Bye bye Pluto!
authorTobias Brunner <tobias@strongswan.org>
Tue, 15 May 2012 14:59:00 +0000 (16:59 +0200)
committerTobias Brunner <tobias@strongswan.org>
Mon, 11 Jun 2012 15:33:32 +0000 (17:33 +0200)
Charon will take over IKEv1 duties from here.  This also removes
libfreeswan and whack.

180 files changed:
Android.mk.in
configure.in
src/Makefile.am
src/checksum/Makefile.am
src/libfreeswan/Android.mk [deleted file]
src/libfreeswan/Makefile.am [deleted file]
src/libfreeswan/addrtoa.c [deleted file]
src/libfreeswan/addrtot.c [deleted file]
src/libfreeswan/addrtypeof.c [deleted file]
src/libfreeswan/anyaddr.3 [deleted file]
src/libfreeswan/anyaddr.c [deleted file]
src/libfreeswan/atoaddr.3 [deleted file]
src/libfreeswan/atoaddr.c [deleted file]
src/libfreeswan/atoasr.3 [deleted file]
src/libfreeswan/atoasr.c [deleted file]
src/libfreeswan/atosubnet.c [deleted file]
src/libfreeswan/atoul.3 [deleted file]
src/libfreeswan/atoul.c [deleted file]
src/libfreeswan/copyright.c [deleted file]
src/libfreeswan/datatot.c [deleted file]
src/libfreeswan/freeswan.h [deleted file]
src/libfreeswan/goodmask.3 [deleted file]
src/libfreeswan/goodmask.c [deleted file]
src/libfreeswan/initaddr.3 [deleted file]
src/libfreeswan/initaddr.c [deleted file]
src/libfreeswan/initsaid.c [deleted file]
src/libfreeswan/initsubnet.3 [deleted file]
src/libfreeswan/initsubnet.c [deleted file]
src/libfreeswan/internal.h [deleted file]
src/libfreeswan/ipsec_param.h [deleted file]
src/libfreeswan/pfkey.h [deleted file]
src/libfreeswan/pfkey_v2_build.c [deleted file]
src/libfreeswan/pfkey_v2_debug.c [deleted file]
src/libfreeswan/pfkey_v2_ext_bits.c [deleted file]
src/libfreeswan/pfkey_v2_parse.c [deleted file]
src/libfreeswan/pfkeyv2.h [deleted file]
src/libfreeswan/portof.3 [deleted file]
src/libfreeswan/portof.c [deleted file]
src/libfreeswan/rangetoa.c [deleted file]
src/libfreeswan/rangetosubnet.3 [deleted file]
src/libfreeswan/rangetosubnet.c [deleted file]
src/libfreeswan/sameaddr.3 [deleted file]
src/libfreeswan/sameaddr.c [deleted file]
src/libfreeswan/satot.c [deleted file]
src/libfreeswan/subnetof.3 [deleted file]
src/libfreeswan/subnetof.c [deleted file]
src/libfreeswan/subnettoa.c [deleted file]
src/libfreeswan/subnettot.c [deleted file]
src/libfreeswan/subnettypeof.c [deleted file]
src/libfreeswan/ttoaddr.3 [deleted file]
src/libfreeswan/ttoaddr.c [deleted file]
src/libfreeswan/ttodata.3 [deleted file]
src/libfreeswan/ttodata.c [deleted file]
src/libfreeswan/ttoprotoport.c [deleted file]
src/libfreeswan/ttosa.3 [deleted file]
src/libfreeswan/ttosa.c [deleted file]
src/libfreeswan/ttosubnet.c [deleted file]
src/libfreeswan/ttoul.3 [deleted file]
src/libfreeswan/ttoul.c [deleted file]
src/libfreeswan/ultoa.c [deleted file]
src/libfreeswan/ultot.c [deleted file]
src/pluto/.gitignore [deleted file]
src/pluto/Android.mk [deleted file]
src/pluto/Makefile.am [deleted file]
src/pluto/ac.c [deleted file]
src/pluto/ac.h [deleted file]
src/pluto/adns.c [deleted file]
src/pluto/adns.h [deleted file]
src/pluto/alg_info.c [deleted file]
src/pluto/alg_info.h [deleted file]
src/pluto/builder.c [deleted file]
src/pluto/builder.h [deleted file]
src/pluto/ca.c [deleted file]
src/pluto/ca.h [deleted file]
src/pluto/certs.c [deleted file]
src/pluto/certs.h [deleted file]
src/pluto/connections.c [deleted file]
src/pluto/connections.h [deleted file]
src/pluto/constants.c [deleted file]
src/pluto/constants.h [deleted file]
src/pluto/cookie.c [deleted file]
src/pluto/cookie.h [deleted file]
src/pluto/crl.c [deleted file]
src/pluto/crl.h [deleted file]
src/pluto/crypto.c [deleted file]
src/pluto/crypto.h [deleted file]
src/pluto/db_ops.c [deleted file]
src/pluto/db_ops.h [deleted file]
src/pluto/defs.c [deleted file]
src/pluto/defs.h [deleted file]
src/pluto/demux.c [deleted file]
src/pluto/demux.h [deleted file]
src/pluto/dnskey.c [deleted file]
src/pluto/dnskey.h [deleted file]
src/pluto/event_queue.c [deleted file]
src/pluto/event_queue.h [deleted file]
src/pluto/fetch.c [deleted file]
src/pluto/fetch.h [deleted file]
src/pluto/foodgroups.c [deleted file]
src/pluto/foodgroups.h [deleted file]
src/pluto/ike_alg.c [deleted file]
src/pluto/ike_alg.h [deleted file]
src/pluto/ipsec_doi.c [deleted file]
src/pluto/ipsec_doi.h [deleted file]
src/pluto/kameipsec.h [deleted file]
src/pluto/kernel.c [deleted file]
src/pluto/kernel.h [deleted file]
src/pluto/kernel_alg.c [deleted file]
src/pluto/kernel_alg.h [deleted file]
src/pluto/kernel_pfkey.c [deleted file]
src/pluto/kernel_pfkey.h [deleted file]
src/pluto/keys.c [deleted file]
src/pluto/keys.h [deleted file]
src/pluto/lex.c [deleted file]
src/pluto/lex.h [deleted file]
src/pluto/log.c [deleted file]
src/pluto/log.h [deleted file]
src/pluto/modecfg.c [deleted file]
src/pluto/modecfg.h [deleted file]
src/pluto/myid.c [deleted file]
src/pluto/myid.h [deleted file]
src/pluto/nat_traversal.c [deleted file]
src/pluto/nat_traversal.h [deleted file]
src/pluto/ocsp.c [deleted file]
src/pluto/ocsp.h [deleted file]
src/pluto/packet.c [deleted file]
src/pluto/packet.h [deleted file]
src/pluto/pkcs7.c [deleted file]
src/pluto/pkcs7.h [deleted file]
src/pluto/plugin_list.c [deleted file]
src/pluto/plugin_list.h [deleted file]
src/pluto/plugins/xauth/Makefile.am [deleted file]
src/pluto/plugins/xauth/xauth_default_provider.c [deleted file]
src/pluto/plugins/xauth/xauth_default_provider.h [deleted file]
src/pluto/plugins/xauth/xauth_default_verifier.c [deleted file]
src/pluto/plugins/xauth/xauth_default_verifier.h [deleted file]
src/pluto/plugins/xauth/xauth_plugin.c [deleted file]
src/pluto/plugins/xauth/xauth_plugin.h [deleted file]
src/pluto/pluto.8 [deleted file]
src/pluto/pluto.c [deleted file]
src/pluto/pluto.h [deleted file]
src/pluto/plutomain.c [deleted file]
src/pluto/rcv_whack.c [deleted file]
src/pluto/rcv_whack.h [deleted file]
src/pluto/routing.txt [deleted file]
src/pluto/rsaref/pkcs11.h [deleted file]
src/pluto/rsaref/pkcs11f.h [deleted file]
src/pluto/rsaref/pkcs11t.h [deleted file]
src/pluto/rsaref/unix.h [deleted file]
src/pluto/server.c [deleted file]
src/pluto/server.h [deleted file]
src/pluto/smartcard.c [deleted file]
src/pluto/smartcard.h [deleted file]
src/pluto/spdb.c [deleted file]
src/pluto/spdb.h [deleted file]
src/pluto/state.c [deleted file]
src/pluto/state.h [deleted file]
src/pluto/timer.c [deleted file]
src/pluto/timer.h [deleted file]
src/pluto/vendor.c [deleted file]
src/pluto/vendor.h [deleted file]
src/pluto/virtual.c [deleted file]
src/pluto/virtual.h [deleted file]
src/pluto/whack_attribute.c [deleted file]
src/pluto/whack_attribute.h [deleted file]
src/pluto/x509.c [deleted file]
src/pluto/x509.h [deleted file]
src/pluto/xauth/xauth_manager.c [deleted file]
src/pluto/xauth/xauth_manager.h [deleted file]
src/pluto/xauth/xauth_provider.h [deleted file]
src/pluto/xauth/xauth_verifier.h [deleted file]
src/starter/Android.mk
src/starter/Makefile.am
src/starter/confread.c
src/starter/files.h
src/whack/.gitignore [deleted file]
src/whack/Android.mk [deleted file]
src/whack/Makefile.am [deleted file]
src/whack/whack.c [deleted file]
src/whack/whack.h [deleted file]

index 57fa8b1..2563b7a 100644 (file)
@@ -6,12 +6,10 @@ include $(CLEAR_VARS)
 #   build/target/product/core.mk
 # possible executables are
 #   starter - allows to control and configure the daemons from the command line
-#   charon - the IKEv2 daemon
-#   pluto - the IKEv1 daemon
+#   charon - the IKE daemon
 
-# if you enable starter and/or pluto (see above) uncomment the proper lines here
+# if you enable starter (see above) uncomment this line too
 # strongswan_BUILD_STARTER := true
-# strongswan_BUILD_PLUTO := true
 
 # this is the list of plugins that are built into libstrongswan and charon
 # also these plugins are loaded by default (if not changed in strongswan.conf)
@@ -19,20 +17,10 @@ strongswan_CHARON_PLUGINS := openssl fips-prf random pubkey pkcs1 \
        pem xcbc hmac kernel-netlink socket-default android \
        stroke eap-identity eap-mschapv2 eap-md5
 
-ifneq ($(strongswan_BUILD_PLUTO),)
-# if both daemons are enabled we use raw sockets in charon
-strongswan_CHARON_PLUGINS := $(subst socket-default,socket-raw, \
-                               $(strongswan_CHARON_PLUGINS))
-# plugins loaded by pluto
-strongswan_PLUTO_PLUGINS := openssl fips-prf random pubkey pkcs1 \
-       pem xcbc hmac kernel-netlink xauth
-endif
-
 strongswan_STARTER_PLUGINS := kernel-netlink
 
 # list of all plugins - used to enable them with the function below
 strongswan_PLUGINS := $(sort $(strongswan_CHARON_PLUGINS) \
-                            $(strongswan_PLUTO_PLUGINS) \
                             $(strongswan_STARTER_PLUGINS))
 
 # helper macros to only add source files for plugins included in the list above
@@ -115,18 +103,10 @@ strongswan_BUILD := \
 
 ifneq ($(strongswan_BUILD_STARTER),)
 strongswan_BUILD += \
-       libfreeswan \
        starter \
        stroke \
        ipsec
 endif
 
-ifneq ($(strongswan_BUILD_PLUTO),)
-strongswan_BUILD += \
-       libfreeswan \
-       pluto \
-       whack
-endif
-
 include $(addprefix $(LOCAL_PATH)/src/,$(addsuffix /Android.mk, \
                $(sort $(strongswan_BUILD))))
index 7d0cdbb..edf7ce0 100644 (file)
@@ -164,12 +164,9 @@ ARG_ENABL_SET([manager],        [enable web management console (proof of concept
 ARG_ENABL_SET([mediation],      [enable IKEv2 Mediation Extension.])
 ARG_ENABL_SET([integrity-test], [enable integrity testing of libstrongswan and plugins.])
 ARG_DISBL_SET([load-warning],   [disable the charon/pluto plugin load option warning in starter.])
-ARG_ENABL_SET([pluto],          [enable the IKEv1 keying daemon pluto.])
 ARG_DISBL_SET([ikev1],          [disable IKEv1 protocol support in charon.])
 ARG_DISBL_SET([ikev2],          [disable IKEv2 protocol support in charon.])
 ARG_DISBL_SET([xauth],          [disable xauth plugin.])
-ARG_DISBL_SET([threads],        [disable the use of threads in pluto. Charon always uses threads.])
-ARG_DISBL_SET([adns],           [disable the use of adns in pluto (disables opportunistic encryption).])
 ARG_DISBL_SET([charon],         [disable the IKEv1/IKEv2 keying daemon charon.])
 ARG_DISBL_SET([tools],          [disable additional utilities (openac, scepclient and pki).])
 ARG_DISBL_SET([scripts],        [disable additional utilities (found in directory scripts).])
@@ -303,16 +300,6 @@ if test x$medcli = xtrue; then
        mediation=true
 fi
 
-if test x$pluto = xtrue; then
-       if test x$socket_raw = xfalse; then
-               AC_MSG_NOTICE([Enforcing --enable-socket-raw, as pluto is enabled])
-               socket_raw=true
-               if test x$socket_default_given = xfalse; then
-                       socket_default=false
-               fi
-       fi
-fi
-
 dnl ===========================================
 dnl  check required libraries and header files
 dnl ===========================================
@@ -789,7 +776,6 @@ m4_include(m4/macros/add-plugin.m4)
 
 # plugin lists for all components
 charon_plugins=
-pluto_plugins=
 starter_plugins=
 pool_plugins=
 attest_plugins=
@@ -802,59 +788,57 @@ medsrv_plugins=
 nm_plugins=
 
 # location specific lists for checksumming,
-# for src/libcharon, src/pluto, src/libhydra and src/libstrongswan
+# for src/libcharon, src/libhydra and src/libstrongswan
 c_plugins=
-p_plugins=
 h_plugins=
 s_plugins=
 
-ADD_PLUGIN([test-vectors],         [s charon pluto openac scepclient pki])
-ADD_PLUGIN([curl],                 [s charon pluto scepclient scripts nm])
-ADD_PLUGIN([soup],                 [s charon pluto scripts nm])
-ADD_PLUGIN([ldap],                 [s charon pluto scepclient scripts nm])
-ADD_PLUGIN([mysql],                [s charon pluto pool manager medsrv attest])
-ADD_PLUGIN([sqlite],               [s charon pluto pool manager medsrv attest])
+ADD_PLUGIN([test-vectors],         [s charon openac scepclient pki])
+ADD_PLUGIN([curl],                 [s charon scepclient scripts nm])
+ADD_PLUGIN([soup],                 [s charon scripts nm])
+ADD_PLUGIN([ldap],                 [s charon scepclient scripts nm])
+ADD_PLUGIN([mysql],                [s charon pool manager medsrv attest])
+ADD_PLUGIN([sqlite],               [s charon pool manager medsrv attest])
 ADD_PLUGIN([pkcs11],               [s charon pki nm])
-ADD_PLUGIN([aes],                  [s charon pluto openac scepclient pki scripts nm])
-ADD_PLUGIN([des],                  [s charon pluto openac scepclient pki scripts nm])
-ADD_PLUGIN([blowfish],             [s charon pluto openac scepclient pki scripts nm])
-ADD_PLUGIN([sha1],                 [s charon pluto openac scepclient pki scripts medsrv attest nm])
-ADD_PLUGIN([sha2],                 [s charon pluto openac scepclient pki scripts medsrv attest nm])
+ADD_PLUGIN([aes],                  [s charon openac scepclient pki scripts nm])
+ADD_PLUGIN([des],                  [s charon openac scepclient pki scripts nm])
+ADD_PLUGIN([blowfish],             [s charon openac scepclient pki scripts nm])
+ADD_PLUGIN([sha1],                 [s charon openac scepclient pki scripts medsrv attest nm])
+ADD_PLUGIN([sha2],                 [s charon openac scepclient pki scripts medsrv attest nm])
 ADD_PLUGIN([md4],                  [s charon openac manager scepclient pki nm])
-ADD_PLUGIN([md5],                  [s charon pluto openac scepclient pki scripts attest nm])
-ADD_PLUGIN([random],               [s charon pluto openac scepclient pki scripts medsrv attest nm])
+ADD_PLUGIN([md5],                  [s charon openac scepclient pki scripts attest nm])
+ADD_PLUGIN([random],               [s charon openac scepclient pki scripts medsrv attest nm])
 ADD_PLUGIN([nonce],                [s charon nm])
-ADD_PLUGIN([x509],                 [s charon pluto openac scepclient pki scripts attest nm])
+ADD_PLUGIN([x509],                 [s charon openac scepclient pki scripts attest nm])
 ADD_PLUGIN([revocation],           [s charon nm])
 ADD_PLUGIN([constraints],          [s charon nm])
 ADD_PLUGIN([pubkey],               [s charon])
-ADD_PLUGIN([pkcs1],                [s charon pluto openac scepclient pki scripts manager medsrv attest nm])
-ADD_PLUGIN([pkcs8],                [s charon pluto openac scepclient pki scripts manager medsrv attest nm])
-ADD_PLUGIN([pgp],                  [s charon pluto])
-ADD_PLUGIN([dnskey],               [s pluto])
-ADD_PLUGIN([pem],                  [s charon pluto openac scepclient pki scripts manager medsrv attest nm])
+ADD_PLUGIN([pkcs1],                [s charon openac scepclient pki scripts manager medsrv attest nm])
+ADD_PLUGIN([pkcs8],                [s charon openac scepclient pki scripts manager medsrv attest nm])
+ADD_PLUGIN([pgp],                  [s charon])
+ADD_PLUGIN([dnskey],               [s charon])
+ADD_PLUGIN([pem],                  [s charon openac scepclient pki scripts manager medsrv attest nm])
 ADD_PLUGIN([padlock],              [s charon])
-ADD_PLUGIN([openssl],              [s charon pluto openac scepclient pki scripts manager medsrv attest nm])
-ADD_PLUGIN([gcrypt],               [s charon pluto openac scepclient pki scripts manager medsrv attest nm])
-ADD_PLUGIN([af-alg],               [s charon pluto openac scepclient pki scripts medsrv attest nm])
+ADD_PLUGIN([openssl],              [s charon openac scepclient pki scripts manager medsrv attest nm])
+ADD_PLUGIN([gcrypt],               [s charon openac scepclient pki scripts manager medsrv attest nm])
+ADD_PLUGIN([af-alg],               [s charon openac scepclient pki scripts medsrv attest nm])
 ADD_PLUGIN([fips-prf],             [s charon nm])
-ADD_PLUGIN([gmp],                  [s charon pluto openac scepclient pki scripts manager medsrv attest nm])
+ADD_PLUGIN([gmp],                  [s charon openac scepclient pki scripts manager medsrv attest nm])
 ADD_PLUGIN([agent],                [s charon nm])
 ADD_PLUGIN([xcbc],                 [s charon nm])
 ADD_PLUGIN([cmac],                 [s charon nm])
-ADD_PLUGIN([hmac],                 [s charon pluto scripts nm])
+ADD_PLUGIN([hmac],                 [s charon scripts nm])
 ADD_PLUGIN([ctr],                  [s charon scripts nm])
 ADD_PLUGIN([ccm],                  [s charon scripts nm])
 ADD_PLUGIN([gcm],                  [s charon scripts nm])
-ADD_PLUGIN([xauth],                [p pluto])
-ADD_PLUGIN([attr],                 [h charon pluto])
-ADD_PLUGIN([attr-sql],             [h charon pluto])
+ADD_PLUGIN([attr],                 [h charon])
+ADD_PLUGIN([attr-sql],             [h charon])
 ADD_PLUGIN([load-tester],          [c charon])
-ADD_PLUGIN([kernel-pfkey],         [h charon pluto starter nm])
-ADD_PLUGIN([kernel-pfroute],       [h charon pluto starter nm])
-ADD_PLUGIN([kernel-klips],         [h charon pluto starter])
-ADD_PLUGIN([kernel-netlink],       [h charon pluto starter nm])
-ADD_PLUGIN([resolve],              [h charon pluto])
+ADD_PLUGIN([kernel-pfkey],         [h charon starter nm])
+ADD_PLUGIN([kernel-pfroute],       [h charon starter nm])
+ADD_PLUGIN([kernel-klips],         [h charon starter])
+ADD_PLUGIN([kernel-netlink],       [h charon starter nm])
+ADD_PLUGIN([resolve],              [h charon])
 ADD_PLUGIN([socket-default],       [c charon nm])
 ADD_PLUGIN([socket-raw],           [c charon nm])
 ADD_PLUGIN([socket-dynamic],       [c charon])
@@ -907,7 +891,6 @@ ADD_PLUGIN([addrblock],            [c charon])
 ADD_PLUGIN([unit-tester],          [c charon])
 
 AC_SUBST(charon_plugins)
-AC_SUBST(pluto_plugins)
 AC_SUBST(starter_plugins)
 AC_SUBST(pool_plugins)
 AC_SUBST(attest_plugins)
@@ -1039,10 +1022,6 @@ AM_CONDITIONAL(USE_KERNEL_PFKEY, test x$kernel_pfkey = xtrue)
 AM_CONDITIONAL(USE_KERNEL_PFROUTE, test x$kernel_pfroute = xtrue)
 AM_CONDITIONAL(USE_RESOLVE, test x$resolve = xtrue)
 
-dnl pluto plugins
-dnl =============
-AM_CONDITIONAL(USE_XAUTH, test x$xauth = xtrue)
-
 dnl other options
 dnl =============
 AM_CONDITIONAL(USE_SMARTCARD, test x$smartcard = xtrue)
@@ -1058,7 +1037,6 @@ AM_CONDITIONAL(USE_MANAGER, test x$manager = xtrue)
 AM_CONDITIONAL(USE_ME, test x$mediation = xtrue)
 AM_CONDITIONAL(USE_INTEGRITY_TEST, test x$integrity_test = xtrue)
 AM_CONDITIONAL(USE_LOAD_WARNING, test x$load_warning = xtrue)
-AM_CONDITIONAL(USE_PLUTO, test x$pluto = xtrue)
 AM_CONDITIONAL(USE_IKEV1, test x$ikev1 = xtrue)
 AM_CONDITIONAL(USE_IKEV2, test x$ikev2 = xtrue)
 AM_CONDITIONAL(USE_THREADS, test x$threads = xtrue)
@@ -1068,13 +1046,13 @@ AM_CONDITIONAL(USE_NM, test x$nm = xtrue)
 AM_CONDITIONAL(USE_TOOLS, test x$tools = xtrue)
 AM_CONDITIONAL(USE_SCRIPTS, test x$scripts = xtrue)
 AM_CONDITIONAL(USE_CONFTEST, test x$conftest = xtrue)
-AM_CONDITIONAL(USE_LIBSTRONGSWAN, test x$charon = xtrue -o x$pluto = xtrue -o x$tools = xtrue -o x$conftest = xtrue -o x$fast = xtrue -o x$imcv = xtrue -o x$nm = xtrue)
-AM_CONDITIONAL(USE_LIBHYDRA, test x$charon = xtrue -o x$pluto = xtrue -o x$nm = xtrue)
+AM_CONDITIONAL(USE_LIBSTRONGSWAN, test x$charon = xtrue -o x$tools = xtrue -o x$conftest = xtrue -o x$fast = xtrue -o x$imcv = xtrue -o x$nm = xtrue)
+AM_CONDITIONAL(USE_LIBHYDRA, test x$charon = xtrue -o x$nm = xtrue)
 AM_CONDITIONAL(USE_LIBCHARON, test x$charon = xtrue -o x$conftest = xtrue -o x$nm = xtrue)
 AM_CONDITIONAL(USE_LIBTNCIF, test x$tnc_tnccs = xtrue -o x$imcv = xtrue)
 AM_CONDITIONAL(USE_LIBTNCCS, test x$tnc_tnccs = xtrue)
-AM_CONDITIONAL(USE_FILE_CONFIG, test x$pluto = xtrue -o x$stroke = xtrue)
-AM_CONDITIONAL(USE_IPSEC_SCRIPT, test x$pluto = xtrue -o x$stroke = xtrue -o x$tools = xtrue -o x$conftest = xtrue)
+AM_CONDITIONAL(USE_FILE_CONFIG, test x$stroke = xtrue)
+AM_CONDITIONAL(USE_IPSEC_SCRIPT, test x$stroke = xtrue -o x$tools = xtrue -o x$conftest = xtrue)
 AM_CONDITIONAL(USE_LIBCAP, test x$capabilities = xlibcap)
 AM_CONDITIONAL(USE_VSTR, test x$vstr = xtrue)
 AM_CONDITIONAL(USE_SIMAKA, test x$simaka = xtrue)
@@ -1162,7 +1140,6 @@ AC_OUTPUT(
        src/libhydra/plugins/kernel_pfkey/Makefile
        src/libhydra/plugins/kernel_pfroute/Makefile
        src/libhydra/plugins/resolve/Makefile
-       src/libfreeswan/Makefile
        src/libsimaka/Makefile
        src/libtls/Makefile
        src/libradius/Makefile
@@ -1176,9 +1153,6 @@ AC_OUTPUT(
        src/libimcv/plugins/imv_test/Makefile
        src/libimcv/plugins/imc_scanner/Makefile
        src/libimcv/plugins/imv_scanner/Makefile
-       src/pluto/Makefile
-       src/pluto/plugins/xauth/Makefile
-       src/whack/Makefile
        src/charon/Makefile
        src/charon-nm/Makefile
        src/libcharon/Makefile
index 0c19ea3..452036b 100644 (file)
@@ -41,17 +41,13 @@ if USE_LIBCHARON
 endif
 
 if USE_FILE_CONFIG
-  SUBDIRS += libfreeswan starter
+  SUBDIRS += starter
 endif
 
 if USE_IPSEC_SCRIPT
   SUBDIRS += ipsec _copyright
 endif
 
-if USE_PLUTO
-  SUBDIRS += pluto whack
-endif
-
 if USE_CHARON
   SUBDIRS += charon
 endif
@@ -69,7 +65,7 @@ if USE_UPDOWN
 endif
 
 if USE_TOOLS
-  SUBDIRS += libfreeswan openac scepclient pki
+  SUBDIRS += openac scepclient pki
 endif
 
 if USE_CONFTEST
index 58292a4..0d0da5a 100644 (file)
@@ -79,11 +79,6 @@ if !MONOLITHIC
 endif
 endif
 
