示例#1
0
int main(char *argv[], int argc)
{
  int error;
  struct sockaddr_in saddr,daddr;
  struct sockaddr_in saddr2,daddr2;

  void *main_talloc = NULL;
  struct ipsec_sa *sa, *sa1;
  char auth1[]={0x87, 0x65, 0x87, 0x65,
	       0x87, 0x65, 0x87, 0x65,
	       0x87, 0x65, 0x87, 0x65,
	       0x87, 0x65, 0x87, 0x65};
  char enc[] ={0x40, 0x43, 0x43, 0x45, 0x45, 0x46, 0x46, 0x49,
	       0x49, 0x4a, 0x4a, 0x4c, 0x4c, 0x4f, 0x4f, 0x51,
	       0x51, 0x52, 0x52, 0x54, 0x54, 0x57, 0x57, 0x58};

  debug_xform = 1;
  init_kmalloc();
  debug_tunnel=0xffffffff;
  debug_xmit=0xffffffff;
  sysctl_ipsec_debug_verbose = 1;
  prng_init(&ipsec_prng, seed, sizeof(seed));
  ipsec_sadb_init();
  ipsec_alg_init();

  {
    sa1 = ipsec_sa_alloc(&error);
    assert(error == 0);

    ipsec_sa_intern(sa1);

    sa1->ips_seq = 1;
    sa1->ips_pid = 10;
    
    sa1->ips_said.spi = htonl(0x12345678);
    sa1->ips_said.proto = IPPROTO_IPIP;
    sa1->ips_said.dst.u.v4.sin_addr.s_addr = htonl(0xc001022D);

    sa1->ips_state = SADB_SASTATE_MATURE;
    daddr2.sin_addr.s_addr = htonl(0xc001022D);
    saddr2.sin_addr.s_addr = htonl(0xc0010217);
    sa1->ips_addr_s = (struct sockaddr *)&saddr2;
    sa1->ips_addr_d = (struct sockaddr *)&daddr2;
  }
    
  {
    sa = ipsec_sa_alloc(&error);
    assert(error == 0);

    ipsec_sa_intern(sa);

    sa->ips_said.spi = htonl(0x12345678);
    sa->ips_said.proto = IPPROTO_ESP;
    sa->ips_said.dst.u.v4.sin_addr.s_addr = htonl(0xc001022D);
    sa->ips_said.dst.u.v4.sin_family      = AF_INET;

    sa->ips_seq = 1;
    sa->ips_pid = 10;
    sa->ips_inext = sa1;

    {
      /* make a copy so that ipsec_sa_init() can zero it out */
      char *auth = talloc_size(main_talloc, AHMD596_KLEN);

      memcpy(auth, auth1, AHMD596_KLEN);
      sa->ips_authalg = AH_MD5;
      sa->ips_key_bits_a = AHMD596_KLEN * 8;
      sa->ips_key_a = auth;
    }

    sa->ips_encalg = ESP_3DES;
    sa->ips_key_bits_e = 192;
    sa->ips_iv_bits = 128;
    sa->ips_key_e_size = 0;
    
    sa->ips_key_e = talloc_memdup(main_talloc, enc, sa->ips_key_bits_e);
    sa->ips_state = SADB_SASTATE_MATURE;
    daddr.sin_addr.s_addr = htonl(0xc001022D);
    saddr.sin_addr.s_addr = htonl(0xc0010217);
    sa->ips_addr_s = (struct sockaddr *)&saddr;
    sa->ips_addr_d = (struct sockaddr *)&daddr;

    ipsec_sa_add(sa);
    assert(ipsec_sa_init(sa) == 0);
    ipsec_sa_put(sa);
  }
    
  {
    struct ipsec_xmit_state ixs_mem;
    struct ipsec_xmit_state *ixs = &ixs_mem;
    enum ipsec_xmit_value stat;
    struct net_device_stats stats;
    int iphlen;

    struct sk_buff *skb = skbFromArray(packet2, packet2_len);

    skb->nh.raw = skb_pull(skb, skb->mac_len);
    iphlen = (skb->nh.iph->ihl<<2);

