1 /* $OpenBSD: sysdep.c,v 1.16 2004/08/10 15:59:10 ho Exp $ */
4 * Copyright (c) 1998, 1999 Niklas Hallqvist. All rights reserved.
5 * Copyright (c) 2003 Thomas Walpuski. All rights reserved.
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
18 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
19 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
21 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
22 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
23 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 #include <sys/types.h>
29 #include <sys/socket.h>
30 #include <netinet/in.h>
31 #include <arpa/inet.h>
39 #ifdef NEED_SYSDEP_APP
43 #include <linux/pfkeyv2.h>
44 #include <linux/ipsec.h>
47 #include "pf_key_v2.h"
48 #define KEY_API(x) pf_key_v2_##x
51 #endif /* NEED_SYSDEP_APP */
54 extern char *__progname
;
57 * An as strong as possible random number generator, reverting to a
58 * deterministic pseudo-random one if regrand is set.
66 /* Return the basename of the command used to invoke us. */
73 /* Return the length of the sockaddr struct. */
75 sysdep_sa_len (struct sockaddr
*sa
)
77 switch (sa
->sa_family
)
80 return sizeof (struct sockaddr_in
);
82 return sizeof (struct sockaddr_in6
);
84 log_print ("sysdep_sa_len: unknown sa family %d", sa
->sa_family
);
86 return sizeof (struct sockaddr_in
);
89 /* As regress/ use this file I protect the sysdep_app_* stuff like this. */
90 #ifdef NEED_SYSDEP_APP
92 * Prepare the application we negotiate SAs for (i.e. the IPsec stack)
93 * for communication. We return a file descriptor useable to select(2) on.
98 return KEY_API(open
) ();
102 * When select(2) has noticed our application needs attendance, this is what
103 * gets called. FD is the file descriptor causing the alarm.
106 sysdep_app_handler (int fd
)
108 KEY_API (handler
) (fd
);
111 /* Check that the connection named NAME is active, or else make it active. */
113 sysdep_connection_check (char *name
)
115 KEY_API (connection_check
) (name
);
119 * Generate a SPI for protocol PROTO and the source/destination pair given by
120 * SRC, SRCLEN, DST & DSTLEN. Stash the SPI size in SZ.
123 sysdep_ipsec_get_spi (size_t *sz
, u_int8_t proto
, struct sockaddr
*src
,
124 struct sockaddr
*dst
, u_int32_t seq
)
128 *sz
= IPSEC_SPI_SIZE
;
129 /* XXX should be random instead I think. */
130 return strdup ("\x12\x34\x56\x78");
132 return KEY_API (get_spi
) (sz
, proto
, src
, dst
, seq
);
136 sysdep_ipsec_get_kernel_sa(u_int8_t
*spi
, size_t spi_sz
, u_int8_t proto
,
137 struct sockaddr
*dst
)
141 /* XXX return KEY_API(get_kernel_sa)(spi, spi_sz, proto, dst); */
145 /* Force communication on socket FD to go in the clear. */
147 sysdep_cleartext (int fd
, int af
)
149 struct sadb_x_policy pol_in
= {
151 SADB_EXT_SENSITIVITY
,
158 struct sadb_x_policy pol_out
= {
160 SADB_EXT_SENSITIVITY
,
171 if (!(af
== AF_INET
|| af
== AF_INET6
))
173 log_print ("sysdep_cleartext: unsupported protocol family %d", af
);
177 if (setsockopt (fd
, af
== AF_INET
? IPPROTO_IP
: IPPROTO_IPV6
,
178 af
== AF_INET
? IP_IPSEC_POLICY
: IPV6_IPSEC_POLICY
,
179 &pol_in
, sizeof pol_in
) < 0 ||
180 setsockopt (fd
, af
== AF_INET
? IPPROTO_IP
: IPPROTO_IPV6
,
181 af
== AF_INET
? IP_IPSEC_POLICY
: IPV6_IPSEC_POLICY
,
182 &pol_out
, sizeof pol_out
) < 0)
184 log_error ("sysdep_cleartext: "
185 "setsockopt (%d, IPPROTO_IP%s, IP%s_IPSEC_POLICY, ...) "
186 "failed", fd
, af
== AF_INET
? "" : "V6",
187 af
== AF_INET
? "" : "V6");
194 sysdep_ipsec_delete_spi (struct sa
*sa
, struct proto
*proto
, int incoming
)
198 return KEY_API (delete_spi
) (sa
, proto
, incoming
);
202 sysdep_ipsec_enable_sa (struct sa
*sa
, struct sa
*isakmp_sa
)
206 return KEY_API (enable_sa
) (sa
, isakmp_sa
);
210 sysdep_ipsec_group_spis (struct sa
*sa
, struct proto
*proto1
,
211 struct proto
*proto2
, int incoming
)
215 return KEY_API (group_spis
) (sa
, proto1
, proto2
, incoming
);
219 sysdep_ipsec_set_spi (struct sa
*sa
, struct proto
*proto
, int incoming
,
220 struct sa
*isakmp_sa
)
224 return KEY_API (set_spi
) (sa
, proto
, incoming
, isakmp_sa
);