-if USE_PLUTO
-  exes += $(top_builddir)/src/pluto/.libs/pluto
-  AM_CFLAGS += -DP_PLUGINS=\""${p_plugins}\""
-endif
-
 if USE_TOOLS
   exes += $(top_builddir)/src/openac/.libs/openac
   exes += $(top_builddir)/src/pki/.libs/pki
diff --git a/src/libfreeswan/Android.mk b/src/libfreeswan/Android.mk
deleted file mode 100644 (file)
index a834d48..0000000
+++ /dev/null
@@ -1,38 +0,0 @@
-LOCAL_PATH := $(call my-dir)
-include $(CLEAR_VARS)
-
-# copy-n-paste from Makefile.am
-LOCAL_SRC_FILES := \
-addrtoa.c addrtot.c addrtypeof.c anyaddr.c atoaddr.c atoasr.c \
-atosubnet.c atoul.c copyright.c datatot.c freeswan.h \
-goodmask.c initaddr.c initsaid.c initsubnet.c internal.h ipsec_param.h \
-pfkey_v2_build.c pfkey_v2_debug.c \
-pfkey_v2_ext_bits.c pfkey_v2_parse.c portof.c rangetoa.c \
-pfkey.h pfkeyv2.h rangetosubnet.c sameaddr.c \
-satot.c subnetof.c subnettoa.c subnettot.c \
-subnettypeof.c ttoaddr.c ttodata.c ttoprotoport.c ttosa.c ttosubnet.c ttoul.c \
-ultoa.c ultot.c
-
-# build libfreeswan ------------------------------------------------------------
-
-LOCAL_C_INCLUDES += \
-       $(libvstr_PATH) \
-       $(strongswan_PATH)/src/include \
-       $(strongswan_PATH)/src/libstrongswan \
-       $(strongswan_PATH)/src/libhydra \
-       $(strongswan_PATH)/src/pluto
-
-LOCAL_CFLAGS := $(strongswan_CFLAGS)
-
-LOCAL_MODULE := libfreeswan
-
-LOCAL_MODULE_TAGS := optional
-
-LOCAL_ARM_MODE := arm
-
-LOCAL_PRELINK_MODULE := false
-
-LOCAL_SHARED_LIBRARIES += libstrongswan
-
-include $(BUILD_SHARED_LIBRARY)
-
diff --git a/src/libfreeswan/Makefile.am b/src/libfreeswan/Makefile.am
deleted file mode 100644 (file)
index b38343d..0000000
+++ /dev/null
@@ -1,22 +0,0 @@
-noinst_LIBRARIES = libfreeswan.a
-libfreeswan_a_SOURCES = \
-addrtoa.c addrtot.c addrtypeof.c anyaddr.c atoaddr.c atoasr.c \
-atosubnet.c atoul.c copyright.c datatot.c freeswan.h \
-goodmask.c initaddr.c initsaid.c initsubnet.c internal.h ipsec_param.h \
-pfkey_v2_build.c pfkey_v2_debug.c \
-pfkey_v2_ext_bits.c pfkey_v2_parse.c portof.c rangetoa.c \
-pfkey.h pfkeyv2.h rangetosubnet.c sameaddr.c \
-satot.c subnetof.c subnettoa.c subnettot.c \
-subnettypeof.c ttoaddr.c ttodata.c ttoprotoport.c ttosa.c ttosubnet.c ttoul.c \
-ultoa.c ultot.c
-
-INCLUDES = \
--I$(top_srcdir)/src/libstrongswan \
--I$(top_srcdir)/src/libhydra \
--I$(top_srcdir)/src/pluto
-
-dist_man3_MANS = anyaddr.3 atoaddr.3 atoasr.3 atoul.3 goodmask.3 initaddr.3 initsubnet.3 \
-                 portof.3 rangetosubnet.3 sameaddr.3 subnetof.3 \
-                 ttoaddr.3 ttodata.3 ttosa.3 ttoul.3
-
-EXTRA_DIST = Android.mk
diff --git a/src/libfreeswan/addrtoa.c b/src/libfreeswan/addrtoa.c
deleted file mode 100644 (file)
index e1c71da..0000000
+++ /dev/null
@@ -1,66 +0,0 @@
-/*
- * addresses to ASCII
- * Copyright (C) 1998, 1999  Henry Spencer.
- *
- * This library is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Library General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/lgpl.txt>.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Library General Public
- * License for more details.
- */
-#include "internal.h"
-#include "freeswan.h"
-
-#define        NBYTES  4               /* bytes in an address */
-#define        PERBYTE 4               /* three digits plus a dot or NUL */
-#define        BUFLEN  (NBYTES*PERBYTE)
-
-#if BUFLEN != ADDRTOA_BUF
-#error "ADDRTOA_BUF in freeswan.h inconsistent with addrtoa() code"
-#endif
-
-/*
- - addrtoa - convert binary address to ASCII dotted decimal
- */
-size_t                         /* space needed for full conversion */
-addrtoa(addr, format, dst, dstlen)
-struct in_addr addr;
-int format;                    /* character */
-char *dst;                     /* need not be valid if dstlen is 0 */
-size_t dstlen;
-{
-       unsigned long a = ntohl(addr.s_addr);
-       int i;
-       size_t n;
-       unsigned long byte;
-       char buf[BUFLEN];
-       char *p;
-
-       switch (format) {
-       case 0:
-               break;
-       default:
-               return 0;
-               break;
-       }
-
-       p = buf;
-       for (i = NBYTES-1; i >= 0; i--) {
-               byte = (a >> (i*8)) & 0xff;
-               p += ultoa(byte, 10, p, PERBYTE);
-               if (i != 0)
-                       *(p-1) = '.';
-       }
-       n = p - buf;
-
-       if (dstlen > 0) {
-               if (n > dstlen)
-                       buf[dstlen - 1] = '\0';
-               strcpy(dst, buf);
-       }
-       return n;
-}
diff --git a/src/libfreeswan/addrtot.c b/src/libfreeswan/addrtot.c
deleted file mode 100644 (file)
index d1a3387..0000000
+++ /dev/null
@@ -1,302 +0,0 @@
-/*
- * addresses to text
- * Copyright (C) 2000  Henry Spencer.
- *
- * This library is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Library General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/lgpl.txt>.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Library General Public
- * License for more details.
- */
-#include <sys/socket.h>
-
-#include "internal.h"
-#include "freeswan.h"
-
-#define        IP4BYTES        4       /* bytes in an IPv4 address */
-#define        PERBYTE         4       /* three digits plus a dot or NUL */
-#define        IP6BYTES        16      /* bytes in an IPv6 address */
-
-/* forwards */
-static size_t normal4(const unsigned char *s, size_t len, char *b, char **dp);
-static size_t normal6(const unsigned char *s, size_t len, char *b, char **dp, int squish);
-static size_t reverse4(const unsigned char *s, size_t len, char *b, char **dp);
-static size_t reverse6(const unsigned char *s, size_t len, char *b, char **dp);
-
-/*
- - addrtot - convert binary address to text (dotted decimal or IPv6 string)
- */
-size_t                         /* space needed for full conversion */
-addrtot(src, format, dst, dstlen)
-const ip_address *src;
-int format;                    /* character */
-char *dst;                     /* need not be valid if dstlen is 0 */
-size_t dstlen;
-{
-       const unsigned char *b;
-       size_t n;
-       char buf[1+ADDRTOT_BUF+1];      /* :address: */
-       char *p;
-       int t = addrtypeof(src);
-#      define  TF(t, f)        (((t)<<8) | (f))
-
-       n = addrbytesptr(src, &b);
-       if (n == 0)
-               return 0;
-
-       switch (TF(t, format)) {
-       case TF(AF_INET, 0):
-               n = normal4(b, n, buf, &p);
-               break;
-       case TF(AF_INET6, 0):
-               n = normal6(b, n, buf, &p, 1);
-               break;
-       case TF(AF_INET, 'Q'):
-               n = normal4(b, n, buf, &p);
-               break;
-       case TF(AF_INET6, 'Q'):
-               n = normal6(b, n, buf, &p, 0);
-               break;
-       case TF(AF_INET, 'r'):
-               n = reverse4(b, n, buf, &p);
-               break;
-       case TF(AF_INET6, 'r'):
-               n = reverse6(b, n, buf, &p);
-               break;
-       default:                /* including (AF_INET, 'R') */
-               return 0;
-               break;
-       }
-
-       if (dstlen > 0) {
-               if (dstlen < n)
-                       p[dstlen - 1] = '\0';
-               strcpy(dst, p);
-       }
-       return n;
-}
-
-/*
- - normal4 - normal IPv4 address-text conversion
- */
-static size_t                  /* size of text, including NUL */
-normal4(srcp, srclen, buf, dstp)
-const unsigned char *srcp;
-size_t srclen;
-char *buf;                     /* guaranteed large enough */
-char **dstp;                   /* where to put result pointer */
-{
-       int i;
-       char *p;
-
-       if (srclen != IP4BYTES) /* "can't happen" */
-               return 0;
-       p = buf;
-       for (i = 0; i < IP4BYTES; i++) {
-               p += ultot(srcp[i], 10, p, PERBYTE);
-               if (i != IP4BYTES - 1)
-                       *(p-1) = '.';   /* overwrites the NUL */
-       }
-       *dstp = buf;
-       return p - buf;
-}
-
-/*
- - normal6 - normal IPv6 address-text conversion
- */
-static size_t                  /* size of text, including NUL */
-normal6(srcp, srclen, buf, dstp, squish)
-const unsigned char *srcp;
-size_t srclen;
-char *buf;                     /* guaranteed large enough, plus 2 */
-char **dstp;                   /* where to put result pointer */
-int    squish;                  /* whether to squish out 0:0 */
-{
-       int i;
-       unsigned long piece;
-       char *p;
-       char *q;
-
-       if (srclen != IP6BYTES) /* "can't happen" */
-               return 0;
-       p = buf;
-       *p++ = ':';
-       for (i = 0; i < IP6BYTES/2; i++) {
-               piece = (srcp[2*i] << 8) + srcp[2*i + 1];
-               p += ultot(piece, 16, p, 5);    /* 5 = abcd + NUL */
-               *(p-1) = ':';   /* overwrites the NUL */
-       }
-       *p = '\0';
-       q = strstr(buf, ":0:0:");
-       if (squish && q != NULL) {      /* zero squishing is possible */
-               p = q + 1;
-               while (*p == '0' && *(p+1) == ':')
-                       p += 2;
-               q++;
-               *q++ = ':';     /* overwrite first 0 */
-               while (*p != '\0')
-                       *q++ = *p++;
-               *q = '\0';
-               if (!(*(q-1) == ':' && *(q-2) == ':'))
-                       *--q = '\0';    /* strip final : unless :: */
-               p = buf;
-               if (!(*p == ':' && *(p+1) == ':'))
-                       p++;    /* skip initial : unless :: */
-       } else {
-               q = p;
-               *--q = '\0';    /* strip final : */
-               p = buf + 1;    /* skip initial : */
-       }
-       *dstp = p;
-       return q - p + 1;
-}
-
-/*
- - reverse4 - IPv4 reverse-lookup conversion
- */
-static size_t                  /* size of text, including NUL */
-reverse4(srcp, srclen, buf, dstp)
-const unsigned char *srcp;
-size_t srclen;
-char *buf;                     /* guaranteed large enough */
-char **dstp;                   /* where to put result pointer */
-{
-       int i;
-       char *p;
-
-       if (srclen != IP4BYTES) /* "can't happen" */
-               return 0;
-       p = buf;
-       for (i = IP4BYTES-1; i >= 0; i--) {
-               p += ultot(srcp[i], 10, p, PERBYTE);
-               *(p-1) = '.';   /* overwrites the NUL */
-       }
-       strcpy(p, "IN-ADDR.ARPA.");
-       *dstp = buf;
-       return strlen(buf) + 1;
-}
-
-/*
- - reverse6 - IPv6 reverse-lookup conversion (RFC 1886)
- * A trifle inefficient, really shouldn't use ultot...
- */
-static size_t                  /* size of text, including NUL */
-reverse6(srcp, srclen, buf, dstp)
-const unsigned char *srcp;
-size_t srclen;
-char *buf;                     /* guaranteed large enough */
-char **dstp;                   /* where to put result pointer */
-{
-       int i;
-       unsigned long piece;
-       char *p;
-
-       if (srclen != IP6BYTES) /* "can't happen" */
-               return 0;
-       p = buf;
-       for (i = IP6BYTES-1; i >= 0; i--) {
-               piece = srcp[i];
-               p += ultot(piece&0xf, 16, p, 2);
-               *(p-1) = '.';
-               p += ultot(piece>>4, 16, p, 2);
-               *(p-1) = '.';
-       }
-       strcpy(p, "IP6.ARPA.");
-       *dstp = buf;
-       return strlen(buf) + 1;
-}
-
-/*
- - reverse6 - modern IPv6 reverse-lookup conversion (RFC 2874)
- * this version removed as it was obsoleted in the end.
- */
-
-#ifdef ADDRTOT_MAIN
-
-#include <stdio.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <arpa/inet.h>
-
-void regress(void);
-
-int
-main(int argc, char *argv[])
-{
-       if (argc < 2) {
-               fprintf(stderr, "Usage: %s {addr|net/mask|begin...end|-r}\n",
-                                                               argv[0]);
-               exit(2);
-       }
-
-       if (strcmp(argv[1], "-r") == 0) {
-               regress();
-               fprintf(stderr, "regress() returned?!?\n");
-               exit(1);
-       }
-       exit(0);
-}
-
-struct rtab {
-       char *input;
-        char  format;
-       char *output;                   /* NULL means error expected */
-} rtab[] = {
-       {"1.2.3.0",                     0, "1.2.3.0"},
-       {"1:2::3:4",                    0, "1:2::3:4"},
-       {"1:2::3:4",                   'Q', "1:2:0:0:0:0:3:4"},
-       {"1:2:0:0:3:4:0:0",             0, "1:2::3:4:0:0"},
-       {"1.2.3.4",                    'r' , "4.3.2.1.IN-ADDR.ARPA."},
-       /*                                    0 1 2 3 4 5 6 7 8 9 a b c d e f 0 1 2 3 4 5 6 7 8 9 a b c d e f */
-       {"1:2::3:4",                   'r', "4.0.0.0.3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.0.1.0.0.0.IP6.ARPA."},
-        {NULL,                         0, NULL}
-};
-
-void
-regress()
-{
-       struct rtab *r;
-       int status = 0;
-       ip_address a;
-       char in[100];
-       char buf[100];
-       const char *oops;
-       size_t n;
-
-       for (r = rtab; r->input != NULL; r++) {
-               strcpy(in, r->input);
-
-               /* convert it *to* internal format */
-               oops = ttoaddr(in, strlen(in), 0, &a);
-
-               /* now convert it back */
-
-               n = addrtot(&a, r->format, buf, sizeof(buf));
-
-               if (n == 0 && r->output == NULL)
-                       {}              /* okay, error expected */
-
-               else if (n == 0) {
-                       printf("`%s' atoasr failed\n", r->input);
-                       status = 1;
-
-               } else if (r->output == NULL) {
-                       printf("`%s' atoasr succeeded unexpectedly '%c'\n",
-                                                       r->input, r->format);
-                       status = 1;
-               } else {
-                 if (strcasecmp(r->output, buf) != 0) {
-                   printf("`%s' '%c' gave `%s', expected `%s'\n",
-                          r->input, r->format, buf, r->output);
-                   status = 1;
-                 }
-               }
-       }
-       exit(status);
-}
-
-#endif /* ADDRTOT_MAIN */
diff --git a/src/libfreeswan/addrtypeof.c b/src/libfreeswan/addrtypeof.c
deleted file mode 100644 (file)
index ee3cc99..0000000
+++ /dev/null
@@ -1,94 +0,0 @@
-/*
- * extract parts of an ip_address
- * Copyright (C) 2000  Henry Spencer.
- *
- * This library is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Library General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/lgpl.txt>.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Library General Public
- * License for more details.
- */
-#include <sys/socket.h>
-
-#include "internal.h"
-#include "freeswan.h"
-
-/*
- - addrtypeof - get the type of an ip_address
- */
-int
-addrtypeof(src)
-const ip_address *src;
-{
-       return src->u.v4.sin_family;
-}
-
-/*
- - addrbytesptr - get pointer to the address bytes of an ip_address
- */
-size_t                         /* 0 for error */
-addrbytesptr(src, dstp)
-const ip_address *src;
-const unsigned char **dstp;    /* NULL means just a size query */
-{
-       const unsigned char *p;
-       size_t n;
-
-       switch (src->u.v4.sin_family) {
-       case AF_INET:
-               p = (const unsigned char *)&src->u.v4.sin_addr.s_addr;
-               n = 4;
-               break;
-       case AF_INET6:
-               p = (const unsigned char *)&src->u.v6.sin6_addr;
-               n = 16;
-               break;
-       default:
-               return 0;
-               break;
-       }
-
-       if (dstp != NULL)
-               *dstp = p;
-       return n;
-}
-
-/*
- - addrlenof - get length of the address bytes of an ip_address
- */
-size_t                         /* 0 for error */
-addrlenof(src)
-const ip_address *src;
-{
-       return addrbytesptr(src, NULL);
-}
-
-/*
- - addrbytesof - get the address bytes of an ip_address
- */
-size_t                         /* 0 for error */
-addrbytesof(src, dst, dstlen)
-const ip_address *src;
-unsigned char *dst;
-size_t dstlen;
-{
-       const unsigned char *p;
-       size_t n;
-       size_t ncopy;
-
-       n = addrbytesptr(src, &p);
-       if (n == 0)
-               return 0;
-
-       if (dstlen > 0) {
-               ncopy = n;
-               if (ncopy > dstlen)
-                       ncopy = dstlen;
-               memcpy(dst, p, ncopy);
-       }
-       return n;
-}
diff --git a/src/libfreeswan/anyaddr.3 b/src/libfreeswan/anyaddr.3
deleted file mode 100644 (file)
index 58789cf..0000000
+++ /dev/null
@@ -1,86 +0,0 @@
-.TH IPSEC_ANYADDR 3 "8 Sept 2000"
-.SH NAME
-ipsec anyaddr \- get "any" address
-.br
-ipsec isanyaddr \- test address for equality to "any" address
-.br
-ipsec unspecaddr \- get "unspecified" address
-.br
-ipsec isunspecaddr \- test address for equality to "unspecified" address
-.br
-ipsec loopbackaddr \- get loopback address
-.br
-ipsec isloopbackaddr \- test address for equality to loopback address
-.SH SYNOPSIS
-.B "#include <freeswan.h>
-.sp
-.B "const char *anyaddr(int af, ip_address *dst);"
-.br
-.B "int isanyaddr(const ip_address *src);"
-.br
-.B "const char *unspecaddr(int af, ip_address *dst);"
-.br
-.B "int isunspecaddr(const ip_address *src);"
-.br
-.B "const char *loopbackaddr(int af, ip_address *dst);"
-.br
-.B "int isloopbackaddr(const ip_address *src);"
-.SH DESCRIPTION
-These functions fill in, and test for, special values of the
-.I ip_address
-type.
-.PP
-.I Anyaddr
-fills in the destination
-.I *dst
-with the ``any'' address of address family
-.IR af
-(normally
-.B AF_INET
-or
-.BR AF_INET6 ).
-The IPv4 ``any'' address is the one embodied in the old
-.B INADDR_ANY
-macro.
-.PP
-.I Isanyaddr
-returns
-.B 1
-if the
-.I src
-address equals the ``any'' address,
-and
-.B 0
-otherwise.
-.PP
-Similarly,
-.I unspecaddr
-supplies, and
-.I isunspecaddr
-tests for,
-the ``unspecified'' address,
-which may be the same as the ``any'' address.
-.PP
-Similarly,
-.I loopbackaddr
-supplies, and
-.I islookbackaddr
-tests for,
-the loopback address.
-.PP
-.IR Anyaddr ,
-.IR unspecaddr ,
-and
-.I loopbackaddr
-return
-.B NULL
-for success and
-a pointer to a string-literal error message for failure;
-see DIAGNOSTICS.
-.SH SEE ALSO
-inet(3), ipsec_addrtot(3), ipsec_sameaddr(3)
-.SH DIAGNOSTICS
-Fatal errors in the address-supplying functions are:
-unknown address family.
-.SH HISTORY
-Written for the FreeS/WAN project by Henry Spencer.
diff --git a/src/libfreeswan/anyaddr.c b/src/libfreeswan/anyaddr.c
deleted file mode 100644 (file)
index 5b7691b..0000000
+++ /dev/null
@@ -1,147 +0,0 @@
-/*
- * special addresses
- * Copyright (C) 2000  Henry Spencer.
- *
- * This library is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Library General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/lgpl.txt>.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Library General Public
- * License for more details.
- */
-#include <sys/socket.h>
-
-#include "internal.h"
-#include "freeswan.h"
-
-/* OpenSolaris defines strange versions of these macros */
-#ifdef __sun
-#undef IN6ADDR_ANY_INIT
-#define        IN6ADDR_ANY_INIT                {{{ 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 }}}
-
-#undef IN6ADDR_LOOPBACK_INIT
-#define        IN6ADDR_LOOPBACK_INIT   {{{ 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1 }}}
-#endif
-
-static struct in6_addr v6any = IN6ADDR_ANY_INIT;
-static struct in6_addr v6loop = IN6ADDR_LOOPBACK_INIT;
-
-/*
- - anyaddr - initialize to the any-address value
- */
-err_t                          /* NULL for success, else string literal */
-anyaddr(af, dst)
-int af;                                /* address family */
-ip_address *dst;
-{
-       uint32_t v4any = htonl(INADDR_ANY);
-
-       switch (af) {
-       case AF_INET:
-               return initaddr((unsigned char *)&v4any, sizeof(v4any), af, dst);
-               break;
-       case AF_INET6:
-               return initaddr((unsigned char *)&v6any, sizeof(v6any), af, dst);
-               break;
-       default:
-               return "unknown address family in anyaddr/unspecaddr";
-               break;
-       }
-}
-
-/*
- - unspecaddr - initialize to the unspecified-address value
- */
-err_t                          /* NULL for success, else string literal */
-unspecaddr(af, dst)
-int af;                                /* address family */
-ip_address *dst;
-{
-       return anyaddr(af, dst);
-}
-
-/*
- - loopbackaddr - initialize to the loopback-address value
- */
-err_t                          /* NULL for success, else string literal */
-loopbackaddr(af, dst)
-int af;                                /* address family */
-ip_address *dst;
-{
-       uint32_t v4loop = htonl(INADDR_LOOPBACK);
-
-       switch (af) {
-       case AF_INET:
-               return initaddr((unsigned char *)&v4loop, sizeof(v4loop), af, dst);
-               break;
-       case AF_INET6:
-               return initaddr((unsigned char *)&v6loop, sizeof(v6loop), af, dst);
-               break;
-       default:
-               return "unknown address family in loopbackaddr";
-               break;
-       }
-}
-
-/*
- - isanyaddr - test for the any-address value
- */
-int
-isanyaddr(src)
-const ip_address *src;
-{
-       uint32_t v4any = htonl(INADDR_ANY);
-       int cmp;
-
-       switch (src->u.v4.sin_family) {
-       case AF_INET:
-               cmp = memcmp(&src->u.v4.sin_addr.s_addr, &v4any, sizeof(v4any));
-               break;
-       case AF_INET6:
-               cmp = memcmp(&src->u.v6.sin6_addr, &v6any, sizeof(v6any));
-               break;
-       default:
-               return 0;
-               break;
-       }
-
-       return (cmp == 0) ? 1 : 0;
-}
-
-/*
- - isunspecaddr - test for the unspecified-address value
- */
-int
-isunspecaddr(src)
-const ip_address *src;
-{
-       return isanyaddr(src);
-}
-
-/*
- - isloopbackaddr - test for the loopback-address value
- */
-int
-isloopbackaddr(src)
-const ip_address *src;
-{
-       uint32_t v4loop = htonl(INADDR_LOOPBACK);
-       int cmp;
-
-       switch (src->u.v4.sin_family) {
-       case AF_INET:
-               cmp = memcmp(&src->u.v4.sin_addr.s_addr, &v4loop, sizeof(v4loop));
-               break;
-       case AF_INET6:
-               cmp = memcmp(&src->u.v6.sin6_addr, &v6loop, sizeof(v6loop));
-               break;
-       default:
-               return 0;
-               break;
-       }
-
-       return (cmp == 0) ? 1 : 0;
-}
diff --git a/src/libfreeswan/atoaddr.3 b/src/libfreeswan/atoaddr.3
deleted file mode 100644 (file)
index 10da269..0000000
+++ /dev/null
@@ -1,291 +0,0 @@
-.TH IPSEC_ATOADDR 3 "11 June 2001"
-.SH NAME
-ipsec atoaddr, addrtoa \- convert Internet addresses to and from ASCII
-.br
-ipsec atosubnet, subnettoa \- convert subnet/mask ASCII form to and from addresses
-.SH SYNOPSIS
-.B "#include <freeswan.h>
-.sp
-.B "const char *atoaddr(const char *src, size_t srclen,"
-.ti +1c
-.B "struct in_addr *addr);"
-.br
-.B "size_t addrtoa(struct in_addr addr, int format,"
-.ti +1c
-.B "char *dst, size_t dstlen);"
-.sp
-.B "const char *atosubnet(const char *src, size_t srclen,"
-.ti +1c
-.B "struct in_addr *addr, struct in_addr *mask);"
-.br
-.B "size_t subnettoa(struct in_addr addr, struct in_addr mask,"
-.ti +1c
-.B "int format, char *dst, size_t dstlen);"
-.SH DESCRIPTION
-These functions are obsolete; see
-.IR ipsec_ttoaddr (3)
-for their replacements.
-.PP
-.I Atoaddr
-converts an ASCII name or dotted-decimal address into a binary address
-(in network byte order).
-.I Addrtoa
-does the reverse conversion, back to an ASCII dotted-decimal address.
-.I Atosubnet
-and
-.I subnettoa
-do likewise for the ``address/mask'' ASCII form used to write a
-specification of a subnet.
-.PP
-An address is specified in ASCII as a
-dotted-decimal address (e.g.
-.BR 1.2.3.4 ),
-an eight-digit network-order hexadecimal number with the usual C prefix (e.g.
-.BR 0x01020304 ,
-which is synonymous with
-.BR 1.2.3.4 ),
-an eight-digit host-order hexadecimal number with a
-.B 0h
-prefix (e.g.
-.BR 0h01020304 ,
-which is synonymous with
-.B 1.2.3.4
-on a big-endian host and
-.B 4.3.2.1
-on a little-endian host),
-a DNS name to be looked up via
-.IR getaddrinfo (3),
-or an old-style network name to be looked up via
-.IR getnetbyname (3).
-.PP
-A dotted-decimal address may be incomplete, in which case
-ASCII-to-binary conversion implicitly appends
-as many instances of
-.B .0
-as necessary to bring it up to four components.
-The components of a dotted-decimal address are always taken as
-decimal, and leading zeros are ignored.
-For example,
-.B 10
-is synonymous with
-.BR 10.0.0.0 ,
-and
-.B 128.009.000.032
-is synonymous with
-.BR 128.9.0.32
-(the latter example is verbatim from RFC 1166).
-The result of
-.I addrtoa
-is always complete and does not contain leading zeros.
-.PP
-The letters in
-a hexadecimal address may be uppercase or lowercase or any mixture thereof.
-Use of hexadecimal addresses is
-.B strongly
-.BR discouraged ;
-they are included only to save hassles when dealing with
-the handful of perverted programs which already print 
-network addresses in hexadecimal.
-.PP
-DNS names may be complete (optionally terminated with a ``.'')
-or incomplete, and are looked up as specified by local system configuration
-(see
-.IR resolver (5)).
-The first value returned by
-.IR getaddrinfo (3)
-is used,
-so with current DNS implementations,
-the result when the name corresponds to more than one address is
-difficult to predict.
-Name lookup resorts to
-.IR getnetbyname (3)
-only if
-.IR getaddrinfo (3)
-fails.
-.PP
-A subnet specification is of the form \fInetwork\fB/\fImask\fR.
-The
-.I network
-and
-.I mask
-can be any form acceptable to
-.IR atoaddr .
-In addition, the
-.I mask
-can be a decimal integer (leading zeros ignored) giving a bit count,
-in which case
-it stands for a mask with that number of high bits on and all others off
-(e.g.,
-.B 24
-means
-.BR 255.255.255.0 ).
-In any case, the mask must be contiguous
-(a sequence of high bits on and all remaining low bits off).
-As a special case, the subnet specification
-.B %default
-is a synonym for
-.BR 0.0.0.0/0 .
-.PP
-.I Atosubnet
-ANDs the mask with the address before returning,
-so that any non-network bits in the address are turned off
-(e.g.,
-.B 10.1.2.3/24
-is synonymous with
-.BR 10.1.2.0/24 ).
-.I Subnettoa
-generates the decimal-integer-bit-count
-form of the mask,
-with no leading zeros,
-unless the mask is non-contiguous.
-.PP
-The
-.I srclen
-parameter of
-.I atoaddr
-and
-.I atosubnet
-specifies the length of the ASCII string pointed to by
-.IR src ;
-it is an error for there to be anything else
-(e.g., a terminating NUL) within that length.
-As a convenience for cases where an entire NUL-terminated string is
-to be converted,
-a
-.I srclen
-value of
-.B 0
-is taken to mean
-.BR strlen(src) .
-.PP
-The
-.I dstlen
-parameter of
-.I addrtoa
-and
-.I subnettoa
-specifies the size of the
-.I dst
-parameter;
-under no circumstances are more than
-.I dstlen
-bytes written to
-.IR dst .
-A result which will not fit is truncated.
-.I Dstlen
-can be zero, in which case
-.I dst
-need not be valid and no result is written,
-but the return value is unaffected;
-in all other cases, the (possibly truncated) result is NUL-terminated.
-The
-.I freeswan.h
-header file defines constants,
-.B ADDRTOA_BUF
-and
-.BR SUBNETTOA_BUF ,
-which are the sizes of buffers just large enough for worst-case results.
-.PP
-The
-.I format
-parameter of
-.I addrtoa
-and
-.I subnettoa
-specifies what format is to be used for the conversion.
-The value
-.B 0
-(not the ASCII character
-.BR '0' ,
-but a zero value)
-specifies a reasonable default,
-and is in fact the only format currently available.
-This parameter is a hedge against future needs.
-.PP
-The ASCII-to-binary functions return NULL for success and
-a pointer to a string-literal error message for failure;
-see DIAGNOSTICS.
-The binary-to-ASCII functions return
-.B 0
-for a failure, and otherwise
-always return the size of buffer which would 
-be needed to
-accommodate the full conversion result, including terminating NUL;
-it is the caller's responsibility to check this against the size of
-the provided buffer to determine whether truncation has occurred.
-.SH SEE ALSO
-inet(3)
-.SH DIAGNOSTICS
-Fatal errors in
-.I atoaddr
-are:
-empty input;
-attempt to allocate temporary storage for a very long name failed;
-name lookup failed;
-syntax error in dotted-decimal form;
-dotted-decimal component too large to fit in 8 bits.
-.PP
-Fatal errors in
-.I atosubnet
-are:
-no
-.B /
-in
-.IR src ;
-.I atoaddr
-error in conversion of
-.I network
-or
-.IR mask ;
-bit-count mask too big;
-mask non-contiguous.
-.PP
-Fatal errors in
-.I addrtoa
-and
-.I subnettoa
-are:
-unknown format.
-.SH HISTORY
-Written for the FreeS/WAN project by Henry Spencer.
-.SH BUGS
-The interpretation of incomplete dotted-decimal addresses
-(e.g.
-.B 10/24
-means
-.BR 10.0.0.0/24 )
-differs from that of some older conversion
-functions, e.g. those of
-.IR inet (3).
-The behavior of the older functions has never been
-particularly consistent or particularly useful.
-.PP
-Ignoring leading zeros in dotted-decimal components and bit counts
-is arguably the most useful behavior in this application,
-but it might occasionally cause confusion with the historical use of leading 
-zeros to denote octal numbers.
-.PP
-It is barely possible that somebody, somewhere,
-might have a legitimate use for non-contiguous subnet masks.
-.PP
-.IR Getnetbyname (3)
-is a historical dreg.
-.PP
-The restriction of ASCII-to-binary error reports to literal strings
-(so that callers don't need to worry about freeing them or copying them)
-does limit the precision of error reporting.
-.PP
-The ASCII-to-binary error-reporting convention lends itself
-to slightly obscure code,
-because many readers will not think of NULL as signifying success.
-A good way to make it clearer is to write something like:
-.PP
-.RS
-.nf
-.B "const char *error;"
-.sp
-.B "error = atoaddr( /* ... */ );"
-.B "if (error != NULL) {"
-.B "        /* something went wrong */"
-.fi
-.RE
diff --git a/src/libfreeswan/atoaddr.c b/src/libfreeswan/atoaddr.c
deleted file mode 100644 (file)
index a364380..0000000
+++ /dev/null
@@ -1,261 +0,0 @@
-/*
- * conversion from ASCII forms of addresses to internal ones
- * Copyright (C) 1998, 1999  Henry Spencer.
- *
- * This library is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Library General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/lgpl.txt>.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Library General Public
- * License for more details.
- */
-#include <sys/socket.h>
-
-#include "internal.h"
-#include "freeswan.h"
-
-/*
- * Define NOLEADINGZEROS to interpret 032 as an error, not as 32.  There
- * is deliberately no way to interpret it as 26 (i.e., as octal).
- */
-
-/*
- * Legal characters in a domain name.  Underscore technically is not,
- * but is a common misunderstanding.
- */
-static const char namechars[] = "abcdefghijklmnopqrstuvwxyz0123456789"
-                               "ABCDEFGHIJKLMNOPQRSTUVWXYZ-_.";
-
-static const char *try8hex(const char *, size_t, struct in_addr *);
-static const char *try8hosthex(const char *, size_t, struct in_addr *);
-static const char *trydotted(const char *, size_t, struct in_addr *);
-static const char *getbyte(const char **, const char *, int *);
-
-/*
- - atoaddr - convert ASCII name or dotted-decimal address to binary address
- */
-const char *                   /* NULL for success, else string literal */
-atoaddr(src, srclen, addrp)
-const char *src;
-size_t srclen;                 /* 0 means "apply strlen" */
-struct in_addr *addrp;
-{
-       struct addrinfo hints, *res;
-       struct netent *ne = NULL;
-       const char *oops, *msg = NULL;
-#      define  HEXLEN  10      /* strlen("0x11223344") */
-#      ifndef ATOADDRBUF
-#      define  ATOADDRBUF      100
-#      endif
-       char namebuf[ATOADDRBUF];
-       char *p = namebuf;
-       char *q;
-       int error;
-
-       if (srclen == 0)
-               srclen = strlen(src);
-       if (srclen == 0)
-               return "empty string";
-
-       /* might it be hex? */
-       if (srclen == HEXLEN && *src == '0' && CIEQ(*(src+1), 'x'))
-               return try8hex(src+2, srclen-2, addrp);
-       if (srclen == HEXLEN && *src == '0' && CIEQ(*(src+1), 'h'))
-               return try8hosthex(src+2, srclen-2, addrp);
-
-       /* try it as dotted decimal */
-       oops = trydotted(src, srclen, addrp);
-       if (oops == NULL)
-               return NULL;            /* it worked */
-       if (*oops != '?')
-               return oops;            /* it *was* probably meant as a d.q. */
-
-       /* try it as a name -- first, NUL-terminate it */
-       if (srclen > sizeof(namebuf)-1) {
-               p = (char *) MALLOC(srclen+1);
-               if (p == NULL)
-                       return "unable to allocate temporary space for name";
-       }
-       p[0] = '\0';
-       strncat(p, src, srclen);
-
-       /* next, check that it's a vaguely legal name */
-       for (q = p; *q != '\0'; q++)
-       {
