a143003b3bfe4f01340b7770530f3c6686671fa6
[strongswan.git] / src / libfreeswan / pfkey_v2_parse.c
1 /*
2 * RFC2367 PF_KEYv2 Key management API message parser
3 * Copyright (C) 1999, 2000, 2001 Richard Guy Briggs.
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 /*
17 * Template from klips/net/ipsec/ipsec/ipsec_parser.c.
18 */
19
20 char pfkey_v2_parse_c_version[] = "";
21
22 # include <sys/types.h>
23 # include <sys/socket.h>
24 # include <errno.h>
25
26 # include <freeswan.h>
27 # include <constants.h>
28 # include <defs.h> /* for PRINTF_LIKE */
29 # include <log.h> /* for debugging and DBG_log */
30
31 # ifdef PLUTO
32 # define DEBUGGING(level, args...) { DBG_log("pfkey_lib_debug:" args); }
33 # else
34 # define DEBUGGING(level, args...) if(pfkey_lib_debug & level) { printf("pfkey_lib_debug:" args); } else { ; }
35 # endif
36
37 #include <pfkeyv2.h>
38 #include <pfkey.h>
39
40
41 #define SENDERR(_x) do { error = -(_x); goto errlab; } while (0)
42
43 struct satype_tbl {
44 uint8_t proto;
45 uint8_t satype;
46 char* name;
47 } static satype_tbl[] = {
48 { SA_ESP, SADB_SATYPE_ESP, "ESP" },
49 { SA_AH, SADB_SATYPE_AH, "AH" },
50 { SA_IPIP, SADB_X_SATYPE_IPIP, "IPIP" },
51 { SA_COMP, SADB_X_SATYPE_COMP, "COMP" },
52 { SA_INT, SADB_X_SATYPE_INT, "INT" },
53 { 0, 0, "UNKNOWN" }
54 };
55
56 uint8_t
57 satype2proto(uint8_t satype)
58 {
59 int i =0;
60
61 while(satype_tbl[i].satype != satype && satype_tbl[i].satype != 0) {
62 i++;
63 }
64 return satype_tbl[i].proto;
65 }
66
67 uint8_t
68 proto2satype(uint8_t proto)
69 {
70 int i = 0;
71
72 while(satype_tbl[i].proto != proto && satype_tbl[i].proto != 0) {
73 i++;
74 }
75 return satype_tbl[i].satype;
76 }
77
78 char*
79 satype2name(uint8_t satype)
80 {
81 int i = 0;
82
83 while(satype_tbl[i].satype != satype && satype_tbl[i].satype != 0) {
84 i++;
85 }
86 return satype_tbl[i].name;
87 }
88
89 char*
90 proto2name(uint8_t proto)
91 {
92 int i = 0;
93
94 while(satype_tbl[i].proto != proto && satype_tbl[i].proto != 0) {
95 i++;
96 }
97 return satype_tbl[i].name;
98 }
99
100 /* Default extension parsers taken from the KLIPS code */
101
102 DEBUG_NO_STATIC int
103 pfkey_sa_parse(struct sadb_ext *pfkey_ext)
104 {
105 int error = 0;
106 struct sadb_sa *pfkey_sa = (struct sadb_sa *)pfkey_ext;
107 #if 0
108 struct sadb_sa sav2;
109 #endif
110
111 DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW,
112 "pfkey_sa_parse: entry\n");
113 /* sanity checks... */
114 if(!pfkey_sa) {
115 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
116 "pfkey_sa_parse: "
117 "NULL pointer passed in.\n");
118 SENDERR(EINVAL);
119 }
120
121 #if 0
122 /* check if this structure is short, and if so, fix it up.
123 * XXX this is NOT the way to do things.
124 */
125 if(pfkey_sa->sadb_sa_len == sizeof(struct sadb_sa_v1)/IPSEC_PFKEYv2_ALIGN) {
126
127 /* yes, so clear out a temporary structure, and copy first */
128 memset(&sav2, 0, sizeof(sav2));
129 memcpy(&sav2, pfkey_sa, sizeof(struct sadb_sa_v1));
130 sav2.sadb_x_sa_ref=-1;
131 sav2.sadb_sa_len = sizeof(struct sadb_sa) / IPSEC_PFKEYv2_ALIGN;
132
133 pfkey_sa = &sav2;
134 }
135 #endif
136
137
138 if(pfkey_sa->sadb_sa_len != sizeof(struct sadb_sa) / IPSEC_PFKEYv2_ALIGN) {
139 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
140 "pfkey_sa_parse: "
141 "length wrong pfkey_sa->sadb_sa_len=%d sizeof(struct sadb_sa)=%d.\n",
142 pfkey_sa->sadb_sa_len,
143 (int)sizeof(struct sadb_sa));
144 SENDERR(EINVAL);
145 }
146
147 if(pfkey_sa->sadb_sa_encrypt > SADB_EALG_MAX) {
148 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
149 "pfkey_sa_parse: "
150 "pfkey_sa->sadb_sa_encrypt=%d > SADB_EALG_MAX=%d.\n",
151 pfkey_sa->sadb_sa_encrypt,
152 SADB_EALG_MAX);
153 SENDERR(EINVAL);
154 }
155
156 if(pfkey_sa->sadb_sa_auth > SADB_AALG_MAX) {
157 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
158 "pfkey_sa_parse: "
159 "pfkey_sa->sadb_sa_auth=%d > SADB_AALG_MAX=%d.\n",
160 pfkey_sa->sadb_sa_auth,
161 SADB_AALG_MAX);
162 SENDERR(EINVAL);
163 }
164
165 if(pfkey_sa->sadb_sa_state > SADB_SASTATE_MAX) {
166 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
167 "pfkey_sa_parse: "
168 "state=%d exceeds MAX=%d.\n",
169 pfkey_sa->sadb_sa_state,
170 SADB_SASTATE_MAX);
171 SENDERR(EINVAL);
172 }
173
174 if(pfkey_sa->sadb_sa_state == SADB_SASTATE_DEAD) {
175 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
176 "pfkey_sa_parse: "
177 "state=%d is DEAD=%d.\n",
178 pfkey_sa->sadb_sa_state,
179 SADB_SASTATE_DEAD);
180 SENDERR(EINVAL);
181 }
182
183 if(pfkey_sa->sadb_sa_replay > 64) {
184 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
185 "pfkey_sa_parse: "
186 "replay window size: %d -- must be 0 <= size <= 64\n",
187 pfkey_sa->sadb_sa_replay);
188 SENDERR(EINVAL);
189 }
190
191 if(! ((pfkey_sa->sadb_sa_exttype == SADB_EXT_SA) ||
192 (pfkey_sa->sadb_sa_exttype == SADB_X_EXT_SA2)))
193 {
194 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
195 "pfkey_sa_parse: "
196 "unknown exttype=%d, expecting SADB_EXT_SA=%d or SADB_X_EXT_SA2=%d.\n",
197 pfkey_sa->sadb_sa_exttype,
198 SADB_EXT_SA,
199 SADB_X_EXT_SA2);
200 SENDERR(EINVAL);
201 }
202
203 if((IPSEC_SAREF_NULL != pfkey_sa->sadb_x_sa_ref) && (pfkey_sa->sadb_x_sa_ref >= (1 << IPSEC_SA_REF_TABLE_IDX_WIDTH))) {
204 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
205 "pfkey_sa_parse: "
206 "SAref=%d must be (SAref == IPSEC_SAREF_NULL(%d) || SAref < IPSEC_SA_REF_TABLE_NUM_ENTRIES(%d)).\n",
207 pfkey_sa->sadb_x_sa_ref,
208 IPSEC_SAREF_NULL,
209 IPSEC_SA_REF_TABLE_NUM_ENTRIES);
210 SENDERR(EINVAL);
211 }
212
213 DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT,
214 "pfkey_sa_parse: "
215 "successfully found len=%d exttype=%d(%s) spi=%08lx replay=%d state=%d auth=%d encrypt=%d flags=%d ref=%d.\n",
216 pfkey_sa->sadb_sa_len,
217 pfkey_sa->sadb_sa_exttype,
218 pfkey_v2_sadb_ext_string(pfkey_sa->sadb_sa_exttype),
219 (long unsigned int)ntohl(pfkey_sa->sadb_sa_spi),
220 pfkey_sa->sadb_sa_replay,
221 pfkey_sa->sadb_sa_state,
222 pfkey_sa->sadb_sa_auth,
223 pfkey_sa->sadb_sa_encrypt,
224 pfkey_sa->sadb_sa_flags,
225 pfkey_sa->sadb_x_sa_ref);
226
227 errlab:
228 return error;
229 }
230
231 DEBUG_NO_STATIC int
232 pfkey_lifetime_parse(struct sadb_ext *pfkey_ext)
233 {
234 int error = 0;
235 struct sadb_lifetime *pfkey_lifetime = (struct sadb_lifetime *)pfkey_ext;
236
237 DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW,
238 "pfkey_lifetime_parse:enter\n");
239 /* sanity checks... */
240 if(!pfkey_lifetime) {
241 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
242 "pfkey_lifetime_parse: "
243 "NULL pointer passed in.\n");
244 SENDERR(EINVAL);
245 }
246
247 if(pfkey_lifetime->sadb_lifetime_len !=
248 sizeof(struct sadb_lifetime) / IPSEC_PFKEYv2_ALIGN) {
