Lines Matching defs:isakmp
1 /* $NetBSD: isakmp.c,v 1.20.6.13 2008/09/25 09:34:39 vanhu Exp $ */
3 /* Id: isakmp.c,v 1.74 2006/05/07 21:32:59 manubsd Exp */
83 #include "isakmp.h"
194 * isakmp packet handler
200 struct isakmp isakmp;
202 char buf[sizeof (isakmp) + 4];
210 sizeof(isakmp) + 4];
227 "failed to receive isakmp packet: %s\n",
275 memcpy ((char *)&isakmp, x.buf + extralen, sizeof (isakmp));
277 /* check isakmp header length, as well as sanity of header length */
278 if (len < sizeof(isakmp) || ntohl(isakmp.len) < sizeof(isakmp)) {
280 "packet shorter than isakmp header size (%u, %u, %zu)\n",
281 len, ntohl(isakmp.len), sizeof(isakmp));
283 if ((len = recvfrom(so_isakmp, (char *)&isakmp, sizeof(isakmp),
286 "failed to receive isakmp packet: %s\n",
293 if (ntohl(isakmp.len) > 0xffff) {
295 "the length in the isakmp header is too big.\n");
296 if ((len = recvfrom(so_isakmp, (char *)&isakmp, sizeof(isakmp),
299 "failed to receive isakmp packet: %s\n",
306 if ((tmpbuf = vmalloc(ntohl(isakmp.len) + extralen)) == NULL) {
309 ntohl(isakmp.len) + extralen);
311 if ((len = recvfrom(so_isakmp, (char *)&isakmp, sizeof(isakmp),
314 "failed to receive isakmp packet: %s\n",
326 "failed to receive isakmp packet: %s\n",
366 /* XXX: I don't know how to check isakmp half connection attack. */
378 /* isakmp main routine */
394 * main processing to handle isakmp payload
401 struct isakmp *isakmp = (struct isakmp *)msg->v;
402 isakmp_index *index = (isakmp_index *)isakmp;
403 u_int32_t msgid = isakmp->msgid;
411 if (memcmp(&isakmp->i_ck, r_ck0, sizeof(cookie_t)) == 0) {
423 if (isakmp->v < ISAKMP_VERSION_NUMBER) {
424 if (ISAKMP_GETMAJORV(isakmp->v) < ISAKMP_MAJOR_VERSION) {
427 ISAKMP_GETMAJORV(isakmp->v));
431 if (ISAKMP_GETMINORV(isakmp->v) < ISAKMP_MINOR_VERSION) {
434 ISAKMP_GETMINORV(isakmp->v));
442 if (isakmp->flags & ~(ISAKMP_FLAG_E | ISAKMP_FLAG_C | ISAKMP_FLAG_A)) {
444 "invalid flag 0x%02x.\n", isakmp->flags);
449 if (ISSET(isakmp->flags, ISAKMP_FLAG_C)) {
450 if (isakmp->msgid == 0) {
451 isakmp_info_send_nx(isakmp, remote, local,
462 if (memcmp(&isakmp->r_ck, r_ck0, sizeof(cookie_t)) == 0 &&
540 switch (isakmp->etype) {
545 if (isakmp->msgid != 0) {
551 /* search for isakmp status record of phase 1 */
562 if (memcmp(&isakmp->r_ck, r_ck0,
573 isakmp->etype) < 0)
595 if (iph1->etype != isakmp->etype) {
600 s_isakmp_etype(isakmp->etype));
605 if (isakmp->np == ISAKMP_NPTYPE_FRAG)
622 isakmp->etype);
651 if (isakmp->np == ISAKMP_NPTYPE_FRAG)
664 isakmp_info_send_nx(isakmp, remote, local,
668 "there is no ISAKMP-SA, %s\n",
669 isakmp_pindex((isakmp_index *)&isakmp->i_ck,
670 isakmp->msgid));
681 if (isakmp->np == ISAKMP_NPTYPE_FRAG)
689 "there is no valid ISAKMP-SA, %s\n",
694 /* search isakmp phase 2 stauts record. */
711 if (ISSET(isakmp->flags, ISAKMP_FLAG_C))
730 "there is no ISAKMP-SA.\n");
735 if (isakmp->np == ISAKMP_NPTYPE_FRAG)
747 "but we have no ISAKMP-SA.\n",
748 isakmp->etype, saddr2str(remote));