-               if (!isprint(*q))
-               {
-                       msg = "unprintable character in name";
-                       goto error;
-               }
-       }
-       if (strspn(p, namechars) != srclen)
-       {
-               msg = "illegal (non-DNS-name) character in name";
-               goto error;
-       }
-
-       /* try as host name, failing that as /etc/networks network name */
-       memset(&hints, 0, sizeof(hints));
-       hints.ai_family = AF_INET;
-       error = getaddrinfo(p, NULL, &hints, &res);
-       if (error != 0)
-       {
-               ne = getnetbyname(p);
-               if (ne == NULL)
-               {
-                       msg = "name lookup failed";
-                       goto error;
-               }
-               addrp->s_addr = htonl(ne->n_net);
-       }
-       else
-       {
-               struct sockaddr_in *in = (struct sockaddr_in*)res->ai_addr;
-               memcpy(&addrp->s_addr, &in->sin_addr.s_addr, sizeof(addrp->s_addr));
-               freeaddrinfo(res);
-       }
-
-error:
-       if (p != namebuf)
-       {
-               FREE(p);
-       }
-
-       return msg;
-}
-
-/*
- - try8hosthex - try conversion as an eight-digit host-order hex number
- */
-const char *                   /* NULL for success, else string literal */
-try8hosthex(src, srclen, addrp)
-const char *src;
-size_t srclen;                 /* should be 8 */
-struct in_addr *addrp;
-{
-       const char *oops;
-       unsigned long addr;
-
-       if (srclen != 8)
-               return "internal error, try8hex called with bad length";
-
-       oops = atoul(src, srclen, 16, &addr);
-       if (oops != NULL)
-               return oops;
-
-       addrp->s_addr = addr;
-       return NULL;
-}
-
-/*
- - try8hex - try conversion as an eight-digit network-order hex number
- */
-const char *                   /* NULL for success, else string literal */
-try8hex(src, srclen, addrp)
-const char *src;
-size_t srclen;                 /* should be 8 */
-struct in_addr *addrp;
-{
-       const char *oops;
-
-       oops = try8hosthex(src, srclen, addrp);
-       if (oops != NULL)
-               return oops;
-
-       addrp->s_addr = htonl(addrp->s_addr);
-       return NULL;
-}
-
-/*
- - trydotted - try conversion as dotted decimal
- *
- * If the first char of a complaint is '?', that means "didn't look like
- * dotted decimal at all".
- */
-const char *                   /* NULL for success, else string literal */
-trydotted(src, srclen, addrp)
-const char *src;
-size_t srclen;
-struct in_addr *addrp;
-{
-       const char *stop = src + srclen;        /* just past end */
-       int byte;
-       const char *oops;
-       unsigned long addr;
-       int i;
-#      define  NBYTES  4
-#      define  BYTE    8
-
-       addr = 0;
-       for (i = 0; i < NBYTES && src < stop; i++) {
-               oops = getbyte(&src, stop, &byte);
-               if (oops != NULL) {
-                       if (*oops != '?')
-                               return oops;    /* bad number */
-                       if (i > 1)
-                               return oops+1;  /* failed number */
-                       return oops;            /* with leading '?' */
-               }
-               addr = (addr << BYTE) | byte;
-               if (i < 3 && src < stop && *src++ != '.') {
-                       if (i == 0)
-                               return "?syntax error in dotted-decimal address";
-                       else
-                               return "syntax error in dotted-decimal address";
-               }
-       }
-       addr <<= (NBYTES - i) * BYTE;
-       if (src != stop)
-               return "extra garbage on end of dotted-decimal address";
-
-       addrp->s_addr = htonl(addr);
-       return NULL;
-}
-
-/*
- - getbyte - try to scan a byte in dotted decimal
- * A subtlety here is that all this arithmetic on ASCII digits really is
- * highly portable -- ANSI C guarantees that digits 0-9 are contiguous.
- * It's easier to just do it ourselves than set up for a call to atoul().
- *
- * If the first char of a complaint is '?', that means "didn't look like a
- * number at all".
- */
-const char *                   /* NULL for success, else string literal */
-getbyte(srcp, stop, retp)
-const char **srcp;             /* *srcp is updated */
-const char *stop;              /* first untouchable char */
-int *retp;                     /* return-value pointer */
-{
-       char c;
-       const char *p;
-       int no;
-
-       if (*srcp >= stop)
-               return "?empty number in dotted-decimal address";
-
-       if (stop - *srcp >= 3 && **srcp == '0' && CIEQ(*(*srcp+1), 'x'))
-               return "hex numbers not supported in dotted-decimal addresses";
-#ifdef NOLEADINGZEROS
-       if (stop - *srcp >= 2 && **srcp == '0' && isdigit(*(*srcp+1)))
-               return "octal numbers not supported in dotted-decimal addresses";
-#endif /* NOLEADINGZEROS */
-
-       /* must be decimal, if it's numeric at all */
-       no = 0;
-       p = *srcp;
-       while (p < stop && no <= 255 && (c = *p) >= '0' && c <= '9') {
-               no = no*10 + (c - '0');
-               p++;
-       }
-       if (p == *srcp)
-               return "?non-numeric component in dotted-decimal address";
-       *srcp = p;
-       if (no > 255)
-               return "byte overflow in dotted-decimal address";
-       *retp = no;
-       return NULL;
-}
diff --git a/src/libfreeswan/atoasr.3 b/src/libfreeswan/atoasr.3
deleted file mode 100644 (file)
index 0b9a5fe..0000000
+++ /dev/null
@@ -1,185 +0,0 @@
-.TH IPSEC_ATOASR 3 "11 June 2001"
-.SH NAME
-ipsec atoasr \- convert ASCII to Internet address, subnet, or range
-.br
-ipsec rangetoa \- convert Internet address range to ASCII
-.SH SYNOPSIS
-.B "#include <freeswan.h>
-.sp
-.B "const char *atoasr(const char *src, size_t srclen,"
-.ti +1c
-.B "char *type, struct in_addr *addrs);"
-.br
-.B "size_t rangetoa(struct in_addr *addrs, int format,
-.ti +1c
-.B "char *dst, size_t dstlen);"
-.SH DESCRIPTION
-These functions are obsolete;
-there is no current equivalent,
-because so far they have not proved useful.
-.PP
-.I Atoasr
-converts an ASCII address, subnet, or address range
-into a suitable combination of binary addresses
-(in network byte order).
-.I Rangetoa
-converts an address range back into ASCII,
-using dotted-decimal form for the addresses
-(the other reverse conversions are handled by
-.IR ipsec_addrtoa (3)
-and
-.IR ipsec_subnettoa (3)).
-.PP
-A single address can be any form acceptable to
-.IR ipsec_atoaddr (3):
-dotted decimal, DNS name, or hexadecimal number.
-A subnet
-specification uses the form \fInetwork\fB/\fImask\fR
-interpreted by
-.IR ipsec_atosubnet (3).
-.PP
-An address range is two
-.IR ipsec_atoaddr (3)
-addresses separated by a
-.B ...
-delimiter.
-If there are four dots rather than three, the first is taken as
-part of the begin address,
-e.g. for a complete DNS name which ends with
-.B .
-to suppress completion attempts.
-The begin address of a range must be
-less than or equal to the end address.
-.PP
-The
-.I srclen
-parameter of
-.I atoasr
-specifies the length of the ASCII string pointed to by
-.IR src ;
-it is an error for there to be anything else
-(e.g., a terminating NUL) within that length.
-As a convenience for cases where an entire NUL-terminated string is
-to be converted,
-a
-.I srclen
-value of
-.B 0
-is taken to mean
-.BR strlen(src) .
-.PP
-The
-.I type
-parameter of
-.I atoasr
-must point to a
-.B char
-variable used to record which form was found.
-The
-.I addrs
-parameter must point to a two-element array of
-.B "struct in_addr"
-which receives the results.
-The values stored into
-.BR *type ,
-and the corresponding values in the array, are:
-.PP
-.ta 3c +2c +3c
-       *type   addrs[0]        addrs[1]
-.sp 0.8
-address        \&\fB'a'\fR     address -
-.br
-subnet \&\fB's'\fR     network mask
-.br
-range  \&\fB'r'\fR     begin   end
-.PP
-The
-.I dstlen
-parameter of
-.I rangetoa
-specifies the size of the
-.I dst
-parameter;
-under no circumstances are more than
-.I dstlen
-bytes written to
-.IR dst .
-A result which will not fit is truncated.
-.I Dstlen
-can be zero, in which case
-.I dst
-need not be valid and no result is written,
-but the return value is unaffected;
-in all other cases, the (possibly truncated) result is NUL-terminated.
-The
-.I freeswan.h
-header file defines a constant,
-.BR RANGETOA_BUF ,
-which is the size of a buffer just large enough for worst-case results.
-.PP
-The
-.I format
-parameter of
-.I rangetoa
-specifies what format is to be used for the conversion.
-The value
-.B 0
-(not the ASCII character
-.BR '0' ,
-but a zero value)
-specifies a reasonable default,
-and is in fact the only format currently available.
-This parameter is a hedge against future needs.
-.PP
-.I Atoasr
-returns NULL for success and
-a pointer to a string-literal error message for failure;
-see DIAGNOSTICS.
-.I Rangetoa
-returns
-.B 0
-for a failure, and otherwise
-always returns the size of buffer which would 
-be needed to
-accommodate the full conversion result, including terminating NUL;
-it is the caller's responsibility to check this against the size of
-the provided buffer to determine whether truncation has occurred.
-.SH SEE ALSO
-ipsec_atoaddr(3), ipsec_atosubnet(3)
-.SH DIAGNOSTICS
-Fatal errors in
-.I atoasr
-are:
-empty input;
-error in
-.IR ipsec_atoaddr (3)
-or
-.IR ipsec_atosubnet (3)
-during conversion;
-begin address of range exceeds end address.
-.PP
-Fatal errors in
-.I rangetoa
-are:
-unknown format.
-.SH HISTORY
-Written for the FreeS/WAN project by Henry Spencer.
-.SH BUGS
-The restriction of error reports to literal strings
-(so that callers don't need to worry about freeing them or copying them)
-does limit the precision of error reporting.
-.PP
-The error-reporting convention lends itself
-to slightly obscure code,
-because many readers will not think of NULL as signifying success.
-A good way to make it clearer is to write something like:
-.PP
-.RS
-.nf
-.B "const char *error;"
-.sp
-.B "error = atoasr( /* ... */ );"
-.B "if (error != NULL) {"
-.B "        /* something went wrong */"
-.fi
-.RE
diff --git a/src/libfreeswan/atoasr.c b/src/libfreeswan/atoasr.c
deleted file mode 100644 (file)
index ad62ef4..0000000
+++ /dev/null
@@ -1,210 +0,0 @@
-/*
- * convert from ASCII form of address/subnet/range to binary
- * Copyright (C) 1998, 1999  Henry Spencer.
- *
- * This library is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Library General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/lgpl.txt>.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Library General Public
- * License for more details.
- */
-#include "internal.h"
-#include "freeswan.h"
-
-/*
- - atoasr - convert ASCII to address, subnet, or range
- */
-const char *                   /* NULL for success, else string literal */
-atoasr(src, srclen, typep, addrsp)
-const char *src;
-size_t srclen;                 /* 0 means "apply strlen" */
-char *typep;                   /* return type code:  'a', 's', 'r' */
-struct in_addr addrsp[2];
-{
-       const char *punct;
-       const char *stop;
-       const char *oops;
-
-       if (srclen == 0)
-               srclen = strlen(src);
-       if (srclen == 0)
-               return "empty string";
-
-       /* subnet is easy to spot */
-       punct = memchr(src, '/', srclen);
-       if (punct != NULL) {
-               *typep = 's';
-               return atosubnet(src, srclen, &addrsp[0], &addrsp[1]);
-       }
-
-       /* try for a range */
-       stop = src + srclen;
-       for (punct = src; (punct = memchr(punct, '.', stop - punct)) != NULL;
-                                                                       punct++)
-               if (stop - punct > 3 && *(punct+1) == '.' && *(punct+2) == '.')
-                       break;                  /* NOTE BREAK OUT */
-       if (punct == NULL) {
-               /* didn't find the range delimiter, must be plain address */
-               *typep = 'a';
-               return atoaddr(src, srclen, &addrsp[0]);
-       }
-
-       /* looks like a range */
-       *typep = 'r';
-       if (stop - punct > 4 && *(punct+3) == '.')
-               punct++;                /* first dot is trailing dot of name */
-       oops = atoaddr(src, punct - src, &addrsp[0]);
-       if (oops != NULL)
-               return oops;
-       oops = atoaddr(punct+3, stop - (punct+3), &addrsp[1]);
-       if (oops != NULL)
-               return oops;
-       if (ntohl(addrsp[0].s_addr) > ntohl(addrsp[1].s_addr))
-               return "invalid range, begin > end";
-       return NULL;
-}
-
-
-
-#ifdef ATOASR_MAIN
-
-#include <stdio.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <arpa/inet.h>
-
-void regress(void);
-
-int
-main(int argc, char *argv[])
-{
-       struct in_addr a[2];
-       char buf[100];
-       const char *oops;
-       size_t n;
-       char type;
-
-       if (argc < 2) {
-               fprintf(stderr, "Usage: %s {addr|net/mask|begin...end|-r}\n",
-                                                               argv[0]);
-               exit(2);
-       }
-
-       if (strcmp(argv[1], "-r") == 0) {
-               regress();
-               fprintf(stderr, "regress() returned?!?\n");
-               exit(1);
-       }
-
-       oops = atoasr(argv[1], 0, &type, a);
-       if (oops != NULL) {
-               fprintf(stderr, "%s: conversion failed: %s\n", argv[0], oops);
-               exit(1);
-       }
-       switch (type) {
-       case 'a':
-               n = addrtoa(a[0], 0, buf, sizeof(buf));
-               break;
-       case 's':
-               n = subnettoa(a[0], a[1], 0, buf, sizeof(buf));
-               break;
-       case 'r':
-               n = rangetoa(a, 0, buf, sizeof(buf));
-               break;
-       default:
-               fprintf(stderr, "%s: unknown type '%c'\n", argv[0], type);
-               exit(1);
-               break;
-       }
-       if (n > sizeof(buf)) {
-               fprintf(stderr, "%s: reverse conversion of ", argv[0]);
-               fprintf(stderr, "%s ", inet_ntoa(a[0]));
-               fprintf(stderr, "%s", inet_ntoa(a[1]));
-               fprintf(stderr, " failed: need %ld bytes, have only %ld\n",
-                                               (long)n, (long)sizeof(buf));
-               exit(1);
-       }
-       printf("%s\n", buf);
-
-       exit(0);
-}
-
-struct rtab {
-       char *input;
-       char *output;                   /* NULL means error expected */
-} rtab[] = {
-       {"1.2.3.0",                     "1.2.3.0"},
-       {"1.2.3.0/255.255.255.0",       "1.2.3.0/24"},
-       {"1.2.3.0...1.2.3.5",           "1.2.3.0...1.2.3.5"},
-       {"1.2.3.4.5",                   NULL},
-       {"1.2.3.4/",                    NULL},
-       {"1.2.3.4...",                  NULL},
-       {"1.2.3.4....",                 NULL},
-       {"localhost/32",                        "127.0.0.1/32"},
-       {"localhost...127.0.0.3",       "127.0.0.1...127.0.0.3"},
-       {"127.0.0.0...localhost",       "127.0.0.0...127.0.0.1"},
-       {"127.0.0.3...localhost",       NULL},
-       {NULL,                          NULL}
-};
-
-void
-regress(void)
-{
-       struct rtab *r;
-       int status = 0;
-       struct in_addr a[2];
-       char in[100];
-       char buf[100];
-       const char *oops;
-       size_t n;
-       char type;
-
-       for (r = rtab; r->input != NULL; r++) {
-               strcpy(in, r->input);
-               oops = atoasr(in, 0, &type, a);
-               if (oops != NULL && r->output == NULL)
-                       {}              /* okay, error expected */
-               else if (oops != NULL) {
-                       printf("`%s' atoasr failed: %s\n", r->input, oops);
-                       status = 1;
-               } else if (r->output == NULL) {
-                       printf("`%s' atoasr succeeded unexpectedly '%c'\n",
-                                                       r->input, type);
-                       status = 1;
-               } else {
-                       switch (type) {
-                       case 'a':
-                               n = addrtoa(a[0], 0, buf, sizeof(buf));
-                               break;
-                       case 's':
-                               n = subnettoa(a[0], a[1], 0, buf, sizeof(buf));
-                               break;
-                       case 'r':
-                               n = rangetoa(a, 0, buf, sizeof(buf));
-                               break;
-                       default:
-                               fprintf(stderr, "`%s' unknown type '%c'\n",
-                                                       r->input, type);
-                               n = 0;
-                               status = 1;
-                               break;
-                       }
-                       if (n > sizeof(buf)) {
-                               printf("`%s' '%c' reverse failed:  need %ld\n",
-                                               r->input, type, (long)n);
-                               status = 1;
-                       } else if (n > 0 && strcmp(r->output, buf) != 0) {
-                               printf("`%s' '%c' gave `%s', expected `%s'\n",
-                                       r->input, type, buf, r->output);
-                               status = 1;
-                       }
-               }
-       }
-       exit(status);
-}
-
-#endif /* ATOASR_MAIN */
diff --git a/src/libfreeswan/atosubnet.c b/src/libfreeswan/atosubnet.c
deleted file mode 100644 (file)
index 8b2bfa1..0000000
+++ /dev/null
@@ -1,214 +0,0 @@
-/*
- * convert from ASCII form of subnet specification to binary
- * Copyright (C) 1998, 1999  Henry Spencer.
- *
- * This library is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Library General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/lgpl.txt>.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Library General Public
- * License for more details.
- */
-#include "internal.h"
-#include "freeswan.h"
-
-#ifndef DEFAULTSUBNET
-#define        DEFAULTSUBNET   "%default"
-#endif
-
-/*
- - atosubnet - convert ASCII "addr/mask" to address and mask
- * Mask can be integer bit count.
- */
-const char *                   /* NULL for success, else string literal */
-atosubnet(src, srclen, addrp, maskp)
-const char *src;
-size_t srclen;                 /* 0 means "apply strlen" */
-struct in_addr *addrp;
-struct in_addr *maskp;
-{
-       const char *slash;
-       const char *mask;
-       size_t mlen;
-       const char *oops;
-       unsigned long bc;
-       static char def[] = DEFAULTSUBNET;
-#      define  DEFLEN  (sizeof(def) - 1)       /* -1 for NUL */
-       static char defis[] = "0/0";
-#      define  DEFILEN (sizeof(defis) - 1)
-
-       if (srclen == 0)
-               srclen = strlen(src);
-       if (srclen == 0)
-               return "empty string";
-
-       if (srclen == DEFLEN && strncmp(src, def, srclen) == 0) {
-               src = defis;
-               srclen = DEFILEN;
-       }
-
-       slash = memchr(src, '/', srclen);
-       if (slash == NULL)
-               return "no / in subnet specification";
-       mask = slash + 1;
-       mlen = srclen - (mask - src);
-
-       oops = atoaddr(src, slash-src, addrp);
-       if (oops != NULL)
-               return oops;
-
-       oops = atoul(mask, mlen, 10, &bc);
-       if (oops == NULL) {
-               /* atoul succeeded, it's a bit-count mask */
-               if (bc > ABITS)
-                       return "bit-count mask too large";
-#ifdef NOLEADINGZEROS
-               if (mlen > 1 && *mask == '0')
-                       return "octal not allowed in mask";
-#endif /* NOLEADINGZEROS */
-               *maskp = bitstomask((int)bc);
-       } else {
-               oops = atoaddr(mask, mlen, maskp);
-               if (oops != NULL)
-                       return oops;
-               if (!goodmask(*maskp))
-                       return "non-contiguous mask";
-       }
-
-       addrp->s_addr &= maskp->s_addr;
-       return NULL;
-}
-
-
-
-#ifdef ATOSUBNET_MAIN
-
-#include <stdio.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <arpa/inet.h>
-
-void regress(void);
-
-int
-main(int argc, char *argv[])
-{
-       struct in_addr a;
-       struct in_addr m;
-       char buf[100];
-       const char *oops;
-       size_t n;
-
-       if (argc < 2) {
-               fprintf(stderr, "Usage: %s {addr/mask|-r}\n", argv[0]);
-               exit(2);
-       }
-
-       if (strcmp(argv[1], "-r") == 0) {
-               regress();
-               fprintf(stderr, "regress() returned?!?\n");
-               exit(1);
-       }
-
-       oops = atosubnet(argv[1], 0, &a, &m);
-       if (oops != NULL) {
-               fprintf(stderr, "%s: conversion failed: %s\n", argv[0], oops);
-               exit(1);
-       }
-       n = subnettoa(a, m, 0, buf, sizeof(buf));
-       if (n > sizeof(buf)) {
-               fprintf(stderr, "%s: reverse conversion of ", argv[0]);
-               fprintf(stderr, "%s/", inet_ntoa(a));
-               fprintf(stderr, "%s", inet_ntoa(m));
-               fprintf(stderr, " failed: need %ld bytes, have only %ld\n",
-                                               (long)n, (long)sizeof(buf));
-               exit(1);
-       }
-       printf("%s\n", buf);
-
-       exit(0);
-}
-
-struct rtab {
-       char *input;
-       char *output;                   /* NULL means error expected */
-} rtab[] = {
-       {"1.2.3.0/255.255.255.0",       "1.2.3.0/24"},
-       {"1.2.3.0/24",                  "1.2.3.0/24"},
-       {"1.2.3.1/255.255.255.240",     "1.2.3.0/28"},
-       {"1.2.3.1/32",                  "1.2.3.1/32"},
-       {"1.2.3.1/0",                   "0.0.0.0/0"},
-/*     "1.2.3.1/255.255.127.0",        "1.2.3.0/255.255.127.0",        */
-       {"1.2.3.1/255.255.127.0",       NULL},
-       {"128.009.000.032/32",          "128.9.0.32/32"},
-       {"128.0x9.0.32/32",             NULL},
-       {"0x80090020/32",               "128.9.0.32/32"},
-       {"0x800x0020/32",               NULL},
-       {"128.9.0.32/0xffFF0000",       "128.9.0.0/16"},
-       {"128.9.0.32/0xff0000FF",       NULL},
-       {"128.9.0.32/0x0000ffFF",       NULL},
-       {"128.9.0.32/0x00ffFF0000",     NULL},
-       {"128.9.0.32/0xffFF",           NULL},
-       {"128.9.0.32.27/32",            NULL},
-       {"128.9.0k32/32",               NULL},
-       {"328.9.0.32/32",               NULL},
-       {"128.9..32/32",                NULL},
-       {"10/8",                        "10.0.0.0/8"},
-       {"10.0/8",                      "10.0.0.0/8"},
-       {"10.0.0/8",                    "10.0.0.0/8"},
-       {"10.0.1/24",                   "10.0.1.0/24"},
-       {"_",                           NULL},
-       {"_/_",                         NULL},
-       {"1.2.3.1",                     NULL},
-       {"1.2.3.1/_",                   NULL},
-       {"1.2.3.1/24._",                NULL},
-       {"1.2.3.1/99",                  NULL},
-       {"localhost/32",                "127.0.0.1/32"},
-       {"%default",                    "0.0.0.0/0"},
-       {NULL,                          NULL}
-};
-
-void
-regress()
-{
-       struct rtab *r;
-       int status = 0;
-       struct in_addr a;
-       struct in_addr m;
-       char in[100];
-       char buf[100];
-       const char *oops;
-       size_t n;
-
-       for (r = rtab; r->input != NULL; r++) {
-               strcpy(in, r->input);
-               oops = atosubnet(in, 0, &a, &m);
-               if (oops != NULL && r->output == NULL)
-                       {}              /* okay, error expected */
-               else if (oops != NULL) {
-                       printf("`%s' atosubnet failed: %s\n", r->input, oops);
-                       status = 1;
-               } else if (r->output == NULL) {
-                       printf("`%s' atosubnet succeeded unexpectedly\n",
-                                                               r->input);
-                       status = 1;
-               } else {
-                       n = subnettoa(a, m, 0, buf, sizeof(buf));
-                       if (n > sizeof(buf)) {
-                               printf("`%s' subnettoa failed:  need %ld\n",
-                                                       r->input, (long)n);
-                               status = 1;
-                       } else if (strcmp(r->output, buf) != 0) {
-                               printf("`%s' gave `%s', expected `%s'\n",
-                                               r->input, buf, r->output);
-                               status = 1;
-                       }
-               }
-       }
-       exit(status);
-}
-
-#endif /* ATOSUBNET_MAIN */
diff --git a/src/libfreeswan/atoul.3 b/src/libfreeswan/atoul.3
deleted file mode 100644 (file)
index 6737b6b..0000000
+++ /dev/null
@@ -1,160 +0,0 @@
-.TH IPSEC_ATOUL 3 "11 June 2001"
-.SH NAME
-ipsec atoul, ultoa \- convert unsigned-long numbers to and from ASCII
-.SH SYNOPSIS
-.B "#include <freeswan.h>
-.sp
-.B "const char *atoul(const char *src, size_t srclen,"
-.ti +1c
-.B "int base, unsigned long *n);"
-.br
-.B "size_t ultoa(unsigned long n, int base, char *dst,"
-.ti +1c
-.B "size_t dstlen);"
-.SH DESCRIPTION
-These functions are obsolete; see
-.IR ipsec_ttoul (3)
-for their replacements.
-.PP
-.I Atoul
-converts an ASCII number into a binary
-.B "unsigned long"
-value.
-.I Ultoa
-does the reverse conversion, back to an ASCII version.
-.PP
-Numbers are specified in ASCII as
-decimal (e.g.
-.BR 123 ),
-octal with a leading zero (e.g.
-.BR 012 ,
-which has value 10),
-or hexadecimal with a leading
-.B 0x
-(e.g.
-.BR 0x1f ,
-which has value 31)
-in either upper or lower case.
-.PP
-The
-.I srclen
-parameter of
-.I atoul
-specifies the length of the ASCII string pointed to by
-.IR src ;
-it is an error for there to be anything else
-(e.g., a terminating NUL) within that length.
-As a convenience for cases where an entire NUL-terminated string is
-to be converted,
-a
-.I srclen
-value of
-.B 0
-is taken to mean
-.BR strlen(src) .
-.PP
-The
-.I base
-parameter of
-.I atoul
-can be
-.BR 8 ,
-.BR 10 ,
-or
-.BR 16 ,
-in which case the number supplied is assumed to be of that form
-(and in the case of
-.BR 16 ,
-to lack any
-.B 0x
-prefix).
-It can also be
-.BR 0 ,
-in which case the number is examined for a leading zero
-or a leading
-.B 0x
-to determine its base,
-or
-.B 13
-(halfway between 10 and 16),
-which has the same effect as
-.B 0
-except that a non-hexadecimal
-number is considered decimal regardless of any leading zero.
-.PP
-The
-.I dstlen
-parameter of
-.I ultoa
-specifies the size of the
-.I dst
-parameter;
-under no circumstances are more than
-.I dstlen
-bytes written to
-.IR dst .
-A result which will not fit is truncated.
-.I Dstlen
-can be zero, in which case
-.I dst
-need not be valid and no result is written,
-but the return value is unaffected;
-in all other cases, the (possibly truncated) result is NUL-terminated.
-.PP
-The
-.I base
-parameter of
-.I ultoa
-must be
-.BR 8 ,
-.BR 10 ,
-or
-.BR 16 .
-.PP
-.I Atoul
-returns NULL for success and
-a pointer to a string-literal error message for failure;
-see DIAGNOSTICS.
-.I Ultoa
-returns the size of buffer which would 
-be needed to
-accommodate the full conversion result, including terminating NUL;
-it is the caller's responsibility to check this against the size of
-the provided buffer to determine whether truncation has occurred.
-.SH SEE ALSO
-atol(3), strtoul(3)
-.SH DIAGNOSTICS
-Fatal errors in
-.I atoul
-are:
-empty input;
-unknown
-.IR base ;
-non-digit character found;
-number too large for an
-.BR "unsigned long" .
-.SH HISTORY
-Written for the FreeS/WAN project by Henry Spencer.
-.SH BUGS
-There is no provision for reporting an invalid
-.I base
-parameter given to
-.IR ultoa .
-.PP
-The restriction of error reports to literal strings
-(so that callers don't need to worry about freeing them or copying them)
-does limit the precision of error reporting.
-.PP
-The error-reporting convention lends itself to slightly obscure code,
-because many readers will not think of NULL as signifying success.
-A good way to make it clearer is to write something like:
-.PP
-.RS
-.nf
-.B "const char *error;"
-.sp
-.B "error = atoul( /* ... */ );"
-.B "if (error != NULL) {"
-.B "        /* something went wrong */"
-.fi
-.RE
diff --git a/src/libfreeswan/atoul.c b/src/libfreeswan/atoul.c
deleted file mode 100644 (file)
index d8e1528..0000000
+++ /dev/null
@@ -1,88 +0,0 @@
-/*
- * convert from ASCII form of unsigned long to binary
- * Copyright (C) 1998, 1999  Henry Spencer.
- *
- * This library is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Library General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/lgpl.txt>.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Library General Public
- * License for more details.
- */
-#include "internal.h"
-#include "freeswan.h"
-
-/*
- - atoul - convert ASCII substring to unsigned long number
- */
-const char *                   /* NULL for success, else string literal */
-atoul(src, srclen, base, resultp)
-const char *src;
-size_t srclen;                 /* 0 means strlen(src) */
-int base;                      /* 0 means figure it out */
-unsigned long *resultp;
-{
-       const char *stop;
-       static char hex[] = "0123456789abcdef";
-       static char uchex[] = "0123456789ABCDEF";
-       int d;
-       char c;
-       char *p;
-       unsigned long r;
-       unsigned long rlimit;
-       int dlimit;
-
-       if (srclen == 0)
-               srclen = strlen(src);
-       if (srclen == 0)
-               return "empty string";
-
-       if (base == 0 || base == 13) {
-               if (srclen > 2 && *src == '0' && CIEQ(*(src+1), 'x'))
-                       return atoul(src+2, srclen-2, 16, resultp);
-               if (srclen > 1 && *src == '0' && base != 13)
-                       return atoul(src+1, srclen-1, 8, resultp);
-               return atoul(src, srclen, 10, resultp);
-       }
-       if (base != 8 && base != 10 && base != 16)
-               return "unsupported number base";
-
-       r = 0;
-       stop = src + srclen;
-       if (base == 16) {
-               while (src < stop) {
-                       c = *src++;
-                       p = strchr(hex, c);
-                       if (p != NULL)
-                               d = p - hex;
-                       else {
-                               p = strchr(uchex, c);
-                               if (p == NULL)
-                                       return "non-hex-digit in hex number";
-                               d = p - uchex;
-                       }
-                       r = (r << 4) | d;
-               }
-               /* defer length check to catch invalid digits first */
-               if (srclen > sizeof(unsigned long) * 2)
-                       return "hex number too long";
-       } else {
-               rlimit = ULONG_MAX / base;
-               dlimit = (int)(ULONG_MAX - rlimit*base);
-               while (src < stop) {
-                       c = *src++;
-                       d = c - '0';
-                       if (d < 0 || d >= base)
-                               return "non-digit in number";
-                       if (r > rlimit || (r == rlimit && d > dlimit))
-                               return "unsigned-long overflow";
-                       r = r*base + d;
-               }
-       }
-
-       *resultp = r;
-       return NULL;
-}
diff --git a/src/libfreeswan/copyright.c b/src/libfreeswan/copyright.c
deleted file mode 100644 (file)
index e55e849..0000000
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * return IPsec copyright notice
- * Copyright (C) 2001, 2002  Henry Spencer.
- *
- * This library is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Library General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/lgpl.txt>.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Library General Public
- * License for more details.
- */
-#include "internal.h"
-#include "freeswan.h"
-
-static const char *co[] = {
- "Copyright (C) 1999-2009  Henry Spencer, Richard Guy Briggs,",
- "    D. Hugh Redelmeier, Sandy Harris, Claudia Schmeing,",
- "    Michael Richardson, Angelos D. Keromytis, John Ioannidis,",
- "",
- "    Ken Bantoft, Stephen J. Bevan, JuanJo Ciarlante, Mathieu Lafon,",
- "    Stephane Laroche, Kai Martius, Stephan Scholz, Tuomo Soini, Herbert Xu,",
- "",
- "    Martin Berner, Marco Bertossa, David Buechi, Ueli Galizzi,",
- "    Christoph Gysin, Andreas Hess, Patric Lichtsteiner, Michael Meier,",
- "    Andreas Schleiss, Ariane Seiler, Mario Strasser, Lukas Suter,",
- "    Roger Wegmann, Simon Zwahlen,",
- "    ZHW Zuercher Hochschule Winterthur (Switzerland).",
- "",
- "    Philip Boetschi, Tobias Brunner, Sansar Choinyambuu, Adrian Doerig,",
- "    Andreas Eigenmann, Fabian Hartmann, Noah Heusser, Jan Hutter,",
