPQRSTUVWXYZ-_."; - -static const char *try8hex(const char *, size_t, struct in_addr *); -static const char *try8hosthex(const char *, size_t, struct in_addr *); -static const char *trydotted(const char *, size_t, struct in_addr *); -static const char *getbyte(const char **, const char *, int *); - -/* - - atoaddr - convert ASCII name or dotted-decimal address to binary address - */ -const char * /* NULL for success, else string literal */ -atoaddr(src, srclen, addrp) -const char *src; -size_t srclen; /* 0 means "apply strlen" */ -struct in_addr *addrp; -{ - struct addrinfo hints, *res; - struct netent *ne = NULL; - const char *oops, *msg = NULL; -# define HEXLEN 10 /* strlen("0x11223344") */ -# ifndef ATOADDRBUF -# define ATOADDRBUF 100 -# endif - char namebuf[ATOADDRBUF]; - char *p = namebuf; - char *q; - int error; - - if (srclen == 0) - srclen = strlen(src); - if (srclen == 0) - return "empty string"; - - /* might it be hex? */ - if (srclen == HEXLEN && *src == '0' && CIEQ(*(src+1), 'x')) - return try8hex(src+2, srclen-2, addrp); - if (srclen == HEXLEN && *src == '0' && CIEQ(*(src+1), 'h')) - return try8hosthex(src+2, srclen-2, addrp); - - /* try it as dotted decimal */ - oops = trydotted(src, srclen, addrp); - if (oops == NULL) - return NULL; /* it worked */ - if (*oops != '?') - return oops; /* it *was* probably meant as a d.q. */ - - /* try it as a name -- first, NUL-terminate it */ - if (srclen > sizeof(namebuf)-1) { - p = (char *) MALLOC(srclen+1); - if (p == NULL) - return "unable to allocate temporary space for name"; - } - p[0] = '\0'; - strncat(p, src, srclen); - - /* next, check that it's a vaguely legal name */ - for (q = p; *q != '\0'; q++) - { - if (!isprint(*q)) - { - msg = "unprintable character in name"; - goto error; - } - } - if (strspn(p, namechars) != srclen) - { - msg = "illegal (non-DNS-name) character in name"; - goto error; - } - - /* try as host name, failing that as /etc/networks network name */ - memset(&hints, 0, sizeof(hints)); - hints.ai_family = AF_INET; - error = getaddrinfo(p, NULL, &hints, &res); - if (error != 0) - { - ne = getnetbyname(p); - if (ne == NULL) - { - msg = "name lookup failed"; - goto error; - } - addrp->s_addr = htonl(ne->n_net); - } - else - { - struct sockaddr_in *in = (struct sockaddr_in*)res->ai_addr; - memcpy(&addrp->s_addr, &in->sin_addr.s_addr, sizeof(addrp->s_addr)); - freeaddrinfo(res); - } - -error: - if (p != namebuf) - { - FREE(p); - } - - return msg; -} - -/* - - try8hosthex - try conversion as an eight-digit host-order hex number - */ -const char * /* NULL for success, else string literal */ -try8hosthex(src, srclen, addrp) -const char *src; -size_t srclen; /* should be 8 */ -struct in_addr *addrp; -{ - const char *oops; - unsigned long addr; - - if (srclen != 8) - return "internal error, try8hex called with bad length"; - - oops = atoul(src, srclen, 16, &addr); - if (oops != NULL) - return oops; - - addrp->s_addr = addr; - return NULL; -} - -/* - - try8hex - try conversion as an eight-digit network-order hex number - */ -const char * /* NULL for success, else string literal */ -try8hex(src, srclen, addrp) -const char *src; -size_t srclen; /* should be 8 */ -struct in_addr *addrp; -{ - const char *oops; - - oops = try8hosthex(src, srclen, addrp); - if (oops != NULL) - return oops; - - addrp->s_addr = htonl(addrp->s_addr); - return NULL; -} - -/* - - trydotted - try conversion as dotted decimal - * - * If the first char of a complaint is '?', that means "didn't look like - * dotted decimal at all". - */ -const char * /* NULL for success, else string literal */ -trydotted(src, srclen, addrp) -const char *src; -size_t srclen; -struct in_addr *addrp; -{ - const char *stop = src + srclen; /* just past end */ - int byte; - const char *oops; - unsigned long addr; - int i; -# define NBYTES 4 -# define BYTE 8 - - addr = 0; - for (i = 0; i < NBYTES && src < stop; i++) { - oops = getbyte(&src, stop, &byte); - if (oops != NULL) { - if (*oops != '?') - return oops; /* bad number */ - if (i > 1) - return oops+1; /* failed number */ - return oops; /* with leading '?' */ - } - addr = (addr << BYTE) | byte; - if (i < 3 && src < stop && *src++ != '.') { - if (i == 0) - return "?syntax error in dotted-decimal address"; - else - return "syntax error in dotted-decimal address"; - } - } - addr <<= (NBYTES - i) * BYTE; - if (src != stop) - return "extra garbage on end of dotted-decimal address"; - - addrp->s_addr = htonl(addr); - return NULL; -} - -/* - - getbyte - try to scan a byte in dotted decimal - * A subtlety here is that all this arithmetic on ASCII digits really is - * highly portable -- ANSI C guarantees that digits 0-9 are contiguous. - * It's easier to just do it ourselves than set up for a call to atoul(). - * - * If the first char of a complaint is '?', that means "didn't look like a - * number at all". - */ -const char * /* NULL for success, else string literal */ -getbyte(srcp, stop, retp) -const char **srcp; /* *srcp is updated */ -const char *stop; /* first untouchable char */ -int *retp; /* return-value pointer */ -{ - char c; - const char *p; - int no; - - if (*srcp >= stop) - return "?empty number in dotted-decimal address"; - - if (stop - *srcp >= 3 && **srcp == '0' && CIEQ(*(*srcp+1), 'x')) - return "hex numbers not supported in dotted-decimal addresses"; -#ifdef NOLEADINGZEROS - if (stop - *srcp >= 2 && **srcp == '0' && isdigit(*(*srcp+1))) - return "octal numbers not supported in dotted-decimal addresses"; -#endif /* NOLEADINGZEROS */ - - /* must be decimal, if it's numeric at all */ - no = 0; - p = *srcp; - while (p < stop && no <= 255 && (c = *p) >= '0' && c <= '9') { - no = no*10 + (c - '0'); - p++; - } - if (p == *srcp) - return "?non-numeric component in dotted-decimal address"; - *srcp = p; - if (no > 255) - return "byte overflow in dotted-decimal address"; - *retp = no; - return NULL; -} diff --git a/src/libfreeswan/atoasr.3 b/src/libfreeswan/atoasr.3 deleted file mode 100644 index 0b9a5fea3..000000000 --- a/src/libfreeswan/atoasr.3 +++ /dev/null @@ -1,185 +0,0 @@ -.TH IPSEC_ATOASR 3 "11 June 2001" -.SH NAME -ipsec atoasr \- convert ASCII to Internet address, subnet, or range -.br -ipsec rangetoa \- convert Internet address range to ASCII -.SH SYNOPSIS -.B "#include <freeswan.h> -.sp -.B "const char *atoasr(const char *src, size_t srclen," -.ti +1c -.B "char *type, struct in_addr *addrs);" -.br -.B "size_t rangetoa(struct in_addr *addrs, int format, -.ti +1c -.B "char *dst, size_t dstlen);" -.SH DESCRIPTION -These functions are obsolete; -there is no current equivalent, -because so far they have not proved useful. -.PP -.I Atoasr -converts an ASCII address, subnet, or address range -into a suitable combination of binary addresses -(in network byte order). -.I Rangetoa -converts an address range back into ASCII, -using dotted-decimal form for the addresses -(the other reverse conversions are handled by -.IR ipsec_addrtoa (3) -and -.IR ipsec_subnettoa (3)). -.PP -A single address can be any form acceptable to -.IR ipsec_atoaddr (3): -dotted decimal, DNS name, or hexadecimal number. -A subnet -specification uses the form \fInetwork\fB/\fImask\fR -interpreted by -.IR ipsec_atosubnet (3). -.PP -An address range is two -.IR ipsec_atoaddr (3) -addresses separated by a -.B ... -delimiter. -If there are four dots rather than three, the first is taken as -part of the begin address, -e.g. for a complete DNS name which ends with -.B . -to suppress completion attempts. -The begin address of a range must be -less than or equal to the end address. -.PP -The -.I srclen -parameter of -.I atoasr -specifies the length of the ASCII string pointed to by -.IR src ; -it is an error for there to be anything else -(e.g., a terminating NUL) within that length. -As a convenience for cases where an entire NUL-terminated string is -to be converted, -a -.I srclen -value of -.B 0 -is taken to mean -.BR strlen(src) . -.PP -The -.I type -parameter of -.I atoasr -must point to a -.B char -variable used to record which form was found. -The -.I addrs -parameter must point to a two-element array of -.B "struct in_addr" -which receives the results. -The values stored into -.BR *type , -and the corresponding values in the array, are: -.PP -.ta 3c +2c +3c - *type addrs[0] addrs[1] -.sp 0.8 -address \&\fB'a'\fR address - -.br -subnet \&\fB's'\fR network mask -.br -range \&\fB'r'\fR begin end -.PP -The -.I dstlen -parameter of -.I rangetoa -specifies the size of the -.I dst -parameter; -under no circumstances are more than -.I dstlen -bytes written to -.IR dst . -A result which will not fit is truncated. -.I Dstlen -can be zero, in which case -.I dst -need not be valid and no result is written, -but the return value is unaffected; -in all other cases, the (possibly truncated) result is NUL-terminated. -The -.I freeswan.h -header file defines a constant, -.BR RANGETOA_BUF , -which is the size of a buffer just large enough for worst-case results. -.PP -The -.I format -parameter of -.I rangetoa -specifies what format is to be used for the conversion. -The value -.B 0 -(not the ASCII character -.BR '0' , -but a zero value) -specifies a reasonable default, -and is in fact the only format currently available. -This parameter is a hedge against future needs. -.PP -.I Atoasr -returns NULL for success and -a pointer to a string-literal error message for failure; -see DIAGNOSTICS. -.I Rangetoa -returns -.B 0 -for a failure, and otherwise -always returns the size of buffer which would -be needed to -accommodate the full conversion result, including terminating NUL; -it is the caller's responsibility to check this against the size of -the provided buffer to determine whether truncation has occurred. -.SH SEE ALSO -ipsec_atoaddr(3), ipsec_atosubnet(3) -.SH DIAGNOSTICS -Fatal errors in -.I atoasr -are: -empty input; -error in -.IR ipsec_atoaddr (3) -or -.IR ipsec_atosubnet (3) -during conversion; -begin address of range exceeds end address. -.PP -Fatal errors in -.I rangetoa -are: -unknown format. -.SH HISTORY -Written for the FreeS/WAN project by Henry Spencer. -.SH BUGS -The restriction of error reports to literal strings -(so that callers don't need to worry about freeing them or copying them) -does limit the precision of error reporting. -.PP -The error-reporting convention lends itself -to slightly obscure code, -because many readers will not think of NULL as signifying success. -A good way to make it clearer is to write something like: -.PP -.RS -.nf -.B "const char *error;" -.sp -.B "error = atoasr( /* ... */ );" -.B "if (error != NULL) {" -.B " /* something went wrong */" -.fi -.RE diff --git a/src/libfreeswan/atoasr.c b/src/libfreeswan/atoasr.c deleted file mode 100644 index ad62ef46b..000000000 --- a/src/libfreeswan/atoasr.c +++ /dev/null @@ -1,210 +0,0 @@ -/* - * convert from ASCII form of address/subnet/range to binary - * Copyright (C) 1998, 1999 Henry Spencer. - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - */ -#include "internal.h" -#include "freeswan.h" - -/* - - atoasr - convert ASCII to address, subnet, or range - */ -const char * /* NULL for success, else string literal */ -atoasr(src, srclen, typep, addrsp) -const char *src; -size_t srclen; /* 0 means "apply strlen" */ -char *typep; /* return type code: 'a', 's', 'r' */ -struct in_addr addrsp[2]; -{ - const char *punct; - const char *stop; - const char *oops; - - if (srclen == 0) - srclen = strlen(src); - if (srclen == 0) - return "empty string"; - - /* subnet is easy to spot */ - punct = memchr(src, '/', srclen); - if (punct != NULL) { - *typep = 's'; - return atosubnet(src, srclen, &addrsp[0], &addrsp[1]); - } - - /* try for a range */ - stop = src + srclen; - for (punct = src; (punct = memchr(punct, '.', stop - punct)) != NULL; - punct++) - if (stop - punct > 3 && *(punct+1) == '.' && *(punct+2) == '.') - break; /* NOTE BREAK OUT */ - if (punct == NULL) { - /* didn't find the range delimiter, must be plain address */ - *typep = 'a'; - return atoaddr(src, srclen, &addrsp[0]); - } - - /* looks like a range */ - *typep = 'r'; - if (stop - punct > 4 && *(punct+3) == '.') - punct++; /* first dot is trailing dot of name */ - oops = atoaddr(src, punct - src, &addrsp[0]); - if (oops != NULL) - return oops; - oops = atoaddr(punct+3, stop - (punct+3), &addrsp[1]); - if (oops != NULL) - return oops; - if (ntohl(addrsp[0].s_addr) > ntohl(addrsp[1].s_addr)) - return "invalid range, begin > end"; - return NULL; -} - - - -#ifdef ATOASR_MAIN - -#include <stdio.h> -#include <sys/socket.h> -#include <netinet/in.h> -#include <arpa/inet.h> - -void regress(void); - -int -main(int argc, char *argv[]) -{ - struct in_addr a[2]; - char buf[100]; - const char *oops; - size_t n; - char type; - - if (argc < 2) { - fprintf(stderr, "Usage: %s {addr|net/mask|begin...end|-r}\n", - argv[0]); - exit(2); - } - - if (strcmp(argv[1], "-r") == 0) { - regress(); - fprintf(stderr, "regress() returned?!?\n"); - exit(1); - } - - oops = atoasr(argv[1], 0, &type, a); - if (oops != NULL) { - fprintf(stderr, "%s: conversion failed: %s\n", argv[0], oops); - exit(1); - } - switch (type) { - case 'a': - n = addrtoa(a[0], 0, buf, sizeof(buf)); - break; - case 's': - n = subnettoa(a[0], a[1], 0, buf, sizeof(buf)); - break; - case 'r': - n = rangetoa(a, 0, buf, sizeof(buf)); - break; - default: - fprintf(stderr, "%s: unknown type '%c'\n", argv[0], type); - exit(1); - break; - } - if (n > sizeof(buf)) { - fprintf(stderr, "%s: reverse conversion of ", argv[0]); - fprintf(stderr, "%s ", inet_ntoa(a[0])); - fprintf(stderr, "%s", inet_ntoa(a[1])); - fprintf(stderr, " failed: need %ld bytes, have only %ld\n", - (long)n, (long)sizeof(buf)); - exit(1); - } - printf("%s\n", buf); - - exit(0); -} - -struct rtab { - char *input; - char *output; /* NULL means error expected */ -} rtab[] = { - {"1.2.3.0", "1.2.3.0"}, - {"1.2.3.0/255.255.255.0", "1.2.3.0/24"}, - {"1.2.3.0...1.2.3.5", "1.2.3.0...1.2.3.5"}, - {"1.2.3.4.5", NULL}, - {"1.2.3.4/", NULL}, - {"1.2.3.4...", NULL}, - {"1.2.3.4....", NULL}, - {"localhost/32", "127.0.0.1/32"}, - {"localhost...127.0.0.3", "127.0.0.1...127.0.0.3"}, - {"127.0.0.0...localhost", "127.0.0.0...127.0.0.1"}, - {"127.0.0.3...localhost", NULL}, - {NULL, NULL} -}; - -void -regress(void) -{ - struct rtab *r; - int status = 0; - struct in_addr a[2]; - char in[100]; - char buf[100]; - const char *oops; - size_t n; - char type; - - for (r = rtab; r->input != NULL; r++) { - strcpy(in, r->input); - oops = atoasr(in, 0, &type, a); - if (oops != NULL && r->output == NULL) - {} /* okay, error expected */ - else if (oops != NULL) { - printf("`%s' atoasr failed: %s\n", r->input, oops); - status = 1; - } else if (r->output == NULL) { - printf("`%s' atoasr succeeded unexpectedly '%c'\n", - r->input, type); - status = 1; - } else { - switch (type) { - case 'a': - n = addrtoa(a[0], 0, buf, sizeof(buf)); - break; - case 's': - n = subnettoa(a[0], a[1], 0, buf, sizeof(buf)); - break; - case 'r': - n = rangetoa(a, 0, buf, sizeof(buf)); - break; - default: - fprintf(stderr, "`%s' unknown type '%c'\n", - r->input, type); - n = 0; - status = 1; - break; - } - if (n > sizeof(buf)) { - printf("`%s' '%c' reverse failed: need %ld\n", - r->input, type, (long)n); - status = 1; - } else if (n > 0 && strcmp(r->output, buf) != 0) { - printf("`%s' '%c' gave `%s', expected `%s'\n", - r->input, type, buf, r->output); - status = 1; - } - } - } - exit(status); -} - -#endif /* ATOASR_MAIN */ diff --git a/src/libfreeswan/atosubnet.c b/src/libfreeswan/atosubnet.c deleted file mode 100644 index 8b2bfa17e..000000000 --- a/src/libfreeswan/atosubnet.c +++ /dev/null @@ -1,214 +0,0 @@ -/* - * convert from ASCII form of subnet specification to binary - * Copyright (C) 1998, 1999 Henry Spencer. - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - */ -#include "internal.h" -#include "freeswan.h" - -#ifndef DEFAULTSUBNET -#define DEFAULTSUBNET "%default" -#endif - -/* - - atosubnet - convert ASCII "addr/mask" to address and mask - * Mask can be integer bit count. - */ -const char * /* NULL for success, else string literal */ -atosubnet(src, srclen, addrp, maskp) -const char *src; -size_t srclen; /* 0 means "apply strlen" */ -struct in_addr *addrp; -struct in_addr *maskp; -{ - const char *slash; - const char *mask; - size_t mlen; - const char *oops; - unsigned long bc; - static char def[] = DEFAULTSUBNET; -# define DEFLEN (sizeof(def) - 1) /* -1 for NUL */ - static char defis[] = "0/0"; -# define DEFILEN (sizeof(defis) - 1) - - if (srclen == 0) - srclen = strlen(src); - if (srclen == 0) - return "empty string"; - - if (srclen == DEFLEN && strncmp(src, def, srclen) == 0) { - src = defis; - srclen = DEFILEN; - } - - slash = memchr(src, '/', srclen); - if (slash == NULL) - return "no / in subnet specification"; - mask = slash + 1; - mlen = srclen - (mask - src); - - oops = atoaddr(src, slash-src, addrp); - if (oops != NULL) - return oops; - - oops = atoul(mask, mlen, 10, &bc); - if (oops == NULL) { - /* atoul succeeded, it's a bit-count mask */ - if (bc > ABITS) - return "bit-count mask too large"; -#ifdef NOLEADINGZEROS - if (mlen > 1 && *mask == '0') - return "octal not allowed in mask"; -#endif /* NOLEADINGZEROS */ - *maskp = bitstomask((int)bc); - } else { - oops = atoaddr(mask, mlen, maskp); - if (oops != NULL) - return oops; - if (!goodmask(*maskp)) - return "non-contiguous mask"; - } - - addrp->s_addr &= maskp->s_addr; - return NULL; -} - - - -#ifdef ATOSUBNET_MAIN - -#include <stdio.h> -#include <sys/socket.h> -#include <netinet/in.h> -#include <arpa/inet.h> - -void regress(void); - -int -main(int argc, char *argv[]) -{ - struct in_addr a; - struct in_addr m; - char buf[100]; - const char *oops; - size_t n; - - if (argc < 2) { - fprintf(stderr, "Usage: %s {addr/mask|-r}\n", argv[0]); - exit(2); - } - - if (strcmp(argv[1], "-r") == 0) { - regress(); - fprintf(stderr, "regress() returned?!?\n"); - exit(1); - } - - oops = atosubnet(argv[1], 0, &a, &m); - if (oops != NULL) { - fprintf(stderr, "%s: conversion failed: %s\n", argv[0], oops); - exit(1); - } - n = subnettoa(a, m, 0, buf, sizeof(buf)); - if (n > sizeof(buf)) { - fprintf(stderr, "%s: reverse conversion of ", argv[0]); - fprintf(stderr, "%s/", inet_ntoa(a)); - fprintf(stderr, "%s", inet_ntoa(m)); - fprintf(stderr, " failed: need %ld bytes, have only %ld\n", - (long)n, (long)sizeof(buf)); - exit(1); - } - printf("%s\n", buf); - - exit(0); -} - -struct rtab { - char *input; - char *output; /* NULL means error expected */ -} rtab[] = { - {"1.2.3.0/255.255.255.0", "1.2.3.0/24"}, - {"1.2.3.0/24", "1.2.3.0/24"}, - {"1.2.3.1/255.255.255.240", "1.2.3.0/28"}, - {"1.2.3.1/32", "1.2.3.1/32"}, - {"1.2.3.1/0", "0.0.0.0/0"}, -/* "1.2.3.1/255.255.127.0", "1.2.3.0/255.255.127.0", */ - {"1.2.3.1/255.255.127.0", NULL}, - {"128.009.000.032/32", "128.9.0.32/32"}, - {"128.0x9.0.32/32", NULL}, - {"0x80090020/32", "128.9.0.32/32"}, - {"0x800x0020/32", NULL}, - {"128.9.0.32/0xffFF0000", "128.9.0.0/16"}, - {"128.9.0.32/0xff0000FF", NULL}, - {"128.9.0.32/0x0000ffFF", NULL}, - {"128.9.0.32/0x00ffFF0000", NULL}, - {"128.9.0.32/0xffFF", NULL}, - {"128.9.0.32.27/32", NULL}, - {"128.9.0k32/32", NULL}, - {"328.9.0.32/32", NULL}, - {"128.9..32/32", NULL}, - {"10/8", "10.0.0.0/8"}, - {"10.0/8", "10.0.0.0/8"}, - {"10.0.0/8", "10.0.0.0/8"}, - {"10.0.1/24", "10.0.1.0/24"}, - {"_", NULL}, - {"_/_", NULL}, - {"1.2.3.1", NULL}, - {"1.2.3.1/_", NULL}, - {"1.2.3.1/24._", NULL}, - {"1.2.3.1/99", NULL}, - {"localhost/32", "127.0.0.1/32"}, - {"%default", "0.0.0.0/0"}, - {NULL, NULL} -}; - -void -regress() -{ - struct rtab *r; - int status = 0; - struct in_addr a; - struct in_addr m; - char in[100]; - char buf[100]; - const char *oops; - size_t n; - - for (r = rtab; r->input != NULL; r++) { - strcpy(in, r->input); - oops = atosubnet(in, 0, &a, &m); - if (oops != NULL && r->output == NULL) - {} /* okay, error expected */ - else if (oops != NULL) { - printf("`%s' atosubnet failed: %s\n", r->input, oops); - status = 1; - } else if (r->output == NULL) { - printf("`%s' atosubnet succeeded unexpectedly\n", - r->input); - status = 1; - } else { - n = subnettoa(a, m, 0, buf, sizeof(buf)); - if (n > sizeof(buf)) { - printf("`%s' subnettoa failed: need %ld\n", - r->input, (long)n); - status = 1; - } else if (strcmp(r->output, buf) != 0) { - printf("`%s' gave `%s', expected `%s'\n", - r->input, buf, r->output); - status = 1; - } - } - } - exit(status); -} - -#endif /* ATOSUBNET_MAIN */ diff --git a/src/libfreeswan/atoul.3 b/src/libfreeswan/atoul.3 deleted file mode 100644 index 6737b6b54..000000000 --- a/src/libfreeswan/atoul.3 +++ /dev/null @@ -1,160 +0,0 @@ -.TH IPSEC_ATOUL 3 "11 June 2001" -.SH NAME -ipsec atoul, ultoa \- convert unsigned-long numbers to and from ASCII -.SH SYNOPSIS -.B "#include <freeswan.h> -.sp -.B "const char *atoul(const char *src, size_t srclen," -.ti +1c -.B "int base, unsigned long *n);" -.br -.B "size_t ultoa(unsigned long n, int base, char *dst," -.ti +1c -.B "size_t dstlen);" -.SH DESCRIPTION -These functions are obsolete; see -.IR ipsec_ttoul (3) -for their replacements. -.PP -.I Atoul -converts an ASCII number into a binary -.B "unsigned long" -value. -.I Ultoa -does the reverse conversion, back to an ASCII version. -.PP -Numbers are specified in ASCII as -decimal (e.g. -.BR 123 ), -octal with a leading zero (e.g. -.BR 012 , -which has value 10), -or hexadecimal with a leading -.B 0x -(e.g. -.BR 0x1f , -which has value 31) -in either upper or lower case. -.PP -The -.I srclen -parameter of -.I atoul -specifies the length of the ASCII string pointed to by -.IR src ; -it is an error for there to be anything else -(e.g., a terminating NUL) within that length. -As a convenience for cases where an entire NUL-terminated string is -to be converted, -a -.I srclen -value of -.B 0 -is taken to mean -.BR strlen(src) . -.PP -The -.I base -parameter of -.I atoul -can be -.BR 8 , -.BR 10 , -or -.BR 16 , -in which case the number supplied is assumed to be of that form -(and in the case of -.BR 16 , -to lack any -.B 0x -prefix). -It can also be -.BR 0 , -in which case the number is examined for a leading zero -or a leading -.B 0x -to determine its base, -or -.B 13 -(halfway between 10 and 16), -which has the same effect as -.B 0 -except that a non-hexadecimal -number is considered decimal regardless of any leading zero. -.PP -The -.I dstlen -parameter of -.I ultoa -specifies the size of the -.I dst -parameter; -under no circumstances are more than -.I dstlen -bytes written to -.IR dst . -A result which will not fit is truncated. -.I Dstlen -can be zero, in which case -.I dst -need not be valid and no result is written, -but the return value is unaffected; -in all other cases, the (possibly truncated) result is NUL-terminated. -.PP -The -.I base -parameter of -.I ultoa -must be -.BR 8 , -.BR 10 , -or -.BR 16 . -.PP -.I Atoul -returns NULL for success and -a pointer to a string-literal error message for failure; -see DIAGNOSTICS. -.I Ultoa -returns the size of buffer which would -be needed to -accommodate the full conversion result, including terminating NUL; -it is the caller's responsibility to check this against the size of -the provided buffer to determine whether truncation has occurred. -.SH SEE ALSO -atol(3), strtoul(3) -.SH DIAGNOSTICS -Fatal errors in -.I atoul -are: -empty input; -unknown -.IR base ; -non-digit character found; -number too large for an -.BR "unsigned long" . -.SH HISTORY -Written for the FreeS/WAN project by Henry Spencer. -.SH BUGS -There is no provision for reporting an invalid -.I base -parameter given to -.IR ultoa . -.PP -The restriction of error reports to literal strings -(so that callers don't need to worry about freeing them or copying them) -does limit the precision of error reporting. -.PP -The error-reporting convention lends itself to slightly obscure code, -because many readers will not think of NULL as signifying success. -A good way to make it clearer is to write something like: -.PP -.RS -.nf -.B "const char *error;" -.sp -.B "error = atoul( /* ... */ );" -.B "if (error != NULL) {" -.B " /* something went wrong */" -.fi -.RE diff --git a/src/libfreeswan/atoul.c b/src/libfreeswan/atoul.c deleted file mode 100644 index d8e1528cb..000000000 --- a/src/libfreeswan/atoul.c +++ /dev/null @@ -1,88 +0,0 @@ -/* - * convert from ASCII form of unsigned long to binary - * Copyright (C) 1998, 1999 Henry Spencer. - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - */ -#include "internal.h" -#include "freeswan.h" - -/* - - atoul - convert ASCII substring to unsigned long number - */ -const char * /* NULL for success, else string literal */ -atoul(src, srclen, base, resultp) -const char *src; -size_t srclen; /* 0 means strlen(src) */ -int base; /* 0 means figure it out */ -unsigned long *resultp; -{ - const char *stop; - static char hex[] = "0123456789abcdef"; - static char uchex[] = "0123456789ABCDEF"; - int d; - char c; - char *p; - unsigned long r; - unsigned long rlimit; - int dlimit; - - if (srclen == 0) - srclen = strlen(src); - if (srclen == 0) - return "empty string"; - - if (base == 0 || base == 13) { - if (srclen > 2 && *src == '0' && CIEQ(*(src+1), 'x')) - return atoul(src+2, srclen-2, 16, resultp); - if (srclen > 1 && *src == '0' && base != 13) - return atoul(src+1, srclen-1, 8, resultp); - return atoul(src, srclen, 10, resultp); - } - if (base != 8 && base != 10 && base != 16) - return "unsupported number base"; - - r = 0; - stop = src + srclen; - if (base == 16) { - while (src < stop) { - c = *src++; - p = strchr(hex, c); - if (p != NULL) - d = p - hex; - else { - p = strchr(uchex, c); - if (p == NULL) - return "non-hex-digit in hex number"; - d = p - uchex; - } - r = (r << 4) | d; - } - /* defer length check to catch invalid digits first */ - if (srclen > sizeof(unsigned long) * 2) - return "hex number too long"; - } else { - rlimit = ULONG_MAX / base; - dlimit = (int)(ULONG_MAX - rlimit*base); - while (src < stop) { - c = *src++; - d = c - '0'; - if (d < 0 || d >= base) - return "non-digit in number"; - if (r > rlimit || (r == rlimit && d > dlimit)) - return "unsigned-long overflow"; - r = r*base + d; - } - } - - *resultp = r; - return NULL; -} diff --git a/src/libfreeswan/copyright.c b/src/libfreeswan/copyright.c deleted file mode 100644 index e55e849f7..000000000 --- a/src/libfreeswan/copyright.c +++ /dev/null @@ -1,57 +0,0 @@ -/* - * return IPsec copyright notice - * Copyright (C) 2001, 2002 Henry Spencer. - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - */ -#include "internal.h" -#include "freeswan.h" - -static const char *co[] = { - "Copyright (C) 1999-2009 Henry Spencer, Richard Guy Briggs,", - " D. Hugh Redelmeier, Sandy Harris, Claudia Schmeing,", - " Michael Richardson, Angelos D. Keromytis, John Ioannidis,", - "", - " Ken Bantoft, Stephen J. Bevan, JuanJo Ciarlante, Mathieu Lafon,", - " Stephane Laroche, Kai Martius, Stephan Scholz, Tuomo Soini, Herbert Xu,", - "", - " Martin Berner, Marco Bertossa, David Buechi, Ueli Galizzi,", - " Christoph Gysin, Andreas Hess, Patric Lichtsteiner, Michael Meier,", - " Andreas Schleiss, Ariane Seiler, Mario Strasser, Lukas Suter,", - " Roger Wegmann, Simon Zwahlen,", - " ZHW Zuercher Hochschule Winterthur (Switzerland).", - "", - " Philip Boetschi, Tobias Brunner, Sansar Choinyambuu, Adrian Doerig,", - " Andreas Eigenmann, Fabian Hartmann, Noah Heusser, Jan Hutter,", - " Thomas Kallenberg, Daniel Roethlisberger, Joel Stillhart, Martin Willi,", - " Daniel Wydler, Andreas Steffen,", - " HSR Hochschule fuer Technik Rapperswil (Switzerland).", - "", - "This program is free software; you can redistribute it and/or modify it", - "under the terms of the GNU General Public License as published by the", - "Free Software Foundation; either version 2 of the License, or (at your", - "option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.", - "", - "This program is distributed in the hope that it will be useful, but", - "WITHOUT ANY WARRANTY; without even the implied warranty of", - "MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General", - "Public License (file COPYING in the distribution) for more details.", - NULL -}; - -/* - - ipsec_copyright_notice - return copyright notice, as a vector of strings - */ -const char ** -ipsec_copyright_notice() -{ - return co; -} diff --git a/src/libfreeswan/datatot.c b/src/libfreeswan/datatot.c deleted file mode 100644 index e3b9d6417..000000000 --- a/src/libfreeswan/datatot.c +++ /dev/null @@ -1,230 +0,0 @@ -/* - * convert from binary data (e.g. key) to text form - * Copyright (C) 2000 Henry Spencer. - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - */ -#include "internal.h" -#include "freeswan.h" - -static void convert(const char *src, size_t nreal, int format, char *out); - -/* - - datatot - convert data bytes to text - */ -size_t /* true length (with NUL) for success */ -datatot(src, srclen, format, dst, dstlen) -const char *src; -size_t srclen; -int format; /* character indicating what format */ -char *dst; /* need not be valid if dstlen is 0 */ -size_t dstlen; -{ - size_t inblocksize; /* process this many bytes at a time */ - size_t outblocksize; /* producing this many */ - size_t breakevery; /* add a _ every this many (0 means don't) */ - size_t sincebreak; /* output bytes since last _ */ - char breakchar; /* character used to break between groups */ - char inblock[10]; /* enough for any format */ - char outblock[10]; /* enough for any format */ - char fake[1]; /* fake output area for dstlen == 0 */ - size_t needed; /* return value */ - char *stop; /* where the terminating NUL will go */ - size_t ntodo; /* remaining input */ - size_t nreal; - char *out; - char *prefix; - - breakevery = 0; - breakchar = '_'; - - switch (format) { - case 0: - case 'h': - format = 'x'; - breakevery = 8; - /* FALLTHROUGH */ - case 'x': - inblocksize = 1; - outblocksize = 2; - prefix = "0x"; - break; - case ':': - breakevery = 2; - breakchar = ':'; - /* FALLTHROUGH */ - case 16: - inblocksize = 1; - outblocksize = 2; - prefix = ""; - format = 'x'; - break; - case 's': - inblocksize = 3; - outblocksize = 4; - prefix = "0s"; - break; - case 64: /* beware, equals ' ' */ - inblocksize = 3; - outblocksize = 4; - prefix = ""; - format = 's'; - break; - default: - return 0; - break; - } - assert(inblocksize < sizeof(inblock)); - assert(outblocksize < sizeof(outblock)); - assert(breakevery % outblocksize == 0); - - if (srclen == 0) - return 0; - ntodo = srclen; - - if (dstlen == 0) { /* dispose of awkward special case */ - dst = fake; - dstlen = 1; - } - stop = dst + dstlen - 1; - - nreal = strlen(prefix); - needed = nreal; /* for starters */ - if (dstlen <= nreal) { /* prefix won't fit */ - strncpy(dst, prefix, dstlen - 1); - dst += dstlen - 1; - } else { - strcpy(dst, prefix); - dst += nreal; - } - assert(dst <= stop); - sincebreak = 0; - - while (ntodo > 0) { - if (ntodo < inblocksize) { /* incomplete input */ - memset(inblock, 0, sizeof(inblock)); - memcpy(inblock, src, ntodo); - src = inblock; - nreal = ntodo; - ntodo = inblocksize; - } else - nreal = inblocksize; - out = (outblocksize > stop - dst) ? outblock : dst; - - convert(src, nreal, format, out); - needed += outblocksize; - sincebreak += outblocksize; - if (dst < stop) { - if (out != dst) { - assert(outblocksize > stop - dst); - memcpy(dst, out, stop - dst); - dst = stop; - } else - dst += outblocksize; - } - - src += inblocksize; - ntodo -= inblocksize; - if (breakevery != 0 && sincebreak >= breakevery && ntodo > 0) { - if (dst < stop) - *dst++ = breakchar; - needed++; - sincebreak = 0; - } - } - - assert(dst <= stop); - *dst++ = '\0'; - needed++; - - return needed; -} - -/* - - convert - convert one input block to one output block - */ -static void -convert(src, nreal, format, out) -const char *src; -size_t nreal; /* how much of the input block is real */ -int format; -char *out; -{ - static char hex[] = "0123456789abcdef"; - static char base64[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" - "abcdefghijklmnopqrstuvwxyz" - "0123456789+/"; - unsigned char c; - unsigned char c1, c2, c3; - - assert(nreal > 0); - switch (format) { - case 'x': - assert(nreal == 1); - c = (unsigned char)*src; - *out++ = hex[c >> 4]; - *out++ = hex[c & 0xf]; - break; - case 's': - c1 = (unsigned char)*src++; - c2 = (unsigned char)*src++; - c3 = (unsigned char)*src++; - *out++ = base64[c1 >> 2]; /* top 6 bits of c1 */ - c = (c1 & 0x3) << 4; /* bottom 2 of c1... */ - c |= c2 >> 4; /* ...top 4 of c2 */ - *out++ = base64[c]; - if (nreal == 1) - *out++ = '='; - else { - c = (c2 & 0xf) << 2; /* bottom 4 of c2... */ - c |= c3 >> 6; /* ...top 2 of c3 */ - *out++ = base64[c]; - } - if (nreal <= 2) - *out++ = '='; - else - *out++ = base64[c3 & 0x3f]; /* bottom 6 of c3 */ - break; - default: - assert(nreal == 0); /* unknown format */ - break; - } -} - -/* - - datatoa - convert data to ASCII - * backward-compatibility synonym for datatot - */ -size_t /* true length (with NUL) for success */ -datatoa(src, srclen, format, dst, dstlen) -const char *src; -size_t srclen; -int format; /* character indicating what format */ -char *dst; /* need not be valid if dstlen is 0 */ -size_t dstlen; -{ - return datatot(src, srclen, format, dst, dstlen); -} - -/* - - bytestoa - convert data bytes to ASCII - * backward-compatibility synonym for datatot - */ -size_t /* true length (with NUL) for success */ -bytestoa(src, srclen, format, dst, dstlen) -const char *src; -size_t srclen; -int format; /* character indicating what format */ -char *dst; /* need not be valid if dstlen is 0 */ -size_t dstlen; -{ - return datatot(src, srclen, format, dst, dstlen); -} diff --git a/src/libfreeswan/freeswan.h b/src/libfreeswan/freeswan.h deleted file mode 100644 index 724165bde..000000000 --- a/src/libfreeswan/freeswan.h +++ /dev/null @@ -1,371 +0,0 @@ -#ifndef _FREESWAN_H -/* - * header file for FreeS/WAN library functions - * Copyright (C) 1998, 1999, 2000 Henry Spencer. - * Copyright (C) 1999, 2000, 2001 Richard Guy Briggs - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - */ -#define _FREESWAN_H /* seen it, no need to see it again */ - -# include <sys/types.h> -# include <stdio.h> -# include <netinet/in.h> - -# define DEBUG_NO_STATIC static - -#include <ipsec_param.h> -#include <utils.h> - -/* - * We assume header files have IPv6 (i.e. kernel version >= 2.1.0) - */ -#define NET_21 - -#ifndef IPPROTO_COMP -# define IPPROTO_COMP 108 -#endif /* !IPPROTO_COMP */ - -#ifndef IPPROTO_INT -# define IPPROTO_INT 61 -#endif /* !IPPROTO_INT */ - -#ifdef CONFIG_IPSEC_DEBUG -# define DEBUG_NO_STATIC -#else /* CONFIG_IPSEC_DEBUG */ -# define DEBUG_NO_STATIC static -#endif /* CONFIG_IPSEC_DEBUG */ - -#define ESPINUDP_WITH_NON_IKE 1 /* draft-ietf-ipsec-nat-t-ike-00/01 */ -#define ESPINUDP_WITH_NON_ESP 2 /* draft-ietf-ipsec-nat-t-ike-02 */ - -/* - * Basic data types for the address-handling functions. - * ip_address and ip_subnet are supposed to be opaque types; do not - * use their definitions directly, they are subject to change! - */ - -/* then the main types */ -typedef struct { - union { - struct sockaddr_in v4; - struct sockaddr_in6 v6; - } u; -} ip_address; -typedef struct { - ip_address addr; - int