void recv_pcap_packet_gen(u_char *user,
const struct pcap_pkthdr *h,
const u_char *bytes)
{
struct msg_digest *md;
u_int32_t *dlt;
struct iphdr *ip;
struct udphdr *udp;
u_char *ike;
const struct iface_port *ifp = &if1;
int packet_len;
err_t from_ugh;
union {
struct sockaddr sa;
struct sockaddr_in sa_in4;
struct sockaddr_in6 sa_in6;
} from;
md = alloc_md();
dlt = (u_int32_t *)bytes;
if (*dlt != PF_INET)
return;
ip = (struct iphdr *)(dlt + 1);
udp = (struct udphdr *)(dlt + ip->ihl + 1);
ike = (u_char *)(udp + 1);
from.sa_in4.sin_addr.s_addr = ip->saddr;
from.sa_in4.sin_port = udp->source;
md->iface = ifp;
packet_len = h->len - (ike - bytes);
happy(anyaddr(addrtypeof(&ifp->ip_addr), &md->sender));
from_ugh = initaddr((void *) &from.sa_in4.sin_addr,
sizeof(from.sa_in4.sin_addr),
AF_INET, &md->sender);
setportof(from.sa_in4.sin_port, &md->sender);
md->sender_port = ntohs(from.sa_in4.sin_port);
cur_from = &md->sender;
cur_from_port = md->sender_port;
/* Clone actual message contents
* and set up md->packet_pbs to describe it.
*/
init_pbs(&md->packet_pbs,
clone_bytes(ike, packet_len,
"message buffer in comm_handle()"),
packet_len, "packet");
DBG_log("*received %d bytes from %s:%u on %s (port=%d)",
(int) pbs_room(&md->packet_pbs),
ip_str(&md->sender), (unsigned) md->sender_port,
ifp->ip_dev->id_rname,
ifp->port);
DBG_dump("", md->packet_pbs.start, pbs_room(&md->packet_pbs));
process_packet(&md);
if (md != NULL)
release_md(md);
cur_state = NULL;
reset_cur_connection();
cur_from = NULL;
}
struct raw_iface *
find_raw_ifaces6(void)
{
/* Get list of interfaces with IPv6 addresses from system from /proc/net/if_inet6).
*
* Documentation of format?
* RTFS: linux-2.2.16/net/ipv6/addrconf.c:iface_proc_info()
* linux-2.4.9-13/net/ipv6/addrconf.c:iface_proc_info()
*
* Sample from Gerhard's laptop:
* 00000000000000000000000000000001 01 80 10 80 lo
* 30490009000000000000000000010002 02 40 00 80 ipsec0
* 30490009000000000000000000010002 07 40 00 80 eth0
* fe80000000000000025004fffefd5484 02 0a 20 80 ipsec0
* fe80000000000000025004fffefd5484 07 0a 20 80 eth0
*
* Each line contains:
* - IPv6 address: 16 bytes, in hex, no punctuation
* - ifindex: 1 byte, in hex
* - prefix_len: 1 byte, in hex
* - scope (e.g. global, link local): 1 byte, in hex
* - flags: 1 byte, in hex
* - device name: string, followed by '\n'
*/
struct raw_iface *rifaces = NULL;
static const char proc_name[] = "/proc/net/if_inet6";
FILE *proc_sock = fopen(proc_name, "r");
if (proc_sock == NULL)
{
DBG(DBG_CONTROL, DBG_log("could not open %s", proc_name));
}
else
{
for (;;)
{
struct raw_iface ri;
unsigned short xb[8]; /* IPv6 address as 8 16-bit chunks */
char sb[8*5]; /* IPv6 address as string-with-colons */
unsigned int if_idx; /* proc field, not used */
unsigned int plen; /* proc field, not used */
unsigned int scope; /* proc field, used to exclude link-local */
unsigned int dad_status; /* proc field, not used */
/* ??? I hate and distrust scanf -- DHR */
int r = fscanf(proc_sock
, "%4hx%4hx%4hx%4hx%4hx%4hx%4hx%4hx"
" %02x %02x %02x %02x %20s\n"
, xb+0, xb+1, xb+2, xb+3, xb+4, xb+5, xb+6, xb+7
, &if_idx, &plen, &scope, &dad_status, ri.name);
/* ??? we should diagnose any problems */
if (r != 13)
break;
/* ignore addresses with link local scope.