- "    Thomas Kallenberg, Daniel Roethlisberger, Joel Stillhart, Martin Willi,",
- "    Daniel Wydler, Andreas Steffen,",
- "    HSR Hochschule fuer Technik Rapperswil (Switzerland).",
- "",
- "This program is free software; you can redistribute it and/or modify it",
- "under the terms of the GNU General Public License as published by the",
- "Free Software Foundation; either version 2 of the License, or (at your",
- "option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.",
- "",
- "This program is distributed in the hope that it will be useful, but",
- "WITHOUT ANY WARRANTY; without even the implied warranty of",
- "MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General",
- "Public License (file COPYING in the distribution) for more details.",
- NULL
-};
-
-/*
- - ipsec_copyright_notice - return copyright notice, as a vector of strings
- */
-const char **
-ipsec_copyright_notice()
-{
-       return co;
-}
diff --git a/src/libfreeswan/datatot.c b/src/libfreeswan/datatot.c
deleted file mode 100644 (file)
index e3b9d64..0000000
+++ /dev/null
@@ -1,230 +0,0 @@
-/*
- * convert from binary data (e.g. key) to text form
- * Copyright (C) 2000  Henry Spencer.
- *
- * This library is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Library General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/lgpl.txt>.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Library General Public
- * License for more details.
- */
-#include "internal.h"
-#include "freeswan.h"
-
-static void convert(const char *src, size_t nreal, int format, char *out);
-
-/*
- - datatot - convert data bytes to text
- */
-size_t                         /* true length (with NUL) for success */
-datatot(src, srclen, format, dst, dstlen)
-const char *src;
-size_t srclen;
-int format;                    /* character indicating what format */
-char *dst;                     /* need not be valid if dstlen is 0 */
-size_t dstlen;
-{
-       size_t inblocksize;     /* process this many bytes at a time */
-       size_t outblocksize;    /* producing this many */
-       size_t breakevery;      /* add a _ every this many (0 means don't) */
-       size_t sincebreak;      /* output bytes since last _ */
-       char breakchar;         /* character used to break between groups */
-       char inblock[10];       /* enough for any format */
-       char outblock[10];      /* enough for any format */
-       char fake[1];           /* fake output area for dstlen == 0 */
-       size_t needed;          /* return value */
-       char *stop;             /* where the terminating NUL will go */
-       size_t ntodo;           /* remaining input */
-       size_t nreal;
-       char *out;
-       char *prefix;
-
-       breakevery = 0;
-       breakchar = '_';
-
-       switch (format) {
-       case 0:
-       case 'h':
-               format = 'x';
-               breakevery = 8;
-               /* FALLTHROUGH */
-       case 'x':
-               inblocksize = 1;
-               outblocksize = 2;
-               prefix = "0x";
-               break;
-       case ':':
-               breakevery = 2;
-               breakchar = ':';
-               /* FALLTHROUGH */
-       case 16:
-               inblocksize = 1;
-               outblocksize = 2;
-               prefix = "";
-               format = 'x';
-               break;
-       case 's':
-               inblocksize = 3;
-               outblocksize = 4;
-               prefix = "0s";
-               break;
-       case 64:                /* beware, equals ' ' */
-               inblocksize = 3;
-               outblocksize = 4;
-               prefix = "";
-               format = 's';
-               break;
-       default:
-               return 0;
-               break;
-       }
-       assert(inblocksize < sizeof(inblock));
-       assert(outblocksize < sizeof(outblock));
-       assert(breakevery % outblocksize == 0);
-
-       if (srclen == 0)
-               return 0;
-       ntodo = srclen;
-
-       if (dstlen == 0) {      /* dispose of awkward special case */
-               dst = fake;
-               dstlen = 1;
-       }
-       stop = dst + dstlen - 1;
-
-       nreal = strlen(prefix);
-       needed = nreal;                 /* for starters */
-       if (dstlen <= nreal) {          /* prefix won't fit */
-               strncpy(dst, prefix, dstlen - 1);
-               dst += dstlen - 1;
-       } else {
-               strcpy(dst, prefix);
-               dst += nreal;
-       }
-       assert(dst <= stop);
-       sincebreak = 0;
-
-       while (ntodo > 0) {
-               if (ntodo < inblocksize) {      /* incomplete input */
-                       memset(inblock, 0, sizeof(inblock));
-                       memcpy(inblock, src, ntodo);
-                       src = inblock;
-                       nreal = ntodo;
-                       ntodo = inblocksize;
-               } else
-                       nreal = inblocksize;
-               out = (outblocksize > stop - dst) ? outblock : dst;
-
-               convert(src, nreal, format, out);
-               needed += outblocksize;
-               sincebreak += outblocksize;
-               if (dst < stop) {
-                       if (out != dst) {
-                               assert(outblocksize > stop - dst);
-                               memcpy(dst, out, stop - dst);
-                               dst = stop;
-                       } else
-                               dst += outblocksize;
-               }
-
-               src += inblocksize;
-               ntodo -= inblocksize;
-               if (breakevery != 0 && sincebreak >= breakevery && ntodo > 0) {
-                       if (dst < stop)
-                               *dst++ = breakchar;
-                       needed++;
-                       sincebreak = 0;
-               }
-       }
-
-       assert(dst <= stop);
-       *dst++ = '\0';
-       needed++;
-
-       return needed;
-}
-
-/*
- - convert - convert one input block to one output block
- */
-static void
-convert(src, nreal, format, out)
-const char *src;
-size_t nreal;                  /* how much of the input block is real */
-int format;
-char *out;
-{
-       static char hex[] = "0123456789abcdef";
-       static char base64[] =  "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
-                               "abcdefghijklmnopqrstuvwxyz"
-                               "0123456789+/";
-       unsigned char c;
-       unsigned char c1, c2, c3;
-
-       assert(nreal > 0);
-       switch (format) {
-       case 'x':
-               assert(nreal == 1);
-               c = (unsigned char)*src;
-               *out++ = hex[c >> 4];
-               *out++ = hex[c & 0xf];
-               break;
-       case 's':
-               c1 = (unsigned char)*src++;
-               c2 = (unsigned char)*src++;
-               c3 = (unsigned char)*src++;
-               *out++ = base64[c1 >> 2];       /* top 6 bits of c1 */
-               c = (c1 & 0x3) << 4;            /* bottom 2 of c1... */
-               c |= c2 >> 4;                   /* ...top 4 of c2 */
-               *out++ = base64[c];
-               if (nreal == 1)
-                       *out++ = '=';
-               else {
-                       c = (c2 & 0xf) << 2;    /* bottom 4 of c2... */
-                       c |= c3 >> 6;           /* ...top 2 of c3 */
-                       *out++ = base64[c];
-               }
-               if (nreal <= 2)
-                       *out++ = '=';
-               else
-                       *out++ = base64[c3 & 0x3f];     /* bottom 6 of c3 */
-               break;
-       default:
-               assert(nreal == 0);     /* unknown format */
-               break;
-       }
-}
-
-/*
- - datatoa - convert data to ASCII
- * backward-compatibility synonym for datatot
- */
-size_t                         /* true length (with NUL) for success */
-datatoa(src, srclen, format, dst, dstlen)
-const char *src;
-size_t srclen;
-int format;                    /* character indicating what format */
-char *dst;                     /* need not be valid if dstlen is 0 */
-size_t dstlen;
-{
-       return datatot(src, srclen, format, dst, dstlen);
-}
-
-/*
- - bytestoa - convert data bytes to ASCII
- * backward-compatibility synonym for datatot
- */
-size_t                         /* true length (with NUL) for success */
-bytestoa(src, srclen, format, dst, dstlen)
-const char *src;
-size_t srclen;
-int format;                    /* character indicating what format */
-char *dst;                     /* need not be valid if dstlen is 0 */
-size_t dstlen;
-{
-       return datatot(src, srclen, format, dst, dstlen);
-}
diff --git a/src/libfreeswan/freeswan.h b/src/libfreeswan/freeswan.h
deleted file mode 100644 (file)
index 724165b..0000000
+++ /dev/null
@@ -1,371 +0,0 @@
-#ifndef _FREESWAN_H
-/*
- * header file for FreeS/WAN library functions
- * Copyright (C) 1998, 1999, 2000  Henry Spencer.
- * Copyright (C) 1999, 2000, 2001  Richard Guy Briggs
- *
- * This library is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Library General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/lgpl.txt>.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Library General Public
- * License for more details.
- */
-#define        _FREESWAN_H     /* seen it, no need to see it again */
-
-#  include <sys/types.h>
-#  include <stdio.h>
-#  include <netinet/in.h>
-
-#  define DEBUG_NO_STATIC static
-
-#include <ipsec_param.h>
-#include <utils.h>
-
-/*
- * We assume header files have IPv6 (i.e. kernel version >= 2.1.0)
- */
-#define NET_21
-
-#ifndef IPPROTO_COMP
-#  define IPPROTO_COMP 108
-#endif /* !IPPROTO_COMP */
-
-#ifndef IPPROTO_INT
-#  define IPPROTO_INT 61
-#endif /* !IPPROTO_INT */
-
-#ifdef CONFIG_IPSEC_DEBUG
-#  define DEBUG_NO_STATIC
-#else /* CONFIG_IPSEC_DEBUG */
-#  define DEBUG_NO_STATIC static
-#endif /* CONFIG_IPSEC_DEBUG */
-
-#define ESPINUDP_WITH_NON_IKE   1  /* draft-ietf-ipsec-nat-t-ike-00/01 */
-#define ESPINUDP_WITH_NON_ESP   2  /* draft-ietf-ipsec-nat-t-ike-02    */
-
-/*
- * Basic data types for the address-handling functions.
- * ip_address and ip_subnet are supposed to be opaque types; do not
- * use their definitions directly, they are subject to change!
- */
-
-/* then the main types */
-typedef struct {
-       union {
-               struct sockaddr_in v4;
-               struct sockaddr_in6 v6;
-       } u;
-} ip_address;
-typedef struct {
-       ip_address addr;
-       int maskbits;
-} ip_subnet;
-
-/* and the SA ID stuff */
-typedef u_int32_t ipsec_spi_t;
-typedef struct {               /* to identify an SA, we need: */
-        ip_address dst;                /* A. destination host */
-        ipsec_spi_t spi;       /* B. 32-bit SPI, assigned by dest. host */
-#              define  SPI_PASS        256     /* magic values... */
-#              define  SPI_DROP        257     /* ...for use... */
-#              define  SPI_REJECT      258     /* ...with SA_INT */
-#              define  SPI_HOLD        259
-#              define  SPI_TRAP        260
-#              define  SPI_TRAPSUBNET  261
-       int proto;              /* C. protocol */
-#              define  SA_ESP  50      /* IPPROTO_ESP */
-#              define  SA_AH   51      /* IPPROTO_AH */
-#              define  SA_IPIP 4       /* IPPROTO_IPIP */
-#              define  SA_COMP 108     /* IPPROTO_COMP */
-#              define  SA_INT  61      /* IANA reserved for internal use */
-} ip_said;
-struct sa_id {                 /* old v4-only version */
-        struct in_addr dst;
-        ipsec_spi_t spi;
-       int proto;
-};
-
-/* misc */
-struct prng {                  /* pseudo-random-number-generator guts */
-       unsigned char sbox[256];
-       int i, j;
-       unsigned long count;
-};
-
-
-/*
- * definitions for user space, taken from freeswan/ipsec_sa.h
- */
-typedef uint32_t IPsecSAref_t;
-
-#define IPSEC_SA_REF_TABLE_NUM_ENTRIES (1 << IPSEC_SA_REF_TABLE_IDX_WIDTH)
-
-#define IPSEC_SA_REF_FIELD_WIDTH (8 * sizeof(IPsecSAref_t))
-
-#define IPsecSAref2NFmark(x) ((x) << (IPSEC_SA_REF_FIELD_WIDTH - IPSEC_SA_REF_TABLE_IDX_WIDTH))
-#define NFmark2IPsecSAref(x) ((x) >> (IPSEC_SA_REF_FIELD_WIDTH - IPSEC_SA_REF_TABLE_IDX_WIDTH))
-
-#define IPSEC_SAREF_NULL (~((IPsecSAref_t)0))
-
-/* GCC magic for use in function definitions! */
-#ifdef GCC_LINT
-# define PRINTF_LIKE(n) __attribute__ ((format(printf, n, n+1)))
-# define NEVER_RETURNS __attribute__ ((noreturn))
-# define UNUSED __attribute__ ((unused))
-# define BLANK_FORMAT " "      /* GCC_LINT whines about empty formats */
-#else
-# define PRINTF_LIKE(n)        /* ignore */
-# define NEVER_RETURNS /* ignore */
-# define UNUSED /* ignore */
-# define BLANK_FORMAT ""
-#endif
-
-
-
-
-
-/*
- * new IPv6-compatible functions
- */
-
-/* text conversions */
-err_t ttoul(const char *src, size_t srclen, int format, unsigned long *dst);
-size_t ultot(unsigned long src, int format, char *buf, size_t buflen);
-#define        ULTOT_BUF       (22+1)  /* holds 64 bits in octal */
-err_t ttoaddr(const char *src, size_t srclen, int af, ip_address *dst);
-err_t tnatoaddr(const char *src, size_t srclen, int af, ip_address *dst);
-size_t addrtot(const ip_address *src, int format, char *buf, size_t buflen);
-/* RFC 1886 old IPv6 reverse-lookup format is the bulkiest */
-#define        ADDRTOT_BUF     (32*2 + 3 + 1 + 3 + 1 + 1)
-err_t ttosubnet(const char *src, size_t srclen, int af, ip_subnet *dst);
-size_t subnettot(const ip_subnet *src, int format, char *buf, size_t buflen);
-#define        SUBNETTOT_BUF   (ADDRTOT_BUF + 1 + 3)
-err_t ttosa(const char *src, size_t srclen, ip_said *dst);
-size_t satot(const ip_said *src, int format, char *bufptr, size_t buflen);
-#define        SATOT_BUF       (5 + ULTOA_BUF + 1 + ADDRTOT_BUF)
-err_t ttodata(const char *src, size_t srclen, int base, char *buf,
-                                               size_t buflen, size_t *needed);
-err_t ttodatav(const char *src, size_t srclen, int base,
-              char *buf,  size_t buflen, size_t *needed,
-              char *errp, size_t errlen, unsigned int flags);
-#define        TTODATAV_BUF    40      /* ttodatav's largest non-literal message */
-#define TTODATAV_IGNORESPACE  (1<<1)  /* ignore spaces in base64 encodings*/
-#define TTODATAV_SPACECOUNTS  0       /* do not ignore spaces in base64   */
-
-size_t datatot(const char *src, size_t srclen, int format, char *buf,
-                                                               size_t buflen);
-err_t ttoprotoport(char *src, size_t src_len, u_int8_t *proto, u_int16_t *port,
-                                                       bool *has_port_wildcard);
-
-/* initializations */
-void initsaid(const ip_address *addr, ipsec_spi_t spi, int proto, ip_said *dst);
-err_t loopbackaddr(int af, ip_address *dst);
-err_t unspecaddr(int af, ip_address *dst);
-err_t anyaddr(int af, ip_address *dst);
-err_t initaddr(const unsigned char *src, size_t srclen, int af, ip_address *dst);
-err_t initsubnet(const ip_address *addr, int maskbits, int clash, ip_subnet *dst);
-err_t addrtosubnet(const ip_address *addr, ip_subnet *dst);
-
-/* misc. conversions and related */
-err_t rangetosubnet(const ip_address *from, const ip_address *to, ip_subnet *dst);
-int addrtypeof(const ip_address *src);
-int subnettypeof(const ip_subnet *src);
-size_t addrlenof(const ip_address *src);
-size_t addrbytesptr(const ip_address *src, const unsigned char **dst);
-size_t addrbytesof(const ip_address *src, unsigned char *dst, size_t dstlen);
-int masktocount(const ip_address *src);
-void networkof(const ip_subnet *src, ip_address *dst);
-void maskof(const ip_subnet *src, ip_address *dst);
-
-/* tests */
-int sameaddr(const ip_address *a, const ip_address *b);
-int addrcmp(const ip_address *a, const ip_address *b);
-int samesubnet(const ip_subnet *a, const ip_subnet *b);
-int addrinsubnet(const ip_address *a, const ip_subnet *s);
-int subnetinsubnet(const ip_subnet *a, const ip_subnet *b);
-int subnetishost(const ip_subnet *s);
-int samesaid(const ip_said *a, const ip_said *b);
-int sameaddrtype(const ip_address *a, const ip_address *b);
-int samesubnettype(const ip_subnet *a, const ip_subnet *b);
-int isanyaddr(const ip_address *src);
-int isunspecaddr(const ip_address *src);
-int isloopbackaddr(const ip_address *src);
-
-/* low-level grot */
-int portof(const ip_address *src);
-void setportof(int port, ip_address *dst);
-struct sockaddr *sockaddrof(ip_address *src);
-size_t sockaddrlenof(const ip_address *src);
-
-/* odds and ends */
-const char **ipsec_copyright_notice(void);
-
-const char *dns_string_rr(int rr, char *buf, int bufsize);
-const char *dns_string_datetime(time_t seconds,
-                               char *buf,
-                               int bufsize);
-
-
-/*
- * old functions, to be deleted eventually
- */
-
-/* unsigned long */
-const char *                   /* NULL for success, else string literal */
-atoul(
-       const char *src,
-       size_t srclen,          /* 0 means strlen(src) */
-       int base,               /* 0 means figure it out */
-       unsigned long *resultp
-);
-size_t                         /* space needed for full conversion */
-ultoa(
-       unsigned long n,
-       int base,
-       char *dst,
-       size_t dstlen
-);
-#define        ULTOA_BUF       21      /* just large enough for largest result, */
-                               /* assuming 64-bit unsigned long! */
-
-/* Internet addresses */
-const char *                   /* NULL for success, else string literal */
-atoaddr(
-       const char *src,
-       size_t srclen,          /* 0 means strlen(src) */
-       struct in_addr *addr
-);
-size_t                         /* space needed for full conversion */
-addrtoa(
-       struct in_addr addr,
-       int format,             /* character; 0 means default */
-       char *dst,
-       size_t dstlen
-);
-#define        ADDRTOA_BUF     16      /* just large enough for largest result */
-
-/* subnets */
-const char *                   /* NULL for success, else string literal */
-atosubnet(
-       const char *src,
-       size_t srclen,          /* 0 means strlen(src) */
-       struct in_addr *addr,
-       struct in_addr *mask
-);
-size_t                         /* space needed for full conversion */
-subnettoa(
-       struct in_addr addr,
-       struct in_addr mask,
-       int format,             /* character; 0 means default */
-       char *dst,
-       size_t dstlen
-);
-#define        SUBNETTOA_BUF   32      /* large enough for worst case result */
-
-/* ranges */
-const char *                   /* NULL for success, else string literal */
-atoasr(
-       const char *src,
-       size_t srclen,          /* 0 means strlen(src) */
-       char *type,             /* 'a', 's', 'r' */
-       struct in_addr *addrs   /* two-element array */
-);
-size_t                         /* space needed for full conversion */
-rangetoa(
-       struct in_addr *addrs,  /* two-element array */
-       int format,             /* character; 0 means default */
-       char *dst,
-       size_t dstlen
-);
-#define        RANGETOA_BUF    34      /* large enough for worst case result */
-
-/* generic data, e.g. keys */
-const char *                   /* NULL for success, else string literal */
-atobytes(
-       const char *src,
-       size_t srclen,          /* 0 means strlen(src) */
-       char *dst,
-       size_t dstlen,
-       size_t *lenp            /* NULL means don't bother telling me */
-);
-size_t                         /* 0 failure, else true size */
-bytestoa(
-       const char *src,
-       size_t srclen,
-       int format,             /* character; 0 means default */
-       char *dst,
-       size_t dstlen
-);
-
-/* old versions of generic-data functions; deprecated */
-size_t                         /* 0 failure, else true size */
-atodata(
-       const char *src,
-       size_t srclen,          /* 0 means strlen(src) */
-       char *dst,
-       size_t dstlen
-);
-size_t                         /* 0 failure, else true size */
-datatoa(
-       const char *src,
-       size_t srclen,
-       int format,             /* character; 0 means default */
-       char *dst,
-       size_t dstlen
-);
-
-/* part extraction and special addresses */
-struct in_addr
-subnetof(
-       struct in_addr addr,
-       struct in_addr mask
-);
-struct in_addr
-hostof(
-       struct in_addr addr,
-       struct in_addr mask
-);
-struct in_addr
-broadcastof(
-       struct in_addr addr,
-       struct in_addr mask
-);
-
-/* mask handling */
-int
-goodmask(
-       struct in_addr mask
-);
-int
-masktobits(
-       struct in_addr mask
-);
-struct in_addr
-bitstomask(
-       int n
-);
-
-/*
- * Debugging levels for pfkey_lib_debug
- */
-#define PF_KEY_DEBUG_PARSE_NONE    0
-#define PF_KEY_DEBUG_PARSE_PROBLEM 1
-#define PF_KEY_DEBUG_PARSE_STRUCT  2
-#define PF_KEY_DEBUG_PARSE_FLOW    4
-#define PF_KEY_DEBUG_PARSE_MAX     7
-
-extern unsigned int pfkey_lib_debug;  /* bits selecting what to report */
-
-/*
- * pluto and lwdnsq need to know the maximum size of the commands to,
- * and replies from lwdnsq.
- */
-
-#define LWDNSQ_CMDBUF_LEN      1024
-#define LWDNSQ_RESULT_LEN_MAX  4096
-
-#endif /* _FREESWAN_H */
diff --git a/src/libfreeswan/goodmask.3 b/src/libfreeswan/goodmask.3
deleted file mode 100644 (file)
index b76d431..0000000
+++ /dev/null
@@ -1,56 +0,0 @@
-.TH IPSEC_GOODMASK 3 "11 June 2001"
-.SH NAME
-ipsec goodmask \- is this Internet subnet mask a valid one?
-.br
-ipsec masktobits \- convert Internet subnet mask to bit count
-.br
-ipsec bitstomask \- convert bit count to Internet subnet mask
-.SH SYNOPSIS
-.B "#include <freeswan.h>
-.sp
-.B "int goodmask(struct in_addr mask);"
-.br
-.B "int masktobits(struct in_addr mask);"
-.br
-.B "struct in_addr bitstomask(int n);"
-.SH DESCRIPTION
-These functions are obsolete;
-see
-.IR ipsec_masktocount (3)
-for a partial replacement.
-.PP
-.I Goodmask
-reports whether the subnet
-.I mask
-is a valid one,
-i.e. consists of a (possibly empty) sequence of
-.BR 1 s
-followed by a (possibly empty) sequence of
-.BR 0 s.
-.I Masktobits
-takes a (valid) subnet mask and returns the number of
-.B 1
-bits in it.
-.I Bitstomask
-reverses this,
-returning the subnet mask corresponding to bit count
-.IR n .
-.PP
-All masks are in network byte order.
-.SH SEE ALSO
-inet(3), ipsec_atosubnet(3)
-.SH DIAGNOSTICS
-.I Masktobits
-returns
-.B \-1
-for an invalid mask.
-.I Bitstomask
-returns an all-zeros mask for a negative or out-of-range
-.IR n .
-.SH HISTORY
-Written for the FreeS/WAN project by Henry Spencer.
-.SH BUGS
-The error-reporting convention of
-.I bitstomask
-is less than ideal;
-zero is sometimes a legitimate mask.
diff --git a/src/libfreeswan/goodmask.c b/src/libfreeswan/goodmask.c
deleted file mode 100644 (file)
index 66edae2..0000000
+++ /dev/null
@@ -1,95 +0,0 @@
-/*
- * minor utilities for subnet-mask manipulation
- * Copyright (C) 1998, 1999  Henry Spencer.
- *
- * This library is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Library General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/lgpl.txt>.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Library General Public
- * License for more details.
- */
-#include "internal.h"
-#include "freeswan.h"
-
-/*
- - goodmask - is this a good (^1*0*$) subnet mask?
- * You are not expected to understand this.  See Henry S. Warren Jr,
- * "Functions realizable with word-parallel logical and two's-complement
- * addition instructions", CACM 20.6 (June 1977), p.439.
- */
-int                            /* predicate */
-goodmask(mask)
-struct in_addr mask;
-{
-       unsigned long x = ntohl(mask.s_addr);
-       /* clear rightmost contiguous string of 1-bits */
-#      define  CRCS1B(x)       (((x|(x-1))+1)&x)
-#      define  TOPBIT          (1UL << 31)
-
-       /* either zero, or has one string of 1-bits which is left-justified */
-       if (x == 0 || (CRCS1B(x) == 0 && (x&TOPBIT)))
-               return 1;
-       return 0;
-}
-
-/*
- - masktobits - how many bits in this mask?
- * The algorithm is essentially a binary search, but highly optimized
- * for this particular task.
- */
-int                            /* -1 means !goodmask() */
-masktobits(mask)
-struct in_addr mask;
-{
-       unsigned long m = ntohl(mask.s_addr);
-       int masklen;
-
-       if (!goodmask(mask))
-               return -1;
-
-       if (m&0x00000001UL)
-               return 32;
-       masklen = 0;
-       if (m&(0x0000ffffUL<<1)) {      /* <<1 for 1-origin numbering */
-               masklen |= 0x10;
-               m <<= 16;
-       }
-       if (m&(0x00ff0000UL<<1)) {
-               masklen |= 0x08;
-               m <<= 8;
-       }
-       if (m&(0x0f000000UL<<1)) {
-               masklen |= 0x04;
-               m <<= 4;
-       }
-       if (m&(0x30000000UL<<1)) {
-               masklen |= 0x02;
-               m <<= 2;
-       }
-       if (m&(0x40000000UL<<1))
-               masklen |= 0x01;
-
-       return masklen;
-}
-
-/*
- - bitstomask - return a mask with this many high bits on
- */
-struct in_addr
-bitstomask(n)
-int n;
-{
-       struct in_addr result;
-
-       if (n > 0 && n <= ABITS)
-               result.s_addr = htonl(~((1UL << (ABITS - n)) - 1));
-       else if (n == 0)
-               result.s_addr = 0;
-       else
-               result.s_addr = 0;      /* best error report we can do */
-       return result;
-}
diff --git a/src/libfreeswan/initaddr.3 b/src/libfreeswan/initaddr.3
deleted file mode 100644 (file)
index 071e507..0000000
+++ /dev/null
@@ -1,128 +0,0 @@
-.TH IPSEC_INITADDR 3 "11 Sept 2000"
-.SH NAME
-ipsec initaddr \- initialize an ip_address
-.br
-ipsec addrtypeof \- get address type of an ip_address
-.br
-ipsec addrlenof \- get length of address within an ip_address
-.br
-ipsec addrbytesof \- get copy of address within an ip_address
-.br
-ipsec addrbytesptr \- get pointer to address within an ip_address
-.SH SYNOPSIS
-.B "#include <freeswan.h>"
-.sp
-.B "const char *initaddr(const char *src, size_t srclen,"
-.ti +1c
-.B "int af, ip_address *dst);"
-.br
-.B "int addrtypeof(const ip_address *src);"
-.br
-.B "size_t addrlenof(const ip_address *src);"
-.br
-.B "size_t addrbytesof(const ip_address *src,"
-.ti +1c
-.B "unsigned char *dst, size_t dstlen);"
-.br
-.B "size_t addrbytesptr(const ip_address *src,"
-.ti +1c
-.B "const unsigned char **dst);"
-.SH DESCRIPTION
-The
-.B <freeswan.h>
-library uses an internal type
-.I ip_address
-to contain one of the (currently two) types of IP address.
-These functions provide basic tools for creating and examining this type.
-.PP
-.I Initaddr
-initializes a variable
-.I *dst
-of type
-.I ip_address
-from an address
-(in network byte order,
-indicated by a pointer
-.I src
-and a length
-.IR srclen )
-and an address family
-.I af
-(typically
-.B AF_INET
-or
-.BR AF_INET6 ).
-The length must be consistent with the address family.
-.PP
-.I Addrtypeof
-returns the address type of an address,
-normally
-.B AF_INET
-or
-.BR AF_INET6 .
-(The
-.B <freeswan.h>
-header file arranges to include the necessary headers for these
-names to be known.)
-.PP
-.I Addrlenof
-returns the size (in bytes) of the address within an
-.IR ip_address ,
-to permit storage allocation etc.
-.PP
-.I Addrbytesof
-copies the address within the
-.I ip_address
-.I src
-to the buffer indicated by the pointer
-.I dst
-and the length
-.IR dstlen ,
-and returns the address length (in bytes).
-If the address will not fit,
-as many bytes as will fit are copied;
-the returned length is still the full length.
-It is the caller's responsibility to check the
-returned value to ensure that there was enough room.
-.PP
-.I Addrbytesptr
-sets
-.I *dst
-to a pointer to the internal address within the
-.IR ip_address ,
-and returns the address length (in bytes).
-If
-.I dst
-is
-.BR NULL ,
-it just returns the address length.
-The pointer points to
-.B const
-to discourage misuse.
-.PP
-.I Initaddr
-returns
-.B NULL
-for success and
-a pointer to a string-literal error message for failure;
-see DIAGNOSTICS.
-.PP
-The functions which return
-.I size_t
-return
-.B 0
-for a failure.
-.SH SEE ALSO
-inet(3), ipsec_ttoaddr(3)
-.SH DIAGNOSTICS
-An unknown address family is a fatal error for any of these functions
-except
-.IR addrtypeof .
-An address-size mismatch is a fatal error for
-.IR initaddr .
-.SH HISTORY
-Written for the FreeS/WAN project by Henry Spencer.
-.SH BUGS
-.I Addrtypeof
-should probably have been named
-.IR addrfamilyof .
diff --git a/src/libfreeswan/initaddr.c b/src/libfreeswan/initaddr.c
deleted file mode 100644 (file)
index c84006f..0000000
+++ /dev/null
@@ -1,51 +0,0 @@
-/*
- * initialize address structure
- * Copyright (C) 2000  Henry Spencer.
- *
- * This library is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Library General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/lgpl.txt>.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Library General Public
- * License for more details.
- */
-#include <sys/socket.h>
-
-#include "internal.h"
-#include "freeswan.h"
-
-/*
- - initaddr - initialize ip_address from bytes
- */
-err_t                          /* NULL for success, else string literal */
-initaddr(src, srclen, af, dst)
-const unsigned char *src;
-size_t srclen;
-int af;                                /* address family */
-ip_address *dst;
-{
-       switch (af) {
-       case AF_INET:
-               if (srclen != 4)
-                       return "IPv4 address must be exactly 4 bytes";
-               dst->u.v4.sin_family = af;
-               dst->u.v4.sin_port = 0;         /* unused */
-               memcpy((char *)&dst->u.v4.sin_addr.s_addr, src, srclen);
-               break;
-       case AF_INET6:
-               if (srclen != 16)
-                       return "IPv6 address must be exactly 16 bytes";
-               dst->u.v6.sin6_family = af;
-               dst->u.v6.sin6_flowinfo = 0;            /* unused */
-               dst->u.v6.sin6_port = 0;                /* unused */
-               memcpy((char *)&dst->u.v6.sin6_addr, src, srclen);
-               break;
-       default:
-               return "unknown address family in initaddr";
-               break;
-       }
-       return NULL;
-}
diff --git a/src/libfreeswan/initsaid.c b/src/libfreeswan/initsaid.c
deleted file mode 100644 (file)
index 4e4bc9a..0000000
+++ /dev/null
@@ -1,31 +0,0 @@
-/*
- * initialize SA ID structure
- * Copyright (C) 2000  Henry Spencer.
- *
- * This library is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Library General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/lgpl.txt>.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Library General Public
- * License for more details.
- */
-#include "internal.h"
-#include "freeswan.h"
-
-/*
- - initsaid - initialize SA ID from bits
- */
-void
-initsaid(addr, spi, proto, dst)
-const ip_address *addr;
-ipsec_spi_t spi;
-int proto;
-ip_said *dst;
-{
-       dst->dst = *addr;
-       dst->spi = spi;
-       dst->proto = proto;
-}
diff --git a/src/libfreeswan/initsubnet.3 b/src/libfreeswan/initsubnet.3
deleted file mode 100644 (file)
index 3545fd4..0000000
+++ /dev/null
@@ -1,136 +0,0 @@
-.TH IPSEC_INITSUBNET 3 "12 March 2002"
-.SH NAME
-ipsec initsubnet \- initialize an ip_subnet
-.br
-ipsec addrtosubnet \- initialize a singleton ip_subnet
-.br
-ipsec subnettypeof \- get address type of an ip_subnet
-.br
-ipsec masktocount \- convert subnet mask to bit count
-.br
-ipsec networkof \- get base address of an ip_subnet
-.br
-ipsec maskof \- get subnet mask of an ip_subnet
-.SH SYNOPSIS
-.B "#include <freeswan.h>"
-.sp
-.B "const char *initsubnet(const ip_address *addr,"
-.ti +1c
-.B "int maskbits, int clash, ip_subnet *dst);"
-.br
-.B "const char *addrtosubnet(const ip_address *addr,"
-.ti +1c
-.B "ip_subnet *dst);"
-.sp
-.B "int subnettypeof(const ip_subnet *src);"
-.br
-.B "int masktocount(const ip_address *src);"
-.br
-.B "void networkof(const ip_subnet *src, ip_address *dst);"
-.br
-.B "void maskof(const ip_subnet *src, ip_address *dst);"
-.SH DESCRIPTION
-The
-.B <freeswan.h>
-library uses an internal type
-.I ip_subnet
-to contain a description of an IP subnet
-(base address plus mask).
-These functions provide basic tools for creating and examining this type.
-.PP
-.I Initsubnet
-initializes a variable
-.I *dst
-of type
-.I ip_subnet
-from a base address and
-a count of mask bits.
-The
-.I clash
-parameter specifies what to do if the base address includes
-.B 1
-bits outside the prefix specified by the mask
-(that is, in the ``host number'' part of the address):
-.RS
-.IP '0' 5
-zero out host-number bits
-.IP 'x'
-non-zero host-number bits are an error
-.RE
-.PP
-.I Initsubnet
-returns
-.B NULL
-for success and
-a pointer to a string-literal error message for failure;
-see DIAGNOSTICS.
-.PP
-.I Addrtosubnet
-initializes an
-.I ip_subnet
-variable
-.I *dst
-to a ``singleton subnet'' containing the single address