maskbits; -} ip_subnet; - -/* and the SA ID stuff */ -typedef u_int32_t ipsec_spi_t; -typedef struct { /* to identify an SA, we need: */ - ip_address dst; /* A. destination host */ - ipsec_spi_t spi; /* B. 32-bit SPI, assigned by dest. host */ -# define SPI_PASS 256 /* magic values... */ -# define SPI_DROP 257 /* ...for use... */ -# define SPI_REJECT 258 /* ...with SA_INT */ -# define SPI_HOLD 259 -# define SPI_TRAP 260 -# define SPI_TRAPSUBNET 261 - int proto; /* C. protocol */ -# define SA_ESP 50 /* IPPROTO_ESP */ -# define SA_AH 51 /* IPPROTO_AH */ -# define SA_IPIP 4 /* IPPROTO_IPIP */ -# define SA_COMP 108 /* IPPROTO_COMP */ -# define SA_INT 61 /* IANA reserved for internal use */ -} ip_said; -struct sa_id { /* old v4-only version */ - struct in_addr dst; - ipsec_spi_t spi; - int proto; -}; - -/* misc */ -struct prng { /* pseudo-random-number-generator guts */ - unsigned char sbox[256]; - int i, j; - unsigned long count; -}; - - -/* - * definitions for user space, taken from freeswan/ipsec_sa.h - */ -typedef uint32_t IPsecSAref_t; - -#define IPSEC_SA_REF_TABLE_NUM_ENTRIES (1 << IPSEC_SA_REF_TABLE_IDX_WIDTH) - -#define IPSEC_SA_REF_FIELD_WIDTH (8 * sizeof(IPsecSAref_t)) - -#define IPsecSAref2NFmark(x) ((x) << (IPSEC_SA_REF_FIELD_WIDTH - IPSEC_SA_REF_TABLE_IDX_WIDTH)) -#define NFmark2IPsecSAref(x) ((x) >> (IPSEC_SA_REF_FIELD_WIDTH - IPSEC_SA_REF_TABLE_IDX_WIDTH)) - -#define IPSEC_SAREF_NULL (~((IPsecSAref_t)0)) - -/* GCC magic for use in function definitions! */ -#ifdef GCC_LINT -# define PRINTF_LIKE(n) __attribute__ ((format(printf, n, n+1))) -# define NEVER_RETURNS __attribute__ ((noreturn)) -# define UNUSED __attribute__ ((unused)) -# define BLANK_FORMAT " " /* GCC_LINT whines about empty formats */ -#else -# define PRINTF_LIKE(n) /* ignore */ -# define NEVER_RETURNS /* ignore */ -# define UNUSED /* ignore */ -# define BLANK_FORMAT "" -#endif - - - - - -/* - * new IPv6-compatible functions - */ - -/* text conversions */ -err_t ttoul(const char *src, size_t srclen, int format, unsigned long *dst); -size_t ultot(unsigned long src, int format, char *buf, size_t buflen); -#define ULTOT_BUF (22+1) /* holds 64 bits in octal */ -err_t ttoaddr(const char *src, size_t srclen, int af, ip_address *dst); -err_t tnatoaddr(const char *src, size_t srclen, int af, ip_address *dst); -size_t addrtot(const ip_address *src, int format, char *buf, size_t buflen); -/* RFC 1886 old IPv6 reverse-lookup format is the bulkiest */ -#define ADDRTOT_BUF (32*2 + 3 + 1 + 3 + 1 + 1) -err_t ttosubnet(const char *src, size_t srclen, int af, ip_subnet *dst); -size_t subnettot(const ip_subnet *src, int format, char *buf, size_t buflen); -#define SUBNETTOT_BUF (ADDRTOT_BUF + 1 + 3) -err_t ttosa(const char *src, size_t srclen, ip_said *dst); -size_t satot(const ip_said *src, int format, char *bufptr, size_t buflen); -#define SATOT_BUF (5 + ULTOA_BUF + 1 + ADDRTOT_BUF) -err_t ttodata(const char *src, size_t srclen, int base, char *buf, - size_t buflen, size_t *needed); -err_t ttodatav(const char *src, size_t srclen, int base, - char *buf, size_t buflen, size_t *needed, - char *errp, size_t errlen, unsigned int flags); -#define TTODATAV_BUF 40 /* ttodatav's largest non-literal message */ -#define TTODATAV_IGNORESPACE (1<<1) /* ignore spaces in base64 encodings*/ -#define TTODATAV_SPACECOUNTS 0 /* do not ignore spaces in base64 */ - -size_t datatot(const char *src, size_t srclen, int format, char *buf, - size_t buflen); -err_t ttoprotoport(char *src, size_t src_len, u_int8_t *proto, u_int16_t *port, - bool *has_port_wildcard); - -/* initializations */ -void initsaid(const ip_address *addr, ipsec_spi_t spi, int proto, ip_said *dst); -err_t loopbackaddr(int af, ip_address *dst); -err_t unspecaddr(int af, ip_address *dst); -err_t anyaddr(int af, ip_address *dst); -err_t initaddr(const unsigned char *src, size_t srclen, int af, ip_address *dst); -err_t initsubnet(const ip_address *addr, int maskbits, int clash, ip_subnet *dst); -err_t addrtosubnet(const ip_address *addr, ip_subnet *dst); - -/* misc. conversions and related */ -err_t rangetosubnet(const ip_address *from, const ip_address *to, ip_subnet *dst); -int addrtypeof(const ip_address *src); -int subnettypeof(const ip_subnet *src); -size_t addrlenof(const ip_address *src); -size_t addrbytesptr(const ip_address *src, const unsigned char **dst); -size_t addrbytesof(const ip_address *src, unsigned char *dst, size_t dstlen); -int masktocount(const ip_address *src); -void networkof(const ip_subnet *src, ip_address *dst); -void maskof(const ip_subnet *src, ip_address *dst); - -/* tests */ -int sameaddr(const ip_address *a, const ip_address *b); -int addrcmp(const ip_address *a, const ip_address *b); -int samesubnet(const ip_subnet *a, const ip_subnet *b); -int addrinsubnet(const ip_address *a, const ip_subnet *s); -int subnetinsubnet(const ip_subnet *a, const ip_subnet *b); -int subnetishost(const ip_subnet *s); -int samesaid(const ip_said *a, const ip_said *b); -int sameaddrtype(const ip_address *a, const ip_address *b); -int samesubnettype(const ip_subnet *a, const ip_subnet *b); -int isanyaddr(const ip_address *src); -int isunspecaddr(const ip_address *src); -int isloopbackaddr(const ip_address *src); - -/* low-level grot */ -int portof(const ip_address *src); -void setportof(int port, ip_address *dst); -struct sockaddr *sockaddrof(ip_address *src); -size_t sockaddrlenof(const ip_address *src); - -/* odds and ends */ -const char **ipsec_copyright_notice(void); - -const char *dns_string_rr(int rr, char *buf, int bufsize); -const char *dns_string_datetime(time_t seconds, - char *buf, - int bufsize); - - -/* - * old functions, to be deleted eventually - */ - -/* unsigned long */ -const char * /* NULL for success, else string literal */ -atoul( - const char *src, - size_t srclen, /* 0 means strlen(src) */ - int base, /* 0 means figure it out */ - unsigned long *resultp -); -size_t /* space needed for full conversion */ -ultoa( - unsigned long n, - int base, - char *dst, - size_t dstlen -); -#define ULTOA_BUF 21 /* just large enough for largest result, */ - /* assuming 64-bit unsigned long! */ - -/* Internet addresses */ -const char * /* NULL for success, else string literal */ -atoaddr( - const char *src, - size_t srclen, /* 0 means strlen(src) */ - struct in_addr *addr -); -size_t /* space needed for full conversion */ -addrtoa( - struct in_addr addr, - int format, /* character; 0 means default */ - char *dst, - size_t dstlen -); -#define ADDRTOA_BUF 16 /* just large enough for largest result */ - -/* subnets */ -const char * /* NULL for success, else string literal */ -atosubnet( - const char *src, - size_t srclen, /* 0 means strlen(src) */ - struct in_addr *addr, - struct in_addr *mask -); -size_t /* space needed for full conversion */ -subnettoa( - struct in_addr addr, - struct in_addr mask, - int format, /* character; 0 means default */ - char *dst, - size_t dstlen -); -#define SUBNETTOA_BUF 32 /* large enough for worst case result */ - -/* ranges */ -const char * /* NULL for success, else string literal */ -atoasr( - const char *src, - size_t srclen, /* 0 means strlen(src) */ - char *type, /* 'a', 's', 'r' */ - struct in_addr *addrs /* two-element array */ -); -size_t /* space needed for full conversion */ -rangetoa( - struct in_addr *addrs, /* two-element array */ - int format, /* character; 0 means default */ - char *dst, - size_t dstlen -); -#define RANGETOA_BUF 34 /* large enough for worst case result */ - -/* generic data, e.g. keys */ -const char * /* NULL for success, else string literal */ -atobytes( - const char *src, - size_t srclen, /* 0 means strlen(src) */ - char *dst, - size_t dstlen, - size_t *lenp /* NULL means don't bother telling me */ -); -size_t /* 0 failure, else true size */ -bytestoa( - const char *src, - size_t srclen, - int format, /* character; 0 means default */ - char *dst, - size_t dstlen -); - -/* old versions of generic-data functions; deprecated */ -size_t /* 0 failure, else true size */ -atodata( - const char *src, - size_t srclen, /* 0 means strlen(src) */ - char *dst, - size_t dstlen -); -size_t /* 0 failure, else true size */ -datatoa( - const char *src, - size_t srclen, - int format, /* character; 0 means default */ - char *dst, - size_t dstlen -); - -/* part extraction and special addresses */ -struct in_addr -subnetof( - struct in_addr addr, - struct in_addr mask -); -struct in_addr -hostof( - struct in_addr addr, - struct in_addr mask -); -struct in_addr -broadcastof( - struct in_addr addr, - struct in_addr mask -); - -/* mask handling */ -int -goodmask( - struct in_addr mask -); -int -masktobits( - struct in_addr mask -); -struct in_addr -bitstomask( - int n -); - -/* - * Debugging levels for pfkey_lib_debug - */ -#define PF_KEY_DEBUG_PARSE_NONE 0 -#define PF_KEY_DEBUG_PARSE_PROBLEM 1 -#define PF_KEY_DEBUG_PARSE_STRUCT 2 -#define PF_KEY_DEBUG_PARSE_FLOW 4 -#define PF_KEY_DEBUG_PARSE_MAX 7 - -extern unsigned int pfkey_lib_debug; /* bits selecting what to report */ - -/* - * pluto and lwdnsq need to know the maximum size of the commands to, - * and replies from lwdnsq. - */ - -#define LWDNSQ_CMDBUF_LEN 1024 -#define LWDNSQ_RESULT_LEN_MAX 4096 - -#endif /* _FREESWAN_H */ diff --git a/src/libfreeswan/goodmask.3 b/src/libfreeswan/goodmask.3 deleted file mode 100644 index b76d431ca..000000000 --- a/src/libfreeswan/goodmask.3 +++ /dev/null @@ -1,56 +0,0 @@ -.TH IPSEC_GOODMASK 3 "11 June 2001" -.SH NAME -ipsec goodmask \- is this Internet subnet mask a valid one? -.br -ipsec masktobits \- convert Internet subnet mask to bit count -.br -ipsec bitstomask \- convert bit count to Internet subnet mask -.SH SYNOPSIS -.B "#include <freeswan.h> -.sp -.B "int goodmask(struct in_addr mask);" -.br -.B "int masktobits(struct in_addr mask);" -.br -.B "struct in_addr bitstomask(int n);" -.SH DESCRIPTION -These functions are obsolete; -see -.IR ipsec_masktocount (3) -for a partial replacement. -.PP -.I Goodmask -reports whether the subnet -.I mask -is a valid one, -i.e. consists of a (possibly empty) sequence of -.BR 1 s -followed by a (possibly empty) sequence of -.BR 0 s. -.I Masktobits -takes a (valid) subnet mask and returns the number of -.B 1 -bits in it. -.I Bitstomask -reverses this, -returning the subnet mask corresponding to bit count -.IR n . -.PP -All masks are in network byte order. -.SH SEE ALSO -inet(3), ipsec_atosubnet(3) -.SH DIAGNOSTICS -.I Masktobits -returns -.B \-1 -for an invalid mask. -.I Bitstomask -returns an all-zeros mask for a negative or out-of-range -.IR n . -.SH HISTORY -Written for the FreeS/WAN project by Henry Spencer. -.SH BUGS -The error-reporting convention of -.I bitstomask -is less than ideal; -zero is sometimes a legitimate mask. diff --git a/src/libfreeswan/goodmask.c b/src/libfreeswan/goodmask.c deleted file mode 100644 index 66edae20f..000000000 --- a/src/libfreeswan/goodmask.c +++ /dev/null @@ -1,95 +0,0 @@ -/* - * minor utilities for subnet-mask manipulation - * Copyright (C) 1998, 1999 Henry Spencer. - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - */ -#include "internal.h" -#include "freeswan.h" - -/* - - goodmask - is this a good (^1*0*$) subnet mask? - * You are not expected to understand this. See Henry S. Warren Jr, - * "Functions realizable with word-parallel logical and two's-complement - * addition instructions", CACM 20.6 (June 1977), p.439. - */ -int /* predicate */ -goodmask(mask) -struct in_addr mask; -{ - unsigned long x = ntohl(mask.s_addr); - /* clear rightmost contiguous string of 1-bits */ -# define CRCS1B(x) (((x|(x-1))+1)&x) -# define TOPBIT (1UL << 31) - - /* either zero, or has one string of 1-bits which is left-justified */ - if (x == 0 || (CRCS1B(x) == 0 && (x&TOPBIT))) - return 1; - return 0; -} - -/* - - masktobits - how many bits in this mask? - * The algorithm is essentially a binary search, but highly optimized - * for this particular task. - */ -int /* -1 means !goodmask() */ -masktobits(mask) -struct in_addr mask; -{ - unsigned long m = ntohl(mask.s_addr); - int masklen; - - if (!goodmask(mask)) - return -1; - - if (m&0x00000001UL) - return 32; - masklen = 0; - if (m&(0x0000ffffUL<<1)) { /* <<1 for 1-origin numbering */ - masklen |= 0x10; - m <<= 16; - } - if (m&(0x00ff0000UL<<1)) { - masklen |= 0x08; - m <<= 8; - } - if (m&(0x0f000000UL<<1)) { - masklen |= 0x04; - m <<= 4; - } - if (m&(0x30000000UL<<1)) { - masklen |= 0x02; - m <<= 2; - } - if (m&(0x40000000UL<<1)) - masklen |= 0x01; - - return masklen; -} - -/* - - bitstomask - return a mask with this many high bits on - */ -struct in_addr -bitstomask(n) -int n; -{ - struct in_addr result; - - if (n > 0 && n <= ABITS) - result.s_addr = htonl(~((1UL << (ABITS - n)) - 1)); - else if (n == 0) - result.s_addr = 0; - else - result.s_addr = 0; /* best error report we can do */ - return result; -} diff --git a/src/libfreeswan/initaddr.3 b/src/libfreeswan/initaddr.3 deleted file mode 100644 index 071e507aa..000000000 --- a/src/libfreeswan/initaddr.3 +++ /dev/null @@ -1,128 +0,0 @@ -.TH IPSEC_INITADDR 3 "11 Sept 2000" -.SH NAME -ipsec initaddr \- initialize an ip_address -.br -ipsec addrtypeof \- get address type of an ip_address -.br -ipsec addrlenof \- get length of address within an ip_address -.br -ipsec addrbytesof \- get copy of address within an ip_address -.br -ipsec addrbytesptr \- get pointer to address within an ip_address -.SH SYNOPSIS -.B "#include <freeswan.h>" -.sp -.B "const char *initaddr(const char *src, size_t srclen," -.ti +1c -.B "int af, ip_address *dst);" -.br -.B "int addrtypeof(const ip_address *src);" -.br -.B "size_t addrlenof(const ip_address *src);" -.br -.B "size_t addrbytesof(const ip_address *src," -.ti +1c -.B "unsigned char *dst, size_t dstlen);" -.br -.B "size_t addrbytesptr(const ip_address *src," -.ti +1c -.B "const unsigned char **dst);" -.SH DESCRIPTION -The -.B <freeswan.h> -library uses an internal type -.I ip_address -to contain one of the (currently two) types of IP address. -These functions provide basic tools for creating and examining this type. -.PP -.I Initaddr -initializes a variable -.I *dst -of type -.I ip_address -from an address -(in network byte order, -indicated by a pointer -.I src -and a length -.IR srclen ) -and an address family -.I af -(typically -.B AF_INET -or -.BR AF_INET6 ). -The length must be consistent with the address family. -.PP -.I Addrtypeof -returns the address type of an address, -normally -.B AF_INET -or -.BR AF_INET6 . -(The -.B <freeswan.h> -header file arranges to include the necessary headers for these -names to be known.) -.PP -.I Addrlenof -returns the size (in bytes) of the address within an -.IR ip_address , -to permit storage allocation etc. -.PP -.I Addrbytesof -copies the address within the -.I ip_address -.I src -to the buffer indicated by the pointer -.I dst -and the length -.IR dstlen , -and returns the address length (in bytes). -If the address will not fit, -as many bytes as will fit are copied; -the returned length is still the full length. -It is the caller's responsibility to check the -returned value to ensure that there was enough room. -.PP -.I Addrbytesptr -sets -.I *dst -to a pointer to the internal address within the -.IR ip_address , -and returns the address length (in bytes). -If -.I dst -is -.BR NULL , -it just returns the address length. -The pointer points to -.B const -to discourage misuse. -.PP -.I Initaddr -returns -.B NULL -for success and -a pointer to a string-literal error message for failure; -see DIAGNOSTICS. -.PP -The functions which return -.I size_t -return -.B 0 -for a failure. -.SH SEE ALSO -inet(3), ipsec_ttoaddr(3) -.SH DIAGNOSTICS -An unknown address family is a fatal error for any of these functions -except -.IR addrtypeof . -An address-size mismatch is a fatal error for -.IR initaddr . -.SH HISTORY -Written for the FreeS/WAN project by Henry Spencer. -.SH BUGS -.I Addrtypeof -should probably have been named -.IR addrfamilyof . diff --git a/src/libfreeswan/initaddr.c b/src/libfreeswan/initaddr.c deleted file mode 100644 index c84006f47..000000000 --- a/src/libfreeswan/initaddr.c +++ /dev/null @@ -1,51 +0,0 @@ -/* - * initialize address structure - * Copyright (C) 2000 Henry Spencer. - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - */ -#include <sys/socket.h> - -#include "internal.h" -#include "freeswan.h" - -/* - - initaddr - initialize ip_address from bytes - */ -err_t /* NULL for success, else string literal */ -initaddr(src, srclen, af, dst) -const unsigned char *src; -size_t srclen; -int af; /* address family */ -ip_address *dst; -{ - switch (af) { - case AF_INET: - if (srclen != 4) - return "IPv4 address must be exactly 4 bytes"; - dst->u.v4.sin_family = af; - dst->u.v4.sin_port = 0; /* unused */ - memcpy((char *)&dst->u.v4.sin_addr.s_addr, src, srclen); - break; - case AF_INET6: - if (srclen != 16) - return "IPv6 address must be exactly 16 bytes"; - dst->u.v6.sin6_family = af; - dst->u.v6.sin6_flowinfo = 0; /* unused */ - dst->u.v6.sin6_port = 0; /* unused */ - memcpy((char *)&dst->u.v6.sin6_addr, src, srclen); - break; - default: - return "unknown address family in initaddr"; - break; - } - return NULL; -} diff --git a/src/libfreeswan/initsaid.c b/src/libfreeswan/initsaid.c deleted file mode 100644 index 4e4bc9a35..000000000 --- a/src/libfreeswan/initsaid.c +++ /dev/null @@ -1,31 +0,0 @@ -/* - * initialize SA ID structure - * Copyright (C) 2000 Henry Spencer. - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - */ -#include "internal.h" -#include "freeswan.h" - -/* - - initsaid - initialize SA ID from bits - */ -void -initsaid(addr, spi, proto, dst) -const ip_address *addr; -ipsec_spi_t spi; -int proto; -ip_said *dst; -{ - dst->dst = *addr; - dst->spi = spi; - dst->proto = proto; -} diff --git a/src/libfreeswan/initsubnet.3 b/src/libfreeswan/initsubnet.3 deleted file mode 100644 index 3545fd426..000000000 --- a/src/libfreeswan/initsubnet.3 +++ /dev/null @@ -1,136 +0,0 @@ -.TH IPSEC_INITSUBNET 3 "12 March 2002" -.SH NAME -ipsec initsubnet \- initialize an ip_subnet -.br -ipsec addrtosubnet \- initialize a singleton ip_subnet -.br -ipsec subnettypeof \- get address type of an ip_subnet -.br -ipsec masktocount \- convert subnet mask to bit count -.br -ipsec networkof \- get base address of an ip_subnet -.br -ipsec maskof \- get subnet mask of an ip_subnet -.SH SYNOPSIS -.B "#include <freeswan.h>" -.sp -.B "const char *initsubnet(const ip_address *addr," -.ti +1c -.B "int maskbits, int clash, ip_subnet *dst);" -.br -.B "const char *addrtosubnet(const ip_address *addr," -.ti +1c -.B "ip_subnet *dst);" -.sp -.B "int subnettypeof(const ip_subnet *src);" -.br -.B "int masktocount(const ip_address *src);" -.br -.B "void networkof(const ip_subnet *src, ip_address *dst);" -.br -.B "void maskof(const ip_subnet *src, ip_address *dst);" -.SH DESCRIPTION -The -.B <freeswan.h> -library uses an internal type -.I ip_subnet -to contain a description of an IP subnet -(base address plus mask). -These functions provide basic tools for creating and examining this type. -.PP -.I Initsubnet -initializes a variable -.I *dst -of type -.I ip_subnet -from a base address and -a count of mask bits. -The -.I clash -parameter specifies what to do if the base address includes -.B 1 -bits outside the prefix specified by the mask -(that is, in the ``host number'' part of the address): -.RS -.IP '0' 5 -zero out host-number bits -.IP 'x' -non-zero host-number bits are an error -.RE -.PP -.I Initsubnet -returns -.B NULL -for success and -a pointer to a string-literal error message for failure; -see DIAGNOSTICS. -.PP -.I Addrtosubnet -initializes an -.I ip_subnet -variable -.I *dst -to a ``singleton subnet'' containing the single address -.IR *addr . -It returns -.B NULL -for success and -a pointer to a string-literal error message for failure. -.PP -.I Subnettypeof -returns the address type of a subnet, -normally -.B AF_INET -or -.BR AF_INET6 . -(The -.B <freeswan.h> -header file arranges to include the necessary headers for these -names to be known.) -.PP -.I Masktocount -converts a subnet mask, expressed as an address, to a bit count -suitable for use with -.IR initsubnet . -It returns -.B \-1 -for error; see DIAGNOSTICS. -.PP -.I Networkof -fills in -.I *dst -with the base address of subnet -.IR src . -.PP -.I Maskof -fills in -.I *dst -with the subnet mask of subnet -.IR src , -expressed as an address. -.SH SEE ALSO -inet(3), ipsec_ttosubnet(3), ipsec_rangetosubnet(3) -.SH DIAGNOSTICS -Fatal errors in -.I initsubnet -are: -unknown address family; -unknown -.I clash -value; -impossible mask bit count; -non-zero host-number bits and -.I clash -is -.BR 'x' . -Fatal errors in -.I addrtosubnet -are: -unknown address family. -Fatal errors in -.I masktocount -are: -unknown address family; -mask bits not contiguous. -.SH HISTORY -Written for the FreeS/WAN project by Henry Spencer. diff --git a/src/libfreeswan/initsubnet.c b/src/libfreeswan/initsubnet.c deleted file mode 100644 index 27faddabc..000000000 --- a/src/libfreeswan/initsubnet.c +++ /dev/null @@ -1,93 +0,0 @@ -/* - * initialize subnet structure - * Copyright (C) 2000, 2002 Henry Spencer. - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - */ -#include "internal.h" -#include "freeswan.h" - -/* - - initsubnet - initialize ip_subnet from address and count - * - * The only hard part is checking for host-part bits turned on. - */ -err_t /* NULL for success, else string literal */ -initsubnet(addr, count, clash, dst) -const ip_address *addr; -int count; -int clash; /* '0' zero host-part bits, 'x' die on them */ -ip_subnet *dst; -{ - unsigned char *p; - int n; - int c; - unsigned m; - int die; - - dst->addr = *addr; - n = addrbytesptr(&dst->addr, (const unsigned char **)&p); - if (n == 0) - return "unknown address family"; - - switch (clash) { - case '0': - die = 0; - break; - case 'x': - die = 1; - break; - default: - return "unknown clash-control value in initsubnet"; - break; - } - - c = count / 8; - if (c > n) - return "impossible mask count"; - p += c; - n -= c; - - m = 0xff; - c = count % 8; - if (n > 0 && c != 0) /* partial byte */ - m >>= c; - for (; n > 0; n--) { - if ((*p & m) != 0) { - if (die) - return "improper subnet, host-part bits on"; - *p &= ~m; - } - m = 0xff; - p++; - } - - dst->maskbits = count; - return NULL; -} - -/* - - addrtosubnet - initialize ip_subnet from a single address - */ -err_t /* NULL for success, else string literal */ -addrtosubnet(addr, dst) -const ip_address *addr; -ip_subnet *dst; -{ - int n; - - dst->addr = *addr; - n = addrbytesptr(&dst->addr, (const unsigned char **)NULL); - if (n == 0) - return "unknown address family"; - dst->maskbits = n*8; - return NULL; -} diff --git a/src/libfreeswan/internal.h b/src/libfreeswan/internal.h deleted file mode 100644 index 832c8a53d..000000000 --- a/src/libfreeswan/internal.h +++ /dev/null @@ -1,46 +0,0 @@ -/* - * internal definitions for use within the library; do not export! - * Copyright (C) 1998, 1999 Henry Spencer. - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - */ - -#ifndef ABITS -#define ABITS 32 /* bits in an IPv4 address */ -#endif - -/* case-independent ASCII character equality comparison */ -#define CIEQ(c1, c2) ( ((c1)&~040) == ((c2)&~040) ) - -/* syntax for passthrough SA */ -#ifndef PASSTHROUGHNAME -#define PASSTHROUGHNAME "%passthrough" -#define PASSTHROUGH4NAME "%passthrough4" -#define PASSTHROUGH6NAME "%passthrough6" -#define PASSTHROUGHIS "tun0@0.0.0.0" -#define PASSTHROUGH4IS "tun0@0.0.0.0" -#define PASSTHROUGH6IS "tun0@::" -#define PASSTHROUGHTYPE "tun" -#define PASSTHROUGHSPI 0 -#define PASSTHROUGHDST 0 -#endif - -#include <sys/types.h> -#include <netinet/in.h> -#include <string.h> -#include <ctype.h> -#include <assert.h> -#include <limits.h> -#include <netdb.h> -#include <stdlib.h> -#define MALLOC(n) malloc(n) -#define FREE(p) free(p) - diff --git a/src/libfreeswan/ipsec_param.h b/src/libfreeswan/ipsec_param.h deleted file mode 100644 index 93426b8ee..000000000 --- a/src/libfreeswan/ipsec_param.h +++ /dev/null @@ -1,54 +0,0 @@ -/* - * @(#) FreeSWAN tunable paramaters - * - * Copyright (C) 2001 Richard Guy Briggs <rgb@freeswan.org> - * and Michael Richardson <mcr@freeswan.org> - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -/* - * This file provides a set of #define's which may be tuned by various - * people/configurations. It keeps all compile-time tunables in one place. - * - * This file should be included before all other IPsec kernel-only files. - * - */ - -#ifndef _IPSEC_PARAM_H_ - -/* - * This is for the SA reference table. This number is related to the - * maximum number of SAs that KLIPS can concurrently deal with, plus enough - * space for keeping expired SAs around. - * - * TABLE_MAX_WIDTH is the number of bits that we will use. - * MAIN_TABLE_WIDTH is the number of bits used for the primary index table. - * - */ -#ifndef IPSEC_SA_REF_TABLE_IDX_WIDTH -# define IPSEC_SA_REF_TABLE_IDX_WIDTH 16 -#endif - -#ifndef IPSEC_SA_REF_MAINTABLE_IDX_WIDTH -# define IPSEC_SA_REF_MAINTABLE_IDX_WIDTH 4 -#endif - -#ifndef IPSEC_SA_REF_FREELIST_NUM_ENTRIES -# define IPSEC_SA_REF_FREELIST_NUM_ENTRIES 256 -#endif - -#ifndef IPSEC_SA_REF_CODE -# define IPSEC_SA_REF_CODE 1 -#endif - -#define _IPSEC_PARAM_H_ -#endif /* _IPSEC_PARAM_H_ */ diff --git a/src/libfreeswan/pfkey.h b/src/libfreeswan/pfkey.h deleted file mode 100644 index 993678c8b..000000000 --- a/src/libfreeswan/pfkey.h +++ /dev/null @@ -1,205 +0,0 @@ -/* - * FreeS/WAN specific PF_KEY headers - * Copyright (C) 1999, 2000, 2001 Richard Guy Briggs. - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#ifndef __NET_IPSEC_PF_KEY_H -#define __NET_IPSEC_PF_KEY_H - -extern void (*pfkey_debug_func)(const char *message, ...); - -extern uint8_t satype2proto(uint8_t satype); -extern uint8_t proto2satype(uint8_t proto); -extern char* satype2name(uint8_t satype); -extern char* proto2name(uint8_t proto); - -struct key_opt -{ - uint32_t key_pid; /* process ID */ - struct sock *sk; -}; - -#define key_pid(sk) ((struct key_opt*)&((sk)->protinfo))->key_pid - -#define IPSEC_PFKEYv2_ALIGN (sizeof(uint64_t)/sizeof(uint8_t)) -#define BITS_PER_OCTET 8 -#define OCTETBITS 8 -#define PFKEYBITS 64 -#define DIVUP(x,y) ((x + y -1) / y) /* divide, rounding upwards */ -#define ALIGN_N(x,y) (DIVUP(x,y) * y) /* align on y boundary */ - -#define PFKEYv2_MAX_MSGSIZE 4096 - -/* - * PF_KEYv2 permitted and required extensions in and out bitmaps - */ -struct pf_key_ext_parsers_def { - int (*parser)(struct sadb_ext*); - char *parser_name; -}; - - -extern unsigned int extensions_bitmaps[2/*in/out*/][2/*perm/req*/][SADB_MAX + 1/*ext*/]; -#define EXT_BITS_IN 0 -#define EXT_BITS_OUT 1 -#define EXT_BITS_PERM 0 -#define EXT_BITS_REQ 1 - -extern void pfkey_extensions_init(struct sadb_ext *extensions[SADB_EXT_MAX + 1]); -extern void pfkey_extensions_free(struct sadb_ext *extensions[SADB_EXT_MAX + 1]); -extern void pfkey_msg_free(struct sadb_msg **pfkey_msg); - -extern int pfkey_msg_parse(struct sadb_msg *pfkey_msg, - struct pf_key_ext_parsers_def *ext_parsers[], - struct sadb_ext **extensions, - int dir); - -/* - * PF_KEYv2 build function prototypes - */ - -int -pfkey_msg_hdr_build(struct sadb_ext** pfkey_ext, - uint8_t msg_type, - uint8_t satype, - uint8_t msg_errno, - uint32_t seq, - uint32_t pid); - -int -pfkey_sa_ref_build(struct sadb_ext ** pfkey_ext, - uint16_t exttype, - uint32_t spi, /* in network order */ - uint8_t replay_window, - uint8_t sa_state, - uint8_t auth, - uint8_t encrypt, - uint32_t flags, - uint32_t/*IPsecSAref_t*/ ref); - -int -pfkey_sa_build(struct sadb_ext ** pfkey_ext, - uint16_t exttype, - uint32_t spi, /* in network order */ - uint8_t replay_window, - uint8_t sa_state, - uint8_t auth, - uint8_t encrypt, - uint32_t flags); - -int -pfkey_lifetime_build(struct sadb_ext ** pfkey_ext, - uint16_t exttype, - uint32_t allocations, - uint64_t bytes, - uint64_t addtime, - uint64_t usetime, - uint32_t packets); - -int -pfkey_address_build(struct sadb_ext** pfkey_ext, - uint16_t exttype, - uint8_t proto, - uint8_t prefixlen, - struct sockaddr* address); - -int -pfkey_key_build(struct sadb_ext** pfkey_ext, - uint16_t exttype, - uint16_t key_bits, - char* key); - -int -pfkey_ident_build(struct sadb_ext** pfkey_ext, - uint16_t exttype, - uint16_t ident_type, - uint64_t ident_id, - uint8_t ident_len, - char* ident_string); - -int -pfkey_x_nat_t_type_build(struct sadb_ext** pfkey_ext, - uint8_t type); -int -pfkey_x_nat_t_port_build(struct sadb_ext** pfkey_ext, - uint16_t exttype, - uint16_t port); - -int -pfkey_sens_build(struct sadb_ext** pfkey_ext, - uint32_t dpd, - uint8_t sens_level, - uint8_t sens_len, - uint64_t* sens_bitmap, - uint8_t integ_level, - uint8_t integ_len, - uint64_t* integ_bitmap); - -int -pfkey_x_protocol_build(struct sadb_ext **, uint8_t); - - -int -pfkey_prop_build(struct sadb_ext** pfkey_ext, - uint8_t replay, - unsigned int comb_num, - struct sadb_comb* comb); - -int -pfkey_supported_build(struct sadb_ext** pfkey_ext, - uint16_t exttype, - unsigned int alg_num, - struct sadb_alg* alg); - -int -pfkey_spirange_build(struct sadb_ext** pfkey_ext, - uint16_t exttype, - uint32_t min, - uint32_t max); - -int -pfkey_x_kmprivate_build(struct sadb_ext** pfkey_ext); - -int -pfkey_x_satype_build(struct sadb_ext** pfkey_ext, - uint8_t satype); - -int -pfkey_x_debug_build(struct sadb_ext** pfkey_ext, - uint32_t tunnel, - uint32_t netlink, - uint32_t xform, - uint32_t eroute, - uint32_t spi, - uint32_t radij, - uint32_t esp, - uint32_t ah, - uint32_t rcv, - uint32_t pfkey, - uint32_t ipcomp, - uint32_t verbose); - -int -pfkey_msg_build(struct sadb_msg** pfkey_msg, - struct sadb_ext* extensions[], - int dir); - -/* in pfkey_v2_debug.c - routines to decode numbers -> strings */ -const char * -pfkey_v2_sadb_ext_string(int extnum); - -const char * -pfkey_v2_sadb_type_string(int sadb_type); - - -#endif /* __NET_IPSEC_PF_KEY_H */ diff --git a/src/libfreeswan/pfkey_v2_build.c b/src/libfreeswan/pfkey_v2_build.c deleted file mode 100644 index c0bb369cb..000000000 --- a/src/libfreeswan/pfkey_v2_build.c +++ /dev/null @@ -1,1388 +0,0 @@ -/* - * RFC2367 PF_KEYv2 Key management API message parser - * Copyright (C) 1999, 2000, 2001 Richard Guy Briggs. - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -/* - * Template from klips/net/ipsec/ipsec/ipsec_parser.c. - */ - -char pfkey_v2_build_c_version[] = ""; - -# include <sys/types.h> -# include <sys/socket.h> -# include <stdlib.h> -# include <errno.h> -# include <string.h> /* memset */ - -# include <freeswan.h> -unsigned int pfkey_lib_debug = 0; - -void (*pfkey_debug_func)(const char *message, ...) PRINTF_LIKE(1); - -#define DEBUGGING(args...) if(pfkey_lib_debug) { \ - if(pfkey_debug_func != NULL) { \ - (*pfkey_debug_func)("pfkey_lib_debug:" args); \ - } else { \ - printf("pfkey_lib_debug:" args); \ - } } -# define MALLOC(size) malloc(size) -# define FREE(obj) free(obj) - -#include <pfkeyv2.h> -#include <pfkey.h> - -#define SENDERR(_x) do { error = -(_x); goto errlab; } while (0) - -void -pfkey_extensions_init(struct sadb_ext *extensions[SADB_EXT_MAX + 1]) -{ - int i; - - for (i = 0; i != SADB_EXT_MAX + 1; i++) { - extensions[i] = NULL; - } -} - -void -pfkey_extensions_free(struct sadb_ext *extensions[SADB_EXT_MAX + 1]) -{ - int i; - - if (!extensions) { - return; - } - - if (extensions[0]) { - memset(extensions[0], 0, sizeof(struct sadb_msg)); - FREE(extensions[0]); - extensions[0] = NULL; - } - - for (i = 1; i != SADB_EXT_MAX + 1; i++) { - if(extensions[i]) { - memset(extensions[i], 0, extensions[i]->sadb_ext_len * IPSEC_PFKEYv2_ALIGN); - FREE(extensions[i]); - extensions[i] = NULL; - } - } -} - -void -pfkey_msg_free(struct sadb_msg **pfkey_msg) -{ - if (*pfkey_msg) { - memset(*pfkey_msg, 0, (*pfkey_msg)->sadb_msg_len * IPSEC_PFKEYv2_ALIGN); - FREE(*pfkey_msg); - *pfkey_msg = NULL; - } -} - -/* Default extension builders taken from the KLIPS code */ - -int -pfkey_msg_hdr_build(struct sadb_ext** pfkey_ext, - uint8_t msg_type, - uint8_t satype, - uint8_t msg_errno, - uint32_t seq, - uint32_t pid) -{ - int error = 0; - struct sadb_msg *pfkey_msg = (struct sadb_msg *)*pfkey_ext; - - DEBUGGING( - "pfkey_msg_hdr_build:\n"); - DEBUGGING( - "pfkey_msg_hdr_build: " - "on_entry &pfkey_ext=0p%p pfkey_ext=0p%p *pfkey_ext=0p%p.\n", - &pfkey_ext, - pfkey_ext, - *pfkey_ext); - /* sanity checks... */ - if (pfkey_msg) { - DEBUGGING( - "pfkey_msg_hdr_build: " - "why is pfkey_msg already pointing to something?\n"); - SENDERR(EINVAL); - } - - if (!msg_type) { - DEBUGGING( - "pfkey_msg_hdr_build: " - "msg type not set, must be non-zero..\n"); - SENDERR(EINVAL); - } - - if (msg_type > SADB_MAX) { - DEBUGGING( - "pfkey_msg_hdr_build: " - "msg type too large:%d.\n", - msg_type); - SENDERR(EINVAL); - } - - if (satype > SADB_SATYPE_MAX) { - DEBUGGING( - "pfkey_msg_hdr_build: " - "satype %d > max %d\n", - satype, SADB_SATYPE_MAX); - SENDERR(EINVAL); - } - - pfkey_msg = (struct sadb_msg*)MALLOC(sizeof(struct sadb_msg)); - *pfkey_ext = (struct sadb_ext*)pfkey_msg; - - if (pfkey_msg == NULL) { - DEBUGGING( - "pfkey_msg_hdr_build: " - "memory allocation failed\n"); - SENDERR(ENOMEM); - } - memset(pfkey_msg, 0, sizeof(struct sadb_msg)); - - pfkey_msg->sadb_msg_len = sizeof(struct sadb_msg) / IPSEC_PFKEYv2_ALIGN; - - pfkey_msg->sadb_msg_type = msg_type; - pfkey_msg->sadb_msg_satype = satype; - - pfkey_msg->sadb_msg_version = PF_KEY_V2; - pfkey_msg->sadb_msg_errno = msg_errno; - pfkey_msg->sadb_msg_reserved = 0; - pfkey_msg->sadb_msg_seq = seq; - pfkey_msg->sadb_msg_pid = pid; - DEBUGGING( - "pfkey_msg_hdr_build: " - "on_exit &pfkey_ext=0p%p pfkey_ext=0p%p *pfkey_ext=0p%p.\n", - &pfkey_ext, - pfkey_ext, - *pfkey_ext); -errlab: - return error; -} - -int -pfkey_sa_ref_build(struct sadb_ext ** pfkey_ext, - uint16_t exttype, - uint32_t spi, - uint8_t replay_window, - uint8_t sa_state, - uint8_t auth, - uint8_t encrypt, - uint32_t flags, - uint32_t/*IPsecSAref_t*/ ref) -{ - int error = 0; - struct sadb_sa *pfkey_sa = (struct sadb_sa *)*pfkey_ext; - - DEBUGGING( - "pfkey_sa_build: " - "spi=%08x replay=%d sa_state=%d auth=%d encrypt=%d flags=%d\n", - ntohl(spi), /* in network order */ - replay_window, - sa_state, - auth, - encrypt, - flags); - /* sanity checks... */ - if (pfkey_sa) { - DEBUGGING( - "pfkey_sa_build: " - "why is pfkey_sa already pointing to something?\n"); - SENDERR(EINVAL); - } - - if (exttype != SADB_EXT_SA - && exttype != SADB_X_EXT_SA2) { - DEBUGGING( - "pfkey_sa_build: " - "invalid exttype=%d.\n", - exttype); - SENDERR(EINVAL); - } - - if (replay_window > 64) { - DEBUGGING( - "pfkey_sa_build: " - "replay window size: %d -- must be 0 <= size <= 64\n", - replay_window); - SENDERR(EINVAL); - } - - if (auth > SADB_AALG_MAX) { - DEBUGGING( - "pfkey_sa_build: " - "auth=%d > SADB_AALG_MAX=%d.\n", - auth, - SADB_AALG_MAX); - SENDERR(EINVAL); - } - - if (encrypt > SADB_EALG_MAX) { - DEBUGGING( - "pfkey_sa_build: " - "encrypt=%d > SADB_EALG_MAX=%d.\n", - encrypt, - SADB_EALG_MAX); - SENDERR(EINVAL); - } - - if (sa_state > SADB_SASTATE_MAX) { - DEBUGGING( - "pfkey_sa_build: " - "sa_state=%d exceeds MAX=%d.\n", - sa_state, - SADB_SASTATE_MAX); - SENDERR(EINVAL); - } - - if (sa_state == SADB_SASTATE_DEAD) { - DEBUGGING( - "pfkey_sa_build: " - "sa_state=%d is DEAD=%d is not allowed.