    /* do not use skb_pull, since data should stay at IP header */
    skb->h.raw = skb->nh.raw + iphlen;

    memset((caddr_t)ixs, 0, sizeof(*ixs));
    memset(&stats, 0, sizeof(stats));
    ixs->stats = &stats;
    ixs->oskb = NULL;
    ixs->saved_header = NULL;	/* saved copy of the hard header */
    ixs->route = NULL;
    memset((caddr_t)&(ixs->ips), 0, sizeof(ixs->ips));
    ixs->dev = NULL;
    ixs->skb = skb;
    ixs->physmtu = 1500;
    ixs->cur_mtu = 1500;
    ixs->outgoing_said.spi   = htonl(0x12345678);
    ixs->outgoing_said.proto = IPPROTO_ESP;
    ixs->outgoing_said.dst.u.v4.sin_family = AF_INET;
    ixs->outgoing_said.dst.u.v4.sin_addr.s_addr = htonl(0xc001022D);
    
    stat = ipsec_xmit_sanity_check_skb(ixs);
    assert(stat == IPSEC_XMIT_OK);

#if 0    
    stat = ipsec_tunnel_strip_hard_header(ixs);
    assert(stat == IPSEC_XMIT_OK);
    
    stat = ipsec_tunnel_SAlookup(ixs);
    assert(stat == IPSEC_XMIT_OK);
#endif
    
    stat = ipsec_xmit_encap_bundle(ixs);
    assert(stat == IPSEC_XMIT_OK);

#if 0
    stat = ipsec_tunnel_restore_hard_header(ixs);
#endif

    ipsec_print_ip(ixs->iph);
  }
  
  return 0;
}
示例#2
0
int main(char *argv[], int argc)
{
	int ret;
	int error;
	struct sockaddr_in saddr, daddr;
	struct sockaddr_in saddr2, daddr2;
	void *rcv02_talloc = NULL;

	struct ipsec_sa *sa, *sa1;
	char auth1[] = { 0x87, 0x65, 0x87, 0x65,
			 0x87, 0x65, 0x87, 0x65,
			 0x87, 0x65, 0x87, 0x65,
			 0x87, 0x65, 0x87, 0x65 };
	char enc[] = { 0x40, 0x43, 0x43, 0x45, 0x45, 0x46, 0x46, 0x49,
		       0x49, 0x4a, 0x4a, 0x4c, 0x4c, 0x4f, 0x4f, 0x51,
		       0x51, 0x52, 0x52, 0x54, 0x54, 0x57, 0x57, 0x58 };

	debug_xform = 1;
	init_kmalloc();
	debug_rcv = 0xffffffff;
	sysctl_ipsec_debug_verbose = 1;
	prng_init(&ipsec_prng, seed, sizeof(seed));
	ipsec_sadb_init();
	ipsec_alg_init();

	{
		sa1 = ipsec_sa_alloc(&error);
		assert(error == 0);

		ipsec_sa_intern(sa1);

		sa1->ips_said.spi = htonl(0x12345678);
		sa1->ips_said.proto = IPPROTO_IPIP;
		sa1->ips_said.dst.u.v4.sin_addr.s_addr = htonl(0xc001022D);

		sa1->ips_seq = 1;
		sa1->ips_pid = 10;

		sa1->ips_state = SADB_SASTATE_MATURE;
		daddr2.sin_addr.s_addr = htonl(0xc001022D);
		saddr2.sin_addr.s_addr = htonl(0xc0010217);
		sa1->ips_addr_s = (struct sockaddr *)&saddr2;
		sa1->ips_addr_d = (struct sockaddr *)&daddr2;
	}

	{
		sa = ipsec_sa_alloc(&error);
		assert(error == 0);

		ipsec_sa_intern(sa);

		sa->ips_said.spi = htonl(0x12345678);
		sa->ips_said.proto = IPPROTO_ESP;
		sa->ips_said.dst.u.v4.sin_addr.s_addr = htonl(0xc001022D);

		sa->ips_seq = 1;
		sa->ips_pid = 10;
		sa->ips_inext = sa1;

