Lines Matching refs:isakmp
1 /* $NetBSD: isakmp.c,v 1.20.6.13 2008/09/25 09:34:39 vanhu Exp $ */
3 /* Id: isakmp.c,v 1.74 2006/05/07 21:32:59 manubsd Exp */
83 #include "isakmp.h"
198 * isakmp packet handler
204 struct isakmp isakmp;
206 char buf[sizeof (isakmp) + 4];
214 sizeof(isakmp) + 4];
231 "failed to receive isakmp packet: %s\n",
279 memcpy ((char *)&isakmp, x.buf + extralen, sizeof (isakmp));
281 /* check isakmp header length, as well as sanity of header length */
282 if (len < sizeof(isakmp) || ntohl(isakmp.len) < sizeof(isakmp)) {
284 "packet shorter than isakmp header size (%u, %u, %zu)\n",
285 len, ntohl(isakmp.len), sizeof(isakmp));
287 if ((len = recvfrom(so_isakmp, (char *)&isakmp, sizeof(isakmp),
290 "failed to receive isakmp packet: %s\n",
297 if (ntohl(isakmp.len) > 0xffff) {
299 "the length in the isakmp header is too big.\n");
300 if ((len = recvfrom(so_isakmp, (char *)&isakmp, sizeof(isakmp),
303 "failed to receive isakmp packet: %s\n",
310 if ((tmpbuf = vmalloc(ntohl(isakmp.len) + extralen)) == NULL) {
313 ntohl(isakmp.len) + extralen);
315 if ((len = recvfrom(so_isakmp, (char *)&isakmp, sizeof(isakmp),
318 "failed to receive isakmp packet: %s\n",
330 "failed to receive isakmp packet: %s\n",
370 /* XXX: I don't know how to check isakmp half connection attack. */
382 /* isakmp main routine */
398 * main processing to handle isakmp payload
405 struct isakmp *isakmp = (struct isakmp *)msg->v;
406 isakmp_index *index = (isakmp_index *)isakmp;
407 u_int32_t msgid = isakmp->msgid;
415 if (memcmp(&isakmp->i_ck, r_ck0, sizeof(cookie_t)) == 0) {
427 if (isakmp->v < ISAKMP_VERSION_NUMBER) {
428 if (ISAKMP_GETMAJORV(isakmp->v) < ISAKMP_MAJOR_VERSION) {
431 ISAKMP_GETMAJORV(isakmp->v));
435 if (ISAKMP_GETMINORV(isakmp->v) < ISAKMP_MINOR_VERSION) {
438 ISAKMP_GETMINORV(isakmp->v));
446 if (isakmp->flags & ~(ISAKMP_FLAG_E | ISAKMP_FLAG_C | ISAKMP_FLAG_A)) {
448 "invalid flag 0x%02x.\n", isakmp->flags);
453 if (ISSET(isakmp->flags, ISAKMP_FLAG_C)) {
454 if (isakmp->msgid == 0) {
455 isakmp_info_send_nx(isakmp, remote, local,
466 if (memcmp(&isakmp->r_ck, r_ck0, sizeof(cookie_t)) == 0 &&
544 switch (isakmp->etype) {
549 if (isakmp->msgid != 0) {
555 /* search for isakmp status record of phase 1 */
566 if (memcmp(&isakmp->r_ck, r_ck0,
577 isakmp->etype) < 0)
599 if (iph1->etype != isakmp->etype) {
604 s_isakmp_etype(isakmp->etype));
609 if (isakmp->np == ISAKMP_NPTYPE_FRAG)
626 isakmp->etype);
655 if (isakmp->np == ISAKMP_NPTYPE_FRAG)
668 isakmp_info_send_nx(isakmp, remote, local,
672 "there is no ISAKMP-SA, %s\n",
673 isakmp_pindex((isakmp_index *)&isakmp->i_ck,
674 isakmp->msgid));
685 if (isakmp->np == ISAKMP_NPTYPE_FRAG)
693 "there is no valid ISAKMP-SA, %s\n",
698 /* search isakmp phase 2 stauts record. */
715 if (ISSET(isakmp->flags, ISAKMP_FLAG_C))
734 "there is no ISAKMP-SA.\n");
739 if (isakmp->np == ISAKMP_NPTYPE_FRAG)
751 "but we have no ISAKMP-SA.\n",
752 isakmp->etype, saddr2str(remote));
