int
pfkey_x_satype_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr)
{
int error = 0;
struct sadb_x_satype *pfkey_x_satype = (struct sadb_x_satype *)pfkey_ext;
KLIPS_PRINT(debug_pfkey,
"klips_debug:pfkey_x_satype_process: .\n");
if(!extr || !extr->ips) {
KLIPS_PRINT(debug_pfkey,
"klips_debug:pfkey_x_satype_process: "
"extr or extr->ips is NULL, fatal\n");
SENDERR(EINVAL);
}
if(extr->ips2 == NULL) {
extr->ips2 = ipsec_sa_alloc(&error); /* pass error var by pointer */
}
if(extr->ips2 == NULL) {
SENDERR(-error);
}
if(!(extr->ips2->ips_said.proto = satype2proto(pfkey_x_satype->sadb_x_satype_satype))) {
KLIPS_PRINT(debug_pfkey,
"klips_debug:pfkey_x_satype_process: "
"proto lookup from satype=%d failed.\n",
pfkey_x_satype->sadb_x_satype_satype);
SENDERR(EINVAL);
}
KLIPS_PRINT(debug_pfkey,
"klips_debug:pfkey_x_satype_process: "
"protocol==%d decoded from satype==%d(%s).\n",
extr->ips2->ips_said.proto,
pfkey_x_satype->sadb_x_satype_satype,
satype2name(pfkey_x_satype->sadb_x_satype_satype));
errlab:
return error;
}
int main(char *argv[], int argc)
{
int error;
struct sockaddr_in saddr,daddr;
struct sockaddr_in saddr2,daddr2;
void *main_talloc = NULL;
struct ipsec_sa *sa, *sa1;
char auth1[]={0x87, 0x65, 0x87, 0x65,
0x87, 0x65, 0x87, 0x65,
0x87, 0x65, 0x87, 0x65,
0x87, 0x65, 0x87, 0x65};
char enc[] ={0x40, 0x43, 0x43, 0x45, 0x45, 0x46, 0x46, 0x49,
0x49, 0x4a, 0x4a, 0x4c, 0x4c, 0x4f, 0x4f, 0x51,
0x51, 0x52, 0x52, 0x54, 0x54, 0x57, 0x57, 0x58};
debug_xform = 1;
init_kmalloc();
debug_tunnel=0xffffffff;
debug_xmit=0xffffffff;
sysctl_ipsec_debug_verbose = 1;
prng_init(&ipsec_prng, seed, sizeof(seed));
ipsec_sadb_init();
ipsec_alg_init();
{
sa1 = ipsec_sa_alloc(&error);
assert(error == 0);
ipsec_sa_intern(sa1);
sa1->ips_seq = 1;
sa1->ips_pid = 10;
sa1->ips_said.spi = htonl(0x12345678);
sa1->ips_said.proto = IPPROTO_IPIP;
sa1->ips_said.dst.u.v4.sin_addr.s_addr = htonl(0xc001022D);
sa1->ips_state = SADB_SASTATE_MATURE;
daddr2.sin_addr.s_addr = htonl(0xc001022D);
saddr2.sin_addr.s_addr = htonl(0xc0010217);
sa1->ips_addr_s = (struct sockaddr *)&saddr2;
sa1->ips_addr_d = (struct sockaddr *)&daddr2;
}
{
sa = ipsec_sa_alloc(&error);
assert(error == 0);
ipsec_sa_intern(sa);
sa->ips_said.spi = htonl(0x12345678);
sa->ips_said.proto = IPPROTO_ESP;
sa->ips_said.dst.u.v4.sin_addr.s_addr = htonl(0xc001022D);
sa->ips_said.dst.u.v4.sin_family = AF_INET;
sa->ips_seq = 1;
sa->ips_pid = 10;
sa->ips_inext = sa1;
{
/* make a copy so that ipsec_sa_init() can zero it out */
char *auth = talloc_size(main_talloc, AHMD596_KLEN);
memcpy(auth, auth1, AHMD596_KLEN);
sa->ips_authalg = AH_MD5;
sa->ips_key_bits_a = AHMD596_KLEN * 8;
sa->ips_key_a = auth;
}
sa->ips_encalg = ESP_3DES;
sa->ips_key_bits_e = 192;
sa->ips_iv_bits = 128;
sa->ips_key_e_size = 0;
sa->ips_key_e = talloc_memdup(main_talloc, enc, sa->ips_key_bits_e);
sa->ips_state = SADB_SASTATE_MATURE;
