1c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh/* $NetBSD: handler.c,v 1.9.6.8 2009/04/20 13:25:27 tteras Exp $ */ 20a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 30a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* Id: handler.c,v 1.28 2006/05/26 12:17:29 manubsd Exp */ 40a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 50a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* 60a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 70a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * All rights reserved. 8c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh * 90a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * Redistribution and use in source and binary forms, with or without 100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * modification, are permitted provided that the following conditions 110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * are met: 120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 1. Redistributions of source code must retain the above copyright 130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * notice, this list of conditions and the following disclaimer. 140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 2. Redistributions in binary form must reproduce the above copyright 150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * notice, this list of conditions and the following disclaimer in the 160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * documentation and/or other materials provided with the distribution. 170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 3. Neither the name of the project nor the names of its contributors 180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * may be used to endorse or promote products derived from this software 190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * without specific prior written permission. 20c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh * 210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * SUCH DAMAGE. 320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "config.h" 350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <sys/types.h> 370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <sys/param.h> 380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <sys/socket.h> 390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <stdlib.h> 410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <stdio.h> 420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <string.h> 430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <time.h> 440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <errno.h> 450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "var.h" 470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "misc.h" 480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "vmbuf.h" 490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "plog.h" 500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "sockmisc.h" 510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "debug.h" 520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef ENABLE_HYBRID 540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <resolv.h> 550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "schedule.h" 580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "grabmyaddr.h" 590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "algorithm.h" 600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "crypto_openssl.h" 610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "policy.h" 620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "proposal.h" 630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "isakmp_var.h" 640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "evt.h" 650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "isakmp.h" 660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef ENABLE_HYBRID 67c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh#include "isakmp_xauth.h" 680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "isakmp_cfg.h" 690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "isakmp_inf.h" 710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "oakley.h" 720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "remoteconf.h" 730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "localconf.h" 740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "handler.h" 750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "gcmalloc.h" 760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "nattraversal.h" 770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "sainfo.h" 790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef HAVE_GSSAPI 810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "gssapi.h" 820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic LIST_HEAD(_ph1tree_, ph1handle) ph1tree; 850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic LIST_HEAD(_ph2tree_, ph2handle) ph2tree; 860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic LIST_HEAD(_ctdtree_, contacted) ctdtree; 870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic LIST_HEAD(_rcptree_, recvdpkt) rcptree; 880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic void del_recvdpkt __P((struct recvdpkt *)); 900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic void rem_recvdpkt __P((struct recvdpkt *)); 91c91307af2622f6625525f3c1f9c954376df950adChia-chi Yehstatic void sweep_recvdpkt __P((void *)); 920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* 940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * functions about management of the isakmp status table 950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* %%% management phase 1 handler */ 970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* 980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * search for isakmpsa handler with isakmp index. 990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 1000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangextern caddr_t val2str(const char *, size_t); 1020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstruct ph1handle * 1040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wanggetph1byindex(index) 1050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_index *index; 1060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 1070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *p; 1080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang LIST_FOREACH(p, &ph1tree, chain) { 110c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if (p->status == PHASE1ST_EXPIRED) 1110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang continue; 1120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (memcmp(&p->index, index, sizeof(*index)) == 0) 1130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return p; 1140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 1150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return NULL; 1170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 1180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* 1210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * search for isakmp handler by i_ck in index. 1220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 1230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstruct ph1handle * 1240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wanggetph1byindex0(index) 1250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_index *index; 1260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 1270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *p; 1280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang LIST_FOREACH(p, &ph1tree, chain) { 130c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if (p->status == PHASE1ST_EXPIRED) 1310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang continue; 1320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (memcmp(&p->index, index, sizeof(cookie_t)) == 0) 1330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return p; 1340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 1350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return NULL; 1370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 1380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* 1400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * search for isakmpsa handler by source and remote address. 1410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * don't use port number to search because this function search 1420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * with phase 2's destinaion. 1430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 1440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstruct ph1handle * 145c91307af2622f6625525f3c1f9c954376df950adChia-chi Yehgetph1byaddr(local, remote, established) 1460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct sockaddr *local, *remote; 147c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh int established; 1480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 1490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *p; 1500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 151c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh plog(LLV_DEBUG2, LOCATION, NULL, "getph1byaddr: start\n"); 1520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_DEBUG2, LOCATION, NULL, "local: %s\n", saddr2str(local)); 1530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_DEBUG2, LOCATION, NULL, "remote: %s\n", saddr2str(remote)); 1540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang LIST_FOREACH(p, &ph1tree, chain) { 156c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if (p->status == PHASE1ST_EXPIRED) 1570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang continue; 1580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_DEBUG2, LOCATION, NULL, "p->local: %s\n", saddr2str(p->local)); 1590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_DEBUG2, LOCATION, NULL, "p->remote: %s\n", saddr2str(p->remote)); 1600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 161c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if(established && p->status != PHASE1ST_ESTABLISHED){ 162c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh plog(LLV_DEBUG2, LOCATION, NULL, "status %d, skipping\n", p->status); 1630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang continue; 1640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 165c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if (CMPSADDR(local, p->local) == 0 166c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh && CMPSADDR(remote, p->remote) == 0){ 167c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh plog(LLV_DEBUG2, LOCATION, NULL, "matched\n"); 168c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh return p; 1690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 1700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 1710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_DEBUG2, LOCATION, NULL, "no match\n"); 1730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return NULL; 1750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 1760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 177c91307af2622f6625525f3c1f9c954376df950adChia-chi Yehstruct ph1handle * 178c91307af2622f6625525f3c1f9c954376df950adChia-chi Yehgetph1byaddrwop(local, remote) 179c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh struct sockaddr *local, *remote; 180f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh{ 181c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh struct ph1handle *p; 182f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh 183c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh LIST_FOREACH(p, &ph1tree, chain) { 184c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if (p->status == PHASE1ST_EXPIRED) 185f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh continue; 186c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if (cmpsaddrwop(local, p->local) == 0 187c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh && cmpsaddrwop(remote, p->remote) == 0) 188c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh return p; 189f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh } 190c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 191c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh return NULL; 192f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh} 193f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh 194f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh/* 195c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh * search for isakmpsa handler by remote address. 196c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh * don't use port number to search because this function search 197c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh * with phase 2's destinaion. 