249 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
250 "pfkey_lifetime_parse: "
251 "length wrong pfkey_lifetime->sadb_lifetime_len=%d sizeof(struct sadb_lifetime)=%d.\n",
252 pfkey_lifetime->sadb_lifetime_len,
253 (int)sizeof(struct sadb_lifetime));
254 SENDERR(EINVAL);
255 }
256
257 if((pfkey_lifetime->sadb_lifetime_exttype != SADB_EXT_LIFETIME_HARD) &&
258 (pfkey_lifetime->sadb_lifetime_exttype != SADB_EXT_LIFETIME_SOFT) &&
259 (pfkey_lifetime->sadb_lifetime_exttype != SADB_EXT_LIFETIME_CURRENT)) {
260 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
261 "pfkey_lifetime_parse: "
262 "unexpected ext_type=%d.\n",
263 pfkey_lifetime->sadb_lifetime_exttype);
264 SENDERR(EINVAL);
265 }
266
267 DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT,
268 "pfkey_lifetime_parse: "
269 "life_type=%d(%s) alloc=%u bytes=%u add=%u use=%u pkts=%u.\n",
270 pfkey_lifetime->sadb_lifetime_exttype,
271 pfkey_v2_sadb_ext_string(pfkey_lifetime->sadb_lifetime_exttype),
272 pfkey_lifetime->sadb_lifetime_allocations,
273 (unsigned)pfkey_lifetime->sadb_lifetime_bytes,
274 (unsigned)pfkey_lifetime->sadb_lifetime_addtime,
275 (unsigned)pfkey_lifetime->sadb_lifetime_usetime,
276 pfkey_lifetime->sadb_x_lifetime_packets);
277 errlab:
278 return error;
279 }
280
281 DEBUG_NO_STATIC int
282 pfkey_address_parse(struct sadb_ext *pfkey_ext)
283 {
284 int error = 0;
285 int saddr_len = 0;
286 struct sadb_address *pfkey_address = (struct sadb_address *)pfkey_ext;
287 struct sockaddr* s = (struct sockaddr*)((char*)pfkey_address + sizeof(*pfkey_address));
288 char ipaddr_txt[ADDRTOT_BUF];
289
290 DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW,
291 "pfkey_address_parse:enter\n");
292 /* sanity checks... */
293 if(!pfkey_address) {
294 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
295 "pfkey_address_parse: "
296 "NULL pointer passed in.\n");
297 SENDERR(EINVAL);
298 }
299
300 if(pfkey_address->sadb_address_len <
301 (sizeof(struct sadb_address) + sizeof(struct sockaddr))/
302 IPSEC_PFKEYv2_ALIGN) {
303 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
304 "pfkey_address_parse: "
305 "size wrong 1 ext_len=%d, adr_ext_len=%d, saddr_len=%d.\n",
306 pfkey_address->sadb_address_len,
307 (int)sizeof(struct sadb_address),
308 (int)sizeof(struct sockaddr));
309 SENDERR(EINVAL);
310 }
311
312 if(pfkey_address->sadb_address_reserved) {
313 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
314 "pfkey_address_parse: "
315 "res=%d, must be zero.\n",
316 pfkey_address->sadb_address_reserved);
317 SENDERR(EINVAL);
318 }
319
320 switch(pfkey_address->sadb_address_exttype) {
321 case SADB_EXT_ADDRESS_SRC:
322 case SADB_EXT_ADDRESS_DST:
323 case SADB_EXT_ADDRESS_PROXY:
324 case SADB_X_EXT_ADDRESS_DST2:
325 case SADB_X_EXT_ADDRESS_SRC_FLOW:
326 case SADB_X_EXT_ADDRESS_DST_FLOW:
327 case SADB_X_EXT_ADDRESS_SRC_MASK:
328 case SADB_X_EXT_ADDRESS_DST_MASK:
329 case SADB_X_EXT_NAT_T_OA:
330 break;
331 default:
332 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
333 "pfkey_address_parse: "
334 "unexpected ext_type=%d.\n",
335 pfkey_address->sadb_address_exttype);
336 SENDERR(EINVAL);
337 }
338
339 switch(s->sa_family) {
340 case AF_INET:
341 saddr_len = sizeof(struct sockaddr_in);
342 sprintf(ipaddr_txt, "%d.%d.%d.%d"
343 , (((struct sockaddr_in*)s)->sin_addr.s_addr >> 0) & 0xFF
344 , (((struct sockaddr_in*)s)->sin_addr.s_addr >> 8) & 0xFF
345 , (((struct sockaddr_in*)s)->sin_addr.s_addr >> 16) & 0xFF
346 , (((struct sockaddr_in*)s)->sin_addr.s_addr >> 24) & 0xFF);
347 DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT,
348 "pfkey_address_parse: "
349 "found exttype=%u(%s) family=%d(AF_INET) address=%s proto=%u port=%u.\n",
350 pfkey_address->sadb_address_exttype,
351 pfkey_v2_sadb_ext_string(pfkey_address->sadb_address_exttype),
352 s->sa_family,
353 ipaddr_txt,
354 pfkey_address->sadb_address_proto,
355 ntohs(((struct sockaddr_in*)s)->sin_port));
356 break;
357 case AF_INET6:
358 saddr_len = sizeof(struct sockaddr_in6);
359 sprintf(ipaddr_txt, "%x:%x:%x:%x:%x:%x:%x:%x"
360 , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr[0])
361 , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr[1])
362 , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr[2])
363 , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr[3])
364 , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr[4])
365 , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr[5])
366 , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr[6])
367 , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr[7]));
368 DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT,
369 "pfkey_address_parse: "
370 "found exttype=%u(%s) family=%d(AF_INET6) address=%s proto=%u port=%u.\n",
371 pfkey_address->sadb_address_exttype,
372 pfkey_v2_sadb_ext_string(pfkey_address->sadb_address_exttype),
373 s->sa_family,
374 ipaddr_txt,
375 pfkey_address->sadb_address_proto,
376 ((struct sockaddr_in6*)s)->sin6_port);
377 break;
378 default:
379 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
380 "pfkey_address_parse: "
381 "s->sa_family=%d not supported.\n",
382 s->sa_family);
383 SENDERR(EPFNOSUPPORT);
384 }
385
386 if(pfkey_address->sadb_address_len !=
387 DIVUP(sizeof(struct sadb_address) + saddr_len, IPSEC_PFKEYv2_ALIGN)) {
388 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
389 "pfkey_address_parse: "
390 "size wrong 2 ext_len=%d, adr_ext_len=%d, saddr_len=%d.\n",
391 pfkey_address->sadb_address_len,
392 (int)sizeof(struct sadb_address),
393 saddr_len);
394 SENDERR(EINVAL);
395 }
396
397 if(pfkey_address->sadb_address_prefixlen != 0) {
398 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
399 "pfkey_address_parse: "
400 "address prefixes not supported yet.\n");
401 SENDERR(EAFNOSUPPORT); /* not supported yet */
402 }
403
404 /* XXX check if port!=0 */
405
406 DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW,
407 "pfkey_address_parse: successful.\n");
408 errlab:
409 return error;
410 }
411
412 DEBUG_NO_STATIC int
413 pfkey_key_parse(struct sadb_ext *pfkey_ext)
414 {
415 int error = 0;
416 struct sadb_key *pfkey_key = (struct sadb_key *)pfkey_ext;
417
418 DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW,
419 "pfkey_key_parse:enter\n");
420 /* sanity checks... */
421
422 if(!pfkey_key) {
423 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
424 "pfkey_key_parse: "
425 "NULL pointer passed in.\n");
426 SENDERR(EINVAL);
427 }
428
429 if(pfkey_key->sadb_key_len < sizeof(struct sadb_key) / IPSEC_PFKEYv2_ALIGN) {
430 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
431 "pfkey_key_parse: "
432 "size wrong ext_len=%d, key_ext_len=%d.\n",
433 pfkey_key->sadb_key_len,
434 (int)sizeof(struct sadb_key));
435 SENDERR(EINVAL);
436 }
437