daddr.sin_addr.s_addr = htonl(0xc001022D);
saddr.sin_addr.s_addr = htonl(0xc0010217);
sa->ips_addr_s = (struct sockaddr *)&saddr;
sa->ips_addr_d = (struct sockaddr *)&daddr;
ipsec_sa_add(sa);
assert(ipsec_sa_init(sa) == 0);
ipsec_sa_put(sa);
}
{
struct ipsec_xmit_state ixs_mem;
struct ipsec_xmit_state *ixs = &ixs_mem;
enum ipsec_xmit_value stat;
struct net_device_stats stats;
int iphlen;
struct sk_buff *skb = skbFromArray(packet2, packet2_len);
skb->nh.raw = skb_pull(skb, skb->mac_len);
iphlen = (skb->nh.iph->ihl<<2);
/* do not use skb_pull, since data should stay at IP header */
skb->h.raw = skb->nh.raw + iphlen;
memset((caddr_t)ixs, 0, sizeof(*ixs));
memset(&stats, 0, sizeof(stats));
ixs->stats = &stats;
ixs->oskb = NULL;
ixs->saved_header = NULL; /* saved copy of the hard header */
ixs->route = NULL;
memset((caddr_t)&(ixs->ips), 0, sizeof(ixs->ips));
ixs->dev = NULL;
ixs->skb = skb;
ixs->physmtu = 1500;
ixs->cur_mtu = 1500;
ixs->outgoing_said.spi = htonl(0x12345678);
ixs->outgoing_said.proto = IPPROTO_ESP;
ixs->outgoing_said.dst.u.v4.sin_family = AF_INET;
ixs->outgoing_said.dst.u.v4.sin_addr.s_addr = htonl(0xc001022D);
stat = ipsec_xmit_sanity_check_skb(ixs);
assert(stat == IPSEC_XMIT_OK);
#if 0
stat = ipsec_tunnel_strip_hard_header(ixs);
assert(stat == IPSEC_XMIT_OK);
stat = ipsec_tunnel_SAlookup(ixs);
assert(stat == IPSEC_XMIT_OK);
#endif
stat = ipsec_xmit_encap_bundle(ixs);
assert(stat == IPSEC_XMIT_OK);
#if 0
stat = ipsec_tunnel_restore_hard_header(ixs);
#endif
ipsec_print_ip(ixs->iph);
}
return 0;
}
int main(char *argv[], int argc)
{
int ret;
int error;
struct sockaddr_in saddr, daddr;
struct sockaddr_in saddr2, daddr2;
void *rcv02_talloc = NULL;
struct ipsec_sa *sa, *sa1;
char auth1[] = { 0x87, 0x65, 0x87, 0x65,
0x87, 0x65, 0x87, 0x65,
0x87, 0x65, 0x87, 0x65,
0x87, 0x65, 0x87, 0x65 };
char enc[] = { 0x40, 0x43, 0x43, 0x45, 0x45, 0x46, 0x46, 0x49,
0x49, 0x4a, 0x4a, 0x4c, 0x4c, 0x4f, 0x4f, 0x51,
0x51, 0x52, 0x52, 0x54, 0x54, 0x57, 0x57, 0x58 };
debug_xform = 1;
init_kmalloc();
debug_rcv = 0xffffffff;
sysctl_ipsec_debug_verbose = 1;
prng_init(&ipsec_prng, seed, sizeof(seed));
ipsec_sadb_init();
ipsec_alg_init();
{
sa1 = ipsec_sa_alloc(&error);
assert(error == 0);
ipsec_sa_intern(sa1);
sa1->ips_said.spi = htonl(0x12345678);
sa1->ips_said.proto = IPPROTO_IPIP;
sa1->ips_said.dst.u.v4.sin_addr.s_addr = htonl(0xc001022D);
sa1->ips_seq = 1;
sa1->ips_pid = 10;
sa1->ips_state = SADB_SASTATE_MATURE;
daddr2.sin_addr.s_addr = htonl(0xc001022D);
saddr2.sin_addr.s_addr = htonl(0xc0010217);
sa1->ips_addr_s = (struct sockaddr *)&saddr2;
sa1->ips_addr_d = (struct sockaddr *)&daddr2;
}
{
sa = ipsec_sa_alloc(&error);
assert(error == 0);
ipsec_sa_intern(sa);
sa->ips_said.spi = htonl(0x12345678);
sa->ips_said.proto = IPPROTO_ESP;
sa->ips_said.dst.u.v4.sin_addr.s_addr = htonl(0xc001022D);
sa->ips_seq = 1;
sa->ips_pid = 10;
sa->ips_inext = sa1;
{