		{
			/* make a copy so that ipsec_sa_init() can zero it out */
			char *auth = talloc_size(rcv02_talloc, AHMD596_KLEN);

			memcpy(auth, auth1, AHMD596_KLEN);
			sa->ips_authalg = AH_MD5;
			sa->ips_key_bits_a = AHMD596_KLEN * 8;
			sa->ips_key_a = auth;
		}

		sa->ips_natt_type = ESPINUDP_WITH_NON_ESP;
		sa->ips_encalg = ESP_3DES;
		sa->ips_key_bits_e = 192;
		sa->ips_iv_bits = 128;
		sa->ips_key_e_size = 0;
		sa->ips_key_e = talloc_memdup(rcv02_talloc, enc,
					      sa->ips_key_bits_e);

		sa->ips_state = SADB_SASTATE_MATURE;
		daddr.sin_addr.s_addr = htonl(0xc001022D);
		saddr.sin_addr.s_addr = htonl(0xc0010217);
		sa->ips_addr_s = (struct sockaddr *)&saddr;
		sa->ips_addr_d = (struct sockaddr *)&daddr;

		ipsec_sa_init(sa);
		ipsec_sa_add(sa);
		//ipsec_sa_put(sa);
	}

	{
		int iphlen, len;
		struct iphdr *iph;
		struct sk_buff *skb = skbFromArray(packet1, packet1_len);
		skb_ethernet_ip_setup(skb);

		/* now simulate action of udp_encap_rcv */

		len = sizeof(struct udphdr);

		iph = skb->nh.iph;
		iphlen = iph->ihl << 2;
		iph->tot_len = htons(ntohs(iph->tot_len) - len);
		if (skb->len < iphlen + len) {
			/* packet is too small!?! */
			return 0;
		}

		/* pull the data buffer up to the ESP header and set the
		 * transport header to point to ESP.  Keep UDP on the stack
		 * for later.
		 */
		skb->h.raw = skb_pull(skb, len);

		/* modify the protocol (it's ESP!) */
		iph->protocol = IPPROTO_ESP;

		printf("SA natt: %d\n", sa->ips_natt_type);
		ret = klips26_rcv_encap(skb, UDP_ENCAP_ESPINUDP);
	}

	return 0;
}
示例#3
0
int main(char *argv[], int argc)
{
  int ret;
  int error;
  struct sockaddr_in saddr,daddr;
  struct sockaddr_in saddr2,daddr2;
  void *rcv01_talloc = NULL;

  struct ipsec_sa *sa, *sa1;
  char auth1[]={0x87, 0x65, 0x87, 0x65,
	       0x87, 0x65, 0x87, 0x65,
	       0x87, 0x65, 0x87, 0x65,
	       0x87, 0x65, 0x87, 0x65};
  char enc[] ={0x40, 0x43, 0x43, 0x45, 0x45, 0x46, 0x46, 0x49,
	       0x49, 0x4a, 0x4a, 0x4c, 0x4c, 0x4f, 0x4f, 0x51,
	       0x51, 0x52, 0x52, 0x54, 0x54, 0x57, 0x57, 0x58};

  debug_xform = 1;
  init_kmalloc();
  debug_rcv=0xffffffff;
  sysctl_ipsec_debug_verbose = 1;
  prng_init(&ipsec_prng, seed, sizeof(seed));
  ipsec_sadb_init();
  ipsec_alg_init();

  {
    sa1 = ipsec_sa_alloc(&error);
    assert(error == 0);

    ipsec_sa_intern(sa1);

    sa1->ips_said.spi = htonl(0x12345678);
    sa1->ips_said.proto = IPPROTO_IPIP;
    sa1->ips_said.dst.u.v4.sin_addr.s_addr = htonl(0xc001022D);

    sa1->ips_seq = 1;
    sa1->ips_pid = 10;
    
    sa1->ips_state = SADB_SASTATE_MATURE;
    daddr2.sin_addr.s_addr = htonl(0xc001022D);
    saddr2.sin_addr.s_addr = htonl(0xc0010217);
    sa1->ips_addr_s = (struct sockaddr *)&saddr2;
    sa1->ips_addr_d = (struct sockaddr *)&daddr2;
  }
    
  {
    sa = ipsec_sa_alloc(&error);

    ipsec_sa_intern(sa);

    assert(error == 0);
    sa->ips_said.spi = htonl(0x12345678);
    sa->ips_said.proto = IPPROTO_ESP;
    sa->ips_said.dst.u.v4.sin_addr.s_addr = htonl(0xc001022D);

    sa->ips_seq = 1;
    sa->ips_pid = 10;
    sa->ips_inext = sa1;