438 if(!pfkey_key->sadb_key_bits) {
439 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
440 "pfkey_key_parse: "
441 "key length set to zero, must be non-zero.\n");
442 SENDERR(EINVAL);
443 }
444
445 if(pfkey_key->sadb_key_len !=
446 DIVUP(sizeof(struct sadb_key) * OCTETBITS + pfkey_key->sadb_key_bits,
447 PFKEYBITS)) {
448 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
449 "pfkey_key_parse: "
450 "key length=%d does not agree with extension length=%d.\n",
451 pfkey_key->sadb_key_bits,
452 pfkey_key->sadb_key_len);
453 SENDERR(EINVAL);
454 }
455
456 if(pfkey_key->sadb_key_reserved) {
457 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
458 "pfkey_key_parse: "
459 "res=%d, must be zero.\n",
460 pfkey_key->sadb_key_reserved);
461 SENDERR(EINVAL);
462 }
463
464 if(! ( (pfkey_key->sadb_key_exttype == SADB_EXT_KEY_AUTH) ||
465 (pfkey_key->sadb_key_exttype == SADB_EXT_KEY_ENCRYPT))) {
466 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
467 "pfkey_key_parse: "
468 "expecting extension type AUTH or ENCRYPT, got %d.\n",
469 pfkey_key->sadb_key_exttype);
470 SENDERR(EINVAL);
471 }
472
473 DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT,
474 "pfkey_key_parse: "
475 "success, found len=%d exttype=%d(%s) bits=%d reserved=%d.\n",
476 pfkey_key->sadb_key_len,
477 pfkey_key->sadb_key_exttype,
478 pfkey_v2_sadb_ext_string(pfkey_key->sadb_key_exttype),
479 pfkey_key->sadb_key_bits,
480 pfkey_key->sadb_key_reserved);
481
482 errlab:
483 return error;
484 }
485
486 DEBUG_NO_STATIC int
487 pfkey_ident_parse(struct sadb_ext *pfkey_ext)
488 {
489 int error = 0;
490 struct sadb_ident *pfkey_ident = (struct sadb_ident *)pfkey_ext;
491
492 /* sanity checks... */
493 if(pfkey_ident->sadb_ident_len < sizeof(struct sadb_ident) / IPSEC_PFKEYv2_ALIGN) {
494 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
495 "pfkey_ident_parse: "
496 "size wrong ext_len=%d, key_ext_len=%d.\n",
497 pfkey_ident->sadb_ident_len,
498 (int)sizeof(struct sadb_ident));
499 SENDERR(EINVAL);
500 }
501
502 if(pfkey_ident->sadb_ident_type > SADB_IDENTTYPE_MAX) {
503 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
504 "pfkey_ident_parse: "
505 "ident_type=%d out of range, must be less than %d.\n",
506 pfkey_ident->sadb_ident_type,
507 SADB_IDENTTYPE_MAX);
508 SENDERR(EINVAL);
509 }
510
511 if(pfkey_ident->sadb_ident_reserved) {
512 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
513 "pfkey_ident_parse: "
514 "res=%d, must be zero.\n",
515 pfkey_ident->sadb_ident_reserved);
516 SENDERR(EINVAL);
517 }
518
519 /* string terminator/padding must be zero */
520 if(pfkey_ident->sadb_ident_len > sizeof(struct sadb_ident) / IPSEC_PFKEYv2_ALIGN) {
521 if(*((char*)pfkey_ident + pfkey_ident->sadb_ident_len * IPSEC_PFKEYv2_ALIGN - 1)) {
522 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
523 "pfkey_ident_parse: "
524 "string padding must be zero, last is 0x%02x.\n",
525 *((char*)pfkey_ident +
526 pfkey_ident->sadb_ident_len * IPSEC_PFKEYv2_ALIGN - 1));
527 SENDERR(EINVAL);
528 }
529 }
530
531 if( ! ((pfkey_ident->sadb_ident_exttype == SADB_EXT_IDENTITY_SRC) ||
532 (pfkey_ident->sadb_ident_exttype == SADB_EXT_IDENTITY_DST))) {
533 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
534 "pfkey_key_parse: "
535 "expecting extension type IDENTITY_SRC or IDENTITY_DST, got %d.\n",
536 pfkey_ident->sadb_ident_exttype);
537 SENDERR(EINVAL);
538 }
539
540 errlab:
541 return error;
542 }
543
544 DEBUG_NO_STATIC int
545 pfkey_sens_parse(struct sadb_ext *pfkey_ext)
546 {
547 int error = 0;
548 struct sadb_sens *pfkey_sens = (struct sadb_sens *)pfkey_ext;
549
550 /* sanity checks... */
551 if(pfkey_sens->sadb_sens_len < sizeof(struct sadb_sens) / IPSEC_PFKEYv2_ALIGN) {
552 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
553 "pfkey_sens_parse: "
554 "size wrong ext_len=%d, key_ext_len=%d.\n",
555 pfkey_sens->sadb_sens_len,
556 (int)sizeof(struct sadb_sens));
557 SENDERR(EINVAL);
558 }
559
560 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
561 "pfkey_sens_parse: "
562 "Sorry, I can't parse exttype=%d yet.\n",
563 pfkey_ext->sadb_ext_type);
564 #if 0
565 SENDERR(EINVAL); /* don't process these yet */
566 #endif
567
568 errlab:
569 return error;
570 }
571
572 DEBUG_NO_STATIC int
573 pfkey_prop_parse(struct sadb_ext *pfkey_ext)
574 {
575 int error = 0;
576 int i, num_comb;
577 struct sadb_prop *pfkey_prop = (struct sadb_prop *)pfkey_ext;
578 struct sadb_comb *pfkey_comb = (struct sadb_comb *)((char*)pfkey_ext + sizeof(struct sadb_prop));
579
580 /* sanity checks... */
581 if((pfkey_prop->sadb_prop_len < sizeof(struct sadb_prop) / IPSEC_PFKEYv2_ALIGN) ||
582 (((pfkey_prop->sadb_prop_len * IPSEC_PFKEYv2_ALIGN) - sizeof(struct sadb_prop)) % sizeof(struct sadb_comb))) {
583 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
584 "pfkey_prop_parse: "
585 "size wrong ext_len=%d, prop_ext_len=%d comb_ext_len=%d.\n",
586 pfkey_prop->sadb_prop_len,
587 (int)sizeof(struct sadb_prop),
588 (int)sizeof(struct sadb_comb));
589 SENDERR(EINVAL);
590 }
591
592 if(pfkey_prop->sadb_prop_replay > 64) {
593 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
594 "pfkey_prop_parse: "
595 "replay window size: %d -- must be 0 <= size <= 64\n",
596 pfkey_prop->sadb_prop_replay);
597 SENDERR(EINVAL);
598 }
599
600 for(i=0; i<3; i++) {
601 if(pfkey_prop->sadb_prop_reserved[i]) {
602 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
603 "pfkey_prop_parse: "
604 "res[%d]=%d, must be zero.\n",
605 i, pfkey_prop->sadb_prop_reserved[i]);
606 SENDERR(EINVAL);
607 }
608 }
609
610 num_comb = ((pfkey_prop->sadb_prop_len * IPSEC_PFKEYv2_ALIGN) - sizeof(struct sadb_prop)) / sizeof(struct sadb_comb);
611
612 for(i = 0; i < num_comb; i++) {
613 if(pfkey_comb->sadb_comb_auth > SADB_AALG_MAX) {
614 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
615 "pfkey_prop_parse: "
616 "pfkey_comb[%d]->sadb_comb_auth=%d > SADB_AALG_MAX=%d.\n",
617 i,
618 pfkey_comb->sadb_comb_auth,
619 SADB_AALG_MAX);
620 SENDERR(EINVAL);
621 }
622
623 if(pfkey_comb->sadb_comb_auth) {
624 if(!pfkey_comb->sadb_comb_auth_minbits) {
625 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
626 "pfkey_prop_parse: "
627 "pfkey_comb[%d]->sadb_comb_auth_minbits=0, fatal.\n",
628 i);
629 SENDERR(EINVAL);
630 }
631 if(!pfkey_comb->sadb_comb_auth_maxbits) {
632 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
633 "pfkey_prop_parse: "
634 "pfkey_comb[%d]->sadb_comb_auth_maxbits=0, fatal.\n",
635 i);
636 SENDERR(EINVAL);
637 }
638 if(pfkey_comb->sadb_comb_auth_minbits > pfkey_comb->sadb_comb_auth_maxbits) {
639 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
640 "pfkey_prop_parse: "
641 "pfkey_comb[%d]->sadb_comb_auth_minbits=%d > maxbits=%d, fatal.\n",
642 i,