753 if (isakmp->np == ISAKMP_NPTYPE_FRAG)
765 isakmp->etype, saddr2str(remote));
914 * ISAKMP mode config was requested. In the later
949 struct isakmp *isakmp = (struct isakmp *)msg->v;
965 if (ph2exchange[etypesw2(isakmp->etype)]
972 error = (ph2exchange[etypesw2(isakmp->etype)]
1001 if ((ph2exchange[etypesw2(isakmp->etype)]
1031 /* get new entry to isakmp status table. */
1122 struct isakmp *isakmp = (struct isakmp *)msg->v;
1147 /* get new entry to isakmp status table. */
1152 memcpy(&iph1->index.i_ck, &isakmp->i_ck, sizeof(iph1->index.i_ck));
1158 iph1->version = isakmp->v;
1263 /* found ISAKMP-SA. */
1280 /* found isakmp-sa */
1301 struct isakmp *isakmp = (struct isakmp *)msg->v;
1325 iph2->flags = isakmp->flags;
1326 iph2->msgid = isakmp->msgid;
1353 /* add new entry to isakmp status table */
1394 if ((ph2exchange[etypesw2(isakmp->etype)]
1414 * parse ISAKMP payloads, without ISAKMP base header.
1499 * parse ISAKMP payloads, including ISAKMP base header.
1505 struct isakmp *isakmp = (struct isakmp *)buf->v;
1511 np = isakmp->np;
1512 gen = (struct isakmp_gen *)(buf->v + sizeof(*isakmp));
1513 tlen = buf->l - sizeof(struct isakmp);
1523 /* initialize a isakmp status table */
1573 /* open ISAKMP sockets. */
1699 "%s used as isakmp port (fd=%d)\n",
2005 "ISAKMP-SA expired %s-%s spi:%s\n",
2054 "ISAKMP-SA deleted %s-%s spi:%s\n",
2141 * Interface between PF_KEYv2 and ISAKMP
2175 * Search isakmp status table by address and port
2192 /* no ISAKMP-SA found. */
2213 /* found ISAKMP-SA, but on negotiation. */
2224 /* found established ISAKMP-SA */
2227 /* found ISAKMP-SA. */
2252 "because there is no suitable ISAKMP-SA.\n");
2309 * Search isakmp status table by address and port
2333 /* found isakmp-sa */
2354 /* no isakmp-sa found */
2596 * set values into allocated buffer of isakmp header for phase 1
2607 struct isakmp *isakmp;
2609 if (vbuf->l < sizeof(*isakmp))
2612 isakmp = (struct isakmp *)vbuf->v;
2614 memcpy(&isakmp->i_ck, &iph1->index.i_ck, sizeof(cookie_t));
2615 memcpy(&isakmp->r_ck, &iph1->index.r_ck, sizeof(cookie_t));
2616 isakmp->np = nptype;
2617 isakmp->v = iph1->version;
2618 isakmp->etype = etype;
2619 isakmp->flags = flags;
2620 isakmp->msgid = msgid;
2621 isakmp->len = htonl(vbuf->l);
2623 return vbuf->v + sizeof(*isakmp);
2627 * set values into allocated buffer of isakmp header for phase 1
2639 * set values into allocated buffer of isakmp header for phase 2
2651 * set values into allocated buffer of isakmp payload.
2706 /* for print-isakmp.c */
2791 struct isakmp *isakmp;
2834 isakmp = (struct isakmp *)buf->v;
2835 if (isakmp->flags & ISAKMP_FLAG_E) {
2842 isakmp->flags &= ~ISAKMP_FLAG_E;
2936 "ISAKMP-SA established %s-%s spi:%s\n",
2974 size_t tlen = sizeof (struct isakmp), n = 0;
3202 "purging ISAKMP-SA spi=%s.\n",
3272 /* Check if there is another valid ISAKMP-SA */
3284 * to a different ISAKMP-SA
3296 "keeping IPsec-SA spi=%u - found valid ISAKMP-SA spi=%s.\n",
3331 "purged ISAKMP-SA spi=%s.\n",
