7c0934c251ed72d21698f8b5175815a55ec5b605
[strongswan.git] / src / libfreeswan / pfkey_v2_parse.c
1 /*
2 * RFC2367 PF_KEYv2 Key management API message parser
3 * Copyright (C) 1999, 2000, 2001 Richard Guy Briggs.
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 /*
17 * Template from klips/net/ipsec/ipsec/ipsec_parser.c.
18 */
19
20 char pfkey_v2_parse_c_version[] = "";
21
22 # include <sys/types.h>
23 # include <sys/socket.h>
24 # include <errno.h>
25
26 # include <freeswan.h>
27 # include <constants.h>
28 # include <defs.h> /* for PRINTF_LIKE */
29 # include <log.h> /* for debugging and DBG_log */
30
31 # ifdef PLUTO
32 # define DEBUGGING(level, args...) { DBG_log("pfkey_lib_debug:" args); }
33 # else
34 # define DEBUGGING(level, args...) if(pfkey_lib_debug & level) { printf("pfkey_lib_debug:" args); } else { ; }
35 # endif
36
37 #include <pfkeyv2.h>
38 #include <pfkey.h>
39
40
41 #define SENDERR(_x) do { error = -(_x); goto errlab; } while (0)
42
43 struct satype_tbl {
44 uint8_t proto;
45 uint8_t satype;
46 char* name;
47 }
48 static satype_tbl[] = {
49 { SA_ESP, SADB_SATYPE_ESP, "ESP" },
50 { SA_AH, SADB_SATYPE_AH, "AH" },
51 { SA_IPIP, SADB_X_SATYPE_IPIP, "IPIP" },
52 { SA_COMP, SADB_X_SATYPE_COMP, "COMP" },
53 { SA_INT, SADB_X_SATYPE_INT, "INT" },
54 { 0, 0, "UNKNOWN" }
55 };
56
57 uint8_t
58 satype2proto(uint8_t satype)
59 {
60 int i =0;
61
62 while(satype_tbl[i].satype != satype && satype_tbl[i].satype != 0) {
63 i++;
64 }
65 return satype_tbl[i].proto;
66 }
67
68 uint8_t
69 proto2satype(uint8_t proto)
70 {
71 int i = 0;
72
73 while(satype_tbl[i].proto != proto && satype_tbl[i].proto != 0) {
74 i++;
75 }
76 return satype_tbl[i].satype;
77 }
78
79 char*
80 satype2name(uint8_t satype)
81 {
82 int i = 0;
83
84 while(satype_tbl[i].satype != satype && satype_tbl[i].satype != 0) {
85 i++;
86 }
87 return satype_tbl[i].name;
88 }
89
90 char*
91 proto2name(uint8_t proto)
92 {
93 int i = 0;
94
95 while(satype_tbl[i].proto != proto && satype_tbl[i].proto != 0) {
96 i++;
97 }
98 return satype_tbl[i].name;
99 }
100
101 /* Default extension parsers taken from the KLIPS code */
102
103 DEBUG_NO_STATIC int
104 pfkey_sa_parse(struct sadb_ext *pfkey_ext)
105 {
106 int error = 0;
107 struct sadb_sa *pfkey_sa = (struct sadb_sa *)pfkey_ext;
108 #if 0
109 struct sadb_sa sav2;
110 #endif
111
112 DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW,
113 "pfkey_sa_parse: entry\n");
114 /* sanity checks... */
115 if(!pfkey_sa) {
116 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
117 "pfkey_sa_parse: "
118 "NULL pointer passed in.\n");
119 SENDERR(EINVAL);
120 }
121
122 #if 0
123 /* check if this structure is short, and if so, fix it up.
124 * XXX this is NOT the way to do things.
125 */
126 if(pfkey_sa->sadb_sa_len == sizeof(struct sadb_sa_v1)/IPSEC_PFKEYv2_ALIGN) {
127
128 /* yes, so clear out a temporary structure, and copy first */
129 memset(&sav2, 0, sizeof(sav2));
130 memcpy(&sav2, pfkey_sa, sizeof(struct sadb_sa_v1));
131 sav2.sadb_x_sa_ref=-1;
132 sav2.sadb_sa_len = sizeof(struct sadb_sa) / IPSEC_PFKEYv2_ALIGN;
133
134 pfkey_sa = &sav2;
135 }
136 #endif
137
138
139 if(pfkey_sa->sadb_sa_len != sizeof(struct sadb_sa) / IPSEC_PFKEYv2_ALIGN) {
140 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
141 "pfkey_sa_parse: "
142 "length wrong pfkey_sa->sadb_sa_len=%d sizeof(struct sadb_sa)=%d.\n",
143 pfkey_sa->sadb_sa_len,
144 (int)sizeof(struct sadb_sa));
145 SENDERR(EINVAL);
146 }
147
148 if(pfkey_sa->sadb_sa_encrypt > SADB_EALG_MAX) {
149 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
150 "pfkey_sa_parse: "
151 "pfkey_sa->sadb_sa_encrypt=%d > SADB_EALG_MAX=%d.\n",
152 pfkey_sa->sadb_sa_encrypt,
153 SADB_EALG_MAX);
154 SENDERR(EINVAL);
155 }
156
157 if(pfkey_sa->sadb_sa_auth > SADB_AALG_MAX) {
158 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
159 "pfkey_sa_parse: "
160 "pfkey_sa->sadb_sa_auth=%d > SADB_AALG_MAX=%d.\n",
161 pfkey_sa->sadb_sa_auth,
162 SADB_AALG_MAX);
163 SENDERR(EINVAL);
164 }
165
166 if(pfkey_sa->sadb_sa_state > SADB_SASTATE_MAX) {
167 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
168 "pfkey_sa_parse: "
169 "state=%d exceeds MAX=%d.\n",
170 pfkey_sa->sadb_sa_state,
171 SADB_SASTATE_MAX);
172 SENDERR(EINVAL);
173 }
174
175 if(pfkey_sa->sadb_sa_state == SADB_SASTATE_DEAD) {
176 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
177 "pfkey_sa_parse: "
178 "state=%d is DEAD=%d.\n",
179 pfkey_sa->sadb_sa_state,
180 SADB_SASTATE_DEAD);
181 SENDERR(EINVAL);
182 }
183
184 if(pfkey_sa->sadb_sa_replay > 64) {
185 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
186 "pfkey_sa_parse: "
187 "replay window size: %d -- must be 0 <= size <= 64\n",
188 pfkey_sa->sadb_sa_replay);
189 SENDERR(EINVAL);
190 }
191
192 if(! ((pfkey_sa->sadb_sa_exttype == SADB_EXT_SA) ||
193 (pfkey_sa->sadb_sa_exttype == SADB_X_EXT_SA2)))
194 {
195 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
196 "pfkey_sa_parse: "
197 "unknown exttype=%d, expecting SADB_EXT_SA=%d or SADB_X_EXT_SA2=%d.\n",
198 pfkey_sa->sadb_sa_exttype,
199 SADB_EXT_SA,
200 SADB_X_EXT_SA2);
201 SENDERR(EINVAL);
202 }
203
204 if((IPSEC_SAREF_NULL != pfkey_sa->sadb_x_sa_ref) && (pfkey_sa->sadb_x_sa_ref >= (1 << IPSEC_SA_REF_TABLE_IDX_WIDTH))) {
205 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
206 "pfkey_sa_parse: "
207 "SAref=%d must be (SAref == IPSEC_SAREF_NULL(%d) || SAref < IPSEC_SA_REF_TABLE_NUM_ENTRIES(%d)).\n",
208 pfkey_sa->sadb_x_sa_ref,
209 IPSEC_SAREF_NULL,
210 IPSEC_SA_REF_TABLE_NUM_ENTRIES);
211 SENDERR(EINVAL);
212 }
213
214 DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT,
215 "pfkey_sa_parse: "
216 "successfully found len=%d exttype=%d(%s) spi=%08lx replay=%d state=%d auth=%d encrypt=%d flags=%d ref=%d.\n",
217 pfkey_sa->sadb_sa_len,
218 pfkey_sa->sadb_sa_exttype,
219 pfkey_v2_sadb_ext_string(pfkey_sa->sadb_sa_exttype),
220 (long unsigned int)ntohl(pfkey_sa->sadb_sa_spi),
221 pfkey_sa->sadb_sa_replay,
222 pfkey_sa->sadb_sa_state,
223 pfkey_sa->sadb_sa_auth,
224 pfkey_sa->sadb_sa_encrypt,
225 pfkey_sa->sadb_sa_flags,
226 pfkey_sa->sadb_x_sa_ref);
227
228 errlab:
229 return error;
230 }
231
232 DEBUG_NO_STATIC int
233 pfkey_lifetime_parse(struct sadb_ext *pfkey_ext)
234 {
235 int error = 0;
236 struct sadb_lifetime *pfkey_lifetime = (struct sadb_lifetime *)pfkey_ext;
237
238 DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW,
239 "pfkey_lifetime_parse:enter\n");
240 /* sanity checks... */
241 if(!pfkey_lifetime) {
242 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
243 "pfkey_lifetime_parse: "
244 "NULL pointer passed in.\n");
245 SENDERR(EINVAL);
246 }
247
248 if(pfkey_lifetime->sadb_lifetime_len !=
249 sizeof(struct sadb_lifetime) / IPSEC_PFKEYv2_ALIGN) {