643 pfkey_comb->sadb_comb_auth_minbits,
644 pfkey_comb->sadb_comb_auth_maxbits);
645 SENDERR(EINVAL);
646 }
647 } else {
648 if(pfkey_comb->sadb_comb_auth_minbits) {
649 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
650 "pfkey_prop_parse: "
651 "pfkey_comb[%d]->sadb_comb_auth_minbits=%d != 0, fatal.\n",
652 i,
653 pfkey_comb->sadb_comb_auth_minbits);
654 SENDERR(EINVAL);
655 }
656 if(pfkey_comb->sadb_comb_auth_maxbits) {
657 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
658 "pfkey_prop_parse: "
659 "pfkey_comb[%d]->sadb_comb_auth_maxbits=%d != 0, fatal.\n",
660 i,
661 pfkey_comb->sadb_comb_auth_maxbits);
662 SENDERR(EINVAL);
663 }
664 }
665
666 if(pfkey_comb->sadb_comb_encrypt > SADB_EALG_MAX) {
667 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
668 "pfkey_comb_parse: "
669 "pfkey_comb[%d]->sadb_comb_encrypt=%d > SADB_EALG_MAX=%d.\n",
670 i,
671 pfkey_comb->sadb_comb_encrypt,
672 SADB_EALG_MAX);
673 SENDERR(EINVAL);
674 }
675
676 if(pfkey_comb->sadb_comb_encrypt) {
677 if(!pfkey_comb->sadb_comb_encrypt_minbits) {
678 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
679 "pfkey_prop_parse: "
680 "pfkey_comb[%d]->sadb_comb_encrypt_minbits=0, fatal.\n",
681 i);
682 SENDERR(EINVAL);
683 }
684 if(!pfkey_comb->sadb_comb_encrypt_maxbits) {
685 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
686 "pfkey_prop_parse: "
687 "pfkey_comb[%d]->sadb_comb_encrypt_maxbits=0, fatal.\n",
688 i);
689 SENDERR(EINVAL);
690 }
691 if(pfkey_comb->sadb_comb_encrypt_minbits > pfkey_comb->sadb_comb_encrypt_maxbits) {
692 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
693 "pfkey_prop_parse: "
694 "pfkey_comb[%d]->sadb_comb_encrypt_minbits=%d > maxbits=%d, fatal.\n",
695 i,
696 pfkey_comb->sadb_comb_encrypt_minbits,
697 pfkey_comb->sadb_comb_encrypt_maxbits);
698 SENDERR(EINVAL);
699 }
700 } else {
701 if(pfkey_comb->sadb_comb_encrypt_minbits) {
702 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
703 "pfkey_prop_parse: "
704 "pfkey_comb[%d]->sadb_comb_encrypt_minbits=%d != 0, fatal.\n",
705 i,
706 pfkey_comb->sadb_comb_encrypt_minbits);
707 SENDERR(EINVAL);
708 }
709 if(pfkey_comb->sadb_comb_encrypt_maxbits) {
710 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
711 "pfkey_prop_parse: "
712 "pfkey_comb[%d]->sadb_comb_encrypt_maxbits=%d != 0, fatal.\n",
713 i,
714 pfkey_comb->sadb_comb_encrypt_maxbits);
715 SENDERR(EINVAL);
716 }
717 }
718
719 /* XXX do sanity check on flags */
720
721 if(pfkey_comb->sadb_comb_hard_allocations && pfkey_comb->sadb_comb_soft_allocations > pfkey_comb->sadb_comb_hard_allocations) {
722 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
723 "pfkey_prop_parse: "
724 "pfkey_comb[%d]->sadb_comb_soft_allocations=%d > hard_allocations=%d, fatal.\n",
725 i,
726 pfkey_comb->sadb_comb_soft_allocations,
727 pfkey_comb->sadb_comb_hard_allocations);
728 SENDERR(EINVAL);
729 }
730
731 if(pfkey_comb->sadb_comb_hard_bytes && pfkey_comb->sadb_comb_soft_bytes > pfkey_comb->sadb_comb_hard_bytes) {
732 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
733 "pfkey_prop_parse: "
734 "pfkey_comb[%d]->sadb_comb_soft_bytes=%Ld > hard_bytes=%Ld, fatal.\n",
735 i,
736 (unsigned long long int)pfkey_comb->sadb_comb_soft_bytes,
737 (unsigned long long int)pfkey_comb->sadb_comb_hard_bytes);
738 SENDERR(EINVAL);
739 }
740
741 if(pfkey_comb->sadb_comb_hard_addtime && pfkey_comb->sadb_comb_soft_addtime > pfkey_comb->sadb_comb_hard_addtime) {
742 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
743 "pfkey_prop_parse: "
744 "pfkey_comb[%d]->sadb_comb_soft_addtime=%Ld > hard_addtime=%Ld, fatal.\n",
745 i,
746 (unsigned long long int)pfkey_comb->sadb_comb_soft_addtime,
747 (unsigned long long int)pfkey_comb->sadb_comb_hard_addtime);
748 SENDERR(EINVAL);
749 }
750
751 if(pfkey_comb->sadb_comb_hard_usetime && pfkey_comb->sadb_comb_soft_usetime > pfkey_comb->sadb_comb_hard_usetime) {
752 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
753 "pfkey_prop_parse: "
754 "pfkey_comb[%d]->sadb_comb_soft_usetime=%Ld > hard_usetime=%Ld, fatal.\n",
755 i,
756 (unsigned long long int)pfkey_comb->sadb_comb_soft_usetime,
757 (unsigned long long int)pfkey_comb->sadb_comb_hard_usetime);
758 SENDERR(EINVAL);
759 }
760
761 if(pfkey_comb->sadb_x_comb_hard_packets && pfkey_comb->sadb_x_comb_soft_packets > pfkey_comb->sadb_x_comb_hard_packets) {
762 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
763 "pfkey_prop_parse: "
764 "pfkey_comb[%d]->sadb_x_comb_soft_packets=%d > hard_packets=%d, fatal.\n",
765 i,
766 pfkey_comb->sadb_x_comb_soft_packets,
767 pfkey_comb->sadb_x_comb_hard_packets);
768 SENDERR(EINVAL);
769 }
770
771 if(pfkey_comb->sadb_comb_reserved) {
772 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
773 "pfkey_prop_parse: "
774 "comb[%d].res=%d, must be zero.\n",
775 i,
776 pfkey_comb->sadb_comb_reserved);
777 SENDERR(EINVAL);
778 }
779 pfkey_comb++;
780 }
781
782 errlab:
783 return error;
784 }
785
786 DEBUG_NO_STATIC int
787 pfkey_supported_parse(struct sadb_ext *pfkey_ext)
788 {
789 int error = 0;
790 unsigned int i, num_alg;
791 struct sadb_supported *pfkey_supported = (struct sadb_supported *)pfkey_ext;
792 struct sadb_alg *pfkey_alg = (struct sadb_alg*)((char*)pfkey_ext + sizeof(struct sadb_supported));
793
794 /* sanity checks... */
795 if((pfkey_supported->sadb_supported_len <
796 sizeof(struct sadb_supported) / IPSEC_PFKEYv2_ALIGN) ||
797 (((pfkey_supported->sadb_supported_len * IPSEC_PFKEYv2_ALIGN) -
798 sizeof(struct sadb_supported)) % sizeof(struct sadb_alg))) {
799
800 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
801 "pfkey_supported_parse: "
802 "size wrong ext_len=%d, supported_ext_len=%d alg_ext_len=%d.\n",
803 pfkey_supported->sadb_supported_len,
804 (int)sizeof(struct sadb_supported),
805 (int)sizeof(struct sadb_alg));
806 SENDERR(EINVAL);
807 }
808
809 if(pfkey_supported->sadb_supported_reserved) {
810 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
811 "pfkey_supported_parse: "
812 "res=%d, must be zero.\n",
813 pfkey_supported->sadb_supported_reserved);
814 SENDERR(EINVAL);
815 }
816
817 num_alg = ((pfkey_supported->sadb_supported_len * IPSEC_PFKEYv2_ALIGN) - sizeof(struct sadb_supported)) / sizeof(struct sadb_alg);
818
819 for(i = 0; i < num_alg; i++) {
820 /* process algo description */
821 if(pfkey_alg->sadb_alg_reserved) {
822 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
823 "pfkey_supported_parse: "
824 "alg[%d], id=%d, ivlen=%d, minbits=%d, maxbits=%d, res=%d, must be zero.\n",
825 i,
826 pfkey_alg->sadb_alg_id,
827 pfkey_alg->sadb_alg_ivlen,
828 pfkey_alg->sadb_alg_minbits,
829 pfkey_alg->sadb_alg_maxbits,
830 pfkey_alg->sadb_alg_reserved);
831 SENDERR(EINVAL);
832 }
833
834 /* XXX can alg_id auth/enc be determined from info given?