\n", - sa_state, - SADB_SASTATE_DEAD); - SENDERR(EINVAL); - } - - if ((IPSEC_SAREF_NULL != ref) && (ref >= (1 << IPSEC_SA_REF_TABLE_IDX_WIDTH))) { - DEBUGGING( - "pfkey_sa_build: " - "SAref=%d must be (SAref == IPSEC_SAREF_NULL(%d) || SAref < IPSEC_SA_REF_TABLE_NUM_ENTRIES(%d)).\n", - ref, - IPSEC_SAREF_NULL, - IPSEC_SA_REF_TABLE_NUM_ENTRIES); - SENDERR(EINVAL); - } - - pfkey_sa = (struct sadb_sa*)MALLOC(sizeof(struct sadb_sa)); - *pfkey_ext = (struct sadb_ext*)pfkey_sa; - - if (pfkey_sa == NULL) { - DEBUGGING( - "pfkey_sa_build: " - "memory allocation failed\n"); - SENDERR(ENOMEM); - } - memset(pfkey_sa, 0, sizeof(struct sadb_sa)); - - pfkey_sa->sadb_sa_len = sizeof(*pfkey_sa) / IPSEC_PFKEYv2_ALIGN; - pfkey_sa->sadb_sa_exttype = exttype; - pfkey_sa->sadb_sa_spi = spi; - pfkey_sa->sadb_sa_replay = replay_window; - pfkey_sa->sadb_sa_state = sa_state; - pfkey_sa->sadb_sa_auth = auth; - pfkey_sa->sadb_sa_encrypt = encrypt; - pfkey_sa->sadb_sa_flags = flags; - pfkey_sa->sadb_x_sa_ref = ref; - -errlab: - return error; -} - -int -pfkey_sa_build(struct sadb_ext ** pfkey_ext, - uint16_t exttype, - uint32_t spi, - uint8_t replay_window, - uint8_t sa_state, - uint8_t auth, - uint8_t encrypt, - uint32_t flags) -{ - return pfkey_sa_ref_build(pfkey_ext, - exttype, - spi, - replay_window, - sa_state, - auth, - encrypt, - flags, - IPSEC_SAREF_NULL); -} - -int -pfkey_lifetime_build(struct sadb_ext ** pfkey_ext, - uint16_t exttype, - uint32_t allocations, - uint64_t bytes, - uint64_t addtime, - uint64_t usetime, - uint32_t packets) -{ - int error = 0; - struct sadb_lifetime *pfkey_lifetime = (struct sadb_lifetime *)*pfkey_ext; - - DEBUGGING( - "pfkey_lifetime_build:\n"); - /* sanity checks... */ - if (pfkey_lifetime) { - DEBUGGING( - "pfkey_lifetime_build: " - "why is pfkey_lifetime already pointing to something?\n"); - SENDERR(EINVAL); - } - - if (exttype != SADB_EXT_LIFETIME_CURRENT - && exttype != SADB_EXT_LIFETIME_HARD - && exttype != SADB_EXT_LIFETIME_SOFT) { - DEBUGGING( - "pfkey_lifetime_build: " - "invalid exttype=%d.\n", - exttype); - SENDERR(EINVAL); - } - - pfkey_lifetime = (struct sadb_lifetime*)MALLOC(sizeof(struct sadb_lifetime)); - *pfkey_ext = (struct sadb_ext*)pfkey_lifetime; - - if (pfkey_lifetime == NULL) { - DEBUGGING( - "pfkey_lifetime_build: " - "memory allocation failed\n"); - SENDERR(ENOMEM); - } - memset(pfkey_lifetime, 0, sizeof(struct sadb_lifetime)); - - pfkey_lifetime->sadb_lifetime_len = sizeof(struct sadb_lifetime) / IPSEC_PFKEYv2_ALIGN; - pfkey_lifetime->sadb_lifetime_exttype = exttype; - pfkey_lifetime->sadb_lifetime_allocations = allocations; - pfkey_lifetime->sadb_lifetime_bytes = bytes; - pfkey_lifetime->sadb_lifetime_addtime = addtime; - pfkey_lifetime->sadb_lifetime_usetime = usetime; - pfkey_lifetime->sadb_x_lifetime_packets = packets; - -errlab: - return error; -} - -int -pfkey_address_build(struct sadb_ext** pfkey_ext, - uint16_t exttype, - uint8_t proto, - uint8_t prefixlen, - struct sockaddr* address) -{ - int error = 0; - int saddr_len = 0; - char ipaddr_txt[ADDRTOT_BUF + 6/*extra for port number*/]; - struct sadb_address *pfkey_address = (struct sadb_address *)*pfkey_ext; - - DEBUGGING( - "pfkey_address_build: " - "exttype=%d proto=%d prefixlen=%d\n", - exttype, - proto, - prefixlen); - /* sanity checks... */ - if (pfkey_address) { - DEBUGGING( - "pfkey_address_build: " - "why is pfkey_address already pointing to something?\n"); - SENDERR(EINVAL); - } - - if (!address) { - DEBUGGING("pfkey_address_build: " - "address is NULL\n"); - SENDERR(EINVAL); - } - - switch(exttype) { - case SADB_EXT_ADDRESS_SRC: - case SADB_EXT_ADDRESS_DST: - case SADB_EXT_ADDRESS_PROXY: - case SADB_X_EXT_ADDRESS_DST2: - case SADB_X_EXT_ADDRESS_SRC_FLOW: - case SADB_X_EXT_ADDRESS_DST_FLOW: - case SADB_X_EXT_ADDRESS_SRC_MASK: - case SADB_X_EXT_ADDRESS_DST_MASK: - case SADB_X_EXT_NAT_T_OA: - break; - default: - DEBUGGING( - "pfkey_address_build: " - "unrecognised ext_type=%d.\n", - exttype); - SENDERR(EINVAL); - } - - switch (address->sa_family) { - case AF_INET: - DEBUGGING( - "pfkey_address_build: " - "found address family AF_INET.\n"); - saddr_len = sizeof(struct sockaddr_in); - sprintf(ipaddr_txt, "%d.%d.%d.%d:%d" - , (((struct sockaddr_in*)address)->sin_addr.s_addr >> 0) & 0xFF - , (((struct sockaddr_in*)address)->sin_addr.s_addr >> 8) & 0xFF - , (((struct sockaddr_in*)address)->sin_addr.s_addr >> 16) & 0xFF - , (((struct sockaddr_in*)address)->sin_addr.s_addr >> 24) & 0xFF - , ntohs(((struct sockaddr_in*)address)->sin_port)); - break; - case AF_INET6: - DEBUGGING( - "pfkey_address_build: " - "found address family AF_INET6.\n"); - saddr_len = sizeof(struct sockaddr_in6); - sprintf(ipaddr_txt, "%x:%x:%x:%x:%x:%x:%x:%x-%x" - , ntohs(((struct sockaddr_in6*)address)->sin6_addr.s6_addr[0]) - , ntohs(((struct sockaddr_in6*)address)->sin6_addr.s6_addr[1]) - , ntohs(((struct sockaddr_in6*)address)->sin6_addr.s6_addr[2]) - , ntohs(((struct sockaddr_in6*)address)->sin6_addr.s6_addr[3]) - , ntohs(((struct sockaddr_in6*)address)->sin6_addr.s6_addr[4]) - , ntohs(((struct sockaddr_in6*)address)->sin6_addr.s6_addr[5]) - , ntohs(((struct sockaddr_in6*)address)->sin6_addr.s6_addr[6]) - , ntohs(((struct sockaddr_in6*)address)->sin6_addr.s6_addr[7]) - , ntohs(((struct sockaddr_in6*)address)->sin6_port)); - break; - default: - DEBUGGING( - "pfkey_address_build: " - "address->sa_family=%d not supported.\n", - address->sa_family); - SENDERR(EPFNOSUPPORT); - } - - DEBUGGING( - "pfkey_address_build: " - "found address=%s.\n", - ipaddr_txt); - if (prefixlen != 0) { - DEBUGGING( - "pfkey_address_build: " - "address prefixes not supported yet.\n"); - SENDERR(EAFNOSUPPORT); /* not supported yet */ - } - - pfkey_address = (struct sadb_address*) - MALLOC(ALIGN_N(sizeof(struct sadb_address) + saddr_len, IPSEC_PFKEYv2_ALIGN)); - *pfkey_ext = (struct sadb_ext*)pfkey_address; - - if (pfkey_address == NULL) { - DEBUGGING( - "pfkey_lifetime_build: " - "memory allocation failed\n"); - SENDERR(ENOMEM); - } - memset(pfkey_address, - 0, - ALIGN_N(sizeof(struct sadb_address) + saddr_len, - IPSEC_PFKEYv2_ALIGN)); - - pfkey_address->sadb_address_len = DIVUP(sizeof(struct sadb_address) + saddr_len, - IPSEC_PFKEYv2_ALIGN); - - pfkey_address->sadb_address_exttype = exttype; - pfkey_address->sadb_address_proto = proto; - pfkey_address->sadb_address_prefixlen = prefixlen; - pfkey_address->sadb_address_reserved = 0; - - memcpy((char*)pfkey_address + sizeof(struct sadb_address), - address, - saddr_len); - -#if 0 - for (i = 0; i < sizeof(struct sockaddr_in) - offsetof(struct sockaddr_in, sin_zero); i++) { - pfkey_address_s_ska.sin_zero[i] = 0; - } -#endif - DEBUGGING( - "pfkey_address_build: " - "successful.\n"); - - errlab: - return error; -} - -int -pfkey_key_build(struct sadb_ext** pfkey_ext, - uint16_t exttype, - uint16_t key_bits, - char* key) -{ - int error = 0; - struct sadb_key *pfkey_key = (struct sadb_key *)*pfkey_ext; - - DEBUGGING( - "pfkey_key_build:\n"); - /* sanity checks... */ - if (pfkey_key) { - DEBUGGING( - "pfkey_key_build: " - "why is pfkey_key already pointing to something?\n"); - SENDERR(EINVAL); - } - - if (!key_bits) { - DEBUGGING( - "pfkey_key_build: " - "key_bits is zero, it must be non-zero.\n"); - SENDERR(EINVAL); - } - - if ( !((exttype == SADB_EXT_KEY_AUTH) || (exttype == SADB_EXT_KEY_ENCRYPT))) { - DEBUGGING( - "pfkey_key_build: " - "unsupported extension type=%d.\n", - exttype); - SENDERR(EINVAL); - } - - pfkey_key = (struct sadb_key*) - MALLOC(sizeof(struct sadb_key) + - DIVUP(key_bits, 64) * IPSEC_PFKEYv2_ALIGN); - *pfkey_ext = (struct sadb_ext*)pfkey_key; - - if (pfkey_key == NULL) { - DEBUGGING( - "pfkey_key_build: " - "memory allocation failed\n"); - SENDERR(ENOMEM); - } - memset(pfkey_key, - 0, - sizeof(struct sadb_key) + - DIVUP(key_bits, 64) * IPSEC_PFKEYv2_ALIGN); - - pfkey_key->sadb_key_len = DIVUP(sizeof(struct sadb_key) * IPSEC_PFKEYv2_ALIGN + key_bits, - 64); - pfkey_key->sadb_key_exttype = exttype; - pfkey_key->sadb_key_bits = key_bits; - pfkey_key->sadb_key_reserved = 0; - memcpy((char*)pfkey_key + sizeof(struct sadb_key), - key, - DIVUP(key_bits, 8)); - -errlab: - return error; -} - -int -pfkey_ident_build(struct sadb_ext** pfkey_ext, - uint16_t exttype, - uint16_t ident_type, - uint64_t ident_id, - uint8_t ident_len, - char* ident_string) -{ - int error = 0; - struct sadb_ident *pfkey_ident = (struct sadb_ident *)*pfkey_ext; - int data_len = ident_len * IPSEC_PFKEYv2_ALIGN - sizeof(struct sadb_ident); - - DEBUGGING( - "pfkey_ident_build:\n"); - /* sanity checks... */ - if (pfkey_ident) { - DEBUGGING( - "pfkey_ident_build: " - "why is pfkey_ident already pointing to something?\n"); - SENDERR(EINVAL); - } - - if ( !((exttype == SADB_EXT_IDENTITY_SRC) || - (exttype == SADB_EXT_IDENTITY_DST))) { - DEBUGGING( - "pfkey_ident_build: " - "unsupported extension type=%d.\n", - exttype); - SENDERR(EINVAL); - } - - if (ident_type == SADB_IDENTTYPE_RESERVED) { - DEBUGGING( - "pfkey_ident_build: " - "ident_type must be non-zero.\n"); - SENDERR(EINVAL); - } - - if (ident_type > SADB_IDENTTYPE_MAX) { - DEBUGGING( - "pfkey_ident_build: " - "identtype=%d out of range.\n", - ident_type); - SENDERR(EINVAL); - } - - if ((ident_type == SADB_IDENTTYPE_PREFIX || - ident_type == SADB_IDENTTYPE_FQDN) && - !ident_string) { - DEBUGGING( - "pfkey_ident_build: " - "string required to allocate size of extension.\n"); - SENDERR(EINVAL); - } - -#if 0 - if (ident_type == SADB_IDENTTYPE_USERFQDN) { - } -#endif - - pfkey_ident = (struct sadb_ident*) - MALLOC(ident_len * IPSEC_PFKEYv2_ALIGN); - *pfkey_ext = (struct sadb_ext*)pfkey_ident; - - if (pfkey_ident == NULL) { - DEBUGGING( - "pfkey_ident_build: " - "memory allocation failed\n"); - SENDERR(ENOMEM); - } - memset(pfkey_ident, 0, ident_len * IPSEC_PFKEYv2_ALIGN); - - pfkey_ident->sadb_ident_len = ident_len; - pfkey_ident->sadb_ident_exttype = exttype; - pfkey_ident->sadb_ident_type = ident_type; - pfkey_ident->sadb_ident_reserved = 0; - pfkey_ident->sadb_ident_id = ident_id; - memcpy((char*)pfkey_ident + sizeof(struct sadb_ident), - ident_string, - data_len); - -errlab: - return error; -} - -int -pfkey_sens_build(struct sadb_ext** pfkey_ext, - uint32_t dpd, - uint8_t sens_level, - uint8_t sens_len, - uint64_t* sens_bitmap, - uint8_t integ_level, - uint8_t integ_len, - uint64_t* integ_bitmap) -{ - int error = 0; - struct sadb_sens *pfkey_sens = (struct sadb_sens *)*pfkey_ext; - int i; - uint64_t* bitmap; - - DEBUGGING( - "pfkey_sens_build:\n"); - /* sanity checks... */ - if (pfkey_sens) { - DEBUGGING( - "pfkey_sens_build: " - "why is pfkey_sens already pointing to something?\n"); - SENDERR(EINVAL); - } - - DEBUGGING( - "pfkey_sens_build: " - "Sorry, I can't build exttype=%d yet.\n", - (*pfkey_ext)->sadb_ext_type); - SENDERR(EINVAL); /* don't process these yet */ - - pfkey_sens = (struct sadb_sens*) - MALLOC(sizeof(struct sadb_sens) + - (sens_len + integ_len) * sizeof(uint64_t)); - *pfkey_ext = (struct sadb_ext*)pfkey_sens; - - if (pfkey_sens == NULL) { - DEBUGGING( - "pfkey_sens_build: " - "memory allocation failed\n"); - SENDERR(ENOMEM); - } - memset(pfkey_sens, - 0, - sizeof(struct sadb_sens) + - (sens_len + integ_len) * sizeof(uint64_t)); - - pfkey_sens->sadb_sens_len = (sizeof(struct sadb_sens) + - (sens_len + integ_len) * sizeof(uint64_t)) / IPSEC_PFKEYv2_ALIGN; - pfkey_sens->sadb_sens_exttype = SADB_EXT_SENSITIVITY; - pfkey_sens->sadb_sens_dpd = dpd; - pfkey_sens->sadb_sens_sens_level = sens_level; - pfkey_sens->sadb_sens_sens_len = sens_len; - pfkey_sens->sadb_sens_integ_level = integ_level; - pfkey_sens->sadb_sens_integ_len = integ_len; - pfkey_sens->sadb_sens_reserved = 0; - - bitmap = (uint64_t*)((char*)pfkey_ext + sizeof(struct sadb_sens)); - for (i = 0; i < sens_len; i++) { - *bitmap = sens_bitmap[i]; - bitmap++; - } - for (i = 0; i < integ_len; i++) { - *bitmap = integ_bitmap[i]; - bitmap++; - } - -errlab: - return error; -} - -int -pfkey_prop_build(struct sadb_ext** pfkey_ext, - uint8_t replay, - unsigned int comb_num, - struct sadb_comb* comb) -{ - int error = 0; - int i; - struct sadb_prop *pfkey_prop = (struct sadb_prop *)*pfkey_ext; - struct sadb_comb *combp; - - DEBUGGING( - "pfkey_prop_build:\n"); - /* sanity checks... */ - if (pfkey_prop) { - DEBUGGING( - "pfkey_prop_build: " - "why is pfkey_prop already pointing to something?\n"); - SENDERR(EINVAL); - } - - pfkey_prop = (struct sadb_prop*) - MALLOC(sizeof(struct sadb_prop) + - comb_num * sizeof(struct sadb_comb)); - - *pfkey_ext = (struct sadb_ext*)pfkey_prop; - - if (pfkey_prop == NULL) { - DEBUGGING( - "pfkey_prop_build: " - "memory allocation failed\n"); - SENDERR(ENOMEM); - } - memset(pfkey_prop, - 0, - sizeof(struct sadb_prop) + - comb_num * sizeof(struct sadb_comb)); - - pfkey_prop->sadb_prop_len = (sizeof(struct sadb_prop) + - comb_num * sizeof(struct sadb_comb)) / IPSEC_PFKEYv2_ALIGN; - - pfkey_prop->sadb_prop_exttype = SADB_EXT_PROPOSAL; - pfkey_prop->sadb_prop_replay = replay; - - for (i=0; i<3; i++) { - pfkey_prop->sadb_prop_reserved[i] = 0; - } - - combp = (struct sadb_comb*)((char*)*pfkey_ext + sizeof(struct sadb_prop)); - for (i = 0; i < comb_num; i++) { - memcpy (combp, &(comb[i]), sizeof(struct sadb_comb)); - combp++; - } - -#if 0 - uint8_t sadb_comb_auth; - uint8_t sadb_comb_encrypt; - uint16_t sadb_comb_flags; - uint16_t sadb_comb_auth_minbits; - uint16_t sadb_comb_auth_maxbits; - uint16_t sadb_comb_encrypt_minbits; - uint16_t sadb_comb_encrypt_maxbits; - uint32_t sadb_comb_reserved; - uint32_t sadb_comb_soft_allocations; - uint32_t sadb_comb_hard_allocations; - uint64_t sadb_comb_soft_bytes; - uint64_t sadb_comb_hard_bytes; - uint64_t sadb_comb_soft_addtime; - uint64_t sadb_comb_hard_addtime; - uint64_t sadb_comb_soft_usetime; - uint64_t sadb_comb_hard_usetime; - uint32_t sadb_comb_soft_packets; - uint32_t sadb_comb_hard_packets; -#endif -errlab: - return error; -} - -int -pfkey_supported_build(struct sadb_ext** pfkey_ext, - uint16_t exttype, - unsigned int alg_num, - struct sadb_alg* alg) -{ - int error = 0; - unsigned int i; - struct sadb_supported *pfkey_supported = (struct sadb_supported *)*pfkey_ext; - struct sadb_alg *pfkey_alg; - - /* sanity checks... */ - if (pfkey_supported) { - DEBUGGING( - "pfkey_supported_build: " - "why is pfkey_supported already pointing to something?\n"); - SENDERR(EINVAL); - } - - if ( !((exttype == SADB_EXT_SUPPORTED_AUTH) || (exttype == SADB_EXT_SUPPORTED_ENCRYPT))) { - DEBUGGING( - "pfkey_supported_build: " - "unsupported extension type=%d.\n", - exttype); - SENDERR(EINVAL); - } - - pfkey_supported = (struct sadb_supported*) - MALLOC(sizeof(struct sadb_supported) + - alg_num * sizeof(struct sadb_alg)); - - *pfkey_ext = (struct sadb_ext*)pfkey_supported; - - if (pfkey_supported == NULL) { - DEBUGGING( - "pfkey_supported_build: " - "memory allocation failed\n"); - SENDERR(ENOMEM); - } - memset(pfkey_supported, - 0, - sizeof(struct sadb_supported) + - alg_num * - sizeof(struct sadb_alg)); - - pfkey_supported->sadb_supported_len = (sizeof(struct sadb_supported) + - alg_num * - sizeof(struct sadb_alg)) / - IPSEC_PFKEYv2_ALIGN; - pfkey_supported->sadb_supported_exttype = exttype; - pfkey_supported->sadb_supported_reserved = 0; - - pfkey_alg = (struct sadb_alg*)((char*)pfkey_supported + sizeof(struct sadb_supported)); - for(i = 0; i < alg_num; i++) { - memcpy (pfkey_alg, &(alg[i]), sizeof(struct sadb_alg)); - pfkey_alg->sadb_alg_reserved = 0; - pfkey_alg++; - } - -#if 0 - DEBUGGING( - "pfkey_supported_build: " - "Sorry, I can't build exttype=%d yet.\n", - (*pfkey_ext)->sadb_ext_type); - SENDERR(EINVAL); /* don't process these yet */ - - uint8_t sadb_alg_id; - uint8_t sadb_alg_ivlen; - uint16_t sadb_alg_minbits; - uint16_t sadb_alg_maxbits; - uint16_t sadb_alg_reserved; -#endif -errlab: - return error; -} - -int -pfkey_spirange_build(struct sadb_ext** pfkey_ext, - uint16_t exttype, - uint32_t min, /* in network order */ - uint32_t max) /* in network order */ -{ - int error = 0; - struct sadb_spirange *pfkey_spirange = (struct sadb_spirange *)*pfkey_ext; - - /* sanity checks... */ - if (pfkey_spirange) { - DEBUGGING( - "pfkey_spirange_build: " - "why is pfkey_spirange already pointing to something?\n"); - SENDERR(EINVAL); - } - - if (ntohl(max) < ntohl(min)) { - DEBUGGING( - "pfkey_spirange_build: " - "minspi=%08x must be < maxspi=%08x.\n", - ntohl(min), - ntohl(max)); - SENDERR(EINVAL); - } - - if (ntohl(min) <= 255) { - DEBUGGING( - "pfkey_spirange_build: " - "minspi=%08x must be > 255.\n", - ntohl(min)); - SENDERR(EEXIST); - } - - pfkey_spirange = (struct sadb_spirange*) - MALLOC(sizeof(struct sadb_spirange)); - *pfkey_ext = (struct sadb_ext*)pfkey_spirange; - - if (pfkey_spirange == NULL) { - DEBUGGING( - "pfkey_spirange_build: " - "memory allocation failed\n"); - SENDERR(ENOMEM); - } - memset(pfkey_spirange, - 0, - sizeof(struct sadb_spirange)); - - pfkey_spirange->sadb_spirange_len = sizeof(struct sadb_spirange) / IPSEC_PFKEYv2_ALIGN; - - pfkey_spirange->sadb_spirange_exttype = SADB_EXT_SPIRANGE; - pfkey_spirange->sadb_spirange_min = min; - pfkey_spirange->sadb_spirange_max = max; - pfkey_spirange->sadb_spirange_reserved = 0; - errlab: - return error; -} - -int -pfkey_x_kmprivate_build(struct sadb_ext** pfkey_ext) -{ - int error = 0; - struct sadb_x_kmprivate *pfkey_x_kmprivate = (struct sadb_x_kmprivate *)*pfkey_ext; - - /* sanity checks... */ - if (pfkey_x_kmprivate) { - DEBUGGING( - "pfkey_x_kmprivate_build: " - "why is pfkey_x_kmprivate already pointing to something?\n"); - SENDERR(EINVAL); - } - - pfkey_x_kmprivate->sadb_x_kmprivate_reserved = 0; - - DEBUGGING( - "pfkey_x_kmprivate_build: " - "Sorry, I can't build exttype=%d yet.\n", - (*pfkey_ext)->sadb_ext_type); - SENDERR(EINVAL); /* don't process these yet */ - - pfkey_x_kmprivate = (struct sadb_x_kmprivate*) - MALLOC(sizeof(struct sadb_x_kmprivate)); - *pfkey_ext = (struct sadb_ext*)pfkey_x_kmprivate; - - if (pfkey_x_kmprivate == NULL) { - DEBUGGING( - "pfkey_x_kmprivate_build: " - "memory allocation failed\n"); - SENDERR(ENOMEM); - } - memset(pfkey_x_kmprivate, - 0, - sizeof(struct sadb_x_kmprivate)); - - pfkey_x_kmprivate->sadb_x_kmprivate_len = - sizeof(struct sadb_x_kmprivate) / IPSEC_PFKEYv2_ALIGN; - - pfkey_x_kmprivate->sadb_x_kmprivate_exttype = SADB_X_EXT_KMPRIVATE; - pfkey_x_kmprivate->sadb_x_kmprivate_reserved = 0; -errlab: - return error; -} - -int -pfkey_x_satype_build(struct sadb_ext** pfkey_ext, - uint8_t satype) -{ - int error = 0; - int i; - struct sadb_x_satype *pfkey_x_satype = (struct sadb_x_satype *)*pfkey_ext; - - DEBUGGING( - "pfkey_x_satype_build:\n"); - /* sanity checks... */ - if (pfkey_x_satype) { - DEBUGGING( - "pfkey_x_satype_build: " - "why is pfkey_x_satype already pointing to something?\n"); - SENDERR(EINVAL); - } - - if (!satype) { - DEBUGGING( - "pfkey_x_satype_build: " - "SA type not set, must be non-zero.\n"); - SENDERR(EINVAL); - } - - if (satype > SADB_SATYPE_MAX) { - DEBUGGING( - "pfkey_x_satype_build: " - "satype %d > max %d\n", - satype, SADB_SATYPE_MAX); - SENDERR(EINVAL); - } - - pfkey_x_satype = (struct sadb_x_satype*) - MALLOC(sizeof(struct sadb_x_satype)); - - *pfkey_ext = (struct sadb_ext*)pfkey_x_satype; - - if (pfkey_x_satype == NULL) { - DEBUGGING( - "pfkey_x_satype_build: " - "memory allocation failed\n"); - SENDERR(ENOMEM); - } - memset(pfkey_x_satype, - 0, - sizeof(struct sadb_x_satype)); - - pfkey_x_satype->sadb_x_satype_len = sizeof(struct sadb_x_satype) / IPSEC_PFKEYv2_ALIGN; - - pfkey_x_satype->sadb_x_satype_exttype = SADB_X_EXT_SATYPE2; - pfkey_x_satype->sadb_x_satype_satype = satype; - for (i=0; i<3; i++) { - pfkey_x_satype->sadb_x_satype_reserved[i] = 0; - } - -errlab: - return error; -} - -int -pfkey_x_debug_build(struct sadb_ext** pfkey_ext, - uint32_t tunnel, - uint32_t netlink, - uint32_t xform, - uint32_t eroute, - uint32_t spi, - uint32_t radij, - uint32_t esp, - uint32_t ah, - uint32_t rcv, - uint32_t pfkey, - uint32_t ipcomp, - uint32_t verbose) -{ - int error = 0; - int i; - struct sadb_x_debug *pfkey_x_debug = (struct sadb_x_debug *)*pfkey_ext; - - DEBUGGING( - "pfkey_x_debug_build:\n"); - /* sanity checks... */ - if (pfkey_x_debug) { - DEBUGGING( - "pfkey_x_debug_build: " - "why is pfkey_x_debug already pointing to something?\n"); - SENDERR(EINVAL); - } - - DEBUGGING( - "pfkey_x_debug_build: " - "tunnel=%x netlink=%x xform=%x eroute=%x spi=%x radij=%x esp=%x ah=%x rcv=%x pfkey=%x ipcomp=%x verbose=%x?\n", - tunnel, netlink, xform, eroute, spi, radij, esp, ah, rcv, pfkey, ipcomp, verbose); - - pfkey_x_debug = (struct sadb_x_debug*) - MALLOC(sizeof(struct sadb_x_debug)); - *pfkey_ext = (struct sadb_ext*)pfkey_x_debug; - - if (pfkey_x_debug == NULL) { - DEBUGGING( - "pfkey_x_debug_build: " - "memory allocation failed\n"); - SENDERR(ENOMEM); - } -#if 0 - memset(pfkey_x_debug, - 0, - sizeof(struct sadb_x_debug)); -#endif - - pfkey_x_debug->sadb_x_debug_len = sizeof(struct sadb_x_debug) / IPSEC_PFKEYv2_ALIGN; - pfkey_x_debug->sadb_x_debug_exttype = SADB_X_EXT_DEBUG; - - pfkey_x_debug->sadb_x_debug_tunnel = tunnel; - pfkey_x_debug->sadb_x_debug_netlink = netlink; - pfkey_x_debug->sadb_x_debug_xform = xform; - pfkey_x_debug->sadb_x_debug_eroute = eroute; - pfkey_x_debug->sadb_x_debug_spi = spi; - pfkey_x_debug->sadb_x_debug_radij = radij; - pfkey_x_debug->sadb_x_debug_esp = esp; - pfkey_x_debug->sadb_x_debug_ah = ah; - pfkey_x_debug->sadb_x_debug_rcv = rcv; - pfkey_x_debug->sadb_x_debug_pfkey = pfkey; - pfkey_x_debug->sadb_x_debug_ipcomp = ipcomp; - pfkey_x_debug->sadb_x_debug_verbose = verbose; - - for (i=0; i<4; i++) { - pfkey_x_debug->sadb_x_debug_reserved[i] = 0; - } - -errlab: - return error; -} - -int -pfkey_x_nat_t_type_build(struct sadb_ext** pfkey_ext, - uint8_t type) -{ - int error = 0; - int i; - struct sadb_x_nat_t_type *pfkey_x_nat_t_type = (struct sadb_x_nat_t_type *)*pfkey_ext; - - DEBUGGING( - "pfkey_x_nat_t_type_build:\n"); - /* sanity checks... */ - if (pfkey_x_nat_t_type) { - DEBUGGING( - "pfkey_x_nat_t_type_build: " - "why is pfkey_x_nat_t_type already pointing to something?\n"); - SENDERR(EINVAL); - } - - DEBUGGING( - "pfkey_x_nat_t_type_build: " - "type=%d\n", type); - - pfkey_x_nat_t_type = (struct sadb_x_nat_t_type*) - MALLOC(sizeof(struct sadb_x_nat_t_type)); - - *pfkey_ext = (struct sadb_ext*)pfkey_x_nat_t_type; - if (pfkey_x_nat_t_type == NULL) { - DEBUGGING( - "pfkey_x_nat_t_type_build: " - "memory allocation failed\n"); - SENDERR(ENOMEM); - } - - pfkey_x_nat_t_type->sadb_x_nat_t_type_len = sizeof(struct sadb_x_nat_t_type) / IPSEC_PFKEYv2_ALIGN; - pfkey_x_nat_t_type->sadb_x_nat_t_type_exttype = SADB_X_EXT_NAT_T_TYPE; - pfkey_x_nat_t_type->sadb_x_nat_t_type_type = type; - for (i=0; i<3; i++) { - pfkey_x_nat_t_type->sadb_x_nat_t_type_reserved[i] = 0; - } - -errlab: - return error; -} - -int -pfkey_x_nat_t_port_build(struct sadb_ext** pfkey_ext, - uint16_t exttype, - uint16_t port) -{ - int error = 0; - struct sadb_x_nat_t_port *pfkey_x_nat_t_port = (struct sadb_x_nat_t_port *)*pfkey_ext; - - DEBUGGING( - "pfkey_x_nat_t_port_build:\n"); - /* sanity checks... */ - if (pfkey_x_nat_t_port) { - DEBUGGING( - "pfkey_x_nat_t_port_build: " - "why is pfkey_x_nat_t_port already pointing to something?\n"); - SENDERR(EINVAL); - } - - switch (exttype) { - case SADB_X_EXT_NAT_T_SPORT: - case SADB_X_EXT_NAT_T_DPORT: - break; - default: - DEBUGGING( - "pfkey_nat_t_port_build: " - "unrecognised ext_type=%d.\n", - exttype); - SENDERR(EINVAL); - } - - DEBUGGING( - "pfkey_x_nat_t_port_build: " - "ext=%d, port=%d\n", exttype, port); - - pfkey_x_nat_t_port = (struct sadb_x_nat_t_port*) - MALLOC(sizeof(struct sadb_x_nat_t_port)); - *pfkey_ext = (struct sadb_ext*)pfkey_x_nat_t_port; - - if (pfkey_x_nat_t_port == NULL) { - DEBUGGING( - "pfkey_x_nat_t_port_build: " - "memory allocation failed\n"); - SENDERR(ENOMEM); - } - - pfkey_x_nat_t_port->sadb_x_nat_t_port_len = sizeof(struct sadb_x_nat_t_port) / IPSEC_PFKEYv2_ALIGN; - pfkey_x_nat_t_port->sadb_x_nat_t_port_exttype = exttype; - pfkey_x_nat_t_port->sadb_x_nat_t_port_port = port; - pfkey_x_nat_t_port->sadb_x_nat_t_port_reserved = 0; - -errlab: - return error; -} - -int pfkey_x_protocol_build(struct sadb_ext **pfkey_ext, - uint8_t protocol) -{ - int error = 0; - struct sadb_protocol * p = (struct sadb_protocol *)*pfkey_ext; - DEBUGGING("pfkey_x_protocol_build: protocol=%u\n", protocol); - /* sanity checks... */ - if (p != 0) { - DEBUGGING("pfkey_x_protocol_build: bogus protocol pointer\n"); - SENDERR(EINVAL); - } - if ((p = (struct sadb_protocol*)MALLOC(sizeof(*p))) == 0) { - DEBUGGING("pfkey_build: memory allocation failed\n"); - SENDERR(ENOMEM); - } - *pfkey_ext = (struct sadb_ext *)p; - p->sadb_protocol_len = sizeof(*p) / sizeof(uint64_t); - p->sadb_protocol_exttype = SADB_X_EXT_PROTOCOL; - p->sadb_protocol_proto = protocol; - p->sadb_protocol_flags = 0; - p->sadb_protocol_reserved2 = 0; - errlab: - return error; -} - - -#if I_DONT_THINK_THIS_WILL_BE_USEFUL -int (*ext_default_builders[SADB_EXT_MAX +1])(struct sadb_msg*, struct sadb_ext*) - = -{ - NULL, /* pfkey_msg_build, */ - pfkey_sa_build, - pfkey_lifetime_build, - pfkey_lifetime_build, - pfkey_lifetime_build, - pfkey_address_build, - pfkey_address_build, - pfkey_address_build, - pfkey_key_build, - pfkey_key_build, - pfkey_ident_build, - pfkey_ident_build, - pfkey_sens_build, - pfkey_prop_build, - pfkey_supported_build, - pfkey_supported_build, - pfkey_spirange_build, - pfkey_x_kmprivate_build, - pfkey_x_satype_build, - pfkey_sa_build, - pfkey_address_build, - pfkey_address_build, - pfkey_address_build, - pfkey_address_build, - pfkey_address_build, - pfkey_x_ext_debug_build -}; -#endif - -int -pfkey_msg_build(struct sadb_msg **pfkey_msg, struct sadb_ext *extensions[], int dir) -{ - int error = 0; - unsigned ext; - unsigned total_size; - struct sadb_ext *pfkey_ext; - int extensions_seen = 0; - struct sadb_ext *extensions_check[SADB_EXT_MAX + 1]; - - if (!extensions[0]) { - DEBUGGING( - "pfkey_msg_build: " - "extensions[0] must be specified (struct sadb_msg).\n"); - SENDERR(EINVAL); - } - - total_size = sizeof(struct sadb_msg) / IPSEC_PFKEYv2_ALIGN; - for (ext = 1; ext <= SADB_EXT_MAX; ext++) { - if(extensions[ext]) { - total_size += (extensions[ext])->sadb_ext_len; - } - } - - if (!(*pfkey_msg = (struct sadb_msg*)MALLOC(total_size * IPSEC_PFKEYv2_ALIGN))) { - DEBUGGING( - "pfkey_msg_build: " - "memory allocation failed\n"); - SENDERR(ENOMEM); - } - - DEBUGGING( - "pfkey_msg_build: " - "pfkey_msg=0p%p allocated %lu bytes, &(extensions[0])=0p%p\n", - *pfkey_msg, - (unsigned long)(total_size * IPSEC_PFKEYv2_ALIGN), - &(extensions[0])); - memcpy(*pfkey_msg, - extensions[0], - sizeof(struct sadb_msg)); - (*pfkey_msg)->sadb_msg_len = total_size; - (*pfkey_msg)->sadb_msg_reserved = 0; - extensions_seen = 1 ; - - pfkey_ext = (struct sadb_ext*)(((char*)(*pfkey_msg)) + sizeof(struct sadb_msg)); - - for (ext = 1; ext <= SADB_EXT_MAX; ext++) { - /* copy from extension[ext] to buffer */ - if (extensions[ext]) { - /* Is this type of extension permitted for this type of message? */ - if (!(extensions_bitmaps[dir][EXT_BITS_PERM][(*pfkey_msg)->sadb_msg_type] & - 1<<ext)) { - DEBUGGING( - "pfkey_msg_build: " - "ext type %d not permitted, exts_perm=%08x, 1<<type=%08x\n", - ext, - extensions_bitmaps[dir][EXT_BITS_PERM][(*pfkey_msg)->sadb_msg_type], - 1<<ext); - SENDERR(EINVAL); - } - DEBUGGING( - "pfkey_msg_build: " - "copying %lu bytes from extensions[%u]=0p%p to=0p%p\n", - (unsigned long)(extensions[ext]->sadb_ext_len * IPSEC_PFKEYv2_ALIGN), - ext, - extensions[ext], - pfkey_ext); - memcpy(pfkey_ext, - extensions[ext], - (extensions[ext])->sadb_ext_len * IPSEC_PFKEYv2_ALIGN); - { - char *pfkey_ext_c = (char *)pfkey_ext; - - pfkey_ext_c += (extensions[ext])->sadb_ext_len * IPSEC_PFKEYv2_ALIGN; - pfkey_ext = (struct sadb_ext *)pfkey_ext_c; - } - /* Mark that we have seen this extension and remember the header location */ - extensions_seen |= ( 1 << ext ); - } - } - - /* check required extensions */ - DEBUGGING( - "pfkey_msg_build: " - "extensions permitted=%08x, seen=%08x, required=%08x.\n", - extensions_bitmaps[dir][EXT_BITS_PERM][(*pfkey_msg)->sadb_msg_type], - extensions_seen, - extensions_bitmaps[dir][EXT_BITS_REQ][(*pfkey_msg)->sadb_msg_type]); - - if ((extensions_seen & - extensions_bitmaps[dir][EXT_BITS_REQ][(*pfkey_msg)->sadb_msg_type]) != - extensions_bitmaps[dir][EXT_BITS_REQ][(*pfkey_msg)->sadb_msg_type]) { - DEBUGGING( - "pfkey_msg_build: " - "required extensions missing:%08x.\n", - extensions_bitmaps[dir][EXT_BITS_REQ][(*pfkey_msg)->sadb_msg_type] - - (extensions_seen & - extensions_bitmaps[dir][EXT_BITS_REQ][(*pfkey_msg)->sadb_msg_type]) ); - SENDERR(EINVAL); - } - - error = pfkey_msg_parse(*pfkey_msg, NULL, extensions_check, dir); - if (error) { - DEBUGGING( - "pfkey_msg_build: " - "Trouble parsing newly built pfkey message, error=%d.\n", - error); - SENDERR(-error); - } - -errlab: - - return error; -} diff --git a/src/libfreeswan/pfkey_v2_debug.c b/src/libfreeswan/pfkey_v2_debug.c deleted file mode 100644 index 0762d8f2b..000000000 --- a/src/libfreeswan/pfkey_v2_debug.c +++ /dev/null @@ -1,104 +0,0 @@ -/* - * @(#) pfkey version 2 debugging messages - * - * Copyright (C) 2001 Richard Guy Briggs <rgb@freeswan.org> - * and Michael Richardson <mcr@freeswan.org> - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -# include <sys/types.h> -# include <errno.h> - -#include "freeswan.h" -#include "pfkeyv2.h" -#include "pfkey.h" - -/* - * This file provides ASCII translations of PF_KEY magic numbers. - * - */ - -static char *pfkey_sadb_ext_strings[]={ - "reserved", /* SADB_EXT_RESERVED 0 */ - "security-association", /* SADB_EXT_SA 1 */ - "lifetime-current", /* SADB_EXT_LIFETIME_CURRENT 2 */ - "lifetime-hard", /* SADB_EXT_LIFETIME_HARD 3 */ - "lifetime-soft", /* SADB_EXT_LIFETIME_SOFT 4 */ - "source-address", /* SADB_EXT_ADDRESS_SRC 5 */ - "destination-address", /* SADB_EXT_ADDRESS_DST 6 */ - "proxy-address", /* SADB_EXT_ADDRESS_PROXY 7 */ - "authentication-key", /* SADB_EXT_KEY_AUTH 8 */ - "cipher-key", /* SADB_EXT_KEY_ENCRYPT 9 */ - "source-identity", /* SADB_EXT_IDENTITY_SRC 10 */ - "destination-identity", /* SADB_EXT_IDENTITY_DST 11 */ - "sensitivity-label", /* SADB_EXT_SENSITIVITY 12 */ - "proposal", /* SADB_EXT_PROPOSAL 13 */ - "supported-auth", /* SADB_EXT_SUPPORTED_AUTH 14 */ - "supported-cipher", /* SADB_EXT_SUPPORTED_ENCRYPT 15 */ - "spi-range", /* SADB_EXT_SPIRANGE 16 */ - "X-kmpprivate", /* SADB_X_EXT_KMPRIVATE 17 */ - "X-satype2", /* SADB_X_EXT_SATYPE2 18 */ - "X-security-association", /* SADB_X_EXT_SA2 19 */ - "X-destination-address2", /* SADB_X_EXT_ADDRESS_DST2 20 */ - "X-source-flow-address", /* SADB_X_EXT_ADDRESS_SRC_FLOW 21 */ - "X-dest-flow-address", /* SADB_X_EXT_ADDRESS_DST_FLOW 22 */ - "X-source-mask", /* SADB_X_EXT_ADDRESS_SRC_MASK 23 */ - "X-dest-mask", /* SADB_X_EXT_ADDRESS_DST_MASK 24 */ - "X-set-debug", /* SADB_X_EXT_DEBUG 25 */ - "X-protocol", /* SADB_X_EXT_PROTOCOL 26 */ - "X-NAT-T-type", /* SADB_X_EXT_NAT_T_TYPE 27 */ - "X-NAT-T-sport", /* SADB_X_EXT_NAT_T_SPORT 28 */ - "X-NAT-T-dport", /* SADB_X_EXT_NAT_T_DPORT 29 */ - "X-NAT-T-OA", /* SADB_X_EXT_NAT_T_OA 30 */ -}; - -const char * -pfkey_v2_sadb_ext_string(int ext) -{ - if(ext <= SADB_EXT_MAX) { - return pfkey_sadb_ext_strings[ext]; - } else { - return "unknown-ext"; - } -} - - -static char *pfkey_sadb_type_strings[]={ - "reserved", /* SADB_RESERVED */ - "getspi", /* SADB_GETSPI */ - "update", /* SADB_UPDATE */ - "add", /* SADB_ADD */ - "delete", /* SADB_DELETE */ - "get", /* SADB_GET */ - "acquire", /* SADB_ACQUIRE */ - "register", /* SADB_REGISTER */ - "expire", /* SADB_EXPIRE */ - "flush", /* SADB_FLUSH */ - "dump", /* SADB_DUMP */ - "x-promisc", /* SADB_X_PROMISC */ - "x-pchange", /* SADB_X_PCHANGE */ - "x-groupsa", /* SADB_X_GRPSA */ - "x-addflow(eroute)", /* SADB_X_ADDFLOW */ - "x-delflow(eroute)", /* SADB_X_DELFLOW */ - "x-debug", /* SADB_X_DEBUG */ - "x-nat-t-new-mapping", /* SADB_X_NAT_T_NEW_MAPPING */ -}; - -const char * -pfkey_v2_sadb_type_string(int sadb_type) -{ - if(sadb_type <= SADB_MAX) { - return pfkey_sadb_type_strings[sadb_type]; - } else { - return "unknown-sadb-type"; - } -} diff --git a/src/libfreeswan/pfkey_v2_ext_bits.c b/src/libfreeswan/pfkey_v2_ext_bits.c deleted file mode 100644 index 49b4aa567..000000000 --- a/src/libfreeswan/pfkey_v2_ext_bits.c +++ /dev/null @@ -1,692 +0,0 @@ -/* - * RFC2367 PF_KEYv2 Key management API message parser - * Copyright (C) 1999, 2000, 2001 Richard Guy Briggs. - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -/* - * Template from klips/net/ipsec/ipsec/ipsec_parse.c. - */ - -char pfkey_v2_ext_bits_c_version[] = ""; - -# include <sys/types.h> -# include <errno.h> - -#include <freeswan.h> -#include <pfkeyv2.h> -#include <pfkey.h> - -unsigned int extensions_bitmaps[2/*in/out*/][2/*perm/req*/][SADB_MAX + 1/*ext*/] = { - -/* INBOUND EXTENSIONS */ -{ - -/* PERMITTED IN */ -{ -/* SADB_RESERVED */ -0 -, -/* SADB_GETSPI */ -1<<SADB_EXT_RESERVED -| 1<<SADB_EXT_ADDRESS_SRC -| 1<<SADB_EXT_ADDRESS_DST -| 1<<SADB_EXT_ADDRESS_PROXY -| 1<<SADB_EXT_SPIRANGE -, -/* SADB_UPDATE */ -1<<SADB_EXT_RESERVED -| 1<<SADB_EXT_SA -| 1<<SADB_EXT_LIFETIME_CURRENT -| 1<<SADB_EXT_LIFETIME_HARD -| 1<<SADB_EXT_LIFETIME_SOFT -| 1<<SADB_EXT_ADDRESS_SRC -| 1<<SADB_EXT_ADDRESS_DST -| 1<<SADB_EXT_ADDRESS_PROXY -| 1<<SADB_EXT_KEY_AUTH -| 1<<SADB_EXT_KEY_ENCRYPT -| 1<<SADB_EXT_IDENTITY_SRC -| 1<<SADB_EXT_IDENTITY_DST -| 1<<SADB_EXT_SENSITIVITY -| 1<<SADB_X_EXT_NAT_T_SPORT -| 1<<SADB_X_EXT_NAT_T_DPORT -, -/* SADB_ADD */ -1<<SADB_EXT_RESERVED -| 1<<SADB_EXT_SA -| 1<<SADB_EXT_LIFETIME_HARD -| 1<<SADB_EXT_LIFETIME_SOFT -| 1<<SADB_EXT_ADDRESS_SRC -| 1<<SADB_EXT_ADDRESS_DST -| 1<<SADB_EXT_ADDRESS_PROXY -| 1<<SADB_EXT_KEY_AUTH -| 1<<SADB_EXT_KEY_ENCRYPT -| 1<<SADB_EXT_IDENTITY_SRC -| 1<<SADB_EXT_IDENTITY_DST -| 1<<SADB_EXT_SENSITIVITY -| 1<<SADB_X_EXT_NAT_T_TYPE -| 1<<SADB_X_EXT_NAT_T_SPORT -| 1<<SADB_X_EXT_NAT_T_DPORT -| 1<<SADB_X_EXT_NAT_T_OA -, -/* SADB_DELETE */ -1<<SADB_EXT_RESERVED -| 1<<SADB_EXT_SA -| 1<<SADB_EXT_ADDRESS_SRC -| 1<<SADB_EXT_ADDRESS_DST -, -/* SADB_GET */ -1<<SADB_EXT_RESERVED -| 1<<SADB_EXT_SA -| 1<<SADB_EXT_ADDRESS_SRC -| 1<<SADB_EXT_ADDRESS_DST -, -/* SADB_ACQUIRE */ -1<<SADB_EXT_RESERVED -| 1<<SADB_EXT_ADDRESS_SRC -| 1<<SADB_EXT_ADDRESS_DST -| 1<<SADB_EXT_ADDRESS_PROXY -| 1<<SADB_EXT_IDENTITY_SRC -| 1<<SADB_EXT_IDENTITY_DST -| 1<<SADB_EXT_SENSITIVITY -| 1<<SADB_EXT_PROPOSAL -, -/* SADB_REGISTER */ -1<<SADB_EXT_RESERVED -, -/* SADB_EXPIRE */ -0 -, -/* SADB_FLUSH */ -1<<SADB_EXT_RESERVED -, -/* SADB_DUMP */ -1<<SADB_EXT_RESERVED -, -/* SADB_X_PROMISC */ -1<<SADB_EXT_RESERVED -| 1<<SADB_EXT_SA -| 1<<SADB_EXT_LIFETIME_CURRENT -| 1<<SADB_EXT_LIFETIME_HARD -| 1<<SADB_EXT_LIFETIME_SOFT -| 1<<SADB_EXT_ADDRESS_SRC -| 1<<SADB_EXT_ADDRESS_DST -| 1<<SADB_EXT_ADDRESS_PROXY -| 1<<SADB_EXT_KEY_AUTH -| 1<<SADB_EXT_KEY_ENCRYPT -| 1<<SADB_EXT_IDENTITY_SRC -| 1<<SADB_EXT_IDENTITY_DST -| 1<<SADB_EXT_SENSITIVITY -| 1<<SADB_EXT_PROPOSAL -| 1<<SADB_EXT_SUPPORTED_AUTH -| 1<<SADB_EXT_SUPPORTED_ENCRYPT -| 1<<SADB_EXT_SPIRANGE -| 1<<SADB_X_EXT_KMPRIVATE -| 1<<SADB_X_EXT_SATYPE2 -| 1<<SADB_X_EXT_SA2 -| 1<<SADB_X_EXT_ADDRESS_DST2 -, -/* SADB_X_PCHANGE */ -1<<SADB_EXT_RESERVED -| 1<<SADB_EXT_SA -| 1<<SADB_EXT_LIFETIME_CURRENT -| 1<<SADB_EXT_LIFETIME_HARD -| 1<<SADB_EXT_LIFETIME_SOFT -| 1<<SADB_EXT_ADDRESS_SRC -| 1<<SADB_EXT_ADDRESS_DST -| 1<<SADB_EXT_ADDRESS_PROXY -| 1<<SADB_EXT_KEY_AUTH -| 1<<SADB_EXT_KEY_ENCRYPT -| 1<<SADB_EXT_IDENTITY_SRC -| 1<<SADB_EXT_IDENTITY_DST -| 1<<SADB_EXT_SENSITIVITY -| 1<<SADB_EXT_PROPOSAL -| 1<<SADB_EXT_SUPPORTED_AUTH -| 1<<SADB_EXT_SUPPORTED_ENCRYPT -| 1<<SADB_EXT_SPIRANGE -| 1<<SADB_X_EXT_KMPRIVATE -| 1<<SADB_X_EXT_SATYPE2 -| 1<<SADB_X_EXT_SA2 -| 1<<SADB_X_EXT_ADDRESS_DST2 -, -/* SADB_X_GRPSA */ -1<<SADB_EXT_RESERVED -| 1<<SADB_EXT_SA -| 1<<SADB_EXT_ADDRESS_DST -| 1<<SADB_X_EXT_SATYPE2 -| 1<<SADB_X_EXT_SA2 -| 1<<SADB_X_EXT_ADDRESS_DST2 -, -/* SADB_X_ADDFLOW */ -1<<SADB_EXT_RESERVED -| 1<<SADB_EXT_SA -| 1<<SADB_EXT_ADDRESS_SRC -| 1<<SADB_EXT_ADDRESS_DST -| 1<<SADB_X_EXT_ADDRESS_SRC_FLOW -| 1<<SADB_X_EXT_ADDRESS_DST_FLOW -| 1<<SADB_X_EXT_ADDRESS_SRC_MASK -| 1<<SADB_X_EXT_ADDRESS_DST_MASK -| 1<<SADB_EXT_IDENTITY_SRC -| 1<<SADB_EXT_IDENTITY_DST -| 1<<SADB_X_EXT_PROTOCOL -, -/* SADB_X_DELFLOW */ -1<<SADB_EXT_RESERVED -| 1<<SADB_EXT_SA -| 1<<SADB_X_EXT_ADDRESS_SRC_FLOW -| 1<<SADB_X_EXT_ADDRESS_DST_FLOW -| 1<<SADB_X_EXT_ADDRESS_SRC_MASK -| 1<<SADB_X_EXT_ADDRESS_DST_MASK -| 1<<SADB_EXT_IDENTITY_SRC -| 1<<SADB_EXT_IDENTITY_DST -| 1<<SADB_X_EXT_PROTOCOL -, -/* SADB_X_DEBUG */ -1<<SADB_EXT_RESERVED -| 1<<SADB_X_EXT_DEBUG -, -/* SADB_X_NAT_T_NEW_MAPPING */ -1<<SADB_EXT_RESERVED -| 1<<SADB_EXT_SA -| 1<<SADB_EXT_ADDRESS_SRC -| 1<<SADB_EXT_ADDRESS_DST -| 1<<SADB_X_EXT_NAT_T_SPORT -| 1<<SADB_X_EXT_NAT_T_DPORT -}, - -/* REQUIRED IN */ -{ -/* SADB_RESERVED */ -0 -, -/* SADB_GETSPI */ -1<<SADB_EXT_RESERVED -| 1<<SADB_EXT_ADDRESS_SRC -| 1<<SADB_EXT_ADDRESS_DST -| 1<<SADB_EXT_SPIRANGE -, -/* SADB_UPDATE */ -1<<SADB_EXT_RESERVED -| 1<<SADB_EXT_SA -| 1<<SADB_EXT_ADDRESS_SRC -| 1<<SADB_EXT_ADDRESS_DST -/*| 1<<SADB_EXT_KEY_AUTH*/ -/*| 1<<SADB_EXT_KEY_ENCRYPT*/ -, -/* SADB_ADD */ -1<<SADB_EXT_RESERVED -| 1<<SADB_EXT_SA -| 1<<SADB_EXT_ADDRESS_SRC -| 1<<SADB_EXT_ADDRESS_DST -/*| 1<<SADB_EXT_KEY_AUTH*/ -/*| 1<<SADB_EXT_KEY_ENCRYPT*/ -, -/* SADB_DELETE */ -1<<SADB_EXT_RESERVED -| 1<<SADB_EXT_SA -| 1<<SADB_EXT_ADDRESS_SRC -| 1<<SADB_EXT_ADDRESS_DST -, -/* SADB_GET */ -1<<SADB_EXT_RESERVED -| 1<<SADB_EXT_SA -| 1<<SADB_EXT_ADDRESS_SRC -| 1<<SADB_EXT_ADDRESS_DST -, -/* SADB_ACQUIRE */ -1<<SADB_EXT_RESERVED -| 1<<SADB_EXT_ADDRESS_SRC -| 1<<SADB_EXT_ADDRESS_DST -| 1<<SADB_EXT_PROPOSAL -, -/* SADB_REGISTER */ -1<<SADB_EXT_RESERVED -, -/* SADB_EXPIRE */ -0 -, -/* SADB_FLUSH */ -1<<SADB_EXT_RESERVED -, -/* SADB_DUMP */ -1<<SADB_EXT_RESERVED -, -/* SADB_X_PROMISC */ -1<<SADB_EXT_RESERVED -| 1<<SADB_EXT_SA -| 1<<SADB_EXT_LIFETIME_CURRENT -| 1<<SADB_EXT_LIFETIME_HARD -| 1<<SADB_EXT_LIFETIME_SOFT -| 1<<SADB_EXT_ADDRESS_SRC -| 1<<SADB_EXT_ADDRESS_DST -| 1<<SADB_EXT_ADDRESS_PROXY -| 1<<SADB_EXT_KEY_AUTH -| 1<<SADB_EXT_KEY_ENCRYPT -| 1<<SADB_EXT_IDENTITY_SRC -| 1<<SADB_EXT_IDENTITY_DST -| 1<<SADB_EXT_SENSITIVITY -| 1<<SADB_EXT_PROPOSAL -| 1<<SADB_EXT_SUPPORTED_AUTH -| 1<<SADB_EXT_SUPPORTED_ENCRYPT -| 1<<SADB_EXT_SPIRANGE -| 1<<SADB_X_EXT_KMPRIVATE -| 1<<SADB_X_EXT_SATYPE2 -| 1<<SADB_X_EXT_SA2 -| 1<<SADB_X_EXT_ADDRESS_DST2 -, -/* SADB_X_PCHANGE */ -1<<SADB_EXT_RESERVED -| 1<<SADB_EXT_SA -| 1<<SADB_EXT_LIFETIME_CURRENT -| 1<<SADB_EXT_LIFETIME_HARD -| 1<<SADB_EXT_LIFETIME_SOFT -| 1<<SADB_EXT_ADDRESS_SRC -| 1<<SADB_EXT_ADDRESS_DST -| 1<<SADB_EXT_ADDRESS_PROXY -| 1<<SADB_EXT_KEY_AUTH -| 1<<SADB_EXT_KEY_ENCRYPT -| 1<<SADB_EXT_IDENTITY_SRC -| 1<<SADB_EXT_IDENTITY_DST -| 1<<SADB_EXT_SENSITIVITY -| 1<<SADB_EXT_PROPOSAL -| 1<<SADB_EXT_SUPPORTED_AUTH -| 1<<SADB_EXT_SUPPORTED_ENCRYPT -| 1<<SADB_EXT_SPIRANGE -| 1<<SADB_X_EXT_KMPRIVATE -| 1<<SADB_X_EXT_SATYPE2 -| 1<<SADB_X_EXT_SA2 -| 1<<SADB_X_EXT_ADDRESS_DST2 -, -/* SADB_X_GRPSA */ -1<<SADB_EXT_RESERVED -| 1<<SADB_EXT_SA -| 1<<SADB_EXT_ADDRESS_DST -/*| 1<<SADB_X_EXT_SATYPE2*/ -/*| 1<<SADB_X_EXT_SA2*/ -/*| 1<<SADB_X_EXT_ADDRESS_DST2*/ -, -/* SADB_X_ADDFLOW */ -1<<SADB_EXT_RESERVED -| 1<<SADB_EXT_SA -| 1<<SADB_EXT_ADDRESS_DST -| 1<<SADB_X_EXT_ADDRESS_SRC_FLOW -| 1<<SADB_X_EXT_ADDRESS_DST_FLOW -| 1<<SADB_X_EXT_ADDRESS_SRC_MASK -| 1<<SADB_X_EXT_ADDRESS_DST_MASK -, -/* SADB_X_DELFLOW */ -1<<SADB_EXT_RESERVED -/*| 1<<SADB_EXT_SA*/ -#if 0 /* SADB_X_CLREROUTE doesn't need all these... */ -| 1<<SADB_X_EXT_ADDRESS_SRC_FLOW -| 1<<SADB_X_EXT_ADDRESS_DST_FLOW -| 1<<SADB_X_EXT_ADDRESS_SRC_MASK -| 1<<SADB_X_EXT_ADDRESS_DST_MASK -#endif -, -/* SADB_X_DEBUG */ -1<<SADB_EXT_RESERVED -| 1<<SADB_X_EXT_DEBUG -, -/* SADB_X_NAT_T_NEW_MAPPING */ -1<<SADB_EXT_RESERVED -| 1<<SADB_EXT_SA -| 1<<SADB_EXT_ADDRESS_SRC -| 1<<SADB_EXT_ADDRESS_DST -| 1<<SADB_X_EXT_NAT_T_SPORT -| 1<<SADB_X_EXT_NAT_T_DPORT -} - -}, - -/* OUTBOUND EXTENSIONS */ -{ - -/* PERMITTED OUT */ -{ -/* SADB_RESERVED */ -0 -, -/* SADB_GETSPI */ -1<<SADB_EXT_RESERVED -| 1<<SADB_EXT_SA -| 1<<SADB_EXT_ADDRESS_SRC -| 1<<SADB_EXT_ADDRESS_DST -, -/* SADB_UPDATE */ -1<<SADB_EXT_RESERVED -| 1<<SADB_EXT_SA -| 1<<SADB_EXT_LIFETIME_CURRENT -| 1<<SADB_EXT_LIFETIME_HARD -| 1<<SADB_EXT_LIFETIME_SOFT -| 1<<SADB_EXT_ADDRESS_SRC -| 1<<SADB_EXT_ADDRESS_DST -| 1<<SADB_EXT_ADDRESS_PROXY -| 1<<SADB_EXT_IDENTITY_SRC -| 1<<SADB_EXT_IDENTITY_DST -| 1<<SADB_EXT_SENSITIVITY -, -/* SADB_ADD */ -1<<SADB_EXT_RESERVED -| 1<<SADB_EXT_SA -| 1<<SADB_EXT_LIFETIME_HARD -| 1<<SADB_EXT_LIFETIME_SOFT -| 1<<SADB_EXT_ADDRESS_SRC -| 1<<SADB_EXT_ADDRESS_DST -| 1<<SADB_EXT_IDENTITY_SRC -| 1<<SADB_EXT_IDENTITY_DST -| 1<<SADB_EXT_SENSITIVITY -| 1<<SADB_X_EXT_NAT_T_TYPE -| 1<<SADB_X_EXT_NAT_T_SPORT -| 1<<SADB_X_EXT_NAT_T_DPORT -| 1<<SADB_X_EXT_NAT_T_OA -, -/* SADB_DELETE */ -1<<SADB_EXT_RESERVED -| 1<<SADB_EXT_SA -| 1<<SADB_EXT_ADDRESS_SRC -| 1<<SADB_EXT_ADDRESS_DST -, -/* SADB_GET */ -1<<SADB_EXT_RESERVED -| 1<<SADB_EXT_SA -| 1<<SADB_EXT_LIFETIME_CURRENT -| 1<<SADB_EXT_LIFETIME_HARD -| 1<<SADB_EXT_LIFETIME_SOFT -| 1<<SADB_EXT_ADDRESS_SRC -| 1<<SADB_EXT_ADDRESS_DST -| 1<<SADB_EXT_ADDRESS_PROXY -| 1<<SADB_EXT_KEY_AUTH -| 1<<SADB_EXT_KEY_ENCRYPT -| 1<<SADB_EXT_IDENTITY_SRC -| 1<<SADB_EXT_IDENTITY_DST -| 1<<SADB_EXT_SENSITIVITY -, -/* SADB_ACQUIRE */ -1<<SADB_EXT_RESERVED -| 1<<SADB_EXT_ADDRESS_SRC -| 1<<SADB_EXT_ADDRESS_DST -| 1<<SADB_EXT_ADDRESS_PROXY -| 1<<SADB_EXT_IDENTITY_SRC -| 1<<SADB_EXT_IDENTITY_DST -| 1<<SADB_EXT_SENSITIVITY -| 1<<SADB_EXT_PROPOSAL -, -/* SADB_REGISTER */ -1<<SADB_EXT_RESERVED -| 1<<SADB_EXT_SUPPORTED_AUTH -| 1<<SADB_EXT_SUPPORTED_ENCRYPT -, -/* SADB_EXPIRE */ -1<<SADB_EXT_RESERVED -| 1<<SADB_EXT_SA -| 1<<SADB_EXT_LIFETIME_CURRENT -| 1<<SADB_EXT_LIFETIME_HARD -| 1<<SADB_EXT_LIFETIME_SOFT -| 1<<SADB_EXT_ADDRESS_SRC -| 1<<SADB_EXT_ADDRESS_DST -, -/* SADB_FLUSH */ -1<<SADB_EXT_RESERVED -, -/* SADB_DUMP */ -1<<SADB_EXT_RESERVED -| 1<<SADB_EXT_SA -| 1<<SADB_EXT_LIFETIME_CURRENT -| 1<<SADB_EXT_LIFETIME_HARD -| 1<<SADB_EXT_LIFETIME_SOFT -| 1<<SADB_EXT_ADDRESS_SRC -| 1<<SADB_EXT_ADDRESS_DST -| 1<<SADB_EXT_ADDRESS_PROXY -| 1<<SADB_EXT_KEY_AUTH -| 1<<SADB_EXT_KEY_ENCRYPT -| 1<<SADB_EXT_IDENTITY_SRC -| 1<<SADB_EXT_IDENTITY_DST -| 1<<SADB_EXT_SENSITIVITY -, -/* SADB_X_PROMISC */ -1<<SADB_EXT_RESERVED -| 1<<SADB_EXT_SA -| 1<<SADB_EXT_LIFETIME_CURRENT -| 1<<SADB_EXT_LIFETIME_HARD -| 1<<SADB_EXT_LIFETIME_SOFT -| 1<<SADB_EXT_ADDRESS_SRC -| 1<<SADB_EXT_ADDRESS_DST -| 1<<SADB_EXT_ADDRESS_PROXY -| 1<<SADB_EXT_KEY_AUTH -| 1<<SADB_EXT_KEY_ENCRYPT -| 1<<SADB_EXT_IDENTITY_SRC -| 1<<SADB_EXT_IDENTITY_DST -| 1<<SADB_EXT_SENSITIVITY -| 1<<SADB_EXT_PROPOSAL -| 1<<SADB_EXT_SUPPORTED_AUTH -| 1<<SADB_EXT_SUPPORTED_ENCRYPT -| 1<<SADB_EXT_SPIRANGE -| 1<<SADB_X_EXT_KMPRIVATE -| 1<<SADB_X_EXT_SATYPE2 -| 1<<SADB_X_EXT_SA2 -| 1<<SADB_X_EXT_ADDRESS_DST2 -, -/* SADB_X_PCHANGE */ -1<<SADB_EXT_RESERVED -| 1<<SADB_EXT_SA -| 1<<SADB_EXT_LIFETIME_CURRENT -| 1<<SADB_EXT_LIFETIME_HARD -| 1<<SADB_EXT_LIFETIME_SOFT -| 1<<SADB_EXT_ADDRESS_SRC -| 1<<SADB_EXT_ADDRESS_DST -| 1<<SADB_EXT_ADDRESS_PROXY -| 1<<SADB_EXT_KEY_AUTH -| 1<<SADB_EXT_KEY_ENCRYPT -| 1<<SADB_EXT_IDENTITY_SRC -| 1<<SADB_EXT_IDENTITY_DST -| 1<<SADB_EXT_SENSITIVITY -| 1<<SADB_EXT_PROPOSAL -| 1<<SADB_EXT_SUPPORTED_AUTH -| 1<<SADB_EXT_SUPPORTED_ENCRYPT -| 1<<SADB_EXT_SPIRANGE -| 1<<SADB_X_EXT_KMPRIVATE -| 1<<SADB_X_EXT_SATYPE2 -| 1<<SADB_X_EXT_SA2 -| 1<<SADB_X_EXT_ADDRESS_DST2 -, -/* SADB_X_GRPSA */ -1<<SADB_EXT_RESERVED -| 1<<SADB_EXT_SA -| 1<<SADB_EXT_ADDRESS_DST -| 1<<SADB_X_EXT_SATYPE2 -| 1<<SADB_X_EXT_SA2 -| 1<<SADB_X_EXT_ADDRESS_DST2 -, -/* SADB_X_ADDFLOW */ -1<<SADB_EXT_RESERVED -| 1<<SADB_EXT_SA -| 1<<SADB_EXT_ADDRESS_SRC -| 1<<SADB_EXT_ADDRESS_DST -| 1<<SADB_X_EXT_ADDRESS_SRC_FLOW -| 1<<SADB_X_EXT_ADDRESS_DST_FLOW -| 1<<SADB_X_EXT_ADDRESS_SRC_MASK -| 1<<SADB_X_EXT_ADDRESS_DST_MASK -| 1<<SADB_X_EXT_PROTOCOL -, -/* SADB_X_DELFLOW */ -1<<SADB_EXT_RESERVED -| 1<<SADB_EXT_SA -| 1<<SADB_X_EXT_ADDRESS_SRC_FLOW -| 1<<SADB_X_EXT_ADDRESS_DST_FLOW -| 1<<SADB_X_EXT_ADDRESS_SRC_MASK -| 1<<SADB_X_EXT_ADDRESS_DST_MASK -| 1<<SADB_X_EXT_PROTOCOL -, -/* SADB_X_DEBUG */ -1<<SADB_EXT_RESERVED -| 1<<SADB_X_EXT_DEBUG -, -/* SADB_X_NAT_T_NEW_MAPPING */ -1<<SADB_EXT_RESERVED -| 1<<SADB_EXT_SA -| 1<<SADB_EXT_ADDRESS_SRC -| 1<<SADB_EXT_ADDRESS_DST -| 1<<SADB_X_EXT_NAT_T_SPORT -| 1<<SADB_X_EXT_NAT_T_DPORT -}, - -/* REQUIRED OUT */ -{ -/* SADB_RESERVED */ -0 -, -/* SADB_GETSPI */ -1<<SADB_EXT_RESERVED -| 1<<SADB_EXT_SA -| 1<<SADB_EXT_ADDRESS_SRC -| 1<<SADB_EXT_ADDRESS_DST -, -/* SADB_UPDATE */ -1<<SADB_EXT_RESERVED -| 1<<SADB_EXT_SA -| 1<<SADB_EXT_ADDRESS_SRC -| 1<<SADB_EXT_ADDRESS_DST -, -/* SADB_ADD */ -1<<SADB_EXT_RESERVED -| 1<<SADB_EXT_SA -| 1<<SADB_EXT_ADDRESS_SRC -| 1<<SADB_EXT_ADDRESS_DST -, -/* SADB_DELETE */ -1<<SADB_EXT_RESERVED -| 1<<SADB_EXT_SA -| 1<<SADB_EXT_ADDRESS_SRC -| 1<<SADB_EXT_ADDRESS_DST -, -/* SADB_GET */ -1<<SADB_EXT_RESERVED -| 1<<SADB_EXT_SA -| 1<<SADB_EXT_ADDRESS_SRC -| 1<<SADB_EXT_ADDRESS_DST -/* | 1<<SADB_EXT_KEY_AUTH */ -/* | 1<<SADB_EXT_KEY_ENCRYPT */ -, -/* SADB_ACQUIRE */ -1<<SADB_EXT_RESERVED -| 1<<SADB_EXT_ADDRESS_SRC -| 1<<SADB_EXT_ADDRESS_DST -| 1<<SADB_EXT_PROPOSAL -, -/* SADB_REGISTER */ -1<<SADB_EXT_RESERVED -/* | 1<<SADB_EXT_SUPPORTED_AUTH - | 1<<SADB_EXT_SUPPORTED_ENCRYPT */ -, -/* SADB_EXPIRE */ -1<<SADB_EXT_RESERVED -| 1<<SADB_EXT_SA -| 1<<SADB_EXT_LIFETIME_CURRENT -/* | 1<<SADB_EXT_LIFETIME_HARD - | 1<<SADB_EXT_LIFETIME_SOFT */ -| 1<<SADB_EXT_ADDRESS_SRC -| 1<<SADB_EXT_ADDRESS_DST -, -/* SADB_FLUSH */ -1<<SADB_EXT_RESERVED -, -/* SADB_DUMP */ -1<<SADB_EXT_RESERVED -| 1<<SADB_EXT_SA -| 1<<SADB_EXT_ADDRESS_SRC -| 1<<SADB_EXT_ADDRESS_DST -| 1<<SADB_EXT_KEY_AUTH -| 1<<SADB_EXT_KEY_ENCRYPT -, -/* SADB_X_PROMISC */ -1<<SADB_EXT_RESERVED -| 1<<SADB_EXT_SA -| 1<<SADB_EXT_LIFETIME_CURRENT -| 1<<SADB_EXT_LIFETIME_HARD -| 1<<SADB_EXT_LIFETIME_SOFT -| 1<<SADB_EXT_ADDRESS_SRC -| 1<<SADB_EXT_ADDRESS_DST -| 1<<SADB_EXT_ADDRESS_PROXY -| 1<<SADB_EXT_KEY_AUTH -| 1<<SADB_EXT_KEY_ENCRYPT -| 1<<SADB_EXT_IDENTITY_SRC -| 1<<SADB_EXT_IDENTITY_DST -| 1<<SADB_EXT_SENSITIVITY -| 1<<SADB_EXT_PROPOSAL -| 1<<SADB_EXT_SUPPORTED_AUTH -| 1<<SADB_EXT_SUPPORTED_ENCRYPT -| 1<<SADB_EXT_SPIRANGE -| 1<<SADB_X_EXT_KMPRIVATE -| 1<<SADB_X_EXT_SATYPE2 -| 1<<SADB_X_EXT_SA2 -| 1<<SADB_X_EXT_ADDRESS_DST2 -, -/* SADB_X_PCHANGE */ -1<<SADB_EXT_RESERVED -| 1<<SADB_EXT_SA -| 1<<SADB_EXT_LIFETIME_CURRENT -| 1<<SADB_EXT_LIFETIME_HARD -| 1<<SADB_EXT_LIFETIME_SOFT -| 1<<SADB_EXT_ADDRESS_SRC -| 1<<SADB_EXT_ADDRESS_DST -| 1<<SADB_EXT_ADDRESS_PROXY -| 1<<SADB_EXT_KEY_AUTH -| 1<<SADB_EXT_KEY_ENCRYPT -| 1<<SADB_EXT_IDENTITY_SRC -| 1<<SADB_EXT_IDENTITY_DST -| 1<<SADB_EXT_SENSITIVITY -| 1<<SADB_EXT_PROPOSAL -| 1<<SADB_EXT_SUPPORTED_AUTH -| 1<<SADB_EXT_SUPPORTED_ENCRYPT -| 1<<SADB_EXT_SPIRANGE -| 1<<SADB_X_EXT_KMPRIVATE -| 1<<SADB_X_EXT_SATYPE2 -| 1<<SADB_X_EXT_SA2 -| 1<<SADB_X_EXT_ADDRESS_DST2 -, -/* SADB_X_GRPSA */ -1<<SADB_EXT_RESERVED -| 1<<SADB_EXT_SA -| 1<<SADB_EXT_ADDRESS_DST -, -/* SADB_X_ADDFLOW */ -1<<SADB_EXT_RESERVED -| 1<<SADB_EXT_SA -| 1<<SADB_EXT_ADDRESS_DST -| 1<<SADB_X_EXT_ADDRESS_SRC_FLOW -| 1<<SADB_X_EXT_ADDRESS_DST_FLOW -| 1<<SADB_X_EXT_ADDRESS_SRC_MASK -| 1<<SADB_X_EXT_ADDRESS_DST_MASK -, -/* SADB_X_DELFLOW */ -1<<SADB_EXT_RESERVED -/*| 1<<SADB_EXT_SA*/ -| 1<<SADB_X_EXT_ADDRESS_SRC_FLOW -| 1<<SADB_X_EXT_ADDRESS_DST_FLOW -| 1<<SADB_X_EXT_ADDRESS_SRC_MASK -| 1<<SADB_X_EXT_ADDRESS_DST_MASK -, -/* SADB_X_DEBUG */ -1<<SADB_EXT_RESERVED -| 1<<SADB_X_EXT_DEBUG -, -/* SADB_X_NAT_T_NEW_MAPPING */ -1<<SADB_EXT_RESERVED -| 1<<SADB_EXT_SA -| 1<<SADB_EXT_ADDRESS_SRC -| 1<<SADB_EXT_ADDRESS_DST -| 1<<SADB_X_EXT_NAT_T_SPORT -| 1<<SADB_X_EXT_NAT_T_DPORT -} -} -}; diff --git a/src/libfreeswan/pfkey_v2_parse.c b/src/libfreeswan/pfkey_v2_parse.c deleted file mode 100644 index 8fec9d119..000000000 --- a/src/libfreeswan/pfkey_v2_parse.c +++ /dev/null @@ -1,1539 +0,0 @@ -/* - * RFC2367 PF_KEYv2 Key management API message parser - * Copyright (C) 1999, 2000, 2001 Richard Guy Briggs. - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -/* - * Template from klips/net/ipsec/ipsec/ipsec_parser.c. - */ - -char pfkey_v2_parse_c_version[] = ""; - -# include <sys/types.h> -# include <sys/socket.h> -# include <errno.h> - -# include <freeswan.h> -# include <constants.h> -# include <defs.h> /* for PRINTF_LIKE */ -# include <log.h> /* for debugging and DBG_log */ - -# ifdef PLUTO -# define DEBUGGING(level, args...) { DBG_log("pfkey_lib_debug:" args); } -# else -# define DEBUGGING(level, args...) if(pfkey_lib_debug & level) { printf("pfkey_lib_debug:" args); } else { ; } -# endif - -#include <pfkeyv2.h> -#include <pfkey.h> - - -#define SENDERR(_x) do { error = -(_x); goto errlab; } while (0) - -static struct { - uint8_t proto; - uint8_t satype; - char* name; -} satype_tbl[] = { - { SA_ESP, SADB_SATYPE_ESP, "ESP" }, - { SA_AH, SADB_SATYPE_AH, "AH" }, - { SA_IPIP, SADB_X_SATYPE_IPIP, "IPIP" }, - { SA_COMP, SADB_X_SATYPE_COMP, "COMP" }, - { SA_INT, SADB_X_SATYPE_INT, "INT" }, - { 0, 0, "UNKNOWN" } -}; - -uint8_t -satype2proto(uint8_t satype) -{ - int i =0; - - while(satype_tbl[i].satype != satype && satype_tbl[i].satype != 0) { - i++; - } - return satype_tbl[i].proto; -} - -uint8_t -proto2satype(uint8_t proto) -{ - int i = 0; - - while(satype_tbl[i].proto != proto && satype_tbl[i].proto != 0) { - i++; - } - return satype_tbl[i].satype; -} - -char* -satype2name(uint8_t satype) -{ - int i = 0; - - while(satype_tbl[i].satype != satype && satype_tbl[i].satype != 0) { - i++; - } - return satype_tbl[i].name; -} - -char* -proto2name(uint8_t proto) -{ - int i = 0; - - while(satype_tbl[i].proto != proto && satype_tbl[i].proto != 0) { - i++; - } - return satype_tbl[i].name; -} - -/* Default extension parsers taken from the KLIPS code */ - -DEBUG_NO_STATIC int -pfkey_sa_parse(struct sadb_ext *pfkey_ext) -{ - int error = 0; - struct sadb_sa *pfkey_sa = (struct sadb_sa *)pfkey_ext; -#if 0 - struct sadb_sa sav2; -#endif - - DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW, - "pfkey_sa_parse: entry\n"); - /* sanity checks... */ - if(!pfkey_sa) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_sa_parse: " - "NULL pointer passed in.\n"); - SENDERR(EINVAL); - } - -#if 0 - /* check if this structure is short, and if so, fix it up. - * XXX this is NOT the way to do things. - */ - if(pfkey_sa->sadb_sa_len == sizeof(struct sadb_sa_v1)/IPSEC_PFKEYv2_ALIGN) { - - /* yes, so clear out a temporary structure, and copy first */ - memset(&sav2, 0, sizeof(sav2)); - memcpy(&sav2, pfkey_sa, sizeof(struct sadb_sa_v1)); - sav2.sadb_x_sa_ref=-1; - sav2.sadb_sa_len = sizeof(struct sadb_sa) / IPSEC_PFKEYv2_ALIGN; - - pfkey_sa = &sav2; - } -#endif - - - if(pfkey_sa->sadb_sa_len != sizeof(struct sadb_sa) / IPSEC_PFKEYv2_ALIGN) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_sa_parse: " - "length wrong pfkey_sa->sadb_sa_len=%d sizeof(struct sadb_sa)=%d.\n", - pfkey_sa->sadb_sa_len, - (int)sizeof(struct sadb_sa)); - SENDERR(EINVAL); - } - - if(pfkey_sa->sadb_sa_encrypt > SADB_EALG_MAX) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_sa_parse: " - "pfkey_sa->sadb_sa_encrypt=%d > SADB_EALG_MAX=%d.\n", - pfkey_sa->sadb_sa_encrypt, - SADB_EALG_MAX); - SENDERR(EINVAL); - } - - if(pfkey_sa->sadb_sa_auth > SADB_AALG_MAX) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_sa_parse: " - "pfkey_sa->sadb_sa_auth=%d > SADB_AALG_MAX=%d.\n", - pfkey_sa->sadb_sa_auth, - SADB_AALG_MAX); - SENDERR(EINVAL); - } - - if(pfkey_sa->sadb_sa_state > SADB_SASTATE_MAX) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_sa_parse: " - "state=%d exceeds MAX=%d.\n", - pfkey_sa->sadb_sa_state, - SADB_SASTATE_MAX); - SENDERR(EINVAL); - } - - if(pfkey_sa->sadb_sa_state == SADB_SASTATE_DEAD) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_sa_parse: " - "state=%d is DEAD=%d.\n", - pfkey_sa->sadb_sa_state, - SADB_SASTATE_DEAD); - SENDERR(EINVAL); - } - - if(pfkey_sa->sadb_sa_replay > 64) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_sa_parse: " - "replay window size: %d -- must be 0 <= size <= 64\n", - pfkey_sa->sadb_sa_replay); - SENDERR(EINVAL); - } - - if(! ((pfkey_sa->sadb_sa_exttype == SADB_EXT_SA) || - (pfkey_sa->sadb_sa_exttype == SADB_X_EXT_SA2))) - { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_sa_parse: " - "unknown exttype=%d, expecting SADB_EXT_SA=%d or SADB_X_EXT_SA2=%d.\n", - pfkey_sa->sadb_sa_exttype, - SADB_EXT_SA, - SADB_X_EXT_SA2); - SENDERR(EINVAL); - } - - if((IPSEC_SAREF_NULL != pfkey_sa->sadb_x_sa_ref) && (pfkey_sa->sadb_x_sa_ref >= (1 << IPSEC_SA_REF_TABLE_IDX_WIDTH))) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_sa_parse: " - "SAref=%d must be (SAref == IPSEC_SAREF_NULL(%d) || SAref < IPSEC_SA_REF_TABLE_NUM_ENTRIES(%d)).\n", - pfkey_sa->sadb_x_sa_ref, - IPSEC_SAREF_NULL, - IPSEC_SA_REF_TABLE_NUM_ENTRIES); - SENDERR(EINVAL); - } - - DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT, - "pfkey_sa_parse: " - "successfully found len=%d exttype=%d(%s) spi=%08lx replay=%d state=%d auth=%d encrypt=%d flags=%d ref=%d.\n", - pfkey_sa->sadb_sa_len, - pfkey_sa->sadb_sa_exttype, - pfkey_v2_sadb_ext_string(pfkey_sa->sadb_sa_exttype), - (long unsigned int)ntohl(pfkey_sa->sadb_sa_spi), - pfkey_sa->sadb_sa_replay, - pfkey_sa->sadb_sa_state, - pfkey_sa->sadb_sa_auth, - pfkey_sa->sadb_sa_encrypt, - pfkey_sa->sadb_sa_flags, - pfkey_sa->sadb_x_sa_ref); - - errlab: - return error; -} - -DEBUG_NO_STATIC int -pfkey_lifetime_parse(struct sadb_ext *pfkey_ext) -{ - int error = 0; - struct sadb_lifetime *pfkey_lifetime = (struct sadb_lifetime *)pfkey_ext; - - DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW, - "pfkey_lifetime_parse:enter\n"); - /* sanity checks... */ - if(!pfkey_lifetime) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_lifetime_parse: " - "NULL pointer passed in.\n"); - SENDERR(EINVAL); - } - - if(pfkey_lifetime->sadb_lifetime_len != - sizeof(struct sadb_lifetime) / IPSEC_PFKEYv2_ALIGN) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_lifetime_parse: " - "length wrong pfkey_lifetime->sadb_lifetime_len=%d sizeof(struct sadb_lifetime)=%d.\n", - pfkey_lifetime->sadb_lifetime_len, - (int)sizeof(struct sadb_lifetime)); - SENDERR(EINVAL); - } - - if((pfkey_lifetime->sadb_lifetime_exttype != SADB_EXT_LIFETIME_HARD) && - (pfkey_lifetime->sadb_lifetime_exttype != SADB_EXT_LIFETIME_SOFT) && - (pfkey_lifetime->sadb_lifetime_exttype != SADB_EXT_LIFETIME_CURRENT)) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_lifetime_parse: " - "unexpected ext_type=%d.\n", - pfkey_lifetime->sadb_lifetime_exttype); - SENDERR(EINVAL); - } - - DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT, - "pfkey_lifetime_parse: " - "life_type=%d(%s) alloc=%u bytes=%u add=%u use=%u pkts=%u.\n", - pfkey_lifetime->sadb_lifetime_exttype, - pfkey_v2_sadb_ext_string(pfkey_lifetime->sadb_lifetime_exttype), - pfkey_lifetime->sadb_lifetime_allocations, - (unsigned)pfkey_lifetime->sadb_lifetime_bytes, - (unsigned)pfkey_lifetime->sadb_lifetime_addtime, - (unsigned)pfkey_lifetime->sadb_lifetime_usetime, - pfkey_lifetime->sadb_x_lifetime_packets); -errlab: - return error; -} - -DEBUG_NO_STATIC int -pfkey_address_parse(struct sadb_ext *pfkey_ext) -{ - int error = 0; - int saddr_len = 0; - struct sadb_address *pfkey_address = (struct sadb_address *)pfkey_ext; - struct sockaddr* s = (struct sockaddr*)((char*)pfkey_address + sizeof(*pfkey_address)); - char ipaddr_txt[ADDRTOT_BUF]; - - DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW, - "pfkey_address_parse:enter\n"); - /* sanity checks... */ - if(!pfkey_address) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_address_parse: " - "NULL pointer passed in.\n"); - SENDERR(EINVAL); - } - - if(pfkey_address->sadb_address_len < - (sizeof(struct sadb_address) + sizeof(struct sockaddr))/ - IPSEC_PFKEYv2_ALIGN) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_address_parse: " - "size wrong 1 ext_len=%d, adr_ext_len=%d, saddr_len=%d.\n", - pfkey_address->sadb_address_len, - (int)sizeof(struct sadb_address), - (int)sizeof(struct sockaddr)); - SENDERR(EINVAL); - } - - if(pfkey_address->sadb_address_reserved) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_address_parse: " - "res=%d, must be zero.\n", - pfkey_address->sadb_address_reserved); - SENDERR(EINVAL); - } - - switch(pfkey_address->sadb_address_exttype) { - case SADB_EXT_ADDRESS_SRC: - case SADB_EXT_ADDRESS_DST: - case SADB_EXT_ADDRESS_PROXY: - case SADB_X_EXT_ADDRESS_DST2: - case SADB_X_EXT_ADDRESS_SRC_FLOW: - case SADB_X_EXT_ADDRESS_DST_FLOW: - case SADB_X_EXT_ADDRESS_SRC_MASK: - case SADB_X_EXT_ADDRESS_DST_MASK: - case SADB_X_EXT_NAT_T_OA: - break; - default: - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_address_parse: " - "unexpected ext_type=%d.\n", - pfkey_address->sadb_address_exttype); - SENDERR(EINVAL); - } - - switch(s->sa_family) { - case AF_INET: - saddr_len = sizeof(struct sockaddr_in); - sprintf(ipaddr_txt, "%d.%d.%d.%d" - , (((struct sockaddr_in*)s)->sin_addr.s_addr >> 0) & 0xFF - , (((struct sockaddr_in*)s)->sin_addr.s_addr >> 8) & 0xFF - , (((struct sockaddr_in*)s)->sin_addr.s_addr >> 16) & 0xFF - , (((struct sockaddr_in*)s)->sin_addr.s_addr >> 24) & 0xFF); - DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT, - "pfkey_address_parse: " - "found exttype=%u(%s) family=%d(AF_INET) address=%s proto=%u port=%u.\n", - pfkey_address->sadb_address_exttype, - pfkey_v2_sadb_ext_string(pfkey_address->sadb_address_exttype), - s->sa_family, - ipaddr_txt, - pfkey_address->sadb_address_proto, - ntohs(((struct sockaddr_in*)s)->sin_port)); - break; - case AF_INET6: - saddr_len = sizeof(struct sockaddr_in6); - sprintf(ipaddr_txt, "%x:%x:%x:%x:%x:%x:%x:%x" - , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr[0]) - , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr[1]) - , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr[2]) - , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr[3]) - , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr[4]) - , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr[5]) - , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr[6]) - , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr[7])); - DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT, - "pfkey_address_parse: " - "found exttype=%u(%s) family=%d(AF_INET6) address=%s proto=%u port=%u.\n", - pfkey_address->sadb_address_exttype, - pfkey_v2_sadb_ext_string(pfkey_address->sadb_address_exttype), - s->sa_family, - ipaddr_txt, - pfkey_address->sadb_address_proto, - ((struct sockaddr_in6*)s)->sin6_port); - break; - default: - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_address_parse: " - "s->sa_family=%d not supported.\n", - s->sa_family); - SENDERR(EPFNOSUPPORT); - } - - if(pfkey_address->sadb_address_len != - DIVUP(sizeof(struct sadb_address) + saddr_len, IPSEC_PFKEYv2_ALIGN)) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_address_parse: " - "size wrong 2 ext_len=%d, adr_ext_len=%d, saddr_len=%d.\n", - pfkey_address->sadb_address_len, - (int)sizeof(struct sadb_address), - saddr_len); - SENDERR(EINVAL); - } - - if(pfkey_address->sadb_address_prefixlen != 0) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_address_parse: " - "address prefixes not supported yet.\n"); - SENDERR(EAFNOSUPPORT); /* not supported yet */ - } - - /* XXX check if port!=0 */ - - DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW, - "pfkey_address_parse: successful.\n"); - errlab: - return error; -} - -DEBUG_NO_STATIC int -pfkey_key_parse(struct sadb_ext *pfkey_ext) -{ - int error = 0; - struct sadb_key *pfkey_key = (struct sadb_key *)pfkey_ext; - - DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW, - "pfkey_key_parse:enter\n"); - /* sanity checks... */ - - if(!pfkey_key) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_key_parse: " - "NULL pointer passed in.\n"); - SENDERR(EINVAL); - } - - if(pfkey_key->sadb_key_len < sizeof(struct sadb_key) / IPSEC_PFKEYv2_ALIGN) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_key_parse: " - "size wrong ext_len=%d, key_ext_len=%d.\n", - pfkey_key->sadb_key_len, - (int)sizeof(struct sadb_key)); - SENDERR(EINVAL); - } - - if(!pfkey_key->sadb_key_bits) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_key_parse: " - "key length set to zero, must be non-zero.\n"); - SENDERR(EINVAL); - } - - if(pfkey_key->sadb_key_len != - DIVUP(sizeof(struct sadb_key) * OCTETBITS + pfkey_key->sadb_key_bits, - PFKEYBITS)) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_key_parse: " - "key length=%d does not agree with extension length=%d.\n", - pfkey_key->sadb_key_bits, - pfkey_key->sadb_key_len); - SENDERR(EINVAL); - } - - if(pfkey_key->sadb_key_reserved) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_key_parse: " - "res=%d, must be zero.\n", - pfkey_key->sadb_key_reserved); - SENDERR(EINVAL); - } - - if(! ( (pfkey_key->sadb_key_exttype == SADB_EXT_KEY_AUTH) || - (pfkey_key->sadb_key_exttype == SADB_EXT_KEY_ENCRYPT))) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_key_parse: " - "expecting extension type AUTH or ENCRYPT, got %d.\n", - pfkey_key->sadb_key_exttype); - SENDERR(EINVAL); - } - - DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT, - "pfkey_key_parse: " - "success, found len=%d exttype=%d(%s) bits=%d reserved=%d.\n", - pfkey_key->sadb_key_len, - pfkey_key->sadb_key_exttype, - pfkey_v2_sadb_ext_string(pfkey_key->sadb_key_exttype), - pfkey_key->sadb_key_bits, - pfkey_key->sadb_key_reserved); - -errlab: - return error; -} - -DEBUG_NO_STATIC int -pfkey_ident_parse(struct sadb_ext *pfkey_ext) -{ - int error = 0; - struct sadb_ident *pfkey_ident = (struct sadb_ident *)pfkey_ext; - - /* sanity checks... */ - if(pfkey_ident->sadb_ident_len < sizeof(struct sadb_ident) / IPSEC_PFKEYv2_ALIGN) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_ident_parse: " - "size wrong ext_len=%d, key_ext_len=%d.\n", - pfkey_ident->sadb_ident_len, - (int)sizeof(struct sadb_ident)); - SENDERR(EINVAL); - } - - if(pfkey_ident->sadb_ident_type > SADB_IDENTTYPE_MAX) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_ident_parse: " - "ident_type=%d out of range, must be less than %d.\n", - pfkey_ident->sadb_ident_type, - SADB_IDENTTYPE_MAX); - SENDERR(EINVAL); - } - - if(pfkey_ident->sadb_ident_reserved) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_ident_parse: " - "res=%d, must be zero.\n", - pfkey_ident->sadb_ident_reserved); - SENDERR(EINVAL); - } - - /* string terminator/padding must be zero */ - if(pfkey_ident->sadb_ident_len > sizeof(struct sadb_ident) / IPSEC_PFKEYv2_ALIGN) { - if(*((char*)pfkey_ident + pfkey_ident->sadb_ident_len * IPSEC_PFKEYv2_ALIGN - 1)) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_ident_parse: " - "string padding must be zero, last is 0x%02x.\n", - *((char*)pfkey_ident + - pfkey_ident->sadb_ident_len * IPSEC_PFKEYv2_ALIGN - 1)); - SENDERR(EINVAL); - } - } - - if( ! ((pfkey_ident->sadb_ident_exttype == SADB_EXT_IDENTITY_SRC) || - (pfkey_ident->sadb_ident_exttype == SADB_EXT_IDENTITY_DST))) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_key_parse: " - "expecting extension type IDENTITY_SRC or IDENTITY_DST, got %d.\n", - pfkey_ident->sadb_ident_exttype); - SENDERR(EINVAL); - } - -errlab: - return error; -} - -DEBUG_NO_STATIC int -pfkey_sens_parse(struct sadb_ext *pfkey_ext) -{ - int error = 0; - struct sadb_sens *pfkey_sens = (struct sadb_sens *)pfkey_ext; - - /* sanity checks... */ - if(pfkey_sens->sadb_sens_len < sizeof(struct sadb_sens) / IPSEC_PFKEYv2_ALIGN) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_sens_parse: " - "size wrong ext_len=%d, key_ext_len=%d.\n", - pfkey_sens->sadb_sens_len, - (int)sizeof(struct sadb_sens)); - SENDERR(EINVAL); - } - - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_sens_parse: " - "Sorry, I can't parse exttype=%d yet.\n", - pfkey_ext->sadb_ext_type); -#if 0 - SENDERR(EINVAL); /* don't process these yet */ -#endif - -errlab: - return error; -} - -DEBUG_NO_STATIC int -pfkey_prop_parse(struct sadb_ext *pfkey_ext) -{ - int error = 0; - int i, num_comb; - struct sadb_prop *pfkey_prop = (struct sadb_prop *)pfkey_ext; - struct sadb_comb *pfkey_comb = (struct sadb_comb *)((char*)pfkey_ext + sizeof(struct sadb_prop)); - - /* sanity checks... */ - if((pfkey_prop->sadb_prop_len < sizeof(struct sadb_prop) / IPSEC_PFKEYv2_ALIGN) || - (((pfkey_prop->sadb_prop_len * IPSEC_PFKEYv2_ALIGN) - sizeof(struct sadb_prop)) % sizeof(struct sadb_comb))) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_prop_parse: " - "size wrong ext_len=%d, prop_ext_len=%d comb_ext_len=%d.\n", - pfkey_prop->sadb_prop_len, - (int)sizeof(struct sadb_prop), - (int)sizeof(struct sadb_comb)); - SENDERR(EINVAL); - } - - if(pfkey_prop->sadb_prop_replay > 64) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_prop_parse: " - "replay window size: %d -- must be 0 <= size <= 64\n", - pfkey_prop->sadb_prop_replay); - SENDERR(EINVAL); - } - - for(i=0; i<3; i++) { - if(pfkey_prop->sadb_prop_reserved[i]) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_prop_parse: " - "res[%d]=%d, must be zero.\n", - i, pfkey_prop->sadb_prop_reserved[i]); - SENDERR(EINVAL); - } - } - - num_comb = ((pfkey_prop->sadb_prop_len * IPSEC_PFKEYv2_ALIGN) - sizeof(struct sadb_prop)) / sizeof(struct sadb_comb); - - for(i = 0; i < num_comb; i++) { - if(pfkey_comb->sadb_comb_auth > SADB_AALG_MAX) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_prop_parse: " - "pfkey_comb[%d]->sadb_comb_auth=%d > SADB_AALG_MAX=%d.\n", - i, - pfkey_comb->sadb_comb_auth, - SADB_AALG_MAX); - SENDERR(EINVAL); - } - - if(pfkey_comb->sadb_comb_auth) { - if(!pfkey_comb->sadb_comb_auth_minbits) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_prop_parse: " - "pfkey_comb[%d]->sadb_comb_auth_minbits=0, fatal.\n", - i); - SENDERR(EINVAL); - } - if(!pfkey_comb->sadb_comb_auth_maxbits) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_prop_parse: " - "pfkey_comb[%d]->sadb_comb_auth_maxbits=0, fatal.\n", - i); - SENDERR(EINVAL); - } - if(pfkey_comb->sadb_comb_auth_minbits > pfkey_comb->sadb_comb_auth_maxbits) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_prop_parse: " - "pfkey_comb[%d]->sadb_comb_auth_minbits=%d > maxbits=%d, fatal.\n", - i, - pfkey_comb->sadb_comb_auth_minbits, - pfkey_comb->sadb_comb_auth_maxbits); - SENDERR(EINVAL); - } - } else { - if(pfkey_comb->sadb_comb_auth_minbits) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_prop_parse: " - "pfkey_comb[%d]->sadb_comb_auth_minbits=%d != 0, fatal.\n", - i, - pfkey_comb->sadb_comb_auth_minbits); - SENDERR(EINVAL); - } - if(pfkey_comb->sadb_comb_auth_maxbits) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_prop_parse: " - "pfkey_comb[%d]->sadb_comb_auth_maxbits=%d != 0, fatal.\n", - i, - pfkey_comb->sadb_comb_auth_maxbits); - SENDERR(EINVAL); - } - } - - if(pfkey_comb->sadb_comb_encrypt > SADB_EALG_MAX) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_comb_parse: " - "pfkey_comb[%d]->sadb_comb_encrypt=%d > SADB_EALG_MAX=%d.\n", - i, - pfkey_comb->sadb_comb_encrypt, - SADB_EALG_MAX); - SENDERR(EINVAL); - } - - if(pfkey_comb->sadb_comb_encrypt) { - if(!pfkey_comb->sadb_comb_encrypt_minbits) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_prop_parse: " - "pfkey_comb[%d]->sadb_comb_encrypt_minbits=0, fatal.\n", - i); - SENDERR(EINVAL); - } - if(!pfkey_comb->sadb_comb_encrypt_maxbits) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_prop_parse: " - "pfkey_comb[%d]->sadb_comb_encrypt_maxbits=0, fatal.\n", - i); - SENDERR(EINVAL); - } - if(pfkey_comb->sadb_comb_encrypt_minbits > pfkey_comb->sadb_comb_encrypt_maxbits) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_prop_parse: " - "pfkey_comb[%d]->sadb_comb_encrypt_minbits=%d > maxbits=%d, fatal.\n", - i, - pfkey_comb->sadb_comb_encrypt_minbits, - pfkey_comb->sadb_comb_encrypt_maxbits); - SENDERR(EINVAL); - } - } else { - if(pfkey_comb->sadb_comb_encrypt_minbits) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_prop_parse: " - "pfkey_comb[%d]->sadb_comb_encrypt_minbits=%d != 0, fatal.\n", - i, - pfkey_comb->sadb_comb_encrypt_minbits); - SENDERR(EINVAL); - } - if(pfkey_comb->sadb_comb_encrypt_maxbits) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_prop_parse: " - "pfkey_comb[%d]->sadb_comb_encrypt_maxbits=%d != 0, fatal.\n", - i, - pfkey_comb->sadb_comb_encrypt_maxbits); - SENDERR(EINVAL); - } - } - - /* XXX do sanity check on flags */ - - if(pfkey_comb->sadb_comb_hard_allocations && pfkey_comb->sadb_comb_soft_allocations > pfkey_comb->sadb_comb_hard_allocations) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_prop_parse: " - "pfkey_comb[%d]->sadb_comb_soft_allocations=%d > hard_allocations=%d, fatal.\n", - i, - pfkey_comb->sadb_comb_soft_allocations, - pfkey_comb->sadb_comb_hard_allocations); - SENDERR(EINVAL); - } - - if(pfkey_comb->sadb_comb_hard_bytes && pfkey_comb->sadb_comb_soft_bytes > pfkey_comb->sadb_comb_hard_bytes) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_prop_parse: " - "pfkey_comb[%d]->sadb_comb_soft_bytes=%Ld > hard_bytes=%Ld, fatal.\n", - i, - (unsigned long long int)pfkey_comb->sadb_comb_soft_bytes, - (unsigned long long int)pfkey_comb->sadb_comb_hard_bytes); - SENDERR(EINVAL); - } - - if(pfkey_comb->sadb_comb_hard_addtime && pfkey_comb->sadb_comb_soft_addtime > pfkey_comb->sadb_comb_hard_addtime) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_prop_parse: " - "pfkey_comb[%d]->sadb_comb_soft_addtime=%Ld > hard_addtime=%Ld, fatal.\n", - i, - (unsigned long long int)pfkey_comb->sadb_comb_soft_addtime, - (unsigned long long int)pfkey_comb->sadb_comb_hard_addtime); - SENDERR(EINVAL); - } - - if(pfkey_comb->sadb_comb_hard_usetime && pfkey_comb->sadb_comb_soft_usetime > pfkey_comb->sadb_comb_hard_usetime) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_prop_parse: " - "pfkey_comb[%d]->sadb_comb_soft_usetime=%Ld > hard_usetime=%Ld, fatal.\n", - i, - (unsigned long long int)pfkey_comb->sadb_comb_soft_usetime, - (unsigned long long int)pfkey_comb->sadb_comb_hard_usetime); - SENDERR(EINVAL); - } - - if(pfkey_comb->sadb_x_comb_hard_packets && pfkey_comb->sadb_x_comb_soft_packets > pfkey_comb->sadb_x_comb_hard_packets) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_prop_parse: " - "pfkey_comb[%d]->sadb_x_comb_soft_packets=%d > hard_packets=%d, fatal.\n", - i, - pfkey_comb->sadb_x_comb_soft_packets, - pfkey_comb->sadb_x_comb_hard_packets); - SENDERR(EINVAL); - } - - if(pfkey_comb->sadb_comb_reserved) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_prop_parse: " - "comb[%d].res=%d, must be zero.