250 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
251 "pfkey_lifetime_parse: "
252 "length wrong pfkey_lifetime->sadb_lifetime_len=%d sizeof(struct sadb_lifetime)=%d.\n",
253 pfkey_lifetime->sadb_lifetime_len,
254 (int)sizeof(struct sadb_lifetime));
255 SENDERR(EINVAL);
256 }
257
258 if((pfkey_lifetime->sadb_lifetime_exttype != SADB_EXT_LIFETIME_HARD) &&
259 (pfkey_lifetime->sadb_lifetime_exttype != SADB_EXT_LIFETIME_SOFT) &&
260 (pfkey_lifetime->sadb_lifetime_exttype != SADB_EXT_LIFETIME_CURRENT)) {
261 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
262 "pfkey_lifetime_parse: "
263 "unexpected ext_type=%d.\n",
264 pfkey_lifetime->sadb_lifetime_exttype);
265 SENDERR(EINVAL);
266 }
267
268 DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT,
269 "pfkey_lifetime_parse: "
270 "life_type=%d(%s) alloc=%u bytes=%u add=%u use=%u pkts=%u.\n",
271 pfkey_lifetime->sadb_lifetime_exttype,
272 pfkey_v2_sadb_ext_string(pfkey_lifetime->sadb_lifetime_exttype),
273 pfkey_lifetime->sadb_lifetime_allocations,
274 (unsigned)pfkey_lifetime->sadb_lifetime_bytes,
275 (unsigned)pfkey_lifetime->sadb_lifetime_addtime,
276 (unsigned)pfkey_lifetime->sadb_lifetime_usetime,
277 pfkey_lifetime->sadb_x_lifetime_packets);
278 errlab:
279 return error;
280 }
281
282 DEBUG_NO_STATIC int
283 pfkey_address_parse(struct sadb_ext *pfkey_ext)
284 {
285 int error = 0;
286 int saddr_len = 0;
287 struct sadb_address *pfkey_address = (struct sadb_address *)pfkey_ext;
288 struct sockaddr* s = (struct sockaddr*)((char*)pfkey_address + sizeof(*pfkey_address));
289 char ipaddr_txt[ADDRTOT_BUF];
290
291 DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW,
292 "pfkey_address_parse:enter\n");
293 /* sanity checks... */
294 if(!pfkey_address) {
295 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
296 "pfkey_address_parse: "
297 "NULL pointer passed in.\n");
298 SENDERR(EINVAL);
299 }
300
301 if(pfkey_address->sadb_address_len <
302 (sizeof(struct sadb_address) + sizeof(struct sockaddr))/
303 IPSEC_PFKEYv2_ALIGN) {
304 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
305 "pfkey_address_parse: "
306 "size wrong 1 ext_len=%d, adr_ext_len=%d, saddr_len=%d.\n",
307 pfkey_address->sadb_address_len,
308 (int)sizeof(struct sadb_address),
309 (int)sizeof(struct sockaddr));
310 SENDERR(EINVAL);
311 }
312
313 if(pfkey_address->sadb_address_reserved) {
314 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
315 "pfkey_address_parse: "
316 "res=%d, must be zero.\n",
317 pfkey_address->sadb_address_reserved);
318 SENDERR(EINVAL);
319 }
320
321 switch(pfkey_address->sadb_address_exttype) {
322 case SADB_EXT_ADDRESS_SRC:
323 case SADB_EXT_ADDRESS_DST:
324 case SADB_EXT_ADDRESS_PROXY:
325 case SADB_X_EXT_ADDRESS_DST2:
326 case SADB_X_EXT_ADDRESS_SRC_FLOW:
327 case SADB_X_EXT_ADDRESS_DST_FLOW:
328 case SADB_X_EXT_ADDRESS_SRC_MASK:
329 case SADB_X_EXT_ADDRESS_DST_MASK:
330 case SADB_X_EXT_NAT_T_OA:
331 break;
332 default:
333 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
334 "pfkey_address_parse: "
335 "unexpected ext_type=%d.\n",
336 pfkey_address->sadb_address_exttype);
337 SENDERR(EINVAL);
338 }
339
340 switch(s->sa_family) {
341 case AF_INET:
342 saddr_len = sizeof(struct sockaddr_in);
343 sprintf(ipaddr_txt, "%d.%d.%d.%d"
344 , (((struct sockaddr_in*)s)->sin_addr.s_addr >> 0) & 0xFF
345 , (((struct sockaddr_in*)s)->sin_addr.s_addr >> 8) & 0xFF
346 , (((struct sockaddr_in*)s)->sin_addr.s_addr >> 16) & 0xFF
347 , (((struct sockaddr_in*)s)->sin_addr.s_addr >> 24) & 0xFF);
348 DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT,
349 "pfkey_address_parse: "
350 "found exttype=%u(%s) family=%d(AF_INET) address=%s proto=%u port=%u.\n",
351 pfkey_address->sadb_address_exttype,
352 pfkey_v2_sadb_ext_string(pfkey_address->sadb_address_exttype),
353 s->sa_family,
354 ipaddr_txt,
355 pfkey_address->sadb_address_proto,
356 ntohs(((struct sockaddr_in*)s)->sin_port));
357 break;
358 case AF_INET6:
359 saddr_len = sizeof(struct sockaddr_in6);
360 sprintf(ipaddr_txt, "%x:%x:%x:%x:%x:%x:%x:%x"
361 , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr[0])
362 , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr[1])
363 , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr[2])
364 , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr[3])
365 , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr[4])
366 , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr[5])
367 , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr[6])
368 , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr[7]));
369 DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT,
370 "pfkey_address_parse: "
371 "found exttype=%u(%s) family=%d(AF_INET6) address=%s proto=%u port=%u.\n",
372 pfkey_address->sadb_address_exttype,
373 pfkey_v2_sadb_ext_string(pfkey_address->sadb_address_exttype),
374 s->sa_family,
375 ipaddr_txt,
376 pfkey_address->sadb_address_proto,
377 ((struct sockaddr_in6*)s)->sin6_port);
378 break;
379 default:
380 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
381 "pfkey_address_parse: "
382 "s->sa_family=%d not supported.\n",
383 s->sa_family);
384 SENDERR(EPFNOSUPPORT);
385 }
386
387 if(pfkey_address->sadb_address_len !=
388 DIVUP(sizeof(struct sadb_address) + saddr_len, IPSEC_PFKEYv2_ALIGN)) {
389 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
390 "pfkey_address_parse: "
391 "size wrong 2 ext_len=%d, adr_ext_len=%d, saddr_len=%d.\n",
392 pfkey_address->sadb_address_len,
393 (int)sizeof(struct sadb_address),
394 saddr_len);
395 SENDERR(EINVAL);
396 }
397
398 if(pfkey_address->sadb_address_prefixlen != 0) {
399 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
400 "pfkey_address_parse: "
401 "address prefixes not supported yet.\n");
402 SENDERR(EAFNOSUPPORT); /* not supported yet */
403 }
404
405 /* XXX check if port!=0 */
406
407 DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW,
408 "pfkey_address_parse: successful.\n");
409 errlab:
410 return error;
411 }
412
413 DEBUG_NO_STATIC int
414 pfkey_key_parse(struct sadb_ext *pfkey_ext)
415 {
416 int error = 0;
417 struct sadb_key *pfkey_key = (struct sadb_key *)pfkey_ext;
418
419 DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW,
420 "pfkey_key_parse:enter\n");
421 /* sanity checks... */
422
423 if(!pfkey_key) {
424 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
425 "pfkey_key_parse: "
426 "NULL pointer passed in.\n");
427 SENDERR(EINVAL);
428 }
429
430 if(pfkey_key->sadb_key_len < sizeof(struct sadb_key) / IPSEC_PFKEYv2_ALIGN) {
431 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
432 "pfkey_key_parse: "
433 "size wrong ext_len=%d, key_ext_len=%d.\n",
434 pfkey_key->sadb_key_len,
435 (int)sizeof(struct sadb_key));
436 SENDERR(EINVAL);
437 }
438