-.IR *addr .
-It returns
-.B NULL
-for success and
-a pointer to a string-literal error message for failure.
-.PP
-.I Subnettypeof
-returns the address type of a subnet,
-normally
-.B AF_INET
-or
-.BR AF_INET6 .
-(The
-.B <freeswan.h>
-header file arranges to include the necessary headers for these
-names to be known.)
-.PP
-.I Masktocount
-converts a subnet mask, expressed as an address, to a bit count
-suitable for use with
-.IR initsubnet .
-It returns
-.B \-1
-for error; see DIAGNOSTICS.
-.PP
-.I Networkof
-fills in
-.I *dst
-with the base address of subnet
-.IR src .
-.PP
-.I Maskof
-fills in
-.I *dst
-with the subnet mask of subnet
-.IR src ,
-expressed as an address.
-.SH SEE ALSO
-inet(3), ipsec_ttosubnet(3), ipsec_rangetosubnet(3)
-.SH DIAGNOSTICS
-Fatal errors in
-.I initsubnet
-are:
-unknown address family;
-unknown
-.I clash
-value;
-impossible mask bit count;
-non-zero host-number bits and
-.I clash
-is
-.BR 'x' .
-Fatal errors in
-.I addrtosubnet
-are:
-unknown address family.
-Fatal errors in
-.I masktocount
-are:
-unknown address family;
-mask bits not contiguous.
-.SH HISTORY
-Written for the FreeS/WAN project by Henry Spencer.
diff --git a/src/libfreeswan/initsubnet.c b/src/libfreeswan/initsubnet.c
deleted file mode 100644 (file)
index 27fadda..0000000
+++ /dev/null
@@ -1,93 +0,0 @@
-/*
- * initialize subnet structure
- * Copyright (C) 2000, 2002  Henry Spencer.
- *
- * This library is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Library General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/lgpl.txt>.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Library General Public
- * License for more details.
- */
-#include "internal.h"
-#include "freeswan.h"
-
-/*
- - initsubnet - initialize ip_subnet from address and count
- *
- * The only hard part is checking for host-part bits turned on.
- */
-err_t                          /* NULL for success, else string literal */
-initsubnet(addr, count, clash, dst)
-const ip_address *addr;
-int count;
-int clash;                     /* '0' zero host-part bits, 'x' die on them */
-ip_subnet *dst;
-{
-       unsigned char *p;
-       int n;
-       int c;
-       unsigned m;
-       int die;
-
-       dst->addr = *addr;
-       n = addrbytesptr(&dst->addr, (const unsigned char **)&p);
-       if (n == 0)
-               return "unknown address family";
-
-       switch (clash) {
-       case '0':
-               die = 0;
-               break;
-       case 'x':
-               die = 1;
-               break;
-       default:
-               return "unknown clash-control value in initsubnet";
-               break;
-       }
-
-       c = count / 8;
-       if (c > n)
-               return "impossible mask count";
-       p += c;
-       n -= c;
-
-       m = 0xff;
-       c = count % 8;
-       if (n > 0 && c != 0)    /* partial byte */
-               m >>= c;
-       for (; n > 0; n--) {
-               if ((*p & m) != 0) {
-                       if (die)
-                               return "improper subnet, host-part bits on";
-                       *p &= ~m;
-               }
-               m = 0xff;
-               p++;
-       }
-
-       dst->maskbits = count;
-       return NULL;
-}
-
-/*
- - addrtosubnet - initialize ip_subnet from a single address
- */
-err_t                          /* NULL for success, else string literal */
-addrtosubnet(addr, dst)
-const ip_address *addr;
-ip_subnet *dst;
-{
-       int n;
-
-       dst->addr = *addr;
-       n = addrbytesptr(&dst->addr, (const unsigned char **)NULL);
-       if (n == 0)
-               return "unknown address family";
-       dst->maskbits = n*8;
-       return NULL;
-}
diff --git a/src/libfreeswan/internal.h b/src/libfreeswan/internal.h
deleted file mode 100644 (file)
index 832c8a5..0000000
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- * internal definitions for use within the library; do not export!
- * Copyright (C) 1998, 1999  Henry Spencer.
- *
- * This library is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Library General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/lgpl.txt>.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Library General Public
- * License for more details.
- */
-
-#ifndef ABITS
-#define        ABITS   32      /* bits in an IPv4 address */
-#endif
-
-/* case-independent ASCII character equality comparison */
-#define        CIEQ(c1, c2)    ( ((c1)&~040) == ((c2)&~040) )
-
-/* syntax for passthrough SA */
-#ifndef PASSTHROUGHNAME
-#define        PASSTHROUGHNAME "%passthrough"
-#define        PASSTHROUGH4NAME        "%passthrough4"
-#define        PASSTHROUGH6NAME        "%passthrough6"
-#define        PASSTHROUGHIS   "tun0@0.0.0.0"
-#define        PASSTHROUGH4IS  "tun0@0.0.0.0"
-#define        PASSTHROUGH6IS  "tun0@::"
-#define        PASSTHROUGHTYPE "tun"
-#define        PASSTHROUGHSPI  0
-#define        PASSTHROUGHDST  0
-#endif
-
-#include <sys/types.h>
-#include <netinet/in.h>
-#include <string.h>
-#include <ctype.h>
-#include <assert.h>
-#include <limits.h>
-#include <netdb.h>
-#include <stdlib.h>
-#define        MALLOC(n)       malloc(n)
-#define        FREE(p)         free(p)
-
diff --git a/src/libfreeswan/ipsec_param.h b/src/libfreeswan/ipsec_param.h
deleted file mode 100644 (file)
index 93426b8..0000000
+++ /dev/null
@@ -1,54 +0,0 @@
-/*
- * @(#) FreeSWAN tunable paramaters
- *
- * Copyright (C) 2001  Richard Guy Briggs  <rgb@freeswan.org>
- *                 and Michael Richardson  <mcr@freeswan.org>
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-/*
- * This file provides a set of #define's which may be tuned by various
- * people/configurations. It keeps all compile-time tunables in one place.
- *
- * This file should be included before all other IPsec kernel-only files.
- *
- */
-
-#ifndef _IPSEC_PARAM_H_
-
-/*
- * This is for the SA reference table. This number is related to the
- * maximum number of SAs that KLIPS can concurrently deal with, plus enough
- * space for keeping expired SAs around.
- *
- * TABLE_MAX_WIDTH is the number of bits that we will use.
- * MAIN_TABLE_WIDTH is the number of bits used for the primary index table.
- *
- */
-#ifndef IPSEC_SA_REF_TABLE_IDX_WIDTH
-# define IPSEC_SA_REF_TABLE_IDX_WIDTH 16
-#endif
-
-#ifndef IPSEC_SA_REF_MAINTABLE_IDX_WIDTH
-# define IPSEC_SA_REF_MAINTABLE_IDX_WIDTH 4
-#endif
-
-#ifndef IPSEC_SA_REF_FREELIST_NUM_ENTRIES
-# define IPSEC_SA_REF_FREELIST_NUM_ENTRIES 256
-#endif
-
-#ifndef IPSEC_SA_REF_CODE
-# define IPSEC_SA_REF_CODE 1
-#endif
-
-#define _IPSEC_PARAM_H_
-#endif /* _IPSEC_PARAM_H_ */
diff --git a/src/libfreeswan/pfkey.h b/src/libfreeswan/pfkey.h
deleted file mode 100644 (file)
index 993678c..0000000
+++ /dev/null
@@ -1,205 +0,0 @@
-/*
- * FreeS/WAN specific PF_KEY headers
- * Copyright (C) 1999, 2000, 2001  Richard Guy Briggs.
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#ifndef __NET_IPSEC_PF_KEY_H
-#define __NET_IPSEC_PF_KEY_H
-
-extern void (*pfkey_debug_func)(const char *message, ...);
-
-extern uint8_t satype2proto(uint8_t satype);
-extern uint8_t proto2satype(uint8_t proto);
-extern char* satype2name(uint8_t satype);
-extern char* proto2name(uint8_t proto);
-
-struct key_opt
-{
-       uint32_t        key_pid;        /* process ID */
-       struct sock     *sk;
-};
-
-#define key_pid(sk) ((struct key_opt*)&((sk)->protinfo))->key_pid
-
-#define IPSEC_PFKEYv2_ALIGN (sizeof(uint64_t)/sizeof(uint8_t))
-#define BITS_PER_OCTET 8
-#define OCTETBITS 8
-#define PFKEYBITS 64
-#define DIVUP(x,y) ((x + y -1) / y) /* divide, rounding upwards */
-#define ALIGN_N(x,y) (DIVUP(x,y) * y) /* align on y boundary */
-
-#define PFKEYv2_MAX_MSGSIZE 4096
-
-/*
- * PF_KEYv2 permitted and required extensions in and out bitmaps
- */
-struct pf_key_ext_parsers_def {
-       int  (*parser)(struct sadb_ext*);
-       char  *parser_name;
-};
-
-
-extern unsigned int extensions_bitmaps[2/*in/out*/][2/*perm/req*/][SADB_MAX + 1/*ext*/];
-#define EXT_BITS_IN 0
-#define EXT_BITS_OUT 1
-#define EXT_BITS_PERM 0
-#define EXT_BITS_REQ 1
-
-extern void pfkey_extensions_init(struct sadb_ext *extensions[SADB_EXT_MAX + 1]);
-extern void pfkey_extensions_free(struct sadb_ext *extensions[SADB_EXT_MAX + 1]);
-extern void pfkey_msg_free(struct sadb_msg **pfkey_msg);
-
-extern int pfkey_msg_parse(struct sadb_msg *pfkey_msg,
-                          struct pf_key_ext_parsers_def *ext_parsers[],
-                          struct sadb_ext **extensions,
-                          int dir);
-
-/*
- * PF_KEYv2 build function prototypes
- */
-
-int
-pfkey_msg_hdr_build(struct sadb_ext**  pfkey_ext,
-                   uint8_t             msg_type,
-                   uint8_t             satype,
-                   uint8_t             msg_errno,
-                   uint32_t            seq,
-                   uint32_t            pid);
-
-int
-pfkey_sa_ref_build(struct sadb_ext **  pfkey_ext,
-              uint16_t                 exttype,
-              uint32_t                 spi, /* in network order */
-              uint8_t                  replay_window,
-              uint8_t                  sa_state,
-              uint8_t                  auth,
-              uint8_t                  encrypt,
-              uint32_t                 flags,
-              uint32_t/*IPsecSAref_t*/ ref);
-
-int
-pfkey_sa_build(struct sadb_ext **      pfkey_ext,
-              uint16_t                 exttype,
-              uint32_t                 spi, /* in network order */
-              uint8_t                  replay_window,
-              uint8_t                  sa_state,
-              uint8_t                  auth,
-              uint8_t                  encrypt,
-              uint32_t                 flags);
-
-int
-pfkey_lifetime_build(struct sadb_ext **        pfkey_ext,
-                    uint16_t           exttype,
-                    uint32_t           allocations,
-                    uint64_t           bytes,
-                    uint64_t           addtime,
-                    uint64_t           usetime,
-                    uint32_t           packets);
-
-int
-pfkey_address_build(struct sadb_ext**  pfkey_ext,
-                   uint16_t            exttype,
-                   uint8_t             proto,
-                   uint8_t             prefixlen,
-                   struct sockaddr*    address);
-
-int
-pfkey_key_build(struct sadb_ext**      pfkey_ext,
-               uint16_t                exttype,
-               uint16_t                key_bits,
-               char*                   key);
-
-int
-pfkey_ident_build(struct sadb_ext**    pfkey_ext,
-                 uint16_t              exttype,
-                 uint16_t              ident_type,
-                 uint64_t              ident_id,
-                 uint8_t               ident_len,
-                 char*                 ident_string);
-
-int
-pfkey_x_nat_t_type_build(struct sadb_ext**  pfkey_ext,
-            uint8_t         type);
-int
-pfkey_x_nat_t_port_build(struct sadb_ext**  pfkey_ext,
-            uint16_t         exttype,
-            uint16_t         port);
-
-int
-pfkey_sens_build(struct sadb_ext**     pfkey_ext,
-                uint32_t               dpd,
-                uint8_t                sens_level,
-                uint8_t                sens_len,
-                uint64_t*              sens_bitmap,
-                uint8_t                integ_level,
-                uint8_t                integ_len,
-                uint64_t*              integ_bitmap);
-
-int
-pfkey_x_protocol_build(struct sadb_ext **, uint8_t);
-
-
-int
-pfkey_prop_build(struct sadb_ext**     pfkey_ext,
-                uint8_t                replay,
-                unsigned int           comb_num,
-                struct sadb_comb*      comb);
-
-int
-pfkey_supported_build(struct sadb_ext**        pfkey_ext,
-                     uint16_t          exttype,
-                     unsigned int      alg_num,
-                     struct sadb_alg*  alg);
-
-int
-pfkey_spirange_build(struct sadb_ext** pfkey_ext,
-                    uint16_t           exttype,
-                    uint32_t           min,
-                    uint32_t           max);
-
-int
-pfkey_x_kmprivate_build(struct sadb_ext**      pfkey_ext);
-
-int
-pfkey_x_satype_build(struct sadb_ext** pfkey_ext,
-                    uint8_t            satype);
-
-int
-pfkey_x_debug_build(struct sadb_ext**  pfkey_ext,
-                   uint32_t            tunnel,
-                   uint32_t            netlink,
-                   uint32_t            xform,
-                   uint32_t            eroute,
-                   uint32_t            spi,
-                   uint32_t            radij,
-                   uint32_t            esp,
-                   uint32_t            ah,
-                   uint32_t            rcv,
-                   uint32_t            pfkey,
-                   uint32_t            ipcomp,
-                   uint32_t            verbose);
-
-int
-pfkey_msg_build(struct sadb_msg**      pfkey_msg,
-               struct sadb_ext*        extensions[],
-               int                     dir);
-
-/* in pfkey_v2_debug.c - routines to decode numbers -> strings */
-const char *
-pfkey_v2_sadb_ext_string(int extnum);
-
-const char *
-pfkey_v2_sadb_type_string(int sadb_type);
-
-
-#endif /* __NET_IPSEC_PF_KEY_H */
diff --git a/src/libfreeswan/pfkey_v2_build.c b/src/libfreeswan/pfkey_v2_build.c
deleted file mode 100644 (file)
index c0bb369..0000000
+++ /dev/null
@@ -1,1388 +0,0 @@
-/*
- * RFC2367 PF_KEYv2 Key management API message parser
- * Copyright (C) 1999, 2000, 2001  Richard Guy Briggs.
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-/*
- *             Template from klips/net/ipsec/ipsec/ipsec_parser.c.
- */
-
-char pfkey_v2_build_c_version[] = "";
-
-# include <sys/types.h>
-# include <sys/socket.h>
-# include <stdlib.h>
-# include <errno.h>
-# include <string.h> /* memset */
-
-# include <freeswan.h>
-unsigned int pfkey_lib_debug = 0;
-
-void (*pfkey_debug_func)(const char *message, ...) PRINTF_LIKE(1);
-
-#define DEBUGGING(args...)  if(pfkey_lib_debug) { \
-                              if(pfkey_debug_func != NULL) { \
-                                (*pfkey_debug_func)("pfkey_lib_debug:" args); \
-                              } else { \
-                                printf("pfkey_lib_debug:" args); \
-                              } }
-# define MALLOC(size) malloc(size)
-# define FREE(obj) free(obj)
-
-#include <pfkeyv2.h>
-#include <pfkey.h>
-
-#define SENDERR(_x) do { error = -(_x); goto errlab; } while (0)
-
-void
-pfkey_extensions_init(struct sadb_ext *extensions[SADB_EXT_MAX + 1])
-{
-       int i;
-
-       for (i = 0; i != SADB_EXT_MAX + 1; i++) {
-               extensions[i] = NULL;
-       }
-}
-
-void
-pfkey_extensions_free(struct sadb_ext *extensions[SADB_EXT_MAX + 1])
-{
-       int i;
-
-       if (!extensions) {
-               return;
-       }
-
-       if (extensions[0]) {
-               memset(extensions[0], 0, sizeof(struct sadb_msg));
-               FREE(extensions[0]);
-               extensions[0] = NULL;
-       }
-
-       for (i = 1; i != SADB_EXT_MAX + 1; i++) {
-               if(extensions[i]) {
-                       memset(extensions[i], 0, extensions[i]->sadb_ext_len * IPSEC_PFKEYv2_ALIGN);
-                       FREE(extensions[i]);
-                       extensions[i] = NULL;
-               }
-       }
-}
-
-void
-pfkey_msg_free(struct sadb_msg **pfkey_msg)
-{
-       if (*pfkey_msg) {
-               memset(*pfkey_msg, 0, (*pfkey_msg)->sadb_msg_len * IPSEC_PFKEYv2_ALIGN);
-               FREE(*pfkey_msg);
-               *pfkey_msg = NULL;
-       }
-}
-
-/* Default extension builders taken from the KLIPS code */
-
-int
-pfkey_msg_hdr_build(struct sadb_ext**  pfkey_ext,
-                   uint8_t             msg_type,
-                   uint8_t             satype,
-                   uint8_t             msg_errno,
-                   uint32_t            seq,
-                   uint32_t            pid)
-{
-       int error = 0;
-       struct sadb_msg *pfkey_msg = (struct sadb_msg *)*pfkey_ext;
-
-       DEBUGGING(
-               "pfkey_msg_hdr_build:\n");
-       DEBUGGING(
-               "pfkey_msg_hdr_build: "
-               "on_entry &pfkey_ext=0p%p pfkey_ext=0p%p *pfkey_ext=0p%p.\n",
-               &pfkey_ext,
-               pfkey_ext,
-               *pfkey_ext);
-       /* sanity checks... */
-       if (pfkey_msg) {
-               DEBUGGING(
-                       "pfkey_msg_hdr_build: "
-                       "why is pfkey_msg already pointing to something?\n");
-               SENDERR(EINVAL);
-       }
-
-       if (!msg_type) {
-               DEBUGGING(
-                       "pfkey_msg_hdr_build: "
-                       "msg type not set, must be non-zero..\n");
-               SENDERR(EINVAL);
-       }
-
-       if (msg_type > SADB_MAX) {
-               DEBUGGING(
-                       "pfkey_msg_hdr_build: "
-                       "msg type too large:%d.\n",
-                       msg_type);
-               SENDERR(EINVAL);
-       }
-
-       if (satype > SADB_SATYPE_MAX) {
-               DEBUGGING(
-                       "pfkey_msg_hdr_build: "
-                       "satype %d > max %d\n",
-                       satype, SADB_SATYPE_MAX);
-               SENDERR(EINVAL);
-       }
-
-       pfkey_msg = (struct sadb_msg*)MALLOC(sizeof(struct sadb_msg));
-       *pfkey_ext = (struct sadb_ext*)pfkey_msg;
-
-       if (pfkey_msg == NULL) {
-               DEBUGGING(
-                       "pfkey_msg_hdr_build: "
-                       "memory allocation failed\n");
-               SENDERR(ENOMEM);
-       }
-       memset(pfkey_msg, 0, sizeof(struct sadb_msg));
-
-       pfkey_msg->sadb_msg_len = sizeof(struct sadb_msg) / IPSEC_PFKEYv2_ALIGN;
-
-       pfkey_msg->sadb_msg_type = msg_type;
-       pfkey_msg->sadb_msg_satype = satype;
-
-       pfkey_msg->sadb_msg_version = PF_KEY_V2;
-       pfkey_msg->sadb_msg_errno = msg_errno;
-       pfkey_msg->sadb_msg_reserved = 0;
-       pfkey_msg->sadb_msg_seq = seq;
-       pfkey_msg->sadb_msg_pid = pid;
-       DEBUGGING(
-               "pfkey_msg_hdr_build: "
-               "on_exit &pfkey_ext=0p%p pfkey_ext=0p%p *pfkey_ext=0p%p.\n",
-               &pfkey_ext,
-               pfkey_ext,
-               *pfkey_ext);
-errlab:
-       return error;
-}
-
-int
-pfkey_sa_ref_build(struct sadb_ext **          pfkey_ext,
-                  uint16_t                     exttype,
-                  uint32_t                     spi,
-                  uint8_t                      replay_window,
-                  uint8_t                      sa_state,
-                  uint8_t                      auth,
-                  uint8_t                      encrypt,
-                  uint32_t                     flags,
-                  uint32_t/*IPsecSAref_t*/     ref)
-{
-       int error = 0;
-       struct sadb_sa *pfkey_sa = (struct sadb_sa *)*pfkey_ext;
-
-       DEBUGGING(
-                   "pfkey_sa_build: "
-                   "spi=%08x replay=%d sa_state=%d auth=%d encrypt=%d flags=%d\n",
-                   ntohl(spi), /* in network order */
-                   replay_window,
-                   sa_state,
-                   auth,
-                   encrypt,
-                   flags);
-       /* sanity checks... */
-       if (pfkey_sa) {
-               DEBUGGING(
-                       "pfkey_sa_build: "
-                       "why is pfkey_sa already pointing to something?\n");
-               SENDERR(EINVAL);
-       }
-
-       if (exttype != SADB_EXT_SA
-       &&  exttype != SADB_X_EXT_SA2) {
-               DEBUGGING(
-                       "pfkey_sa_build: "
-                       "invalid exttype=%d.\n",
-                       exttype);
-               SENDERR(EINVAL);
-       }
-
-       if (replay_window > 64) {
-               DEBUGGING(
-                       "pfkey_sa_build: "
-                       "replay window size: %d -- must be 0 <= size <= 64\n",
-                       replay_window);
-               SENDERR(EINVAL);
-       }
-
-       if (auth > SADB_AALG_MAX) {
-               DEBUGGING(
-                       "pfkey_sa_build: "
-                       "auth=%d > SADB_AALG_MAX=%d.\n",
-                       auth,
-                       SADB_AALG_MAX);
-               SENDERR(EINVAL);
-       }
-
-       if (encrypt > SADB_EALG_MAX) {
-               DEBUGGING(
-                       "pfkey_sa_build: "
-                       "encrypt=%d > SADB_EALG_MAX=%d.\n",
-                       encrypt,
-                       SADB_EALG_MAX);
-               SENDERR(EINVAL);
-       }
-
-       if (sa_state > SADB_SASTATE_MAX) {
-               DEBUGGING(
-                       "pfkey_sa_build: "
-                       "sa_state=%d exceeds MAX=%d.\n",
-                       sa_state,
-                       SADB_SASTATE_MAX);
-               SENDERR(EINVAL);
-       }
-
-       if (sa_state == SADB_SASTATE_DEAD) {
-               DEBUGGING(
-                       "pfkey_sa_build: "
-                       "sa_state=%d is DEAD=%d is not allowed.\n",
-                       sa_state,
-                       SADB_SASTATE_DEAD);
-               SENDERR(EINVAL);
-       }
-
-       if ((IPSEC_SAREF_NULL != ref) && (ref >= (1 << IPSEC_SA_REF_TABLE_IDX_WIDTH))) {
-               DEBUGGING(
-                         "pfkey_sa_build: "
-                         "SAref=%d must be (SAref == IPSEC_SAREF_NULL(%d) || SAref < IPSEC_SA_REF_TABLE_NUM_ENTRIES(%d)).\n",
-                         ref,
-                         IPSEC_SAREF_NULL,
-                         IPSEC_SA_REF_TABLE_NUM_ENTRIES);
-               SENDERR(EINVAL);
-       }
-
-       pfkey_sa = (struct sadb_sa*)MALLOC(sizeof(struct sadb_sa));
-       *pfkey_ext = (struct sadb_ext*)pfkey_sa;
-
-       if (pfkey_sa == NULL) {
-               DEBUGGING(
-                       "pfkey_sa_build: "
-                       "memory allocation failed\n");
-               SENDERR(ENOMEM);
-       }
-       memset(pfkey_sa, 0, sizeof(struct sadb_sa));
-
-       pfkey_sa->sadb_sa_len = sizeof(*pfkey_sa) / IPSEC_PFKEYv2_ALIGN;
-       pfkey_sa->sadb_sa_exttype = exttype;
-       pfkey_sa->sadb_sa_spi = spi;
-       pfkey_sa->sadb_sa_replay = replay_window;
-       pfkey_sa->sadb_sa_state = sa_state;
-       pfkey_sa->sadb_sa_auth = auth;
-       pfkey_sa->sadb_sa_encrypt = encrypt;
-       pfkey_sa->sadb_sa_flags = flags;
-       pfkey_sa->sadb_x_sa_ref = ref;
-
-errlab:
-       return error;
-}
-
-int
-pfkey_sa_build(struct sadb_ext **      pfkey_ext,
-              uint16_t                 exttype,
-              uint32_t                 spi,
-              uint8_t                  replay_window,
-              uint8_t                  sa_state,
-              uint8_t                  auth,
-              uint8_t                  encrypt,
-              uint32_t                 flags)
-{
-       return pfkey_sa_ref_build(pfkey_ext,
-                          exttype,
-                          spi,
-                          replay_window,
-                          sa_state,
-                          auth,
-                          encrypt,
-                          flags,
-                          IPSEC_SAREF_NULL);
-}
-
-int
-pfkey_lifetime_build(struct sadb_ext **        pfkey_ext,
-                    uint16_t           exttype,
-                    uint32_t           allocations,
-                    uint64_t           bytes,
-                    uint64_t           addtime,
-                    uint64_t           usetime,
-                    uint32_t           packets)
-{
-       int error = 0;
-       struct sadb_lifetime *pfkey_lifetime = (struct sadb_lifetime *)*pfkey_ext;
-
-       DEBUGGING(
-               "pfkey_lifetime_build:\n");
-       /* sanity checks... */
-       if (pfkey_lifetime) {
-               DEBUGGING(
-                       "pfkey_lifetime_build: "
-                       "why is pfkey_lifetime already pointing to something?\n");
-               SENDERR(EINVAL);
-       }
-
-       if (exttype != SADB_EXT_LIFETIME_CURRENT
-       &&  exttype != SADB_EXT_LIFETIME_HARD
-       &&  exttype != SADB_EXT_LIFETIME_SOFT) {
-               DEBUGGING(
-                       "pfkey_lifetime_build: "
-                       "invalid exttype=%d.\n",
-                       exttype);
-               SENDERR(EINVAL);
-       }
-
-       pfkey_lifetime = (struct sadb_lifetime*)MALLOC(sizeof(struct sadb_lifetime));
-       *pfkey_ext = (struct sadb_ext*)pfkey_lifetime;
-
-       if (pfkey_lifetime == NULL) {
-               DEBUGGING(
-                       "pfkey_lifetime_build: "
-                       "memory allocation failed\n");
-               SENDERR(ENOMEM);
-       }
-       memset(pfkey_lifetime, 0, sizeof(struct sadb_lifetime));
-
-       pfkey_lifetime->sadb_lifetime_len = sizeof(struct sadb_lifetime) / IPSEC_PFKEYv2_ALIGN;
-       pfkey_lifetime->sadb_lifetime_exttype = exttype;
-       pfkey_lifetime->sadb_lifetime_allocations = allocations;
-       pfkey_lifetime->sadb_lifetime_bytes = bytes;
-       pfkey_lifetime->sadb_lifetime_addtime = addtime;
-       pfkey_lifetime->sadb_lifetime_usetime = usetime;
-       pfkey_lifetime->sadb_x_lifetime_packets = packets;
-
-errlab:
-       return error;
-}
-
-int
-pfkey_address_build(struct sadb_ext**  pfkey_ext,
-                   uint16_t            exttype,
-                   uint8_t             proto,
-                   uint8_t             prefixlen,
-                   struct sockaddr*    address)
-{
-       int error = 0;
-       int saddr_len = 0;
-       char ipaddr_txt[ADDRTOT_BUF + 6/*extra for port number*/];
-       struct sadb_address *pfkey_address = (struct sadb_address *)*pfkey_ext;
-
-       DEBUGGING(
-               "pfkey_address_build: "
-               "exttype=%d proto=%d prefixlen=%d\n",
-               exttype,
-               proto,
-               prefixlen);
-       /* sanity checks... */
-       if (pfkey_address) {
-               DEBUGGING(
-                       "pfkey_address_build: "
-                       "why is pfkey_address already pointing to something?\n");
-               SENDERR(EINVAL);
-       }
-
-       if (!address)  {
-                       DEBUGGING("pfkey_address_build: "
-                                 "address is NULL\n");
-                       SENDERR(EINVAL);
-       }
-
-       switch(exttype) {
-       case SADB_EXT_ADDRESS_SRC:
-       case SADB_EXT_ADDRESS_DST:
-       case SADB_EXT_ADDRESS_PROXY:
-       case SADB_X_EXT_ADDRESS_DST2:
-       case SADB_X_EXT_ADDRESS_SRC_FLOW:
-       case SADB_X_EXT_ADDRESS_DST_FLOW:
-       case SADB_X_EXT_ADDRESS_SRC_MASK:
-       case SADB_X_EXT_ADDRESS_DST_MASK:
-       case SADB_X_EXT_NAT_T_OA:
-               break;
-       default:
-               DEBUGGING(
-                       "pfkey_address_build: "
-                       "unrecognised ext_type=%d.\n",
-                       exttype);
-               SENDERR(EINVAL);
-       }
-
-       switch (address->sa_family) {
-       case AF_INET:
-               DEBUGGING(
-                       "pfkey_address_build: "
-                       "found address family AF_INET.\n");
-               saddr_len = sizeof(struct sockaddr_in);
-               sprintf(ipaddr_txt, "%d.%d.%d.%d:%d"
-                       , (((struct sockaddr_in*)address)->sin_addr.s_addr >>  0) & 0xFF
-                       , (((struct sockaddr_in*)address)->sin_addr.s_addr >>  8) & 0xFF
-                       , (((struct sockaddr_in*)address)->sin_addr.s_addr >> 16) & 0xFF
-                       , (((struct sockaddr_in*)address)->sin_addr.s_addr >> 24) & 0xFF
-                       , ntohs(((struct sockaddr_in*)address)->sin_port));
-               break;
-       case AF_INET6:
-               DEBUGGING(
-                       "pfkey_address_build: "
-                       "found address family AF_INET6.\n");
-               saddr_len = sizeof(struct sockaddr_in6);
-               sprintf(ipaddr_txt, "%x:%x:%x:%x:%x:%x:%x:%x-%x"
-                       , ntohs(((struct sockaddr_in6*)address)->sin6_addr.s6_addr[0])
-                       , ntohs(((struct sockaddr_in6*)address)->sin6_addr.s6_addr[1])
-                       , ntohs(((struct sockaddr_in6*)address)->sin6_addr.s6_addr[2])
-                       , ntohs(((struct sockaddr_in6*)address)->sin6_addr.s6_addr[3])
-                       , ntohs(((struct sockaddr_in6*)address)->sin6_addr.s6_addr[4])
-                       , ntohs(((struct sockaddr_in6*)address)->sin6_addr.s6_addr[5])
-                       , ntohs(((struct sockaddr_in6*)address)->sin6_addr.s6_addr[6])
-                       , ntohs(((struct sockaddr_in6*)address)->sin6_addr.s6_addr[7])
-                       , ntohs(((struct sockaddr_in6*)address)->sin6_port));
-               break;
-       default:
-               DEBUGGING(
-                       "pfkey_address_build: "
-                       "address->sa_family=%d not supported.\n",
-                       address->sa_family);
-               SENDERR(EPFNOSUPPORT);
-       }
-
-       DEBUGGING(
-               "pfkey_address_build: "
-               "found address=%s.\n",
-               ipaddr_txt);
-       if (prefixlen != 0) {
-               DEBUGGING(
-                       "pfkey_address_build: "
-                       "address prefixes not supported yet.\n");
-               SENDERR(EAFNOSUPPORT); /* not supported yet */
-       }
-
-       pfkey_address = (struct sadb_address*)
-               MALLOC(ALIGN_N(sizeof(struct sadb_address) + saddr_len, IPSEC_PFKEYv2_ALIGN));
-       *pfkey_ext = (struct sadb_ext*)pfkey_address;
-
-       if (pfkey_address == NULL) {
-               DEBUGGING(
-                       "pfkey_lifetime_build: "
-                       "memory allocation failed\n");
-               SENDERR(ENOMEM);
-       }
-       memset(pfkey_address,
-              0,
-              ALIGN_N(sizeof(struct sadb_address) + saddr_len,
-                    IPSEC_PFKEYv2_ALIGN));
-
-       pfkey_address->sadb_address_len = DIVUP(sizeof(struct sadb_address) + saddr_len,
-                                               IPSEC_PFKEYv2_ALIGN);
-
-       pfkey_address->sadb_address_exttype = exttype;
-       pfkey_address->sadb_address_proto = proto;
-       pfkey_address->sadb_address_prefixlen = prefixlen;
-       pfkey_address->sadb_address_reserved = 0;
-
-       memcpy((char*)pfkey_address + sizeof(struct sadb_address),
-              address,
-              saddr_len);
-
-#if 0
-       for (i = 0; i < sizeof(struct sockaddr_in) - offsetof(struct sockaddr_in, sin_zero); i++) {
-               pfkey_address_s_ska.sin_zero[i] = 0;
-       }
-#endif
-       DEBUGGING(
-               "pfkey_address_build: "
-               "successful.\n");
-
- errlab:
-       return error;
-}
-
-int
-pfkey_key_build(struct sadb_ext**      pfkey_ext,
-               uint16_t                exttype,
-               uint16_t                key_bits,
-               char*                   key)
-{
-       int error = 0;
-       struct sadb_key *pfkey_key = (struct sadb_key *)*pfkey_ext;
-
-       DEBUGGING(
-               "pfkey_key_build:\n");
-       /* sanity checks... */
-       if (pfkey_key) {
-               DEBUGGING(
-                       "pfkey_key_build: "
-                       "why is pfkey_key already pointing to something?\n");
-               SENDERR(EINVAL);
-       }
-
-       if (!key_bits) {
-               DEBUGGING(
-                       "pfkey_key_build: "
-                       "key_bits is zero, it must be non-zero.\n");
-               SENDERR(EINVAL);
-       }
-
-       if ( !((exttype == SADB_EXT_KEY_AUTH) || (exttype == SADB_EXT_KEY_ENCRYPT))) {
-               DEBUGGING(
-                       "pfkey_key_build: "
-                       "unsupported extension type=%d.\n",
-                       exttype);
-               SENDERR(EINVAL);
-       }
-
-       pfkey_key = (struct sadb_key*)
-               MALLOC(sizeof(struct sadb_key) +
-                       DIVUP(key_bits, 64) * IPSEC_PFKEYv2_ALIGN);
-       *pfkey_ext = (struct sadb_ext*)pfkey_key;
-
-       if (pfkey_key == NULL) {
-               DEBUGGING(
-                       "pfkey_key_build: "
-                       "memory allocation failed\n");
-               SENDERR(ENOMEM);
-       }
-       memset(pfkey_key,
-              0,
-              sizeof(struct sadb_key) +
-              DIVUP(key_bits, 64) * IPSEC_PFKEYv2_ALIGN);
-
-       pfkey_key->sadb_key_len = DIVUP(sizeof(struct sadb_key) * IPSEC_PFKEYv2_ALIGN + key_bits,
-                                       64);
-       pfkey_key->sadb_key_exttype = exttype;
-       pfkey_key->sadb_key_bits = key_bits;
-       pfkey_key->sadb_key_reserved = 0;
-       memcpy((char*)pfkey_key + sizeof(struct sadb_key),
-              key,
-              DIVUP(key_bits, 8));
-
-errlab:
-       return error;
-}
-
-int
-pfkey_ident_build(struct sadb_ext**    pfkey_ext,
-                 uint16_t              exttype,
-                 uint16_t              ident_type,
-                 uint64_t              ident_id,
-                 uint8_t               ident_len,
-                 char*                 ident_string)
-{
-       int error = 0;
-       struct sadb_ident *pfkey_ident = (struct sadb_ident *)*pfkey_ext;
-       int data_len = ident_len * IPSEC_PFKEYv2_ALIGN - sizeof(struct sadb_ident);
-
-       DEBUGGING(
-               "pfkey_ident_build:\n");
-       /* sanity checks... */
-       if (pfkey_ident) {
-               DEBUGGING(
-                       "pfkey_ident_build: "
-                       "why is pfkey_ident already pointing to something?\n");
-               SENDERR(EINVAL);
-       }
-
-       if ( !((exttype == SADB_EXT_IDENTITY_SRC) ||
-              (exttype == SADB_EXT_IDENTITY_DST))) {
-               DEBUGGING(
-                       "pfkey_ident_build: "
-                       "unsupported extension type=%d.\n",
-                       exttype);
-               SENDERR(EINVAL);
-       }
-
-       if (ident_type == SADB_IDENTTYPE_RESERVED) {
-               DEBUGGING(
-                       "pfkey_ident_build: "
-                       "ident_type must be non-zero.\n");
-               SENDERR(EINVAL);
-       }
-
-       if (ident_type > SADB_IDENTTYPE_MAX) {
-               DEBUGGING(
-                       "pfkey_ident_build: "
-                       "identtype=%d out of range.\n",
-                       ident_type);
-               SENDERR(EINVAL);
-       }
-
-       if ((ident_type == SADB_IDENTTYPE_PREFIX ||
-           ident_type == SADB_IDENTTYPE_FQDN) &&
-          !ident_string) {
-               DEBUGGING(
-                       "pfkey_ident_build: "
-                       "string required to allocate size of extension.\n");
-               SENDERR(EINVAL);
-       }
-
-#if 0
-       if (ident_type == SADB_IDENTTYPE_USERFQDN) {
-       }
-#endif
-
-       pfkey_ident = (struct sadb_ident*)
-               MALLOC(ident_len * IPSEC_PFKEYv2_ALIGN);
-       *pfkey_ext = (struct sadb_ext*)pfkey_ident;
-
-       if (pfkey_ident == NULL) {
-               DEBUGGING(
-                       "pfkey_ident_build: "
-                       "memory allocation failed\n");
-               SENDERR(ENOMEM);
-       }
-       memset(pfkey_ident, 0, ident_len * IPSEC_PFKEYv2_ALIGN);
-
-       pfkey_ident->sadb_ident_len = ident_len;
-       pfkey_ident->sadb_ident_exttype = exttype;
-       pfkey_ident->sadb_ident_type = ident_type;
-       pfkey_ident->sadb_ident_reserved = 0;
-       pfkey_ident->sadb_ident_id = ident_id;
-       memcpy((char*)pfkey_ident + sizeof(struct sadb_ident),
-              ident_string,
-              data_len);
-
-errlab:
-       return error;
-}
-
-int
-pfkey_sens_build(struct sadb_ext**     pfkey_ext,
-                uint32_t               dpd,
-                uint8_t                sens_level,
-                uint8_t                sens_len,
-                uint64_t*              sens_bitmap,
-                uint8_t                integ_level,
-                uint8_t                integ_len,
-                uint64_t*              integ_bitmap)
-{
-       int error = 0;
-       struct sadb_sens *pfkey_sens = (struct sadb_sens *)*pfkey_ext;
-       int i;
-       uint64_t* bitmap;
-
-       DEBUGGING(
-               "pfkey_sens_build:\n");
-       /* sanity checks... */
-       if (pfkey_sens) {
-               DEBUGGING(
-                       "pfkey_sens_build: "
-                       "why is pfkey_sens already pointing to something?\n");
-               SENDERR(EINVAL);
-       }
-
-       DEBUGGING(
-               "pfkey_sens_build: "
-               "Sorry, I can't build exttype=%d yet.\n",
-               (*pfkey_ext)->sadb_ext_type);
-       SENDERR(EINVAL); /* don't process these yet */
-
-       pfkey_sens = (struct sadb_sens*)
-               MALLOC(sizeof(struct sadb_sens) +
-                       (sens_len + integ_len) * sizeof(uint64_t));
-       *pfkey_ext = (struct sadb_ext*)pfkey_sens;
-
-       if (pfkey_sens == NULL) {
-               DEBUGGING(
-                       "pfkey_sens_build: "
-                       "memory allocation failed\n");
-               SENDERR(ENOMEM);
-       }
-       memset(pfkey_sens,
-              0,
-              sizeof(struct sadb_sens) +
-              (sens_len + integ_len) * sizeof(uint64_t));
-
-       pfkey_sens->sadb_sens_len = (sizeof(struct sadb_sens) +
-                   (sens_len + integ_len) * sizeof(uint64_t)) / IPSEC_PFKEYv2_ALIGN;
-       pfkey_sens->sadb_sens_exttype = SADB_EXT_SENSITIVITY;
-       pfkey_sens->sadb_sens_dpd = dpd;
-       pfkey_sens->sadb_sens_sens_level = sens_level;
-       pfkey_sens->sadb_sens_sens_len = sens_len;
-       pfkey_sens->sadb_sens_integ_level = integ_level;
-       pfkey_sens->sadb_sens_integ_len = integ_len;
-       pfkey_sens->sadb_sens_reserved = 0;
-
-       bitmap = (uint64_t*)((char*)pfkey_ext + sizeof(struct sadb_sens));
-       for (i = 0; i < sens_len; i++) {
-               *bitmap = sens_bitmap[i];
-               bitmap++;
-       }
-       for (i = 0; i < integ_len; i++) {
-               *bitmap = integ_bitmap[i];
-               bitmap++;
-       }
-
-errlab:
-       return error;
-}
-
-int
-pfkey_prop_build(struct sadb_ext**     pfkey_ext,
-                uint8_t                replay,
-                unsigned int           comb_num,
-                struct sadb_comb*      comb)
-{
-       int error = 0;
-       int i;
-       struct sadb_prop *pfkey_prop = (struct sadb_prop *)*pfkey_ext;
-       struct sadb_comb *combp;
-
-       DEBUGGING(
-               "pfkey_prop_build:\n");
-       /* sanity checks... */
-       if (pfkey_prop) {
-               DEBUGGING(
-                       "pfkey_prop_build: "
-                       "why is pfkey_prop already pointing to something?\n");
-               SENDERR(EINVAL);
-       }
-
-       pfkey_prop = (struct sadb_prop*)
-               MALLOC(sizeof(struct sadb_prop) +
-                       comb_num * sizeof(struct sadb_comb));
-
-       *pfkey_ext = (struct sadb_ext*)pfkey_prop;
-
-       if (pfkey_prop == NULL) {
-               DEBUGGING(
-                       "pfkey_prop_build: "
-                       "memory allocation failed\n");
-               SENDERR(ENOMEM);
-       }
-       memset(pfkey_prop,
-              0,
-              sizeof(struct sadb_prop) +
-                   comb_num * sizeof(struct sadb_comb));
-
-       pfkey_prop->sadb_prop_len = (sizeof(struct sadb_prop) +
-                   comb_num * sizeof(struct sadb_comb)) / IPSEC_PFKEYv2_ALIGN;
-
-       pfkey_prop->sadb_prop_exttype = SADB_EXT_PROPOSAL;
-       pfkey_prop->sadb_prop_replay = replay;
-
-       for (i=0; i<3; i++) {
-               pfkey_prop->sadb_prop_reserved[i] = 0;
-       }
-
-       combp = (struct sadb_comb*)((char*)*pfkey_ext + sizeof(struct sadb_prop));
-       for (i = 0; i < comb_num; i++) {
-               memcpy (combp, &(comb[i]), sizeof(struct sadb_comb));
-               combp++;
-       }
-
-#if 0
-  uint8_t sadb_comb_auth;
-  uint8_t sadb_comb_encrypt;
-  uint16_t sadb_comb_flags;
-  uint16_t sadb_comb_auth_minbits;
-  uint16_t sadb_comb_auth_maxbits;
-  uint16_t sadb_comb_encrypt_minbits;
-  uint16_t sadb_comb_encrypt_maxbits;
-  uint32_t sadb_comb_reserved;
-  uint32_t sadb_comb_soft_allocations;
-  uint32_t sadb_comb_hard_allocations;
-  uint64_t sadb_comb_soft_bytes;
-  uint64_t sadb_comb_hard_bytes;
-  uint64_t sadb_comb_soft_addtime;
-  uint64_t sadb_comb_hard_addtime;
-  uint64_t sadb_comb_soft_usetime;
-  uint64_t sadb_comb_hard_usetime;
-  uint32_t sadb_comb_soft_packets;
-  uint32_t sadb_comb_hard_packets;
-#endif
-errlab:
-       return error;
-}
-
-int
-pfkey_supported_build(struct sadb_ext**        pfkey_ext,
-                     uint16_t          exttype,
-                     unsigned int      alg_num,
-                     struct sadb_alg*  alg)
-{
-       int error = 0;
-       unsigned int i;
-       struct sadb_supported *pfkey_supported = (struct sadb_supported *)*pfkey_ext;
-       struct sadb_alg *pfkey_alg;
-
-       /* sanity checks... */
-       if (pfkey_supported) {
-               DEBUGGING(
-                       "pfkey_supported_build: "
-                       "why is pfkey_supported already pointing to something?\n");
-               SENDERR(EINVAL);
-       }
-
-       if ( !((exttype == SADB_EXT_SUPPORTED_AUTH) || (exttype == SADB_EXT_SUPPORTED_ENCRYPT))) {
-               DEBUGGING(
-                       "pfkey_supported_build: "
-                       "unsupported extension type=%d.\n",
-                       exttype);
-               SENDERR(EINVAL);
-       }
-
-       pfkey_supported = (struct sadb_supported*)
-               MALLOC(sizeof(struct sadb_supported) +
-                       alg_num * sizeof(struct sadb_alg));
-
-       *pfkey_ext = (struct sadb_ext*)pfkey_supported;
-
-       if (pfkey_supported == NULL) {
-               DEBUGGING(
-                       "pfkey_supported_build: "
-                       "memory allocation failed\n");
-               SENDERR(ENOMEM);
-       }
-       memset(pfkey_supported,
-              0,
-              sizeof(struct sadb_supported) +
-                                              alg_num *
-                                              sizeof(struct sadb_alg));
-
-       pfkey_supported->sadb_supported_len = (sizeof(struct sadb_supported) +
-                                              alg_num *
-                                              sizeof(struct sadb_alg)) /
-                                               IPSEC_PFKEYv2_ALIGN;
-       pfkey_supported->sadb_supported_exttype = exttype;
-       pfkey_supported->sadb_supported_reserved = 0;
-
-       pfkey_alg = (struct sadb_alg*)((char*)pfkey_supported + sizeof(struct sadb_supported));
-       for(i = 0; i < alg_num; i++) {
-               memcpy (pfkey_alg, &(alg[i]), sizeof(struct sadb_alg));
-               pfkey_alg->sadb_alg_reserved = 0;
-               pfkey_alg++;
-       }
-
-#if 0
-       DEBUGGING(
-               "pfkey_supported_build: "
-               "Sorry, I can't build exttype=%d yet.\n",
-               (*pfkey_ext)->sadb_ext_type);
-       SENDERR(EINVAL); /* don't process these yet */
-
-  uint8_t sadb_alg_id;
-  uint8_t sadb_alg_ivlen;
-  uint16_t sadb_alg_minbits;
-  uint16_t sadb_alg_maxbits;
-  uint16_t sadb_alg_reserved;
-#endif
-errlab:
-       return error;
-}
-
-int
-pfkey_spirange_build(struct sadb_ext** pfkey_ext,
-                    uint16_t           exttype,
-                    uint32_t           min, /* in network order */
-                    uint32_t           max) /* in network order */
-{
-       int error = 0;
-       struct sadb_spirange *pfkey_spirange = (struct sadb_spirange *)*pfkey_ext;
-
-       /* sanity checks... */
-       if (pfkey_spirange) {
-               DEBUGGING(
-                       "pfkey_spirange_build: "
-                       "why is pfkey_spirange already pointing to something?\n");
-               SENDERR(EINVAL);
-       }
-
-        if (ntohl(max) < ntohl(min)) {
-               DEBUGGING(
-                       "pfkey_spirange_build: "
-                       "minspi=%08x must be < maxspi=%08x.\n",
-                       ntohl(min),
-                       ntohl(max));
-                SENDERR(EINVAL);
-        }
-
-       if (ntohl(min) <= 255) {
-               DEBUGGING(
-                       "pfkey_spirange_build: "
-                       "minspi=%08x must be > 255.\n",
-                       ntohl(min));
-               SENDERR(EEXIST);
-       }
-
-       pfkey_spirange = (struct sadb_spirange*)
-               MALLOC(sizeof(struct sadb_spirange));
-       *pfkey_ext = (struct sadb_ext*)pfkey_spirange;
-
-       if (pfkey_spirange == NULL) {
-               DEBUGGING(
-                       "pfkey_spirange_build: "
-                       "memory allocation failed\n");
-               SENDERR(ENOMEM);
-       }
-       memset(pfkey_spirange,
-              0,
-              sizeof(struct sadb_spirange));
-
-        pfkey_spirange->sadb_spirange_len = sizeof(struct sadb_spirange) / IPSEC_PFKEYv2_ALIGN;
-
-       pfkey_spirange->sadb_spirange_exttype = SADB_EXT_SPIRANGE;
-       pfkey_spirange->sadb_spirange_min = min;
-       pfkey_spirange->sadb_spirange_max = max;
-       pfkey_spirange->sadb_spirange_reserved = 0;
- errlab:
-       return error;
-}
-
-int
-pfkey_x_kmprivate_build(struct sadb_ext**      pfkey_ext)
-{
-       int error = 0;
-       struct sadb_x_kmprivate *pfkey_x_kmprivate = (struct sadb_x_kmprivate *)*pfkey_ext;
-
-       /* sanity checks... */
-       if (pfkey_x_kmprivate) {
-               DEBUGGING(
-                       "pfkey_x_kmprivate_build: "
-                       "why is pfkey_x_kmprivate already pointing to something?\n");
-               SENDERR(EINVAL);
-       }
-
-       pfkey_x_kmprivate->sadb_x_kmprivate_reserved = 0;
-
-       DEBUGGING(
-               "pfkey_x_kmprivate_build: "
-               "Sorry, I can't build exttype=%d yet.\n",
-               (*pfkey_ext)->sadb_ext_type);
-       SENDERR(EINVAL); /* don't process these yet */
-
-       pfkey_x_kmprivate = (struct sadb_x_kmprivate*)
-               MALLOC(sizeof(struct sadb_x_kmprivate));
-       *pfkey_ext = (struct sadb_ext*)pfkey_x_kmprivate;
-
-       if (pfkey_x_kmprivate == NULL) {
-               DEBUGGING(
-                       "pfkey_x_kmprivate_build: "
-                       "memory allocation failed\n");
-               SENDERR(ENOMEM);
-       }
-       memset(pfkey_x_kmprivate,
-              0,
-              sizeof(struct sadb_x_kmprivate));
-
-        pfkey_x_kmprivate->sadb_x_kmprivate_len =
-               sizeof(struct sadb_x_kmprivate) / IPSEC_PFKEYv2_ALIGN;
-
-        pfkey_x_kmprivate->sadb_x_kmprivate_exttype = SADB_X_EXT_KMPRIVATE;
-        pfkey_x_kmprivate->sadb_x_kmprivate_reserved = 0;
-errlab:
-       return error;
-}
-
-int
-pfkey_x_satype_build(struct sadb_ext** pfkey_ext,
-                    uint8_t            satype)
-{
-       int error = 0;
-       int i;
-       struct sadb_x_satype *pfkey_x_satype = (struct sadb_x_satype *)*pfkey_ext;
-
-       DEBUGGING(
-               "pfkey_x_satype_build:\n");
-       /* sanity checks... */
-       if (pfkey_x_satype) {
-               DEBUGGING(
-                       "pfkey_x_satype_build: "
-                       "why is pfkey_x_satype already pointing to something?\n");
-               SENDERR(EINVAL);
-       }
-
-       if (!satype) {
-               DEBUGGING(
-                       "pfkey_x_satype_build: "
-                       "SA type not set, must be non-zero.\n");
-               SENDERR(EINVAL);
-       }
-
-       if (satype > SADB_SATYPE_MAX) {
-               DEBUGGING(
-                       "pfkey_x_satype_build: "
-                       "satype %d > max %d\n",
-                       satype, SADB_SATYPE_MAX);
-               SENDERR(EINVAL);
-       }
-
-       pfkey_x_satype = (struct sadb_x_satype*)
-            MALLOC(sizeof(struct sadb_x_satype));
-
-       *pfkey_ext = (struct sadb_ext*)pfkey_x_satype;
-
-       if (pfkey_x_satype == NULL) {
-               DEBUGGING(
-                       "pfkey_x_satype_build: "
-                       "memory allocation failed\n");
-               SENDERR(ENOMEM);
-       }
-       memset(pfkey_x_satype,
-              0,
-              sizeof(struct sadb_x_satype));
-
-        pfkey_x_satype->sadb_x_satype_len = sizeof(struct sadb_x_satype) / IPSEC_PFKEYv2_ALIGN;
-
-       pfkey_x_satype->sadb_x_satype_exttype = SADB_X_EXT_SATYPE2;
-       pfkey_x_satype->sadb_x_satype_satype = satype;
-       for (i=0; i<3; i++) {
-               pfkey_x_satype->sadb_x_satype_reserved[i] = 0;
-       }
-
-errlab:
-       return error;
-}
-
-int
-pfkey_x_debug_build(struct sadb_ext**  pfkey_ext,
-                   uint32_t            tunnel,
-                   uint32_t            netlink,
-                   uint32_t            xform,
-                   uint32_t            eroute,
-                   uint32_t            spi,
-                   uint32_t            radij,
-                   uint32_t            esp,
-                   uint32_t            ah,
-                   uint32_t            rcv,
-                   uint32_t            pfkey,
-                   uint32_t            ipcomp,
-                   uint32_t            verbose)
-{
-       int error = 0;
-       int i;
-       struct sadb_x_debug *pfkey_x_debug = (struct sadb_x_debug *)*pfkey_ext;
-
-       DEBUGGING(
-               "pfkey_x_debug_build:\n");
-       /* sanity checks... */
-       if (pfkey_x_debug) {
-               DEBUGGING(
-                       "pfkey_x_debug_build: "
-                       "why is pfkey_x_debug already pointing to something?\n");
-               SENDERR(EINVAL);
-       }
-
-       DEBUGGING(
-               "pfkey_x_debug_build: "
-               "tunnel=%x netlink=%x xform=%x eroute=%x spi=%x radij=%x esp=%x ah=%x rcv=%x pfkey=%x ipcomp=%x verbose=%x?\n",
-               tunnel, netlink, xform, eroute, spi, radij, esp, ah, rcv, pfkey, ipcomp, verbose);
-
-       pfkey_x_debug = (struct sadb_x_debug*)
-               MALLOC(sizeof(struct sadb_x_debug));
-       *pfkey_ext = (struct sadb_ext*)pfkey_x_debug;
-
-       if (pfkey_x_debug == NULL) {
-               DEBUGGING(
-                       "pfkey_x_debug_build: "
-                       "memory allocation failed\n");
-               SENDERR(ENOMEM);
-       }
-#if 0
-       memset(pfkey_x_debug,
-              0,
-              sizeof(struct sadb_x_debug));
-#endif
-
-        pfkey_x_debug->sadb_x_debug_len = sizeof(struct sadb_x_debug) / IPSEC_PFKEYv2_ALIGN;
-       pfkey_x_debug->sadb_x_debug_exttype = SADB_X_EXT_DEBUG;
-
-       pfkey_x_debug->sadb_x_debug_tunnel = tunnel;
-       pfkey_x_debug->sadb_x_debug_netlink = netlink;
-       pfkey_x_debug->sadb_x_debug_xform = xform;
-       pfkey_x_debug->sadb_x_debug_eroute = eroute;
-       pfkey_x_debug->sadb_x_debug_spi = spi;
-       pfkey_x_debug->sadb_x_debug_radij = radij;
-       pfkey_x_debug->sadb_x_debug_esp = esp;
-       pfkey_x_debug->sadb_x_debug_ah = ah;
-       pfkey_x_debug->sadb_x_debug_rcv = rcv;
-       pfkey_x_debug->sadb_x_debug_pfkey = pfkey;
-       pfkey_x_debug->sadb_x_debug_ipcomp = ipcomp;
-       pfkey_x_debug->sadb_x_debug_verbose = verbose;
-
-       for (i=0; i<4; i++) {
-               pfkey_x_debug->sadb_x_debug_reserved[i] = 0;
-       }
-
-errlab:
-       return error;
-}
-
-int
-pfkey_x_nat_t_type_build(struct sadb_ext**     pfkey_ext,
-                   uint8_t         type)
-{
-       int error = 0;
-       int i;
-       struct sadb_x_nat_t_type *pfkey_x_nat_t_type = (struct sadb_x_nat_t_type *)*pfkey_ext;
-
-       DEBUGGING(
-               "pfkey_x_nat_t_type_build:\n");
-       /* sanity checks... */
-       if (pfkey_x_nat_t_type) {
-               DEBUGGING(
-                       "pfkey_x_nat_t_type_build: "
-                       "why is pfkey_x_nat_t_type already pointing to something?\n");
-               SENDERR(EINVAL);
-       }
-
-       DEBUGGING(
-               "pfkey_x_nat_t_type_build: "
-               "type=%d\n", type);
-
-       pfkey_x_nat_t_type = (struct sadb_x_nat_t_type*)
-               MALLOC(sizeof(struct sadb_x_nat_t_type));
-
-       *pfkey_ext = (struct sadb_ext*)pfkey_x_nat_t_type;
-       if (pfkey_x_nat_t_type == NULL) {
-               DEBUGGING(
-                       "pfkey_x_nat_t_type_build: "
-                       "memory allocation failed\n");
-               SENDERR(ENOMEM);
-       }
-
-       pfkey_x_nat_t_type->sadb_x_nat_t_type_len = sizeof(struct sadb_x_nat_t_type) / IPSEC_PFKEYv2_ALIGN;
-       pfkey_x_nat_t_type->sadb_x_nat_t_type_exttype = SADB_X_EXT_NAT_T_TYPE;
-       pfkey_x_nat_t_type->sadb_x_nat_t_type_type = type;
-       for (i=0; i<3; i++) {
-               pfkey_x_nat_t_type->sadb_x_nat_t_type_reserved[i] = 0;
-       }
-
-errlab:
-       return error;
-}
-
-int
-pfkey_x_nat_t_port_build(struct sadb_ext**     pfkey_ext,
-                   uint16_t         exttype,
-                   uint16_t         port)
-{
-       int error = 0;
-       struct sadb_x_nat_t_port *pfkey_x_nat_t_port = (struct sadb_x_nat_t_port *)*pfkey_ext;
-
-       DEBUGGING(
-               "pfkey_x_nat_t_port_build:\n");
-       /* sanity checks... */
-       if (pfkey_x_nat_t_port) {
-               DEBUGGING(
-                       "pfkey_x_nat_t_port_build: "
-                       "why is pfkey_x_nat_t_port already pointing to something?\n");
-               SENDERR(EINVAL);
-       }
-
-       switch (exttype) {
-       case SADB_X_EXT_NAT_T_SPORT:
-       case SADB_X_EXT_NAT_T_DPORT:
-               break;
-       default:
-               DEBUGGING(
-                       "pfkey_nat_t_port_build: "
-                       "unrecognised ext_type=%d.\n",
-                       exttype);
-               SENDERR(EINVAL);
-       }
-
-       DEBUGGING(
-               "pfkey_x_nat_t_port_build: "
-               "ext=%d, port=%d\n", exttype, port);
-
-       pfkey_x_nat_t_port = (struct sadb_x_nat_t_port*)
-               MALLOC(sizeof(struct sadb_x_nat_t_port));
-       *pfkey_ext = (struct sadb_ext*)pfkey_x_nat_t_port;
-
-       if (pfkey_x_nat_t_port == NULL) {
-               DEBUGGING(
-                       "pfkey_x_nat_t_port_build: "
-                       "memory allocation failed\n");
-               SENDERR(ENOMEM);
-       }
-
-       pfkey_x_nat_t_port->sadb_x_nat_t_port_len = sizeof(struct sadb_x_nat_t_port) / IPSEC_PFKEYv2_ALIGN;
-       pfkey_x_nat_t_port->sadb_x_nat_t_port_exttype = exttype;
-       pfkey_x_nat_t_port->sadb_x_nat_t_port_port = port;
-       pfkey_x_nat_t_port->sadb_x_nat_t_port_reserved = 0;
-
-errlab:
-       return error;
-}
-
-int pfkey_x_protocol_build(struct sadb_ext **pfkey_ext,
-                          uint8_t protocol)
-{
-       int error = 0;
-       struct sadb_protocol * p = (struct sadb_protocol *)*pfkey_ext;
-       DEBUGGING("pfkey_x_protocol_build: protocol=%u\n", protocol);
-       /* sanity checks... */
-       if  (p != 0) {
-               DEBUGGING("pfkey_x_protocol_build: bogus protocol pointer\n");
-               SENDERR(EINVAL);
-       }
-       if ((p = (struct sadb_protocol*)MALLOC(sizeof(*p))) == 0) {
-               DEBUGGING("pfkey_build: memory allocation failed\n");
-               SENDERR(ENOMEM);
-       }
-       *pfkey_ext = (struct sadb_ext *)p;
-       p->sadb_protocol_len = sizeof(*p) / sizeof(uint64_t);
-       p->sadb_protocol_exttype = SADB_X_EXT_PROTOCOL;
-       p->sadb_protocol_proto = protocol;
-       p->sadb_protocol_flags = 0;
-       p->sadb_protocol_reserved2 = 0;
- errlab:
-       return error;
-}
-
-
-#if I_DONT_THINK_THIS_WILL_BE_USEFUL
-int (*ext_default_builders[SADB_EXT_MAX +1])(struct sadb_msg*, struct sadb_ext*)
- =
-{
-       NULL, /* pfkey_msg_build, */
-       pfkey_sa_build,
-       pfkey_lifetime_build,
-       pfkey_lifetime_build,
-       pfkey_lifetime_build,
-       pfkey_address_build,
-       pfkey_address_build,
-       pfkey_address_build,
-       pfkey_key_build,
-       pfkey_key_build,
-       pfkey_ident_build,
-       pfkey_ident_build,
-       pfkey_sens_build,
-       pfkey_prop_build,
-       pfkey_supported_build,
-       pfkey_supported_build,
-       pfkey_spirange_build,
-       pfkey_x_kmprivate_build,
-       pfkey_x_satype_build,
-       pfkey_sa_build,
-       pfkey_address_build,
-       pfkey_address_build,
-       pfkey_address_build,
-       pfkey_address_build,
-       pfkey_address_build,
-       pfkey_x_ext_debug_build
-};
-#endif
-
-int
-pfkey_msg_build(struct sadb_msg **pfkey_msg, struct sadb_ext *extensions[], int dir)
-{
-       int error = 0;
-       unsigned ext;
-       unsigned total_size;
-       struct sadb_ext *pfkey_ext;
-       int extensions_seen = 0;
-       struct sadb_ext *extensions_check[SADB_EXT_MAX + 1];
-
-       if (!extensions[0]) {
-               DEBUGGING(
-                       "pfkey_msg_build: "
-                       "extensions[0] must be specified (struct sadb_msg).\n");
-               SENDERR(EINVAL);
-       }
-
-       total_size = sizeof(struct sadb_msg) / IPSEC_PFKEYv2_ALIGN;
-       for (ext = 1; ext <= SADB_EXT_MAX; ext++) {
-               if(extensions[ext]) {
-                       total_size += (extensions[ext])->sadb_ext_len;
-               }
-        }
-
-       if (!(*pfkey_msg = (struct sadb_msg*)MALLOC(total_size * IPSEC_PFKEYv2_ALIGN))) {
-               DEBUGGING(
-                       "pfkey_msg_build: "
-                       "memory allocation failed\n");
-               SENDERR(ENOMEM);
-       }
-
-       DEBUGGING(
-               "pfkey_msg_build: "
-               "pfkey_msg=0p%p allocated %lu bytes, &(extensions[0])=0p%p\n",
-               *pfkey_msg,
-               (unsigned long)(total_size * IPSEC_PFKEYv2_ALIGN),
-               &(extensions[0]));
-       memcpy(*pfkey_msg,
-              extensions[0],
-              sizeof(struct sadb_msg));
-       (*pfkey_msg)->sadb_msg_len = total_size;
-       (*pfkey_msg)->sadb_msg_reserved = 0;
-       extensions_seen =  1 ;
-
-       pfkey_ext = (struct sadb_ext*)(((char*)(*pfkey_msg)) + sizeof(struct sadb_msg));
-
-       for (ext = 1; ext <= SADB_EXT_MAX; ext++) {
-               /* copy from extension[ext] to buffer */
-               if (extensions[ext]) {
-                       /* Is this type of extension permitted for this type of message? */
-                       if (!(extensions_bitmaps[dir][EXT_BITS_PERM][(*pfkey_msg)->sadb_msg_type] &
-                            1<<ext)) {
-                               DEBUGGING(
-                                       "pfkey_msg_build: "
-                                       "ext type %d not permitted, exts_perm=%08x, 1<<type=%08x\n",
-                                       ext,
-                                       extensions_bitmaps[dir][EXT_BITS_PERM][(*pfkey_msg)->sadb_msg_type],
-                                       1<<ext);
-                               SENDERR(EINVAL);
-                       }
-                       DEBUGGING(
-                               "pfkey_msg_build: "
-                               "copying %lu bytes from extensions[%u]=0p%p to=0p%p\n",
-                               (unsigned long)(extensions[ext]->sadb_ext_len * IPSEC_PFKEYv2_ALIGN),
-                               ext,
-                               extensions[ext],
-                               pfkey_ext);
-                       memcpy(pfkey_ext,
-                              extensions[ext],
-                              (extensions[ext])->sadb_ext_len * IPSEC_PFKEYv2_ALIGN);
-                       {
-                               char *pfkey_ext_c = (char *)pfkey_ext;
-
-                               pfkey_ext_c += (extensions[ext])->sadb_ext_len * IPSEC_PFKEYv2_ALIGN;
-                               pfkey_ext = (struct sadb_ext *)pfkey_ext_c;
-                       }
-                       /* Mark that we have seen this extension and remember the header location */
-                       extensions_seen |= ( 1 << ext );
-               }
-       }
-
-       /* check required extensions */
-       DEBUGGING(
-               "pfkey_msg_build: "
-               "extensions permitted=%08x, seen=%08x, required=%08x.\n",
-               extensions_bitmaps[dir][EXT_BITS_PERM][(*pfkey_msg)->sadb_msg_type],
-               extensions_seen,
-               extensions_bitmaps[dir][EXT_BITS_REQ][(*pfkey_msg)->sadb_msg_type]);
-
-       if ((extensions_seen &
-           extensions_bitmaps[dir][EXT_BITS_REQ][(*pfkey_msg)->sadb_msg_type]) !=
-           extensions_bitmaps[dir][EXT_BITS_REQ][(*pfkey_msg)->sadb_msg_type]) {
-               DEBUGGING(
-                       "pfkey_msg_build: "
-                       "required extensions missing:%08x.\n",
-                       extensions_bitmaps[dir][EXT_BITS_REQ][(*pfkey_msg)->sadb_msg_type] -
-                       (extensions_seen &
-                        extensions_bitmaps[dir][EXT_BITS_REQ][(*pfkey_msg)->sadb_msg_type]) );
-               SENDERR(EINVAL);
-       }
-
-       error = pfkey_msg_parse(*pfkey_msg, NULL, extensions_check, dir);
-       if (error) {
-               DEBUGGING(
-                       "pfkey_msg_build: "
-                       "Trouble parsing newly built pfkey message, error=%d.\n",
-                       error);
-               SENDERR(-error);
-       }
-
-errlab:
-
-       return error;
-}
diff --git a/src/libfreeswan/pfkey_v2_debug.c b/src/libfreeswan/pfkey_v2_debug.c
deleted file mode 100644 (file)
index 0762d8f..0000000
+++ /dev/null
@@ -1,104 +0,0 @@
-/*
- * @(#) pfkey version 2 debugging messages
- *
- * Copyright (C) 2001  Richard Guy Briggs  <rgb@freeswan.org>
- *                 and Michael Richardson  <mcr@freeswan.org>
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-# include <sys/types.h>
-# include <errno.h>
-
-#include "freeswan.h"
-#include "pfkeyv2.h"
-#include "pfkey.h"
-
-/*
- * This file provides ASCII translations of PF_KEY magic numbers.
- *
- */
-
-static char *pfkey_sadb_ext_strings[]={
-  "reserved",                     /* SADB_EXT_RESERVED             0 */
-  "security-association",         /* SADB_EXT_SA                   1 */
-  "lifetime-current",             /* SADB_EXT_LIFETIME_CURRENT     2 */
-  "lifetime-hard",                /* SADB_EXT_LIFETIME_HARD        3 */
-  "lifetime-soft",                /* SADB_EXT_LIFETIME_SOFT        4 */
-  "source-address",               /* SADB_EXT_ADDRESS_SRC          5 */
-  "destination-address",          /* SADB_EXT_ADDRESS_DST          6 */
-  "proxy-address",                /* SADB_EXT_ADDRESS_PROXY        7 */
-  "authentication-key",           /* SADB_EXT_KEY_AUTH             8 */
-  "cipher-key",                   /* SADB_EXT_KEY_ENCRYPT          9 */
-  "source-identity",              /* SADB_EXT_IDENTITY_SRC         10 */
-  "destination-identity",         /* SADB_EXT_IDENTITY_DST         11 */
-  "sensitivity-label",            /* SADB_EXT_SENSITIVITY          12 */
-  "proposal",                     /* SADB_EXT_PROPOSAL             13 */
-  "supported-auth",               /* SADB_EXT_SUPPORTED_AUTH       14 */
-  "supported-cipher",             /* SADB_EXT_SUPPORTED_ENCRYPT    15 */
-  "spi-range",                    /* SADB_EXT_SPIRANGE             16 */
-  "X-kmpprivate",                 /* SADB_X_EXT_KMPRIVATE          17 */
-  "X-satype2",                    /* SADB_X_EXT_SATYPE2            18 */
-  "X-security-association",       /* SADB_X_EXT_SA2                19 */
-  "X-destination-address2",       /* SADB_X_EXT_ADDRESS_DST2       20 */
-  "X-source-flow-address",        /* SADB_X_EXT_ADDRESS_SRC_FLOW   21 */
-  "X-dest-flow-address",          /* SADB_X_EXT_ADDRESS_DST_FLOW   22 */
-  "X-source-mask",                /* SADB_X_EXT_ADDRESS_SRC_MASK   23 */
-  "X-dest-mask",                  /* SADB_X_EXT_ADDRESS_DST_MASK   24 */
-  "X-set-debug",                  /* SADB_X_EXT_DEBUG              25 */
-  "X-protocol",                   /* SADB_X_EXT_PROTOCOL           26 */
-  "X-NAT-T-type",                 /* SADB_X_EXT_NAT_T_TYPE         27 */
-  "X-NAT-T-sport",                /* SADB_X_EXT_NAT_T_SPORT        28 */
-  "X-NAT-T-dport",                /* SADB_X_EXT_NAT_T_DPORT        29 */
-  "X-NAT-T-OA",                   /* SADB_X_EXT_NAT_T_OA           30 */
-};
-
-const char *
-pfkey_v2_sadb_ext_string(int ext)
-{
-  if(ext <= SADB_EXT_MAX) {
-    return pfkey_sadb_ext_strings[ext];
-  } else {
-    return "unknown-ext";
-  }
-}
-
-
-static char *pfkey_sadb_type_strings[]={
-       "reserved",                     /* SADB_RESERVED            */
-       "getspi",                       /* SADB_GETSPI              */
-       "update",                       /* SADB_UPDATE              */
-       "add",                          /* SADB_ADD                 */
-       "delete",                       /* SADB_DELETE              */
-       "get",                          /* SADB_GET                 */
-       "acquire",                      /* SADB_ACQUIRE             */
-       "register",                     /* SADB_REGISTER            */
-       "expire",                       /* SADB_EXPIRE              */
-       "flush",                        /* SADB_FLUSH               */
-       "dump",                         /* SADB_DUMP                */
-       "x-promisc",                    /* SADB_X_PROMISC           */
-       "x-pchange",                    /* SADB_X_PCHANGE           */
-       "x-groupsa",                    /* SADB_X_GRPSA             */
-       "x-addflow(eroute)",            /* SADB_X_ADDFLOW           */
-       "x-delflow(eroute)",            /* SADB_X_DELFLOW           */