198f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh */ 199c91307af2622f6625525f3c1f9c954376df950adChia-chi Yehstruct ph1handle * 200c91307af2622f6625525f3c1f9c954376df950adChia-chi Yehgetph1bydstaddrwop(remote) 201c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh struct sockaddr *remote; 2020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 2030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *p; 2040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang LIST_FOREACH(p, &ph1tree, chain) { 206c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if (p->status == PHASE1ST_EXPIRED) 2070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang continue; 208c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if (cmpsaddrwop(remote, p->remote) == 0) 209c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh return p; 210f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh } 2110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 212c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh return NULL; 213c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh} 214f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh 2150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* 2160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * dump isakmp-sa 2170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 2180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangvchar_t * 2190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangdumpph1() 2200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 2210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *iph1; 2220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1dump *pd; 2230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int cnt = 0; 2240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *buf; 2250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* get length of buffer */ 2270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang LIST_FOREACH(iph1, &ph1tree, chain) 2280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang cnt++; 2290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang buf = vmalloc(cnt * sizeof(struct ph1dump)); 2310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (buf == NULL) { 2320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 2330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "failed to get buffer\n"); 2340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return NULL; 2350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 2360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang pd = (struct ph1dump *)buf->v; 2370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang LIST_FOREACH(iph1, &ph1tree, chain) { 2390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang memcpy(&pd->index, &iph1->index, sizeof(iph1->index)); 2400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang pd->status = iph1->status; 2410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang pd->side = iph1->side; 2420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang memcpy(&pd->remote, iph1->remote, sysdep_sa_len(iph1->remote)); 2430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang memcpy(&pd->local, iph1->local, sysdep_sa_len(iph1->local)); 2440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang pd->version = iph1->version; 2450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang pd->etype = iph1->etype; 2460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang pd->created = iph1->created; 2470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang pd->ph2cnt = iph1->ph2cnt; 2480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang pd++; 2490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 2500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return buf; 2520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 2530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* 2550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * create new isakmp Phase 1 status record to handle isakmp in Phase1 2560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 2570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstruct ph1handle * 2580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangnewph1() 2590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 2600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *iph1; 2610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* create new iph1 */ 2630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1 = racoon_calloc(1, sizeof(*iph1)); 2640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (iph1 == NULL) 2650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return NULL; 2660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->status = PHASE1ST_SPAWN; 2680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef ENABLE_DPD 2700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->dpd_support = 0; 271c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh iph1->dpd_lastack = 0; 2720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->dpd_seq = 0; 2730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->dpd_fails = 0; 274c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh iph1->dpd_r_u = NULL; 2750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 2760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return iph1; 2780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 2790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* 2810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * delete new isakmp Phase 1 status record to handle isakmp in Phase1 2820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 2830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangvoid 2840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangdelph1(iph1) 2850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *iph1; 2860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 2870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (iph1 == NULL) 2880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return; 2890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* SA down shell script hook */ 2910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang script_hook(iph1, SCRIPT_PHASE1_DOWN); 292c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 293c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh EVT_PUSH(iph1->local, iph1->remote, EVTT_PHASE1_DOWN, NULL); 2940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef ENABLE_NATT 2960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (iph1->natt_flags & NAT_KA_QUEUED) 2970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang natt_keepalive_remove (iph1->local, iph1->remote); 2980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (iph1->natt_options) { 3000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang racoon_free(iph1->natt_options); 3010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->natt_options = NULL; 3020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 3030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 3040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef ENABLE_HYBRID 3060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (iph1->mode_cfg) 3070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_rmstate(iph1); 3080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 3090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef ENABLE_DPD 311c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh SCHED_KILL(iph1->dpd_r_u); 3120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 3130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (iph1->remote) { 3150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang racoon_free(iph1->remote); 3160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->remote = NULL; 3170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 3180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (iph1->local) { 3190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang racoon_free(iph1->local); 3200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->local = NULL; 3210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 3220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (iph1->approval) { 3230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang delisakmpsa(iph1->approval); 3240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->approval = NULL; 3250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 3260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang VPTRINIT(iph1->authstr); 328c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 329c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh sched_scrub_param(iph1); 330c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh iph1->sce = NULL; 331c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh iph1->scr = NULL; 332c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 3330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang VPTRINIT(iph1->sendbuf); 334c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 3350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang VPTRINIT(iph1->dhpriv); 3360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang VPTRINIT(iph1->dhpub); 3370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang VPTRINIT(iph1->dhpub_p); 3380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang VPTRINIT(iph1->dhgxy); 3390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang VPTRINIT(iph1->nonce); 3400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang VPTRINIT(iph1->nonce_p); 3410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang VPTRINIT(iph1->skeyid); 3420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang VPTRINIT(iph1->skeyid_d); 3430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang VPTRINIT(iph1->skeyid_a); 3440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang VPTRINIT(iph1->skeyid_e); 3450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang VPTRINIT(iph1->key); 3460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang VPTRINIT(iph1->hash); 3470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang VPTRINIT(iph1->sig); 3480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang VPTRINIT(iph1->sig_p); 349c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh oakley_delcert(iph1->cert); 350c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh iph1->cert = NULL; 351c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh oakley_delcert(iph1->cert_p); 352c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh iph1->cert_p = NULL; 353c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh oakley_delcert(iph1->crl_p); 354c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh iph1->crl_p = NULL; 355c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh oakley_delcert(iph1->cr_p); 356c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh iph1->cr_p = NULL; 3570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang VPTRINIT(iph1->id); 3580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang VPTRINIT(iph1->id_p); 3590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if(iph1->approval != NULL) 3610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang delisakmpsa(iph1->approval); 3620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (iph1->ivm) { 3640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang oakley_delivm(iph1->ivm); 3650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->ivm = NULL; 3660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 3670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang VPTRINIT(iph1->sa); 3690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang VPTRINIT(iph1->sa_ret); 3700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef HAVE_GSSAPI 3720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang VPTRINIT(iph1->gi_i); 3730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang VPTRINIT(iph1->gi_r); 3740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gssapi_free_state(iph1); 3760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 3770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang racoon_free(iph1); 3790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 3800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* 3820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * create new isakmp Phase 1 status record to handle isakmp in Phase1 3830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 3840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint 3850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wanginsph1(iph1) 3860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *iph1; 3870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 3880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* validity check */ 3890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (iph1->remote == NULL) { 3900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 3910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "invalid isakmp SA handler. no remote address.\n"); 3920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 3930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 3940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang LIST_INSERT_HEAD(&ph1tree, iph1, chain); 3950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 3970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 3980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangvoid 4000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangremph1(iph1) 4010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *iph1; 4020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 4030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang LIST_REMOVE(iph1, chain); 4040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 4050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* 4070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * flush isakmp-sa 4080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 4090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangvoid 4100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangflushph1() 4110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 4120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *p, *next; 4130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang for (p = LIST_FIRST(&ph1tree); p; p = next) { 4150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang next = LIST_NEXT(p, chain); 4160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* send delete information */ 418c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if (p->status == PHASE1ST_ESTABLISHED) 4190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_info_send_d1(p); 4200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang remph1(p); 4220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang delph1(p); 4230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 4240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 4250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangvoid 4270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wanginitph1tree() 4280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 4290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang LIST_INIT(&ph1tree); 4300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 4310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* %%% management phase 2 handler */ 433c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh/* 434c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh * search ph2handle with policy id. 435c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh */ 436c91307af2622f6625525f3c1f9c954376df950adChia-chi Yehstruct ph2handle * 437c91307af2622f6625525f3c1f9c954376df950adChia-chi Yehgetph2byspid(spid) 438c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh u_int32_t spid; 4390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 4400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph2handle *p; 4410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang LIST_FOREACH(p, &ph2tree, chain) { 443c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh /* 444c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh * there are ph2handle independent on policy 445c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh * such like informational exchange. 