439 if(!pfkey_key->sadb_key_bits) {
440 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
441 "pfkey_key_parse: "
442 "key length set to zero, must be non-zero.\n");
443 SENDERR(EINVAL);
444 }
445
446 if(pfkey_key->sadb_key_len !=
447 DIVUP(sizeof(struct sadb_key) * OCTETBITS + pfkey_key->sadb_key_bits,
448 PFKEYBITS)) {
449 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
450 "pfkey_key_parse: "
451 "key length=%d does not agree with extension length=%d.\n",
452 pfkey_key->sadb_key_bits,
453 pfkey_key->sadb_key_len);
454 SENDERR(EINVAL);
455 }
456
457 if(pfkey_key->sadb_key_reserved) {
458 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
459 "pfkey_key_parse: "
460 "res=%d, must be zero.\n",
461 pfkey_key->sadb_key_reserved);
462 SENDERR(EINVAL);
463 }
464
465 if(! ( (pfkey_key->sadb_key_exttype == SADB_EXT_KEY_AUTH) ||
466 (pfkey_key->sadb_key_exttype == SADB_EXT_KEY_ENCRYPT))) {
467 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
468 "pfkey_key_parse: "
469 "expecting extension type AUTH or ENCRYPT, got %d.\n",
470 pfkey_key->sadb_key_exttype);
471 SENDERR(EINVAL);
472 }
473
474 DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT,
475 "pfkey_key_parse: "
476 "success, found len=%d exttype=%d(%s) bits=%d reserved=%d.\n",
477 pfkey_key->sadb_key_len,
478 pfkey_key->sadb_key_exttype,
479 pfkey_v2_sadb_ext_string(pfkey_key->sadb_key_exttype),
480 pfkey_key->sadb_key_bits,
481 pfkey_key->sadb_key_reserved);
482
483 errlab:
484 return error;
485 }
486
487 DEBUG_NO_STATIC int
488 pfkey_ident_parse(struct sadb_ext *pfkey_ext)
489 {
490 int error = 0;
491 struct sadb_ident *pfkey_ident = (struct sadb_ident *)pfkey_ext;
492
493 /* sanity checks... */
494 if(pfkey_ident->sadb_ident_len < sizeof(struct sadb_ident) / IPSEC_PFKEYv2_ALIGN) {
495 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
496 "pfkey_ident_parse: "
497 "size wrong ext_len=%d, key_ext_len=%d.\n",
498 pfkey_ident->sadb_ident_len,
499 (int)sizeof(struct sadb_ident));
500 SENDERR(EINVAL);
501 }
502
503 if(pfkey_ident->sadb_ident_type > SADB_IDENTTYPE_MAX) {
504 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
505 "pfkey_ident_parse: "
506 "ident_type=%d out of range, must be less than %d.\n",
507 pfkey_ident->sadb_ident_type,
508 SADB_IDENTTYPE_MAX);
509 SENDERR(EINVAL);
510 }
511
512 if(pfkey_ident->sadb_ident_reserved) {
513 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
514 "pfkey_ident_parse: "
515 "res=%d, must be zero.\n",
516 pfkey_ident->sadb_ident_reserved);
517 SENDERR(EINVAL);
518 }
519
520 /* string terminator/padding must be zero */
521 if(pfkey_ident->sadb_ident_len > sizeof(struct sadb_ident) / IPSEC_PFKEYv2_ALIGN) {
522 if(*((char*)pfkey_ident + pfkey_ident->sadb_ident_len * IPSEC_PFKEYv2_ALIGN - 1)) {
523 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
524 "pfkey_ident_parse: "
525 "string padding must be zero, last is 0x%02x.\n",
526 *((char*)pfkey_ident +
527 pfkey_ident->sadb_ident_len * IPSEC_PFKEYv2_ALIGN - 1));
528 SENDERR(EINVAL);
529 }
530 }
531
532 if( ! ((pfkey_ident->sadb_ident_exttype == SADB_EXT_IDENTITY_SRC) ||
533 (pfkey_ident->sadb_ident_exttype == SADB_EXT_IDENTITY_DST))) {
534 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
535 "pfkey_key_parse: "
536 "expecting extension type IDENTITY_SRC or IDENTITY_DST, got %d.\n",
537 pfkey_ident->sadb_ident_exttype);
538 SENDERR(EINVAL);
539 }
540
541 errlab:
542 return error;
543 }
544
545 DEBUG_NO_STATIC int
546 pfkey_sens_parse(struct sadb_ext *pfkey_ext)
547 {
548 int error = 0;
549 struct sadb_sens *pfkey_sens = (struct sadb_sens *)pfkey_ext;
550
551 /* sanity checks... */
552 if(pfkey_sens->sadb_sens_len < sizeof(struct sadb_sens) / IPSEC_PFKEYv2_ALIGN) {
553 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
554 "pfkey_sens_parse: "
555 "size wrong ext_len=%d, key_ext_len=%d.\n",
556 pfkey_sens->sadb_sens_len,
557 (int)sizeof(struct sadb_sens));
558 SENDERR(EINVAL);
559 }
560
561 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
562 "pfkey_sens_parse: "
563 "Sorry, I can't parse exttype=%d yet.\n",
564 pfkey_ext->sadb_ext_type);
565 #if 0
566 SENDERR(EINVAL); /* don't process these yet */
567 #endif
568
569 errlab:
570 return error;
571 }
572
573 DEBUG_NO_STATIC int
574 pfkey_prop_parse(struct sadb_ext *pfkey_ext)
575 {
576 int error = 0;
577 int i, num_comb;
578 struct sadb_prop *pfkey_prop = (struct sadb_prop *)pfkey_ext;
579 struct sadb_comb *pfkey_comb = (struct sadb_comb *)((char*)pfkey_ext + sizeof(struct sadb_prop));
580
581 /* sanity checks... */
582 if((pfkey_prop->sadb_prop_len < sizeof(struct sadb_prop) / IPSEC_PFKEYv2_ALIGN) ||
583 (((pfkey_prop->sadb_prop_len * IPSEC_PFKEYv2_ALIGN) - sizeof(struct sadb_prop)) % sizeof(struct sadb_comb))) {
584 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
585 "pfkey_prop_parse: "
586 "size wrong ext_len=%d, prop_ext_len=%d comb_ext_len=%d.\n",
587 pfkey_prop->sadb_prop_len,
588 (int)sizeof(struct sadb_prop),
589 (int)sizeof(struct sadb_comb));
590 SENDERR(EINVAL);
591 }
592
593 if(pfkey_prop->sadb_prop_replay > 64) {
594 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
595 "pfkey_prop_parse: "
596 "replay window size: %d -- must be 0 <= size <= 64\n",
597 pfkey_prop->sadb_prop_replay);
598 SENDERR(EINVAL);
599 }
600
601 for(i=0; i<3; i++) {
602 if(pfkey_prop->sadb_prop_reserved[i]) {
603 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
604 "pfkey_prop_parse: "
605 "res[%d]=%d, must be zero.\n",
606 i, pfkey_prop->sadb_prop_reserved[i]);
607 SENDERR(EINVAL);
608 }
609 }
610
611 num_comb = ((pfkey_prop->sadb_prop_len * IPSEC_PFKEYv2_ALIGN) - sizeof(struct sadb_prop)) / sizeof(struct sadb_comb);
612
613 for(i = 0; i < num_comb; i++) {
614 if(pfkey_comb->sadb_comb_auth > SADB_AALG_MAX) {
615 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
616 "pfkey_prop_parse: "
617 "pfkey_comb[%d]->sadb_comb_auth=%d > SADB_AALG_MAX=%d.\n",
618 i,
619 pfkey_comb->sadb_comb_auth,
620 SADB_AALG_MAX);
621 SENDERR(EINVAL);
622 }
623
624 if(pfkey_comb->sadb_comb_auth) {
625 if(!pfkey_comb->sadb_comb_auth_minbits) {
626 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
627 "pfkey_prop_parse: "
628 "pfkey_comb[%d]->sadb_comb_auth_minbits=0, fatal.\n",
629 i);
630 SENDERR(EINVAL);
631 }
632 if(!pfkey_comb->sadb_comb_auth_maxbits) {
633 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
634 "pfkey_prop_parse: "
635 "pfkey_comb[%d]->sadb_comb_auth_maxbits=0, fatal.\n",
636 i);
637 SENDERR(EINVAL);
638 }
639 if(pfkey_comb->sadb_comb_auth_minbits > pfkey_comb->sadb_comb_auth_maxbits) {
640 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
641 "pfkey_prop_parse: "
642 "pfkey_comb[%d]->sadb_comb_auth_minbits=%d > maxbits=%d, fatal.\n",
643 i,