757 if (isakmp->np == ISAKMP_NPTYPE_FRAG)
769 isakmp->etype, saddr2str(remote));
918 * ISAKMP mode config was requested. In the later
953 struct isakmp *isakmp = (struct isakmp *)msg->v;
969 if (ph2exchange[etypesw2(isakmp->etype)]
976 error = (ph2exchange[etypesw2(isakmp->etype)]
1005 if ((ph2exchange[etypesw2(isakmp->etype)]
1035 /* get new entry to isakmp status table. */
1124 struct isakmp *isakmp = (struct isakmp *)msg->v;
1149 /* get new entry to isakmp status table. */
1154 memcpy(&iph1->index.i_ck, &isakmp->i_ck, sizeof(iph1->index.i_ck));
1160 iph1->version = isakmp->v;
1265 /* found ISAKMP-SA. */
1282 /* found isakmp-sa */
1303 struct isakmp *isakmp = (struct isakmp *)msg->v;
1327 iph2->flags = isakmp->flags;
1328 iph2->msgid = isakmp->msgid;
1355 /* add new entry to isakmp status table */
1396 if ((ph2exchange[etypesw2(isakmp->etype)]
1416 * parse ISAKMP payloads, without ISAKMP base header.
1501 * parse ISAKMP payloads, including ISAKMP base header.
1507 struct isakmp *isakmp = (struct isakmp *)buf->v;
1513 np = isakmp->np;
1514 gen = (struct isakmp_gen *)(buf->v + sizeof(*isakmp));
1515 tlen = buf->l - sizeof(struct isakmp);
1525 /* initialize a isakmp status table */
1575 /* open ISAKMP sockets. */
1704 "%s used as isakmp port (fd=%d)\n",
2010 "ISAKMP-SA expired %s-%s spi:%s\n",
2059 "ISAKMP-SA deleted %s-%s spi:%s\n",
2146 * Interface between PF_KEYv2 and ISAKMP
2180 * Search isakmp status table by address and port
2197 /* no ISAKMP-SA found. */
2218 /* found ISAKMP-SA, but on negotiation. */
2229 /* found established ISAKMP-SA */
2232 /* found ISAKMP-SA. */
2257 "because there is no suitable ISAKMP-SA.\n");
2314 * Search isakmp status table by address and port
2338 /* found isakmp-sa */
2359 /* no isakmp-sa found */
2601 * set values into allocated buffer of isakmp header for phase 1
2612 struct isakmp *isakmp;
2614 if (vbuf->l < sizeof(*isakmp))
2617 isakmp = (struct isakmp *)vbuf->v;
2619 memcpy(&isakmp->i_ck, &iph1->index.i_ck, sizeof(cookie_t));
2620 memcpy(&isakmp->r_ck, &iph1->index.r_ck, sizeof(cookie_t));
2621 isakmp->np = nptype;
2622 isakmp->v = iph1->version;
2623 isakmp->etype = etype;
2624 isakmp->flags = flags;
2625 isakmp->msgid = msgid;
2626 isakmp->len = htonl(vbuf->l);
2628 return vbuf->v + sizeof(*isakmp);
2632 * set values into allocated buffer of isakmp header for phase 1
2644 * set values into allocated buffer of isakmp header for phase 2
2656 * set values into allocated buffer of isakmp payload.
2711 /* for print-isakmp.c */
2796 struct isakmp *isakmp;
2839 isakmp = (struct isakmp *)buf->v;
2840 if (isakmp->flags & ISAKMP_FLAG_E) {
2847 isakmp->flags &= ~ISAKMP_FLAG_E;
2941 "ISAKMP-SA established %s-%s spi:%s\n",
2980 size_t tlen = sizeof (struct isakmp), n = 0;
3208 "purging ISAKMP-SA spi=%s.\n",
3278 /* Check if there is another valid ISAKMP-SA */
3290 * to a different ISAKMP-SA
3302 "keeping IPsec-SA spi=%u - found valid ISAKMP-SA spi=%s.\n",
3337 "purged ISAKMP-SA spi=%s.\n",