-       "x-debug",                      /* SADB_X_DEBUG             */
-       "x-nat-t-new-mapping",          /* SADB_X_NAT_T_NEW_MAPPING */
-};
-
-const char *
-pfkey_v2_sadb_type_string(int sadb_type)
-{
-  if(sadb_type <= SADB_MAX) {
-    return pfkey_sadb_type_strings[sadb_type];
-  } else {
-    return "unknown-sadb-type";
-  }
-}
diff --git a/src/libfreeswan/pfkey_v2_ext_bits.c b/src/libfreeswan/pfkey_v2_ext_bits.c
deleted file mode 100644 (file)
index 49b4aa5..0000000
+++ /dev/null
@@ -1,692 +0,0 @@
-/*
- * RFC2367 PF_KEYv2 Key management API message parser
- * Copyright (C) 1999, 2000, 2001  Richard Guy Briggs.
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-/*
- *             Template from klips/net/ipsec/ipsec/ipsec_parse.c.
- */
-
-char pfkey_v2_ext_bits_c_version[] = "";
-
-# include <sys/types.h>
-# include <errno.h>
-
-#include <freeswan.h>
-#include <pfkeyv2.h>
-#include <pfkey.h>
-
-unsigned int extensions_bitmaps[2/*in/out*/][2/*perm/req*/][SADB_MAX + 1/*ext*/] = {
-
-/* INBOUND EXTENSIONS */
-{
-
-/* PERMITTED IN */
-{
-/* SADB_RESERVED */
-0
-,
-/* SADB_GETSPI */
-1<<SADB_EXT_RESERVED
-| 1<<SADB_EXT_ADDRESS_SRC
-| 1<<SADB_EXT_ADDRESS_DST
-| 1<<SADB_EXT_ADDRESS_PROXY
-| 1<<SADB_EXT_SPIRANGE
-,
-/* SADB_UPDATE */
-1<<SADB_EXT_RESERVED
-| 1<<SADB_EXT_SA
-| 1<<SADB_EXT_LIFETIME_CURRENT
-| 1<<SADB_EXT_LIFETIME_HARD
-| 1<<SADB_EXT_LIFETIME_SOFT
-| 1<<SADB_EXT_ADDRESS_SRC
-| 1<<SADB_EXT_ADDRESS_DST
-| 1<<SADB_EXT_ADDRESS_PROXY
-| 1<<SADB_EXT_KEY_AUTH
-| 1<<SADB_EXT_KEY_ENCRYPT
-| 1<<SADB_EXT_IDENTITY_SRC
-| 1<<SADB_EXT_IDENTITY_DST
-| 1<<SADB_EXT_SENSITIVITY
-| 1<<SADB_X_EXT_NAT_T_SPORT
-| 1<<SADB_X_EXT_NAT_T_DPORT
-,
-/* SADB_ADD */
-1<<SADB_EXT_RESERVED
-| 1<<SADB_EXT_SA
-| 1<<SADB_EXT_LIFETIME_HARD
-| 1<<SADB_EXT_LIFETIME_SOFT
-| 1<<SADB_EXT_ADDRESS_SRC
-| 1<<SADB_EXT_ADDRESS_DST
-| 1<<SADB_EXT_ADDRESS_PROXY
-| 1<<SADB_EXT_KEY_AUTH
-| 1<<SADB_EXT_KEY_ENCRYPT
-| 1<<SADB_EXT_IDENTITY_SRC
-| 1<<SADB_EXT_IDENTITY_DST
-| 1<<SADB_EXT_SENSITIVITY
-| 1<<SADB_X_EXT_NAT_T_TYPE
-| 1<<SADB_X_EXT_NAT_T_SPORT
-| 1<<SADB_X_EXT_NAT_T_DPORT
-| 1<<SADB_X_EXT_NAT_T_OA
-,
-/* SADB_DELETE */
-1<<SADB_EXT_RESERVED
-| 1<<SADB_EXT_SA
-| 1<<SADB_EXT_ADDRESS_SRC
-| 1<<SADB_EXT_ADDRESS_DST
-,
-/* SADB_GET */
-1<<SADB_EXT_RESERVED
-| 1<<SADB_EXT_SA
-| 1<<SADB_EXT_ADDRESS_SRC
-| 1<<SADB_EXT_ADDRESS_DST
-,
-/* SADB_ACQUIRE */
-1<<SADB_EXT_RESERVED
-| 1<<SADB_EXT_ADDRESS_SRC
-| 1<<SADB_EXT_ADDRESS_DST
-| 1<<SADB_EXT_ADDRESS_PROXY
-| 1<<SADB_EXT_IDENTITY_SRC
-| 1<<SADB_EXT_IDENTITY_DST
-| 1<<SADB_EXT_SENSITIVITY
-| 1<<SADB_EXT_PROPOSAL
-,
-/* SADB_REGISTER */
-1<<SADB_EXT_RESERVED
-,
-/* SADB_EXPIRE */
-0
-,
-/* SADB_FLUSH */
-1<<SADB_EXT_RESERVED
-,
-/* SADB_DUMP */
-1<<SADB_EXT_RESERVED
-,
-/* SADB_X_PROMISC */
-1<<SADB_EXT_RESERVED
-| 1<<SADB_EXT_SA
-| 1<<SADB_EXT_LIFETIME_CURRENT
-| 1<<SADB_EXT_LIFETIME_HARD
-| 1<<SADB_EXT_LIFETIME_SOFT
-| 1<<SADB_EXT_ADDRESS_SRC
-| 1<<SADB_EXT_ADDRESS_DST
-| 1<<SADB_EXT_ADDRESS_PROXY
-| 1<<SADB_EXT_KEY_AUTH
-| 1<<SADB_EXT_KEY_ENCRYPT
-| 1<<SADB_EXT_IDENTITY_SRC
-| 1<<SADB_EXT_IDENTITY_DST
-| 1<<SADB_EXT_SENSITIVITY
-| 1<<SADB_EXT_PROPOSAL
-| 1<<SADB_EXT_SUPPORTED_AUTH
-| 1<<SADB_EXT_SUPPORTED_ENCRYPT
-| 1<<SADB_EXT_SPIRANGE
-| 1<<SADB_X_EXT_KMPRIVATE
-| 1<<SADB_X_EXT_SATYPE2
-| 1<<SADB_X_EXT_SA2
-| 1<<SADB_X_EXT_ADDRESS_DST2
-,
-/* SADB_X_PCHANGE */
-1<<SADB_EXT_RESERVED
-| 1<<SADB_EXT_SA
-| 1<<SADB_EXT_LIFETIME_CURRENT
-| 1<<SADB_EXT_LIFETIME_HARD
-| 1<<SADB_EXT_LIFETIME_SOFT
-| 1<<SADB_EXT_ADDRESS_SRC
-| 1<<SADB_EXT_ADDRESS_DST
-| 1<<SADB_EXT_ADDRESS_PROXY
-| 1<<SADB_EXT_KEY_AUTH
-| 1<<SADB_EXT_KEY_ENCRYPT
-| 1<<SADB_EXT_IDENTITY_SRC
-| 1<<SADB_EXT_IDENTITY_DST
-| 1<<SADB_EXT_SENSITIVITY
-| 1<<SADB_EXT_PROPOSAL
-| 1<<SADB_EXT_SUPPORTED_AUTH
-| 1<<SADB_EXT_SUPPORTED_ENCRYPT
-| 1<<SADB_EXT_SPIRANGE
-| 1<<SADB_X_EXT_KMPRIVATE
-| 1<<SADB_X_EXT_SATYPE2
-| 1<<SADB_X_EXT_SA2
-| 1<<SADB_X_EXT_ADDRESS_DST2
-,
-/* SADB_X_GRPSA */
-1<<SADB_EXT_RESERVED
-| 1<<SADB_EXT_SA
-| 1<<SADB_EXT_ADDRESS_DST
-| 1<<SADB_X_EXT_SATYPE2
-| 1<<SADB_X_EXT_SA2
-| 1<<SADB_X_EXT_ADDRESS_DST2
-,
-/* SADB_X_ADDFLOW */
-1<<SADB_EXT_RESERVED
-| 1<<SADB_EXT_SA
-| 1<<SADB_EXT_ADDRESS_SRC
-| 1<<SADB_EXT_ADDRESS_DST
-| 1<<SADB_X_EXT_ADDRESS_SRC_FLOW
-| 1<<SADB_X_EXT_ADDRESS_DST_FLOW
-| 1<<SADB_X_EXT_ADDRESS_SRC_MASK
-| 1<<SADB_X_EXT_ADDRESS_DST_MASK
-| 1<<SADB_EXT_IDENTITY_SRC
-| 1<<SADB_EXT_IDENTITY_DST
-| 1<<SADB_X_EXT_PROTOCOL
-,
-/* SADB_X_DELFLOW */
-1<<SADB_EXT_RESERVED
-| 1<<SADB_EXT_SA
-| 1<<SADB_X_EXT_ADDRESS_SRC_FLOW
-| 1<<SADB_X_EXT_ADDRESS_DST_FLOW
-| 1<<SADB_X_EXT_ADDRESS_SRC_MASK
-| 1<<SADB_X_EXT_ADDRESS_DST_MASK
-| 1<<SADB_EXT_IDENTITY_SRC
-| 1<<SADB_EXT_IDENTITY_DST
-| 1<<SADB_X_EXT_PROTOCOL
-,
-/* SADB_X_DEBUG */
-1<<SADB_EXT_RESERVED
-| 1<<SADB_X_EXT_DEBUG
-,
-/* SADB_X_NAT_T_NEW_MAPPING */
-1<<SADB_EXT_RESERVED
-| 1<<SADB_EXT_SA
-| 1<<SADB_EXT_ADDRESS_SRC
-| 1<<SADB_EXT_ADDRESS_DST
-| 1<<SADB_X_EXT_NAT_T_SPORT
-| 1<<SADB_X_EXT_NAT_T_DPORT
-},
-
-/* REQUIRED IN */
-{
-/* SADB_RESERVED */
-0
-,
-/* SADB_GETSPI */
-1<<SADB_EXT_RESERVED
-| 1<<SADB_EXT_ADDRESS_SRC
-| 1<<SADB_EXT_ADDRESS_DST
-| 1<<SADB_EXT_SPIRANGE
-,
-/* SADB_UPDATE */
-1<<SADB_EXT_RESERVED
-| 1<<SADB_EXT_SA
-| 1<<SADB_EXT_ADDRESS_SRC
-| 1<<SADB_EXT_ADDRESS_DST
-/*| 1<<SADB_EXT_KEY_AUTH*/
-/*| 1<<SADB_EXT_KEY_ENCRYPT*/
-,
-/* SADB_ADD */
-1<<SADB_EXT_RESERVED
-| 1<<SADB_EXT_SA
-| 1<<SADB_EXT_ADDRESS_SRC
-| 1<<SADB_EXT_ADDRESS_DST
-/*| 1<<SADB_EXT_KEY_AUTH*/
-/*| 1<<SADB_EXT_KEY_ENCRYPT*/
-,
-/* SADB_DELETE */
-1<<SADB_EXT_RESERVED
-| 1<<SADB_EXT_SA
-| 1<<SADB_EXT_ADDRESS_SRC
-| 1<<SADB_EXT_ADDRESS_DST
-,
-/* SADB_GET */
-1<<SADB_EXT_RESERVED
-| 1<<SADB_EXT_SA
-| 1<<SADB_EXT_ADDRESS_SRC
-| 1<<SADB_EXT_ADDRESS_DST
-,
-/* SADB_ACQUIRE */
-1<<SADB_EXT_RESERVED
-| 1<<SADB_EXT_ADDRESS_SRC
-| 1<<SADB_EXT_ADDRESS_DST
-| 1<<SADB_EXT_PROPOSAL
-,
-/* SADB_REGISTER */
-1<<SADB_EXT_RESERVED
-,
-/* SADB_EXPIRE */
-0
-,
-/* SADB_FLUSH */
-1<<SADB_EXT_RESERVED
-,
-/* SADB_DUMP */
-1<<SADB_EXT_RESERVED
-,
-/* SADB_X_PROMISC */
-1<<SADB_EXT_RESERVED
-| 1<<SADB_EXT_SA
-| 1<<SADB_EXT_LIFETIME_CURRENT
-| 1<<SADB_EXT_LIFETIME_HARD
-| 1<<SADB_EXT_LIFETIME_SOFT
-| 1<<SADB_EXT_ADDRESS_SRC
-| 1<<SADB_EXT_ADDRESS_DST
-| 1<<SADB_EXT_ADDRESS_PROXY
-| 1<<SADB_EXT_KEY_AUTH
-| 1<<SADB_EXT_KEY_ENCRYPT
-| 1<<SADB_EXT_IDENTITY_SRC
-| 1<<SADB_EXT_IDENTITY_DST
-| 1<<SADB_EXT_SENSITIVITY
-| 1<<SADB_EXT_PROPOSAL
-| 1<<SADB_EXT_SUPPORTED_AUTH
-| 1<<SADB_EXT_SUPPORTED_ENCRYPT
-| 1<<SADB_EXT_SPIRANGE
-| 1<<SADB_X_EXT_KMPRIVATE
-| 1<<SADB_X_EXT_SATYPE2
-| 1<<SADB_X_EXT_SA2
-| 1<<SADB_X_EXT_ADDRESS_DST2
-,
-/* SADB_X_PCHANGE */
-1<<SADB_EXT_RESERVED
-| 1<<SADB_EXT_SA
-| 1<<SADB_EXT_LIFETIME_CURRENT
-| 1<<SADB_EXT_LIFETIME_HARD
-| 1<<SADB_EXT_LIFETIME_SOFT
-| 1<<SADB_EXT_ADDRESS_SRC
-| 1<<SADB_EXT_ADDRESS_DST
-| 1<<SADB_EXT_ADDRESS_PROXY
-| 1<<SADB_EXT_KEY_AUTH
-| 1<<SADB_EXT_KEY_ENCRYPT
-| 1<<SADB_EXT_IDENTITY_SRC
-| 1<<SADB_EXT_IDENTITY_DST
-| 1<<SADB_EXT_SENSITIVITY
-| 1<<SADB_EXT_PROPOSAL
-| 1<<SADB_EXT_SUPPORTED_AUTH
-| 1<<SADB_EXT_SUPPORTED_ENCRYPT
-| 1<<SADB_EXT_SPIRANGE
-| 1<<SADB_X_EXT_KMPRIVATE
-| 1<<SADB_X_EXT_SATYPE2
-| 1<<SADB_X_EXT_SA2
-| 1<<SADB_X_EXT_ADDRESS_DST2
-,
-/* SADB_X_GRPSA */
-1<<SADB_EXT_RESERVED
-| 1<<SADB_EXT_SA
-| 1<<SADB_EXT_ADDRESS_DST
-/*| 1<<SADB_X_EXT_SATYPE2*/
-/*| 1<<SADB_X_EXT_SA2*/
-/*| 1<<SADB_X_EXT_ADDRESS_DST2*/
-,
-/* SADB_X_ADDFLOW */
-1<<SADB_EXT_RESERVED
-| 1<<SADB_EXT_SA
-| 1<<SADB_EXT_ADDRESS_DST
-| 1<<SADB_X_EXT_ADDRESS_SRC_FLOW
-| 1<<SADB_X_EXT_ADDRESS_DST_FLOW
-| 1<<SADB_X_EXT_ADDRESS_SRC_MASK
-| 1<<SADB_X_EXT_ADDRESS_DST_MASK
-,
-/* SADB_X_DELFLOW */
-1<<SADB_EXT_RESERVED
-/*| 1<<SADB_EXT_SA*/
-#if 0 /* SADB_X_CLREROUTE doesn't need all these... */
-| 1<<SADB_X_EXT_ADDRESS_SRC_FLOW
-| 1<<SADB_X_EXT_ADDRESS_DST_FLOW
-| 1<<SADB_X_EXT_ADDRESS_SRC_MASK
-| 1<<SADB_X_EXT_ADDRESS_DST_MASK
-#endif
-,
-/* SADB_X_DEBUG */
-1<<SADB_EXT_RESERVED
-| 1<<SADB_X_EXT_DEBUG
-,
-/* SADB_X_NAT_T_NEW_MAPPING */
-1<<SADB_EXT_RESERVED
-| 1<<SADB_EXT_SA
-| 1<<SADB_EXT_ADDRESS_SRC
-| 1<<SADB_EXT_ADDRESS_DST
-| 1<<SADB_X_EXT_NAT_T_SPORT
-| 1<<SADB_X_EXT_NAT_T_DPORT
-}
-
-},
-
-/* OUTBOUND EXTENSIONS */
-{
-
-/* PERMITTED OUT */
-{
-/* SADB_RESERVED */
-0
-,
-/* SADB_GETSPI */
-1<<SADB_EXT_RESERVED
-| 1<<SADB_EXT_SA
-| 1<<SADB_EXT_ADDRESS_SRC
-| 1<<SADB_EXT_ADDRESS_DST
-,
-/* SADB_UPDATE */
-1<<SADB_EXT_RESERVED
-| 1<<SADB_EXT_SA
-| 1<<SADB_EXT_LIFETIME_CURRENT
-| 1<<SADB_EXT_LIFETIME_HARD
-| 1<<SADB_EXT_LIFETIME_SOFT
-| 1<<SADB_EXT_ADDRESS_SRC
-| 1<<SADB_EXT_ADDRESS_DST
-| 1<<SADB_EXT_ADDRESS_PROXY
-| 1<<SADB_EXT_IDENTITY_SRC
-| 1<<SADB_EXT_IDENTITY_DST
-| 1<<SADB_EXT_SENSITIVITY
-,
-/* SADB_ADD */
-1<<SADB_EXT_RESERVED
-| 1<<SADB_EXT_SA
-| 1<<SADB_EXT_LIFETIME_HARD
-| 1<<SADB_EXT_LIFETIME_SOFT
-| 1<<SADB_EXT_ADDRESS_SRC
-| 1<<SADB_EXT_ADDRESS_DST
-| 1<<SADB_EXT_IDENTITY_SRC
-| 1<<SADB_EXT_IDENTITY_DST
-| 1<<SADB_EXT_SENSITIVITY
-| 1<<SADB_X_EXT_NAT_T_TYPE
-| 1<<SADB_X_EXT_NAT_T_SPORT
-| 1<<SADB_X_EXT_NAT_T_DPORT
-| 1<<SADB_X_EXT_NAT_T_OA
-,
-/* SADB_DELETE */
-1<<SADB_EXT_RESERVED
-| 1<<SADB_EXT_SA
-| 1<<SADB_EXT_ADDRESS_SRC
-| 1<<SADB_EXT_ADDRESS_DST
-,
-/* SADB_GET */
-1<<SADB_EXT_RESERVED
-| 1<<SADB_EXT_SA
-| 1<<SADB_EXT_LIFETIME_CURRENT
-| 1<<SADB_EXT_LIFETIME_HARD
-| 1<<SADB_EXT_LIFETIME_SOFT
-| 1<<SADB_EXT_ADDRESS_SRC
-| 1<<SADB_EXT_ADDRESS_DST
-| 1<<SADB_EXT_ADDRESS_PROXY
-| 1<<SADB_EXT_KEY_AUTH
-| 1<<SADB_EXT_KEY_ENCRYPT
-| 1<<SADB_EXT_IDENTITY_SRC
-| 1<<SADB_EXT_IDENTITY_DST
-| 1<<SADB_EXT_SENSITIVITY
-,
-/* SADB_ACQUIRE */
-1<<SADB_EXT_RESERVED
-| 1<<SADB_EXT_ADDRESS_SRC
-| 1<<SADB_EXT_ADDRESS_DST
-| 1<<SADB_EXT_ADDRESS_PROXY
-| 1<<SADB_EXT_IDENTITY_SRC
-| 1<<SADB_EXT_IDENTITY_DST
-| 1<<SADB_EXT_SENSITIVITY
-| 1<<SADB_EXT_PROPOSAL
-,
-/* SADB_REGISTER */
-1<<SADB_EXT_RESERVED
-| 1<<SADB_EXT_SUPPORTED_AUTH
-| 1<<SADB_EXT_SUPPORTED_ENCRYPT
-,
-/* SADB_EXPIRE */
-1<<SADB_EXT_RESERVED
-| 1<<SADB_EXT_SA
-| 1<<SADB_EXT_LIFETIME_CURRENT
-| 1<<SADB_EXT_LIFETIME_HARD
-| 1<<SADB_EXT_LIFETIME_SOFT
-| 1<<SADB_EXT_ADDRESS_SRC
-| 1<<SADB_EXT_ADDRESS_DST
-,
-/* SADB_FLUSH */
-1<<SADB_EXT_RESERVED
-,
-/* SADB_DUMP */
-1<<SADB_EXT_RESERVED
-| 1<<SADB_EXT_SA
-| 1<<SADB_EXT_LIFETIME_CURRENT
-| 1<<SADB_EXT_LIFETIME_HARD
-| 1<<SADB_EXT_LIFETIME_SOFT
-| 1<<SADB_EXT_ADDRESS_SRC
-| 1<<SADB_EXT_ADDRESS_DST
-| 1<<SADB_EXT_ADDRESS_PROXY
-| 1<<SADB_EXT_KEY_AUTH
-| 1<<SADB_EXT_KEY_ENCRYPT
-| 1<<SADB_EXT_IDENTITY_SRC
-| 1<<SADB_EXT_IDENTITY_DST
-| 1<<SADB_EXT_SENSITIVITY
-,
-/* SADB_X_PROMISC */
-1<<SADB_EXT_RESERVED
-| 1<<SADB_EXT_SA
-| 1<<SADB_EXT_LIFETIME_CURRENT
-| 1<<SADB_EXT_LIFETIME_HARD
-| 1<<SADB_EXT_LIFETIME_SOFT
-| 1<<SADB_EXT_ADDRESS_SRC
-| 1<<SADB_EXT_ADDRESS_DST
-| 1<<SADB_EXT_ADDRESS_PROXY
-| 1<<SADB_EXT_KEY_AUTH
-| 1<<SADB_EXT_KEY_ENCRYPT
-| 1<<SADB_EXT_IDENTITY_SRC
-| 1<<SADB_EXT_IDENTITY_DST
-| 1<<SADB_EXT_SENSITIVITY
-| 1<<SADB_EXT_PROPOSAL
-| 1<<SADB_EXT_SUPPORTED_AUTH
-| 1<<SADB_EXT_SUPPORTED_ENCRYPT
-| 1<<SADB_EXT_SPIRANGE
-| 1<<SADB_X_EXT_KMPRIVATE
-| 1<<SADB_X_EXT_SATYPE2
-| 1<<SADB_X_EXT_SA2
-| 1<<SADB_X_EXT_ADDRESS_DST2
-,
-/* SADB_X_PCHANGE */
-1<<SADB_EXT_RESERVED
-| 1<<SADB_EXT_SA
-| 1<<SADB_EXT_LIFETIME_CURRENT
-| 1<<SADB_EXT_LIFETIME_HARD
-| 1<<SADB_EXT_LIFETIME_SOFT
-| 1<<SADB_EXT_ADDRESS_SRC
-| 1<<SADB_EXT_ADDRESS_DST
-| 1<<SADB_EXT_ADDRESS_PROXY
-| 1<<SADB_EXT_KEY_AUTH
-| 1<<SADB_EXT_KEY_ENCRYPT
-| 1<<SADB_EXT_IDENTITY_SRC
-| 1<<SADB_EXT_IDENTITY_DST
-| 1<<SADB_EXT_SENSITIVITY
-| 1<<SADB_EXT_PROPOSAL
-| 1<<SADB_EXT_SUPPORTED_AUTH
-| 1<<SADB_EXT_SUPPORTED_ENCRYPT
-| 1<<SADB_EXT_SPIRANGE
-| 1<<SADB_X_EXT_KMPRIVATE
-| 1<<SADB_X_EXT_SATYPE2
-| 1<<SADB_X_EXT_SA2
-| 1<<SADB_X_EXT_ADDRESS_DST2
-,
-/* SADB_X_GRPSA */
-1<<SADB_EXT_RESERVED
-| 1<<SADB_EXT_SA
-| 1<<SADB_EXT_ADDRESS_DST
-| 1<<SADB_X_EXT_SATYPE2
-| 1<<SADB_X_EXT_SA2
-| 1<<SADB_X_EXT_ADDRESS_DST2
-,
-/* SADB_X_ADDFLOW */
-1<<SADB_EXT_RESERVED
-| 1<<SADB_EXT_SA
-| 1<<SADB_EXT_ADDRESS_SRC
-| 1<<SADB_EXT_ADDRESS_DST
-| 1<<SADB_X_EXT_ADDRESS_SRC_FLOW
-| 1<<SADB_X_EXT_ADDRESS_DST_FLOW
-| 1<<SADB_X_EXT_ADDRESS_SRC_MASK
-| 1<<SADB_X_EXT_ADDRESS_DST_MASK
-| 1<<SADB_X_EXT_PROTOCOL
-,
-/* SADB_X_DELFLOW */
-1<<SADB_EXT_RESERVED
-| 1<<SADB_EXT_SA
-| 1<<SADB_X_EXT_ADDRESS_SRC_FLOW
-| 1<<SADB_X_EXT_ADDRESS_DST_FLOW
-| 1<<SADB_X_EXT_ADDRESS_SRC_MASK
-| 1<<SADB_X_EXT_ADDRESS_DST_MASK
-| 1<<SADB_X_EXT_PROTOCOL
-,
-/* SADB_X_DEBUG */
-1<<SADB_EXT_RESERVED
-| 1<<SADB_X_EXT_DEBUG
-,
-/* SADB_X_NAT_T_NEW_MAPPING */
-1<<SADB_EXT_RESERVED
-| 1<<SADB_EXT_SA
-| 1<<SADB_EXT_ADDRESS_SRC
-| 1<<SADB_EXT_ADDRESS_DST
-| 1<<SADB_X_EXT_NAT_T_SPORT
-| 1<<SADB_X_EXT_NAT_T_DPORT
-},
-
-/* REQUIRED OUT */
-{
-/* SADB_RESERVED */
-0
-,
-/* SADB_GETSPI */
-1<<SADB_EXT_RESERVED
-| 1<<SADB_EXT_SA
-| 1<<SADB_EXT_ADDRESS_SRC
-| 1<<SADB_EXT_ADDRESS_DST
-,
-/* SADB_UPDATE */
-1<<SADB_EXT_RESERVED
-| 1<<SADB_EXT_SA
-| 1<<SADB_EXT_ADDRESS_SRC
-| 1<<SADB_EXT_ADDRESS_DST
-,
-/* SADB_ADD */
-1<<SADB_EXT_RESERVED
-| 1<<SADB_EXT_SA
-| 1<<SADB_EXT_ADDRESS_SRC
-| 1<<SADB_EXT_ADDRESS_DST
-,
-/* SADB_DELETE */
-1<<SADB_EXT_RESERVED
-| 1<<SADB_EXT_SA
-| 1<<SADB_EXT_ADDRESS_SRC
-| 1<<SADB_EXT_ADDRESS_DST
-,
-/* SADB_GET */
-1<<SADB_EXT_RESERVED
-| 1<<SADB_EXT_SA
-| 1<<SADB_EXT_ADDRESS_SRC
-| 1<<SADB_EXT_ADDRESS_DST
-/* | 1<<SADB_EXT_KEY_AUTH */
-/* | 1<<SADB_EXT_KEY_ENCRYPT */
-,
-/* SADB_ACQUIRE */
-1<<SADB_EXT_RESERVED
-| 1<<SADB_EXT_ADDRESS_SRC
-| 1<<SADB_EXT_ADDRESS_DST
-| 1<<SADB_EXT_PROPOSAL
-,
-/* SADB_REGISTER */
-1<<SADB_EXT_RESERVED
-/* | 1<<SADB_EXT_SUPPORTED_AUTH
-   | 1<<SADB_EXT_SUPPORTED_ENCRYPT */
-,
-/* SADB_EXPIRE */
-1<<SADB_EXT_RESERVED
-| 1<<SADB_EXT_SA
-| 1<<SADB_EXT_LIFETIME_CURRENT
-/* | 1<<SADB_EXT_LIFETIME_HARD
-   | 1<<SADB_EXT_LIFETIME_SOFT */
-| 1<<SADB_EXT_ADDRESS_SRC
-| 1<<SADB_EXT_ADDRESS_DST
-,
-/* SADB_FLUSH */
-1<<SADB_EXT_RESERVED
-,
-/* SADB_DUMP */
-1<<SADB_EXT_RESERVED
-| 1<<SADB_EXT_SA
-| 1<<SADB_EXT_ADDRESS_SRC
-| 1<<SADB_EXT_ADDRESS_DST
-| 1<<SADB_EXT_KEY_AUTH
-| 1<<SADB_EXT_KEY_ENCRYPT
-,
-/* SADB_X_PROMISC */
-1<<SADB_EXT_RESERVED
-| 1<<SADB_EXT_SA
-| 1<<SADB_EXT_LIFETIME_CURRENT
-| 1<<SADB_EXT_LIFETIME_HARD
-| 1<<SADB_EXT_LIFETIME_SOFT
-| 1<<SADB_EXT_ADDRESS_SRC
-| 1<<SADB_EXT_ADDRESS_DST
-| 1<<SADB_EXT_ADDRESS_PROXY
-| 1<<SADB_EXT_KEY_AUTH
-| 1<<SADB_EXT_KEY_ENCRYPT
-| 1<<SADB_EXT_IDENTITY_SRC
-| 1<<SADB_EXT_IDENTITY_DST
-| 1<<SADB_EXT_SENSITIVITY
-| 1<<SADB_EXT_PROPOSAL
-| 1<<SADB_EXT_SUPPORTED_AUTH
-| 1<<SADB_EXT_SUPPORTED_ENCRYPT
-| 1<<SADB_EXT_SPIRANGE
-| 1<<SADB_X_EXT_KMPRIVATE
-| 1<<SADB_X_EXT_SATYPE2
-| 1<<SADB_X_EXT_SA2
-| 1<<SADB_X_EXT_ADDRESS_DST2
-,
-/* SADB_X_PCHANGE */
-1<<SADB_EXT_RESERVED
-| 1<<SADB_EXT_SA
-| 1<<SADB_EXT_LIFETIME_CURRENT
-| 1<<SADB_EXT_LIFETIME_HARD
-| 1<<SADB_EXT_LIFETIME_SOFT
-| 1<<SADB_EXT_ADDRESS_SRC
-| 1<<SADB_EXT_ADDRESS_DST
-| 1<<SADB_EXT_ADDRESS_PROXY
-| 1<<SADB_EXT_KEY_AUTH
-| 1<<SADB_EXT_KEY_ENCRYPT
-| 1<<SADB_EXT_IDENTITY_SRC
-| 1<<SADB_EXT_IDENTITY_DST
-| 1<<SADB_EXT_SENSITIVITY
-| 1<<SADB_EXT_PROPOSAL
-| 1<<SADB_EXT_SUPPORTED_AUTH
-| 1<<SADB_EXT_SUPPORTED_ENCRYPT
-| 1<<SADB_EXT_SPIRANGE
-| 1<<SADB_X_EXT_KMPRIVATE
-| 1<<SADB_X_EXT_SATYPE2
-| 1<<SADB_X_EXT_SA2
-| 1<<SADB_X_EXT_ADDRESS_DST2
-,
-/* SADB_X_GRPSA */
-1<<SADB_EXT_RESERVED
-| 1<<SADB_EXT_SA
-| 1<<SADB_EXT_ADDRESS_DST
-,
-/* SADB_X_ADDFLOW */
-1<<SADB_EXT_RESERVED
-| 1<<SADB_EXT_SA
-| 1<<SADB_EXT_ADDRESS_DST
-| 1<<SADB_X_EXT_ADDRESS_SRC_FLOW
-| 1<<SADB_X_EXT_ADDRESS_DST_FLOW
-| 1<<SADB_X_EXT_ADDRESS_SRC_MASK
-| 1<<SADB_X_EXT_ADDRESS_DST_MASK
-,
-/* SADB_X_DELFLOW */
-1<<SADB_EXT_RESERVED
-/*| 1<<SADB_EXT_SA*/
-| 1<<SADB_X_EXT_ADDRESS_SRC_FLOW
-| 1<<SADB_X_EXT_ADDRESS_DST_FLOW
-| 1<<SADB_X_EXT_ADDRESS_SRC_MASK
-| 1<<SADB_X_EXT_ADDRESS_DST_MASK
-,
-/* SADB_X_DEBUG */
-1<<SADB_EXT_RESERVED
-| 1<<SADB_X_EXT_DEBUG
-,
-/* SADB_X_NAT_T_NEW_MAPPING */
-1<<SADB_EXT_RESERVED
-| 1<<SADB_EXT_SA
-| 1<<SADB_EXT_ADDRESS_SRC
-| 1<<SADB_EXT_ADDRESS_DST
-| 1<<SADB_X_EXT_NAT_T_SPORT
-| 1<<SADB_X_EXT_NAT_T_DPORT
-}
-}
-};
diff --git a/src/libfreeswan/pfkey_v2_parse.c b/src/libfreeswan/pfkey_v2_parse.c
deleted file mode 100644 (file)
index 8fec9d1..0000000
+++ /dev/null
@@ -1,1539 +0,0 @@
-/*
- * RFC2367 PF_KEYv2 Key management API message parser
- * Copyright (C) 1999, 2000, 2001  Richard Guy Briggs.
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-/*
- *             Template from klips/net/ipsec/ipsec/ipsec_parser.c.
- */
-
-char pfkey_v2_parse_c_version[] = "";
-
-# include <sys/types.h>
-# include <sys/socket.h>
-# include <errno.h>
-
-# include <freeswan.h>
-# include <constants.h>
-# include <defs.h>  /* for PRINTF_LIKE */
-# include <log.h>  /* for debugging and DBG_log */
-
-# ifdef PLUTO
-#  define DEBUGGING(level, args...)  { DBG_log("pfkey_lib_debug:" args);  }
-# else
-#  define DEBUGGING(level, args...)  if(pfkey_lib_debug & level) { printf("pfkey_lib_debug:" args); } else { ; }
-# endif
-
-#include <pfkeyv2.h>
-#include <pfkey.h>
-
-
-#define SENDERR(_x) do { error = -(_x); goto errlab; } while (0)
-
-static struct {
-       uint8_t proto;
-       uint8_t satype;
-       char* name;
-} satype_tbl[] = {
-       { SA_ESP,       SADB_SATYPE_ESP,        "ESP"  },
-       { SA_AH,        SADB_SATYPE_AH,         "AH"   },
-       { SA_IPIP,      SADB_X_SATYPE_IPIP,     "IPIP" },
-       { SA_COMP,      SADB_X_SATYPE_COMP,     "COMP" },
-       { SA_INT,       SADB_X_SATYPE_INT,      "INT" },
-       { 0,            0,                      "UNKNOWN" }
-};
-
-uint8_t
-satype2proto(uint8_t satype)
-{
-       int i =0;
-
-       while(satype_tbl[i].satype != satype && satype_tbl[i].satype != 0) {
-               i++;
-       }
-       return satype_tbl[i].proto;
-}
-
-uint8_t
-proto2satype(uint8_t proto)
-{
-       int i = 0;
-
-       while(satype_tbl[i].proto != proto && satype_tbl[i].proto != 0) {
-               i++;
-       }
-       return satype_tbl[i].satype;
-}
-
-char*
-satype2name(uint8_t satype)
-{
-       int i = 0;
-
-       while(satype_tbl[i].satype != satype && satype_tbl[i].satype != 0) {
-               i++;
-       }
-       return satype_tbl[i].name;
-}
-
-char*
-proto2name(uint8_t proto)
-{
-       int i = 0;
-
-       while(satype_tbl[i].proto != proto && satype_tbl[i].proto != 0) {
-               i++;
-       }
-       return satype_tbl[i].name;
-}
-
-/* Default extension parsers taken from the KLIPS code */
-
-DEBUG_NO_STATIC int
-pfkey_sa_parse(struct sadb_ext *pfkey_ext)
-{
-       int error = 0;
-       struct sadb_sa *pfkey_sa = (struct sadb_sa *)pfkey_ext;
-#if 0
-       struct sadb_sa sav2;
-#endif
-
-       DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW,
-                 "pfkey_sa_parse: entry\n");
-       /* sanity checks... */
-       if(!pfkey_sa) {
-               DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                         "pfkey_sa_parse: "
-                         "NULL pointer passed in.\n");
-               SENDERR(EINVAL);
-       }
-
-#if 0
-       /* check if this structure is short, and if so, fix it up.
-        * XXX this is NOT the way to do things.
-        */
-       if(pfkey_sa->sadb_sa_len == sizeof(struct sadb_sa_v1)/IPSEC_PFKEYv2_ALIGN) {
-
-               /* yes, so clear out a temporary structure, and copy first */
-               memset(&sav2, 0, sizeof(sav2));
-               memcpy(&sav2, pfkey_sa, sizeof(struct sadb_sa_v1));
-               sav2.sadb_x_sa_ref=-1;
-               sav2.sadb_sa_len = sizeof(struct sadb_sa) / IPSEC_PFKEYv2_ALIGN;
-
-               pfkey_sa = &sav2;
-       }
-#endif
-
-
-       if(pfkey_sa->sadb_sa_len != sizeof(struct sadb_sa) / IPSEC_PFKEYv2_ALIGN) {
-               DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                         "pfkey_sa_parse: "
-                         "length wrong pfkey_sa->sadb_sa_len=%d sizeof(struct sadb_sa)=%d.\n",
-                         pfkey_sa->sadb_sa_len,
-                         (int)sizeof(struct sadb_sa));
-               SENDERR(EINVAL);
-       }
-
-       if(pfkey_sa->sadb_sa_encrypt > SADB_EALG_MAX) {
-               DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                         "pfkey_sa_parse: "
-                         "pfkey_sa->sadb_sa_encrypt=%d > SADB_EALG_MAX=%d.\n",
-                         pfkey_sa->sadb_sa_encrypt,
-                         SADB_EALG_MAX);
-               SENDERR(EINVAL);
-       }
-
-       if(pfkey_sa->sadb_sa_auth > SADB_AALG_MAX) {
-               DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                         "pfkey_sa_parse: "
-                         "pfkey_sa->sadb_sa_auth=%d > SADB_AALG_MAX=%d.\n",
-                         pfkey_sa->sadb_sa_auth,
-                         SADB_AALG_MAX);
-               SENDERR(EINVAL);
-       }
-
-       if(pfkey_sa->sadb_sa_state > SADB_SASTATE_MAX) {
-               DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                         "pfkey_sa_parse: "
-                         "state=%d exceeds MAX=%d.\n",
-                         pfkey_sa->sadb_sa_state,
-                         SADB_SASTATE_MAX);
-               SENDERR(EINVAL);
-       }
-
-       if(pfkey_sa->sadb_sa_state == SADB_SASTATE_DEAD) {
-               DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                         "pfkey_sa_parse: "
-                         "state=%d is DEAD=%d.\n",
-                         pfkey_sa->sadb_sa_state,
-                         SADB_SASTATE_DEAD);
-               SENDERR(EINVAL);
-       }
-
-       if(pfkey_sa->sadb_sa_replay > 64) {
-               DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                         "pfkey_sa_parse: "
-                         "replay window size: %d -- must be 0 <= size <= 64\n",
-                         pfkey_sa->sadb_sa_replay);
-               SENDERR(EINVAL);
-       }
-
-       if(! ((pfkey_sa->sadb_sa_exttype ==  SADB_EXT_SA) ||
-             (pfkey_sa->sadb_sa_exttype ==  SADB_X_EXT_SA2)))
-       {
-               DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                         "pfkey_sa_parse: "
-                         "unknown exttype=%d, expecting SADB_EXT_SA=%d or SADB_X_EXT_SA2=%d.\n",
-                         pfkey_sa->sadb_sa_exttype,
-                         SADB_EXT_SA,
-                         SADB_X_EXT_SA2);
-               SENDERR(EINVAL);
-       }
-
-       if((IPSEC_SAREF_NULL != pfkey_sa->sadb_x_sa_ref) && (pfkey_sa->sadb_x_sa_ref >= (1 << IPSEC_SA_REF_TABLE_IDX_WIDTH))) {
-               DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                         "pfkey_sa_parse: "
-                         "SAref=%d must be (SAref == IPSEC_SAREF_NULL(%d) || SAref < IPSEC_SA_REF_TABLE_NUM_ENTRIES(%d)).\n",
-                         pfkey_sa->sadb_x_sa_ref,
-                         IPSEC_SAREF_NULL,
-                         IPSEC_SA_REF_TABLE_NUM_ENTRIES);
-               SENDERR(EINVAL);
-       }
-
-       DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT,
-                 "pfkey_sa_parse: "
-                 "successfully found len=%d exttype=%d(%s) spi=%08lx replay=%d state=%d auth=%d encrypt=%d flags=%d ref=%d.\n",
-                 pfkey_sa->sadb_sa_len,
-                 pfkey_sa->sadb_sa_exttype,
-                 pfkey_v2_sadb_ext_string(pfkey_sa->sadb_sa_exttype),
-                 (long unsigned int)ntohl(pfkey_sa->sadb_sa_spi),
-                 pfkey_sa->sadb_sa_replay,
-                 pfkey_sa->sadb_sa_state,
-                 pfkey_sa->sadb_sa_auth,
-                 pfkey_sa->sadb_sa_encrypt,
-                 pfkey_sa->sadb_sa_flags,
-                 pfkey_sa->sadb_x_sa_ref);
-
- errlab:
-       return error;
-}
-
-DEBUG_NO_STATIC int
-pfkey_lifetime_parse(struct sadb_ext  *pfkey_ext)
-{
-       int error = 0;
-       struct sadb_lifetime *pfkey_lifetime = (struct sadb_lifetime *)pfkey_ext;
-
-       DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW,
-                 "pfkey_lifetime_parse:enter\n");
-       /* sanity checks... */
-       if(!pfkey_lifetime) {
-               DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                         "pfkey_lifetime_parse: "
-                         "NULL pointer passed in.\n");
-               SENDERR(EINVAL);
-       }
-
-       if(pfkey_lifetime->sadb_lifetime_len !=
-          sizeof(struct sadb_lifetime) / IPSEC_PFKEYv2_ALIGN) {
-               DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                         "pfkey_lifetime_parse: "
-                         "length wrong pfkey_lifetime->sadb_lifetime_len=%d sizeof(struct sadb_lifetime)=%d.\n",
-                         pfkey_lifetime->sadb_lifetime_len,
-                         (int)sizeof(struct sadb_lifetime));
-               SENDERR(EINVAL);
-       }
-
-       if((pfkey_lifetime->sadb_lifetime_exttype != SADB_EXT_LIFETIME_HARD) &&
-          (pfkey_lifetime->sadb_lifetime_exttype != SADB_EXT_LIFETIME_SOFT) &&
-          (pfkey_lifetime->sadb_lifetime_exttype != SADB_EXT_LIFETIME_CURRENT)) {
-               DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                         "pfkey_lifetime_parse: "
-                         "unexpected ext_type=%d.\n",
-                         pfkey_lifetime->sadb_lifetime_exttype);
-               SENDERR(EINVAL);
-       }
-
-       DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT,
-                 "pfkey_lifetime_parse: "
-                 "life_type=%d(%s) alloc=%u bytes=%u add=%u use=%u pkts=%u.\n",
-                 pfkey_lifetime->sadb_lifetime_exttype,
-                 pfkey_v2_sadb_ext_string(pfkey_lifetime->sadb_lifetime_exttype),
-                 pfkey_lifetime->sadb_lifetime_allocations,
-                 (unsigned)pfkey_lifetime->sadb_lifetime_bytes,
-                 (unsigned)pfkey_lifetime->sadb_lifetime_addtime,
-                 (unsigned)pfkey_lifetime->sadb_lifetime_usetime,
-                 pfkey_lifetime->sadb_x_lifetime_packets);
-errlab:
-       return error;
-}
-
-DEBUG_NO_STATIC int
-pfkey_address_parse(struct sadb_ext *pfkey_ext)
-{
-       int error = 0;
-       int saddr_len = 0;
-       struct sadb_address *pfkey_address = (struct sadb_address *)pfkey_ext;
-       struct sockaddr* s = (struct sockaddr*)((char*)pfkey_address + sizeof(*pfkey_address));
-       char ipaddr_txt[ADDRTOT_BUF];
-
-       DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW,
-               "pfkey_address_parse:enter\n");
-       /* sanity checks... */
-       if(!pfkey_address) {
-               DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                       "pfkey_address_parse: "
-                       "NULL pointer passed in.\n");
-               SENDERR(EINVAL);
-       }
-
-       if(pfkey_address->sadb_address_len <
-          (sizeof(struct sadb_address) + sizeof(struct sockaddr))/
-          IPSEC_PFKEYv2_ALIGN) {
-               DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                         "pfkey_address_parse: "
-                         "size wrong 1 ext_len=%d, adr_ext_len=%d, saddr_len=%d.\n",
-                         pfkey_address->sadb_address_len,
-                         (int)sizeof(struct sadb_address),
-                         (int)sizeof(struct sockaddr));
-               SENDERR(EINVAL);
-       }
-
-       if(pfkey_address->sadb_address_reserved) {
-               DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                         "pfkey_address_parse: "
-                         "res=%d, must be zero.\n",
-                         pfkey_address->sadb_address_reserved);
-               SENDERR(EINVAL);
-       }
-
-       switch(pfkey_address->sadb_address_exttype) {
-       case SADB_EXT_ADDRESS_SRC:
-       case SADB_EXT_ADDRESS_DST:
-       case SADB_EXT_ADDRESS_PROXY:
-       case SADB_X_EXT_ADDRESS_DST2:
-       case SADB_X_EXT_ADDRESS_SRC_FLOW:
-       case SADB_X_EXT_ADDRESS_DST_FLOW:
-       case SADB_X_EXT_ADDRESS_SRC_MASK:
-       case SADB_X_EXT_ADDRESS_DST_MASK:
-       case SADB_X_EXT_NAT_T_OA:
-               break;
-       default:
-               DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                       "pfkey_address_parse: "
-                       "unexpected ext_type=%d.\n",
-                       pfkey_address->sadb_address_exttype);
-               SENDERR(EINVAL);
-       }
-
-       switch(s->sa_family) {
-       case AF_INET:
-               saddr_len = sizeof(struct sockaddr_in);
-               sprintf(ipaddr_txt, "%d.%d.%d.%d"
-                       , (((struct sockaddr_in*)s)->sin_addr.s_addr >>  0) & 0xFF
-                       , (((struct sockaddr_in*)s)->sin_addr.s_addr >>  8) & 0xFF
-                       , (((struct sockaddr_in*)s)->sin_addr.s_addr >> 16) & 0xFF
-                       , (((struct sockaddr_in*)s)->sin_addr.s_addr >> 24) & 0xFF);
-               DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT,
-                         "pfkey_address_parse: "
-                         "found exttype=%u(%s) family=%d(AF_INET) address=%s proto=%u port=%u.\n",
-                         pfkey_address->sadb_address_exttype,
-                         pfkey_v2_sadb_ext_string(pfkey_address->sadb_address_exttype),
-                         s->sa_family,
-                         ipaddr_txt,
-                         pfkey_address->sadb_address_proto,
-                         ntohs(((struct sockaddr_in*)s)->sin_port));
-               break;
-       case AF_INET6:
-               saddr_len = sizeof(struct sockaddr_in6);
-               sprintf(ipaddr_txt, "%x:%x:%x:%x:%x:%x:%x:%x"
-                       , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr[0])
-                       , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr[1])
-                       , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr[2])
-                       , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr[3])
-                       , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr[4])
-                       , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr[5])
-                       , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr[6])
-                       , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr[7]));
-               DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT,
-                         "pfkey_address_parse: "
-                         "found exttype=%u(%s) family=%d(AF_INET6) address=%s proto=%u port=%u.\n",
-                         pfkey_address->sadb_address_exttype,
-                         pfkey_v2_sadb_ext_string(pfkey_address->sadb_address_exttype),
-                         s->sa_family,
-                         ipaddr_txt,
-                         pfkey_address->sadb_address_proto,
-                         ((struct sockaddr_in6*)s)->sin6_port);
-               break;
-       default:
-               DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                       "pfkey_address_parse: "
-                       "s->sa_family=%d not supported.\n",
-                       s->sa_family);
-               SENDERR(EPFNOSUPPORT);
-       }
-
-       if(pfkey_address->sadb_address_len !=
-          DIVUP(sizeof(struct sadb_address) + saddr_len, IPSEC_PFKEYv2_ALIGN)) {
-               DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                         "pfkey_address_parse: "
-                         "size wrong 2 ext_len=%d, adr_ext_len=%d, saddr_len=%d.\n",
-                         pfkey_address->sadb_address_len,
-                         (int)sizeof(struct sadb_address),
-                         saddr_len);
-               SENDERR(EINVAL);
-       }
-
-       if(pfkey_address->sadb_address_prefixlen != 0) {
-               DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                       "pfkey_address_parse: "
-                       "address prefixes not supported yet.\n");
-               SENDERR(EAFNOSUPPORT); /* not supported yet */
-       }
-
-       /* XXX check if port!=0 */
-
-       DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW,
-               "pfkey_address_parse: successful.\n");
- errlab:
-       return error;
-}
-
-DEBUG_NO_STATIC int
-pfkey_key_parse(struct sadb_ext *pfkey_ext)
-{
-       int error = 0;
-       struct sadb_key *pfkey_key = (struct sadb_key *)pfkey_ext;
-
-       DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW,
-               "pfkey_key_parse:enter\n");
-       /* sanity checks... */
-
-       if(!pfkey_key) {
-               DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                       "pfkey_key_parse: "
-                       "NULL pointer passed in.\n");
-               SENDERR(EINVAL);
-       }
-
-       if(pfkey_key->sadb_key_len < sizeof(struct sadb_key) / IPSEC_PFKEYv2_ALIGN) {
-               DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                         "pfkey_key_parse: "
-                         "size wrong ext_len=%d, key_ext_len=%d.\n",
-                         pfkey_key->sadb_key_len,
-                         (int)sizeof(struct sadb_key));
-               SENDERR(EINVAL);
-       }
-
-       if(!pfkey_key->sadb_key_bits) {
-               DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                       "pfkey_key_parse: "