/* make a copy so that ipsec_sa_init() can zero it out */
char *auth = talloc_size(rcv02_talloc, AHMD596_KLEN);
memcpy(auth, auth1, AHMD596_KLEN);
sa->ips_authalg = AH_MD5;
sa->ips_key_bits_a = AHMD596_KLEN * 8;
sa->ips_key_a = auth;
}
sa->ips_natt_type = ESPINUDP_WITH_NON_ESP;
sa->ips_encalg = ESP_3DES;
sa->ips_key_bits_e = 192;
sa->ips_iv_bits = 128;
sa->ips_key_e_size = 0;
sa->ips_key_e = talloc_memdup(rcv02_talloc, enc,
sa->ips_key_bits_e);
sa->ips_state = SADB_SASTATE_MATURE;
daddr.sin_addr.s_addr = htonl(0xc001022D);
saddr.sin_addr.s_addr = htonl(0xc0010217);
sa->ips_addr_s = (struct sockaddr *)&saddr;
sa->ips_addr_d = (struct sockaddr *)&daddr;
ipsec_sa_init(sa);
ipsec_sa_add(sa);
//ipsec_sa_put(sa);
}
{
int iphlen, len;
struct iphdr *iph;
struct sk_buff *skb = skbFromArray(packet1, packet1_len);
skb_ethernet_ip_setup(skb);
/* now simulate action of udp_encap_rcv */
len = sizeof(struct udphdr);
iph = skb->nh.iph;
iphlen = iph->ihl << 2;
iph->tot_len = htons(ntohs(iph->tot_len) - len);
if (skb->len < iphlen + len) {
/* packet is too small!?! */
return 0;
}
/* pull the data buffer up to the ESP header and set the
* transport header to point to ESP. Keep UDP on the stack
* for later.
*/
skb->h.raw = skb_pull(skb, len);
/* modify the protocol (it's ESP!) */
iph->protocol = IPPROTO_ESP;
printf("SA natt: %d\n", sa->ips_natt_type);
ret = klips26_rcv_encap(skb, UDP_ENCAP_ESPINUDP);
}
return 0;
}
int main(char *argv[], int argc)
{
int ret;
int error;
struct sockaddr_in saddr,daddr;
struct sockaddr_in saddr2,daddr2;
void *rcv01_talloc = NULL;
struct ipsec_sa *sa, *sa1;
char auth1[]={0x87, 0x65, 0x87, 0x65,
0x87, 0x65, 0x87, 0x65,
0x87, 0x65, 0x87, 0x65,
0x87, 0x65, 0x87, 0x65};
char enc[] ={0x40, 0x43, 0x43, 0x45, 0x45, 0x46, 0x46, 0x49,
0x49, 0x4a, 0x4a, 0x4c, 0x4c, 0x4f, 0x4f, 0x51,
0x51, 0x52, 0x52, 0x54, 0x54, 0x57, 0x57, 0x58};
debug_xform = 1;
init_kmalloc();
debug_rcv=0xffffffff;
sysctl_ipsec_debug_verbose = 1;
prng_init(&ipsec_prng, seed, sizeof(seed));
ipsec_sadb_init();
ipsec_alg_init();
{
sa1 = ipsec_sa_alloc(&error);
assert(error == 0);
ipsec_sa_intern(sa1);
sa1->ips_said.spi = htonl(0x12345678);
sa1->ips_said.proto = IPPROTO_IPIP;
sa1->ips_said.dst.u.v4.sin_addr.s_addr = htonl(0xc001022D);
sa1->ips_seq = 1;
sa1->ips_pid = 10;
sa1->ips_state = SADB_SASTATE_MATURE;
daddr2.sin_addr.s_addr = htonl(0xc001022D);
saddr2.sin_addr.s_addr = htonl(0xc0010217);
sa1->ips_addr_s = (struct sockaddr *)&saddr2;
sa1->ips_addr_d = (struct sockaddr *)&daddr2;
}
{
sa = ipsec_sa_alloc(&error);
ipsec_sa_intern(sa);
assert(error == 0);
sa->ips_said.spi = htonl(0x12345678);
sa->ips_said.proto = IPPROTO_ESP;
sa->ips_said.dst.u.v4.sin_addr.s_addr = htonl(0xc001022D);
sa->ips_seq = 1;
sa->ips_pid = 10;
sa->ips_inext = sa1;
{
/* make a copy so that ipsec_sa_init() can zero it out */
char *auth = talloc_size(rcv01_talloc, AHMD596_KLEN);
memcpy(auth, auth1, AHMD596_KLEN);