446c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh */ 447c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if (p->spid == spid) 448c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh return p; 4490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 4500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 451c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh return NULL; 4520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 4530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* 4550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * search ph2handle with sequence number. 4560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 4570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstruct ph2handle * 4580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wanggetph2byseq(seq) 4590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang u_int32_t seq; 4600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 4610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph2handle *p; 4620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang LIST_FOREACH(p, &ph2tree, chain) { 4640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (p->seq == seq) 4650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return p; 4660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 4670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return NULL; 4690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 4700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* 4720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * search ph2handle with message id. 4730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 4740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstruct ph2handle * 4750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wanggetph2bymsgid(iph1, msgid) 4760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *iph1; 4770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang u_int32_t msgid; 4780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 4790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph2handle *p; 4800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 481c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh LIST_FOREACH(p, &ph2tree, chain) { 4821c71527b277e2dc256262da2ed2169c566c5bf4dChia-chi Yeh if (p->msgid == msgid && p->ph1 == iph1) 4830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return p; 4840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 4850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return NULL; 4870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 4880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstruct ph2handle * 4900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wanggetph2byid(src, dst, spid) 4910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct sockaddr *src, *dst; 4920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang u_int32_t spid; 4930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 4940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph2handle *p; 4950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang LIST_FOREACH(p, &ph2tree, chain) { 4970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (spid == p->spid && 498c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh CMPSADDR(src, p->src) == 0 && 499c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh CMPSADDR(dst, p->dst) == 0){ 5000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* Sanity check to detect zombie handlers 5010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * XXX Sould be done "somewhere" more interesting, 5020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * because we have lots of getph2byxxxx(), but this one 5030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * is called by pk_recvacquire(), so is the most important. 5040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 5050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if(p->status < PHASE2ST_ESTABLISHED && 5060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang p->retry_counter == 0 507c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh && p->sce == NULL && p->scr == NULL){ 5080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_DEBUG, LOCATION, NULL, 5090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Zombie ph2 found, expiring it\n"); 5100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_ph2expire(p); 5110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang }else 5120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return p; 5130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 5140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 5150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return NULL; 5170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 5180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstruct ph2handle * 5200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wanggetph2bysaddr(src, dst) 5210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct sockaddr *src, *dst; 5220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 5230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph2handle *p; 5240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang LIST_FOREACH(p, &ph2tree, chain) { 526c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if (cmpsaddrstrict(src, p->src) == 0 && 527c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh cmpsaddrstrict(dst, p->dst) == 0) 5280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return p; 5290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 5300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return NULL; 5320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 5330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* 5350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * call by pk_recvexpire(). 5360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 5370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstruct ph2handle * 5380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wanggetph2bysaidx(src, dst, proto_id, spi) 5390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct sockaddr *src, *dst; 5400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang u_int proto_id; 5410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang u_int32_t spi; 5420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 5430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph2handle *iph2; 5440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct saproto *pr; 5450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang LIST_FOREACH(iph2, &ph2tree, chain) { 5470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (iph2->proposal == NULL && iph2->approval == NULL) 5480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang continue; 5490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (iph2->approval != NULL) { 5500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang for (pr = iph2->approval->head; pr != NULL; 5510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang pr = pr->next) { 5520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (proto_id != pr->proto_id) 5530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 5540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (spi == pr->spi || spi == pr->spi_p) 5550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return iph2; 5560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 5570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } else if (iph2->proposal != NULL) { 5580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang for (pr = iph2->proposal->head; pr != NULL; 5590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang pr = pr->next) { 5600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (proto_id != pr->proto_id) 5610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 5620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (spi == pr->spi) 5630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return iph2; 5640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 5650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 5660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 5670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return NULL; 5690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 5700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* 5720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * create new isakmp Phase 2 status record to handle isakmp in Phase2 5730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 5740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstruct ph2handle * 5750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangnewph2() 5760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 5770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph2handle *iph2 = NULL; 5780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* create new iph2 */ 5800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph2 = racoon_calloc(1, sizeof(*iph2)); 5810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (iph2 == NULL) 5820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return NULL; 5830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph2->status = PHASE1ST_SPAWN; 5850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return iph2; 5870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 5880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* 5900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * initialize ph2handle 5910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * NOTE: don't initialize src/dst. 5920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * SPI in the proposal is cleared. 5930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 5940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangvoid 5950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wanginitph2(iph2) 5960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph2handle *iph2; 5970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 598c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh sched_scrub_param(iph2); 599c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh iph2->sce = NULL; 600c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh iph2->scr = NULL; 6010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang VPTRINIT(iph2->sendbuf); 6030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang VPTRINIT(iph2->msg1); 6040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* clear spi, keep variables in the proposal */ 6060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (iph2->proposal) { 6070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct saproto *pr; 6080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang for (pr = iph2->proposal->head; pr != NULL; pr = pr->next) 6090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang pr->spi = 0; 6100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 6110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* clear approval */ 6130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (iph2->approval) { 6140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang flushsaprop(iph2->approval); 6150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph2->approval = NULL; 6160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 6170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* clear the generated policy */ 6190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (iph2->spidx_gen) { 6200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang delsp_bothdir((struct policyindex *)iph2->spidx_gen); 6210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang racoon_free(iph2->spidx_gen); 6220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph2->spidx_gen = NULL; 6230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 6240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (iph2->pfsgrp) { 6260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang oakley_dhgrp_free(iph2->pfsgrp); 6270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph2->pfsgrp = NULL; 6280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 6290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang VPTRINIT(iph2->dhpriv); 6310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang VPTRINIT(iph2->dhpub); 6320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang VPTRINIT(iph2->dhpub_p); 6330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang VPTRINIT(iph2->dhgxy); 6340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang VPTRINIT(iph2->id); 6350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang VPTRINIT(iph2->id_p); 6360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang VPTRINIT(iph2->nonce); 6370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang VPTRINIT(iph2->nonce_p); 6380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang VPTRINIT(iph2->sa); 6390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang VPTRINIT(iph2->sa_ret); 6400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (iph2->ivm) { 6420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang oakley_delivm(iph2->ivm); 6430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph2->ivm = NULL; 6440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 6450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 6460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* 6480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * delete new isakmp Phase 2 status record to handle isakmp in Phase2 6490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 6500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangvoid 6510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangdelph2(iph2) 6520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph2handle *iph2; 6530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 6540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang initph2(iph2); 6550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (iph2->src) { 6570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang racoon_free(iph2->src); 6580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph2->src = NULL; 6590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 6600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (iph2->dst) { 6610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang racoon_free(iph2->dst); 6620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph2->dst = NULL; 6630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 664c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if (iph2->src_id) { 665c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh racoon_free(iph2->src_id); 666c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh iph2->src_id = NULL; 6670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 668c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if (iph2->dst_id) { 669c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh racoon_free(iph2->dst_id); 670c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh iph2->dst_id = NULL; 6710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 6720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (iph2->proposal) { 6740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang flushsaprop(iph2->proposal); 6750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph2->proposal = NULL; 6760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 6770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang racoon_free(iph2); 6790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 6800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* 6820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * create new isakmp Phase 2 status record to handle isakmp in Phase2 6830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 6840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint 6850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wanginsph2(iph2) 6860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph2handle *iph2; 6870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 6880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang LIST_INSERT_HEAD(&ph2tree, iph2, chain); 6890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 6910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 6920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangvoid 6940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangremph2(iph2) 6950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph2handle *iph2; 6960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 6970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang LIST_REMOVE(iph2, chain); 6980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 6990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 7000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangvoid 7010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wanginitph2tree() 7020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 7030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang LIST_INIT(&ph2tree); 7040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 7050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 7060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangvoid 7070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangflushph2() 7080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 7090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph2handle *p, *next; 7100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 7110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_DEBUG2, LOCATION, NULL, 7120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "flushing all ph2 handlers...\n"); 7130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 7140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang for (p = LIST_FIRST(&ph2tree); p; p = next) { 7150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang next = LIST_NEXT(p, chain); 7160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 7170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* send delete information */ 7180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (p->status == PHASE2ST_ESTABLISHED){ 7190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_DEBUG2, LOCATION, NULL, 7200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "got a ph2 handler to flush...\n"); 7210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_info_send_d2(p); 7220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang }else{ 7230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_DEBUG2, LOCATION, NULL, 7240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "skipping ph2 handler (state %d)\n", p->status); 7250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 7260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 7270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang delete_spd(p, 0); 728c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh unbindph12(p); 7290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang remph2(p); 7300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang delph2(p); 7310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 7320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 7330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 7340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* 7350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * Delete all Phase 2 handlers for this src/dst/proto. This 7360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * is used during INITIAL-CONTACT processing (so no need to 7370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * send a message to the peer). 7380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 7390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangvoid 7400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangdeleteallph2(src, dst, proto_id) 7410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct sockaddr *src, *dst; 7420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang u_int proto_id; 7430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 7440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph2handle *iph2, *next; 7450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct saproto *pr; 7460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 7470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang for (iph2 = LIST_FIRST(&ph2tree); iph2 != NULL; iph2 = next) { 7480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang next = LIST_NEXT(iph2, chain); 7490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (iph2->proposal == NULL && iph2->approval == NULL) 7500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang continue; 7510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (iph2->approval != NULL) { 7520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang for (pr = iph2->approval->head; pr != NULL; 7530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang pr = pr->next) { 7540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (proto_id == pr->proto_id) 7550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto zap_it; 7560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 7570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } else if (iph2->proposal != NULL) { 7580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang for (pr = iph2->proposal->head; pr != NULL; 7590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang pr = pr->next) { 7600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (proto_id == pr->proto_id) 7610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto zap_it; 7620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 7630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 7640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang continue; 7650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang zap_it: 766c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh unbindph12(iph2); 7670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang remph2(iph2); 7680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang delph2(iph2); 7690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 7700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 7710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 7720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* %%% */ 7730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangvoid 7740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangbindph12(iph1, iph2) 7750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *iph1; 7760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph2handle *iph2; 7770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 7780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph2->ph1 = iph1; 7790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang LIST_INSERT_HEAD(&iph1->ph2tree, iph2, ph1bind); 7800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 7810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 7820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangvoid 7830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangunbindph12(iph2) 7840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph2handle *iph2; 7850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 7860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (iph2->ph1 != NULL) { 787f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh iph2->ph1 = NULL; 788c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh LIST_REMOVE(iph2, ph1bind); 7890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 7900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 7910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 7920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* %%% management contacted list */ 7930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* 7940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * search contacted list. 7950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 7960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstruct contacted * 7970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wanggetcontacted(remote) 7980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct sockaddr *remote; 7990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 8000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct contacted *p; 8010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 8020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang LIST_FOREACH(p, &ctdtree, chain) { 803c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if (cmpsaddrstrict(remote, p->remote) == 0) 8040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return p; 8050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 8060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 8070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return NULL; 8080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 8090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 8100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* 8110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * create new isakmp Phase 2 status record to handle isakmp in Phase2 8120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 8130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint 8140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wanginscontacted(remote) 8150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct sockaddr *remote; 8160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 8170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct contacted *new; 8180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 8190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* create new iph2 */ 8200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang new = racoon_calloc(1, sizeof(*new)); 8210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (new == NULL) 8220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 8230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 8240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang new->remote = dupsaddr(remote); 8250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (new->remote == NULL) { 8260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 8270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "failed to allocate buffer.