644 pfkey_comb->sadb_comb_auth_minbits,
645 pfkey_comb->sadb_comb_auth_maxbits);
646 SENDERR(EINVAL);
647 }
648 } else {
649 if(pfkey_comb->sadb_comb_auth_minbits) {
650 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
651 "pfkey_prop_parse: "
652 "pfkey_comb[%d]->sadb_comb_auth_minbits=%d != 0, fatal.\n",
653 i,
654 pfkey_comb->sadb_comb_auth_minbits);
655 SENDERR(EINVAL);
656 }
657 if(pfkey_comb->sadb_comb_auth_maxbits) {
658 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
659 "pfkey_prop_parse: "
660 "pfkey_comb[%d]->sadb_comb_auth_maxbits=%d != 0, fatal.\n",
661 i,
662 pfkey_comb->sadb_comb_auth_maxbits);
663 SENDERR(EINVAL);
664 }
665 }
666
667 if(pfkey_comb->sadb_comb_encrypt > SADB_EALG_MAX) {
668 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
669 "pfkey_comb_parse: "
670 "pfkey_comb[%d]->sadb_comb_encrypt=%d > SADB_EALG_MAX=%d.\n",
671 i,
672 pfkey_comb->sadb_comb_encrypt,
673 SADB_EALG_MAX);
674 SENDERR(EINVAL);
675 }
676
677 if(pfkey_comb->sadb_comb_encrypt) {
678 if(!pfkey_comb->sadb_comb_encrypt_minbits) {
679 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
680 "pfkey_prop_parse: "
681 "pfkey_comb[%d]->sadb_comb_encrypt_minbits=0, fatal.\n",
682 i);
683 SENDERR(EINVAL);
684 }
685 if(!pfkey_comb->sadb_comb_encrypt_maxbits) {
686 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
687 "pfkey_prop_parse: "
688 "pfkey_comb[%d]->sadb_comb_encrypt_maxbits=0, fatal.\n",
689 i);
690 SENDERR(EINVAL);
691 }
692 if(pfkey_comb->sadb_comb_encrypt_minbits > pfkey_comb->sadb_comb_encrypt_maxbits) {
693 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
694 "pfkey_prop_parse: "
695 "pfkey_comb[%d]->sadb_comb_encrypt_minbits=%d > maxbits=%d, fatal.\n",
696 i,
697 pfkey_comb->sadb_comb_encrypt_minbits,
698 pfkey_comb->sadb_comb_encrypt_maxbits);
699 SENDERR(EINVAL);
700 }
701 } else {
702 if(pfkey_comb->sadb_comb_encrypt_minbits) {
703 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
704 "pfkey_prop_parse: "
705 "pfkey_comb[%d]->sadb_comb_encrypt_minbits=%d != 0, fatal.\n",
706 i,
707 pfkey_comb->sadb_comb_encrypt_minbits);
708 SENDERR(EINVAL);
709 }
710 if(pfkey_comb->sadb_comb_encrypt_maxbits) {
711 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
712 "pfkey_prop_parse: "
713 "pfkey_comb[%d]->sadb_comb_encrypt_maxbits=%d != 0, fatal.\n",
714 i,
715 pfkey_comb->sadb_comb_encrypt_maxbits);
716 SENDERR(EINVAL);
717 }
718 }
719
720 /* XXX do sanity check on flags */
721
722 if(pfkey_comb->sadb_comb_hard_allocations && pfkey_comb->sadb_comb_soft_allocations > pfkey_comb->sadb_comb_hard_allocations) {
723 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
724 "pfkey_prop_parse: "
725 "pfkey_comb[%d]->sadb_comb_soft_allocations=%d > hard_allocations=%d, fatal.\n",
726 i,
727 pfkey_comb->sadb_comb_soft_allocations,
728 pfkey_comb->sadb_comb_hard_allocations);
729 SENDERR(EINVAL);
730 }
731
732 if(pfkey_comb->sadb_comb_hard_bytes && pfkey_comb->sadb_comb_soft_bytes > pfkey_comb->sadb_comb_hard_bytes) {
733 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
734 "pfkey_prop_parse: "
735 "pfkey_comb[%d]->sadb_comb_soft_bytes=%Ld > hard_bytes=%Ld, fatal.\n",
736 i,
737 (unsigned long long int)pfkey_comb->sadb_comb_soft_bytes,
738 (unsigned long long int)pfkey_comb->sadb_comb_hard_bytes);
739 SENDERR(EINVAL);
740 }
741
742 if(pfkey_comb->sadb_comb_hard_addtime && pfkey_comb->sadb_comb_soft_addtime > pfkey_comb->sadb_comb_hard_addtime) {
743 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
744 "pfkey_prop_parse: "
745 "pfkey_comb[%d]->sadb_comb_soft_addtime=%Ld > hard_addtime=%Ld, fatal.\n",
746 i,
747 (unsigned long long int)pfkey_comb->sadb_comb_soft_addtime,
748 (unsigned long long int)pfkey_comb->sadb_comb_hard_addtime);
749 SENDERR(EINVAL);
750 }
751
752 if(pfkey_comb->sadb_comb_hard_usetime && pfkey_comb->sadb_comb_soft_usetime > pfkey_comb->sadb_comb_hard_usetime) {
753 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
754 "pfkey_prop_parse: "
755 "pfkey_comb[%d]->sadb_comb_soft_usetime=%Ld > hard_usetime=%Ld, fatal.\n",
756 i,
757 (unsigned long long int)pfkey_comb->sadb_comb_soft_usetime,
758 (unsigned long long int)pfkey_comb->sadb_comb_hard_usetime);
759 SENDERR(EINVAL);
760 }
761
762 if(pfkey_comb->sadb_x_comb_hard_packets && pfkey_comb->sadb_x_comb_soft_packets > pfkey_comb->sadb_x_comb_hard_packets) {
763 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
764 "pfkey_prop_parse: "
765 "pfkey_comb[%d]->sadb_x_comb_soft_packets=%d > hard_packets=%d, fatal.\n",
766 i,
767 pfkey_comb->sadb_x_comb_soft_packets,
768 pfkey_comb->sadb_x_comb_hard_packets);
769 SENDERR(EINVAL);
770 }
771
772 if(pfkey_comb->sadb_comb_reserved) {
773 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
774 "pfkey_prop_parse: "
775 "comb[%d].res=%d, must be zero.\n",
776 i,
777 pfkey_comb->sadb_comb_reserved);
778 SENDERR(EINVAL);
779 }
780 pfkey_comb++;
781 }
782
783 errlab:
784 return error;
785 }
786
787 DEBUG_NO_STATIC int
788 pfkey_supported_parse(struct sadb_ext *pfkey_ext)
789 {
790 int error = 0;
791 unsigned int i, num_alg;
792 struct sadb_supported *pfkey_supported = (struct sadb_supported *)pfkey_ext;
793 struct sadb_alg *pfkey_alg = (struct sadb_alg*)((char*)pfkey_ext + sizeof(struct sadb_supported));
794
795 /* sanity checks... */
796 if((pfkey_supported->sadb_supported_len <
797 sizeof(struct sadb_supported) / IPSEC_PFKEYv2_ALIGN) ||
798 (((pfkey_supported->sadb_supported_len * IPSEC_PFKEYv2_ALIGN) -
799 sizeof(struct sadb_supported)) % sizeof(struct sadb_alg))) {
800
801 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
802 "pfkey_supported_parse: "
803 "size wrong ext_len=%d, supported_ext_len=%d alg_ext_len=%d.\n",
804 pfkey_supported->sadb_supported_len,
805 (int)sizeof(struct sadb_supported),
806 (int)sizeof(struct sadb_alg));
807 SENDERR(EINVAL);
808 }
809
810 if(pfkey_supported->sadb_supported_reserved) {
811 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
812 "pfkey_supported_parse: "
813 "res=%d, must be zero.\n",
814 pfkey_supported->sadb_supported_reserved);
815 SENDERR(EINVAL);
816 }
817
818 num_alg = ((pfkey_supported->sadb_supported_len * IPSEC_PFKEYv2_ALIGN) - sizeof(struct sadb_supported)) / sizeof(struct sadb_alg);
819
820 for(i = 0; i < num_alg; i++) {
821 /* process algo description */
822 if(pfkey_alg->sadb_alg_reserved) {
823 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
824 "pfkey_supported_parse: "
825 "alg[%d], id=%d, ivlen=%d, minbits=%d, maxbits=%d, res=%d, must be zero.\n",
826 i,
827 pfkey_alg->sadb_alg_id,
828 pfkey_alg->sadb_alg_ivlen,
829 pfkey_alg->sadb_alg_minbits,
830 pfkey_alg->sadb_alg_maxbits,
831 pfkey_alg->sadb_alg_reserved);
832 SENDERR(EINVAL);
833 }
834
835 /* XXX can alg_id auth/enc be determined from info given?