\n", - i, - pfkey_comb->sadb_comb_reserved); - SENDERR(EINVAL); - } - pfkey_comb++; - } - -errlab: - return error; -} - -DEBUG_NO_STATIC int -pfkey_supported_parse(struct sadb_ext *pfkey_ext) -{ - int error = 0; - unsigned int i, num_alg; - struct sadb_supported *pfkey_supported = (struct sadb_supported *)pfkey_ext; - struct sadb_alg *pfkey_alg = (struct sadb_alg*)((char*)pfkey_ext + sizeof(struct sadb_supported)); - - /* sanity checks... */ - if((pfkey_supported->sadb_supported_len < - sizeof(struct sadb_supported) / IPSEC_PFKEYv2_ALIGN) || - (((pfkey_supported->sadb_supported_len * IPSEC_PFKEYv2_ALIGN) - - sizeof(struct sadb_supported)) % sizeof(struct sadb_alg))) { - - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_supported_parse: " - "size wrong ext_len=%d, supported_ext_len=%d alg_ext_len=%d.\n", - pfkey_supported->sadb_supported_len, - (int)sizeof(struct sadb_supported), - (int)sizeof(struct sadb_alg)); - SENDERR(EINVAL); - } - - if(pfkey_supported->sadb_supported_reserved) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_supported_parse: " - "res=%d, must be zero.\n", - pfkey_supported->sadb_supported_reserved); - SENDERR(EINVAL); - } - - num_alg = ((pfkey_supported->sadb_supported_len * IPSEC_PFKEYv2_ALIGN) - sizeof(struct sadb_supported)) / sizeof(struct sadb_alg); - - for(i = 0; i < num_alg; i++) { - /* process algo description */ - if(pfkey_alg->sadb_alg_reserved) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_supported_parse: " - "alg[%d], id=%d, ivlen=%d, minbits=%d, maxbits=%d, res=%d, must be zero.\n", - i, - pfkey_alg->sadb_alg_id, - pfkey_alg->sadb_alg_ivlen, - pfkey_alg->sadb_alg_minbits, - pfkey_alg->sadb_alg_maxbits, - pfkey_alg->sadb_alg_reserved); - SENDERR(EINVAL); - } - - /* XXX can alg_id auth/enc be determined from info given? - Yes, but OpenBSD's method does not iteroperate with rfc2367. - rgb, 2000-04-06 */ - - switch(pfkey_supported->sadb_supported_exttype) { - case SADB_EXT_SUPPORTED_AUTH: - if(pfkey_alg->sadb_alg_id > SADB_AALG_MAX) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_supported_parse: " - "alg[%d], alg_id=%d > SADB_AALG_MAX=%d, fatal.\n", - i, - pfkey_alg->sadb_alg_id, - SADB_AALG_MAX); - SENDERR(EINVAL); - } - break; - case SADB_EXT_SUPPORTED_ENCRYPT: - if(pfkey_alg->sadb_alg_id > SADB_EALG_MAX) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_supported_parse: " - "alg[%d], alg_id=%d > SADB_EALG_MAX=%d, fatal.\n", - i, - pfkey_alg->sadb_alg_id, - SADB_EALG_MAX); - SENDERR(EINVAL); - } - break; - default: - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_supported_parse: " - "alg[%d], alg_id=%d > SADB_EALG_MAX=%d, fatal.\n", - i, - pfkey_alg->sadb_alg_id, - SADB_EALG_MAX); - SENDERR(EINVAL); - } - pfkey_alg++; - } - - errlab: - return error; -} - -DEBUG_NO_STATIC int -pfkey_spirange_parse(struct sadb_ext *pfkey_ext) -{ - int error = 0; - struct sadb_spirange *pfkey_spirange = (struct sadb_spirange *)pfkey_ext; - - /* sanity checks... */ - if(pfkey_spirange->sadb_spirange_len != - sizeof(struct sadb_spirange) / IPSEC_PFKEYv2_ALIGN) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_spirange_parse: " - "size wrong ext_len=%d, key_ext_len=%d.\n", - pfkey_spirange->sadb_spirange_len, - (int)sizeof(struct sadb_spirange)); - SENDERR(EINVAL); - } - - if(pfkey_spirange->sadb_spirange_reserved) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_spirange_parse: " - "reserved=%d must be set to zero.\n", - pfkey_spirange->sadb_spirange_reserved); - SENDERR(EINVAL); - } - - if(ntohl(pfkey_spirange->sadb_spirange_max) < ntohl(pfkey_spirange->sadb_spirange_min)) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_spirange_parse: " - "minspi=%08x must be < maxspi=%08x.\n", - ntohl(pfkey_spirange->sadb_spirange_min), - ntohl(pfkey_spirange->sadb_spirange_max)); - SENDERR(EINVAL); - } - - if(ntohl(pfkey_spirange->sadb_spirange_min) <= 255) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_spirange_parse: " - "minspi=%08x must be > 255.\n", - ntohl(pfkey_spirange->sadb_spirange_min)); - SENDERR(EEXIST); - } - - DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT, - "pfkey_spirange_parse: " - "ext_len=%u ext_type=%u(%s) min=%u max=%u res=%u.\n", - pfkey_spirange->sadb_spirange_len, - pfkey_spirange->sadb_spirange_exttype, - pfkey_v2_sadb_ext_string(pfkey_spirange->sadb_spirange_exttype), - pfkey_spirange->sadb_spirange_min, - pfkey_spirange->sadb_spirange_max, - pfkey_spirange->sadb_spirange_reserved); - errlab: - return error; -} - -DEBUG_NO_STATIC int -pfkey_x_kmprivate_parse(struct sadb_ext *pfkey_ext) -{ - int error = 0; - struct sadb_x_kmprivate *pfkey_x_kmprivate = (struct sadb_x_kmprivate *)pfkey_ext; - - /* sanity checks... */ - if(pfkey_x_kmprivate->sadb_x_kmprivate_len < - sizeof(struct sadb_x_kmprivate) / IPSEC_PFKEYv2_ALIGN) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_x_kmprivate_parse: " - "size wrong ext_len=%d, key_ext_len=%d.\n", - pfkey_x_kmprivate->sadb_x_kmprivate_len, - (int)sizeof(struct sadb_x_kmprivate)); - SENDERR(EINVAL); - } - - if(pfkey_x_kmprivate->sadb_x_kmprivate_reserved) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_x_kmprivate_parse: " - "reserved=%d must be set to zero.\n", - pfkey_x_kmprivate->sadb_x_kmprivate_reserved); - SENDERR(EINVAL); - } - - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_x_kmprivate_parse: " - "Sorry, I can't parse exttype=%d yet.\n", - pfkey_ext->sadb_ext_type); - SENDERR(EINVAL); /* don't process these yet */ - -errlab: - return error; -} - -DEBUG_NO_STATIC int -pfkey_x_satype_parse(struct sadb_ext *pfkey_ext) -{ - int error = 0; - int i; - struct sadb_x_satype *pfkey_x_satype = (struct sadb_x_satype *)pfkey_ext; - - DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW, - "pfkey_x_satype_parse: enter\n"); - /* sanity checks... */ - if(pfkey_x_satype->sadb_x_satype_len != - sizeof(struct sadb_x_satype) / IPSEC_PFKEYv2_ALIGN) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_x_satype_parse: " - "size wrong ext_len=%d, key_ext_len=%d.\n", - pfkey_x_satype->sadb_x_satype_len, - (int)sizeof(struct sadb_x_satype)); - SENDERR(EINVAL); - } - - if(!pfkey_x_satype->sadb_x_satype_satype) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_x_satype_parse: " - "satype is zero, must be non-zero.\n"); - SENDERR(EINVAL); - } - - if(pfkey_x_satype->sadb_x_satype_satype > SADB_SATYPE_MAX) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_x_satype_parse: " - "satype %d > max %d, invalid.\n", - pfkey_x_satype->sadb_x_satype_satype, SADB_SATYPE_MAX); - SENDERR(EINVAL); - } - - if(!(satype2proto(pfkey_x_satype->sadb_x_satype_satype))) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_x_satype_parse: " - "proto lookup from satype=%d failed.\n", - pfkey_x_satype->sadb_x_satype_satype); - SENDERR(EINVAL); - } - - for(i = 0; i < 3; i++) { - if(pfkey_x_satype->sadb_x_satype_reserved[i]) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_x_satype_parse: " - "reserved[%d]=%d must be set to zero.\n", - i, pfkey_x_satype->sadb_x_satype_reserved[i]); - SENDERR(EINVAL); - } - } - - DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT, - "pfkey_x_satype_parse: " - "len=%u ext=%u(%s) satype=%u(%s) res=%u,%u,%u.\n", - pfkey_x_satype->sadb_x_satype_len, - pfkey_x_satype->sadb_x_satype_exttype, - pfkey_v2_sadb_ext_string(pfkey_x_satype->sadb_x_satype_exttype), - pfkey_x_satype->sadb_x_satype_satype, - satype2name(pfkey_x_satype->sadb_x_satype_satype), - pfkey_x_satype->sadb_x_satype_reserved[0], - pfkey_x_satype->sadb_x_satype_reserved[1], - pfkey_x_satype->sadb_x_satype_reserved[2]); -errlab: - return error; -} - -DEBUG_NO_STATIC int -pfkey_x_ext_debug_parse(struct sadb_ext *pfkey_ext) -{ - int error = 0; - int i; - struct sadb_x_debug *pfkey_x_debug = (struct sadb_x_debug *)pfkey_ext; - - DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW, - "pfkey_x_debug_parse: enter\n"); - /* sanity checks... */ - if(pfkey_x_debug->sadb_x_debug_len != - sizeof(struct sadb_x_debug) / IPSEC_PFKEYv2_ALIGN) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_x_debug_parse: " - "size wrong ext_len=%d, key_ext_len=%d.\n", - pfkey_x_debug->sadb_x_debug_len, - (int)sizeof(struct sadb_x_debug)); - SENDERR(EINVAL); - } - - for(i = 0; i < 4; i++) { - if(pfkey_x_debug->sadb_x_debug_reserved[i]) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_x_debug_parse: " - "reserved[%d]=%d must be set to zero.\n", - i, pfkey_x_debug->sadb_x_debug_reserved[i]); - SENDERR(EINVAL); - } - } - -errlab: - return error; -} - -DEBUG_NO_STATIC int -pfkey_x_ext_protocol_parse(struct sadb_ext *pfkey_ext) -{ - int error = 0; - struct sadb_protocol *p = (struct sadb_protocol *)pfkey_ext; - - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, "pfkey_x_protocol_parse:\n"); - /* sanity checks... */ - - if (p->sadb_protocol_len != sizeof(*p)/IPSEC_PFKEYv2_ALIGN) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_x_protocol_parse: size wrong ext_len=%d, key_ext_len=%d.\n", - p->sadb_protocol_len, (int)sizeof(*p)); - SENDERR(EINVAL); - } - - if (p->sadb_protocol_reserved2 != 0) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_protocol_parse: res=%d, must be zero.\n", - p->sadb_protocol_reserved2); - SENDERR(EINVAL); - } - - errlab: - return error; -} - -DEBUG_NO_STATIC int -pfkey_x_ext_nat_t_type_parse(struct sadb_ext *pfkey_ext) -{ - return 0; -} - -DEBUG_NO_STATIC int -pfkey_x_ext_nat_t_port_parse(struct sadb_ext *pfkey_ext) -{ - return 0; -} - -#define DEFINEPARSER(NAME) static struct pf_key_ext_parsers_def NAME##_def={NAME, #NAME}; - -DEFINEPARSER(pfkey_sa_parse); -DEFINEPARSER(pfkey_lifetime_parse); -DEFINEPARSER(pfkey_address_parse); -DEFINEPARSER(pfkey_key_parse); -DEFINEPARSER(pfkey_ident_parse); -DEFINEPARSER(pfkey_sens_parse); -DEFINEPARSER(pfkey_prop_parse); -DEFINEPARSER(pfkey_supported_parse); -DEFINEPARSER(pfkey_spirange_parse); -DEFINEPARSER(pfkey_x_kmprivate_parse); -DEFINEPARSER(pfkey_x_satype_parse); -DEFINEPARSER(pfkey_x_ext_debug_parse); -DEFINEPARSER(pfkey_x_ext_protocol_parse); -DEFINEPARSER(pfkey_x_ext_nat_t_type_parse); -DEFINEPARSER(pfkey_x_ext_nat_t_port_parse); - -struct pf_key_ext_parsers_def *ext_default_parsers[]= -{ - NULL, /* pfkey_msg_parse, */ - &pfkey_sa_parse_def, - &pfkey_lifetime_parse_def, - &pfkey_lifetime_parse_def, - &pfkey_lifetime_parse_def, - &pfkey_address_parse_def, - &pfkey_address_parse_def, - &pfkey_address_parse_def, - &pfkey_key_parse_def, - &pfkey_key_parse_def, - &pfkey_ident_parse_def, - &pfkey_ident_parse_def, - &pfkey_sens_parse_def, - &pfkey_prop_parse_def, - &pfkey_supported_parse_def, - &pfkey_supported_parse_def, - &pfkey_spirange_parse_def, - &pfkey_x_kmprivate_parse_def, - &pfkey_x_satype_parse_def, - &pfkey_sa_parse_def, - &pfkey_address_parse_def, - &pfkey_address_parse_def, - &pfkey_address_parse_def, - &pfkey_address_parse_def, - &pfkey_address_parse_def, - &pfkey_x_ext_debug_parse_def, - &pfkey_x_ext_protocol_parse_def , - &pfkey_x_ext_nat_t_type_parse_def, - &pfkey_x_ext_nat_t_port_parse_def, - &pfkey_x_ext_nat_t_port_parse_def, - &pfkey_address_parse_def -}; - -int -pfkey_msg_parse(struct sadb_msg *pfkey_msg, - struct pf_key_ext_parsers_def *ext_parsers[], - struct sadb_ext *extensions[], - int dir) -{ - int error = 0; - int remain; - struct sadb_ext *pfkey_ext; - int extensions_seen = 0; - - DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT, - "pfkey_msg_parse: " - "parsing message ver=%d, type=%d(%s), errno=%d, satype=%d(%s), len=%d, res=%d, seq=%d, pid=%d.\n", - pfkey_msg->sadb_msg_version, - pfkey_msg->sadb_msg_type, - pfkey_v2_sadb_type_string(pfkey_msg->sadb_msg_type), - pfkey_msg->sadb_msg_errno, - pfkey_msg->sadb_msg_satype, - satype2name(pfkey_msg->sadb_msg_satype), - pfkey_msg->sadb_msg_len, - pfkey_msg->sadb_msg_reserved, - pfkey_msg->sadb_msg_seq, - pfkey_msg->sadb_msg_pid); - - if(ext_parsers == NULL) ext_parsers = ext_default_parsers; - - pfkey_extensions_init(extensions); - - remain = pfkey_msg->sadb_msg_len; - remain -= sizeof(struct sadb_msg) / IPSEC_PFKEYv2_ALIGN; - - pfkey_ext = (struct sadb_ext*)((char*)pfkey_msg + - sizeof(struct sadb_msg)); - - extensions[0] = (struct sadb_ext *) pfkey_msg; - - - if(pfkey_msg->sadb_msg_version != PF_KEY_V2) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_msg_parse: " - "not PF_KEY_V2 msg, found %d, should be %d.\n", - pfkey_msg->sadb_msg_version, - PF_KEY_V2); - SENDERR(EINVAL); - } - - if(!pfkey_msg->sadb_msg_type) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_msg_parse: " - "msg type not set, must be non-zero..\n"); - SENDERR(EINVAL); - } - - if(pfkey_msg->sadb_msg_type > SADB_MAX) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_msg_parse: " - "msg type=%d > max=%d.\n", - pfkey_msg->sadb_msg_type, - SADB_MAX); - SENDERR(EINVAL); - } - - switch(pfkey_msg->sadb_msg_type) { - case SADB_GETSPI: - case SADB_UPDATE: - case SADB_ADD: - case SADB_DELETE: - case SADB_GET: - case SADB_X_GRPSA: - case SADB_X_ADDFLOW: - if(!satype2proto(pfkey_msg->sadb_msg_satype)) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_msg_parse: " - "satype %d conversion to proto failed for msg_type %d (%s).\n", - pfkey_msg->sadb_msg_satype, - pfkey_msg->sadb_msg_type, - pfkey_v2_sadb_type_string(pfkey_msg->sadb_msg_type)); - SENDERR(EINVAL); - } else { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_msg_parse: " - "satype %d(%s) conversion to proto gives %d for msg_type %d(%s).\n", - pfkey_msg->sadb_msg_satype, - satype2name(pfkey_msg->sadb_msg_satype), - satype2proto(pfkey_msg->sadb_msg_satype), - pfkey_msg->sadb_msg_type, - pfkey_v2_sadb_type_string(pfkey_msg->sadb_msg_type)); - } - /* fall through */ - case SADB_ACQUIRE: - case SADB_REGISTER: - case SADB_EXPIRE: - if(!pfkey_msg->sadb_msg_satype) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_msg_parse: " - "satype is zero, must be non-zero for msg_type %d(%s).\n", - pfkey_msg->sadb_msg_type, - pfkey_v2_sadb_type_string(pfkey_msg->sadb_msg_type)); - SENDERR(EINVAL); - } - default: - break; - } - - /* errno must not be set in downward messages */ - /* this is not entirely true... a response to an ACQUIRE could return an error */ - if((dir == EXT_BITS_IN) && (pfkey_msg->sadb_msg_type != SADB_ACQUIRE) && pfkey_msg->sadb_msg_errno) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_msg_parse: " - "errno set to %d.\n", - pfkey_msg->sadb_msg_errno); - SENDERR(EINVAL); - } - - DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW, - "pfkey_msg_parse: " - "remain=%d, ext_type=%d(%s), ext_len=%d.\n", - remain, - pfkey_ext->sadb_ext_type, - pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type), - pfkey_ext->sadb_ext_len); - - DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW, - "pfkey_msg_parse: " - "extensions permitted=%08x, required=%08x.\n", - extensions_bitmaps[dir][EXT_BITS_PERM][pfkey_msg->sadb_msg_type], - extensions_bitmaps[dir][EXT_BITS_REQ][pfkey_msg->sadb_msg_type]); - - extensions_seen = 1; - - while( (remain * IPSEC_PFKEYv2_ALIGN) >= sizeof(struct sadb_ext) ) { - /* Is there enough message left to support another extension header? */ - if(remain < pfkey_ext->sadb_ext_len) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_msg_parse: " - "remain %d less than ext len %d.\n", - remain, pfkey_ext->sadb_ext_len); - SENDERR(EINVAL); - } - - DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW, - "pfkey_msg_parse: " - "parsing ext type=%d(%s) remain=%d.\n", - pfkey_ext->sadb_ext_type, - pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type), - remain); - - /* Is the extension header type valid? */ - if((pfkey_ext->sadb_ext_type > SADB_EXT_MAX) || (!pfkey_ext->sadb_ext_type)) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_msg_parse: " - "ext type %d(%s) invalid, SADB_EXT_MAX=%d.\n", - pfkey_ext->sadb_ext_type, - pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type), - SADB_EXT_MAX); - SENDERR(EINVAL); - } - - /* Have we already seen this type of extension? */ - if((extensions_seen & ( 1 << pfkey_ext->sadb_ext_type )) != 0) - { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_msg_parse: " - "ext type %d(%s) already seen.\n", - pfkey_ext->sadb_ext_type, - pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type)); - SENDERR(EINVAL); - } - - /* Do I even know about this type of extension? */ - if(ext_parsers[pfkey_ext->sadb_ext_type]==NULL) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_msg_parse: " - "ext type %d(%s) unknown, ignoring.\n", - pfkey_ext->sadb_ext_type, - pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type)); - goto next_ext; - } - - /* Is this type of extension permitted for this type of message? */ - if(!(extensions_bitmaps[dir][EXT_BITS_PERM][pfkey_msg->sadb_msg_type] & - 1<<pfkey_ext->sadb_ext_type)) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_msg_parse: " - "ext type %d(%s) not permitted, exts_perm_in=%08x, 1<<type=%08x\n", - pfkey_ext->sadb_ext_type, - pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type), - extensions_bitmaps[dir][EXT_BITS_PERM][pfkey_msg->sadb_msg_type], - 1<<pfkey_ext->sadb_ext_type); - SENDERR(EINVAL); - } - - DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT, - "pfkey_msg_parse: " - "remain=%d ext_type=%d(%s) ext_len=%d parsing ext 0p%p with parser %s.\n", - remain, - pfkey_ext->sadb_ext_type, - pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type), - pfkey_ext->sadb_ext_len, - pfkey_ext, - ext_parsers[pfkey_ext->sadb_ext_type]->parser_name); - - /* Parse the extension */ - if((error = - (*ext_parsers[pfkey_ext->sadb_ext_type]->parser)(pfkey_ext))) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_msg_parse: " - "extension parsing for type %d(%s) failed with error %d.\n", - pfkey_ext->sadb_ext_type, - pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type), - error); - SENDERR(-error); - } - DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW, - "pfkey_msg_parse: " - "Extension %d(%s) parsed.\n", - pfkey_ext->sadb_ext_type, - pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type)); - - /* Mark that we have seen this extension and remember the header location */ - extensions_seen |= ( 1 << pfkey_ext->sadb_ext_type ); - extensions[pfkey_ext->sadb_ext_type] = pfkey_ext; - - next_ext: - /* Calculate how much message remains */ - remain -= pfkey_ext->sadb_ext_len; - - if(!remain) { - break; - } - /* Find the next extension header */ - pfkey_ext = (struct sadb_ext*)((char*)pfkey_ext + - pfkey_ext->sadb_ext_len * IPSEC_PFKEYv2_ALIGN); - } - - if(remain) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_msg_parse: " - "unexpected remainder of %d.\n", - remain); - /* why is there still something remaining? */ - SENDERR(EINVAL); - } - - /* check required extensions */ - DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT, - "pfkey_msg_parse: " - "extensions permitted=%08x, seen=%08x, required=%08x.\n", - extensions_bitmaps[dir][EXT_BITS_PERM][pfkey_msg->sadb_msg_type], - extensions_seen, - extensions_bitmaps[dir][EXT_BITS_REQ][pfkey_msg->sadb_msg_type]); - - /* don't check further if it is an error return message since it - may not have a body */ - if(pfkey_msg->sadb_msg_errno) { - SENDERR(-error); - } - - if((extensions_seen & - extensions_bitmaps[dir][EXT_BITS_REQ][pfkey_msg->sadb_msg_type]) != - extensions_bitmaps[dir][EXT_BITS_REQ][pfkey_msg->sadb_msg_type]) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_msg_parse: " - "required extensions missing:%08x.\n", - extensions_bitmaps[dir][EXT_BITS_REQ][pfkey_msg->sadb_msg_type] - - (extensions_seen & - extensions_bitmaps[dir][EXT_BITS_REQ][pfkey_msg->sadb_msg_type])); - SENDERR(EINVAL); - } - - if((dir == EXT_BITS_IN) && (pfkey_msg->sadb_msg_type == SADB_X_DELFLOW) - && ((extensions_seen & SADB_X_EXT_ADDRESS_DELFLOW) - != SADB_X_EXT_ADDRESS_DELFLOW) - && (((extensions_seen & (1<<SADB_EXT_SA)) != (1<<SADB_EXT_SA)) - || ((((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_flags - & SADB_X_SAFLAGS_CLEARFLOW) - != SADB_X_SAFLAGS_CLEARFLOW))) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_msg_parse: " - "required SADB_X_DELFLOW extensions missing: either %08x must be present or %08x must be present with SADB_X_SAFLAGS_CLEARFLOW set.\n", - SADB_X_EXT_ADDRESS_DELFLOW - - (extensions_seen & SADB_X_EXT_ADDRESS_DELFLOW), - (1<<SADB_EXT_SA) - (extensions_seen & (1<<SADB_EXT_SA))); - SENDERR(EINVAL); - } - - switch(pfkey_msg->sadb_msg_type) { - case SADB_ADD: - case SADB_UPDATE: - /* check maturity */ - if(((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_state != - SADB_SASTATE_MATURE) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_msg_parse: " - "state=%d for add or update should be MATURE=%d.\n", - ((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_state, - SADB_SASTATE_MATURE); - SENDERR(EINVAL); - } - - /* check AH and ESP */ - switch(((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_satype) { - case SADB_SATYPE_AH: - if(!(((struct sadb_sa*)extensions[SADB_EXT_SA]) && - ((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_auth != - SADB_AALG_NONE)) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_msg_parse: " - "auth alg is zero, must be non-zero for AH SAs.\n"); - SENDERR(EINVAL); - } - if(((struct sadb_sa*)(extensions[SADB_EXT_SA]))->sadb_sa_encrypt != - SADB_EALG_NONE) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_msg_parse: " - "AH handed encalg=%d, must be zero.\n", - ((struct sadb_sa*)(extensions[SADB_EXT_SA]))->sadb_sa_encrypt); - SENDERR(EINVAL); - } - break; - case SADB_SATYPE_ESP: - if(!(((struct sadb_sa*)extensions[SADB_EXT_SA]) && - ((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_encrypt != - SADB_EALG_NONE)) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_msg_parse: " - "encrypt alg=%d is zero, must be non-zero for ESP=%d SAs.\n", - ((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_encrypt, - ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_satype); - SENDERR(EINVAL); - } - if((((struct sadb_sa*)(extensions[SADB_EXT_SA]))->sadb_sa_encrypt == - SADB_EALG_NULL) && - (((struct sadb_sa*)(extensions[SADB_EXT_SA]))->sadb_sa_auth == - SADB_AALG_NONE) ) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_msg_parse: " - "ESP handed encNULL+authNONE, illegal combination.\n"); - SENDERR(EINVAL); - } - break; - case SADB_X_SATYPE_COMP: - if(!(((struct sadb_sa*)extensions[SADB_EXT_SA]) && - ((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_encrypt != - SADB_EALG_NONE)) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_msg_parse: " - "encrypt alg=%d is zero, must be non-zero for COMP=%d SAs.\n", - ((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_encrypt, - ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_satype); - SENDERR(EINVAL); - } - if(((struct sadb_sa*)(extensions[SADB_EXT_SA]))->sadb_sa_auth != - SADB_AALG_NONE) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_msg_parse: " - "COMP handed auth=%d, must be zero.\n", - ((struct sadb_sa*)(extensions[SADB_EXT_SA]))->sadb_sa_auth); - SENDERR(EINVAL); - } - break; - default: - break; - } - if(ntohl(((struct sadb_sa*)(extensions[SADB_EXT_SA]))->sadb_sa_spi) <= 255) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_msg_parse: " - "spi=%08x must be > 255.\n", - ntohl(((struct sadb_sa*)(extensions[SADB_EXT_SA]))->sadb_sa_spi)); - SENDERR(EINVAL); - } - default: - break; - } -errlab: - - return error; -} diff --git a/src/libfreeswan/pfkeyv2.h b/src/libfreeswan/pfkeyv2.h deleted file mode 100644 index 725997ebc..000000000 --- a/src/libfreeswan/pfkeyv2.h +++ /dev/null @@ -1,368 +0,0 @@ -/* -RFC 2367 PF_KEY Key Management API July 1998 - - -Appendix D: Sample Header File - -This file defines structures and symbols for the PF_KEY Version 2 -key management interface. It was written at the U.S. Naval Research -Laboratory. This file is in the public domain. The authors ask that -you leave this credit intact on any copies of this file. -*/ -#ifndef __PFKEY_V2_H -#define __PFKEY_V2_H 1 - -#define PF_KEY_V2 2 -#define PFKEYV2_REVISION 199806L - -#define SADB_RESERVED 0 -#define SADB_GETSPI 1 -#define SADB_UPDATE 2 -#define SADB_ADD 3 -#define SADB_DELETE 4 -#define SADB_GET 5 -#define SADB_ACQUIRE 6 -#define SADB_REGISTER 7 -#define SADB_EXPIRE 8 -#define SADB_FLUSH 9 -#define SADB_DUMP 10 -#define SADB_X_PROMISC 11 -#define SADB_X_PCHANGE 12 -#define SADB_X_GRPSA 13 -#define SADB_X_ADDFLOW 14 -#define SADB_X_DELFLOW 15 -#define SADB_X_DEBUG 16 -#define SADB_X_NAT_T_NEW_MAPPING 17 -#define SADB_MAX 17 - -struct sadb_msg { - uint8_t sadb_msg_version; - uint8_t sadb_msg_type; - uint8_t sadb_msg_errno; - uint8_t sadb_msg_satype; - uint16_t sadb_msg_len; - uint16_t sadb_msg_reserved; - uint32_t sadb_msg_seq; - uint32_t sadb_msg_pid; -}; - -struct sadb_ext { - uint16_t sadb_ext_len; - uint16_t sadb_ext_type; -}; - -struct sadb_sa { - uint16_t sadb_sa_len; - uint16_t sadb_sa_exttype; - uint32_t sadb_sa_spi; - uint8_t sadb_sa_replay; - uint8_t sadb_sa_state; - uint8_t sadb_sa_auth; - uint8_t sadb_sa_encrypt; - uint32_t sadb_sa_flags; - uint32_t /*IPsecSAref_t*/ sadb_x_sa_ref; /* 32 bits */ - uint8_t sadb_x_reserved[4]; -}; - -struct sadb_sa_v1 { - uint16_t sadb_sa_len; - uint16_t sadb_sa_exttype; - uint32_t sadb_sa_spi; - uint8_t sadb_sa_replay; - uint8_t sadb_sa_state; - uint8_t sadb_sa_auth; - uint8_t sadb_sa_encrypt; - uint32_t sadb_sa_flags; -}; - -struct sadb_lifetime { - uint16_t sadb_lifetime_len; - uint16_t sadb_lifetime_exttype; - uint32_t sadb_lifetime_allocations; - uint64_t sadb_lifetime_bytes; - uint64_t sadb_lifetime_addtime; - uint64_t sadb_lifetime_usetime; - uint32_t sadb_x_lifetime_packets; - uint32_t sadb_x_lifetime_reserved; -}; - -struct sadb_address { - uint16_t sadb_address_len; - uint16_t sadb_address_exttype; - uint8_t sadb_address_proto; - uint8_t sadb_address_prefixlen; - uint16_t sadb_address_reserved; -}; - -struct sadb_key { - uint16_t sadb_key_len; - uint16_t sadb_key_exttype; - uint16_t sadb_key_bits; - uint16_t sadb_key_reserved; -}; - -struct sadb_ident { - uint16_t sadb_ident_len; - uint16_t sadb_ident_exttype; - uint16_t sadb_ident_type; - uint16_t sadb_ident_reserved; - uint64_t sadb_ident_id; -}; - -struct sadb_sens { - uint16_t sadb_sens_len; - uint16_t sadb_sens_exttype; - uint32_t sadb_sens_dpd; - uint8_t sadb_sens_sens_level; - uint8_t sadb_sens_sens_len; - uint8_t sadb_sens_integ_level; - uint8_t sadb_sens_integ_len; - uint32_t sadb_sens_reserved; -}; - -struct sadb_prop { - uint16_t sadb_prop_len; - uint16_t sadb_prop_exttype; - uint8_t sadb_prop_replay; - uint8_t sadb_prop_reserved[3]; -}; - -struct sadb_comb { - uint8_t sadb_comb_auth; - uint8_t sadb_comb_encrypt; - uint16_t sadb_comb_flags; - uint16_t sadb_comb_auth_minbits; - uint16_t sadb_comb_auth_maxbits; - uint16_t sadb_comb_encrypt_minbits; - uint16_t sadb_comb_encrypt_maxbits; - uint32_t sadb_comb_reserved; - uint32_t sadb_comb_soft_allocations; - uint32_t sadb_comb_hard_allocations; - uint64_t sadb_comb_soft_bytes; - uint64_t sadb_comb_hard_bytes; - uint64_t sadb_comb_soft_addtime; - uint64_t sadb_comb_hard_addtime; - uint64_t sadb_comb_soft_usetime; - uint64_t sadb_comb_hard_usetime; - uint32_t sadb_x_comb_soft_packets; - uint32_t sadb_x_comb_hard_packets; -}; - -struct sadb_supported { - uint16_t sadb_supported_len; - uint16_t sadb_supported_exttype; - uint32_t sadb_supported_reserved; -}; - -struct sadb_alg { - uint8_t sadb_alg_id; - uint8_t sadb_alg_ivlen; - uint16_t sadb_alg_minbits; - uint16_t sadb_alg_maxbits; - uint16_t sadb_alg_reserved; -}; - -struct sadb_spirange { - uint16_t sadb_spirange_len; - uint16_t sadb_spirange_exttype; - uint32_t sadb_spirange_min; - uint32_t sadb_spirange_max; - uint32_t sadb_spirange_reserved; -}; - -struct sadb_x_kmprivate { - uint16_t sadb_x_kmprivate_len; - uint16_t sadb_x_kmprivate_exttype; - uint32_t sadb_x_kmprivate_reserved; -}; - -struct sadb_x_satype { - uint16_t sadb_x_satype_len; - uint16_t sadb_x_satype_exttype; - uint8_t sadb_x_satype_satype; - uint8_t sadb_x_satype_reserved[3]; -}; - -struct sadb_x_policy { - uint16_t sadb_x_policy_len; - uint16_t sadb_x_policy_exttype; - uint16_t sadb_x_policy_type; - uint8_t sadb_x_policy_dir; - uint8_t sadb_x_policy_reserved; - uint32_t sadb_x_policy_id; - uint32_t sadb_x_policy_reserved2; -}; - -struct sadb_x_debug { - uint16_t sadb_x_debug_len; - uint16_t sadb_x_debug_exttype; - uint32_t sadb_x_debug_tunnel; - uint32_t sadb_x_debug_netlink; - uint32_t sadb_x_debug_xform; - uint32_t sadb_x_debug_eroute; - uint32_t sadb_x_debug_spi; - uint32_t sadb_x_debug_radij; - uint32_t sadb_x_debug_esp; - uint32_t sadb_x_debug_ah; - uint32_t sadb_x_debug_rcv; - uint32_t sadb_x_debug_pfkey; - uint32_t sadb_x_debug_ipcomp; - uint32_t sadb_x_debug_verbose; - uint8_t sadb_x_debug_reserved[4]; -}; - -struct sadb_x_nat_t_type { - uint16_t sadb_x_nat_t_type_len; - uint16_t sadb_x_nat_t_type_exttype; - uint8_t sadb_x_nat_t_type_type; - uint8_t sadb_x_nat_t_type_reserved[3]; -}; -struct sadb_x_nat_t_port { - uint16_t sadb_x_nat_t_port_len; - uint16_t sadb_x_nat_t_port_exttype; - uint16_t sadb_x_nat_t_port_port; - uint16_t sadb_x_nat_t_port_reserved; -}; - -/* - * A protocol structure for passing through the transport level - * protocol. It contains more fields than are actually used/needed - * but it is this way to be compatible with the structure used in - * OpenBSD (http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/pfkeyv2.h) - */ -struct sadb_protocol { - uint16_t sadb_protocol_len; - uint16_t sadb_protocol_exttype; - uint8_t sadb_protocol_proto; - uint8_t sadb_protocol_direction; - uint8_t sadb_protocol_flags; - uint8_t sadb_protocol_reserved2; -}; - -#define SADB_EXT_RESERVED 0 -#define SADB_EXT_SA 1 -#define SADB_EXT_LIFETIME_CURRENT 2 -#define SADB_EXT_LIFETIME_HARD 3 -#define SADB_EXT_LIFETIME_SOFT 4 -#define SADB_EXT_ADDRESS_SRC 5 -#define SADB_EXT_ADDRESS_DST 6 -#define SADB_EXT_ADDRESS_PROXY 7 -#define SADB_EXT_KEY_AUTH 8 -#define SADB_EXT_KEY_ENCRYPT 9 -#define SADB_EXT_IDENTITY_SRC 10 -#define SADB_EXT_IDENTITY_DST 11 -#define SADB_EXT_SENSITIVITY 12 -#define SADB_EXT_PROPOSAL 13 -#define SADB_EXT_SUPPORTED_AUTH 14 -#define SADB_EXT_SUPPORTED_ENCRYPT 15 -#define SADB_EXT_SPIRANGE 16 -#define SADB_X_EXT_KMPRIVATE 17 -#define SADB_X_EXT_SATYPE2 18 -#ifdef KERNEL26_HAS_KAME_DUPLICATES -#define SADB_X_EXT_POLICY 18 -#endif -#define SADB_X_EXT_SA2 19 -#define SADB_X_EXT_ADDRESS_DST2 20 -#define SADB_X_EXT_ADDRESS_SRC_FLOW 21 -#define SADB_X_EXT_ADDRESS_DST_FLOW 22 -#define SADB_X_EXT_ADDRESS_SRC_MASK 23 -#define SADB_X_EXT_ADDRESS_DST_MASK 24 -#define SADB_X_EXT_DEBUG 25 -#define SADB_X_EXT_PROTOCOL 26 -#define SADB_X_EXT_NAT_T_TYPE 27 -#define SADB_X_EXT_NAT_T_SPORT 28 -#define SADB_X_EXT_NAT_T_DPORT 29 -#define SADB_X_EXT_NAT_T_OA 30 -#define SADB_EXT_MAX 30 - -/* SADB_X_DELFLOW required over and above SADB_X_SAFLAGS_CLEARFLOW */ -#define SADB_X_EXT_ADDRESS_DELFLOW \ - ( (1<<SADB_X_EXT_ADDRESS_SRC_FLOW) \ - | (1<<SADB_X_EXT_ADDRESS_DST_FLOW) \ - | (1<<SADB_X_EXT_ADDRESS_SRC_MASK) \ - | (1<<SADB_X_EXT_ADDRESS_DST_MASK)) - -#define SADB_SATYPE_UNSPEC 0 -#define SADB_SATYPE_AH 2 -#define SADB_SATYPE_ESP 3 -#define SADB_SATYPE_RSVP 5 -#define SADB_SATYPE_OSPFV2 6 -#define SADB_SATYPE_RIPV2 7 -#define SADB_SATYPE_MIP 8 -#define SADB_X_SATYPE_IPIP 9 -#ifdef KERNEL26_HAS_KAME_DUPLICATES -#define SADB_X_SATYPE_IPCOMP 9 /* ICK! */ -#endif -#define SADB_X_SATYPE_COMP 10 -#define SADB_X_SATYPE_INT 11 -#define SADB_SATYPE_MAX 11 - -#define SADB_SASTATE_LARVAL 0 -#define SADB_SASTATE_MATURE 1 -#define SADB_SASTATE_DYING 2 -#define SADB_SASTATE_DEAD 3 -#define SADB_SASTATE_MAX 3 - -#define SADB_SAFLAGS_PFS 1 -#define SADB_X_SAFLAGS_REPLACEFLOW 2 -#define SADB_X_SAFLAGS_CLEARFLOW 4 -#define SADB_X_SAFLAGS_INFLOW 8 - -/* Authentication algorithms */ -#define SADB_AALG_NONE 0 -#define SADB_AALG_MD5HMAC 2 -#define SADB_AALG_SHA1HMAC 3 -#define SADB_X_AALG_SHA2_256HMAC 5 -#define SADB_X_AALG_SHA2_384HMAC 6 -#define SADB_X_AALG_SHA2_512HMAC 7 -#define SADB_X_AALG_RIPEMD160HMAC 8 -#define SADB_X_AALG_AES_XCBC_MAC 9 -#define SADB_X_AALG_NULL 251 /* kame */ -#define SADB_X_AALG_SHA2_256_96HMAC 252 -#define SADB_AALG_MAX 252 - -/* Encryption algorithms */ -#define SADB_EALG_NONE 0 -#define SADB_EALG_DESCBC 2 -#define SADB_EALG_3DESCBC 3 -#define SADB_X_EALG_CASTCBC 6 -#define SADB_X_EALG_BLOWFISHCBC 7 -#define SADB_EALG_NULL 11 -#define SADB_X_EALG_AESCBC 12 -#define SADB_X_EALG_AESCTR 13 -#define SADB_X_EALG_AES_CCM_ICV8 14 -#define SADB_X_EALG_AES_CCM_ICV12 15 -#define SADB_X_EALG_AES_CCM_ICV16 16 -#define SADB_X_EALG_AES_GCM_ICV8 18 -#define SADB_X_EALG_AES_GCM_ICV12 19 -#define SADB_X_EALG_AES_GCM_ICV16 20 -#define SADB_X_EALG_CAMELLIACBC 22 -#define SADB_X_EALG_NULL_AES_GMAC 23 -#define SADB_EALG_MAX 253 /* last EALG */ -/* private allocations should use 249-255 (RFC2407) */ -#define SADB_X_EALG_SERPENTCBC 252 /* draft-ietf-ipsec-ciph-aes-cbc-00 */ -#define SADB_X_EALG_TWOFISHCBC 253 /* draft-ietf-ipsec-ciph-aes-cbc-00 */ - -/* Compression algorithms */ -#define SADB_X_CALG_NONE 0 -#define SADB_X_CALG_OUI 1 -#define SADB_X_CALG_DEFLATE 2 -#define SADB_X_CALG_LZS 3 -#define SADB_X_CALG_LZJH 4 -#define SADB_X_CALG_MAX 4 - -#define SADB_X_TALG_NONE 0 -#define SADB_X_TALG_IPv4_in_IPv4 1 -#define SADB_X_TALG_IPv6_in_IPv4 2 -#define SADB_X_TALG_IPv4_in_IPv6 3 -#define SADB_X_TALG_IPv6_in_IPv6 4 -#define SADB_X_TALG_MAX 4 - -/* Identity Extension values */ -#define SADB_IDENTTYPE_RESERVED 0 -#define SADB_IDENTTYPE_PREFIX 1 -#define SADB_IDENTTYPE_FQDN 2 -#define SADB_IDENTTYPE_USERFQDN 3 -#define SADB_IDENTTYPE_MAX 3 - -#endif /* __PFKEY_V2_H */ diff --git a/src/libfreeswan/portof.3 b/src/libfreeswan/portof.3 deleted file mode 100644 index 112def560..000000000 --- a/src/libfreeswan/portof.3 +++ /dev/null @@ -1,69 +0,0 @@ -.TH IPSEC_PORTOF 3 "8 Sept 2000" -.SH NAME -ipsec portof \- get port field of an ip_address -.br -ipsec setportof \- set port field of an ip_address -.br -ipsec sockaddrof \- get pointer to internal sockaddr of an ip_address -.br -ipsec sockaddrlenof \- get length of internal sockaddr of an ip_address -.SH SYNOPSIS -.B "#include <freeswan.h>" -.sp -.B "int portof(const ip_address *src);" -.br -.B "void setportof(int port, ip_address *dst);" -.br -.B "struct sockaddr *sockaddrof(ip_address *src);" -.br -.B "size_t sockaddrlenof(const ip_address *src);" -.SH DESCRIPTION -The -.B <freeswan.h> -internal type -.I ip_address -contains one of the -.I sockaddr -types internally. -\fIReliance on this feature is discouraged\fR, -but it may occasionally be necessary. -These functions provide low-level tools for this purpose. -.PP -.I Portof -and -.I setportof -respectively read and write the port-number field of the internal -.IR sockaddr . -The values are in network byte order. -.PP -.I Sockaddrof -returns a pointer to the internal -.IR sockaddr , -for passing to other functions. -.PP -.I Sockaddrlenof -reports the size of the internal -.IR sockaddr , -for use in storage allocation. -.SH SEE ALSO -inet(3), ipsec_initaddr(3) -.SH DIAGNOSTICS -.I Portof -returns -.BR \-1 , -.I sockaddrof -returns -.BR NULL , -and -.I sockaddrlenof -returns -.B 0 -if an unknown address family is found within the -.IR ip_address . -.SH HISTORY -Written for the FreeS/WAN project by Henry Spencer. -.SH BUGS -These functions all depend on low-level details of the -.I ip_address -type, which are in principle subject to change. -Avoid using them unless really necessary. diff --git a/src/libfreeswan/portof.c b/src/libfreeswan/portof.c deleted file mode 100644 index c44b839f3..000000000 --- a/src/libfreeswan/portof.c +++ /dev/null @@ -1,96 +0,0 @@ -/* - * low-level ip_address ugliness - * Copyright (C) 2000 Henry Spencer. - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - */ -#include <sys/socket.h> - -#include "internal.h" -#include "freeswan.h" - -/* - - portof - get the port field of an ip_address - */ -int /* network order */ -portof(src) -const ip_address *src; -{ - switch (src->u.v4.sin_family) { - case AF_INET: - return src->u.v4.sin_port; - break; - case AF_INET6: - return src->u.v6.sin6_port; - break; - default: - return -1; /* "can't happen" */ - break; - } -} - -/* - - setportof - set the port field of an ip_address - */ -void -setportof(port, dst) -int port; /* network order */ -ip_address *dst; -{ - switch (dst->u.v4.sin_family) { - case AF_INET: - dst->u.v4.sin_port = port; - break; - case AF_INET6: - dst->u.v6.sin6_port = port; - break; - } -} - -/* - - sockaddrof - get a pointer to the sockaddr hiding inside an ip_address - */ -struct sockaddr * -sockaddrof(src) -ip_address *src; -{ - switch (src->u.v4.sin_family) { - case AF_INET: - return (struct sockaddr *)&src->u.v4; - break; - case AF_INET6: - return (struct sockaddr *)&src->u.v6; - break; - default: - return NULL; /* "can't happen" */ - break; - } -} - -/* - - sockaddrlenof - get length of the sockaddr hiding inside an ip_address - */ -size_t /* 0 for error */ -sockaddrlenof(src) -const ip_address *src; -{ - switch (src->u.v4.sin_family) { - case AF_INET: - return sizeof(src->u.v4); - break; - case AF_INET6: - return sizeof(src->u.v6); - break; - default: - return 0; - break; - } -} diff --git a/src/libfreeswan/rangetoa.c b/src/libfreeswan/rangetoa.c deleted file mode 100644 index 704558248..000000000 --- a/src/libfreeswan/rangetoa.c +++ /dev/null @@ -1,59 +0,0 @@ -/* - * convert binary form of address range to ASCII - * Copyright (C) 1998, 1999 Henry Spencer. - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - */ -#include "internal.h" -#include "freeswan.h" - -/* - - rangetoa - convert address range to ASCII - */ -size_t /* space needed for full conversion */ -rangetoa(addrs, format, dst, dstlen) -struct in_addr addrs[2]; -int format; /* character */ -char *dst; /* need not be valid if dstlen is 0 */ -size_t dstlen; -{ - size_t len; - size_t rest; - int n; - char *p; - - switch (format) { - case 0: - break; - default: - return 0; - break; - } - - len = addrtoa(addrs[0], 0, dst, dstlen); - if (len < dstlen) - for (p = dst + len - 1, n = 3; len < dstlen && n > 0; - p++, len++, n--) - *p = '.'; - else - p = NULL; - if (len < dstlen) - rest = dstlen - len; - else { - if (dstlen > 0) - *(dst + dstlen - 1) = '\0'; - rest = 0; - } - - len += addrtoa(addrs[1], 0, p, rest); - - return len; -} diff --git a/src/libfreeswan/rangetosubnet.3 b/src/libfreeswan/rangetosubnet.3 deleted file mode 100644 index 100b42bd9..000000000 --- a/src/libfreeswan/rangetosubnet.3 +++ /dev/null @@ -1,58 +0,0 @@ -.TH IPSEC_RANGETOSUBNET 3 "8 Sept 2000" -.SH NAME -ipsec rangetosubnet \- convert address range to subnet -.SH SYNOPSIS -.B "#include <freeswan.h>" -.sp -.B "const char *rangetosubnet(const ip_address *start," -.ti +1c -.B "const ip_address *stop, ip_subnet *dst);" -.SH DESCRIPTION -.I Rangetosubnet -accepts two IP addresses which define an address range, -from -.I start -to -.I stop -inclusive, -and converts this to a subnet if possible. -The addresses must both be IPv4 or both be IPv6, -and the address family of the resulting subnet is the same. -.PP -.I Rangetosubnet -returns NULL for success and -a pointer to a string-literal error message for failure; -see DIAGNOSTICS. -.SH SEE ALSO -ipsec_initsubnet(3), ipsec_ttosubnet(3) -.SH DIAGNOSTICS -Fatal errors in -.I rangetosubnet -are: -mixed address families; -unknown address family; -.I start -and -.I stop -do not define a subnet. -.SH HISTORY -Written for the FreeS/WAN project by Henry Spencer. -.SH BUGS -The restriction of error reports to literal strings -(so that callers don't need to worry about freeing them or copying them) -does limit the precision of error reporting. -.PP -The error-reporting convention lends itself -to slightly obscure code, -because many readers will not think of NULL as signifying success. -A good way to make it clearer is to write something like: -.PP -.RS -.nf -.B "const char *error;" -.sp -.B "error = rangetosubnet( /* ... */ );" -.B "if (error != NULL) {" -.B " /* something went wrong */" -.fi -.RE diff --git a/src/libfreeswan/rangetosubnet.c b/src/libfreeswan/rangetosubnet.c deleted file mode 100644 index 2a989300e..000000000 --- a/src/libfreeswan/rangetosubnet.c +++ /dev/null @@ -1,224 +0,0 @@ -/* - * express an address range as a subnet (if possible) - * Copyright (C) 2000 Henry Spencer. - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - */ -#include "internal.h" -#include "freeswan.h" - -/* - - rangetosubnet - turn an address range into a subnet, if possible - * - * A range which is a valid subnet will have a network part which is the - * same in the from value and the to value, followed by a host part which - * is all 0 in the from value and all 1 in the to value. - */ -err_t -rangetosubnet(from, to, dst) -const ip_address *from; -const ip_address *to; -ip_subnet *dst; -{ - unsigned const char *fp; - unsigned const char *tp; - unsigned fb; - unsigned tb; - unsigned const char *f; - unsigned const char *t; - size_t n; - size_t n2; - int i; - int nnet; - unsigned m; - - if (addrtypeof(from) != addrtypeof(to)) - return "mismatched address types"; - n = addrbytesptr(from, &fp); - if (n == 0) - return "unknown address type"; - n2 = addrbytesptr(to, &tp); - if (n != n2) - return "internal size mismatch in rangetosubnet"; - - f = fp; - t = tp; - nnet = 0; - for (i = n; i > 0 && *f == *t; i--, f++, t++) - nnet += 8; - if (i > 0 && !(*f == 0x00 && *t == 0xff)) { /* mid-byte bdry. */ - fb = *f++; - tb = *t++; - i--; - m = 0x80; - while ((fb&m) == (tb&m)) { - fb &= ~m; - tb |= m; - m >>= 1; - nnet++; - } - if (fb != 0x00 || tb != 0xff) - return "not a valid subnet"; - } - for (; i > 0 && *f == 0x00 && *t == 0xff; i--, f++, t++) - continue; - - if (i != 0) - return "invalid subnet"; - - return initsubnet(from, nnet, 'x', dst); -} - - - -#ifdef RANGETOSUBNET_MAIN - -#include <stdio.h> - -void regress(void); - -int -main(int argc, char *argv[]) -{ - ip_address start; - ip_address stop; - ip_subnet sub; - char buf[100]; - const char *oops; - size_t n; - int af; - int i; - - if (argc == 2 && strcmp(argv[1], "-r") == 0) { - regress(); - fprintf(stderr, "regress() returned?!?\n"); - exit(1); - } - - if (argc < 3) { - fprintf(stderr, "Usage: %s [-6] start stop\n", argv[0]); - fprintf(stderr, " or: %s -r\n", argv[0]); - exit(2); - } - - af = AF_INET; - i = 1; - if (strcmp(argv[i], "-6") == 0) { - af = AF_INET6; - i++; - } - - oops = ttoaddr(argv[i], 0, af, &start); - if (oops != NULL) { - fprintf(stderr, "%s: start conversion failed: %s\n", argv[0], oops); - exit(1); - } - oops = ttoaddr(argv[i+1], 0, af, &stop); - if (oops != NULL) { - fprintf(stderr, "%s: stop conversion failed: %s\n", argv[0], oops); - exit(1); - } - oops = rangetosubnet(&start, &stop, &sub); - if (oops != NULL) { - fprintf(stderr, "%s: rangetosubnet failed: %s\n", argv[0], oops); - exit(1); - } - n = subnettot(&sub, 0, buf, sizeof(buf)); - if (n > sizeof(buf)) { - fprintf(stderr, "%s: reverse conversion", argv[0]); - fprintf(stderr, " failed: need %ld bytes, have only %ld\n", - (long)n, (long)sizeof(buf)); - exit(1); - } - printf("%s\n", buf); - - exit(0); -} - -struct rtab { - int family; - char *start; - char *stop; - char *output; /* NULL means error expected */ -} rtab[] = { - {4, "1.2.3.0", "1.2.3.255", "1.2.3.0/24"}, - {4, "1.2.3.0", "1.2.3.7", "1.2.3.0/29"}, - {4, "1.2.3.240", "1.2.3.255", "1.2.3.240/28"}, - {4, "0.0.0.0", "255.255.255.255", "0.0.0.0/0"}, - {4, "1.2.3.4", "1.2.3.4", "1.2.3.4/32"}, - {4, "1.2.3.0", "1.2.3.254", NULL}, - {4, "1.2.3.0", "1.2.3.126", NULL}, - {4, "1.2.3.0", "1.2.3.125", NULL}, - {4, "1.2.0.0", "1.2.255.255", "1.2.0.0/16"}, - {4, "1.2.0.0", "1.2.0.255", "1.2.0.0/24"}, - {4, "1.2.255.0", "1.2.255.255", "1.2.255.0/24"}, - {4, "1.2.255.0", "1.2.254.255", NULL}, - {4, "1.2.255.1", "1.2.255.255", NULL}, - {4, "1.2.0.1", "1.2.255.255", NULL}, - {6, "1:2:3:4:5:6:7:0", "1:2:3:4:5:6:7:ffff", "1:2:3:4:5:6:7:0/112"}, - {6, "1:2:3:4:5:6:7:0", "1:2:3:4:5:6:7:fff", "1:2:3:4:5:6:7:0/116"}, - {6, "1:2:3:4:5:6:7:f0", "1:2:3:4:5:6:7:ff", "1:2:3:4:5:6:7:f0/124"}, - {4, NULL, NULL, NULL}, -}; - -void -regress() -{ - struct rtab *r; - int status = 0; - ip_address start; - ip_address stop; - ip_subnet sub; - char buf[100]; - const char *oops; - size_t n; - int af; - - for (r = rtab; r->start != NULL; r++) { - af = (r->family == 4) ? AF_INET : AF_INET6; - oops = ttoaddr(r->start, 0, af, &start); - if (oops != NULL) { - printf("surprise failure converting `%s'\n", r->start); - exit(1); - } - oops = ttoaddr(r->stop, 0, af, &stop); - if (oops != NULL) { - printf("surprise failure converting `%s'\n", r->stop); - exit(1); - } - oops = rangetosubnet(&start, &stop, &sub); - if (oops != NULL && r->output == NULL) - {} /* okay, error expected */ - else if (oops != NULL) { - printf("`%s'-`%s' rangetosubnet failed: %s\n", - r->start, r->stop, oops); - status = 1; - } else if (r->output == NULL) { - printf("`%s'-`%s' rangetosubnet succeeded unexpectedly\n", - r->start, r->stop); - status = 1; - } else { - n = subnettot(&sub, 0, buf, sizeof(buf)); - if (n > sizeof(buf)) { - printf("`%s'-`%s' subnettot failed: need %ld\n", - r->start, r->stop, (long)n); - status = 1; - } else if (strcmp(r->output, buf) != 0) { - printf("`%s'-`%s' gave `%s', expected `%s'\n", - r->start, r->stop, buf, r->output); - status = 1; - } - } - } - exit(status); -} - -#endif /* RANGETOSUBNET_MAIN */ diff --git a/src/libfreeswan/sameaddr.3 b/src/libfreeswan/sameaddr.3 deleted file mode 100644 index 62886bf1a..000000000 --- a/src/libfreeswan/sameaddr.3 +++ /dev/null @@ -1,164 +0,0 @@ -.TH IPSEC_ANYADDR 3 "28 Nov 2000" -.SH NAME -ipsec sameaddr \- are two addresses the same? -.br -ipsec addrcmp \- ordered comparison of addresses -.br -ipsec samesubnet \- are two subnets the same? -.br -ipsec addrinsubnet \- is an address within a subnet? -.br -ipsec subnetinsubnet \- is a subnet within another subnet? -.br -ipsec subnetishost \- is a subnet a single host? -.br -ipsec samesaid \- are two SA IDs the same? -.br -ipsec sameaddrtype \- are two addresses of the same address family? -.br -ipsec samesubnettype \- are two subnets of the same address family? -.SH SYNOPSIS -.B "#include <freeswan.h> -.sp -.B "int sameaddr(const ip_address *a, const ip_address *b);" -.br -.B "int addrcmp(const ip_address *a, const ip_address *b);" -.br -.B "int samesubnet(const ip_subnet *a, const ip_subnet *b);" -.br -.B "int addrinsubnet(const ip_address *a, const ip_subnet *s);" -.br -.B "int subnetinsubnet(const ip_subnet *a, const ip_subnet *b);" -.br -.B "int subnetishost(const ip_subnet *s);" -.br -.B "int samesaid(const ip_said *a, const ip_said *b);" -.br -.B "int sameaddrtype(const ip_address *a, const ip_address *b);" -.br -.B "int samesubnettype(const ip_subnet *a, const ip_subnet *b);" -.SH DESCRIPTION -These functions do various comparisons and tests on the -.I ip_address -type and -.I ip_subnet -types. -.PP -.I Sameaddr -returns -non-zero -if addresses -.I a -and -.IR b -are identical, -and -.B 0 -otherwise. -Addresses of different families are never identical. -.PP -.I Addrcmp -returns -.BR \-1 , -.BR 0 , -or -.BR 1 -respectively -if address -.I a -is less than, equal to, or greater than -.IR b . -If they are not of the same address family, -they are never equal; -the ordering reported in this case is arbitrary -(and probably not useful) but consistent. -.PP -.I Samesubnet -returns -non-zero -if subnets -.I a -and -.IR b -are identical, -and -.B 0 -otherwise. -Subnets of different address families are never identical. -.PP -.I Addrinsubnet -returns -non-zero -if address -.I a -is within subnet -.IR s -and -.B 0 -otherwise. -An address is never within a -subnet of a different address family. -.PP -.I Subnetinsubnet -returns -non-zero -if subnet -.I a -is a subset of subnet -.IR b -and -.B 0 -otherwise. -A subnet is deemed to be a subset of itself. -A subnet is never a subset of another -subnet if their address families differ. -.PP -.I Subnetishost -returns -non-zero -if subnet -.I s -is in fact only a single host, -and -.B 0 -otherwise. -.PP -.I Samesaid -returns -non-zero -if SA IDs -.I a -and -.IR b -are identical, -and -.B 0 -otherwise. -.PP -.I Sameaddrtype -returns -non-zero -if addresses -.I a -and -.IR b -are of the same address family, -and -.B 0 -otherwise. -.PP -.I Samesubnettype -returns -non-zero -if subnets -.I a -and -.IR b -are of the same address family, -and -.B 0 -otherwise. -.SH SEE ALSO -inet(3), ipsec_initaddr(3) -.SH HISTORY -Written for the FreeS/WAN project by Henry Spencer. diff --git a/src/libfreeswan/sameaddr.c b/src/libfreeswan/sameaddr.c deleted file mode 100644 index 47daaa4ee..000000000 --- a/src/libfreeswan/sameaddr.c +++ /dev/null @@ -1,188 +0,0 @@ -/* - * comparisons - * Copyright (C) 2000 Henry Spencer. - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - */ -#include "internal.h" -#include "freeswan.h" - -static int samenbits(const ip_address *a, const ip_address *b, int n); - -/* - - addrcmp - compare two addresses - * Caution, the order of the tests is subtle: doing type test before - * size test can yield cases where a<b, b<c, but a>c. - */ -int /* like memcmp */ -addrcmp(a, b) -const ip_address *a; -const ip_address *b; -{ - int at = addrtypeof(a); - int bt = addrtypeof(b); - const unsigned char *ap; - const unsigned char *bp; - size_t as = addrbytesptr(a, &ap); - size_t bs = addrbytesptr(b, &bp); - size_t n = (as < bs) ? as : bs; /* min(as, bs) */ - int c = memcmp(ap, bp, n); - - if (c != 0) /* bytes differ */ - return (c < 0) ? -1 : 1; - if (as != bs) /* comparison incomplete: lexical order */ - return (as < bs) ? -1 : 1; - if (at != bt) /* bytes same but not same type: break tie */ - return (at < bt) ? -1 : 1; - return 0; -} - -/* - - sameaddr - are two addresses the same? - */ -int -sameaddr(a, b) -const ip_address *a; -const ip_address *b; -{ - return (addrcmp(a, b) == 0) ? 1 : 0; -} - -/* - - samesubnet - are two subnets the same? - */ -int -samesubnet(a, b) -const ip_subnet *a; -const ip_subnet *b; -{ - if (!sameaddr(&a->addr, &b->addr)) /* also does type check */ - return 0; - if (a->maskbits != b->maskbits) - return 0; - return 1; -} - -/* - - subnetishost - is a subnet in fact a single host? - */ -int -subnetishost(a) -const ip_subnet *a; -{ - return (a->maskbits == addrlenof(&a->addr)*8) ? 1 : 0; -} - -/* - - samesaid - are two SA IDs the same? - */ -int -samesaid(a, b) -const ip_said *a; -const ip_said *b; -{ - if (a->spi != b->spi) /* test first, most likely to be different */ - return 0; - if (!sameaddr(&a->dst, &b->dst)) - return 0; - if (a->proto != b->proto) - return 0; - return 1; -} - -/* - - sameaddrtype - do two addresses have the same type? - */ -int -sameaddrtype(a, b) -const ip_address *a; -const ip_address *b; -{ - return (addrtypeof(a) == addrtypeof(b)) ? 1 : 0; -} - -/* - - samesubnettype - do two subnets have the same type? - */ -int -samesubnettype(a, b) -const ip_subnet *a; -const ip_subnet *b; -{ - return (subnettypeof(a) == subnettypeof(b)) ? 1 : 0; -} - -/* - - addrinsubnet - is this address in this subnet? - */ -int -addrinsubnet(a, s) -const ip_address *a; -const ip_subnet *s; -{ - if (addrtypeof(a) != subnettypeof(s)) - return 0; - if (!samenbits(a, &s->addr, s->maskbits)) - return 0; - return 1; -} - -/* - - subnetinsubnet - is one subnet within another? - */ -int -subnetinsubnet(a, b) -const ip_subnet *a; -const ip_subnet *b; -{ - if (subnettypeof(a) != subnettypeof(b)) - return 0; - if (a->maskbits < b->maskbits) /* a is bigger than b */ - return 0; - if (!samenbits(&a->addr, &b->addr, b->maskbits)) - return 0; - return 1; -} - -/* - - samenbits - do two addresses have the same first n bits? - */ -static int -samenbits(a, b, nbits) -const ip_address *a; -const ip_address *b; -int nbits; -{ - const unsigned char *ap; - const unsigned char *bp; - size_t n; - int m; - - if (addrtypeof(a) != addrtypeof(b)) - return 0; /* arbitrary */ - n = addrbytesptr(a, &ap); - if (n == 0) - return 0; /* arbitrary */ - (void) addrbytesptr(b, &bp); - if (nbits > n*8) - return 0; /* "can't happen" */ - - for (; nbits >= 8 && *ap == *bp; nbits -= 8, ap++, bp++) - continue; - if (nbits >= 8) - return 0; - if (nbits > 0) { /* partial byte */ - m = ~(0xff >> nbits); - if ((*ap & m) != (*bp & m)) - return 0; - } - return 1; -} diff --git a/src/libfreeswan/satot.c b/src/libfreeswan/satot.c deleted file mode 100644 index a3feb1591..000000000 --- a/src/libfreeswan/satot.c +++ /dev/null @@ -1,132 +0,0 @@ -/* - * convert from binary form of SA ID to text - * Copyright (C) 2000, 2001 Henry Spencer. - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - */ -#include <sys/socket.h> - -#include "internal.h" -#include "freeswan.h" - -static struct typename { - char type; - char *name; -} typenames[] = { - { SA_AH, "ah" }, - { SA_ESP, "esp" }, - { SA_IPIP, "tun" }, - { SA_COMP, "comp" }, - { SA_INT, "int" }, - { 0, NULL } -}; - -/* - - satot - convert SA to text "ah507@1.2.3.4" - */ -size_t /* space needed for full conversion */ -satot(sa, format, dst, dstlen) -const ip_said *sa; -int format; /* character */ -char *dst; /* need not be valid if dstlen is 0 */ -size_t dstlen; -{ - size_t len = 0; /* 0 means "not recognized yet" */ - int base; - int showversion; /* use delimiter to show IP version? */ - struct typename *tn; - char *p; - char *pre; - char buf[10+1+ULTOT_BUF+ADDRTOT_BUF]; - char unk[10]; - - switch (format) { - case 0: - base = 16; - showversion = 1; - break; - case 'f': - base = 17; - showversion = 1; - break; - case 'x': - base = 'x'; - showversion = 0; - break; - case 'd': - base = 10; - showversion = 0; - break; - default: - return 0; - break; - } - - pre = NULL; - for (tn = typenames; tn->name != NULL; tn++) - if (sa->proto == tn->type) { - pre = tn->name; - break; /* NOTE BREAK OUT */ - } - if (pre == NULL) { /* unknown protocol */ - strncpy(unk, "unk", sizeof(unk)); - (void) ultot((unsigned char)sa->proto, 10, unk+strlen(unk), - sizeof(unk)-strlen(unk)); - pre = unk; - } - - if (strcmp(pre, PASSTHROUGHTYPE) == 0 && - sa->spi == PASSTHROUGHSPI && - isunspecaddr(&sa->dst)) { - strncpy(buf, (addrtypeof(&sa->dst) == AF_INET) ? - PASSTHROUGH4NAME : - PASSTHROUGH6NAME, sizeof(buf)); - len = strlen(buf); - } - - if (sa->proto == SA_INT && addrtypeof(&sa->dst) == AF_INET && - isunspecaddr(&sa->dst)) { - switch (ntohl(sa->spi)) { - case SPI_PASS: p = "%pass"; break; - case SPI_DROP: p = "%drop"; break; - case SPI_REJECT: p = "%reject"; break; - case SPI_HOLD: p = "%hold"; break; - case SPI_TRAP: p = "%trap"; break; - case SPI_TRAPSUBNET: p = "%trapsubnet"; break; - default: p = NULL; break; - } - if (p != NULL) { - strncpy(buf, p, sizeof(buf)); - len = strlen(buf); - } - } - - if (len == 0) { /* general case needed */ - strncpy(buf, pre, sizeof(buf)); - len = strlen(buf); - if (showversion) { - *(buf+len) = (addrtypeof(&sa->dst) == AF_INET) ? '.' : - ':'; - len++; - *(buf+len) = '\0'; - } - len += ultot(ntohl(sa->spi), base, buf+len, sizeof(buf)-len); - *(buf+len-1) = '@'; - len += addrtot(&sa->dst, 0, buf+len, sizeof(buf)-len); - } - - if (dst != NULL) { - if (len > dstlen) - *(buf+dstlen-1) = '\0'; - strncpy(dst, buf, dstlen); - } - return len; -} diff --git a/src/libfreeswan/subnetof.3 b/src/libfreeswan/subnetof.3 deleted file mode 100644 index aacc76d2c..000000000 --- a/src/libfreeswan/subnetof.3 +++ /dev/null @@ -1,46 +0,0 @@ -.TH IPSEC_SUBNETOF 3 "11 June 2001" -.SH NAME -ipsec subnetof \- given Internet address and subnet mask, return subnet number -.br -ipsec hostof \- given Internet address and subnet mask, return host part -.br -ipsec broadcastof \- given Internet address and subnet mask, return broadcast address -.SH SYNOPSIS -.B "#include <freeswan.h> -.sp -.B "struct in_addr subnetof(struct in_addr addr," -.ti +1c -.B "struct in_addr mask);" -.br -.B "struct in_addr hostof(struct in_addr addr," -.ti +1c -.B "struct in_addr mask);" -.br -.B "struct in_addr broadcastof(struct in_addr addr," -.ti +1c -.B "struct in_addr mask);" -.SH DESCRIPTION -These functions are obsolete; see -.IR ipsec_networkof (3) -for their replacements. -.PP -.I Subnetof -takes an Internet -.I address -and a subnet -.I mask -and returns the network part of the address -(all in network byte order). -.I Hostof -similarly returns the host part, and -.I broadcastof -returns the broadcast address (all-1s convention) for the network. -.PP -These functions are provided to hide the Internet bit-munging inside -an API, in hopes of easing the eventual transition to IPv6. -.SH SEE ALSO -inet(3), ipsec_atosubnet(3) -.SH HISTORY -Written for the FreeS/WAN project by Henry Spencer. -.SH BUGS -Calling functions for this is more costly than doing it yourself. diff --git a/src/libfreeswan/subnetof.c b/src/libfreeswan/subnetof.c deleted file mode 100644 index ec9b8ec7d..000000000 --- a/src/libfreeswan/subnetof.c +++ /dev/null @@ -1,58 +0,0 @@ -/* - * minor network-address manipulation utilities - * Copyright (C) 1998, 1999 Henry Spencer. - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - */ -#include "internal.h" -#include "freeswan.h" - -/* - - subnetof - given address and mask, return subnet part - */ -struct in_addr -subnetof(addr, mask) -struct in_addr addr; -struct in_addr mask; -{ - struct in_addr result; - - result.s_addr = addr.s_addr & mask.s_addr; - return result; -} - -/* - - hostof - given address and mask, return host part - */ -struct in_addr -hostof(addr, mask) -struct in_addr addr; -struct in_addr mask; -{ - struct in_addr result; - - result.s_addr = addr.s_addr & ~mask.s_addr; - return result; -} - -/* - - broadcastof - given (network) address and mask, return broadcast address - */ -struct in_addr -broadcastof(addr, mask) -struct in_addr addr; -struct in_addr mask; -{ - struct in_addr result; - - result.s_addr = addr.s_addr | ~mask.s_addr; - return result; -} diff --git a/src/libfreeswan/subnettoa.c b/src/libfreeswan/subnettoa.c deleted file mode 100644 index 694fa40da..000000000 --- a/src/libfreeswan/subnettoa.c +++ /dev/null @@ -1,60 +0,0 @@ -/* - * convert binary form of subnet description to ASCII - * Copyright (C) 1998, 1999 Henry Spencer. - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - */ -#include "internal.h" -#include "freeswan.h" - -/* - - subnettoa - convert address and mask to ASCII "addr/mask" - * Output expresses the mask as a bit count if possible, else dotted decimal. - */ -size_t /* space needed for full conversion */ -subnettoa(addr, mask, format, dst, dstlen) -struct in_addr addr; -struct in_addr mask; -int format; /* character */ -char *dst; /* need not be valid if dstlen is 0 */ -size_t dstlen; -{ - size_t len; - size_t rest; - int n; - char *p; - - switch (format) { - case 0: - break; - default: - return 0; - break; - } - - len = addrtoa(addr, 0, dst, dstlen); - if (len < dstlen) { - dst[len - 1] = '/'; - p = dst + len; - rest = dstlen - len; - } else { - p = NULL; - rest = 0; - } - - n = masktobits(mask); - if (n >= 0) - len += ultoa((unsigned long)n, 10, p, rest); - else - len += addrtoa(mask, 0, p, rest); - - return len; -} diff --git a/src/libfreeswan/subnettot.c b/src/libfreeswan/subnettot.c deleted file mode 100644 index 64d511ba2..000000000 --- a/src/libfreeswan/subnettot.c +++ /dev/null @@ -1,54 +0,0 @@ -/* - * convert binary form of subnet description to text - * Copyright (C) 2000 Henry Spencer. - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - */ -#include "internal.h" -#include "freeswan.h" - -/* - - subnettot - convert subnet to text "addr/bitcount" - */ -size_t /* space needed for full conversion */ -subnettot(sub, format, dst, dstlen) -const ip_subnet *sub; -int format; /* character */ -char *dst; /* need not be valid if dstlen is 0 */ -size_t dstlen; -{ - size_t len; - size_t rest; - char *p; - - switch (format) { - case 0: - break; - default: - return 0; - break; - } - - len = addrtot(&sub->addr, format, dst, dstlen); - if (len < dstlen) { - dst[len - 1] = '/'; - p = dst + len; - rest = dstlen - len; - } else { - p = NULL; - rest = 0; - } - - - len += ultoa((unsigned long)sub->maskbits, 10, p, rest); - - return len; -} diff --git a/src/libfreeswan/subnettypeof.c b/src/libfreeswan/subnettypeof.c deleted file mode 100644 index 96c283c04..000000000 --- a/src/libfreeswan/subnettypeof.c +++ /dev/null @@ -1,107 +0,0 @@ -/* - * extract parts of an ip_subnet, and related - * Copyright (C) 2000 Henry Spencer. - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - */ -#include "internal.h" -#include "freeswan.h" - -/* - - subnettypeof - get the address type of an ip_subnet - */ -int -subnettypeof(src) -const ip_subnet *src; -{ - return src->addr.u.v4.sin_family; -} - -/* - - networkof - get the network address of a subnet - */ -void -networkof(src, dst) -const ip_subnet *src; -ip_address *dst; -{ - *dst = src->addr; -} - -/* - - maskof - get the mask of a subnet, as an address - */ -void -maskof(src, dst) -const ip_subnet *src; -ip_address *dst; -{ - int b; - unsigned char buf[16]; - size_t n = addrlenof(&src->addr); - unsigned char *p; - - if (src->maskbits > n*8 || n > sizeof(buf)) - return; /* "can't happen" */ - - p = buf; - for (b = src->maskbits; b >= 8; b -= 8) - *p++ = 0xff; - if (b != 0) - *p++ = (0xff << (8 - b)) & 0xff; - while (p - buf < n) - *p++ = 0; - - (void) initaddr(buf, n, addrtypeof(&src->addr), dst); -} - -/* - - masktocount - convert a mask, expressed as an address, to a bit count - */ -int /* -1 if not valid mask */ -masktocount(src) -const ip_address *src; -{ - int b; - unsigned const char *bp; - size_t n; - unsigned const char *p; - unsigned const char *stop; - - n = addrbytesptr(src, &bp); - if (n == 0) - return -1; - - p = bp; - stop = bp + n; - - n = 0; - while (p < stop && *p == 0xff) { - p++; - n += 8; - } - if (p < stop && *p != 0) { /* boundary in mid-byte */ - b = *p++; - while (b&0x80) { - b <<= 1; - n++; - } - if ((b&0xff) != 0) - return -1; /* bits not contiguous */ - } - while (p < stop && *p == 0) - p++; - - if (p != stop) - return -1; - - return n; -} diff --git a/src/libfreeswan/ttoaddr.3 b/src/libfreeswan/ttoaddr.3 deleted file mode 100644 index d43d2b16f..000000000 --- a/src/libfreeswan/ttoaddr.3 +++ /dev/null @@ -1,374 +0,0 @@ -.TH IPSEC_TTOADDR 3 "28 Sept 2001" -.SH NAME -ipsec ttoaddr, tnatoaddr, addrtot \- convert Internet addresses to and from text -.br -ipsec ttosubnet, subnettot \- convert subnet/mask text form to and from addresses -.SH SYNOPSIS -.B "#include <freeswan.h> -.sp -.B "const char *ttoaddr(const char *src, size_t srclen," -.ti +1c -.B "int af, ip_address *addr);" -.br -.B "const char *tnatoaddr(const char *src, size_t srclen," -.ti +1c -.B "int af, ip_address *addr);" -.br -.B "size_t addrtot(const ip_address *addr, int format," -.ti +1c -.B "char *dst, size_t dstlen);" -.sp -.B "const char *ttosubnet(const char *src, size_t srclen," -.ti +1c -.B "int af, ip_subnet *dst);" -.br -.B "size_t subnettot(const ip_subnet *sub, int format," -.ti +1c -.B "char *dst, size_t dstlen);" -.SH DESCRIPTION -.I Ttoaddr -converts a text-string name or numeric address into a binary address -(in network byte order). -.I Tnatoaddr -does the same conversion, -but the only text forms it accepts are -the ``official'' forms of -numeric address (dotted-decimal for IPv4, colon-hex for IPv6). -.I Addrtot -does the reverse conversion, from binary address back to a text form. -.I Ttosubnet -and -.I subnettot -do likewise for the ``address/mask'' form used to write a -specification of a subnet. -.PP -An IPv4 address is specified in text as a -dotted-decimal address (e.g. -.BR 1.2.3.4 ), -an eight-digit network-order hexadecimal number with the usual C prefix (e.g. -.BR 0x01020304 , -which is synonymous with -.BR 1.2.3.4 ), -an eight-digit host-order hexadecimal number with a -.B 0h -prefix (e.g. -.BR 0h01020304 , -which is synonymous with -.B 1.2.3.4 -on a big-endian host and -.B 4.3.2.1 -on a little-endian host), -a DNS name to be looked up via -.IR getaddrinfo (3), -or an old-style network name to be looked up via -.IR getnetbyname (3). -.PP -A dotted-decimal address may be incomplete, in which case -text-to-binary conversion implicitly appends -as many instances of -.B .0 -as necessary to bring it up to four components. -The components of a dotted-decimal address are always taken as -decimal, and leading zeros are ignored. -For example, -.B 10 -is synonymous with -.BR 10.0.0.0 , -and -.B 128.009.000.032 -is synonymous with -.BR 128.9.0.32 -(the latter example is verbatim from RFC 1166). -The result of applying -.I addrtot -to an IPv4 address is always complete and does not contain leading zeros. -.PP -Use of hexadecimal addresses is -.B strongly -.BR discouraged ; -they are included only to save hassles when dealing with -the handful of perverted programs which already print -network addresses in hexadecimal. -.PP -An IPv6 address is specified in text with -colon-hex notation (e.g. -.BR 0:56:78ab:22:33:44:55:66 ), -colon-hex with -.B :: -abbreviating at most one subsequence of multiple zeros (e.g. -.BR 99:ab::54:068 , -which is synonymous with -.BR 99:ab:0:0:0:0:54:68 ), -or a DNS name to be looked up via -.IR getaddrinfo (3). -The result of applying -.I addrtot -to an IPv6 address will use -.B :: -abbreviation if possible, -and will not contain leading zeros. -.PP -The letters in hexadecimal -may be uppercase or lowercase or any mixture thereof. -.PP -DNS names may be complete (optionally terminated with a ``.'') -or incomplete, and are looked up as specified by local system configuration -(see -.IR resolver (5)). -The first value returned by -.IR getaddrinfo (3) -is used, -so with current DNS implementations, -the result when the name corresponds to more than one address is -difficult to predict. -IPv4 name lookup resorts to -.IR getnetbyname (3) -only if -.IR getaddrinfo (3) -fails. -.PP -A subnet specification is of the form \fInetwork\fB/\fImask\fR. -The -.I network -and -.I mask -can be any form acceptable to -.IR ttoaddr . -In addition, and preferably, the -.I mask -can be a decimal integer (leading zeros ignored) giving a bit count, -in which case -it stands for a mask with that number of high bits on and all others off -(e.g., -.B 24 -in IPv4 means -.BR 255.255.255.0 ). -In any case, the mask must be contiguous -(a sequence of high bits on and all remaining low bits off). -As a special case, the subnet specification -.B %default -is a synonym for -.B 0.0.0.0/0 -or -.B ::/0 -in IPv4 or IPv6 respectively. -.PP -.I Ttosubnet -ANDs the mask with the address before returning, -so that any non-network bits in the address are turned off -(e.g., -.B 10.1.2.3/24 -is synonymous with -.BR 10.1.2.0/24 ). -.I Subnettot -always generates the decimal-integer-bit-count -form of the mask, -with no leading zeros. -.PP -The -.I srclen -parameter of -.I ttoaddr -and -.I ttosubnet -specifies the length of the text string pointed to by -.IR src ; -it is an error for there to be anything else -(e.g., a terminating NUL) within that length. -As a convenience for cases where an entire NUL-terminated string is -to be converted, -a -.I srclen -value of -.B 0 -is taken to mean -.BR strlen(src) . -.PP -The -.I af -parameter of -.I ttoaddr -and -.I ttosubnet -specifies the address family of interest. -It should be either -.B AF_INET -or -.BR AF_INET6 . -.PP -The -.I dstlen -parameter of -.I addrtot -and -.I subnettot -specifies the size of the -.I dst -parameter; -under no circumstances are more than -.I dstlen -bytes written to -.IR dst . -A result which will not fit is truncated. -.I Dstlen -can be zero, in which case -.I dst -need not be valid and no result is written, -but the return value is unaffected; -in all other cases, the (possibly truncated) result is NUL-terminated. -The -.I freeswan.h -header file defines constants, -.B ADDRTOT_BUF -and -.BR SUBNETTOT_BUF , -which are the sizes of buffers just large enough for worst-case results. -.PP -The -.I format -parameter of -.I addrtot -and -.I subnettot -specifies what format is to be used for the conversion. -The value -.B 0 -(not the character -.BR '0' , -but a zero value) -specifies a reasonable default, -and is in fact the only format currently available in -.IR subnettot . -.I Addrtot -also accepts format values -.B 'r' -(signifying a text form suitable for DNS reverse lookups, -e.g. -.B 4.3.2.1.IN-ADDR.ARPA. -for IPv4 and -RFC 2874 format for IPv6), -and -.B 'R' -(signifying an alternate reverse-lookup form, -an error for IPv4 and RFC 1886 format for IPv6). -Reverse-lookup names always end with a ``.''