835 Yes, but OpenBSD's method does not iteroperate with rfc2367.
836 rgb, 2000-04-06 */
837
838 switch(pfkey_supported->sadb_supported_exttype) {
839 case SADB_EXT_SUPPORTED_AUTH:
840 if(pfkey_alg->sadb_alg_id > SADB_AALG_MAX) {
841 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
842 "pfkey_supported_parse: "
843 "alg[%d], alg_id=%d > SADB_AALG_MAX=%d, fatal.\n",
844 i,
845 pfkey_alg->sadb_alg_id,
846 SADB_AALG_MAX);
847 SENDERR(EINVAL);
848 }
849 break;
850 case SADB_EXT_SUPPORTED_ENCRYPT:
851 if(pfkey_alg->sadb_alg_id > SADB_EALG_MAX) {
852 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
853 "pfkey_supported_parse: "
854 "alg[%d], alg_id=%d > SADB_EALG_MAX=%d, fatal.\n",
855 i,
856 pfkey_alg->sadb_alg_id,
857 SADB_EALG_MAX);
858 SENDERR(EINVAL);
859 }
860 break;
861 default:
862 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
863 "pfkey_supported_parse: "
864 "alg[%d], alg_id=%d > SADB_EALG_MAX=%d, fatal.\n",
865 i,
866 pfkey_alg->sadb_alg_id,
867 SADB_EALG_MAX);
868 SENDERR(EINVAL);
869 }
870 pfkey_alg++;
871 }
872
873 errlab:
874 return error;
875 }
876
877 DEBUG_NO_STATIC int
878 pfkey_spirange_parse(struct sadb_ext *pfkey_ext)
879 {
880 int error = 0;
881 struct sadb_spirange *pfkey_spirange = (struct sadb_spirange *)pfkey_ext;
882
883 /* sanity checks... */
884 if(pfkey_spirange->sadb_spirange_len !=
885 sizeof(struct sadb_spirange) / IPSEC_PFKEYv2_ALIGN) {
886 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
887 "pfkey_spirange_parse: "
888 "size wrong ext_len=%d, key_ext_len=%d.\n",
889 pfkey_spirange->sadb_spirange_len,
890 (int)sizeof(struct sadb_spirange));
891 SENDERR(EINVAL);
892 }
893
894 if(pfkey_spirange->sadb_spirange_reserved) {
895 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
896 "pfkey_spirange_parse: "
897 "reserved=%d must be set to zero.\n",
898 pfkey_spirange->sadb_spirange_reserved);
899 SENDERR(EINVAL);
900 }
901
902 if(ntohl(pfkey_spirange->sadb_spirange_max) < ntohl(pfkey_spirange->sadb_spirange_min)) {
903 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
904 "pfkey_spirange_parse: "
905 "minspi=%08x must be < maxspi=%08x.\n",
906 ntohl(pfkey_spirange->sadb_spirange_min),
907 ntohl(pfkey_spirange->sadb_spirange_max));
908 SENDERR(EINVAL);
909 }
910
911 if(ntohl(pfkey_spirange->sadb_spirange_min) <= 255) {
912 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
913 "pfkey_spirange_parse: "
914 "minspi=%08x must be > 255.\n",
915 ntohl(pfkey_spirange->sadb_spirange_min));
916 SENDERR(EEXIST);
917 }
918
919 DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT,
920 "pfkey_spirange_parse: "
921 "ext_len=%u ext_type=%u(%s) min=%u max=%u res=%u.\n",
922 pfkey_spirange->sadb_spirange_len,
923 pfkey_spirange->sadb_spirange_exttype,
924 pfkey_v2_sadb_ext_string(pfkey_spirange->sadb_spirange_exttype),
925 pfkey_spirange->sadb_spirange_min,
926 pfkey_spirange->sadb_spirange_max,
927 pfkey_spirange->sadb_spirange_reserved);
928 errlab:
929 return error;
930 }
931
932 DEBUG_NO_STATIC int
933 pfkey_x_kmprivate_parse(struct sadb_ext *pfkey_ext)
934 {
935 int error = 0;
936 struct sadb_x_kmprivate *pfkey_x_kmprivate = (struct sadb_x_kmprivate *)pfkey_ext;
937
938 /* sanity checks... */
939 if(pfkey_x_kmprivate->sadb_x_kmprivate_len <
940 sizeof(struct sadb_x_kmprivate) / IPSEC_PFKEYv2_ALIGN) {
941 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
942 "pfkey_x_kmprivate_parse: "
943 "size wrong ext_len=%d, key_ext_len=%d.\n",
944 pfkey_x_kmprivate->sadb_x_kmprivate_len,
945 (int)sizeof(struct sadb_x_kmprivate));
946 SENDERR(EINVAL);
947 }
948
949 if(pfkey_x_kmprivate->sadb_x_kmprivate_reserved) {
950 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
951 "pfkey_x_kmprivate_parse: "
952 "reserved=%d must be set to zero.\n",
953 pfkey_x_kmprivate->sadb_x_kmprivate_reserved);
954 SENDERR(EINVAL);
955 }
956
957 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
958 "pfkey_x_kmprivate_parse: "
959 "Sorry, I can't parse exttype=%d yet.\n",
960 pfkey_ext->sadb_ext_type);
961 SENDERR(EINVAL); /* don't process these yet */
962
963 errlab:
964 return error;
965 }
966
967 DEBUG_NO_STATIC int
968 pfkey_x_satype_parse(struct sadb_ext *pfkey_ext)
969 {
970 int error = 0;
971 int i;
972 struct sadb_x_satype *pfkey_x_satype = (struct sadb_x_satype *)pfkey_ext;
973
974 DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW,
975 "pfkey_x_satype_parse: enter\n");
976 /* sanity checks... */
977 if(pfkey_x_satype->sadb_x_satype_len !=
978 sizeof(struct sadb_x_satype) / IPSEC_PFKEYv2_ALIGN) {
979 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
980 "pfkey_x_satype_parse: "
981 "size wrong ext_len=%d, key_ext_len=%d.\n",
982 pfkey_x_satype->sadb_x_satype_len,
983 (int)sizeof(struct sadb_x_satype));
984 SENDERR(EINVAL);
985 }
986
987 if(!pfkey_x_satype->sadb_x_satype_satype) {
988 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
989 "pfkey_x_satype_parse: "
990 "satype is zero, must be non-zero.\n");
991 SENDERR(EINVAL);
992 }
993
994 if(pfkey_x_satype->sadb_x_satype_satype > SADB_SATYPE_MAX) {
995 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
996 "pfkey_x_satype_parse: "
997 "satype %d > max %d, invalid.\n",
998 pfkey_x_satype->sadb_x_satype_satype, SADB_SATYPE_MAX);
999 SENDERR(EINVAL);
1000 }
1001
1002 if(!(satype2proto(pfkey_x_satype->sadb_x_satype_satype))) {
1003 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
1004 "pfkey_x_satype_parse: "
1005 "proto lookup from satype=%d failed.\n",
1006 pfkey_x_satype->sadb_x_satype_satype);
1007 SENDERR(EINVAL);
1008 }
1009
1010 for(i = 0; i < 3; i++) {
1011 if(pfkey_x_satype->sadb_x_satype_reserved[i]) {
1012 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
1013 "pfkey_x_satype_parse: "
1014 "reserved[%d]=%d must be set to zero.\n",
1015 i, pfkey_x_satype->sadb_x_satype_reserved[i]);
1016 SENDERR(EINVAL);
1017 }
1018 }
1019
1020 DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT,
1021 "pfkey_x_satype_parse: "
1022 "len=%u ext=%u(%s) satype=%u(%s) res=%u,%u,%u.\n",
