main.c revision 458fe1ef88671dfe580c488973d5573194839087
1837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh/* 2837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh * Copyright (C) 2009 The Android Open Source Project 3837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh * 4837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh * Licensed under the Apache License, Version 2.0 (the "License"); 5837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh * you may not use this file except in compliance with the License. 6837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh * You may obtain a copy of the License at 7837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh * 8837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh * http://www.apache.org/licenses/LICENSE-2.0 9837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh * 10837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh * Unless required by applicable law or agreed to in writing, software 11837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh * distributed under the License is distributed on an "AS IS" BASIS, 12837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh * See the License for the specific language governing permissions and 14837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh * limitations under the License. 15837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh */ 16837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh 17837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh#include <stdio.h> 18837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh#include <stdlib.h> 19837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh#include <string.h> 20837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh#include <ctype.h> 21837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh#include <signal.h> 22837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh#include <unistd.h> 23837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh#include <sys/types.h> 24837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh#include <sys/socket.h> 25837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh#include <sys/select.h> 26837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh 27458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh#ifdef ANDROID_CHANGES 28458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh#include <fcntl.h> 29458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh#include <android/log.h> 30458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh#include <cutils/sockets.h> 31458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh#endif 32458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh 33837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh#include "config.h" 34837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh#include "libpfkey.h" 35837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh#include "ipsec_strerror.h" 36837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh#include "gcmalloc.h" 37837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh#include "vmbuf.h" 38837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh#include "crypto_openssl.h" 39837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh#include "oakley.h" 40837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh#include "vendorid.h" 41837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh#include "pfkey.h" 42837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh#include "schedule.h" 43837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh#include "isakmp_var.h" 44837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh#include "nattraversal.h" 45837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh#include "plog.h" 46837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh#include "grabmyaddr.h" 47837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh#include "localconf.h" 48837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh#include "sockmisc.h" 49837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh#include "admin.h" 50837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh#include "privsep.h" 51837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh#include "misc.h" 52837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh 53837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yehextern int setup(int argc, char **argv); 54837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yehint f_local = 0; 55837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh 56837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yehstatic void interrupt(int signal) 57837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh{ 58837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh exit(1); 59837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh} 60837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh 61458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh#ifdef ANDROID_CHANGES 62458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh 63458fe1ef88671dfe580c488973d5573194839087Chia-chi Yehstatic int get_control_and_arguments(int *argc, char ***argv) 64458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh{ 65458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh static char *args[256]; 66458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh int control; 67458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh int i; 68458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh 69458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh if ((i = android_get_control_socket("racoon")) == -1) { 70458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh return -1; 71458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh } 72458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh do_plog(LLV_DEBUG, "Waiting for control socket"); 73458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh if (listen(i, 1) == -1 || (control = accept(i, NULL, 0)) == -1) { 74458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh do_plog(LLV_ERROR, "Cannot get control socket"); 75458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh exit(-1); 76458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh } 77458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh close(i); 78458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh fcntl(control, F_SETFD, FD_CLOEXEC); 79458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh 80458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh args[0] = (*argv)[0]; 81458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh for (i = 1; i < 256; ++i) { 82458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh unsigned char length; 83458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh if (recv(control, &length, 1, 0) != 1) { 84458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh do_plog(LLV_ERROR, "Cannot get argument length"); 85458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh exit(-1); 86458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh } 87458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh if (length == 0xFF) { 88458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh break; 89458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh } else { 90458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh int offset = 0; 91458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh args[i] = malloc(length + 1); 92458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh while (offset < length) { 93458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh int n = recv(control, &args[i][offset], length - offset, 0); 94458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh if (n > 0) { 95458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh offset += n; 96458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh } else { 97458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh do_plog(LLV_ERROR, "Cannot get argument value"); 98458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh exit(-1); 99458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh } 100458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh } 101458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh args[i][length] = 0; 102458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh } 103458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh } 104458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh do_plog(LLV_DEBUG, "Received %d arguments", i - 1); 105458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh 106458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh *argc = i; 107458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh *argv = args; 108458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh return control; 109458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh} 110458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh 111458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh#endif 112458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh 113458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh 114837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yehint main(int argc, char **argv) 115837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh{ 116837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh fd_set fdset; 117837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh int fdset_size; 118837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh struct myaddrs *p; 119458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh#ifdef ANDROID_CHANGES 120458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh unsigned char code; 121458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh int control = get_control_and_arguments(&argc, &argv); 122458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh#endif 123837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh 124837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh do_plog(LLV_INFO, "ipsec-tools 0.7.2 (http://ipsec-tools.sf.net)\n"); 125837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh 126837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh signal(SIGHUP, interrupt); 127837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh signal(SIGINT, interrupt); 128837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh signal(SIGTERM, interrupt); 129837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh signal(SIGCHLD, interrupt); 130837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh signal(SIGPIPE, SIG_IGN); 131837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh 132837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh eay_init(); 133837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh oakley_dhinit(); 134837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh compute_vendorids(); 135837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh sched_init(); 136837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh 137837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh if (setup(argc, argv) < 0 || pfkey_init() < 0 || isakmp_init() < 0) { 138837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh exit(1); 139837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh } 140837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh 141458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh#ifdef ANDROID_CHANGES 142458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh code = argc - 1; 143458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh send(control, &code, 1, 0); 144458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh#endif 