    {
      /* make a copy so that ipsec_sa_init() can zero it out */
      char *auth = talloc_size(rcv01_talloc, AHMD596_KLEN);

      memcpy(auth, auth1, AHMD596_KLEN);
      sa->ips_authalg = AH_MD5;
      sa->ips_key_bits_a = AHMD596_KLEN * 8;
      sa->ips_key_a = auth;
    }

    sa->ips_encalg = ESP_3DES;
    sa->ips_key_bits_e = 192;
    sa->ips_iv_bits = 128;
    sa->ips_key_e_size = 0;
    sa->ips_key_e = talloc_memdup(rcv01_talloc, enc, sa->ips_key_bits_e);

    sa->ips_state = SADB_SASTATE_MATURE;
    daddr.sin_addr.s_addr = htonl(0xc001022D);
    saddr.sin_addr.s_addr = htonl(0xc0010217);
    sa->ips_addr_s = (struct sockaddr *)&saddr;
    sa->ips_addr_d = (struct sockaddr *)&daddr;

    ipsec_sa_add(sa);
    assert(ipsec_sa_init(sa) == 0);
    //ipsec_sa_put(sa);
  }
    
  {
    struct sk_buff *skb = skbFromArray(packet1, packet1_len);
    skb_ethernet_ip_setup(skb);

    ret = ipsec_rcv(skb);
    assert(netif_rx_count == 1);
  }
  
  ipsec_sadb_cleanup(0);  /* 0 = all protocols */

  exit(0);
}
示例#4
0
/* void */
int
ipsec_init(void)
{
	int error = 0;
	unsigned char seed[256];
#ifdef CONFIG_IPSEC_ENC_3DES
	extern int des_check_key;

	/* turn off checking of keys */
	des_check_key=0;
#endif /* CONFIG_IPSEC_ENC_3DES */

	KLIPS_PRINT(1, "klips_info:ipsec_init: "
		    "KLIPS startup, Openswan KLIPS IPsec stack version: %s\n",
		    ipsec_version_code());

	error |= ipsec_proc_init();

#ifdef SPINLOCK
	ipsec_sadb.sadb_lock = SPIN_LOCK_UNLOCKED;
#else /* SPINLOCK */
	ipsec_sadb.sadb_lock = 0;
#endif /* SPINLOCK */

#ifndef SPINLOCK
	tdb_lock.lock = 0;
	eroute_lock.lock = 0;
#endif /* !SPINLOCK */

	error |= ipsec_sadb_init();
	error |= ipsec_radijinit();

	error |= pfkey_init();

	error |= register_netdevice_notifier(&ipsec_dev_notifier);

#ifdef CONFIG_IPSEC_ESP
	openswan_inet_add_protocol(&esp_protocol, IPPROTO_ESP);
#endif /* CONFIG_IPSEC_ESP */

#ifdef CONFIG_IPSEC_AH
	openswan_inet_add_protocol(&ah_protocol, IPPROTO_AH);
#endif /* CONFIG_IPSEC_AH */

/* we never actually link IPCOMP to the stack */
#ifdef IPCOMP_USED_ALONE
#ifdef CONFIG_IPSEC_IPCOMP
 	openswan_inet_add_protocol(&comp_protocol, IPPROTO_COMP);
#endif /* CONFIG_IPSEC_IPCOMP */
#endif

	error |= ipsec_tunnel_init_devices();


#ifdef CONFIG_SYSCTL
        error |= ipsec_sysctl_register();
#endif                                                                          

#ifdef CONFIG_IPSEC_ALG
	ipsec_alg_init();
#endif

	get_random_bytes((void *)seed, sizeof(seed));
	prng_init(&ipsec_prng, seed, sizeof(seed));

	return error;
}	
示例#5
0
/* void */
int
ipsec_klips_init(void)
{
	int error = 0;
	unsigned char seed[256];
#ifdef CONFIG_KLIPS_ENC_3DES
	extern int des_check_key;

	/* turn off checking of keys */
	des_check_key=0;
#endif /* CONFIG_KLIPS_ENC_3DES */

	KLIPS_PRINT(1, "klips_info:ipsec_init: "
		    "KLIPS startup, Openswan KLIPS IPsec stack version: %s\n",
		    ipsec_version_code());

	error |= ipsec_proc_init();