836 Yes, but OpenBSD's method does not iteroperate with rfc2367.
837 rgb, 2000-04-06 */
838
839 switch(pfkey_supported->sadb_supported_exttype) {
840 case SADB_EXT_SUPPORTED_AUTH:
841 if(pfkey_alg->sadb_alg_id > SADB_AALG_MAX) {
842 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
843 "pfkey_supported_parse: "
844 "alg[%d], alg_id=%d > SADB_AALG_MAX=%d, fatal.\n",
845 i,
846 pfkey_alg->sadb_alg_id,
847 SADB_AALG_MAX);
848 SENDERR(EINVAL);
849 }
850 break;
851 case SADB_EXT_SUPPORTED_ENCRYPT:
852 if(pfkey_alg->sadb_alg_id > SADB_EALG_MAX) {
853 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
854 "pfkey_supported_parse: "
855 "alg[%d], alg_id=%d > SADB_EALG_MAX=%d, fatal.\n",
856 i,
857 pfkey_alg->sadb_alg_id,
858 SADB_EALG_MAX);
859 SENDERR(EINVAL);
860 }
861 break;
862 default:
863 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
864 "pfkey_supported_parse: "
865 "alg[%d], alg_id=%d > SADB_EALG_MAX=%d, fatal.\n",
866 i,
867 pfkey_alg->sadb_alg_id,
868 SADB_EALG_MAX);
869 SENDERR(EINVAL);
870 }
871 pfkey_alg++;
872 }
873
874 errlab:
875 return error;
876 }
877
878 DEBUG_NO_STATIC int
879 pfkey_spirange_parse(struct sadb_ext *pfkey_ext)
880 {
881 int error = 0;
882 struct sadb_spirange *pfkey_spirange = (struct sadb_spirange *)pfkey_ext;
883
884 /* sanity checks... */
885 if(pfkey_spirange->sadb_spirange_len !=
886 sizeof(struct sadb_spirange) / IPSEC_PFKEYv2_ALIGN) {
887 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
888 "pfkey_spirange_parse: "
889 "size wrong ext_len=%d, key_ext_len=%d.\n",
890 pfkey_spirange->sadb_spirange_len,
891 (int)sizeof(struct sadb_spirange));
892 SENDERR(EINVAL);
893 }
894
895 if(pfkey_spirange->sadb_spirange_reserved) {
896 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
897 "pfkey_spirange_parse: "
898 "reserved=%d must be set to zero.\n",
899 pfkey_spirange->sadb_spirange_reserved);
900 SENDERR(EINVAL);
901 }
902
903 if(ntohl(pfkey_spirange->sadb_spirange_max) < ntohl(pfkey_spirange->sadb_spirange_min)) {
904 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
905 "pfkey_spirange_parse: "
906 "minspi=%08x must be < maxspi=%08x.\n",
907 ntohl(pfkey_spirange->sadb_spirange_min),
908 ntohl(pfkey_spirange->sadb_spirange_max));
909 SENDERR(EINVAL);
910 }
911
912 if(ntohl(pfkey_spirange->sadb_spirange_min) <= 255) {
913 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
914 "pfkey_spirange_parse: "
915 "minspi=%08x must be > 255.\n",
916 ntohl(pfkey_spirange->sadb_spirange_min));
917 SENDERR(EEXIST);
918 }
919
920 DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT,
921 "pfkey_spirange_parse: "
922 "ext_len=%u ext_type=%u(%s) min=%u max=%u res=%u.\n",
923 pfkey_spirange->sadb_spirange_len,
924 pfkey_spirange->sadb_spirange_exttype,
925 pfkey_v2_sadb_ext_string(pfkey_spirange->sadb_spirange_exttype),
926 pfkey_spirange->sadb_spirange_min,
927 pfkey_spirange->sadb_spirange_max,
928 pfkey_spirange->sadb_spirange_reserved);
929 errlab:
930 return error;
931 }
932
933 DEBUG_NO_STATIC int
934 pfkey_x_kmprivate_parse(struct sadb_ext *pfkey_ext)
935 {
936 int error = 0;
937 struct sadb_x_kmprivate *pfkey_x_kmprivate = (struct sadb_x_kmprivate *)pfkey_ext;
938
939 /* sanity checks... */
940 if(pfkey_x_kmprivate->sadb_x_kmprivate_len <
941 sizeof(struct sadb_x_kmprivate) / IPSEC_PFKEYv2_ALIGN) {
942 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
943 "pfkey_x_kmprivate_parse: "
944 "size wrong ext_len=%d, key_ext_len=%d.\n",
945 pfkey_x_kmprivate->sadb_x_kmprivate_len,
946 (int)sizeof(struct sadb_x_kmprivate));
947 SENDERR(EINVAL);
948 }
949
950 if(pfkey_x_kmprivate->sadb_x_kmprivate_reserved) {
951 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
952 "pfkey_x_kmprivate_parse: "
953 "reserved=%d must be set to zero.\n",
954 pfkey_x_kmprivate->sadb_x_kmprivate_reserved);
955 SENDERR(EINVAL);
956 }
957
958 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
959 "pfkey_x_kmprivate_parse: "
960 "Sorry, I can't parse exttype=%d yet.\n",
961 pfkey_ext->sadb_ext_type);
962 SENDERR(EINVAL); /* don't process these yet */
963
964 errlab:
965 return error;
966 }
967
968 DEBUG_NO_STATIC int
969 pfkey_x_satype_parse(struct sadb_ext *pfkey_ext)
970 {
971 int error = 0;
972 int i;
973 struct sadb_x_satype *pfkey_x_satype = (struct sadb_x_satype *)pfkey_ext;
974
975 DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW,
976 "pfkey_x_satype_parse: enter\n");
977 /* sanity checks... */
978 if(pfkey_x_satype->sadb_x_satype_len !=
979 sizeof(struct sadb_x_satype) / IPSEC_PFKEYv2_ALIGN) {
980 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
981 "pfkey_x_satype_parse: "
982 "size wrong ext_len=%d, key_ext_len=%d.\n",
983 pfkey_x_satype->sadb_x_satype_len,
984 (int)sizeof(struct sadb_x_satype));
985 SENDERR(EINVAL);
986 }
987
988 if(!pfkey_x_satype->sadb_x_satype_satype) {
989 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
990 "pfkey_x_satype_parse: "
991 "satype is zero, must be non-zero.\n");
992 SENDERR(EINVAL);
993 }
994
995 if(pfkey_x_satype->sadb_x_satype_satype > SADB_SATYPE_MAX) {
996 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
997 "pfkey_x_satype_parse: "
998 "satype %d > max %d, invalid.\n",
999 pfkey_x_satype->sadb_x_satype_satype, SADB_SATYPE_MAX);
1000 SENDERR(EINVAL);
1001 }
1002
1003 if(!(satype2proto(pfkey_x_satype->sadb_x_satype_satype))) {
1004 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
1005 "pfkey_x_satype_parse: "
1006 "proto lookup from satype=%d failed.\n",
1007 pfkey_x_satype->sadb_x_satype_satype);
1008 SENDERR(EINVAL);
1009 }
1010
1011 for(i = 0; i < 3; i++) {
1012 if(pfkey_x_satype->sadb_x_satype_reserved[i]) {
1013 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
1014 "pfkey_x_satype_parse: "
1015 "reserved[%d]=%d must be set to zero.\n",
1016 i, pfkey_x_satype->sadb_x_satype_reserved[i]);
1017 SENDERR(EINVAL);
1018 }
1019 }
1020
1021 DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT,
1022 "pfkey_x_satype_parse: "
1023 "len=%u ext=%u(%s) satype=%u(%s) res=%u,%u,%u.\n",