145458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh 146837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh#ifdef ENABLE_NATT 147837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh natt_keepalive_init(); 148837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh#endif 149837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh 150837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh FD_ZERO(&fdset); 151837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh FD_SET(lcconf->sock_pfkey, &fdset); 152837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh fdset_size = lcconf->sock_pfkey; 153837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh for (p = lcconf->myaddrs; p; p = p->next) { 154837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh FD_SET(p->sock, &fdset); 155837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh if (fdset_size < p->sock) { 156837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh fdset_size = p->sock; 157837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh } 158837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh } 159837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh ++fdset_size; 160837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh 161837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh while (1) { 162837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh fd_set readset = fdset; 163837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh struct timeval *timeout = schedular(); 164837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh if (select(fdset_size, &readset, NULL, NULL, timeout) < 0) { 165837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh exit(1); 166837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh } 167837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh if (FD_ISSET(lcconf->sock_pfkey, &readset)) { 168837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh pfkey_handler(); 169837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh } 170837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh for (p = lcconf->myaddrs; p; p = p->next) { 171837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh if (FD_ISSET(p->sock, &readset)) { 172837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh isakmp_handler(p->sock); 173837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh } 174837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh } 175837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh } 176837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh return 0; 177837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh} 178837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh 179837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh/* plog.h */ 180837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh 181837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yehvoid do_plog(int level, char *format, ...) 182837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh{ 183458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh if (level >= 0 && level <= 5) { 184458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh#ifdef ANDROID_CHANGES 185458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh static int levels[6] = { 186458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh ANDROID_LOG_ERROR, ANDROID_LOG_WARN, ANDROID_LOG_INFO, 187458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh ANDROID_LOG_INFO, ANDROID_LOG_DEBUG, ANDROID_LOG_VERBOSE 188458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh }; 189458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh va_list ap; 190458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh va_start(ap, format); 191458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh __android_log_vprint(levels[level], "racoon", format, ap); 192458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh va_end(ap); 193458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh#else 194458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh static char *levels = "EWNIDV"; 195458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh fprintf(stderr, "%c: ", levels[level]); 196458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh va_list ap; 197458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh va_start(ap, format); 198458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh vfprintf(stderr, format, ap); 199458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh va_end(ap); 200458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh#endif 201458fe1ef88671dfe580c488973d5573194839087Chia-chi Yeh } 202837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh} 203837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh 204837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yehchar *binsanitize(char *data, size_t length) 205837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh{ 206837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh char *output = racoon_malloc(length + 1); 207837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh if (output) { 208837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh size_t i; 209837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh for (i = 0; i < length; ++i) { 210837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh output[i] = isprint(data[i]) ? data[i] : '?'; 211837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh } 212837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh output[length] = '\0'; 213837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh } 214837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh return output; 215837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh} 216837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh 217837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh/* libpfkey.h */ 218837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh 219837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yehipsec_policy_t ipsec_set_policy(__ipsec_const char *message, int length) 220837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh{ 221837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh struct sadb_x_policy *p; 222837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh int direction; 223837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh 224837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh if (!strcmp("in bypass", message)) { 225837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh direction = IPSEC_DIR_INBOUND; 226837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh } else if (!strcmp("out bypass", message)) { 227837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh direction = IPSEC_DIR_OUTBOUND; 228837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh } else { 229837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh __ipsec_errcode = EIPSEC_INVAL_POLICY; 230837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh return NULL; 231837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh } 232837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh 233837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh p = calloc(1, sizeof(struct sadb_x_policy)); 234837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh p->sadb_x_policy_len = PFKEY_UNIT64(sizeof(struct sadb_x_policy)); 235837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh p->sadb_x_policy_exttype = SADB_X_EXT_POLICY; 236837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh p->sadb_x_policy_type = IPSEC_POLICY_BYPASS; 237837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh p->sadb_x_policy_dir = direction; 238837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh#ifdef HAVE_PFKEY_POLICY_PRIORITY 239837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh p->sadb_x_policy_priority = PRIORITY_DEFAULT; 240837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh#endif 241837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh __ipsec_errcode = EIPSEC_NO_ERROR; 242837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh return (ipsec_policy_t)p; 243837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh} 244837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh 245837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yehint ipsec_get_policylen(ipsec_policy_t policy) 246837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh{ 247837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh return policy ? PFKEY_EXTLEN(policy) : -1; 248837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh} 249837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh 250837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh/* grabmyaddr.h */ 251837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh 252837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yehint getsockmyaddr(struct sockaddr *addr) 253837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh{ 254837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh struct myaddrs *p; 255837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh for (p = lcconf->myaddrs; p; p = p->next) { 256837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh if (cmpsaddrstrict(addr, p->addr) == 0) { 257837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh return p->sock; 258837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh } 259837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh } 260837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh return -1; 261837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh} 262837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh 263837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh/* privsep.h */ 264837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh 265837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yehint privsep_pfkey_open() 266837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh{ 267837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh return pfkey_open(); 268837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh} 269837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh 270837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yehvoid privsep_pfkey_close(int key) 271837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh{ 272837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh pfkey_close(key); 273837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh} 274837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh 275837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yehvchar_t *privsep_eay_get_pkcs1privkey(char *file) 276837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh{ 277837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh return eay_get_pkcs1privkey(file); 278837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh} 279837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh 280837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yehint privsep_script_exec(char *script, int name, char * const *environ) 281837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh{ 282837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh return 0; 283837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh} 284837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh 285837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh/* misc.h */ 286837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh 287837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yehint racoon_hexdump(void *data, size_t length) 288837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh{ 289837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh return 0; 290837a1c77bab77bd62cccb33a15163a962f8dfb97Chia-chi Yeh} 291