#ifdef SPINLOCK
	ipsec_sadb.sadb_lock = SPIN_LOCK_UNLOCKED;
#else /* SPINLOCK */
	ipsec_sadb.sadb_lock = 0;
#endif /* SPINLOCK */

#ifndef SPINLOCK
	tdb_lock.lock = 0;
	eroute_lock.lock = 0;
#endif /* !SPINLOCK */

	error |= ipsec_sadb_init();
	error |= ipsec_radijinit();

	error |= pfkey_init();

	error |= register_netdevice_notifier(&ipsec_dev_notifier);

#ifdef CONFIG_KLIPS_ESP
	openswan_inet_add_protocol(&esp_protocol, IPPROTO_ESP);
#endif /* CONFIG_KLIPS_ESP */

#ifdef CONFIG_KLIPS_AH
	openswan_inet_add_protocol(&ah_protocol, IPPROTO_AH);
#endif /* CONFIG_KLIPS_AH */

/* we never actually link IPCOMP to the stack */
#ifdef IPCOMP_USED_ALONE
#ifdef CONFIG_KLIPS_IPCOMP
 	openswan_inet_add_protocol(&comp_protocol, IPPROTO_COMP);
#endif /* CONFIG_KLIPS_IPCOMP */
#endif

	error |= ipsec_tunnel_init_devices();

#if defined(NET_26) && defined(CONFIG_IPSEC_NAT_TRAVERSAL)
	/* register our ESP-UDP handler */
	if(udp4_register_esp_rcvencap(klips26_rcv_encap
				      , &klips_old_encap)!=0) {
	   printk(KERN_ERR "KLIPS: can not register klips_rcv_encap function\n");
	}
#endif	


#ifdef CONFIG_SYSCTL
        error |= ipsec_sysctl_register();
#endif                                                                          

#ifdef CONFIG_KLIPS_ALG
	ipsec_alg_init();
#endif

#ifdef CONFIG_KLIPS_OCF
	ipsec_ocf_init();
#endif

	get_random_bytes((void *)seed, sizeof(seed));
	prng_init(&ipsec_prng, seed, sizeof(seed));

	atomic_set(&ipsec_irs_cnt, 0);
	atomic_set(&ipsec_ixs_cnt, 0);

	ipsec_irs_cache = kmem_cache_create("ipsec_irs",
			sizeof(struct ipsec_rcv_state), 0, SLAB_HWCACHE_ALIGN, NULL, NULL);
	if (!ipsec_irs_cache) {
		printk("Failed to get IRS cache\n");
		error |= 1;
	}
	ipsec_ixs_cache = kmem_cache_create("ipsec_ixs",
			sizeof(struct ipsec_xmit_state), 0, SLAB_HWCACHE_ALIGN, NULL, NULL);
	if (!ipsec_ixs_cache) {
		printk("Failed to get IXS cache\n");
		error |= 1;
	}
	return error;
}	
示例#6
0
/* void */
int
ipsec_klips_init(void)
{
	int error = 0;
	unsigned char seed[256];
#ifdef CONFIG_KLIPS_ENC_3DES
	extern int des_check_key;

	/* turn off checking of keys */
	des_check_key=0;
#endif /* CONFIG_KLIPS_ENC_3DES */

	KLIPS_PRINT(1, "klips_info:ipsec_init: "
		    "KLIPS startup, Openswan KLIPS IPsec stack version: %s\n",
		    ipsec_version_code());

        error = ipsec_xmit_state_cache_init ();
        if (error)
                goto error_xmit_state_cache;

        error = ipsec_rcv_state_cache_init ();
        if (error)
                goto error_rcv_state_cache;

	error |= ipsec_proc_init();
        if (error)
                goto error_proc_init;

#ifdef SPINLOCK
	ipsec_sadb.sadb_lock = SPIN_LOCK_UNLOCKED;
#else /* SPINLOCK */
	ipsec_sadb.sadb_lock = 0;
#endif /* SPINLOCK */

#ifndef SPINLOCK
	tdb_lock.lock = 0;
	eroute_lock.lock = 0;
#endif /* !SPINLOCK */

	error |= ipsec_sadb_init();
        if (error)
                goto error_sadb_init;

	error |= ipsec_radijinit();
        if (error)
                goto error_radijinit;

	error |= pfkey_init();
        if (error)
                goto error_pfkey_init;

	error |= register_netdevice_notifier(&ipsec_dev_notifier);
        if (error)
                goto error_netdev_notifier;