sa->ips_authalg = AH_MD5;
sa->ips_key_bits_a = AHMD596_KLEN * 8;
sa->ips_key_a = auth;
}
sa->ips_encalg = ESP_3DES;
sa->ips_key_bits_e = 192;
sa->ips_iv_bits = 128;
sa->ips_key_e_size = 0;
sa->ips_key_e = talloc_memdup(rcv01_talloc, enc, sa->ips_key_bits_e);
sa->ips_state = SADB_SASTATE_MATURE;
daddr.sin_addr.s_addr = htonl(0xc001022D);
saddr.sin_addr.s_addr = htonl(0xc0010217);
sa->ips_addr_s = (struct sockaddr *)&saddr;
sa->ips_addr_d = (struct sockaddr *)&daddr;
ipsec_sa_add(sa);
assert(ipsec_sa_init(sa) == 0);
//ipsec_sa_put(sa);
}
{
struct sk_buff *skb = skbFromArray(packet1, packet1_len);
skb_ethernet_ip_setup(skb);
ret = ipsec_rcv(skb);
assert(netif_rx_count == 1);
}
ipsec_sadb_cleanup(0); /* 0 = all protocols */
exit(0);
}
int
pfkey_sa_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr)
{
struct sadb_sa *pfkey_sa = (struct sadb_sa *)pfkey_ext;
int error = 0;
struct ipsec_sa* ipsp;
KLIPS_PRINT(debug_pfkey,
"klips_debug:pfkey_sa_process: .\n");
if(!extr || !extr->ips) {
KLIPS_PRINT(debug_pfkey,
"klips_debug:pfkey_sa_process: "
"extr or extr->ips is NULL, fatal\n");
SENDERR(EINVAL);
}
switch(pfkey_ext->sadb_ext_type) {
case SADB_EXT_SA:
ipsp = extr->ips;
break;
case SADB_X_EXT_SA2:
if(extr->ips2 == NULL) {
extr->ips2 = ipsec_sa_alloc(&error); /* pass error var by pointer */
}
if(extr->ips2 == NULL) {
SENDERR(-error);
}
ipsp = extr->ips2;
break;
default:
KLIPS_PRINT(debug_pfkey,
"klips_debug:pfkey_sa_process: "
"invalid exttype=%d.\n",
pfkey_ext->sadb_ext_type);
SENDERR(EINVAL);
}
ipsp->ips_said.spi = pfkey_sa->sadb_sa_spi;
ipsp->ips_replaywin = pfkey_sa->sadb_sa_replay;
ipsp->ips_state = pfkey_sa->sadb_sa_state;
ipsp->ips_flags = pfkey_sa->sadb_sa_flags;
ipsp->ips_replaywin_lastseq = ipsp->ips_replaywin_bitmap = 0;
ipsp->ips_ref_rel = pfkey_sa->sadb_x_sa_ref;
switch(ipsp->ips_said.proto) {
case IPPROTO_AH:
ipsp->ips_authalg = pfkey_sa->sadb_sa_auth;
ipsp->ips_encalg = SADB_EALG_NONE;
break;
case IPPROTO_ESP:
ipsp->ips_authalg = pfkey_sa->sadb_sa_auth;
ipsp->ips_encalg = pfkey_sa->sadb_sa_encrypt;
#ifdef CONFIG_KLIPS_ALG
ipsec_alg_sa_init(ipsp);
#endif /* CONFIG_KLIPS_ALG */
break;
case IPPROTO_IPIP:
ipsp->ips_authalg = AH_NONE;
ipsp->ips_encalg = ESP_NONE;
break;
#ifdef CONFIG_KLIPS_IPCOMP
case IPPROTO_COMP:
ipsp->ips_authalg = AH_NONE;
ipsp->ips_encalg = pfkey_sa->sadb_sa_encrypt;
break;
#endif /* CONFIG_KLIPS_IPCOMP */
case IPPROTO_INT:
ipsp->ips_authalg = AH_NONE;
ipsp->ips_encalg = ESP_NONE;
break;
case 0:
break;
default:
KLIPS_PRINT(debug_pfkey,
"klips_debug:pfkey_sa_process: "
"unknown proto=%d.\n",
ipsp->ips_said.proto);
SENDERR(EINVAL);
}
errlab:
return error;
}
int
pfkey_address_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr)
{
int error = 0;
int saddr_len = 0;
char ipaddr_txt[ADDRTOA_BUF];
unsigned char **sap;
unsigned short * portp = 0;
struct sadb_address *pfkey_address = (struct sadb_address *)pfkey_ext;