1023 pfkey_x_satype->sadb_x_satype_len,
1024 pfkey_x_satype->sadb_x_satype_exttype,
1025 pfkey_v2_sadb_ext_string(pfkey_x_satype->sadb_x_satype_exttype),
1026 pfkey_x_satype->sadb_x_satype_satype,
1027 satype2name(pfkey_x_satype->sadb_x_satype_satype),
1028 pfkey_x_satype->sadb_x_satype_reserved[0],
1029 pfkey_x_satype->sadb_x_satype_reserved[1],
1030 pfkey_x_satype->sadb_x_satype_reserved[2]);
1031 errlab:
1032 return error;
1033 }
1034
1035 DEBUG_NO_STATIC int
1036 pfkey_x_ext_debug_parse(struct sadb_ext *pfkey_ext)
1037 {
1038 int error = 0;
1039 int i;
1040 struct sadb_x_debug *pfkey_x_debug = (struct sadb_x_debug *)pfkey_ext;
1041
1042 DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW,
1043 "pfkey_x_debug_parse: enter\n");
1044 /* sanity checks... */
1045 if(pfkey_x_debug->sadb_x_debug_len !=
1046 sizeof(struct sadb_x_debug) / IPSEC_PFKEYv2_ALIGN) {
1047 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
1048 "pfkey_x_debug_parse: "
1049 "size wrong ext_len=%d, key_ext_len=%d.\n",
1050 pfkey_x_debug->sadb_x_debug_len,
1051 (int)sizeof(struct sadb_x_debug));
1052 SENDERR(EINVAL);
1053 }
1054
1055 for(i = 0; i < 4; i++) {
1056 if(pfkey_x_debug->sadb_x_debug_reserved[i]) {
1057 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
1058 "pfkey_x_debug_parse: "
1059 "reserved[%d]=%d must be set to zero.\n",
1060 i, pfkey_x_debug->sadb_x_debug_reserved[i]);
1061 SENDERR(EINVAL);
1062 }
1063 }
1064
1065 errlab:
1066 return error;
1067 }
1068
1069 DEBUG_NO_STATIC int
1070 pfkey_x_ext_protocol_parse(struct sadb_ext *pfkey_ext)
1071 {
1072 int error = 0;
1073 struct sadb_protocol *p = (struct sadb_protocol *)pfkey_ext;
1074
1075 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, "pfkey_x_protocol_parse:\n");
1076 /* sanity checks... */
1077
1078 if (p->sadb_protocol_len != sizeof(*p)/IPSEC_PFKEYv2_ALIGN) {
1079 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
1080 "pfkey_x_protocol_parse: size wrong ext_len=%d, key_ext_len=%d.\n",
1081 p->sadb_protocol_len, (int)sizeof(*p));
1082 SENDERR(EINVAL);
1083 }
1084
1085 if (p->sadb_protocol_reserved2 != 0) {
1086 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
1087 "pfkey_protocol_parse: res=%d, must be zero.\n",
1088 p->sadb_protocol_reserved2);
1089 SENDERR(EINVAL);
1090 }
1091
1092 errlab:
1093 return error;
1094 }
1095
1096 DEBUG_NO_STATIC int
1097 pfkey_x_ext_nat_t_type_parse(struct sadb_ext *pfkey_ext)
1098 {
1099 return 0;
1100 }
1101
1102 DEBUG_NO_STATIC int
1103 pfkey_x_ext_nat_t_port_parse(struct sadb_ext *pfkey_ext)
1104 {
1105 return 0;
1106 }
1107
1108 #define DEFINEPARSER(NAME) static struct pf_key_ext_parsers_def NAME##_def={NAME, #NAME};
1109
1110 DEFINEPARSER(pfkey_sa_parse);
1111 DEFINEPARSER(pfkey_lifetime_parse);
1112 DEFINEPARSER(pfkey_address_parse);
1113 DEFINEPARSER(pfkey_key_parse);
1114 DEFINEPARSER(pfkey_ident_parse);
1115 DEFINEPARSER(pfkey_sens_parse);
1116 DEFINEPARSER(pfkey_prop_parse);
1117 DEFINEPARSER(pfkey_supported_parse);
1118 DEFINEPARSER(pfkey_spirange_parse);
1119 DEFINEPARSER(pfkey_x_kmprivate_parse);
1120 DEFINEPARSER(pfkey_x_satype_parse);
1121 DEFINEPARSER(pfkey_x_ext_debug_parse);
1122 DEFINEPARSER(pfkey_x_ext_protocol_parse);
1123 DEFINEPARSER(pfkey_x_ext_nat_t_type_parse);
1124 DEFINEPARSER(pfkey_x_ext_nat_t_port_parse);
1125
1126 struct pf_key_ext_parsers_def *ext_default_parsers[]=
1127 {
1128 NULL, /* pfkey_msg_parse, */
1129 &pfkey_sa_parse_def,
1130 &pfkey_lifetime_parse_def,
1131 &pfkey_lifetime_parse_def,
1132 &pfkey_lifetime_parse_def,
1133 &pfkey_address_parse_def,
1134 &pfkey_address_parse_def,
1135 &pfkey_address_parse_def,
1136 &pfkey_key_parse_def,
1137 &pfkey_key_parse_def,
1138 &pfkey_ident_parse_def,
1139 &pfkey_ident_parse_def,
1140 &pfkey_sens_parse_def,
1141 &pfkey_prop_parse_def,
1142 &pfkey_supported_parse_def,
1143 &pfkey_supported_parse_def,
1144 &pfkey_spirange_parse_def,
1145 &pfkey_x_kmprivate_parse_def,
1146 &pfkey_x_satype_parse_def,
1147 &pfkey_sa_parse_def,
1148 &pfkey_address_parse_def,
1149 &pfkey_address_parse_def,
1150 &pfkey_address_parse_def,
1151 &pfkey_address_parse_def,
1152 &pfkey_address_parse_def,
1153 &pfkey_x_ext_debug_parse_def,
1154 &pfkey_x_ext_protocol_parse_def ,
1155 &pfkey_x_ext_nat_t_type_parse_def,
1156 &pfkey_x_ext_nat_t_port_parse_def,
1157 &pfkey_x_ext_nat_t_port_parse_def,
1158 &pfkey_address_parse_def
1159 };
1160
1161 int
1162 pfkey_msg_parse(struct sadb_msg *pfkey_msg,
1163 struct pf_key_ext_parsers_def *ext_parsers[],
1164 struct sadb_ext *extensions[],
1165 int dir)
1166 {
1167 int error = 0;
1168 int remain;
1169 struct sadb_ext *pfkey_ext;
1170 int extensions_seen = 0;
1171
1172 DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT,
1173 "pfkey_msg_parse: "
1174 "parsing message ver=%d, type=%d(%s), errno=%d, satype=%d(%s), len=%d, res=%d, seq=%d, pid=%d.\n",
1175 pfkey_msg->sadb_msg_version,
1176 pfkey_msg->sadb_msg_type,
1177 pfkey_v2_sadb_type_string(pfkey_msg->sadb_msg_type),
1178 pfkey_msg->sadb_msg_errno,
1179 pfkey_msg->sadb_msg_satype,
1180 satype2name(pfkey_msg->sadb_msg_satype),
1181 pfkey_msg->sadb_msg_len,
1182 pfkey_msg->sadb_msg_reserved,
1183 pfkey_msg->sadb_msg_seq,
1184 pfkey_msg->sadb_msg_pid);
1185
1186 if(ext_parsers == NULL) ext_parsers = ext_default_parsers;
1187
1188 pfkey_extensions_init(extensions);
1189
1190 remain = pfkey_msg->sadb_msg_len;
1191 remain -= sizeof(struct sadb_msg) / IPSEC_PFKEYv2_ALIGN;
1192
1193 pfkey_ext = (struct sadb_ext*)((char*)pfkey_msg +
1194 sizeof(struct sadb_msg));
1195
1196 extensions[0] = (struct sadb_ext *) pfkey_msg;
1197
1198
1199 if(pfkey_msg->sadb_msg_version != PF_KEY_V2) {
1200 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
1201 "pfkey_msg_parse: "
1202 "not PF_KEY_V2 msg, found %d, should be %d.\n",
1203 pfkey_msg->sadb_msg_version,
1204 PF_KEY_V2);
1205 SENDERR(EINVAL);
1206 }
1207
1208 if(!pfkey_msg->sadb_msg_type) {
1209 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
1210 "pfkey_msg_parse: "
1211 "msg type not set, must be non-zero..\n");
1212 SENDERR(EINVAL);
1213 }