\n"); 8280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang racoon_free(new); 8290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 8300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 8310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 8320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang LIST_INSERT_HEAD(&ctdtree, new, chain); 8330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 8340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 8350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 8360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 8370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangvoid 8380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wanginitctdtree() 8390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 8400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang LIST_INIT(&ctdtree); 8410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 8420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 8430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* 8440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * check the response has been sent to the peer. when not, simply reply 8450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * the buffered packet to the peer. 8460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * OUT: 8470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 0: the packet is received at the first time. 8480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 1: the packet was processed before. 8490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 2: the packet was processed before, but the address mismatches. 8500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * -1: error happened. 8510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 8520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint 8530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangcheck_recvdpkt(remote, local, rbuf) 8540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct sockaddr *remote, *local; 8550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *rbuf; 8560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 8570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *hash; 8580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct recvdpkt *r; 859c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh time_t t; 8600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int len, s; 8610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 862c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh /* set current time */ 863c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh t = time(NULL); 864c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 8650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang hash = eay_md5_one(rbuf); 8660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (!hash) { 8670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 8680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "failed to allocate buffer.\n"); 8690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 8700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 8710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 8720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang LIST_FOREACH(r, &rcptree, chain) { 8730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (memcmp(hash->v, r->hash->v, r->hash->l) == 0) 8740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 8750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 8760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vfree(hash); 8770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 8780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* this is the first time to receive the packet */ 8790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (r == NULL) 8800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 8810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 8820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* 8830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * the packet was processed before, but the remote address mismatches. 8840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 885c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if (cmpsaddrstrict(remote, r->remote) != 0) 8860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 2; 8870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 8880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* 8890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * it should not check the local address because the packet 8900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * may arrive at other interface. 8910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 8920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 8930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* check the previous time to send */ 894c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if (t - r->time_send < 1) { 8950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_WARNING, LOCATION, NULL, 8960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "the packet retransmitted in a short time from %s\n", 8970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang saddr2str(remote)); 8980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /*XXX should it be error ? */ 8990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 9000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 9010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* select the socket to be sent */ 902c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh s = getsockmyaddr(r->local); 9030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (s == -1) 9040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 9050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 9060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* resend the packet if needed */ 9070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang len = sendfromto(s, r->sendbuf->v, r->sendbuf->l, 9080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang r->local, r->remote, lcconf->count_persend); 9090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (len == -1) { 9100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, "sendfromto failed\n"); 9110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 9120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 9130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 9140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* check the retry counter */ 9150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang r->retry_counter--; 9160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (r->retry_counter <= 0) { 9170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang rem_recvdpkt(r); 9180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang del_recvdpkt(r); 9190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_DEBUG, LOCATION, NULL, 9200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "deleted the retransmission packet to %s.\n", 9210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang saddr2str(remote)); 9220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } else 923c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh r->time_send = t; 9240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 9250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 1; 9260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 9270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 9280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* 9290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * adding a hash of received packet into the received list. 9300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 9310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint 9320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangadd_recvdpkt(remote, local, sbuf, rbuf) 9330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct sockaddr *remote, *local; 9340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *sbuf, *rbuf; 9350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 9360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct recvdpkt *new = NULL; 9370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 9380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (lcconf->retry_counter == 0) { 9390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* no need to add it */ 9400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 9410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 9420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 9430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang new = racoon_calloc(1, sizeof(*new)); 9440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (!new) { 9450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 9460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "failed to allocate buffer.\n"); 9470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 9480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 9490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 9500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang new->hash = eay_md5_one(rbuf); 9510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (!new->hash) { 9520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 9530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "failed to allocate buffer.\n"); 9540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang del_recvdpkt(new); 9550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 9560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 9570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang new->remote = dupsaddr(remote); 9580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (new->remote == NULL) { 9590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 9600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "failed to allocate buffer.\n"); 9610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang del_recvdpkt(new); 9620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 9630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 9640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang new->local = dupsaddr(local); 9650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (new->local == NULL) { 9660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 9670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "failed to allocate buffer.\n"); 9680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang del_recvdpkt(new); 9690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 9700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 9710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang new->sendbuf = vdup(sbuf); 9720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (new->sendbuf == NULL) { 9730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 9740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "failed to allocate buffer.\n"); 9750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang del_recvdpkt(new); 9760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 9770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 9780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 9790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang new->retry_counter = lcconf->retry_counter; 980c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh new->time_send = 0; 981c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh new->created = time(NULL); 9820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 9830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang LIST_INSERT_HEAD(&rcptree, new, chain); 9840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 9850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 9860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 9870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 9880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangvoid 9890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangdel_recvdpkt(r) 9900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct recvdpkt *r; 9910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 9920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (r->remote) 9930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang racoon_free(r->remote); 9940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (r->local) 9950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang racoon_free(r->local); 9960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (r->hash) 9970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vfree(r->hash); 9980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (r->sendbuf) 9990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vfree(r->sendbuf); 10000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang racoon_free(r); 10010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 10020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 10030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangvoid 10040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangrem_recvdpkt(r) 10050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct recvdpkt *r; 10060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 10070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang LIST_REMOVE(r, chain); 10080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 10090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1010c91307af2622f6625525f3c1f9c954376df950adChia-chi Yehvoid 10110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangsweep_recvdpkt(dummy) 1012c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh void *dummy; 10130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 10140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct recvdpkt *r, *next; 1015c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh time_t t, lt; 10160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1017c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh /* set current time */ 1018c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh t = time(NULL); 10190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1020c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh /* set the lifetime of the retransmission */ 1021c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh lt = lcconf->retry_counter * lcconf->retry_interval; 10220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 10230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang for (r = LIST_FIRST(&rcptree); r; r = next) { 10240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang next = LIST_NEXT(r, chain); 10250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1026c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if (t - r->created > lt) { 10270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang rem_recvdpkt(r); 10280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang del_recvdpkt(r); 10290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 10300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 10310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1032c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh sched_new(lt, sweep_recvdpkt, NULL); 10330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 10340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 10350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangvoid 10360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wanginit_recvdpkt() 10370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 10380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang time_t lt = lcconf->retry_counter * lcconf->retry_interval; 10390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 10400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang LIST_INIT(&rcptree); 10410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1042c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh sched_new(lt, sweep_recvdpkt, NULL); 10430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 10440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 10450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef ENABLE_HYBRID 1046c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh/* 10470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * Retruns 0 if the address was obtained by ISAKMP mode config, 1 otherwise 10480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * This should be in isakmp_cfg.c but ph1tree being private, it must be there 10490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 10500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint 10510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangexclude_cfg_addr(addr) 10520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang const struct sockaddr *addr; 10530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 10540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *p; 10550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct sockaddr_in *sin; 10560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 10570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang LIST_FOREACH(p, &ph1tree, chain) { 10580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((p->mode_cfg != NULL) && 10590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang (p->mode_cfg->flags & ISAKMP_CFG_GOT_ADDR4) && 10600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang (addr->sa_family == AF_INET)) { 10610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang sin = (struct sockaddr_in *)addr; 10620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (sin->sin_addr.s_addr == p->mode_cfg->addr4.s_addr) 10630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 10640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 10650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 10660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 10670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 1; 10680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 10690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 10700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 10710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 10720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1073c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh/* 10740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * Reload conf code 10750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 10760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic int revalidate_ph2(struct ph2handle *iph2){ 10770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct sainfoalg *alg; 10780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int found, check_level; 10790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct sainfo *sainfo; 10800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct saprop *approval; 10810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *iph1; 10820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1083c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh /* 10840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * Get the new sainfo using values of the old one 10850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 10860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (iph2->sainfo != NULL) { 1087c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh iph2->sainfo = getsainfo(iph2->sainfo->idsrc, 10880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph2->sainfo->iddst, iph2->sainfo->id_i, 1089c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh iph2->sainfo->remoteid); 10900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 10910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang approval = iph2->approval; 10920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang sainfo = iph2->sainfo; 10930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 10940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (sainfo == NULL) { 1095c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh /* 10960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * Sainfo has been removed 10970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 10980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_DEBUG, LOCATION, NULL, 10990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Reload: No sainfo for ph2\n"); 11000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 11010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 11020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 11030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (approval == NULL) { 11040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* 11050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * XXX why do we have a NULL approval sometimes ??? 11060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 11070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_DEBUG, LOCATION, NULL, 11080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "No approval found !\n"); 11090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 1110c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh } 11110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 11120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* 11130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * Don't care about proposals, should we do something ? 11140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * We have to keep iph2->proposal valid at least for initiator, 11150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * for pk_sendgetspi() 11160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 11170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 11180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_DEBUG, LOCATION, NULL, "active single bundle:\n"); 11190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang printsaprop0(LLV_DEBUG, approval); 11200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 11210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* 11220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * Validate approval against sainfo 11230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * Note: we must have an updated ph1->rmconf before doing that, 11240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * we'll set check_level to EXACT if we don't have a ph1 11250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * XXX try tu find the new remote section to get the new check level ? 11260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * XXX lifebyte 11270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 11280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (iph2->ph1 != NULL) 11290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1=iph2->ph1; 11300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang else 11310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1=getph1byaddr(iph2->src, iph2->dst, 0); 11320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 11330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if(iph1 != NULL && iph1->rmconf != NULL) { 11340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang check_level = iph1->rmconf->pcheck_level; 11350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } else { 11360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if(iph1 != NULL) 11370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_DEBUG, LOCATION, NULL, "No phase1 rmconf found !\n"); 11380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang else 11390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_DEBUG, LOCATION, NULL, "No phase1 found !\n"); 11400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang check_level = PROP_CHECK_EXACT; 11410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 11420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 11430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang switch (check_level) { 11440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case PROP_CHECK_OBEY: 11450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_DEBUG, LOCATION, NULL, 11460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Reload: OBEY for ph2, ok\n"); 11470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 1; 11480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 11490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 11500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case PROP_CHECK_STRICT: 11510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* FALLTHROUGH */ 11520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case PROP_CHECK_CLAIM: 11530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (sainfo->lifetime < approval->lifetime) { 11540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_DEBUG, LOCATION, NULL, 11550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Reload: lifetime mismatch\n"); 11560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 11570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 11580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 11590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#if 0 11600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* Lifebyte is deprecated, just ignore it 11610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 11620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (sainfo->lifebyte < approval->lifebyte) { 11630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_DEBUG, LOCATION, NULL, 11640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Reload: lifebyte mismatch\n"); 11650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 11660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 11670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 11680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 11690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (sainfo->pfs_group && 11700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang sainfo->pfs_group != approval->pfs_group) { 11710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_DEBUG, LOCATION, NULL, 11720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Reload: PFS group mismatch\n"); 11730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 11740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 11750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 11760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 11770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case PROP_CHECK_EXACT: 11780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (sainfo->lifetime != approval->lifetime || 11790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#if 0 11800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* Lifebyte is deprecated, just ignore it 11810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 11820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang sainfo->lifebyte != approval->lifebyte || 11830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 11840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang sainfo->pfs_group != iph2->approval->pfs_group) { 11850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_DEBUG, LOCATION, NULL, 11860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Reload: lifetime | pfs mismatch\n"); 11870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 11880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 11890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 11900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 11910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang default: 11920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_DEBUG, LOCATION, NULL, 11930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Reload: Shouldn't be here !\n"); 11940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 11950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 11960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 11970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 11980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang for (alg = sainfo->algs[algclass_ipsec_auth]; alg; alg = alg->next) { 11990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (alg->alg == approval->head->head->authtype) 12000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 12010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 12020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (alg == NULL) { 12030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_DEBUG, LOCATION, NULL, 12040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Reload: alg == NULL (auth)\n"); 12050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 12060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 12070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 12080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang found = 0; 1209c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh for (alg = sainfo->algs[algclass_ipsec_enc]; 12100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang (found == 0 && alg != NULL); alg = alg->next) { 12110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_DEBUG, LOCATION, NULL, 12120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Reload: next ph2 enc alg...