#ifdef CONFIG_XFRM_ALTERNATE_STACK
        error = xfrm_register_alternate_rcv (ipsec_rcv);
        if (error)
                goto error_xfrm_register;

#else // CONFIG_XFRM_ALTERNATE_STACK

#ifdef CONFIG_KLIPS_ESP
	error |= openswan_inet_add_protocol(&esp_protocol, IPPROTO_ESP,"ESP");
	if (error)
		goto error_openswan_inet_add_protocol_esp;

#endif /* CONFIG_KLIPS_ESP */

#ifdef CONFIG_KLIPS_AH
	error |= openswan_inet_add_protocol(&ah_protocol, IPPROTO_AH,"AH");
	if (error)
		goto error_openswan_inet_add_protocol_ah;
#endif /* CONFIG_KLIPS_AH */

/* we never actually link IPCOMP to the stack */
#ifdef IPCOMP_USED_ALONE
#ifdef CONFIG_KLIPS_IPCOMP
 	error |= openswan_inet_add_protocol(&comp_protocol, IPPROTO_COMP,"IPCOMP");
	if (error)
		goto error_openswan_inet_add_protocol_comp;
#endif /* CONFIG_KLIPS_IPCOMP */
#endif

#endif // CONFIG_XFRM_ALTERNATE_STACK

	error |= ipsec_tunnel_init_devices();
        if (error)
                goto error_tunnel_init_devices;

	error |= ipsec_mast_init_devices();

#if defined(NET_26) && defined(CONFIG_IPSEC_NAT_TRAVERSAL)
	/* register our ESP-UDP handler */
	if(udp4_register_esp_rcvencap(klips26_rcv_encap
				      , &klips_old_encap)!=0) {
	   printk(KERN_ERR "KLIPS: can not register klips_rcv_encap function\n");
	}
#endif	

#ifdef CONFIG_SYSCTL
        error |= ipsec_sysctl_register();
        if (error)
                goto error_sysctl_register;
#endif                                                                          

#ifdef CONFIG_KLIPS_ALG
	ipsec_alg_init();
#endif

#ifdef CONFIG_KLIPS_OCF
	ipsec_ocf_init();
#endif

	get_random_bytes((void *)seed, sizeof(seed));
	prng_init(&ipsec_prng, seed, sizeof(seed));
	return error;

        // undo ipsec_sysctl_register
error_sysctl_register:
	ipsec_tunnel_cleanup_devices();
error_tunnel_init_devices:
#ifdef CONFIG_XFRM_ALTERNATE_STACK
        xfrm_deregister_alternate_rcv(ipsec_rcv);
error_xfrm_register:
#else // CONFIG_XFRM_ALTERNATE_STACK
#ifdef IPCOMP_USED_ALONE
#ifdef CONFIG_KLIPS_IPCOMP
error_openswan_inet_add_protocol_comp:
	openswan_inet_del_protocol(&comp_protocol, IPPROTO_COMP);
#endif /* CONFIG_KLIPS_IPCOMP */
#endif
#ifdef CONFIG_KLIPS_AH
error_openswan_inet_add_protocol_ah:
	openswan_inet_del_protocol(&ah_protocol, IPPROTO_AH);
#endif
error_openswan_inet_add_protocol_esp:
	openswan_inet_del_protocol(&esp_protocol, IPPROTO_ESP);
#endif
	unregister_netdevice_notifier(&ipsec_dev_notifier);
error_netdev_notifier:
	pfkey_cleanup();
error_pfkey_init:
	ipsec_radijcleanup();
error_radijinit:
	ipsec_sadb_cleanup(0);
	ipsec_sadb_free();
error_sadb_init:
error_proc_init:
        // ipsec_proc_init() does not cleanup after itself, so we have to do it here
        // TODO: ipsec_proc_init() should roll back what it chaned on failure
	ipsec_proc_cleanup();
        ipsec_rcv_state_cache_cleanup ();
error_rcv_state_cache:
        ipsec_xmit_state_cache_cleanup ();
error_xmit_state_cache:
        return error;
}