struct sockaddr* s = (struct sockaddr*)((char*)pfkey_address + sizeof(*pfkey_address));
struct ipsec_sa* ipsp;
KLIPS_PRINT(debug_pfkey,
"klips_debug:pfkey_address_process:\n");
if(!extr || !extr->ips) {
KLIPS_PRINT(debug_pfkey,
"klips_debug:pfkey_address_process: "
"extr or extr->ips is NULL, fatal\n");
SENDERR(EINVAL);
}
switch(s->sa_family) {
case AF_INET:
saddr_len = sizeof(struct sockaddr_in);
addrtoa(((struct sockaddr_in*)s)->sin_addr, 0, ipaddr_txt, sizeof(ipaddr_txt));
KLIPS_PRINT(debug_pfkey,
"klips_debug:pfkey_address_process: "
"found address family=%d, AF_INET, %s.\n",
s->sa_family,
ipaddr_txt);
break;
#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
case AF_INET6:
saddr_len = sizeof(struct sockaddr_in6);
break;
#endif /* defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) */
default:
KLIPS_PRINT(debug_pfkey,
"klips_debug:pfkey_address_process: "
"s->sa_family=%d not supported.\n",
s->sa_family);
SENDERR(EPFNOSUPPORT);
}
switch(pfkey_address->sadb_address_exttype) {
case SADB_EXT_ADDRESS_SRC:
KLIPS_PRINT(debug_pfkey,
"klips_debug:pfkey_address_process: "
"found src address.\n");
sap = (unsigned char **)&(extr->ips->ips_addr_s);
extr->ips->ips_addr_s_size = saddr_len;
break;
case SADB_EXT_ADDRESS_DST:
KLIPS_PRINT(debug_pfkey,
"klips_debug:pfkey_address_process: "
"found dst address.\n");
sap = (unsigned char **)&(extr->ips->ips_addr_d);
extr->ips->ips_addr_d_size = saddr_len;
break;
case SADB_EXT_ADDRESS_PROXY:
KLIPS_PRINT(debug_pfkey,
"klips_debug:pfkey_address_process: "
"found proxy address.\n");
sap = (unsigned char **)&(extr->ips->ips_addr_p);
extr->ips->ips_addr_p_size = saddr_len;
break;
case SADB_X_EXT_ADDRESS_DST2:
KLIPS_PRINT(debug_pfkey,
"klips_debug:pfkey_address_process: "
"found 2nd dst address.\n");
if(extr->ips2 == NULL) {
extr->ips2 = ipsec_sa_alloc(&error); /* pass error var by pointer */
}
if(extr->ips2 == NULL) {
SENDERR(-error);
}
sap = (unsigned char **)&(extr->ips2->ips_addr_d);
extr->ips2->ips_addr_d_size = saddr_len;
break;
case SADB_X_EXT_ADDRESS_SRC_FLOW:
KLIPS_PRINT(debug_pfkey,
"klips_debug:pfkey_address_process: "
"found src flow address.\n");
if(pfkey_alloc_eroute(&(extr->eroute)) == ENOMEM) {
SENDERR(ENOMEM);
}
sap = (unsigned char **)&(extr->eroute->er_eaddr.sen_ip_src);
portp = &(extr->eroute->er_eaddr.sen_sport);
break;
case SADB_X_EXT_ADDRESS_DST_FLOW:
KLIPS_PRINT(debug_pfkey,
"klips_debug:pfkey_address_process: "
"found dst flow address.\n");
if(pfkey_alloc_eroute(&(extr->eroute)) == ENOMEM) {
SENDERR(ENOMEM);
}
sap = (unsigned char **)&(extr->eroute->er_eaddr.sen_ip_dst);
portp = &(extr->eroute->er_eaddr.sen_dport);
break;
case SADB_X_EXT_ADDRESS_SRC_MASK:
KLIPS_PRINT(debug_pfkey,
"klips_debug:pfkey_address_process: "
"found src mask address.\n");
if(pfkey_alloc_eroute(&(extr->eroute)) == ENOMEM) {
SENDERR(ENOMEM);
}
sap = (unsigned char **)&(extr->eroute->er_emask.sen_ip_src);