\n"); 12130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 12140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (alg->alg != approval->head->head->trns_id){ 12150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_DEBUG, LOCATION, NULL, 12160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Reload: encmode mismatch (%d / %d)\n", 12170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang alg->alg, approval->head->head->trns_id); 12180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang continue; 12190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 12200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 12210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang switch (check_level){ 12220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* PROP_CHECK_STRICT cannot happen here */ 12230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case PROP_CHECK_EXACT: 12240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (alg->encklen != approval->head->head->encklen) { 12250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_DEBUG, LOCATION, NULL, 12260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Reload: enclen mismatch\n"); 12270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang continue; 12280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 12290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 12300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 12310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case PROP_CHECK_CLAIM: 12320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* FALLTHROUGH */ 12330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case PROP_CHECK_STRICT: 12340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (alg->encklen > approval->head->head->encklen) { 12350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_DEBUG, LOCATION, NULL, 12360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Reload: enclen mismatch\n"); 12370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang continue; 12380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 12390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 12400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 12410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang default: 1242c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh plog(LLV_ERROR, LOCATION, NULL, 12430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "unexpected check_level\n"); 12440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang continue; 12450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 12460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 12470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang found = 1; 12480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 12490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 12500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (!found){ 12510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_DEBUG, LOCATION, NULL, 12520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Reload: No valid enc\n"); 12530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 12540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 12550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 12560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* 12570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * XXX comp 12580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 12590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_DEBUG, LOCATION, NULL, 12600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Reload: ph2 check ok\n"); 12610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 12620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 1; 12630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 12640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 12650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1266c91307af2622f6625525f3c1f9c954376df950adChia-chi Yehstatic void 12670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangremove_ph2(struct ph2handle *iph2) 12680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 12690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang u_int32_t spis[2]; 12700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 12710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if(iph2 == NULL) 12720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return; 12730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 12740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_DEBUG, LOCATION, NULL, 12750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Deleting a Ph2...\n"); 12760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 12770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (iph2->status == PHASE2ST_ESTABLISHED) 12780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_info_send_d2(iph2); 12790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 12800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if(iph2->approval != NULL && iph2->approval->head != NULL){ 12810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang spis[0]=iph2->approval->head->spi; 12820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang spis[1]=iph2->approval->head->spi_p; 12830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 12840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* purge_ipsec_spi() will do all the work: 12850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * - delete SPIs in kernel 12860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * - delete generated SPD 12870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * - unbind / rem / del ph2 12880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 12890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang purge_ipsec_spi(iph2->dst, iph2->approval->head->proto_id, 12900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang spis, 2); 12910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang }else{ 1292c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh unbindph12(iph2); 12930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang remph2(iph2); 12940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang delph2(iph2); 12950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 12960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 12970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 12980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic void remove_ph1(struct ph1handle *iph1){ 12990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph2handle *iph2, *iph2_next; 13000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 13010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if(iph1 == NULL) 13020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return; 13030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 13040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_DEBUG, LOCATION, NULL, 13050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Removing PH1...\n"); 13060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1307c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if (iph1->status == PHASE1ST_ESTABLISHED){ 13080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang for (iph2 = LIST_FIRST(&iph1->ph2tree); iph2; iph2 = iph2_next) { 1309c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh iph2_next = LIST_NEXT(iph2, chain); 13100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang remove_ph2(iph2); 13110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 13120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_info_send_d1(iph1); 13130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 13140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->status = PHASE1ST_EXPIRED; 1315c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh iph1->sce = sched_new(1, isakmp_ph1delete_stub, iph1); 13160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 13170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 13180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1319c91307af2622f6625525f3c1f9c954376df950adChia-chi Yehstatic int revalidate_ph1tree_rmconf(void){ 13200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *p, *next; 1321c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh struct remoteconf *newrmconf; 13220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 13230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang for (p = LIST_FIRST(&ph1tree); p; p = next) { 13240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang next = LIST_NEXT(p, chain); 13250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1326c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if (p->status == PHASE1ST_EXPIRED) 13270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang continue; 1328c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 1329c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh newrmconf=getrmconf(p->remote); 1330c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if(newrmconf == NULL){ 1331c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh p->rmconf = NULL; 1332c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh remove_ph1(p); 1333c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh }else{ 1334c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh /* Do not free old rmconf, it is just a pointer to an entry in rmtree 1335c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh */ 1336c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh p->rmconf=newrmconf; 1337c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if(p->approval != NULL){ 1338c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh struct isakmpsa *tmpsa; 1339c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 1340c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh tmpsa=dupisakmpsa(p->approval); 1341c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if(tmpsa != NULL){ 1342c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh delisakmpsa(p->approval); 1343c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh p->approval=tmpsa; 1344c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh p->approval->rmconf=newrmconf; 1345c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh } 1346c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh } 1347c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh } 1348c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh } 1349c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 1350c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh return 1; 1351c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh} 1352c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 1353c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 1354c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh/* rmconf is already updated here 1355c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh */ 1356c91307af2622f6625525f3c1f9c954376df950adChia-chi Yehstatic int revalidate_ph1(struct ph1handle *iph1){ 1357c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh struct isakmpsa *p, *approval; 1358c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh struct etypes *e; 1359c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 1360c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if(iph1 == NULL || 1361c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh iph1->approval == NULL || 1362c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh iph1->rmconf == NULL) 1363c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh return 0; 1364c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 1365c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh approval=iph1->approval; 1366c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 1367c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh for (e = iph1->rmconf->etypes; e != NULL; e = e->next){ 1368c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if (iph1->etype == e->type) 1369c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh break; 1370c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh } 1371c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 1372c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if (e == NULL){ 1373c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh plog(LLV_DEBUG, LOCATION, NULL, 1374c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh "Reload: Exchange type mismatch\n"); 1375c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh return 0; 1376c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh } 1377c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 1378c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if (iph1->etype == ISAKMP_ETYPE_AGG && 1379c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh approval->dh_group != iph1->rmconf->dh_group){ 1380c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh plog(LLV_DEBUG, LOCATION, NULL, 1381c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh "Reload: DH mismatch\n"); 1382c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh return 0; 1383c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh } 1384c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 1385c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh for (p=iph1->rmconf->proposal; p != NULL; p=p->next){ 1386c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh plog(LLV_DEBUG, LOCATION, NULL, 1387c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh "Reload: Trying next proposal...