1024 pfkey_x_satype->sadb_x_satype_len,
1025 pfkey_x_satype->sadb_x_satype_exttype,
1026 pfkey_v2_sadb_ext_string(pfkey_x_satype->sadb_x_satype_exttype),
1027 pfkey_x_satype->sadb_x_satype_satype,
1028 satype2name(pfkey_x_satype->sadb_x_satype_satype),
1029 pfkey_x_satype->sadb_x_satype_reserved[0],
1030 pfkey_x_satype->sadb_x_satype_reserved[1],
1031 pfkey_x_satype->sadb_x_satype_reserved[2]);
1032 errlab:
1033 return error;
1034 }
1035
1036 DEBUG_NO_STATIC int
1037 pfkey_x_ext_debug_parse(struct sadb_ext *pfkey_ext)
1038 {
1039 int error = 0;
1040 int i;
1041 struct sadb_x_debug *pfkey_x_debug = (struct sadb_x_debug *)pfkey_ext;
1042
1043 DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW,
1044 "pfkey_x_debug_parse: enter\n");
1045 /* sanity checks... */
1046 if(pfkey_x_debug->sadb_x_debug_len !=
1047 sizeof(struct sadb_x_debug) / IPSEC_PFKEYv2_ALIGN) {
1048 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
1049 "pfkey_x_debug_parse: "
1050 "size wrong ext_len=%d, key_ext_len=%d.\n",
1051 pfkey_x_debug->sadb_x_debug_len,
1052 (int)sizeof(struct sadb_x_debug));
1053 SENDERR(EINVAL);
1054 }
1055
1056 for(i = 0; i < 4; i++) {
1057 if(pfkey_x_debug->sadb_x_debug_reserved[i]) {
1058 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
1059 "pfkey_x_debug_parse: "
1060 "reserved[%d]=%d must be set to zero.\n",
1061 i, pfkey_x_debug->sadb_x_debug_reserved[i]);
1062 SENDERR(EINVAL);
1063 }
1064 }
1065
1066 errlab:
1067 return error;
1068 }
1069
1070 DEBUG_NO_STATIC int
1071 pfkey_x_ext_protocol_parse(struct sadb_ext *pfkey_ext)
1072 {
1073 int error = 0;
1074 struct sadb_protocol *p = (struct sadb_protocol *)pfkey_ext;
1075
1076 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, "pfkey_x_protocol_parse:\n");
1077 /* sanity checks... */
1078
1079 if (p->sadb_protocol_len != sizeof(*p)/IPSEC_PFKEYv2_ALIGN) {
1080 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
1081 "pfkey_x_protocol_parse: size wrong ext_len=%d, key_ext_len=%d.\n",
1082 p->sadb_protocol_len, (int)sizeof(*p));
1083 SENDERR(EINVAL);
1084 }
1085
1086 if (p->sadb_protocol_reserved2 != 0) {
1087 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
1088 "pfkey_protocol_parse: res=%d, must be zero.\n",
1089 p->sadb_protocol_reserved2);
1090 SENDERR(EINVAL);
1091 }
1092
1093 errlab:
1094 return error;
1095 }
1096
1097 DEBUG_NO_STATIC int
1098 pfkey_x_ext_nat_t_type_parse(struct sadb_ext *pfkey_ext)
1099 {
1100 return 0;
1101 }
1102
1103 DEBUG_NO_STATIC int
1104 pfkey_x_ext_nat_t_port_parse(struct sadb_ext *pfkey_ext)
1105 {
1106 return 0;
1107 }
1108
1109 #define DEFINEPARSER(NAME) static struct pf_key_ext_parsers_def NAME##_def={NAME, #NAME};
1110
1111 DEFINEPARSER(pfkey_sa_parse);
1112 DEFINEPARSER(pfkey_lifetime_parse);
1113 DEFINEPARSER(pfkey_address_parse);
1114 DEFINEPARSER(pfkey_key_parse);
1115 DEFINEPARSER(pfkey_ident_parse);
1116 DEFINEPARSER(pfkey_sens_parse);
1117 DEFINEPARSER(pfkey_prop_parse);
1118 DEFINEPARSER(pfkey_supported_parse);
1119 DEFINEPARSER(pfkey_spirange_parse);
1120 DEFINEPARSER(pfkey_x_kmprivate_parse);
1121 DEFINEPARSER(pfkey_x_satype_parse);
1122 DEFINEPARSER(pfkey_x_ext_debug_parse);
1123 DEFINEPARSER(pfkey_x_ext_protocol_parse);
1124 DEFINEPARSER(pfkey_x_ext_nat_t_type_parse);
1125 DEFINEPARSER(pfkey_x_ext_nat_t_port_parse);
1126
1127 struct pf_key_ext_parsers_def *ext_default_parsers[]=
1128 {
1129 NULL, /* pfkey_msg_parse, */
1130 &pfkey_sa_parse_def,
1131 &pfkey_lifetime_parse_def,
1132 &pfkey_lifetime_parse_def,
1133 &pfkey_lifetime_parse_def,
1134 &pfkey_address_parse_def,
1135 &pfkey_address_parse_def,
1136 &pfkey_address_parse_def,
1137 &pfkey_key_parse_def,
1138 &pfkey_key_parse_def,
1139 &pfkey_ident_parse_def,
1140 &pfkey_ident_parse_def,
1141 &pfkey_sens_parse_def,
1142 &pfkey_prop_parse_def,
1143 &pfkey_supported_parse_def,
1144 &pfkey_supported_parse_def,
1145 &pfkey_spirange_parse_def,
1146 &pfkey_x_kmprivate_parse_def,
1147 &pfkey_x_satype_parse_def,
1148 &pfkey_sa_parse_def,
1149 &pfkey_address_parse_def,
1150 &pfkey_address_parse_def,
1151 &pfkey_address_parse_def,
1152 &pfkey_address_parse_def,
1153 &pfkey_address_parse_def,
1154 &pfkey_x_ext_debug_parse_def,
1155 &pfkey_x_ext_protocol_parse_def ,
1156 &pfkey_x_ext_nat_t_type_parse_def,
1157 &pfkey_x_ext_nat_t_port_parse_def,
1158 &pfkey_x_ext_nat_t_port_parse_def,
1159 &pfkey_address_parse_def
1160 };
1161
1162 int
1163 pfkey_msg_parse(struct sadb_msg *pfkey_msg,
1164 struct pf_key_ext_parsers_def *ext_parsers[],
1165 struct sadb_ext *extensions[],
1166 int dir)
1167 {
1168 int error = 0;
1169 int remain;
1170 struct sadb_ext *pfkey_ext;
1171 int extensions_seen = 0;
1172
1173 DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT,
1174 "pfkey_msg_parse: "
1175 "parsing message ver=%d, type=%d(%s), errno=%d, satype=%d(%s), len=%d, res=%d, seq=%d, pid=%d.\n",
1176 pfkey_msg->sadb_msg_version,
1177 pfkey_msg->sadb_msg_type,
1178 pfkey_v2_sadb_type_string(pfkey_msg->sadb_msg_type),
1179 pfkey_msg->sadb_msg_errno,
1180 pfkey_msg->sadb_msg_satype,
1181 satype2name(pfkey_msg->sadb_msg_satype),
1182 pfkey_msg->sadb_msg_len,
1183 pfkey_msg->sadb_msg_reserved,
1184 pfkey_msg->sadb_msg_seq,
1185 pfkey_msg->sadb_msg_pid);
1186
1187 if(ext_parsers == NULL) ext_parsers = ext_default_parsers;
1188
1189 pfkey_extensions_init(extensions);
1190
1191 remain = pfkey_msg->sadb_msg_len;
1192 remain -= sizeof(struct sadb_msg) / IPSEC_PFKEYv2_ALIGN;
1193
1194 pfkey_ext = (struct sadb_ext*)((char*)pfkey_msg +
1195 sizeof(struct sadb_msg));
1196
1197 extensions[0] = (struct sadb_ext *) pfkey_msg;
1198
1199
1200 if(pfkey_msg->sadb_msg_version != PF_KEY_V2) {
1201 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
1202 "pfkey_msg_parse: "
1203 "not PF_KEY_V2 msg, found %d, should be %d.\n",
1204 pfkey_msg->sadb_msg_version,
1205 PF_KEY_V2);
1206 SENDERR(EINVAL);
1207 }
1208
1209 if(!pfkey_msg->sadb_msg_type) {
1210 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
1211 "pfkey_msg_parse: "
1212 "msg type not set, must be non-zero..\n");
1213 SENDERR(EINVAL);