portp = &(extr->eroute->er_emask.sen_sport);
break;
case SADB_X_EXT_ADDRESS_DST_MASK:
KLIPS_PRINT(debug_pfkey,
"klips_debug:pfkey_address_process: "
"found dst mask address.\n");
if(pfkey_alloc_eroute(&(extr->eroute)) == ENOMEM) {
SENDERR(ENOMEM);
}
sap = (unsigned char **)&(extr->eroute->er_emask.sen_ip_dst);
portp = &(extr->eroute->er_emask.sen_dport);
break;
#ifdef NAT_TRAVERSAL
case SADB_X_EXT_NAT_T_OA:
KLIPS_PRINT(debug_pfkey,
"klips_debug:pfkey_address_process: "
"found NAT-OA address.\n");
sap = (unsigned char **)&(extr->ips->ips_natt_oa);
extr->ips->ips_natt_oa_size = saddr_len;
break;
#endif
default:
KLIPS_PRINT(debug_pfkey,
"klips_debug:pfkey_address_process: "
"unrecognised ext_type=%d.\n",
pfkey_address->sadb_address_exttype);
SENDERR(EINVAL);
}
switch(pfkey_address->sadb_address_exttype) {
case SADB_EXT_ADDRESS_SRC:
case SADB_EXT_ADDRESS_DST:
case SADB_EXT_ADDRESS_PROXY:
case SADB_X_EXT_ADDRESS_DST2:
#ifdef NAT_TRAVERSAL
case SADB_X_EXT_NAT_T_OA:
#endif
KLIPS_PRINT(debug_pfkey,
"klips_debug:pfkey_address_process: "
"allocating %d bytes for saddr.\n",
saddr_len);
if(!(*sap = kmalloc(saddr_len, GFP_KERNEL))) {
SENDERR(ENOMEM);
}
memcpy(*sap, s, saddr_len);
break;
default:
if(s->sa_family != AF_INET) {
KLIPS_PRINT(debug_pfkey,
"klips_debug:pfkey_address_process: "
"s->sa_family=%d not supported.\n",
s->sa_family);
SENDERR(EPFNOSUPPORT);
}
{
unsigned long *ulsap = (unsigned long *)sap;
*ulsap = ((struct sockaddr_in*)s)->sin_addr.s_addr;
}
if (portp != 0)
*portp = ((struct sockaddr_in*)s)->sin_port;
#ifdef CONFIG_KLIPS_DEBUG
if(extr->eroute) {
char buf1[64], buf2[64];
if (debug_pfkey) {
subnettoa(extr->eroute->er_eaddr.sen_ip_src,
extr->eroute->er_emask.sen_ip_src, 0, buf1, sizeof(buf1));
subnettoa(extr->eroute->er_eaddr.sen_ip_dst,
extr->eroute->er_emask.sen_ip_dst, 0, buf2, sizeof(buf2));
KLIPS_PRINT(debug_pfkey,
"klips_debug:pfkey_address_parse: "
"extr->eroute set to %s:%d->%s:%d\n",
buf1,
ntohs(extr->eroute->er_eaddr.sen_sport),
buf2,
ntohs(extr->eroute->er_eaddr.sen_dport));
}
}
#endif /* CONFIG_KLIPS_DEBUG */
}
ipsp = extr->ips;
switch(pfkey_address->sadb_address_exttype) {
case SADB_X_EXT_ADDRESS_DST2:
ipsp = extr->ips2;
case SADB_EXT_ADDRESS_DST:
if(s->sa_family == AF_INET) {
ipsp->ips_said.dst.u.v4.sin_addr.s_addr = ((struct sockaddr_in*)(ipsp->ips_addr_d))->sin_addr.s_addr;
ipsp->ips_said.dst.u.v4.sin_family = AF_INET;
addrtoa(((struct sockaddr_in*)(ipsp->ips_addr_d))->sin_addr,
0,
ipaddr_txt,
sizeof(ipaddr_txt));
KLIPS_PRINT(debug_pfkey,
"klips_debug:pfkey_address_process: "
"ips_said.dst set to %s.\n",
ipaddr_txt);
} else {
KLIPS_PRINT(debug_pfkey,
"klips_debug:pfkey_address_process: "
"uh, ips_said.dst doesn't do address family=%d yet, said will be invalid.\n",
s->sa_family);
}
default:
break;
}
/* XXX check if port!=0 */
KLIPS_PRINT(debug_pfkey,
"klips_debug:pfkey_address_process: successful.\n");
errlab:
return error;
}