. -.PP -The text-to-binary functions return NULL for success and -a pointer to a string-literal error message for failure; -see DIAGNOSTICS. -The binary-to-text functions return -.B 0 -for a failure, and otherwise -always return the size of buffer which would -be needed to -accommodate the full conversion result, including terminating NUL; -it is the caller's responsibility to check this against the size of -the provided buffer to determine whether truncation has occurred. -.SH SEE ALSO -inet(3) -.SH DIAGNOSTICS -Fatal errors in -.I ttoaddr -are: -empty input; -unknown address family; -attempt to allocate temporary storage for a very long name failed; -name lookup failed; -syntax error in dotted-decimal or colon-hex form; -dotted-decimal or colon-hex component too large. -.PP -Fatal errors in -.I ttosubnet -are: -no -.B / -in -.IR src ; -.I ttoaddr -error in conversion of -.I network -or -.IR mask ; -bit-count mask too big; -mask non-contiguous. -.PP -Fatal errors in -.I addrtot -and -.I subnettot -are: -unknown format. -.SH HISTORY -Written for the FreeS/WAN project by Henry Spencer. -.SH BUGS -The interpretation of incomplete dotted-decimal addresses -(e.g. -.B 10/24 -means -.BR 10.0.0.0/24 ) -differs from that of some older conversion -functions, e.g. those of -.IR inet (3). -The behavior of the older functions has never been -particularly consistent or particularly useful. -.PP -Ignoring leading zeros in dotted-decimal components and bit counts -is arguably the most useful behavior in this application, -but it might occasionally cause confusion with the historical use of leading -zeros to denote octal numbers. -.PP -.I Ttoaddr -does not support the mixed colon-hex-dotted-decimal -convention used to embed an IPv4 address in an IPv6 address. -.PP -.I Addrtot -always uses the -.B :: -abbreviation (which can appear only once in an address) for the -.I first -sequence of multiple zeros in an IPv6 address. -One can construct addresses (unlikely ones) in which this is suboptimal. -.PP -.I Addrtot -.B 'r' -conversion of an IPv6 address uses lowercase hexadecimal, -not the uppercase used in RFC 2874's examples. -It takes careful reading of RFCs 2874, 2673, and 2234 to realize -that lowercase is technically legitimate here, -and there may be software which botches this -and hence would have trouble with lowercase hex. -.PP -Possibly -.I subnettot -ought to recognize the -.B %default -case and generate that string as its output. -Currently it doesn't. -.PP -It is barely possible that somebody, somewhere, -might have a legitimate use for non-contiguous subnet masks. -.PP -.IR Getnetbyname (3) -is a historical dreg. -.PP -.I Tnatoaddr -probably should enforce completeness of dotted-decimal addresses. -.PP -The restriction of text-to-binary error reports to literal strings -(so that callers don't need to worry about freeing them or copying them) -does limit the precision of error reporting. -.PP -The text-to-binary error-reporting convention lends itself -to slightly obscure code, -because many readers will not think of NULL as signifying success. -A good way to make it clearer is to write something like: -.PP -.RS -.nf -.B "const char *error;" -.sp -.B "error = ttoaddr( /* ... */ );" -.B "if (error != NULL) {" -.B " /* something went wrong */" -.fi -.RE diff --git a/src/libfreeswan/ttoaddr.c b/src/libfreeswan/ttoaddr.c deleted file mode 100644 index 234c9d8e7..000000000 --- a/src/libfreeswan/ttoaddr.c +++ /dev/null @@ -1,471 +0,0 @@ -/* - * conversion from text forms of addresses to internal ones - * Copyright (C) 2000 Henry Spencer. - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - */ -#include <sys/socket.h> - -#include "internal.h" -#include "freeswan.h" - -/* - * Legal ASCII characters in a domain name. Underscore technically is not, - * but is a common misunderstanding. Non-ASCII characters are simply - * exempted from checking at the moment, to allow for UTF-8 encoded stuff; - * the purpose of this check is merely to catch blatant errors. - */ -static const char namechars[] = "abcdefghijklmnopqrstuvwxyz0123456789" - "ABCDEFGHIJKLMNOPQRSTUVWXYZ-_."; -#define ISASCII(c) (((c) & 0x80) == 0) - -static err_t tryname(const char *, size_t, int, int, ip_address *); -static err_t tryhex(const char *, size_t, int, ip_address *); -static err_t trydotted(const char *, size_t, ip_address *); -static err_t getbyte(const char **, const char *, int *); -static err_t colon(const char *, size_t, ip_address *); -static err_t getpiece(const char **, const char *, unsigned *); - -/* - - ttoaddr - convert text name or dotted-decimal address to binary address - */ -err_t /* NULL for success, else string literal */ -ttoaddr(src, srclen, af, dst) -const char *src; -size_t srclen; /* 0 means "apply strlen" */ -int af; /* address family */ -ip_address *dst; -{ - err_t oops; -# define HEXLEN 10 /* strlen("0x11223344") */ - int nultermd; - - if (srclen == 0) { - srclen = strlen(src); - if (srclen == 0) - return "empty string"; - nultermd = 1; - } else - nultermd = 0; /* at least, not *known* to be terminated */ - - switch (af) { - case AF_INET: - case AF_INET6: - case 0: /* guess */ - break; - - default: - return "invalid address family"; - } - - if (af == AF_INET && srclen == HEXLEN && *src == '0') { - if (*(src+1) == 'x' || *(src+1) == 'X') - return tryhex(src+2, srclen-2, 'x', dst); - if (*(src+1) == 'h' || *(src+1) == 'H') - return tryhex(src+2, srclen-2, 'h', dst); - } - - if (memchr(src, ':', srclen) != NULL) { - if(af == 0) - { - af = AF_INET6; - } - - if (af != AF_INET6) - return "non-ipv6 address may not contain `:'"; - return colon(src, srclen, dst); - } - - if (af == 0 || af == AF_INET) { - oops = trydotted(src, srclen, dst); - if (oops == NULL) - return NULL; /* it worked */ - if (*oops != '?') - return oops; /* probably meant as d-d */ - } - - return tryname(src, srclen, nultermd, af, dst); -} - -/* - - tnatoaddr - convert text numeric address (only) to binary address - */ -err_t /* NULL for success, else string literal */ -tnatoaddr(src, srclen, af, dst) -const char *src; -size_t srclen; /* 0 means "apply strlen" */ -int af; /* address family */ -ip_address *dst; -{ - err_t oops; - - if (srclen == 0) { - srclen = strlen(src); - if (srclen == 0) - return "empty string"; - } - - switch (af) { - case 0: /* guess */ - oops = colon(src, srclen, dst); - if(oops == NULL) - { - return NULL; - } - oops = trydotted(src, srclen, dst); - if(oops == NULL) - { - return NULL; - } - return "does not appear to be either IPv4 or IPv6 numeric address"; - break; - - case AF_INET6: - return colon(src, srclen, dst); - break; - case AF_INET: - oops = trydotted(src, srclen, dst); - if (oops == NULL) - return NULL; /* it worked */ - if (*oops != '?') - return oops; /* probably meant as d-d */ - return "does not appear to be numeric address"; - break; - default: - return "unknown address family in tnatoaddr"; - break; - } -} - -/* - - tryname - try it as a name - * Slightly complicated by lack of reliable NUL termination in source. - */ -static err_t -tryname(src, srclen, nultermd, af, dst) -const char *src; -size_t srclen; -int nultermd; /* is it known to be NUL-terminated? */ -int af; -ip_address *dst; -{ - struct addrinfo hints, *res; - struct netent *ne = NULL; - char namebuf[100]; /* enough for most DNS names */ - const char *cp; - char *p = namebuf; - unsigned char *addr = NULL; - size_t n; - int error; - err_t err = NULL; - - for (cp = src, n = srclen; n > 0; cp++, n--) - if (ISASCII(*cp) && strchr(namechars, *cp) == NULL) - return "illegal (non-DNS-name) character in name"; - - if (nultermd) - cp = src; - else { - if (srclen+1 > sizeof(namebuf)) { - p = (char *) MALLOC(srclen+1); - if (p == NULL) - return "unable to get temporary space for name"; - } - p[0] = '\0'; /* strncpy semantics are wrong */ - strncat(p, src, srclen); - cp = (const char *)p; - } - - memset(&hints, 0, sizeof(hints)); - hints.ai_family = af; - error = getaddrinfo(cp, NULL, &hints, &res); - if (error != 0) - { /* getaddrinfo failed, try getnetbyname */ - if (af == AF_INET) - { - ne = getnetbyname(cp); - if (ne != NULL) - { - ne->n_net = htonl(ne->n_net); - addr = (unsigned char*)&ne->n_net; - err = initaddr(addr, sizeof(ne->n_net), af, dst); - } - } - } - else - { - struct addrinfo *r = res; - while (r) - { - size_t addr_len; - switch (r->ai_family) - { - case AF_INET: - { - struct sockaddr_in *in = (struct sockaddr_in*)r->ai_addr; - addr_len = 4; - addr = (unsigned char*)&in->sin_addr.s_addr; - break; - } - case AF_INET6: - { - struct sockaddr_in6 *in6 = (struct sockaddr_in6*)r->ai_addr; - addr_len = 16; - addr = (unsigned char*)&in6->sin6_addr.s6_addr; - break; - } - default: - { /* unknown family, try next result */ - r = r->ai_next; - continue; - } - } - err = initaddr(addr, addr_len, r->ai_family, dst); - break; - } - freeaddrinfo(res); - } - - if (p != namebuf) - { - FREE(p); - } - - if (addr == NULL) - { - return "does not look numeric and name lookup failed"; - } - - return err; -} - -/* - - tryhex - try conversion as an eight-digit hex number (AF_INET only) - */ -static err_t -tryhex(src, srclen, flavor, dst) -const char *src; -size_t srclen; /* should be 8 */ -int flavor; /* 'x' for network order, 'h' for host order */ -ip_address *dst; -{ - err_t oops; - unsigned long ul; - union { - uint32_t addr; - unsigned char buf[4]; - } u; - - if (srclen != 8) - return "internal error, tryhex called with bad length"; - - oops = ttoul(src, srclen, 16, &ul); - if (oops != NULL) - return oops; - - u.addr = (flavor == 'h') ? ul : htonl(ul); - return initaddr(u.buf, sizeof(u.buf), AF_INET, dst); -} - -/* - - trydotted - try conversion as dotted decimal (AF_INET only) - * - * If the first char of a complaint is '?', that means "didn't look like - * dotted decimal at all". - */ -static err_t -trydotted(src, srclen, dst) -const char *src; -size_t srclen; -ip_address *dst; -{ - const char *stop = src + srclen; /* just past end */ - int byte; - err_t oops; -# define NBYTES 4 - unsigned char buf[NBYTES]; - int i; - - memset(buf, 0, sizeof(buf)); - for (i = 0; i < NBYTES && src < stop; i++) { - oops = getbyte(&src, stop, &byte); - if (oops != NULL) { - if (*oops != '?') - return oops; /* bad number */ - if (i > 1) - return oops+1; /* failed number */ - return oops; /* with leading '?' */ - } - buf[i] = byte; - if (i < 3 && src < stop && *src++ != '.') { - if (i == 0) - return "?syntax error in dotted-decimal address"; - else - return "syntax error in dotted-decimal address"; - } - } - if (src != stop) - return "extra garbage on end of dotted-decimal address"; - - return initaddr(buf, sizeof(buf), AF_INET, dst); -} - -/* - - getbyte - try to scan a byte in dotted decimal - * A subtlety here is that all this arithmetic on ASCII digits really is - * highly portable -- ANSI C guarantees that digits 0-9 are contiguous. - * It's easier to just do it ourselves than set up for a call to ttoul(). - * - * If the first char of a complaint is '?', that means "didn't look like a - * number at all". - */ -err_t -getbyte(srcp, stop, retp) -const char **srcp; /* *srcp is updated */ -const char *stop; /* first untouchable char */ -int *retp; /* return-value pointer */ -{ - char c; - const char *p; - int no; - - if (*srcp >= stop) - return "?empty number in dotted-decimal address"; - - no = 0; - p = *srcp; - while (p < stop && no <= 255 && (c = *p) >= '0' && c <= '9') { - no = no*10 + (c - '0'); - p++; - } - if (p == *srcp) - return "?non-numeric component in dotted-decimal address"; - *srcp = p; - if (no > 255) - return "byte overflow in dotted-decimal address"; - *retp = no; - return NULL; -} - -/* - - colon - convert IPv6 "numeric" address - */ -static err_t -colon(src, srclen, dst) -const char *src; -size_t srclen; /* known to be >0 */ -ip_address *dst; -{ - const char *stop = src + srclen; /* just past end */ - unsigned piece = 0; - int gapat; /* where was empty piece seen */ - err_t oops; -# define NPIECES 8 - unsigned char buf[NPIECES*2]; /* short may have wrong byte order */ - int i; - int j; -# define IT "IPv6 numeric address" - int naftergap; - - /* leading or trailing :: becomes single empty field */ - if (*src == ':') { /* legal only if leading :: */ - if (srclen == 1 || *(src+1) != ':') - return "illegal leading `:' in " IT; - if (srclen == 2) { - unspecaddr(AF_INET6, dst); - return NULL; - } - src++; /* past first but not second */ - srclen--; - } - if (*(stop-1) == ':') { /* legal only if trailing :: */ - if (srclen == 1 || *(stop-2) != ':') - return "illegal trailing `:' in " IT; - srclen--; /* leave one */ - } - - gapat = -1; - for (i = 0; i < NPIECES && src < stop; i++) { - oops = getpiece(&src, stop, &piece); - if (oops != NULL && *oops == ':') { /* empty field */ - if (gapat >= 0) - return "more than one :: in " IT; - gapat = i; - } else if (oops != NULL) - return oops; - buf[2*i] = piece >> 8; - buf[2*i + 1] = piece & 0xff; - if (i < NPIECES-1) { /* there should be more input */ - if (src == stop && gapat < 0) - return IT " ends prematurely"; - if (src != stop && *src++ != ':') - return "syntax error in " IT; - } - } - if (src != stop) - return "extra garbage on end of " IT; - - if (gapat < 0 && i < NPIECES) /* should have been caught earlier */ - return "incomplete " IT " (internal error)"; - if (gapat >= 0 && i == NPIECES) - return "non-abbreviating empty field in " IT; - if (gapat >= 0) { - naftergap = i - (gapat + 1); - for (i--, j = NPIECES-1; naftergap > 0; i--, j--, naftergap--) { - buf[2*j] = buf[2*i]; - buf[2*j + 1] = buf[2*i + 1]; - } - for (; j >= gapat; j--) - buf[2*j] = buf[2*j + 1] = 0; - } - - return initaddr(buf, sizeof(buf), AF_INET6, dst); -} - -/* - - getpiece - try to scan one 16-bit piece of an IPv6 address - */ -err_t /* ":" means "empty field seen" */ -getpiece(srcp, stop, retp) -const char **srcp; /* *srcp is updated */ -const char *stop; /* first untouchable char */ -unsigned *retp; /* return-value pointer */ -{ - const char *p; -# define NDIG 4 - int d; - unsigned long ret; - err_t oops; - - if (*srcp >= stop || **srcp == ':') { /* empty field */ - *retp = 0; - return ":"; - } - - p = *srcp; - d = 0; - while (p < stop && d < NDIG && isxdigit(*p)) { - p++; - d++; - } - if (d == 0) - return "non-hex field in IPv6 numeric address"; - if (p < stop && d == NDIG && isxdigit(*p)) - return "field in IPv6 numeric address longer than 4 hex digits"; - - oops = ttoul(*srcp, d, 16, &ret); - if (oops != NULL) /* shouldn't happen, really... */ - return oops; - - *srcp = p; - *retp = ret; - return NULL; -} diff --git a/src/libfreeswan/ttodata.3 b/src/libfreeswan/ttodata.3 deleted file mode 100644 index 8f4b1ec93..000000000 --- a/src/libfreeswan/ttodata.3 +++ /dev/null @@ -1,280 +0,0 @@ -.TH IPSEC_TTODATA 3 "16 August 2003" -.SH NAME -ipsec ttodata, datatot \- convert binary data bytes from and to text formats -.SH SYNOPSIS -.B "#include <freeswan.h>" -.sp -.B "const char *ttodata(const char *src, size_t srclen," -.ti +1c -.B "int base, char *dst, size_t dstlen, size_t *lenp);" -.br -.B "const char *ttodatav(const char *src, size_t srclen," -.ti +1c -.B "int base, char *dst, size_t dstlen, size_t *lenp," -.ti +1c -.B "char *errp, size_t errlen, int flags);" -.br -.B "size_t datatot(const char *src, size_t srclen," -.ti +1c -.B "int format, char *dst, size_t dstlen);" -.SH DESCRIPTION -.IR Ttodata , -.IR ttodatav , -and -.I datatot -convert arbitrary binary data (e.g. encryption or authentication keys) -from and to more-or-less human-readable text formats. -.PP -Currently supported formats are hexadecimal, base64, and characters. -.PP -A hexadecimal text value begins with a -.B 0x -(or -.BR 0X ) -prefix and continues with two-digit groups -of hexadecimal digits (0-9, and a-f or A-F), -each group encoding the value of one binary byte, high-order digit first. -A single -.B _ -(underscore) -between consecutive groups is ignored, permitting punctuation to improve -readability; doing this every eight digits seems about right. -.PP -A base64 text value begins with a -.B 0s -(or -.BR 0S ) -prefix -and continues with four-digit groups of base64 digits (A-Z, a-z, 0-9, +, and /), -each group encoding the value of three binary bytes as described in -section 6.8 of RFC 2045. -If -.B flags -has the -.B TTODATAV_IGNORESPACE -bit on, blanks are ignore (after the prefix). -Note that the last one or two digits of a base64 group can be -.B = -to indicate that fewer than three binary bytes are encoded. -.PP -A character text value begins with a -.B 0t -(or -.BR 0T ) -prefix -and continues with text characters, each being the value of one binary byte. -.PP -All these functions basically copy data from -.I src -(whose size is specified by -.IR srclen ) -to -.I dst -(whose size is specified by -.IR dstlen ), -doing the conversion en route. -If the result will not fit in -.IR dst , -it is truncated; -under no circumstances are more than -.I dstlen -bytes of result written to -.IR dst . -.I Dstlen -can be zero, in which case -.I dst -need not be valid and no result bytes are written at all. -.PP -The -.I base -parameter of -.I ttodata -and -.I ttodatav -specifies what format the input is in; -normally it should be -.B 0 -to signify that this gets figured out from the prefix. -Values of -.BR 16 , -.BR 64 , -and -.BR 256 -respectively signify hexadecimal, base64, and character-text formats -without prefixes. -.PP -The -.I format -parameter of -.IR datatot , -a single character used as a type code, -specifies which text format is wanted. -The value -.B 0 -(not ASCII -.BR '0' , -but a zero value) specifies a reasonable default. -Other currently-supported values are: -.RS 2 -.TP 4 -.B 'x' -continuous lower-case hexadecimal with a -.B 0x -prefix -.TP -.B 'h' -lower-case hexadecimal with a -.B 0x -prefix and a -.B _ -every eight digits -.TP -.B ':' -lower-case hexadecimal with no prefix and a -.B : -(colon) every two digits -.TP -.B 16 -lower-case hexadecimal with no prefix or -.B _ -.TP -.B 's' -continuous base64 with a -.B 0s -prefix -.TP -.B 64 -continuous base64 with no prefix -.RE -.PP -The default format is currently -.BR 'h' . -.PP -.I Ttodata -returns NULL for success and -a pointer to a string-literal error message for failure; -see DIAGNOSTICS. -On success, -if and only if -.I lenp -is non-NULL, -.B *lenp -is set to the number of bytes required to contain the full untruncated result. -It is the caller's responsibility to check this against -.I dstlen -to determine whether he has obtained a complete result. -The -.B *lenp -value is correct even if -.I dstlen -is zero, which offers a way to determine how much space would be needed -before having to allocate any. -.PP -.I Ttodatav -is just like -.I ttodata -except that in certain cases, -if -.I errp -is non-NULL, -the buffer pointed to by -.I errp -(whose length is given by -.IR errlen ) -is used to hold a more detailed error message. -The return value is NULL for success, -and is either -.I errp -or a pointer to a string literal for failure. -If the size of the error-message buffer is -inadequate for the desired message, -.I ttodatav -will fall back on returning a pointer to a literal string instead. -The -.I freeswan.h -header file defines a constant -.B TTODATAV_BUF -which is the size of a buffer large enough for worst-case results. -.PP -The normal return value of -.IR datatot -is the number of bytes required -to contain the full untruncated result. -It is the caller's responsibility to check this against -.I dstlen -to determine whether he has obtained a complete result. -The return value is correct even if -.I dstlen -is zero, which offers a way to determine how much space would be needed -before having to allocate any. -A return value of -.B 0 -signals a fatal error of some kind -(see DIAGNOSTICS). -.PP -A zero value for -.I srclen -in -.I ttodata -(but not -.IR datatot !) -is synonymous with -.BR strlen(src) . -A non-zero -.I srclen -in -.I ttodata -must not include the terminating NUL. -.PP -Unless -.I dstlen -is zero, -the result supplied by -.I datatot -is always NUL-terminated, -and its needed-size return value includes space for the terminating NUL. -.PP -Several obsolete variants of these functions -.RI ( atodata , -.IR datatoa , -.IR atobytes , -and -.IR bytestoa ) -are temporarily also supported. -.SH SEE ALSO -sprintf(3), ipsec_atoaddr(3) -.SH DIAGNOSTICS -Fatal errors in -.I ttodata -and -.I ttodatav -are: -unknown characters in the input; -unknown or missing prefix; -unknown base; -incomplete digit group; -non-zero padding in a base64 less-than-three-bytes digit group; -zero-length input. -.PP -Fatal errors in -.I datatot -are: -unknown format code; -zero-length input. -.SH HISTORY -Written for the FreeS/WAN project by Henry Spencer. -.SH BUGS -.I Datatot -should have a format code to produce character-text output. -.PP -The -.B 0s -and -.B 0t -prefixes are the author's inventions and are not a standard -of any kind. -They have been chosen to avoid collisions with existing practice -(some C implementations use -.B 0b -for binary) -and possible confusion with unprefixed hexadecimal. diff --git a/src/libfreeswan/ttodata.c b/src/libfreeswan/ttodata.c deleted file mode 100644 index ef3717797..000000000 --- a/src/libfreeswan/ttodata.c +++ /dev/null @@ -1,720 +0,0 @@ -/* - * convert from text form of arbitrary data (e.g., keys) to binary - * Copyright (C) 2000 Henry Spencer. - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - */ -#include "internal.h" -#include "freeswan.h" - -/* converters and misc */ -static int unhex(const char *, char *, size_t); -static int unb64(const char *, char *, size_t); -static int untext(const char *, char *, size_t); -static const char *badch(const char *, int, char *, size_t); - -/* internal error codes for converters */ -#define SHORT (-2) /* internal buffer too short */ -#define BADPAD (-3) /* bad base64 padding */ -#define BADCH0 (-4) /* invalid character 0 */ -#define BADCH1 (-5) /* invalid character 1 */ -#define BADCH2 (-6) /* invalid character 2 */ -#define BADCH3 (-7) /* invalid character 3 */ -#define BADOFF(code) (BADCH0-(code)) - -/* - - ttodatav - convert text to data, with verbose error reports - * If some of this looks slightly odd, it's because it has changed - * repeatedly (from the original atodata()) without a major rewrite. - */ -const char * /* NULL on success, else literal or errp */ -ttodatav(src, srclen, base, dst, dstlen, lenp, errp, errlen, flags) -const char *src; -size_t srclen; /* 0 means apply strlen() */ -int base; /* 0 means figure it out */ -char *dst; /* need not be valid if dstlen is 0 */ -size_t dstlen; -size_t *lenp; /* where to record length (NULL is nowhere) */ -char *errp; /* error buffer */ -size_t errlen; -unsigned int flags; -{ - size_t ingroup; /* number of input bytes converted at once */ - char buf[4]; /* output from conversion */ - int nbytes; /* size of output */ - int (*decode)(const char *, char *, size_t); - char *stop; - int ndone; - int i; - int underscoreok; - int skipSpace = 0; - - if (srclen == 0) - srclen = strlen(src); - if (dstlen == 0) - dst = buf; /* point it somewhere valid */ - stop = dst + dstlen; - - if (base == 0) { - if (srclen < 2) - return "input too short to be valid"; - if (*src++ != '0') - return "input does not begin with format prefix"; - switch (*src++) { - case 'x': - case 'X': - base = 16; - break; - case 's': - case 'S': - base = 64; - break; - case 't': - case 'T': - base = 256; - break; - default: - return "unknown format prefix"; - } - srclen -= 2; - } - switch (base) { - case 16: - decode = unhex; - underscoreok = 1; - ingroup = 2; - break; - case 64: - decode = unb64; - underscoreok = 0; - ingroup = 4; - if(flags & TTODATAV_IGNORESPACE) { - skipSpace = 1; - } - break; - - case 256: - decode = untext; - ingroup = 1; - underscoreok = 0; - break; - default: - return "unknown base"; - } - - /* proceed */ - ndone = 0; - while (srclen > 0) { - char stage[4]; /* staging area for group */ - size_t sl = 0; - - /* Grab ingroup characters into stage, - * squeezing out blanks if we are supposed to ignore them. - */ - for (sl = 0; sl < ingroup; src++, srclen--) { - if (srclen == 0) - return "input ends in mid-byte, perhaps truncated"; - else if (!(skipSpace && (*src == ' ' || *src == '\t'))) - stage[sl++] = *src; - } - - nbytes = (*decode)(stage, buf, sizeof(buf)); - switch (nbytes) { - case BADCH0: - case BADCH1: - case BADCH2: - case BADCH3: - return badch(stage, nbytes, errp, errlen); - case SHORT: - return "internal buffer too short (\"can't happen\")"; - case BADPAD: - return "bad (non-zero) padding at end of base64 input"; - } - if (nbytes <= 0) - return "unknown internal error"; - for (i = 0; i < nbytes; i++) { - if (dst < stop) - *dst++ = buf[i]; - ndone++; - } - while (srclen >= 1 && skipSpace && (*src == ' ' || *src == '\t')){ - src++; - srclen--; - } - if (underscoreok && srclen > 1 && *src == '_') { - /* srclen > 1 means not last character */ - src++; - srclen--; - } - } - - if (ndone == 0) - return "no data bytes specified by input"; - if (lenp != NULL) - *lenp = ndone; - return NULL; -} - -/* - - ttodata - convert text to data - */ -const char * /* NULL on success, else literal */ -ttodata(src, srclen, base, dst, dstlen, lenp) -const char *src; -size_t srclen; /* 0 means apply strlen() */ -int base; /* 0 means figure it out */ -char *dst; /* need not be valid if dstlen is 0 */ -size_t dstlen; -size_t *lenp; /* where to record length (NULL is nowhere) */ -{ - return ttodatav(src, srclen, base, dst, dstlen, lenp, (char *)NULL, - (size_t)0, TTODATAV_SPACECOUNTS); -} - -/* - - atodata - convert ASCII to data - * backward-compatibility interface - */ -size_t /* 0 for failure, true length for success */ -atodata(src, srclen, dst, dstlen) -const char *src; -size_t srclen; -char *dst; -size_t dstlen; -{ - size_t len; - const char *err; - - err = ttodata(src, srclen, 0, dst, dstlen, &len); - if (err != NULL) - return 0; - return len; -} - -/* - - atobytes - convert ASCII to data bytes - * another backward-compatibility interface - */ -const char * -atobytes(src, srclen, dst, dstlen, lenp) -const char *src; -size_t srclen; -char *dst; -size_t dstlen; -size_t *lenp; -{ - return ttodata(src, srclen, 0, dst, dstlen, lenp); -} - -/* - - unhex - convert two ASCII hex digits to byte - */ -static int /* number of result bytes, or error code */ -unhex(src, dst, dstlen) -const char *src; /* known to be full length */ -char *dst; -size_t dstlen; /* not large enough is a failure */ -{ - char *p; - unsigned byte; - static char hex[] = "0123456789abcdef"; - - if (dstlen < 1) - return SHORT; - - p = strchr(hex, *src); - if (p == NULL) - p = strchr(hex, tolower(*src)); - if (p == NULL) - return BADCH0; - byte = (p - hex) << 4; - src++; - - p = strchr(hex, *src); - if (p == NULL) - p = strchr(hex, tolower(*src)); - if (p == NULL) - return BADCH1; - byte |= (p - hex); - - *dst = byte; - return 1; -} - -/* - - unb64 - convert four ASCII base64 digits to three bytes - * Note that a base64 digit group is padded out with '=' if it represents - * less than three bytes: one byte is dd==, two is ddd=, three is dddd. - */ -static int /* number of result bytes, or error code */ -unb64(src, dst, dstlen) -const char *src; /* known to be full length */ -char *dst; -size_t dstlen; -{ - char *p; - unsigned byte1; - unsigned byte2; - static char base64[] = - "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; - - if (dstlen < 3) - return SHORT; - - p = strchr(base64, *src++); - - if (p == NULL) - return BADCH0; - byte1 = (p - base64) << 2; /* first six bits */ - - p = strchr(base64, *src++); - if (p == NULL) { - return BADCH1; - } - - byte2 = p - base64; /* next six: two plus four */ - *dst++ = byte1 | (byte2 >> 4); - byte1 = (byte2 & 0xf) << 4; - - p = strchr(base64, *src++); - if (p == NULL) { - if (*(src-1) == '=' && *src == '=') { - if (byte1 != 0) /* bad padding */ - return BADPAD; - return 1; - } - return BADCH2; - } - - byte2 = p - base64; /* next six: four plus two */ - *dst++ = byte1 | (byte2 >> 2); - byte1 = (byte2 & 0x3) << 6; - - p = strchr(base64, *src++); - if (p == NULL) { - if (*(src-1) == '=') { - if (byte1 != 0) /* bad padding */ - return BADPAD; - return 2; - } - return BADCH3; - } - byte2 = p - base64; /* last six */ - *dst++ = byte1 | byte2; - - return 3; -} - -/* - - untext - convert one ASCII character to byte - */ -static int /* number of result bytes, or error code */ -untext(src, dst, dstlen) -const char *src; /* known to be full length */ -char *dst; -size_t dstlen; /* not large enough is a failure */ -{ - if (dstlen < 1) - return SHORT; - - *dst = *src; - return 1; -} - -/* - - badch - produce a nice complaint about an unknown character - * - * If the compiler complains that the array bigenough[] has a negative - * size, that means the TTODATAV_BUF constant has been set too small. - */ -static const char * /* literal or errp */ -badch(src, errcode, errp, errlen) -const char *src; -int errcode; -char *errp; /* might be NULL */ -size_t errlen; -{ - static const char pre[] = "unknown character (`"; - static const char suf[] = "') in input"; - char buf[5]; -# define REQD (sizeof(pre) - 1 + sizeof(buf) - 1 + sizeof(suf)) - struct sizecheck { - char bigenough[TTODATAV_BUF - REQD]; /* see above */ - }; - char ch; - - if (errp == NULL || errlen < REQD) - return "unknown character in input"; - strcpy(errp, pre); - ch = *(src + BADOFF(errcode)); - if (isprint(ch)) { - buf[0] = ch; - buf[1] = '\0'; - } else { - buf[0] = '\\'; - buf[1] = ((ch & 0700) >> 6) + '0'; - buf[2] = ((ch & 0070) >> 3) + '0'; - buf[3] = ((ch & 0007) >> 0) + '0'; - buf[4] = '\0'; - } - strcat(errp, buf); - strcat(errp, suf); - return (const char *)errp; -} - - - -#ifdef TTODATA_MAIN - -#include <stdio.h> - -struct artab; -static void check(struct artab *r, char *buf, size_t n, err_t oops, int *status); -static void regress(char *pgm); -static void hexout(const char *s, size_t len, FILE *f); - -/* - - main - convert first argument to hex, or run regression - */ -int -main(int argc, char *argv[]) -{ - char buf[1024]; - char buf2[1024]; - char err[512]; - size_t n; - size_t i; - char *p = buf; - char *p2 = buf2; - char *pgm = argv[0]; - const char *oops; - - if (argc < 2) { - fprintf(stderr, "Usage: %s {0x<hex>|0s<base64>|-r}\n", pgm); - exit(2); - } - - if (strcmp(argv[1], "-r") == 0) { - regress(pgm); /* should not return */ - fprintf(stderr, "%s: regress() returned?!?\n", pgm); - exit(1); - } - - oops = ttodatav(argv[1], 0, 0, buf, sizeof(buf), &n, - err, sizeof(err), TTODATAV_IGNORESPACE); - if (oops != NULL) { - fprintf(stderr, "%s: ttodata error `%s' in `%s'\n", pgm, - oops, argv[1]); - exit(1); - } - - if (n > sizeof(buf)) { - p = (char *)malloc((size_t)n); - if (p == NULL) { - fprintf(stderr, - "%s: unable to malloc %d bytes for result\n", - pgm, n); - exit(1); - } - oops = ttodata(argv[1], 0, 0, p, n, &n); - if (oops != NULL) { - fprintf(stderr, "%s: error `%s' in ttodata retry?!?\n", - pgm, oops); - exit(1); - } - } - - hexout(p, n, stdout); - printf("\n"); - - i = datatot(buf, n, 'h', buf2, sizeof(buf2)); - if (i == 0) { - fprintf(stderr, "%s: datatot reports error in `%s'\n", pgm, - argv[1]); - exit(1); - } - - if (i > sizeof(buf2)) { - p2 = (char *)malloc((size_t)i); - if (p == NULL) { - fprintf(stderr, - "%s: unable to malloc %d bytes for result\n", - pgm, i); - exit(1); - } - i = datatot(buf, n, 'h', p2, i); - if (i == 0) { - fprintf(stderr, "%s: error in datatoa retry?!?\n", pgm); - exit(1); - } - } - - printf("%s\n", p2); - - exit(0); -} - -/* - - hexout - output an arbitrary-length string in hex - */ -static void -hexout(s, len, f) -const char *s; -size_t len; -FILE *f; -{ - size_t i; - - fprintf(f, "0x"); - for (i = 0; i < len; i++) - fprintf(f, "%02x", (unsigned char)s[i]); -} - -struct artab { - int base; -# define IGNORESPACE_BIAS 1000 - char *ascii; /* NULL for end */ - char *data; /* NULL for error expected */ -} atodatatab[] = { - { 0, "", NULL, }, - { 0, "0", NULL, }, - { 0, "0x", NULL, }, - { 0, "0xa", NULL, }, - { 0, "0xab", "\xab", }, - { 0, "0xabc", NULL, }, - { 0, "0xabcd", "\xab\xcd", }, - { 0, "0x0123456789", "\x01\x23\x45\x67\x89", }, - { 0, "0x01x", NULL, }, - { 0, "0xabcdef", "\xab\xcd\xef", }, - { 0, "0xABCDEF", "\xab\xcd\xef", }, - { 0, "0XaBc0eEd81f", "\xab\xc0\xee\xd8\x1f", }, - { 0, "0XaBc0_eEd8", "\xab\xc0\xee\xd8", }, - { 0, "0XaBc0_", NULL, }, - { 0, "0X_aBc0", NULL, }, - { 0, "0Xa_Bc0", NULL, }, - { 16, "aBc0eEd8", "\xab\xc0\xee\xd8", }, - { 0, "0s", NULL, }, - { 0, "0sA", NULL, }, - { 0, "0sBA", NULL, }, - { 0, "0sCBA", NULL, }, - { 0, "0sDCBA", "\x0c\x20\x40", }, - { 0, "0SDCBA", "\x0c\x20\x40", }, - { 0, "0sDA==", "\x0c", }, - { 0, "0sDC==", NULL, }, - { 0, "0sDCA=", "\x0c\x20", }, - { 0, "0sDCB=", NULL, }, - { 0, "0sDCAZ", "\x0c\x20\x19", }, - { 0, "0sDCAa", "\x0c\x20\x1a", }, - { 0, "0sDCAz", "\x0c\x20\x33", }, - { 0, "0sDCA0", "\x0c\x20\x34", }, - { 0, "0sDCA9", "\x0c\x20\x3d", }, - { 0, "0sDCA+", "\x0c\x20\x3e", }, - { 0, "0sDCA/", "\x0c\x20\x3f", }, - { 0, "0sAbraCadabra+", "\x01\xba\xda\x09\xa7\x5a\x6e\xb6\xbe", }, - { IGNORESPACE_BIAS + 0, "0s AbraCadabra+", "\x01\xba\xda\x09\xa7\x5a\x6e\xb6\xbe", }, - { IGNORESPACE_BIAS + 0, "0sA braCadabra+", "\x01\xba\xda\x09\xa7\x5a\x6e\xb6\xbe", }, - { IGNORESPACE_BIAS + 0, "0sAb raCadabra+", "\x01\xba\xda\x09\xa7\x5a\x6e\xb6\xbe", }, - { IGNORESPACE_BIAS + 0, "0sAbr aCadabra+", "\x01\xba\xda\x09\xa7\x5a\x6e\xb6\xbe", }, - { IGNORESPACE_BIAS + 0, "0sAbra Cadabra+", "\x01\xba\xda\x09\xa7\x5a\x6e\xb6\xbe", }, - { IGNORESPACE_BIAS + 0, "0sAbraC adabra+", "\x01\xba\xda\x09\xa7\x5a\x6e\xb6\xbe", }, - { IGNORESPACE_BIAS + 0, "0sAbraCa dabra+", "\x01\xba\xda\x09\xa7\x5a\x6e\xb6\xbe", }, - { IGNORESPACE_BIAS + 0, "0sAbraCad abra+", "\x01\xba\xda\x09\xa7\x5a\x6e\xb6\xbe", }, - { IGNORESPACE_BIAS + 0, "0sAbraCada bra+", "\x01\xba\xda\x09\xa7\x5a\x6e\xb6\xbe", }, - { IGNORESPACE_BIAS + 0, "0sAbraCadab ra+", "\x01\xba\xda\x09\xa7\x5a\x6e\xb6\xbe", }, - { IGNORESPACE_BIAS + 0, "0sAbraCadabr a+", "\x01\xba\xda\x09\xa7\x5a\x6e\xb6\xbe", }, - { IGNORESPACE_BIAS + 0, "0sAbraCadabra +", "\x01\xba\xda\x09\xa7\x5a\x6e\xb6\xbe", }, - { IGNORESPACE_BIAS + 0, "0sAbraCadabra+ ", "\x01\xba\xda\x09\xa7\x5a\x6e\xb6\xbe", }, - { 0, "0t", NULL, }, - { 0, "0tabc_xyz", "abc_xyz", }, - { 256, "abc_xyz", "abc_xyz", }, - { 0, NULL, NULL, }, -}; - -struct drtab { - char *data; /* input; NULL for end */ - char format; - int buflen; /* -1 means big buffer */ - int outlen; /* -1 means strlen(ascii)+1 */ - char *ascii; /* NULL for error expected */ -} datatoatab[] = { - { "", 'x', -1, -1, NULL, }, - { "", 'X', -1, -1, NULL, }, - { "", 'n', -1, -1, NULL, }, - { "0", 'x', -1, -1, "0x30", }, - { "0", 'x', 0, 5, "---", }, - { "0", 'x', 1, 5, "", }, - { "0", 'x', 2, 5, "0", }, - { "0", 'x', 3, 5, "0x", }, - { "0", 'x', 4, 5, "0x3", }, - { "0", 'x', 5, 5, "0x30", }, - { "0", 'x', 6, 5, "0x30", }, - { "\xab\xcd", 'x', -1, -1, "0xabcd", }, - { "\x01\x23\x45\x67\x89", 'x', -1, -1, "0x0123456789", }, - { "\xab\xcd\xef", 'x', -1, -1, "0xabcdef", }, - { "\xab\xc0\xee\xd8\x1f", 'x', -1, -1, "0xabc0eed81f", }, - { "\x01\x02", 'h', -1, -1, "0x0102", }, - { "\x01\x02\x03\x04\x05\x06", 'h', -1, -1, "0x01020304_0506", }, - { "\xab\xc0\xee\xd8\x1f", 16, -1, -1, "abc0eed81f", }, - { "\x0c\x20\x40", 's', -1, -1, "0sDCBA", }, - { "\x0c\x20\x40", 's', 0, 7, "---", }, - { "\x0c\x20\x40", 's', 1, 7, "", }, - { "\x0c\x20\x40", 's', 2, 7, "0", }, - { "\x0c\x20\x40", 's', 3, 7, "0s", }, - { "\x0c\x20\x40", 's', 4, 7, "0sD", }, - { "\x0c\x20\x40", 's', 5, 7, "0sDC", }, - { "\x0c\x20\x40", 's', 6, 7, "0sDCB", }, - { "\x0c\x20\x40", 's', 7, 7, "0sDCBA", }, - { "\x0c\x20\x40", 's', 8, 7, "0sDCBA", }, - { "\x0c", 's', -1, -1, "0sDA==", }, - { "\x0c\x20", 's', -1, -1, "0sDCA=", }, - { "\x0c\x20\x19", 's', -1, -1, "0sDCAZ", }, - { "\x0c\x20\x1a", 's', -1, -1, "0sDCAa", }, - { "\x0c\x20\x33", 's', -1, -1, "0sDCAz", }, - { "\x0c\x20\x34", 's', -1, -1, "0sDCA0", }, - { "\x0c\x20\x3d", 's', -1, -1, "0sDCA9", }, - { "\x0c\x20\x3e", 's', -1, -1, "0sDCA+", }, - { "\x0c\x20\x3f", 's', -1, -1, "0sDCA/", }, - { "\x01\xba\xda\x09\xa7\x5a\x6e\xb6\xbe", 's', -1, -1, "0sAbraCadabra+", }, - { "\x01\xba\xda\x09\xa7\x5a\x6e\xb6\xbe", 64, -1, -1, "AbraCadabra+", }, - { NULL, 'x', -1, -1, NULL, }, -}; - -/* - - regress - regression-test ttodata() and datatot() - */ -static void -check(r, buf, n, oops, status) -struct artab *r; -char *buf; -size_t n; -err_t oops; -int *status; -{ - if (oops != NULL && r->data == NULL) - {} /* error expected */ - else if (oops != NULL) { - printf("`%s' gave error `%s', expecting %d `", r->ascii, - oops, strlen(r->data)); - hexout(r->data, strlen(r->data), stdout); - printf("'\n"); - *status = 1; - } else if (r->data == NULL) { - printf("`%s' gave %d `", r->ascii, n); - hexout(buf, n, stdout); - printf("', expecting error\n"); - *status = 1; - } else if (n != strlen(r->data)) { - printf("length wrong in `%s': got %d `", r->ascii, n); - hexout(buf, n, stdout); - printf("', expecting %d `", strlen(r->data)); - hexout(r->data, strlen(r->data), stdout); - printf("'\n"); - *status = 1; - } else if (memcmp(buf, r->data, n) != 0) { - printf("`%s' gave %d `", r->ascii, n); - hexout(buf, n, stdout); - printf("', expecting %d `", strlen(r->data)); - hexout(r->data, strlen(r->data), stdout); - printf("'\n"); - *status = 1; - } - fflush(stdout); -} - -static void /* should not return at all, in fact */ -regress(pgm) -char *pgm; -{ - struct artab *r; - struct drtab *dr; - char buf[100]; - size_t n; - int status = 0; - - for (r = atodatatab; r->ascii != NULL; r++) { - int base = r->base; - int xbase = 0; - - if ((base == 0 || base == IGNORESPACE_BIAS + 0) && r->ascii[0] == '0') { - switch (r->ascii[1]) { - case 'x': - case 'X': - xbase = 16; - break; - case 's': - case 'S': - xbase = 64; - break; - case 't': - case 'T': - xbase = 256; - break; - } - } - - if (base >= IGNORESPACE_BIAS) { - base = base - IGNORESPACE_BIAS; - check(r, buf, n, ttodatav(r->ascii, 0, base, buf, sizeof(buf), &n, NULL, 0, TTODATAV_IGNORESPACE), &status); - if (xbase != 0) - check(r, buf, n, ttodatav(r->ascii+2, 0, xbase, buf, sizeof(buf), &n, NULL, 0, TTODATAV_IGNORESPACE), &status); - } else { - check(r, buf, n, ttodata(r->ascii, 0, base, buf, sizeof(buf), &n), &status); - if (base == 64 || xbase == 64) - check(r, buf, n, ttodatav(r->ascii, 0, base, buf, sizeof(buf), &n, NULL, 0, TTODATAV_IGNORESPACE), &status); - if (xbase != 0) { - check(r, buf, n, ttodata(r->ascii+2, 0, xbase, buf, sizeof(buf), &n), &status); - if (base == 64 || xbase == 64) - check(r, buf, n, ttodatav(r->ascii+2, 0, xbase, buf, sizeof(buf), &n, NULL, 0, TTODATAV_IGNORESPACE), &status); - } - } - } - for (dr = datatoatab; dr->data != NULL; dr++) { - size_t should; - - strcpy(buf, "---"); - n = datatot(dr->data, strlen(dr->data), dr->format, buf, - (dr->buflen == -1) ? sizeof(buf) : dr->buflen); - should = (dr->ascii == NULL) ? 