void
key_setsadbsens(void)
{
struct sadb_sens m_sens;
u_char buf[64];
u_int s, i, slen, ilen, len;
/* make sens & integ */
s = htonl(0x01234567);
i = htonl(0x89abcdef);
slen = sizeof(s);
ilen = sizeof(i);
memcpy(buf, &s, slen);
memcpy(buf + slen, &i, ilen);
len = sizeof(m_sens) + PFKEY_ALIGN8(slen) + PFKEY_ALIGN8(ilen);
m_sens.sadb_sens_len = PFKEY_UNIT64(len);
m_sens.sadb_sens_exttype = SADB_EXT_SENSITIVITY;
m_sens.sadb_sens_dpd = 1;
m_sens.sadb_sens_sens_level = 2;
m_sens.sadb_sens_sens_len = PFKEY_ALIGN8(slen);
m_sens.sadb_sens_integ_level = 3;
m_sens.sadb_sens_integ_len = PFKEY_ALIGN8(ilen);
m_sens.sadb_sens_reserved = 0;
key_setsadbextbuf(m_buf, m_len,
(caddr_t)&m_sens, sizeof(struct sadb_sens),
buf, slen + ilen);
m_len += len;
}
void
key_setsadbaddr(u_int ext, u_int af, caddr_t str)
{
struct sadb_address m_addr;
u_int len;
struct addrinfo hints, *res;
const char *serv;
int plen;
switch (af) {
case AF_INET:
plen = sizeof(struct in_addr) << 3;
break;
case AF_INET6:
plen = sizeof(struct in6_addr) << 3;
break;
default:
/* XXX bark */
exit(1);
}
/* make sockaddr buffer */
memset(&hints, 0, sizeof(hints));
hints.ai_family = af;
hints.ai_socktype = SOCK_DGRAM; /*dummy*/
hints.ai_flags = AI_NUMERICHOST;
serv = (ext == SADB_EXT_ADDRESS_PROXY ? "0" : "4660"); /*0x1234*/
if (getaddrinfo(str, serv, &hints, &res) != 0 || res->ai_next) {
/* XXX bark */
exit(1);
}
len = sizeof(struct sadb_address) + PFKEY_ALIGN8(res->ai_addrlen);
m_addr.sadb_address_len = PFKEY_UNIT64(len);
m_addr.sadb_address_exttype = ext;
m_addr.sadb_address_proto =
(ext == SADB_EXT_ADDRESS_PROXY ? 0 : IPPROTO_TCP);
m_addr.sadb_address_prefixlen = plen;
m_addr.sadb_address_reserved = 0;
key_setsadbextbuf(m_buf, m_len,
(caddr_t)&m_addr, sizeof(struct sadb_address),
(caddr_t)res->ai_addr, res->ai_addrlen);
m_len += len;
freeaddrinfo(res);
}
void
key_setsadbkey(u_int ext, caddr_t str)
{
struct sadb_key m_key;
u_int keylen = strlen(str);
u_int len;
len = sizeof(struct sadb_key) + PFKEY_ALIGN8(keylen);
m_key.sadb_key_len = PFKEY_UNIT64(len);
m_key.sadb_key_exttype = ext;
m_key.sadb_key_bits = keylen * 8;
m_key.sadb_key_reserved = 0;
key_setsadbextbuf(m_buf, m_len,
(caddr_t)&m_key, sizeof(struct sadb_key),
str, keylen);
m_len += len;
}
void
key_setsadbid(u_int ext, caddr_t str)
{
struct sadb_ident m_id;
u_int idlen = strlen(str), len;
len = sizeof(m_id) + PFKEY_ALIGN8(idlen);
m_id.sadb_ident_len = PFKEY_UNIT64(len);
m_id.sadb_ident_exttype = ext;
m_id.sadb_ident_type = SADB_IDENTTYPE_USERFQDN;
m_id.sadb_ident_reserved = 0;
m_id.sadb_ident_id = getpid();
key_setsadbextbuf(m_buf, m_len,
(caddr_t)&m_id, sizeof(struct sadb_ident),
str, idlen);
m_len += len;
}
// This function fills in policy0 and policylen0 according to the given parameters
// The full implementation can be found in racoon
// direction IPSEC_DIR_INBOUND | IPSEC_DIR_OUTBOUND
int getsadbpolicy(caddr_t *policy0, int *policylen0, int direction,
struct sockaddr *src, struct sockaddr *dst, u_int mode, int cmd)
{
struct sadb_x_policy *xpl;
struct sadb_x_ipsecrequest *xisr;
struct saproto *pr;
caddr_t policy, p;
int policylen;
int xisrlen, src_len, dst_len;
u_int satype;
HIP_DEBUG("\n");
/* get policy buffer size */
policylen = sizeof(struct sadb_x_policy);
if (cmd != SADB_X_SPDDELETE) {
xisrlen = sizeof(*xisr);
xisrlen += (sysdep_sa_len(src) + sysdep_sa_len(dst));
policylen += PFKEY_ALIGN8(xisrlen);
}
/* make policy structure */
policy = malloc(policylen);
if (!policy) {
HIP_ERROR("Cannot allocate memory for policy\n");
return -ENOMEM;
}
xpl = (struct sadb_x_policy *)policy;
xpl->sadb_x_policy_len = PFKEY_UNIT64(policylen);
xpl->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
xpl->sadb_x_policy_type = IPSEC_POLICY_IPSEC;
xpl->sadb_x_policy_dir = direction;
xpl->sadb_x_policy_id = 0;
//xpl->sadb_x_policy_priority = PRIORITY_DEFAULT;
if (cmd == SADB_X_SPDDELETE)
goto end;
xisr = (struct sadb_x_ipsecrequest *)(xpl + 1);
xisr->sadb_x_ipsecrequest_proto = SADB_SATYPE_ESP;
xisr->sadb_x_ipsecrequest_mode = mode;
xisr->sadb_x_ipsecrequest_level = IPSEC_LEVEL_REQUIRE;
xisr->sadb_x_ipsecrequest_reqid = 0;
p = (caddr_t)(xisr + 1);
xisrlen = sizeof(*xisr);
src_len = sysdep_sa_len(src);
dst_len = sysdep_sa_len(dst);
xisrlen += src_len + dst_len;
memcpy(p, src, src_len);
p += src_len;
memcpy(p, dst, dst_len);
p += dst_len;
xisr->sadb_x_ipsecrequest_len = PFKEY_ALIGN8(xisrlen);
end:
*policy0 = policy;
*policylen0 = policylen;
return 0;
}