1214
1215 if(pfkey_msg->sadb_msg_type > SADB_MAX) {
1216 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
1217 "pfkey_msg_parse: "
1218 "msg type=%d > max=%d.\n",
1219 pfkey_msg->sadb_msg_type,
1220 SADB_MAX);
1221 SENDERR(EINVAL);
1222 }
1223
1224 switch(pfkey_msg->sadb_msg_type) {
1225 case SADB_GETSPI:
1226 case SADB_UPDATE:
1227 case SADB_ADD:
1228 case SADB_DELETE:
1229 case SADB_GET:
1230 case SADB_X_GRPSA:
1231 case SADB_X_ADDFLOW:
1232 if(!satype2proto(pfkey_msg->sadb_msg_satype)) {
1233 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
1234 "pfkey_msg_parse: "
1235 "satype %d conversion to proto failed for msg_type %d (%s).\n",
1236 pfkey_msg->sadb_msg_satype,
1237 pfkey_msg->sadb_msg_type,
1238 pfkey_v2_sadb_type_string(pfkey_msg->sadb_msg_type));
1239 SENDERR(EINVAL);
1240 } else {
1241 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
1242 "pfkey_msg_parse: "
1243 "satype %d(%s) conversion to proto gives %d for msg_type %d(%s).\n",
1244 pfkey_msg->sadb_msg_satype,
1245 satype2name(pfkey_msg->sadb_msg_satype),
1246 satype2proto(pfkey_msg->sadb_msg_satype),
1247 pfkey_msg->sadb_msg_type,
1248 pfkey_v2_sadb_type_string(pfkey_msg->sadb_msg_type));
1249 }
1250 /* fall through */
1251 case SADB_ACQUIRE:
1252 case SADB_REGISTER:
1253 case SADB_EXPIRE:
1254 if(!pfkey_msg->sadb_msg_satype) {
1255 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
1256 "pfkey_msg_parse: "
1257 "satype is zero, must be non-zero for msg_type %d(%s).\n",
1258 pfkey_msg->sadb_msg_type,
1259 pfkey_v2_sadb_type_string(pfkey_msg->sadb_msg_type));
1260 SENDERR(EINVAL);
1261 }
1262 default:
1263 break;
1264 }
1265
1266 /* errno must not be set in downward messages */
1267 /* this is not entirely true... a response to an ACQUIRE could return an error */
1268 if((dir == EXT_BITS_IN) && (pfkey_msg->sadb_msg_type != SADB_ACQUIRE) && pfkey_msg->sadb_msg_errno) {
1269 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
1270 "pfkey_msg_parse: "
1271 "errno set to %d.\n",
1272 pfkey_msg->sadb_msg_errno);
1273 SENDERR(EINVAL);
1274 }
1275
1276 DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW,
1277 "pfkey_msg_parse: "
1278 "remain=%d, ext_type=%d(%s), ext_len=%d.\n",
1279 remain,
1280 pfkey_ext->sadb_ext_type,
1281 pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type),
1282 pfkey_ext->sadb_ext_len);
1283
1284 DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW,
1285 "pfkey_msg_parse: "
1286 "extensions permitted=%08x, required=%08x.\n",
1287 extensions_bitmaps[dir][EXT_BITS_PERM][pfkey_msg->sadb_msg_type],
1288 extensions_bitmaps[dir][EXT_BITS_REQ][pfkey_msg->sadb_msg_type]);
1289
1290 extensions_seen = 1;
1291
1292 while( (remain * IPSEC_PFKEYv2_ALIGN) >= sizeof(struct sadb_ext) ) {
1293 /* Is there enough message left to support another extension header? */
1294 if(remain < pfkey_ext->sadb_ext_len) {
1295 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
1296 "pfkey_msg_parse: "
1297 "remain %d less than ext len %d.\n",
1298 remain, pfkey_ext->sadb_ext_len);
1299 SENDERR(EINVAL);
1300 }
1301
1302 DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW,
1303 "pfkey_msg_parse: "
1304 "parsing ext type=%d(%s) remain=%d.\n",
1305 pfkey_ext->sadb_ext_type,
1306 pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type),
1307 remain);
1308
1309 /* Is the extension header type valid? */
1310 if((pfkey_ext->sadb_ext_type > SADB_EXT_MAX) || (!pfkey_ext->sadb_ext_type)) {
1311 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
1312 "pfkey_msg_parse: "
1313 "ext type %d(%s) invalid, SADB_EXT_MAX=%d.\n",
1314 pfkey_ext->sadb_ext_type,
1315 pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type),
1316 SADB_EXT_MAX);
1317 SENDERR(EINVAL);
1318 }
1319
1320 /* Have we already seen this type of extension? */
1321 if((extensions_seen & ( 1 << pfkey_ext->sadb_ext_type )) != 0)
1322 {
1323 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
1324 "pfkey_msg_parse: "
1325 "ext type %d(%s) already seen.\n",
1326 pfkey_ext->sadb_ext_type,
1327 pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type));
1328 SENDERR(EINVAL);
1329 }
1330
1331 /* Do I even know about this type of extension? */
1332 if(ext_parsers[pfkey_ext->sadb_ext_type]==NULL) {
1333 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
1334 "pfkey_msg_parse: "
1335 "ext type %d(%s) unknown, ignoring.\n",
1336 pfkey_ext->sadb_ext_type,
1337 pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type));
1338 goto next_ext;
1339 }
1340
1341 /* Is this type of extension permitted for this type of message? */
1342 if(!(extensions_bitmaps[dir][EXT_BITS_PERM][pfkey_msg->sadb_msg_type] &
1343 1<<pfkey_ext->sadb_ext_type)) {
1344 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
1345 "pfkey_msg_parse: "
1346 "ext type %d(%s) not permitted, exts_perm_in=%08x, 1<<type=%08x\n",
1347 pfkey_ext->sadb_ext_type,
1348 pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type),
1349 extensions_bitmaps[dir][EXT_BITS_PERM][pfkey_msg->sadb_msg_type],
1350 1<<pfkey_ext->sadb_ext_type);
1351 SENDERR(EINVAL);
1352 }
1353
1354 DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT,
1355 "pfkey_msg_parse: "
1356 "remain=%d ext_type=%d(%s) ext_len=%d parsing ext 0p%p with parser %s.\n",
1357 remain,
1358 pfkey_ext->sadb_ext_type,
1359 pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type),
1360 pfkey_ext->sadb_ext_len,
1361 pfkey_ext,
1362 ext_parsers[pfkey_ext->sadb_ext_type]->parser_name);
1363
1364 /* Parse the extension */
1365 if((error =
1366 (*ext_parsers[pfkey_ext->sadb_ext_type]->parser)(pfkey_ext))) {
1367 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
1368 "pfkey_msg_parse: "
1369 "extension parsing for type %d(%s) failed with error %d.\n",
1370 pfkey_ext->sadb_ext_type,
1371 pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type),
1372 error);
1373 SENDERR(-error);
1374 }
1375 DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW,
1376 "pfkey_msg_parse: "
1377 "Extension %d(%s) parsed.\n",
1378 pfkey_ext->sadb_ext_type,