\n"); 1388c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 1389c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if(approval->authmethod != p->authmethod){ 1390c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh plog(LLV_DEBUG, LOCATION, NULL, 1391c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh "Reload: Authmethod mismatch\n"); 13920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang continue; 1393c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh } 13940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1395c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if(approval->enctype != p->enctype){ 1396c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh plog(LLV_DEBUG, LOCATION, NULL, 1397c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh "Reload: enctype mismatch\n"); 1398c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh continue; 1399c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh } 1400c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 1401c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh switch (iph1->rmconf->pcheck_level) { 1402c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh case PROP_CHECK_OBEY: 1403c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh plog(LLV_DEBUG, LOCATION, NULL, 1404c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh "Reload: OBEY pcheck level, ok...\n"); 1405c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh return 1; 1406c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh break; 1407c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 1408c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh case PROP_CHECK_CLAIM: 1409c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh /* FALLTHROUGH */ 1410c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh case PROP_CHECK_STRICT: 1411c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if (approval->encklen < p->encklen) { 1412c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh plog(LLV_DEBUG, LOCATION, NULL, 1413c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh "Reload: encklen mismatch\n"); 1414c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh continue; 1415c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh } 1416c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 1417c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if (approval->lifetime > p->lifetime) { 1418c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh plog(LLV_DEBUG, LOCATION, NULL, 1419c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh "Reload: lifetime mismatch\n"); 1420c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh continue; 1421c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh } 1422c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 1423c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh#if 0 1424c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh /* Lifebyte is deprecated, just ignore it 1425c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh */ 1426c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if (approval->lifebyte > p->lifebyte) { 1427c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh plog(LLV_DEBUG, LOCATION, NULL, 1428c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh "Reload: lifebyte mismatch\n"); 1429c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh continue; 1430c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh } 1431c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh#endif 1432c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh break; 1433c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 1434c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh case PROP_CHECK_EXACT: 1435c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if (approval->encklen != p->encklen) { 1436c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh plog(LLV_DEBUG, LOCATION, NULL, 1437c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh "Reload: encklen mismatch\n"); 1438c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh continue; 1439c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh } 1440c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 1441c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if (approval->lifetime != p->lifetime) { 1442c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh plog(LLV_DEBUG, LOCATION, NULL, 1443c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh "Reload: lifetime mismatch\n"); 1444c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh continue; 1445c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh } 1446c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 1447c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh#if 0 1448c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh /* Lifebyte is deprecated, just ignore it 1449c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh */ 1450c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if (approval->lifebyte != p->lifebyte) { 1451c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh plog(LLV_DEBUG, LOCATION, NULL, 1452c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh "Reload: lifebyte mismatch\n"); 1453c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh continue; 1454c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh } 1455c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh#endif 1456c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh break; 1457c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 1458c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh default: 1459c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh plog(LLV_ERROR, LOCATION, NULL, 1460c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh "unexpected check_level\n"); 1461c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh continue; 1462c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh break; 1463c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh } 1464c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 1465c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if (approval->hashtype != p->hashtype) { 1466c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh plog(LLV_DEBUG, LOCATION, NULL, 1467c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh "Reload: hashtype mismatch\n"); 1468c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh continue; 1469c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh } 1470c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 1471c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if (iph1->etype != ISAKMP_ETYPE_AGG && 1472c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh approval->dh_group != p->dh_group) { 1473c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh plog(LLV_DEBUG, LOCATION, NULL, 1474c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh "Reload: dhgroup mismatch\n"); 1475c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh continue; 1476c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh } 1477c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 1478c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh plog(LLV_DEBUG, LOCATION, NULL, "Reload: Conf ok\n"); 1479c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh return 1; 1480c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh } 1481c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 1482c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh plog(LLV_DEBUG, LOCATION, NULL, "Reload: No valid conf found\n"); 1483c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh return 0; 1484c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh} 1485c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 1486c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 1487c91307af2622f6625525f3c1f9c954376df950adChia-chi Yehstatic int revalidate_ph1tree(void){ 1488c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh struct ph1handle *p, *next; 1489c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 1490c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh for (p = LIST_FIRST(&ph1tree); p; p = next) { 1491c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh next = LIST_NEXT(p, chain); 1492c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 1493c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if (p->status == PHASE1ST_EXPIRED) 1494c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh continue; 1495c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 1496c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if(!revalidate_ph1(p)) 14970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang remove_ph1(p); 14980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 14990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 15000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 1; 15010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 15020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 15030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic int revalidate_ph2tree(void){ 15040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph2handle *p, *next; 15050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 15060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang for (p = LIST_FIRST(&ph2tree); p; p = next) { 15070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang next = LIST_NEXT(p, chain); 15080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 15090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (p->status == PHASE2ST_EXPIRED) 15100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang continue; 15110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 15120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if(!revalidate_ph2(p)){ 15130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_DEBUG, LOCATION, NULL, 15140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "PH2 not validated, removing it\n"); 15150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang remove_ph2(p); 15160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 15170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 15180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 15190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 1; 15200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 15210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1522c91307af2622f6625525f3c1f9c954376df950adChia-chi Yehint 15230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangrevalidate_ph12(void) 15240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 15250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 15260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang revalidate_ph1tree_rmconf(); 1527c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 15280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang revalidate_ph2tree(); 1529c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh revalidate_ph1tree(); 15300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 15310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 1; 15320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 15330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 15340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef ENABLE_HYBRID 15350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstruct ph1handle * 15360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wanggetph1bylogin(login) 15370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *login; 15380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 15390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *p; 15400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 15410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang LIST_FOREACH(p, &ph1tree, chain) { 15420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (p->mode_cfg == NULL) 15430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang continue; 15440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (strncmp(p->mode_cfg->login, login, LOGINLEN) == 0) 15450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return p; 15460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 15470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 15480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return NULL; 15490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 15500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 15510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint 15520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangpurgeph1bylogin(login) 15530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *login; 15540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 15550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *p; 15560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int found = 0; 15570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 15580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang LIST_FOREACH(p, &ph1tree, chain) { 15590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (p->mode_cfg == NULL) 15600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang continue; 15610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (strncmp(p->mode_cfg->login, login, LOGINLEN) == 0) { 1562c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if (p->status == PHASE1ST_ESTABLISHED) 15630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_info_send_d1(p); 15640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang purge_remote(p); 15650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang found++; 15660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 15670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 15680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 15690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return found; 15700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 15710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 1572