1214 }
1215
1216 if(pfkey_msg->sadb_msg_type > SADB_MAX) {
1217 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
1218 "pfkey_msg_parse: "
1219 "msg type=%d > max=%d.\n",
1220 pfkey_msg->sadb_msg_type,
1221 SADB_MAX);
1222 SENDERR(EINVAL);
1223 }
1224
1225 switch(pfkey_msg->sadb_msg_type) {
1226 case SADB_GETSPI:
1227 case SADB_UPDATE:
1228 case SADB_ADD:
1229 case SADB_DELETE:
1230 case SADB_GET:
1231 case SADB_X_GRPSA:
1232 case SADB_X_ADDFLOW:
1233 if(!satype2proto(pfkey_msg->sadb_msg_satype)) {
1234 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
1235 "pfkey_msg_parse: "
1236 "satype %d conversion to proto failed for msg_type %d (%s).\n",
1237 pfkey_msg->sadb_msg_satype,
1238 pfkey_msg->sadb_msg_type,
1239 pfkey_v2_sadb_type_string(pfkey_msg->sadb_msg_type));
1240 SENDERR(EINVAL);
1241 } else {
1242 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
1243 "pfkey_msg_parse: "
1244 "satype %d(%s) conversion to proto gives %d for msg_type %d(%s).\n",
1245 pfkey_msg->sadb_msg_satype,
1246 satype2name(pfkey_msg->sadb_msg_satype),
1247 satype2proto(pfkey_msg->sadb_msg_satype),
1248 pfkey_msg->sadb_msg_type,
1249 pfkey_v2_sadb_type_string(pfkey_msg->sadb_msg_type));
1250 }
1251 /* fall through */
1252 case SADB_ACQUIRE:
1253 case SADB_REGISTER:
1254 case SADB_EXPIRE:
1255 if(!pfkey_msg->sadb_msg_satype) {
1256 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
1257 "pfkey_msg_parse: "
1258 "satype is zero, must be non-zero for msg_type %d(%s).\n",
1259 pfkey_msg->sadb_msg_type,
1260 pfkey_v2_sadb_type_string(pfkey_msg->sadb_msg_type));
1261 SENDERR(EINVAL);
1262 }
1263 default:
1264 break;
1265 }
1266
1267 /* errno must not be set in downward messages */
1268 /* this is not entirely true... a response to an ACQUIRE could return an error */
1269 if((dir == EXT_BITS_IN) && (pfkey_msg->sadb_msg_type != SADB_ACQUIRE) && pfkey_msg->sadb_msg_errno) {
1270 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
1271 "pfkey_msg_parse: "
1272 "errno set to %d.\n",
1273 pfkey_msg->sadb_msg_errno);
1274 SENDERR(EINVAL);
1275 }
1276
1277 DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW,
1278 "pfkey_msg_parse: "
1279 "remain=%d, ext_type=%d(%s), ext_len=%d.\n",
1280 remain,
1281 pfkey_ext->sadb_ext_type,
1282 pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type),
1283 pfkey_ext->sadb_ext_len);
1284
1285 DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW,
1286 "pfkey_msg_parse: "
1287 "extensions permitted=%08x, required=%08x.\n",
1288 extensions_bitmaps[dir][EXT_BITS_PERM][pfkey_msg->sadb_msg_type],
1289 extensions_bitmaps[dir][EXT_BITS_REQ][pfkey_msg->sadb_msg_type]);
1290
1291 extensions_seen = 1;
1292
1293 while( (remain * IPSEC_PFKEYv2_ALIGN) >= sizeof(struct sadb_ext) ) {
1294 /* Is there enough message left to support another extension header? */
1295 if(remain < pfkey_ext->sadb_ext_len) {
1296 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
1297 "pfkey_msg_parse: "
1298 "remain %d less than ext len %d.\n",
1299 remain, pfkey_ext->sadb_ext_len);
1300 SENDERR(EINVAL);
1301 }
1302
1303 DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW,
1304 "pfkey_msg_parse: "
1305 "parsing ext type=%d(%s) remain=%d.\n",
1306 pfkey_ext->sadb_ext_type,
1307 pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type),
1308 remain);
1309
1310 /* Is the extension header type valid? */
1311 if((pfkey_ext->sadb_ext_type > SADB_EXT_MAX) || (!pfkey_ext->sadb_ext_type)) {
1312 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
1313 "pfkey_msg_parse: "
1314 "ext type %d(%s) invalid, SADB_EXT_MAX=%d.\n",
1315 pfkey_ext->sadb_ext_type,
1316 pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type),
1317 SADB_EXT_MAX);
1318 SENDERR(EINVAL);
1319 }
1320
1321 /* Have we already seen this type of extension? */
1322 if((extensions_seen & ( 1 << pfkey_ext->sadb_ext_type )) != 0)
1323 {
1324 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
1325 "pfkey_msg_parse: "
1326 "ext type %d(%s) already seen.\n",
1327 pfkey_ext->sadb_ext_type,
1328 pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type));
1329 SENDERR(EINVAL);
1330 }
1331
1332 /* Do I even know about this type of extension? */
1333 if(ext_parsers[pfkey_ext->sadb_ext_type]==NULL) {
1334 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
1335 "pfkey_msg_parse: "
1336 "ext type %d(%s) unknown, ignoring.\n",
1337 pfkey_ext->sadb_ext_type,
1338 pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type));
1339 goto next_ext;
1340 }
1341
1342 /* Is this type of extension permitted for this type of message? */
1343 if(!(extensions_bitmaps[dir][EXT_BITS_PERM][pfkey_msg->sadb_msg_type] &
1344 1<<pfkey_ext->sadb_ext_type)) {
1345 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
1346 "pfkey_msg_parse: "
1347 "ext type %d(%s) not permitted, exts_perm_in=%08x, 1<<type=%08x\n",
1348 pfkey_ext->sadb_ext_type,
1349 pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type),
1350 extensions_bitmaps[dir][EXT_BITS_PERM][pfkey_msg->sadb_msg_type],
1351 1<<pfkey_ext->sadb_ext_type);
1352 SENDERR(EINVAL);
1353 }
1354
1355 DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT,
1356 "pfkey_msg_parse: "
1357 "remain=%d ext_type=%d(%s) ext_len=%d parsing ext 0p%p with parser %s.\n",
1358 remain,
1359 pfkey_ext->sadb_ext_type,
1360 pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type),
1361 pfkey_ext->sadb_ext_len,
1362 pfkey_ext,
1363 ext_parsers[pfkey_ext->sadb_ext_type]->parser_name);
1364
1365 /* Parse the extension */
1366 if((error =
1367 (*ext_parsers[pfkey_ext->sadb_ext_type]->parser)(pfkey_ext))) {
1368 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
1369 "pfkey_msg_parse: "
1370 "extension parsing for type %d(%s) failed with error %d.\n",
1371 pfkey_ext->sadb_ext_type,
1372 pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type),
1373 error);
1374 SENDERR(-error);
1375 }
1376 DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW,
1377 "pfkey_msg_parse: "
1378 "Extension %d(%s) parsed.\n",
1379 pfkey_ext->sadb_ext_type,