* From linux-2.4.9-13/include/net/ipv6.h:
* IPV6_ADDR_LINKLOCAL 0x0020U
* IPV6_ADDR_SCOPE_MASK 0x00f0U
*/
if ((scope & 0x00f0U) == 0x0020U)
continue;
snprintf(sb, sizeof(sb)
, "%04x:%04x:%04x:%04x:%04x:%04x:%04x:%04x"
, xb[0], xb[1], xb[2], xb[3], xb[4], xb[5], xb[6], xb[7]);
happy(ttoaddr(sb, 0, AF_INET6, &ri.addr));
if (!isunspecaddr(&ri.addr))
{
DBG(DBG_CONTROL
, DBG_log("found %s with address %s"
, ri.name, sb));
ri.next = rifaces;
rifaces = clone_thing(ri, "struct raw_iface");
}
}
fclose(proc_sock);
}
return rifaces;
}
struct raw_iface *
find_raw_ifaces4(void)
{
static const int on = TRUE; /* by-reference parameter; constant, we hope */
int j; /* index into buf */
static int num=64; /* number of interfaces */
struct ifconf ifconf;
struct ifreq *buf; /* for list of interfaces -- arbitrary limit */
struct raw_iface *rifaces = NULL;
int master_sock = safe_socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP); /* Get a UDP socket */
/* get list of interfaces with assigned IPv4 addresses from system */
if (master_sock == -1)
exit_log_errno((e, "socket() failed in find_raw_ifaces4()"));
if (setsockopt(master_sock, SOL_SOCKET, SO_REUSEADDR
, (const void *)&on, sizeof(on)) < 0)
exit_log_errno((e, "setsockopt() in find_raw_ifaces4()"));
/* bind the socket */
{
ip_address any;
happy(anyaddr(AF_INET, &any));
setportof(htons(pluto_port), &any);
if (bind(master_sock, sockaddrof(&any), sockaddrlenof(&any)) < 0)
exit_log_errno((e, "bind() failed in find_raw_ifaces4()"));
}
buf = NULL;
/* a million interfaces is probably the maximum, ever... */
while(num < (1024*1024)) {
/* Get local interfaces. See netdevice(7). */
ifconf.ifc_len = num * sizeof(struct ifreq);
buf = (void *) realloc(buf, ifconf.ifc_len);
if (!buf)
exit_log_errno((e, "realloc of %d in find_raw_ifaces4()",
ifconf.ifc_len));
memset(buf, 0, num*sizeof(struct ifreq));
ifconf.ifc_buf = (void *) buf;
if (ioctl(master_sock, SIOCGIFCONF, &ifconf) == -1)
exit_log_errno((e, "ioctl(SIOCGIFCONF) in find_raw_ifaces4()"));
/* if we got back less than we asked for, we have them all */
if (ifconf.ifc_len < (int)(sizeof(struct ifreq) * num))
break;
/* try again and ask for more this time */
num *= 2;
}
/* Add an entry to rifaces for each interesting interface. */
for (j = 0; (j+1) * sizeof(struct ifreq) <= (size_t)ifconf.ifc_len; j++)
{
struct raw_iface ri;
const struct sockaddr_in *rs = (struct sockaddr_in *) &buf[j].ifr_addr;
struct ifreq auxinfo;
/* ignore all but AF_INET interfaces */
if (rs->sin_family != AF_INET)
continue; /* not interesting */
/* build a NUL-terminated copy of the rname field */
memcpy(ri.name, buf[j].ifr_name, IFNAMSIZ);
ri.name[IFNAMSIZ] = '\0';
/* ignore if our interface names were specified, and this isn't one */
if (pluto_ifn_roof != 0)
{
int i;
for (i = 0; i != pluto_ifn_roof; i++)
if (streq(ri.name, pluto_ifn[i]))
break;
if (i == pluto_ifn_roof)
continue; /* not found -- skip */
}
/* Find out stuff about this interface. See netdevice(7). */
zero(&auxinfo); /* paranoia */
memcpy(auxinfo.ifr_name, buf[j].ifr_name, IFNAMSIZ);
if (ioctl(master_sock, SIOCGIFFLAGS, &auxinfo) == -1)
exit_log_errno((e
, "ioctl(SIOCGIFFLAGS) for %s in find_raw_ifaces4()"
, ri.name));
if (!(auxinfo.ifr_flags & IFF_UP))
{
DBG(DBG_CONTROL, DBG_log("Ignored interface %s - it is not up"
, ri.name));
continue; /* ignore an interface that isn't UP */
}
if (auxinfo.ifr_flags & IFF_SLAVE)
{
DBG(DBG_CONTROL, DBG_log("Ignored interface %s - it is a slave interface"
, ri.name));
continue; /* ignore slave interfaces; they share IPs with their master */
}
/* ignore unconfigured interfaces */
if (rs->sin_addr.s_addr == 0)
{
DBG(DBG_CONTROL, DBG_log("Ignored interface %s - it is unconfigured"
, ri.name));
continue;
}
happy(initaddr((const void *)&rs->sin_addr, sizeof(struct in_addr)
, AF_INET, &ri.addr));
DBG(DBG_CONTROL, DBG_log("found %s with address %s"
, ri.name, ip_str(&ri.addr)));
ri.next = rifaces;
rifaces = clone_thing(ri, "struct raw_iface");
}
close(master_sock);
return rifaces;
}
struct raw_iface *find_raw_ifaces4(void)
{
static const int on = TRUE; /* by-reference parameter; constant, we hope */
int j; /* index into buf */
struct ifconf ifconf;
struct ifreq *buf = NULL; /* for list of interfaces -- arbitrary limit */
struct ifreq *bp; /* cursor into buf */
struct raw_iface *rifaces = NULL;
int master_sock = safe_socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP); /* Get a UDP socket */
/*
* Current upper bound on number of interfaces.
