void key_setsadbsens(void) { struct sadb_sens m_sens; u_char buf[64]; u_int s, i, slen, ilen, len; /* make sens & integ */ s = htonl(0x01234567); i = htonl(0x89abcdef); slen = sizeof(s); ilen = sizeof(i); memcpy(buf, &s, slen); memcpy(buf + slen, &i, ilen); len = sizeof(m_sens) + PFKEY_ALIGN8(slen) + PFKEY_ALIGN8(ilen); m_sens.sadb_sens_len = PFKEY_UNIT64(len); m_sens.sadb_sens_exttype = SADB_EXT_SENSITIVITY; m_sens.sadb_sens_dpd = 1; m_sens.sadb_sens_sens_level = 2; m_sens.sadb_sens_sens_len = PFKEY_ALIGN8(slen); m_sens.sadb_sens_integ_level = 3; m_sens.sadb_sens_integ_len = PFKEY_ALIGN8(ilen); m_sens.sadb_sens_reserved = 0; key_setsadbextbuf(m_buf, m_len, (caddr_t)&m_sens, sizeof(struct sadb_sens), buf, slen + ilen); m_len += len; }
void key_setsadbaddr(u_int ext, u_int af, caddr_t str) { struct sadb_address m_addr; u_int len; struct addrinfo hints, *res; const char *serv; int plen; switch (af) { case AF_INET: plen = sizeof(struct in_addr) << 3; break; case AF_INET6: plen = sizeof(struct in6_addr) << 3; break; default: /* XXX bark */ exit(1); } /* make sockaddr buffer */ memset(&hints, 0, sizeof(hints)); hints.ai_family = af; hints.ai_socktype = SOCK_DGRAM; /*dummy*/ hints.ai_flags = AI_NUMERICHOST; serv = (ext == SADB_EXT_ADDRESS_PROXY ? "0" : "4660"); /*0x1234*/ if (getaddrinfo(str, serv, &hints, &res) != 0 || res->ai_next) { /* XXX bark */ exit(1); } len = sizeof(struct sadb_address) + PFKEY_ALIGN8(res->ai_addrlen); m_addr.sadb_address_len = PFKEY_UNIT64(len); m_addr.sadb_address_exttype = ext; m_addr.sadb_address_proto = (ext == SADB_EXT_ADDRESS_PROXY ? 0 : IPPROTO_TCP); m_addr.sadb_address_prefixlen = plen; m_addr.sadb_address_reserved = 0; key_setsadbextbuf(m_buf, m_len, (caddr_t)&m_addr, sizeof(struct sadb_address), (caddr_t)res->ai_addr, res->ai_addrlen); m_len += len; freeaddrinfo(res); }
void key_setsadbkey(u_int ext, caddr_t str) { struct sadb_key m_key; u_int keylen = strlen(str); u_int len; len = sizeof(struct sadb_key) + PFKEY_ALIGN8(keylen); m_key.sadb_key_len = PFKEY_UNIT64(len); m_key.sadb_key_exttype = ext; m_key.sadb_key_bits = keylen * 8; m_key.sadb_key_reserved = 0; key_setsadbextbuf(m_buf, m_len, (caddr_t)&m_key, sizeof(struct sadb_key), str, keylen); m_len += len; }
void key_setsadbid(u_int ext, caddr_t str) { struct sadb_ident m_id; u_int idlen = strlen(str), len; len = sizeof(m_id) + PFKEY_ALIGN8(idlen); m_id.sadb_ident_len = PFKEY_UNIT64(len); m_id.sadb_ident_exttype = ext; m_id.sadb_ident_type = SADB_IDENTTYPE_USERFQDN; m_id.sadb_ident_reserved = 0; m_id.sadb_ident_id = getpid(); key_setsadbextbuf(m_buf, m_len, (caddr_t)&m_id, sizeof(struct sadb_ident), str, idlen); m_len += len; }
// This function fills in policy0 and policylen0 according to the given parameters // The full implementation can be found in racoon // direction IPSEC_DIR_INBOUND | IPSEC_DIR_OUTBOUND int getsadbpolicy(caddr_t *policy0, int *policylen0, int direction, struct sockaddr *src, struct sockaddr *dst, u_int mode, int cmd) { struct sadb_x_policy *xpl; struct sadb_x_ipsecrequest *xisr; struct saproto *pr; caddr_t policy, p; int policylen; int xisrlen, src_len, dst_len; u_int satype; HIP_DEBUG("\n"); /* get policy buffer size */ policylen = sizeof(struct sadb_x_policy); if (cmd != SADB_X_SPDDELETE) { xisrlen = sizeof(*xisr); xisrlen += (sysdep_sa_len(src) + sysdep_sa_len(dst)); policylen += PFKEY_ALIGN8(xisrlen); } /* make policy structure */ policy = malloc(policylen); if (!policy) { HIP_ERROR("Cannot allocate memory for policy\n"); return -ENOMEM; } xpl = (struct sadb_x_policy *)policy; xpl->sadb_x_policy_len = PFKEY_UNIT64(policylen); xpl->sadb_x_policy_exttype = SADB_X_EXT_POLICY; xpl->sadb_x_policy_type = IPSEC_POLICY_IPSEC; xpl->sadb_x_policy_dir = direction; xpl->sadb_x_policy_id = 0; //xpl->sadb_x_policy_priority = PRIORITY_DEFAULT; if (cmd == SADB_X_SPDDELETE) goto end; xisr = (struct sadb_x_ipsecrequest *)(xpl + 1); xisr->sadb_x_ipsecrequest_proto = SADB_SATYPE_ESP; xisr->sadb_x_ipsecrequest_mode = mode; xisr->sadb_x_ipsecrequest_level = IPSEC_LEVEL_REQUIRE; xisr->sadb_x_ipsecrequest_reqid = 0; p = (caddr_t)(xisr + 1); xisrlen = sizeof(*xisr); src_len = sysdep_sa_len(src); dst_len = sysdep_sa_len(dst); xisrlen += src_len + dst_len; memcpy(p, src, src_len); p += src_len; memcpy(p, dst, dst_len); p += dst_len; xisr->sadb_x_ipsecrequest_len = PFKEY_ALIGN8(xisrlen); end: *policy0 = policy; *policylen0 = policylen; return 0; }