1380 pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type));
1381
1382 /* Mark that we have seen this extension and remember the header location */
1383 extensions_seen |= ( 1 << pfkey_ext->sadb_ext_type );
1384 extensions[pfkey_ext->sadb_ext_type] = pfkey_ext;
1385
1386 next_ext:
1387 /* Calculate how much message remains */
1388 remain -= pfkey_ext->sadb_ext_len;
1389
1390 if(!remain) {
1391 break;
1392 }
1393 /* Find the next extension header */
1394 pfkey_ext = (struct sadb_ext*)((char*)pfkey_ext +
1395 pfkey_ext->sadb_ext_len * IPSEC_PFKEYv2_ALIGN);
1396 }
1397
1398 if(remain) {
1399 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
1400 "pfkey_msg_parse: "
1401 "unexpected remainder of %d.\n",
1402 remain);
1403 /* why is there still something remaining? */
1404 SENDERR(EINVAL);
1405 }
1406
1407 /* check required extensions */
1408 DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT,
1409 "pfkey_msg_parse: "
1410 "extensions permitted=%08x, seen=%08x, required=%08x.\n",
1411 extensions_bitmaps[dir][EXT_BITS_PERM][pfkey_msg->sadb_msg_type],
1412 extensions_seen,
1413 extensions_bitmaps[dir][EXT_BITS_REQ][pfkey_msg->sadb_msg_type]);
1414
1415 /* don't check further if it is an error return message since it
1416 may not have a body */
1417 if(pfkey_msg->sadb_msg_errno) {
1418 SENDERR(-error);
1419 }
1420
1421 if((extensions_seen &
1422 extensions_bitmaps[dir][EXT_BITS_REQ][pfkey_msg->sadb_msg_type]) !=
1423 extensions_bitmaps[dir][EXT_BITS_REQ][pfkey_msg->sadb_msg_type]) {
1424 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
1425 "pfkey_msg_parse: "
1426 "required extensions missing:%08x.\n",
1427 extensions_bitmaps[dir][EXT_BITS_REQ][pfkey_msg->sadb_msg_type] -
1428 (extensions_seen &
1429 extensions_bitmaps[dir][EXT_BITS_REQ][pfkey_msg->sadb_msg_type]));
1430 SENDERR(EINVAL);
1431 }
1432
1433 if((dir == EXT_BITS_IN) && (pfkey_msg->sadb_msg_type == SADB_X_DELFLOW)
1434 && ((extensions_seen & SADB_X_EXT_ADDRESS_DELFLOW)
1435 != SADB_X_EXT_ADDRESS_DELFLOW)
1436 && (((extensions_seen & (1<<SADB_EXT_SA)) != (1<<SADB_EXT_SA))
1437 || ((((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_flags
1438 & SADB_X_SAFLAGS_CLEARFLOW)
1439 != SADB_X_SAFLAGS_CLEARFLOW))) {
1440 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
1441 "pfkey_msg_parse: "
1442 "required SADB_X_DELFLOW extensions missing: either %08x must be present or %08x must be present with SADB_X_SAFLAGS_CLEARFLOW set.\n",
1443 SADB_X_EXT_ADDRESS_DELFLOW
1444 - (extensions_seen & SADB_X_EXT_ADDRESS_DELFLOW),
1445 (1<<SADB_EXT_SA) - (extensions_seen & (1<<SADB_EXT_SA)));
1446 SENDERR(EINVAL);
1447 }
1448
1449 switch(pfkey_msg->sadb_msg_type) {
1450 case SADB_ADD:
1451 case SADB_UPDATE:
1452 /* check maturity */
1453 if(((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_state !=
1454 SADB_SASTATE_MATURE) {
1455 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
1456 "pfkey_msg_parse: "
1457 "state=%d for add or update should be MATURE=%d.\n",
1458 ((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_state,
1459 SADB_SASTATE_MATURE);
1460 SENDERR(EINVAL);
1461 }
1462
1463 /* check AH and ESP */
1464 switch(((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_satype) {
1465 case SADB_SATYPE_AH:
1466 if(!(((struct sadb_sa*)extensions[SADB_EXT_SA]) &&
1467 ((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_auth !=
1468 SADB_AALG_NONE)) {
1469 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
1470 "pfkey_msg_parse: "
1471 "auth alg is zero, must be non-zero for AH SAs.\n");
1472 SENDERR(EINVAL);
1473 }
1474 if(((struct sadb_sa*)(extensions[SADB_EXT_SA]))->sadb_sa_encrypt !=
1475 SADB_EALG_NONE) {
1476 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
1477 "pfkey_msg_parse: "
1478 "AH handed encalg=%d, must be zero.\n",
1479 ((struct sadb_sa*)(extensions[SADB_EXT_SA]))->sadb_sa_encrypt);
1480 SENDERR(EINVAL);
1481 }
1482 break;
1483 case SADB_SATYPE_ESP:
1484 if(!(((struct sadb_sa*)extensions[SADB_EXT_SA]) &&
1485 ((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_encrypt !=
1486 SADB_EALG_NONE)) {
1487 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
1488 "pfkey_msg_parse: "
1489 "encrypt alg=%d is zero, must be non-zero for ESP=%d SAs.\n",
1490 ((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_encrypt,
1491 ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_satype);
1492 SENDERR(EINVAL);
1493 }
1494 if((((struct sadb_sa*)(extensions[SADB_EXT_SA]))->sadb_sa_encrypt ==
1495 SADB_EALG_NULL) &&
1496 (((struct sadb_sa*)(extensions[SADB_EXT_SA]))->sadb_sa_auth ==
1497 SADB_AALG_NONE) ) {
1498 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
1499 "pfkey_msg_parse: "
1500 "ESP handed encNULL+authNONE, illegal combination.\n");
1501 SENDERR(EINVAL);
1502 }
1503 break;
1504 case SADB_X_SATYPE_COMP:
1505 if(!(((struct sadb_sa*)extensions[SADB_EXT_SA]) &&
1506 ((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_encrypt !=
1507 SADB_EALG_NONE)) {
1508 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
1509 "pfkey_msg_parse: "
1510 "encrypt alg=%d is zero, must be non-zero for COMP=%d SAs.\n",
1511 ((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_encrypt,
1512 ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_satype);
1513 SENDERR(EINVAL);
1514 }
1515 if(((struct sadb_sa*)(extensions[SADB_EXT_SA]))->sadb_sa_auth !=
1516 SADB_AALG_NONE) {
1517 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
1518 "pfkey_msg_parse: "
1519 "COMP handed auth=%d, must be zero.\n",
1520 ((struct sadb_sa*)(extensions[SADB_EXT_SA]))->sadb_sa_auth);
1521 SENDERR(EINVAL);
1522 }
1523 break;
1524 default:
1525 break;
1526 }
1527 if(ntohl(((struct sadb_sa*)(extensions[SADB_EXT_SA]))->sadb_sa_spi) <= 255) {
1528 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
1529 "pfkey_msg_parse: "
1530 "spi=%08x must be > 255.\n",
1531 ntohl(((struct sadb_sa*)(extensions[SADB_EXT_SA]))->sadb_sa_spi));
1532 SENDERR(EINVAL);
1533 }
1534 default:
1535 break;
1536 }
1537 errlab:
1538
1539 return error;
1540 }