* Tricky: because this is a static, we won't have to start from
* 64 in subsequent calls.
*/
static int num = 64; /* number of interfaces */
/* get list of interfaces with assigned IPv4 addresses from system */
if (master_sock == -1)
exit_log_errno((e, "socket() failed in find_raw_ifaces4()"));
if (setsockopt(master_sock, SOL_SOCKET, SO_REUSEADDR,
(const void *)&on, sizeof(on)) < 0)
exit_log_errno((e, "setsockopt() in find_raw_ifaces4()"));
/* bind the socket */
{
ip_address any;
happy(anyaddr(AF_INET, &any));
setportof(htons(pluto_port), &any);
if (bind(master_sock, sockaddrof(&any),
sockaddrlenof(&any)) < 0)
exit_log_errno((e,
"bind() failed in find_raw_ifaces4()"));
}
/* a million interfaces is probably the maximum, ever... */
for (; num < (1024 * 1024); num *= 2) {
/* Get num local interfaces. See netdevice(7). */
ifconf.ifc_len = num * sizeof(struct ifreq);
buf = realloc(buf, ifconf.ifc_len);
if (buf == NULL) {
exit_log_errno((e,
"realloc of %d in find_raw_ifaces4()",
ifconf.ifc_len));
}
memset(buf, 0xDF, ifconf.ifc_len); /* stomp */
ifconf.ifc_buf = (void *) buf;
if (ioctl(master_sock, SIOCGIFCONF, &ifconf) == -1)
exit_log_errno((e,
"ioctl(SIOCGIFCONF) in find_raw_ifaces4()"));
/* if we got back less than we asked for, we have them all */
if (ifconf.ifc_len < (int)(sizeof(struct ifreq) * num))
break;
}
/* Add an entry to rifaces for each interesting interface.
On Apple, the size of struct ifreq depends on the contents of
the union. See if.h */
for (bp = buf, j = 0;
bp < (unsigned char *)buf + (size_t)ifconf.ifc_len;
bp = (struct ifreq *)
((unsigned char *)bp +_SIZEOF_ADDR_IFREQ(*bp)),
j++) {
struct raw_iface ri;
const struct sockaddr_in *rs =
(struct sockaddr_in *) &bp->ifr_addr;
struct ifreq auxinfo;
/* ignore all but AF_INET interfaces */
if (rs->sin_family != AF_INET)
continue; /* not interesting */
/* build a NUL-terminated copy of the rname field */
memcpy(ri.name, bp->ifr_name, IFNAMSIZ);
ri.name[IFNAMSIZ] = '\0';
/* ignore if our interface names were specified, and this isn't one */
if (pluto_ifn_roof != 0) {
int i;
for (i = 0; i != pluto_ifn_roof; i++)
if (streq(ri.name, pluto_ifn[i]))
break;
if (i == pluto_ifn_roof)
continue; /* not found -- skip */
}
/* Find out stuff about this interface. See netdevice(7). */
zero(&auxinfo); /* paranoia */
memcpy(auxinfo.ifr_name, bp->ifr_name, IFNAMSIZ);
if (ioctl(master_sock, SIOCGIFFLAGS, &auxinfo) == -1) {
exit_log_errno((e,
"ioctl(SIOCGIFFLAGS) for %s in find_raw_ifaces4()",
ri.name));
}
if (!(auxinfo.ifr_flags & IFF_UP))
continue; /* ignore an interface that isn't UP */
/* ignore unconfigured interfaces */
if (rs->sin_addr.s_addr == 0)
continue;
happy(initaddr((const void *)&rs->sin_addr,
sizeof(struct in_addr),
AF_INET, &ri.addr));
DBG(DBG_CONTROL, {
ipstr_buf b;
DBG_log("found %s with address %s",
ri.name, ipstr(&ri.addr, &b));
});
ri.next = rifaces;
rifaces = clone_thing(ri, "struct raw_iface");