1379 pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type));
1380
1381 /* Mark that we have seen this extension and remember the header location */
1382 extensions_seen |= ( 1 << pfkey_ext->sadb_ext_type );
1383 extensions[pfkey_ext->sadb_ext_type] = pfkey_ext;
1384
1385 next_ext:
1386 /* Calculate how much message remains */
1387 remain -= pfkey_ext->sadb_ext_len;
1388
1389 if(!remain) {
1390 break;
1391 }
1392 /* Find the next extension header */
1393 pfkey_ext = (struct sadb_ext*)((char*)pfkey_ext +
1394 pfkey_ext->sadb_ext_len * IPSEC_PFKEYv2_ALIGN);
1395 }
1396
1397 if(remain) {
1398 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
1399 "pfkey_msg_parse: "
1400 "unexpected remainder of %d.\n",
1401 remain);
1402 /* why is there still something remaining? */
1403 SENDERR(EINVAL);
1404 }
1405
1406 /* check required extensions */
1407 DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT,
1408 "pfkey_msg_parse: "
1409 "extensions permitted=%08x, seen=%08x, required=%08x.\n",
1410 extensions_bitmaps[dir][EXT_BITS_PERM][pfkey_msg->sadb_msg_type],
1411 extensions_seen,
1412 extensions_bitmaps[dir][EXT_BITS_REQ][pfkey_msg->sadb_msg_type]);
1413
1414 /* don't check further if it is an error return message since it
1415 may not have a body */
1416 if(pfkey_msg->sadb_msg_errno) {
1417 SENDERR(-error);
1418 }
1419
1420 if((extensions_seen &
1421 extensions_bitmaps[dir][EXT_BITS_REQ][pfkey_msg->sadb_msg_type]) !=
1422 extensions_bitmaps[dir][EXT_BITS_REQ][pfkey_msg->sadb_msg_type]) {
1423 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
1424 "pfkey_msg_parse: "
1425 "required extensions missing:%08x.\n",
1426 extensions_bitmaps[dir][EXT_BITS_REQ][pfkey_msg->sadb_msg_type] -
1427 (extensions_seen &
1428 extensions_bitmaps[dir][EXT_BITS_REQ][pfkey_msg->sadb_msg_type]));
1429 SENDERR(EINVAL);
1430 }
1431
1432 if((dir == EXT_BITS_IN) && (pfkey_msg->sadb_msg_type == SADB_X_DELFLOW)
1433 && ((extensions_seen & SADB_X_EXT_ADDRESS_DELFLOW)
1434 != SADB_X_EXT_ADDRESS_DELFLOW)
1435 && (((extensions_seen & (1<<SADB_EXT_SA)) != (1<<SADB_EXT_SA))
1436 || ((((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_flags
1437 & SADB_X_SAFLAGS_CLEARFLOW)
1438 != SADB_X_SAFLAGS_CLEARFLOW))) {
1439 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
1440 "pfkey_msg_parse: "
1441 "required SADB_X_DELFLOW extensions missing: either %08x must be present or %08x must be present with SADB_X_SAFLAGS_CLEARFLOW set.\n",
1442 SADB_X_EXT_ADDRESS_DELFLOW
1443 - (extensions_seen & SADB_X_EXT_ADDRESS_DELFLOW),
1444 (1<<SADB_EXT_SA) - (extensions_seen & (1<<SADB_EXT_SA)));
1445 SENDERR(EINVAL);
1446 }
1447
1448 switch(pfkey_msg->sadb_msg_type) {
1449 case SADB_ADD:
1450 case SADB_UPDATE:
1451 /* check maturity */
1452 if(((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_state !=
1453 SADB_SASTATE_MATURE) {
1454 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
1455 "pfkey_msg_parse: "
1456 "state=%d for add or update should be MATURE=%d.\n",
1457 ((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_state,
1458 SADB_SASTATE_MATURE);
1459 SENDERR(EINVAL);
1460 }
1461
1462 /* check AH and ESP */
1463 switch(((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_satype) {
1464 case SADB_SATYPE_AH:
1465 if(!(((struct sadb_sa*)extensions[SADB_EXT_SA]) &&
1466 ((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_auth !=
1467 SADB_AALG_NONE)) {
1468 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
1469 "pfkey_msg_parse: "
1470 "auth alg is zero, must be non-zero for AH SAs.\n");
1471 SENDERR(EINVAL);
1472 }
1473 if(((struct sadb_sa*)(extensions[SADB_EXT_SA]))->sadb_sa_encrypt !=
1474 SADB_EALG_NONE) {
1475 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
1476 "pfkey_msg_parse: "
1477 "AH handed encalg=%d, must be zero.\n",
1478 ((struct sadb_sa*)(extensions[SADB_EXT_SA]))->sadb_sa_encrypt);
1479 SENDERR(EINVAL);
1480 }
1481 break;
1482 case SADB_SATYPE_ESP:
1483 if(!(((struct sadb_sa*)extensions[SADB_EXT_SA]) &&
1484 ((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_encrypt !=
1485 SADB_EALG_NONE)) {
1486 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
1487 "pfkey_msg_parse: "
1488 "encrypt alg=%d is zero, must be non-zero for ESP=%d SAs.\n",
1489 ((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_encrypt,
1490 ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_satype);
1491 SENDERR(EINVAL);
1492 }
1493 if((((struct sadb_sa*)(extensions[SADB_EXT_SA]))->sadb_sa_encrypt ==
1494 SADB_EALG_NULL) &&
1495 (((struct sadb_sa*)(extensions[SADB_EXT_SA]))->sadb_sa_auth ==
1496 SADB_AALG_NONE) ) {
1497 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
1498 "pfkey_msg_parse: "
1499 "ESP handed encNULL+authNONE, illegal combination.\n");
1500 SENDERR(EINVAL);
1501 }
1502 break;
1503 case SADB_X_SATYPE_COMP:
1504 if(!(((struct sadb_sa*)extensions[SADB_EXT_SA]) &&
1505 ((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_encrypt !=
1506 SADB_EALG_NONE)) {
1507 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
1508 "pfkey_msg_parse: "
1509 "encrypt alg=%d is zero, must be non-zero for COMP=%d SAs.\n",
1510 ((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_encrypt,
1511 ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_satype);
1512 SENDERR(EINVAL);
1513 }
1514 if(((struct sadb_sa*)(extensions[SADB_EXT_SA]))->sadb_sa_auth !=
1515 SADB_AALG_NONE) {
1516 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
1517 "pfkey_msg_parse: "
1518 "COMP handed auth=%d, must be zero.\n",
1519 ((struct sadb_sa*)(extensions[SADB_EXT_SA]))->sadb_sa_auth);
1520 SENDERR(EINVAL);
1521 }
1522 break;
1523 default:
1524 break;
1525 }
1526 if(ntohl(((struct sadb_sa*)(extensions[SADB_EXT_SA]))->sadb_sa_spi) <= 255) {
1527 DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
1528 "pfkey_msg_parse: "
1529 "spi=%08x must be > 255.\n",
1530 ntohl(((struct sadb_sa*)(extensions[SADB_EXT_SA]))->sadb_sa_spi));
1531 SENDERR(EINVAL);
1532 }
1533 default:
1534 break;
1535 }
1536 errlab:
1537
1538 return error;
1539 }