0 : strlen(dr->ascii) + 1; - if (dr->outlen != -1) - should = dr->outlen; - if (n == 0 && dr->ascii == NULL) - {} /* error expected */ - else if (n == 0) { - printf("`"); - hexout(dr->data, strlen(dr->data), stdout); - printf("' %c gave error, expecting %d `%s'\n", - dr->format, should, dr->ascii); - status = 1; - } else if (dr->ascii == NULL) { - printf("`"); - hexout(dr->data, strlen(dr->data), stdout); - printf("' %c gave %d `%.*s', expecting error\n", - dr->format, n, (int)n, buf); - status = 1; - } else if (n != should) { - printf("length wrong in `"); - hexout(dr->data, strlen(dr->data), stdout); - printf("': got %d `%s'", n, buf); - printf(", expecting %d `%s'\n", should, dr->ascii); - status = 1; - } else if (strcmp(buf, dr->ascii) != 0) { - printf("`"); - hexout(dr->data, strlen(dr->data), stdout); - printf("' gave %d `%s'", n, buf); - printf(", expecting %d `%s'\n", should, dr->ascii); - status = 1; - } - fflush(stdout); - } - exit(status); -} - -#endif /* TTODATA_MAIN */ diff --git a/src/libfreeswan/ttoprotoport.c b/src/libfreeswan/ttoprotoport.c deleted file mode 100644 index e75b206be..000000000 --- a/src/libfreeswan/ttoprotoport.c +++ /dev/null @@ -1,101 +0,0 @@ -/* - * conversion from protocol/port string to protocol and port - * Copyright (C) 2002 Mario Strasser <mast@gmx.net>, - * Zuercher Hochschule Winterthur, - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include "internal.h" -#include "freeswan.h" - -/* - * ttoprotoport - converts from protocol/port string to protocol and port - */ -err_t -ttoprotoport(src, src_len, proto, port, has_port_wildcard) -char *src; /* input string */ -size_t src_len; /* length of input string, use strlen() if 0 */ -u_int8_t *proto; /* extracted protocol number */ -u_int16_t *port; /* extracted port number if it exists */ -bool *has_port_wildcard; /* set if port is %any */ -{ - char *end, *service_name; - char proto_name[16]; - int proto_len; - long int l; - struct protoent *protocol; - struct servent *service; - - /* get the length of the string */ - if (!src_len) src_len = strlen(src); - - /* locate delimiter '/' between protocol and port */ - end = strchr(src, '/'); - if (end != NULL) { - proto_len = end - src; - service_name = end + 1; - } else { - proto_len = src_len; - service_name = src + src_len; - } - - /* copy protocol name*/ - memset(proto_name, '\0', sizeof(proto_name)); - memcpy(proto_name, src, proto_len); - - /* extract protocol by trying to resolve it by name */ - protocol = getprotobyname(proto_name); - if (protocol != NULL) { - *proto = protocol->p_proto; - } - else /* failed, now try it by number */ - { - l = strtol(proto_name, &end, 0); - - if (*proto_name && *end) - return "<protocol> is neither a number nor a valid name"; - - if (l < 0 || l > 0xff) - return "<protocol> must be between 0 and 255"; - - *proto = (u_int8_t)l; - } - - /* is there a port wildcard? */ - *has_port_wildcard = (strcmp(service_name, "%any") == 0); - - if (*has_port_wildcard) - { - *port = 0; - return NULL; - } - - /* extract port by trying to resolve it by name */ - service = getservbyname(service_name, NULL); - if (service != NULL) { - *port = ntohs(service->s_port); - } - else /* failed, now try it by number */ - { - l = strtol(service_name, &end, 0); - - if (*service_name && *end) - return "<port> is neither a number nor a valid name"; - - if (l < 0 || l > 0xffff) - return "<port> must be between 0 and 65535"; - - *port = (u_int16_t)l; - } - return NULL; -} - diff --git a/src/libfreeswan/ttosa.3 b/src/libfreeswan/ttosa.3 deleted file mode 100644 index f9ea36a09..000000000 --- a/src/libfreeswan/ttosa.3 +++ /dev/null @@ -1,287 +0,0 @@ -.TH IPSEC_TTOSA 3 "26 Nov 2001" -.SH NAME -ipsec ttosa, satot \- convert IPsec Security Association IDs to and from text -.br -ipsec initsaid \- initialize an SA ID -.SH SYNOPSIS -.B "#include <freeswan.h> -.sp -.B "typedef struct {" -.ti +1c -.B "ip_address dst;" -.ti +1c -.B "ipsec_spi_t spi;" -.ti +1c -.B "int proto;" -.br -.B "} ip_said;" -.sp -.B "const char *ttosa(const char *src, size_t srclen," -.ti +1c -.B "ip_said *sa); -.br -.B "size_t satot(const ip_said *sa, int format," -.ti +1c -.B "char *dst, size_t dstlen);" -.br -.B "void initsaid(const ip_address *addr, ipsec_spi_t spi," -.ti +1c -.B "int proto, ip_said *dst);" -.SH DESCRIPTION -.I Ttosa -converts an ASCII Security Association (SA) specifier into an -.B ip_said -structure (containing -a destination-host address -in network byte order, -an SPI number in network byte order, and -a protocol code). -.I Satot -does the reverse conversion, back to a text SA specifier. -.I Initsaid -initializes an -.B ip_said -from separate items of information. -.PP -An SA is specified in text with a mail-like syntax, e.g. -.BR esp.5a7@1.2.3.4 . -An SA specifier contains -a protocol prefix (currently -.BR ah , -.BR esp , -.BR tun , -.BR comp , -or -.BR int ), -a single character indicating the address family -.RB ( . -for IPv4, -.B : -for IPv6), -an unsigned integer SPI number in hexadecimal (with no -.B 0x -prefix), -and an IP address. -The IP address can be any form accepted by -.IR ipsec_ttoaddr (3), -e.g. dotted-decimal IPv4 address, -colon-hex IPv6 address, -or DNS name. -.PP -As a special case, the SA specifier -.B %passthrough4 -or -.B %passthrough6 -signifies the special SA used to indicate that packets should be -passed through unaltered. -(At present, these are synonyms for -.B tun.0@0.0.0.0 -and -.B tun:0@:: -respectively, -but that is subject to change without notice.) -.B %passthrough -is a historical synonym for -.BR %passthrough4 . -These forms are known to both -.I ttosa -and -.IR satot , -so the internal representation is never visible. -.PP -Similarly, the SA specifiers -.BR %pass , -.BR %drop , -.BR %reject , -.BR %hold , -.BR %trap , -and -.BR %trapsubnet -signify special ``magic'' SAs used to indicate that packets should be -passed, dropped, rejected (dropped with ICMP notification), -held, -and trapped (sent up to -.IR ipsec_pluto (8), -with either of two forms of -.B %hold -automatically installed) -respectively. -These forms too are known to both routines, -so the internal representation of the magic SAs should never be visible. -.PP -The -.B <freeswan.h> -header file supplies the -.B ip_said -structure, as well as a data type -.B ipsec_spi_t -which is an unsigned 32-bit integer. -(There is no consistency between kernel and user on what such a type -is called, hence the header hides the differences.) -.PP -The protocol code uses the same numbers that IP does. -For user convenience, given the difficulty in acquiring the exact set of -protocol names used by the kernel, -.B <freeswan.h> -defines the names -.BR SA_ESP , -.BR SA_AH , -.BR SA_IPIP , -and -.BR SA_COMP -to have the same values as the kernel names -.BR IPPROTO_ESP , -.BR IPPROTO_AH , -.BR IPPROTO_IPIP , -and -.BR IPPROTO_COMP . -.PP -.B <freeswan.h> -also defines -.BR SA_INT -to have the value -.BR 61 -(reserved by IANA for ``any host internal protocol'') -and -.BR SPI_PASS , -.BR SPI_DROP , -.BR SPI_REJECT , -.BR SPI_HOLD , -and -.B SPI_TRAP -to have the values 256-260 (in \fIhost\fR byte order) respectively. -These are used in constructing the magic SAs -(which always have address -.BR 0.0.0.0 ). -.PP -If -.I satot -encounters an unknown protocol code, e.g. 77, -it yields output using a prefix -showing the code numerically, e.g. ``unk77''. -This form is -.I not -recognized by -.IR ttosa . -.PP -The -.I srclen -parameter of -.I ttosa -specifies the length of the string pointed to by -.IR src ; -it is an error for there to be anything else -(e.g., a terminating NUL) within that length. -As a convenience for cases where an entire NUL-terminated string is -to be converted, -a -.I srclen -value of -.B 0 -is taken to mean -.BR strlen(src) . -.PP -The -.I dstlen -parameter of -.I satot -specifies the size of the -.I dst -parameter; -under no circumstances are more than -.I dstlen -bytes written to -.IR dst . -A result which will not fit is truncated. -.I Dstlen -can be zero, in which case -.I dst -need not be valid and no result is written, -but the return value is unaffected; -in all other cases, the (possibly truncated) result is NUL-terminated. -The -.B <freeswan.h> -header file defines a constant, -.BR SATOT_BUF , -which is the size of a buffer just large enough for worst-case results. -.PP -The -.I format -parameter of -.I satot -specifies what format is to be used for the conversion. -The value -.B 0 -(not the ASCII character -.BR '0' , -but a zero value) -specifies a reasonable default -(currently -lowercase protocol prefix, lowercase hexadecimal SPI, -dotted-decimal or colon-hex address). -The value -.B 'f' -is similar except that the SPI is padded with -.BR 0 s -to a fixed 32-bit width, to ease aligning displayed tables. -.PP -.I Ttosa -returns -.B NULL -for success and -a pointer to a string-literal error message for failure; -see DIAGNOSTICS. -.I Satot -returns -.B 0 -for a failure, and otherwise -always returns the size of buffer which would -be needed to -accommodate the full conversion result, including terminating NUL; -it is the caller's responsibility to check this against the size of -the provided buffer to determine whether truncation has occurred. -.PP -There is also, temporarily, support for some obsolete -forms of SA specifier which lack the address-family indicator. -.SH SEE ALSO -ipsec_ttoul(3), ipsec_ttoaddr(3), ipsec_samesaid(3), inet(3) -.SH DIAGNOSTICS -Fatal errors in -.I ttosa -are: -empty input; -input too small to be a legal SA specifier; -no -.B @ -in input; -unknown protocol prefix; -conversion error in -.I ttoul -or -.IR ttoaddr . -.PP -Fatal errors in -.I satot -are: -unknown format. -.SH HISTORY -Written for the FreeS/WAN project by Henry Spencer. -.SH BUGS -The restriction of text-to-binary error reports to literal strings -(so that callers don't need to worry about freeing them or copying them) -does limit the precision of error reporting. -.PP -The text-to-binary error-reporting convention lends itself -to slightly obscure code, -because many readers will not think of NULL as signifying success. -A good way to make it clearer is to write something like: -.PP -.RS -.nf -.B "const char *error;" -.sp -.B "error = ttosa( /* ... */ );" -.B "if (error != NULL) {" -.B " /* something went wrong */" -.fi -.RE diff --git a/src/libfreeswan/ttosa.c b/src/libfreeswan/ttosa.c deleted file mode 100644 index 9873231c0..000000000 --- a/src/libfreeswan/ttosa.c +++ /dev/null @@ -1,280 +0,0 @@ -/* - * convert from text form of SA ID to binary - * Copyright (C) 2000, 2001 Henry Spencer. - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - */ -#include <sys/socket.h> - -#include "internal.h" -#include "freeswan.h" - -static struct satype { - char *prefix; - size_t prelen; /* strlen(prefix) */ - int proto; -} satypes[] = { - { "ah", 2, SA_AH }, - { "esp", 3, SA_ESP }, - { "tun", 3, SA_IPIP }, - { "comp", 4, SA_COMP }, - { "int", 3, SA_INT }, - { NULL, 0, 0, } -}; - -static struct magic { - char *name; - char *really; -} magic[] = { - { PASSTHROUGHNAME, PASSTHROUGH4IS }, - { PASSTHROUGH4NAME, PASSTHROUGH4IS }, - { PASSTHROUGH6NAME, PASSTHROUGH6IS }, - { "%pass", "int256@0.0.0.0" }, - { "%drop", "int257@0.0.0.0" }, - { "%reject", "int258@0.0.0.0" }, - { "%hold", "int259@0.0.0.0" }, - { "%trap", "int260@0.0.0.0" }, - { "%trapsubnet", "int261@0.0.0.0" }, - { NULL, NULL } -}; - -/* - - ttosa - convert text "ah507@10.0.0.1" to SA identifier - */ -err_t /* NULL for success, else string literal */ -ttosa(src, srclen, sa) -const char *src; -size_t srclen; /* 0 means "apply strlen" */ -ip_said *sa; -{ - const char *at; - const char *addr; - size_t alen; - const char *spi = NULL; - struct satype *sat; - unsigned long ul; - const char *oops; - struct magic *mp; - size_t nlen; -# define MINLEN 5 /* ah0@0 is as short as it can get */ - int af; - int base; - - if (srclen == 0) - srclen = strlen(src); - if (srclen == 0) - return "empty string"; - if (srclen < MINLEN) - return "string too short to be SA identifier"; - if (*src == '%') { - for (mp = magic; mp->name != NULL; mp++) { - nlen = strlen(mp->name); - if (srclen == nlen && memcmp(src, mp->name, nlen) == 0) - break; - } - if (mp->name == NULL) - return "unknown % keyword"; - src = mp->really; - srclen = strlen(src); - } - - at = memchr(src, '@', srclen); - if (at == NULL) - return "no @ in SA specifier"; - - for (sat = satypes; sat->prefix != NULL; sat++) - if (sat->prelen < srclen && - strncmp(src, sat->prefix, sat->prelen) == 0) { - sa->proto = sat->proto; - spi = src + sat->prelen; - break; /* NOTE BREAK OUT */ - } - if (sat->prefix == NULL) - return "SA specifier lacks valid protocol prefix"; - - if (spi >= at) - return "no SPI in SA specifier"; - switch (*spi) { - case '.': - af = AF_INET; - spi++; - base = 16; - break; - case ':': - af = AF_INET6; - spi++; - base = 16; - break; - default: - af = AF_UNSPEC; /* not known yet */ - base = 0; - break; - } - if (spi >= at) - return "no SPI found in SA specifier"; - oops = ttoul(spi, at - spi, base, &ul); - if (oops != NULL) - return oops; - sa->spi = htonl(ul); - - addr = at + 1; - alen = srclen - (addr - src); - if (af == AF_UNSPEC) - af = (memchr(addr, ':', alen) != NULL) ? AF_INET6 : AF_INET; - oops = ttoaddr(addr, alen, af, &sa->dst); - if (oops != NULL) - return oops; - - return NULL; -} - - - -#ifdef TTOSA_MAIN - -#include <stdio.h> - -void regress(void); - -int -main(int argc, char *argv[]) -{ - ip_said sa; - char buf[100]; - char buf2[100]; - const char *oops; - size_t n; - - if (argc < 2) { - fprintf(stderr, "Usage: %s {ahnnn@aaa|-r}\n", argv[0]); - exit(2); - } - - if (strcmp(argv[1], "-r") == 0) { - regress(); - fprintf(stderr, "regress() returned?!?\n"); - exit(1); - } - - oops = ttosa(argv[1], 0, &sa); - if (oops != NULL) { - fprintf(stderr, "%s: conversion failed: %s\n", argv[0], oops); - exit(1); - } - n = satot(&sa, 0, buf, sizeof(buf)); - if (n > sizeof(buf)) { - fprintf(stderr, "%s: reverse conv of `%d'", argv[0], sa.proto); - fprintf(stderr, "%lx@", (long unsigned int)sa.spi); - (void) addrtot(&sa.dst, 0, buf2, sizeof(buf2)); - fprintf(stderr, "%s", buf2); - fprintf(stderr, " failed: need %ld bytes, have only %ld\n", - (long)n, (long)sizeof(buf)); - exit(1); - } - printf("%s\n", buf); - - exit(0); -} - -struct rtab { - int format; -# define FUDGE 0x1000 - char *input; - char *output; /* NULL means error expected */ -} rtab[] = { - {0, "esp257@1.2.3.0", "esp.101@1.2.3.0"}, - {0, "ah0x20@1.2.3.4", "ah.20@1.2.3.4"}, - {0, "tun20@1.2.3.4", "tun.14@1.2.3.4"}, - {0, "comp20@1.2.3.4", "comp.14@1.2.3.4"}, - {0, "esp257@::1", "esp:101@::1"}, - {0, "esp257@0bc:12de::1", "esp:101@bc:12de::1"}, - {0, "esp78@1049:1::8007:2040", "esp:4e@1049:1::8007:2040"}, - {0, "esp0x78@1049:1::8007:2040", "esp:78@1049:1::8007:2040"}, - {0, "ah78@1049:1::8007:2040", "ah:4e@1049:1::8007:2040"}, - {0, "ah0x78@1049:1::8007:2040", "ah:78@1049:1::8007:2040"}, - {0, "tun78@1049:1::8007:2040", "tun:4e@1049:1::8007:2040"}, - {0, "tun0x78@1049:1::8007:2040", "tun:78@1049:1::8007:2040"}, - {0, "duk99@3ffe:370:400:ff::9001:3001", NULL}, - {0, "esp78x@1049:1::8007:2040", NULL}, - {0, "esp0x78@1049:1:0xfff::8007:2040", NULL}, - {0, "es78@1049:1::8007:2040", NULL}, - {0, "", NULL}, - {0, "_", NULL}, - {0, "ah2.2", NULL}, - {0, "goo2@1.2.3.4", NULL}, - {0, "esp9@1.2.3.4", "esp.9@1.2.3.4"}, - {'f', "esp0xa9@1.2.3.4", "esp.000000a9@1.2.3.4"}, - {0, "espp9@1.2.3.4", NULL}, - {0, "es9@1.2.3.4", NULL}, - {0, "ah@1.2.3.4", NULL}, - {0, "esp7x7@1.2.3.4", NULL}, - {0, "esp77@1.0x2.3.4", NULL}, - {0, PASSTHROUGHNAME, PASSTHROUGH4NAME}, - {0, PASSTHROUGH6NAME, PASSTHROUGH6NAME}, - {0, "%pass", "%pass"}, - {0, "int256@0.0.0.0", "%pass"}, - {0, "%drop", "%drop"}, - {0, "int257@0.0.0.0", "%drop"}, - {0, "%reject", "%reject"}, - {0, "int258@0.0.0.0", "%reject"}, - {0, "%hold", "%hold"}, - {0, "int259@0.0.0.0", "%hold"}, - {0, "%trap", "%trap"}, - {0, "int260@0.0.0.0", "%trap"}, - {0, "%trapsubnet", "%trapsubnet"}, - {0, "int261@0.0.0.0", "%trapsubnet"}, - {0, "int262@0.0.0.0", "int.106@0.0.0.0"}, - {FUDGE, "esp9@1.2.3.4", "unk77.9@1.2.3.4"}, - {0, NULL, NULL} -}; - -void -regress(void) -{ - struct rtab *r; - int status = 0; - ip_said sa; - char in[100]; - char buf[100]; - const char *oops; - size_t n; - - for (r = rtab; r->input != NULL; r++) { - strcpy(in, r->input); - oops = ttosa(in, 0, &sa); - if (oops != NULL && r->output == NULL) - {} /* okay, error expected */ - else if (oops != NULL) { - printf("`%s' ttosa failed: %s\n", r->input, oops); - status = 1; - } else if (r->output == NULL) { - printf("`%s' ttosa succeeded unexpectedly\n", - r->input); - status = 1; - } else { - if (r->format&FUDGE) - sa.proto = 77; - n = satot(&sa, (char)r->format, buf, sizeof(buf)); - if (n > sizeof(buf)) { - printf("`%s' satot failed: need %ld\n", - r->input, (long)n); - status = 1; - } else if (strcmp(r->output, buf) != 0) { - printf("`%s' gave `%s', expected `%s'\n", - r->input, buf, r->output); - status = 1; - } - } - } - exit(status); -} - -#endif /* TTOSA_MAIN */ diff --git a/src/libfreeswan/ttosubnet.c b/src/libfreeswan/ttosubnet.c deleted file mode 100644 index a18a3f326..000000000 --- a/src/libfreeswan/ttosubnet.c +++ /dev/null @@ -1,296 +0,0 @@ -/* - * convert from text form of subnet specification to binary - * Copyright (C) 2000 Henry Spencer. - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - */ -#include <sys/socket.h> - -#include "internal.h" -#include "freeswan.h" - -#ifndef DEFAULTSUBNET -#define DEFAULTSUBNET "%default" -#endif - -/* - - ttosubnet - convert text "addr/mask" to address and mask - * Mask can be integer bit count. - */ -err_t -ttosubnet(src, srclen, af, dst) -const char *src; -size_t srclen; /* 0 means "apply strlen" */ -int af; /* AF_INET or AF_INET6 */ -ip_subnet *dst; -{ - const char *slash; - const char *colon; - const char *mask; - size_t mlen; - const char *oops; - unsigned long bc; - static char def[] = DEFAULTSUBNET; -# define DEFLEN (sizeof(def) - 1) /* -1 for NUL */ - static char defis4[] = "0/0"; -# define DEFIS4LEN (sizeof(defis4) - 1) - static char defis6[] = "::/0"; -# define DEFIS6LEN (sizeof(defis6) - 1) - ip_address addrtmp; - ip_address masktmp; - int nbits; - int i; - - if (srclen == 0) - srclen = strlen(src); - if (srclen == 0) - return "empty string"; - - switch (af) { - case AF_INET: - nbits = 32; - break; - case AF_INET6: - nbits = 128; - break; - default: - return "unknown address family in ttosubnet"; - break; - } - - if (srclen == DEFLEN && strncmp(src, def, srclen) == 0) { - src = (af == AF_INET) ? defis4 : defis6; - srclen = (af == AF_INET) ? DEFIS4LEN : DEFIS6LEN; - } - - slash = memchr(src, '/', srclen); - if (slash == NULL) - return "no / in subnet specification"; - mask = slash + 1; - mlen = srclen - (mask - src); - - oops = ttoaddr(src, slash-src, af, &addrtmp); - if (oops != NULL) - return oops; - - /* extract port */ - colon = memchr(mask, ':', mlen); - if (colon == 0) - { - setportof(0, &addrtmp); - } - else - { - long port; - - oops = ttoul(colon+1, mlen-(colon-mask+1), 10, &port); - if (oops != NULL) - return oops; - setportof(htons(port), &addrtmp); - mlen = colon - mask; - } - - /*extract mask */ - oops = ttoul(mask, mlen, 10, &bc); - if (oops == NULL) { - /* ttoul succeeded, it's a bit-count mask */ - if (bc > nbits) - return "subnet mask bit count too large"; - i = bc; - } else { - oops = ttoaddr(mask, mlen, af, &masktmp); - if (oops != NULL) - return oops; - i = masktocount(&masktmp); - if (i < 0) - return "non-contiguous or otherwise erroneous mask"; - } - - return initsubnet(&addrtmp, i, '0', dst); -} - - - -#ifdef TTOSUBNET_MAIN - -#include <stdio.h> - -void regress(void); - -int main(int argc, char *argv[]) -{ - ip_subnet s; - char buf[100]; - char buf2[100]; - const char *oops; - size_t n; - int af; - char *p; - - if (argc < 2) { - fprintf(stderr, "Usage: %s [-6] addr/mask\n", argv[0]); - fprintf(stderr, " or: %s -r\n", argv[0]); - exit(2); - } - - if (strcmp(argv[1], "-r") == 0) { - regress(); - fprintf(stderr, "regress() returned?!?\n"); - exit(1); - } - - af = AF_INET; - p = argv[1]; - if (strcmp(argv[1], "-6") == 0) { - af = AF_INET6; - p = argv[2]; - } else if (strchr(argv[1], ':') != NULL) - af = AF_INET6; - - oops = ttosubnet(p, 0, af, &s); - if (oops != NULL) { - fprintf(stderr, "%s: conversion failed: %s\n", argv[0], oops); - exit(1); - } - n = subnettot(&s, 0, buf, sizeof(buf)); - if (n > sizeof(buf)) { - fprintf(stderr, "%s: reverse conversion of ", argv[0]); - (void) addrtot(&s.addr, 0, buf2, sizeof(buf2)); - fprintf(stderr, "%s/", buf2); - fprintf(stderr, "%d", s.maskbits); - fprintf(stderr, " failed: need %ld bytes, have only %ld\n", - (long)n, (long)sizeof(buf)); - exit(1); - } - printf("%s\n", buf); - - exit(0); -} - -struct rtab { - int family; - char *input; - char *output; /* NULL means error expected */ -} rtab[] = { - {4, "1.2.3.0/255.255.255.0", "1.2.3.0/24"}, - {4, "1.2.3.0/24", "1.2.3.0/24"}, - {4, "1.2.3.0/24:10", "1.2.3.0/24:10"}, - {4, "1.2.3.0/24:-1", NULL}, - {4, "1.2.3.0/24:none", NULL}, - {4, "1.2.3.0/24:", NULL}, - {4, "1.2.3.0/24:0x10", "1.2.3.0/24:16"}, - {4, "1.2.3.0/24:0X10", "1.2.3.0/24:16"}, - {4, "1.2.3.0/24:010", "1.2.3.0/24:8"}, - {4, "1.2.3.1/255.255.255.240", "1.2.3.0/28"}, - {4, "1.2.3.1/32", "1.2.3.1/32"}, - {4, "1.2.3.1/0", "0.0.0.0/0"}, -/* {4, "1.2.3.1/255.255.127.0", "1.2.3.0/255.255.127.0"}, */ - {4, "1.2.3.1/255.255.127.0", NULL}, - {4, "128.009.000.032/32", "128.9.0.32/32"}, - {4, "128.0x9.0.32/32", NULL}, - {4, "0x80090020/32", "128.9.0.32/32"}, - {4, "0x800x0020/32", NULL}, - {4, "128.9.0.32/0xffFF0000", "128.9.0.0/16"}, - {4, "128.9.0.32/0xff0000FF", NULL}, - {4, "128.9.0.32/0x0000ffFF", NULL}, - {4, "128.9.0.32/0x00ffFF0000", NULL}, - {4, "128.9.0.32/0xffFF", NULL}, - {4, "128.9.0.32.27/32", NULL}, - {4, "128.9.0k32/32", NULL}, - {4, "328.9.0.32/32", NULL}, - {4, "128.9..32/32", NULL}, - {4, "10/8", "10.0.0.0/8"}, - {4, "10.0/8", "10.0.0.0/8"}, - {4, "10.0.0/8", "10.0.0.0/8"}, - {4, "10.0.1/24", "10.0.1.0/24"}, - {4, "_", NULL}, - {4, "_/_", NULL}, - {4, "1.2.3.1", NULL}, - {4, "1.2.3.1/_", NULL}, - {4, "1.2.3.1/24._", NULL}, - {4, "1.2.3.1/99", NULL}, - {4, "localhost/32", "127.0.0.1/32"}, - {4, "%default", "0.0.0.0/0"}, - {6, "3049:1::8007:2040/0", "::/0"}, - {6, "3049:1::8007:2040/128", "3049:1::8007:2040/128"}, - {6, "3049:1::192.168.0.1/128", NULL}, /*"3049:1::c0a8:1/128",*/ - {6, "3049:1::8007::2040/128", NULL}, - {6, "3049:1::8007:2040/ffff::0", "3049::/16"}, - {6, "3049:1::8007:2040/64", "3049:1::/64"}, - {6, "3049:1::8007:2040/ffff::", "3049::/16"}, - {6, "3049:1::8007:2040/0000:ffff::0", NULL}, - {6, "3049:1::8007:2040/ff1f::0", NULL}, - {6, "3049:1::8007:x:2040/128", NULL}, - {6, "3049:1t::8007:2040/128", NULL}, - {6, "3049:1::80071:2040/128", NULL}, - {6, "::/21", "::/21"}, - {6, "::1/128", "::1/128"}, - {6, "1::/21", "1::/21"}, - {6, "1::2/128", "1::2/128"}, - {6, "1:0:0:0:0:0:0:2/128", "1::2/128"}, - {6, "1:0:0:0:3:0:0:2/128", "1::3:0:0:2/128"}, - {6, "1:0:0:3:0:0:0:2/128", "1::3:0:0:0:2/128"}, - {6, "1:0:3:0:0:0:0:2/128", "1:0:3::2/128"}, - {6, "abcd:ef01:2345:6789:0:00a:000:20/128", "abcd:ef01:2345:6789:0:a:0:20/128"}, - {6, "3049:1::8007:2040/ffff:ffff:", NULL}, - {6, "3049:1::8007:2040/ffff:88::", NULL}, - {6, "3049:12::9000:3200/ffff:fff0::", "3049:10::/28"}, - {6, "3049:12::9000:3200/28", "3049:10::/28"}, - {6, "3049:12::9000:3200/ff00:::", NULL}, - {6, "3049:12::9000:3200/ffff:::", NULL}, - {6, "3049:12::9000:3200/128_", NULL}, - {6, "3049:12::9000:3200/", NULL}, - {6, "%default", "::/0"}, - {4, NULL, NULL} -}; - -void -regress(void) -{ - struct rtab *r; - int status = 0; - ip_subnet s; - char in[100]; - char buf[100]; - const char *oops; - size_t n; - int af; - - for (r = rtab; r->input != NULL; r++) { - af = (r->family == 4) ? AF_INET : AF_INET6; - strcpy(in, r->input); - oops = ttosubnet(in, 0, af, &s); - if (oops != NULL && r->output == NULL) - {} /* okay, error expected */ - else if (oops != NULL) { - printf("`%s' ttosubnet failed: %s\n", r->input, oops); - status = 1; - } else if (r->output == NULL) { - printf("`%s' ttosubnet succeeded unexpectedly\n", - r->input); - status = 1; - } else { - n = subnettot(&s, 0, buf, sizeof(buf)); - if (n > sizeof(buf)) { - printf("`%s' subnettot failed: need %ld\n", - r->input, (long)n); - status = 1; - } else if (strcmp(r->output, buf) != 0) { - printf("`%s' gave `%s', expected `%s'\n", - r->input, buf, r->output); - status = 1; - } - } - } - exit(status); -} - -#endif /* TTOSUBNET_MAIN */ diff --git a/src/libfreeswan/ttoul.3 b/src/libfreeswan/ttoul.3 deleted file mode 100644 index ffd9fb38a..000000000 --- a/src/libfreeswan/ttoul.3 +++ /dev/null @@ -1,191 +0,0 @@ -.TH IPSEC_TTOUL 3 "16 Aug 2000" -.SH NAME -ipsec ttoul, ultot \- convert unsigned-long numbers to and from text -.SH SYNOPSIS -.B "#include <freeswan.h> -.sp -.B "const char *ttoul(const char *src, size_t srclen," -.ti +1c -.B "int base, unsigned long *n);" -.br -.B "size_t ultot(unsigned long n, int format, char *dst," -.ti +1c -.B "size_t dstlen);" -.SH DESCRIPTION -.I Ttoul -converts a text-string number into a binary -.B "unsigned long" -value. -.I Ultot -does the reverse conversion, back to a text version. -.PP -Numbers are specified in text as -decimal (e.g. -.BR 123 ), -octal with a leading zero (e.g. -.BR 012 , -which has value 10), -or hexadecimal with a leading -.B 0x -(e.g. -.BR 0x1f , -which has value 31) -in either upper or lower case. -.PP -The -.I srclen -parameter of -.I ttoul -specifies the length of the string pointed to by -.IR src ; -it is an error for there to be anything else -(e.g., a terminating NUL) within that length. -As a convenience for cases where an entire NUL-terminated string is -to be converted, -a -.I srclen -value of -.B 0 -is taken to mean -.BR strlen(src) . -.PP -The -.I base -parameter of -.I ttoul -can be -.BR 8 , -.BR 10 , -or -.BR 16 , -in which case the number supplied is assumed to be of that form -(and in the case of -.BR 16 , -to lack any -.B 0x -prefix). -It can also be -.BR 0 , -in which case the number is examined for a leading zero -or a leading -.B 0x -to determine its base. -.PP -The -.I dstlen -parameter of -.I ultot -specifies the size of the -.I dst -parameter; -under no circumstances are more than -.I dstlen -bytes written to -.IR dst . -A result which will not fit is truncated. -.I Dstlen -can be zero, in which case -.I dst -need not be valid and no result is written, -but the return value is unaffected; -in all other cases, the (possibly truncated) result is NUL-terminated. -The -.I freeswan.h -header file defines a constant, -.BR ULTOT_BUF , -which is the size of a buffer just large enough for worst-case results. -.PP -The -.I format -parameter of -.I ultot -must be one of: -.RS -.IP \fB'o'\fR 4 -octal conversion with leading -.B 0 -.IP \fB\ 8\fR -octal conversion with no leading -.B 0 -.IP \fB'd'\fR -decimal conversion -.IP \fB10\fR -same as -.B d -.IP \fB'x'\fR -hexadecimal conversion, including leading -.B 0x -.IP \fB16\fR -hexadecimal conversion with no leading -.B 0x -.IP \fB17\fR -like -.B 16 -except padded on left with -.BR 0 s -to eight digits (full width of a 32-bit number) -.RE -.PP -.I Ttoul -returns NULL for success and -a pointer to a string-literal error message for failure; -see DIAGNOSTICS. -.I Ultot -returns -.B 0 -for a failure, and otherwise -returns the size of buffer which would -be needed to -accommodate the full conversion result, including terminating NUL -(it is the caller's responsibility to check this against the size of -the provided buffer to determine whether truncation has occurred). -.SH SEE ALSO -atol(3), strtoul(3) -.SH DIAGNOSTICS -Fatal errors in -.I ttoul -are: -empty input; -unknown -.IR base ; -non-digit character found; -number too large for an -.BR "unsigned long" . -.PP -Fatal errors in -.I ultot -are: -unknown -.IR format . -.SH HISTORY -Written for the FreeS/WAN project by Henry Spencer. -.SH BUGS -Conversion of -.B 0 -with format -.B o -yields -.BR 00 . -.PP -.I Ultot -format -.B 17 -is a bit of a kludge. -.PP -The restriction of error reports to literal strings -(so that callers don't need to worry about freeing them or copying them) -does limit the precision of error reporting. -.PP -The error-reporting convention lends itself to slightly obscure code, -because many readers will not think of NULL as signifying success. -A good way to make it clearer is to write something like: -.PP -.RS -.nf -.B "const char *error;" -.sp -.B "error = ttoul( /* ... */ );" -.B "if (error != NULL) {" -.B " /* something went wrong */" -.fi -.RE diff --git a/src/libfreeswan/ttoul.c b/src/libfreeswan/ttoul.c deleted file mode 100644 index 7524789c4..000000000 --- a/src/libfreeswan/ttoul.c +++ /dev/null @@ -1,89 +0,0 @@ -/* - * convert from text form of unsigned long to binary - * Copyright (C) 2000 Henry Spencer. - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - */ -#include "internal.h" -#include "freeswan.h" - -/* - - ttoul - convert text substring to unsigned long number - */ -const char * /* NULL for success, else string literal */ -ttoul(src, srclen, base, resultp) -const char *src; -size_t srclen; /* 0 means strlen(src) */ -int base; /* 0 means figure it out */ -unsigned long *resultp; -{ - const char *stop; - static char hex[] = "0123456789abcdef"; - static char uchex[] = "0123456789ABCDEF"; - int d; - char c; - char *p; - unsigned long r; - unsigned long rlimit; - int dlimit; - - if (srclen == 0) - srclen = strlen(src); - if (srclen == 0) - return "empty string"; - - if (base == 0) { - if (srclen > 2 && *src == '0' && - (*(src+1) == 'x' || *(src+1) == 'X')) - return ttoul(src+2, srclen-2, 16, resultp); - if (srclen > 1 && *src == '0') - return ttoul(src+1, srclen-1, 8, resultp); - return ttoul(src, srclen, 10, resultp); - } - if (base != 8 && base != 10 && base != 16) - return "unsupported number base"; - - r = 0; - stop = src + srclen; - if (base == 16) { - while (src < stop) { - c = *src++; - p = strchr(hex, c); - if (p != NULL) - d = p - hex; - else { - p = strchr(uchex, c); - if (p == NULL) - return "non-hex digit in hex number"; - d = p - uchex; - } - r = (r << 4) | d; - } - /* defer length check to catch invalid digits first */ - if (srclen > sizeof(unsigned long) * 2) - return "hex number too long"; - } else { - rlimit = ULONG_MAX / base; - dlimit = (int)(ULONG_MAX - rlimit*base); - while (src < stop) { - c = *src++; - d = c - '0'; - if (d < 0 || d >= base) - return "non-digit in number"; - if (r > rlimit || (r == rlimit && d > dlimit)) - return "unsigned-long overflow"; - r = r*base + d; - } - } - - *resultp = r; - return NULL; -} diff --git a/src/libfreeswan/ultoa.c b/src/libfreeswan/ultoa.c deleted file mode 100644 index 16ddd2c1e..000000000 --- a/src/libfreeswan/ultoa.c +++ /dev/null @@ -1,65 +0,0 @@ -/* - * convert unsigned long to ASCII - * Copyright (C) 1998, 1999 Henry Spencer. - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - */ -#include "internal.h" -#include "freeswan.h" - -/* - - ultoa - convert unsigned long to decimal ASCII - */ -size_t /* length required for full conversion */ -ultoa(n, base, dst, dstlen) -unsigned long n; -int base; -char *dst; /* need not be valid if dstlen is 0 */ -size_t dstlen; -{ - char buf[3*sizeof(unsigned long) + 1]; - char *bufend = buf + sizeof(buf); - size_t len; - char *p; - static char hex[] = "0123456789abcdef"; - - p = bufend; - *--p = '\0'; - if (base == 10) { - do { - *--p = n%10 + '0'; - n /= 10; - } while (n != 0); - } else if (base == 16) { - do { - *--p = hex[n&0xf]; - n >>= 4; - } while (n != 0); - *--p = 'x'; - *--p = '0'; - } else if (base == 8) { - do { - *--p = (n&07) + '0'; - n >>= 3; - } while (n != 0); - *--p = '0'; - } else - *--p = '?'; - - len = bufend - p; - - if (dstlen > 0) { - if (len > dstlen) - *(p + dstlen - 1) = '\0'; - strcpy(dst, p); - } - return len; -} diff --git a/src/libfreeswan/ultot.c b/src/libfreeswan/ultot.c deleted file mode 100644 index 6685f8f7c..000000000 --- a/src/libfreeswan/ultot.c +++ /dev/null @@ -1,81 +0,0 @@ -/* - * convert unsigned long to text - * Copyright (C) 2000 Henry Spencer. - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - */ -#include "internal.h" -#include "freeswan.h" - -/* - - ultot - convert unsigned long to text - */ -size_t /* length required for full conversion */ -ultot(n, base, dst, dstlen) -unsigned long n; -int base; -char *dst; /* need not be valid if dstlen is 0 */ -size_t dstlen; -{ - char buf[3*sizeof(unsigned long) + 1]; - char *bufend = buf + sizeof(buf); - size_t len; - char *p; - static char hex[] = "0123456789abcdef"; -# define HEX32 (32/4) - - p = bufend; - *--p = '\0'; - switch (base) { - case 10: - case 'd': - do { - *--p = n%10 + '0'; - n /= 10; - } while (n != 0); - break; - case 16: - case 17: - case 'x': - do { - *--p = hex[n&0xf]; - n >>= 4; - } while (n != 0); - if (base == 17) - while (bufend - p < HEX32 + 1) - *--p = '0'; - if (base == 'x') { - *--p = 'x'; - *--p = '0'; - } - break; - case 8: - case 'o': - do { - *--p = (n&07) + '0'; - n >>= 3; - } while (n != 0); - if (base == 'o') - *--p = '0'; - break; - default: - return 0; - break; - } - - len = bufend - p; - if (dstlen > 0) { - if (len > dstlen) - *(p + dstlen - 1) = '\0'; - strcpy(dst, p); - } - return len; -} |