}
int main() {
for (int i = 1; i < 50; i++)
if (happy(i))
std::cout << i << std::endl;
return 0;
}
static void
cannot_oppo(struct connection *c
, struct find_oppo_bundle *b
, err_t ughmsg)
{
char pcb[ADDRTOT_BUF];
char ocb[ADDRTOT_BUF];
addrtot(&b->peer_client, 0, pcb, sizeof(pcb));
addrtot(&b->our_client, 0, ocb, sizeof(ocb));
DBG(DBG_OPPO,
openswan_log("Can not opportunistically initiate for %s to %s: %s"
, ocb, pcb, ughmsg));
whack_log(RC_OPPOFAILURE
, "Can not opportunistically initiate for %s to %s: %s"
, ocb, pcb, ughmsg);
if (c != NULL && c->policy_next != NULL)
{
/* there is some policy that comes afterwards */
struct spd_route *shunt_spd;
struct connection *nc = c->policy_next;
struct state *st;
passert(c->kind == CK_TEMPLATE);
passert(nc->kind == CK_PERMANENT);
DBG(DBG_OPPO, DBG_log("OE failed for %s to %s, but %s overrides shunt"
, ocb, pcb, nc->name));
/*
* okay, here we need add to the "next" policy, which is ought
* to be an instance.
* We will add another entry to the spd_route list for the specific
* situation that we have.
*/
shunt_spd = clone_thing(nc->spd, "shunt eroute policy");
shunt_spd->next = nc->spd.next;
nc->spd.next = shunt_spd;
happy(addrtosubnet(&b->peer_client, &shunt_spd->that.client));
if (sameaddr(&b->peer_client, &shunt_spd->that.host_addr))
shunt_spd->that.has_client = FALSE;
/*
* override the tunnel destination with the one from the secondaried
* policy
*/
shunt_spd->that.host_addr = nc->spd.that.host_addr;
/* now, lookup the state, and poke it up.
*/
st = state_with_serialno(nc->newest_ipsec_sa);
/* XXX what to do if the IPSEC SA has died? */
passert(st != NULL);
/* link the new connection instance to the state's list of
* connections
*/
DBG(DBG_OPPO, DBG_log("installing state: %ld for %s to %s"
, nc->newest_ipsec_sa
, ocb, pcb));
#ifdef DEBUG
if (DBGP(DBG_OPPO | DBG_CONTROLMORE))
{
char state_buf[LOG_WIDTH];
char state_buf2[LOG_WIDTH];
const time_t n = now();
fmt_state(st, n, state_buf, sizeof(state_buf)
, state_buf2, sizeof(state_buf2));
DBG_log("cannot_oppo, failure SA1: %s", state_buf);
DBG_log("cannot_oppo, failure SA2: %s", state_buf2);
}
#endif /* DEBUG */
if (!route_and_eroute(c, shunt_spd, st))
{
whack_log(RC_OPPOFAILURE
, "failed to instantiate shunt policy %s for %s to %s"
, c->name
, ocb, pcb);
}
return;
}
/*
* NETKEY default for level param in tmpl is required, so no traffic will
* transmitted until an SA is fully up
*/
if (b->held && kern_interface != USE_NETKEY)
{
int failure_shunt = b->failure_shunt;
/* Replace HOLD with b->failure_shunt.
* If no failure_shunt specified, use SPI_PASS -- THIS MAY CHANGE.
*/
if (failure_shunt == 0)
{
DBG(DBG_OPPO, DBG_log("no explicit failure shunt for %s to %s; removing spurious hold shunt"
, ocb, pcb));
}
(void) replace_bare_shunt(&b->our_client, &b->peer_client
, b->policy_prio
, failure_shunt
, failure_shunt != 0
, b->transport_proto
, ughmsg);
}
}