-                       "key length set to zero, must be non-zero.\n");
-               SENDERR(EINVAL);
-       }
-
-       if(pfkey_key->sadb_key_len !=
-          DIVUP(sizeof(struct sadb_key) * OCTETBITS + pfkey_key->sadb_key_bits,
-                PFKEYBITS)) {
-               DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                       "pfkey_key_parse: "
-                       "key length=%d does not agree with extension length=%d.\n",
-                       pfkey_key->sadb_key_bits,
-                       pfkey_key->sadb_key_len);
-               SENDERR(EINVAL);
-       }
-
-       if(pfkey_key->sadb_key_reserved) {
-               DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                       "pfkey_key_parse: "
-                       "res=%d, must be zero.\n",
-                       pfkey_key->sadb_key_reserved);
-               SENDERR(EINVAL);
-       }
-
-       if(! ( (pfkey_key->sadb_key_exttype == SADB_EXT_KEY_AUTH) ||
-              (pfkey_key->sadb_key_exttype == SADB_EXT_KEY_ENCRYPT))) {
-               DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                       "pfkey_key_parse: "
-                       "expecting extension type AUTH or ENCRYPT, got %d.\n",
-                       pfkey_key->sadb_key_exttype);
-               SENDERR(EINVAL);
-       }
-
-       DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT,
-                 "pfkey_key_parse: "
-                 "success, found len=%d exttype=%d(%s) bits=%d reserved=%d.\n",
-                 pfkey_key->sadb_key_len,
-                 pfkey_key->sadb_key_exttype,
-                 pfkey_v2_sadb_ext_string(pfkey_key->sadb_key_exttype),
-                 pfkey_key->sadb_key_bits,
-                 pfkey_key->sadb_key_reserved);
-
-errlab:
-       return error;
-}
-
-DEBUG_NO_STATIC int
-pfkey_ident_parse(struct sadb_ext *pfkey_ext)
-{
-       int error = 0;
-       struct sadb_ident *pfkey_ident = (struct sadb_ident *)pfkey_ext;
-
-       /* sanity checks... */
-       if(pfkey_ident->sadb_ident_len < sizeof(struct sadb_ident) / IPSEC_PFKEYv2_ALIGN) {
-               DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                         "pfkey_ident_parse: "
-                         "size wrong ext_len=%d, key_ext_len=%d.\n",
-                         pfkey_ident->sadb_ident_len,
-                         (int)sizeof(struct sadb_ident));
-               SENDERR(EINVAL);
-       }
-
-       if(pfkey_ident->sadb_ident_type > SADB_IDENTTYPE_MAX) {
-               DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                       "pfkey_ident_parse: "
-                       "ident_type=%d out of range, must be less than %d.\n",
-                       pfkey_ident->sadb_ident_type,
-                       SADB_IDENTTYPE_MAX);
-               SENDERR(EINVAL);
-       }
-
-       if(pfkey_ident->sadb_ident_reserved) {
-               DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                       "pfkey_ident_parse: "
-                       "res=%d, must be zero.\n",
-                       pfkey_ident->sadb_ident_reserved);
-               SENDERR(EINVAL);
-       }
-
-       /* string terminator/padding must be zero */
-       if(pfkey_ident->sadb_ident_len > sizeof(struct sadb_ident) / IPSEC_PFKEYv2_ALIGN) {
-               if(*((char*)pfkey_ident + pfkey_ident->sadb_ident_len * IPSEC_PFKEYv2_ALIGN - 1)) {
-                       DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                               "pfkey_ident_parse: "
-                               "string padding must be zero, last is 0x%02x.\n",
-                               *((char*)pfkey_ident +
-                                 pfkey_ident->sadb_ident_len * IPSEC_PFKEYv2_ALIGN - 1));
-                       SENDERR(EINVAL);
-               }
-       }
-
-       if( ! ((pfkey_ident->sadb_ident_exttype == SADB_EXT_IDENTITY_SRC) ||
-              (pfkey_ident->sadb_ident_exttype == SADB_EXT_IDENTITY_DST))) {
-               DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                       "pfkey_key_parse: "
-                       "expecting extension type IDENTITY_SRC or IDENTITY_DST, got %d.\n",
-                       pfkey_ident->sadb_ident_exttype);
-               SENDERR(EINVAL);
-       }
-
-errlab:
-       return error;
-}
-
-DEBUG_NO_STATIC int
-pfkey_sens_parse(struct sadb_ext *pfkey_ext)
-{
-       int error = 0;
-       struct sadb_sens *pfkey_sens = (struct sadb_sens *)pfkey_ext;
-
-       /* sanity checks... */
-       if(pfkey_sens->sadb_sens_len < sizeof(struct sadb_sens) / IPSEC_PFKEYv2_ALIGN) {
-               DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                         "pfkey_sens_parse: "
-                         "size wrong ext_len=%d, key_ext_len=%d.\n",
-                         pfkey_sens->sadb_sens_len,
-                         (int)sizeof(struct sadb_sens));
-               SENDERR(EINVAL);
-       }
-
-       DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-               "pfkey_sens_parse: "
-               "Sorry, I can't parse exttype=%d yet.\n",
-               pfkey_ext->sadb_ext_type);
-#if 0
-       SENDERR(EINVAL); /* don't process these yet */
-#endif
-
-errlab:
-       return error;
-}
-
-DEBUG_NO_STATIC int
-pfkey_prop_parse(struct sadb_ext *pfkey_ext)
-{
-       int error = 0;
-       int i, num_comb;
-       struct sadb_prop *pfkey_prop = (struct sadb_prop *)pfkey_ext;
-       struct sadb_comb *pfkey_comb = (struct sadb_comb *)((char*)pfkey_ext + sizeof(struct sadb_prop));
-
-       /* sanity checks... */
-       if((pfkey_prop->sadb_prop_len < sizeof(struct sadb_prop) / IPSEC_PFKEYv2_ALIGN) ||
-          (((pfkey_prop->sadb_prop_len * IPSEC_PFKEYv2_ALIGN) - sizeof(struct sadb_prop)) % sizeof(struct sadb_comb))) {
-               DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                         "pfkey_prop_parse: "
-                         "size wrong ext_len=%d, prop_ext_len=%d comb_ext_len=%d.\n",
-                         pfkey_prop->sadb_prop_len,
-                         (int)sizeof(struct sadb_prop),
-                         (int)sizeof(struct sadb_comb));
-               SENDERR(EINVAL);
-       }
-
-       if(pfkey_prop->sadb_prop_replay > 64) {
-               DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                       "pfkey_prop_parse: "
-                       "replay window size: %d -- must be 0 <= size <= 64\n",
-                       pfkey_prop->sadb_prop_replay);
-               SENDERR(EINVAL);
-       }
-
-       for(i=0; i<3; i++) {
-               if(pfkey_prop->sadb_prop_reserved[i]) {
-                       DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                               "pfkey_prop_parse: "
-                               "res[%d]=%d, must be zero.\n",
-                               i, pfkey_prop->sadb_prop_reserved[i]);
-                       SENDERR(EINVAL);
-               }
-       }
-
-       num_comb = ((pfkey_prop->sadb_prop_len * IPSEC_PFKEYv2_ALIGN) - sizeof(struct sadb_prop)) / sizeof(struct sadb_comb);
-
-       for(i = 0; i < num_comb; i++) {
-               if(pfkey_comb->sadb_comb_auth > SADB_AALG_MAX) {
-                       DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                               "pfkey_prop_parse: "
-                               "pfkey_comb[%d]->sadb_comb_auth=%d > SADB_AALG_MAX=%d.\n",
-                               i,
-                               pfkey_comb->sadb_comb_auth,
-                               SADB_AALG_MAX);
-                       SENDERR(EINVAL);
-               }
-
-               if(pfkey_comb->sadb_comb_auth) {
-                       if(!pfkey_comb->sadb_comb_auth_minbits) {
-                               DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                                       "pfkey_prop_parse: "
-                                       "pfkey_comb[%d]->sadb_comb_auth_minbits=0, fatal.\n",
-                                       i);
-                               SENDERR(EINVAL);
-                       }
-                       if(!pfkey_comb->sadb_comb_auth_maxbits) {
-                               DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                                       "pfkey_prop_parse: "
-                                       "pfkey_comb[%d]->sadb_comb_auth_maxbits=0, fatal.\n",
-                                       i);
-                               SENDERR(EINVAL);
-                       }
-                       if(pfkey_comb->sadb_comb_auth_minbits > pfkey_comb->sadb_comb_auth_maxbits) {
-                               DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                                       "pfkey_prop_parse: "
-                                       "pfkey_comb[%d]->sadb_comb_auth_minbits=%d > maxbits=%d, fatal.\n",
-                                       i,
-                                       pfkey_comb->sadb_comb_auth_minbits,
-                                       pfkey_comb->sadb_comb_auth_maxbits);
-                               SENDERR(EINVAL);
-                       }
-               } else {
-                       if(pfkey_comb->sadb_comb_auth_minbits) {
-                               DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                                       "pfkey_prop_parse: "
-                                       "pfkey_comb[%d]->sadb_comb_auth_minbits=%d != 0, fatal.\n",
-                                       i,
-                                       pfkey_comb->sadb_comb_auth_minbits);
-                               SENDERR(EINVAL);
-                       }
-                       if(pfkey_comb->sadb_comb_auth_maxbits) {
-                               DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                                       "pfkey_prop_parse: "
-                                       "pfkey_comb[%d]->sadb_comb_auth_maxbits=%d != 0, fatal.\n",
-                                       i,
-                                       pfkey_comb->sadb_comb_auth_maxbits);
-                               SENDERR(EINVAL);
-                       }
-               }
-
-               if(pfkey_comb->sadb_comb_encrypt > SADB_EALG_MAX) {
-                       DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                               "pfkey_comb_parse: "
-                               "pfkey_comb[%d]->sadb_comb_encrypt=%d > SADB_EALG_MAX=%d.\n",
-                               i,
-                               pfkey_comb->sadb_comb_encrypt,
-                               SADB_EALG_MAX);
-                       SENDERR(EINVAL);
-               }
-
-               if(pfkey_comb->sadb_comb_encrypt) {
-                       if(!pfkey_comb->sadb_comb_encrypt_minbits) {
-                               DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                                       "pfkey_prop_parse: "
-                                       "pfkey_comb[%d]->sadb_comb_encrypt_minbits=0, fatal.\n",
-                                       i);
-                               SENDERR(EINVAL);
-                       }
-                       if(!pfkey_comb->sadb_comb_encrypt_maxbits) {
-                               DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                                       "pfkey_prop_parse: "
-                                       "pfkey_comb[%d]->sadb_comb_encrypt_maxbits=0, fatal.\n",
-                                       i);
-                               SENDERR(EINVAL);
-                       }
-                       if(pfkey_comb->sadb_comb_encrypt_minbits > pfkey_comb->sadb_comb_encrypt_maxbits) {
-                               DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                                       "pfkey_prop_parse: "
-                                       "pfkey_comb[%d]->sadb_comb_encrypt_minbits=%d > maxbits=%d, fatal.\n",
-                                       i,
-                                       pfkey_comb->sadb_comb_encrypt_minbits,
-                                       pfkey_comb->sadb_comb_encrypt_maxbits);
-                               SENDERR(EINVAL);
-                       }
-               } else {
-                       if(pfkey_comb->sadb_comb_encrypt_minbits) {
-                               DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                                       "pfkey_prop_parse: "
-                                       "pfkey_comb[%d]->sadb_comb_encrypt_minbits=%d != 0, fatal.\n",
-                                       i,
-                                       pfkey_comb->sadb_comb_encrypt_minbits);
-                               SENDERR(EINVAL);
-                       }
-                       if(pfkey_comb->sadb_comb_encrypt_maxbits) {
-                               DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                                       "pfkey_prop_parse: "
-                                       "pfkey_comb[%d]->sadb_comb_encrypt_maxbits=%d != 0, fatal.\n",
-                                       i,
-                                       pfkey_comb->sadb_comb_encrypt_maxbits);
-                               SENDERR(EINVAL);
-                       }
-               }
-
-               /* XXX do sanity check on flags */
-
-               if(pfkey_comb->sadb_comb_hard_allocations && pfkey_comb->sadb_comb_soft_allocations > pfkey_comb->sadb_comb_hard_allocations) {
-                       DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                                 "pfkey_prop_parse: "
-                                 "pfkey_comb[%d]->sadb_comb_soft_allocations=%d > hard_allocations=%d, fatal.\n",
-                                 i,
-                                 pfkey_comb->sadb_comb_soft_allocations,
-                                 pfkey_comb->sadb_comb_hard_allocations);
-                       SENDERR(EINVAL);
-               }
-
-               if(pfkey_comb->sadb_comb_hard_bytes && pfkey_comb->sadb_comb_soft_bytes > pfkey_comb->sadb_comb_hard_bytes) {
-                       DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                                 "pfkey_prop_parse: "
-                                 "pfkey_comb[%d]->sadb_comb_soft_bytes=%Ld > hard_bytes=%Ld, fatal.\n",
-                                 i,
-                                 (unsigned long long int)pfkey_comb->sadb_comb_soft_bytes,
-                                 (unsigned long long int)pfkey_comb->sadb_comb_hard_bytes);
-                       SENDERR(EINVAL);
-               }
-
-               if(pfkey_comb->sadb_comb_hard_addtime && pfkey_comb->sadb_comb_soft_addtime > pfkey_comb->sadb_comb_hard_addtime) {
-                       DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                                 "pfkey_prop_parse: "
-                                 "pfkey_comb[%d]->sadb_comb_soft_addtime=%Ld > hard_addtime=%Ld, fatal.\n",
-                                 i,
-                                 (unsigned long long int)pfkey_comb->sadb_comb_soft_addtime,
-                                 (unsigned long long int)pfkey_comb->sadb_comb_hard_addtime);
-                       SENDERR(EINVAL);
-               }
-
-               if(pfkey_comb->sadb_comb_hard_usetime && pfkey_comb->sadb_comb_soft_usetime > pfkey_comb->sadb_comb_hard_usetime) {
-                       DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                                 "pfkey_prop_parse: "
-                                 "pfkey_comb[%d]->sadb_comb_soft_usetime=%Ld > hard_usetime=%Ld, fatal.\n",
-                                 i,
-                                 (unsigned long long int)pfkey_comb->sadb_comb_soft_usetime,
-                                 (unsigned long long int)pfkey_comb->sadb_comb_hard_usetime);
-                       SENDERR(EINVAL);
-               }
-
-               if(pfkey_comb->sadb_x_comb_hard_packets && pfkey_comb->sadb_x_comb_soft_packets > pfkey_comb->sadb_x_comb_hard_packets) {
-                       DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                               "pfkey_prop_parse: "
-                               "pfkey_comb[%d]->sadb_x_comb_soft_packets=%d > hard_packets=%d, fatal.\n",
-                               i,
-                               pfkey_comb->sadb_x_comb_soft_packets,
-                               pfkey_comb->sadb_x_comb_hard_packets);
-                       SENDERR(EINVAL);
-               }
-
-               if(pfkey_comb->sadb_comb_reserved) {
-                       DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                               "pfkey_prop_parse: "
-                               "comb[%d].res=%d, must be zero.\n",
-                               i,
-                               pfkey_comb->sadb_comb_reserved);
-                       SENDERR(EINVAL);
-               }
-               pfkey_comb++;
-       }
-
-errlab:
-       return error;
-}
-
-DEBUG_NO_STATIC int
-pfkey_supported_parse(struct sadb_ext *pfkey_ext)
-{
-       int error = 0;
-       unsigned int i, num_alg;
-       struct sadb_supported *pfkey_supported = (struct sadb_supported *)pfkey_ext;
-       struct sadb_alg *pfkey_alg = (struct sadb_alg*)((char*)pfkey_ext + sizeof(struct sadb_supported));
-
-       /* sanity checks... */
-       if((pfkey_supported->sadb_supported_len <
-          sizeof(struct sadb_supported) / IPSEC_PFKEYv2_ALIGN) ||
-          (((pfkey_supported->sadb_supported_len * IPSEC_PFKEYv2_ALIGN) -
-            sizeof(struct sadb_supported)) % sizeof(struct sadb_alg))) {
-
-               DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                         "pfkey_supported_parse: "
-                         "size wrong ext_len=%d, supported_ext_len=%d alg_ext_len=%d.\n",
-                         pfkey_supported->sadb_supported_len,
-                         (int)sizeof(struct sadb_supported),
-                         (int)sizeof(struct sadb_alg));
-               SENDERR(EINVAL);
-       }
-
-       if(pfkey_supported->sadb_supported_reserved) {
-               DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                       "pfkey_supported_parse: "
-                       "res=%d, must be zero.\n",
-                       pfkey_supported->sadb_supported_reserved);
-               SENDERR(EINVAL);
-       }
-
-       num_alg = ((pfkey_supported->sadb_supported_len * IPSEC_PFKEYv2_ALIGN) - sizeof(struct sadb_supported)) / sizeof(struct sadb_alg);
-
-       for(i = 0; i < num_alg; i++) {
-               /* process algo description */
-               if(pfkey_alg->sadb_alg_reserved) {
-                       DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                               "pfkey_supported_parse: "
-                               "alg[%d], id=%d, ivlen=%d, minbits=%d, maxbits=%d, res=%d, must be zero.\n",
-                               i,
-                               pfkey_alg->sadb_alg_id,
-                               pfkey_alg->sadb_alg_ivlen,
-                               pfkey_alg->sadb_alg_minbits,
-                               pfkey_alg->sadb_alg_maxbits,
-                               pfkey_alg->sadb_alg_reserved);
-                       SENDERR(EINVAL);
-               }
-
-               /* XXX can alg_id auth/enc be determined from info given?
-                  Yes, but OpenBSD's method does not iteroperate with rfc2367.
-                  rgb, 2000-04-06 */
-
-               switch(pfkey_supported->sadb_supported_exttype) {
-               case SADB_EXT_SUPPORTED_AUTH:
-                       if(pfkey_alg->sadb_alg_id > SADB_AALG_MAX) {
-                               DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                                       "pfkey_supported_parse: "
-                                       "alg[%d], alg_id=%d > SADB_AALG_MAX=%d, fatal.\n",
-                                       i,
-                                       pfkey_alg->sadb_alg_id,
-                                       SADB_AALG_MAX);
-                               SENDERR(EINVAL);
-                       }
-                       break;
-               case SADB_EXT_SUPPORTED_ENCRYPT:
-                       if(pfkey_alg->sadb_alg_id > SADB_EALG_MAX) {
-                               DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                                       "pfkey_supported_parse: "
-                                       "alg[%d], alg_id=%d > SADB_EALG_MAX=%d, fatal.\n",
-                                       i,
-                                       pfkey_alg->sadb_alg_id,
-                                       SADB_EALG_MAX);
-                               SENDERR(EINVAL);
-                       }
-                       break;
-               default:
-                       DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                               "pfkey_supported_parse: "
-                               "alg[%d], alg_id=%d > SADB_EALG_MAX=%d, fatal.\n",
-                               i,
-                               pfkey_alg->sadb_alg_id,
-                               SADB_EALG_MAX);
-                       SENDERR(EINVAL);
-               }
-               pfkey_alg++;
-       }
-
- errlab:
-       return error;
-}
-
-DEBUG_NO_STATIC int
-pfkey_spirange_parse(struct sadb_ext *pfkey_ext)
-{
-       int error = 0;
-       struct sadb_spirange *pfkey_spirange = (struct sadb_spirange *)pfkey_ext;
-
-       /* sanity checks... */
-        if(pfkey_spirange->sadb_spirange_len !=
-          sizeof(struct sadb_spirange) / IPSEC_PFKEYv2_ALIGN) {
-               DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                         "pfkey_spirange_parse: "
-                         "size wrong ext_len=%d, key_ext_len=%d.\n",
-                         pfkey_spirange->sadb_spirange_len,
-                         (int)sizeof(struct sadb_spirange));
-                SENDERR(EINVAL);
-        }
-
-        if(pfkey_spirange->sadb_spirange_reserved) {
-               DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                       "pfkey_spirange_parse: "
-                       "reserved=%d must be set to zero.\n",
-                       pfkey_spirange->sadb_spirange_reserved);
-                SENDERR(EINVAL);
-        }
-
-        if(ntohl(pfkey_spirange->sadb_spirange_max) < ntohl(pfkey_spirange->sadb_spirange_min)) {
-               DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                       "pfkey_spirange_parse: "
-                       "minspi=%08x must be < maxspi=%08x.\n",
-                       ntohl(pfkey_spirange->sadb_spirange_min),
-                       ntohl(pfkey_spirange->sadb_spirange_max));
-                SENDERR(EINVAL);
-        }
-
-       if(ntohl(pfkey_spirange->sadb_spirange_min) <= 255) {
-               DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                       "pfkey_spirange_parse: "
-                       "minspi=%08x must be > 255.\n",
-                       ntohl(pfkey_spirange->sadb_spirange_min));
-               SENDERR(EEXIST);
-       }
-
-       DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT,
-                 "pfkey_spirange_parse: "
-                 "ext_len=%u ext_type=%u(%s) min=%u max=%u res=%u.\n",
-                 pfkey_spirange->sadb_spirange_len,
-                 pfkey_spirange->sadb_spirange_exttype,
-                 pfkey_v2_sadb_ext_string(pfkey_spirange->sadb_spirange_exttype),
-                 pfkey_spirange->sadb_spirange_min,
-                 pfkey_spirange->sadb_spirange_max,
-                 pfkey_spirange->sadb_spirange_reserved);
- errlab:
-       return error;
-}
-
-DEBUG_NO_STATIC int
-pfkey_x_kmprivate_parse(struct sadb_ext *pfkey_ext)
-{
-       int error = 0;
-       struct sadb_x_kmprivate *pfkey_x_kmprivate = (struct sadb_x_kmprivate *)pfkey_ext;
-
-       /* sanity checks... */
-       if(pfkey_x_kmprivate->sadb_x_kmprivate_len <
-          sizeof(struct sadb_x_kmprivate) / IPSEC_PFKEYv2_ALIGN) {
-               DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                         "pfkey_x_kmprivate_parse: "
-                         "size wrong ext_len=%d, key_ext_len=%d.\n",
-                         pfkey_x_kmprivate->sadb_x_kmprivate_len,
-                         (int)sizeof(struct sadb_x_kmprivate));
-               SENDERR(EINVAL);
-       }
-
-       if(pfkey_x_kmprivate->sadb_x_kmprivate_reserved) {
-               DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                         "pfkey_x_kmprivate_parse: "
-                         "reserved=%d must be set to zero.\n",
-                         pfkey_x_kmprivate->sadb_x_kmprivate_reserved);
-               SENDERR(EINVAL);
-       }
-
-       DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                 "pfkey_x_kmprivate_parse: "
-                 "Sorry, I can't parse exttype=%d yet.\n",
-                 pfkey_ext->sadb_ext_type);
-       SENDERR(EINVAL); /* don't process these yet */
-
-errlab:
-       return error;
-}
-
-DEBUG_NO_STATIC int
-pfkey_x_satype_parse(struct sadb_ext *pfkey_ext)
-{
-       int error = 0;
-       int i;
-       struct sadb_x_satype *pfkey_x_satype = (struct sadb_x_satype *)pfkey_ext;
-
-       DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW,
-               "pfkey_x_satype_parse: enter\n");
-       /* sanity checks... */
-       if(pfkey_x_satype->sadb_x_satype_len !=
-          sizeof(struct sadb_x_satype) / IPSEC_PFKEYv2_ALIGN) {
-               DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                         "pfkey_x_satype_parse: "
-                         "size wrong ext_len=%d, key_ext_len=%d.\n",
-                         pfkey_x_satype->sadb_x_satype_len,
-                         (int)sizeof(struct sadb_x_satype));
-               SENDERR(EINVAL);
-       }
-
-       if(!pfkey_x_satype->sadb_x_satype_satype) {
-               DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                       "pfkey_x_satype_parse: "
-                       "satype is zero, must be non-zero.\n");
-               SENDERR(EINVAL);
-       }
-
-       if(pfkey_x_satype->sadb_x_satype_satype > SADB_SATYPE_MAX) {
-               DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                       "pfkey_x_satype_parse: "
-                       "satype %d > max %d, invalid.\n",
-                       pfkey_x_satype->sadb_x_satype_satype, SADB_SATYPE_MAX);
-               SENDERR(EINVAL);
-       }
-
-       if(!(satype2proto(pfkey_x_satype->sadb_x_satype_satype))) {
-               DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                       "pfkey_x_satype_parse: "
-                       "proto lookup from satype=%d failed.\n",
-                       pfkey_x_satype->sadb_x_satype_satype);
-               SENDERR(EINVAL);
-       }
-
-       for(i = 0; i < 3; i++) {
-               if(pfkey_x_satype->sadb_x_satype_reserved[i]) {
-                       DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                               "pfkey_x_satype_parse: "
-                               "reserved[%d]=%d must be set to zero.\n",
-                               i, pfkey_x_satype->sadb_x_satype_reserved[i]);
-                       SENDERR(EINVAL);
-               }
-       }
-
-       DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT,
-                 "pfkey_x_satype_parse: "
-                 "len=%u ext=%u(%s) satype=%u(%s) res=%u,%u,%u.\n",
-                 pfkey_x_satype->sadb_x_satype_len,
-                 pfkey_x_satype->sadb_x_satype_exttype,
-                 pfkey_v2_sadb_ext_string(pfkey_x_satype->sadb_x_satype_exttype),
-                 pfkey_x_satype->sadb_x_satype_satype,
-                 satype2name(pfkey_x_satype->sadb_x_satype_satype),
-                 pfkey_x_satype->sadb_x_satype_reserved[0],
-                 pfkey_x_satype->sadb_x_satype_reserved[1],
-                 pfkey_x_satype->sadb_x_satype_reserved[2]);
-errlab:
-       return error;
-}
-
-DEBUG_NO_STATIC int
-pfkey_x_ext_debug_parse(struct sadb_ext *pfkey_ext)
-{
-       int error = 0;
-       int i;
-       struct sadb_x_debug *pfkey_x_debug = (struct sadb_x_debug *)pfkey_ext;
-
-       DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW,
-               "pfkey_x_debug_parse: enter\n");
-       /* sanity checks... */
-       if(pfkey_x_debug->sadb_x_debug_len !=
-          sizeof(struct sadb_x_debug) / IPSEC_PFKEYv2_ALIGN) {
-               DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                         "pfkey_x_debug_parse: "
-                         "size wrong ext_len=%d, key_ext_len=%d.\n",
-                         pfkey_x_debug->sadb_x_debug_len,
-                         (int)sizeof(struct sadb_x_debug));
-               SENDERR(EINVAL);
-       }
-
-       for(i = 0; i < 4; i++) {
-               if(pfkey_x_debug->sadb_x_debug_reserved[i]) {
-                       DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                               "pfkey_x_debug_parse: "
-                               "reserved[%d]=%d must be set to zero.\n",
-                               i, pfkey_x_debug->sadb_x_debug_reserved[i]);
-                       SENDERR(EINVAL);
-               }
-       }
-
-errlab:
-       return error;
-}
-
-DEBUG_NO_STATIC int
-pfkey_x_ext_protocol_parse(struct sadb_ext *pfkey_ext)
-{
-       int error = 0;
-       struct sadb_protocol *p = (struct sadb_protocol *)pfkey_ext;
-
-       DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, "pfkey_x_protocol_parse:\n");
-       /* sanity checks... */
-
-       if (p->sadb_protocol_len != sizeof(*p)/IPSEC_PFKEYv2_ALIGN) {
-               DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                         "pfkey_x_protocol_parse: size wrong ext_len=%d, key_ext_len=%d.\n",
-                         p->sadb_protocol_len, (int)sizeof(*p));
-               SENDERR(EINVAL);
-       }
-
-       if (p->sadb_protocol_reserved2 != 0) {
-               DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                         "pfkey_protocol_parse: res=%d, must be zero.\n",
-                         p->sadb_protocol_reserved2);
-               SENDERR(EINVAL);
-       }
-
- errlab:
-       return error;
-}
-
-DEBUG_NO_STATIC int
-pfkey_x_ext_nat_t_type_parse(struct sadb_ext *pfkey_ext)
-{
-       return 0;
-}
-
-DEBUG_NO_STATIC int
-pfkey_x_ext_nat_t_port_parse(struct sadb_ext *pfkey_ext)
-{
-       return 0;
-}
-
-#define DEFINEPARSER(NAME) static struct pf_key_ext_parsers_def NAME##_def={NAME, #NAME};
-
-DEFINEPARSER(pfkey_sa_parse);
-DEFINEPARSER(pfkey_lifetime_parse);
-DEFINEPARSER(pfkey_address_parse);
-DEFINEPARSER(pfkey_key_parse);
-DEFINEPARSER(pfkey_ident_parse);
-DEFINEPARSER(pfkey_sens_parse);
-DEFINEPARSER(pfkey_prop_parse);
-DEFINEPARSER(pfkey_supported_parse);
-DEFINEPARSER(pfkey_spirange_parse);
-DEFINEPARSER(pfkey_x_kmprivate_parse);
-DEFINEPARSER(pfkey_x_satype_parse);
-DEFINEPARSER(pfkey_x_ext_debug_parse);
-DEFINEPARSER(pfkey_x_ext_protocol_parse);
-DEFINEPARSER(pfkey_x_ext_nat_t_type_parse);
-DEFINEPARSER(pfkey_x_ext_nat_t_port_parse);
-
-struct pf_key_ext_parsers_def *ext_default_parsers[]=
-{
-       NULL,                 /* pfkey_msg_parse, */
-       &pfkey_sa_parse_def,
-       &pfkey_lifetime_parse_def,
-       &pfkey_lifetime_parse_def,
-       &pfkey_lifetime_parse_def,
-       &pfkey_address_parse_def,
-       &pfkey_address_parse_def,
-       &pfkey_address_parse_def,
-       &pfkey_key_parse_def,
-       &pfkey_key_parse_def,
-       &pfkey_ident_parse_def,
-       &pfkey_ident_parse_def,
-       &pfkey_sens_parse_def,
-       &pfkey_prop_parse_def,
-       &pfkey_supported_parse_def,
-       &pfkey_supported_parse_def,
-       &pfkey_spirange_parse_def,
-       &pfkey_x_kmprivate_parse_def,
-       &pfkey_x_satype_parse_def,
-       &pfkey_sa_parse_def,
-       &pfkey_address_parse_def,
-       &pfkey_address_parse_def,
-       &pfkey_address_parse_def,
-       &pfkey_address_parse_def,
-       &pfkey_address_parse_def,
-       &pfkey_x_ext_debug_parse_def,
-       &pfkey_x_ext_protocol_parse_def ,
-       &pfkey_x_ext_nat_t_type_parse_def,
-       &pfkey_x_ext_nat_t_port_parse_def,
-       &pfkey_x_ext_nat_t_port_parse_def,
-       &pfkey_address_parse_def
-};
-
-int
-pfkey_msg_parse(struct sadb_msg *pfkey_msg,
-               struct pf_key_ext_parsers_def *ext_parsers[],
-               struct sadb_ext *extensions[],
-               int dir)
-{
-       int error = 0;
-       int remain;
-       struct sadb_ext *pfkey_ext;
-       int extensions_seen = 0;
-
-       DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT,
-                 "pfkey_msg_parse: "
-                 "parsing message ver=%d, type=%d(%s), errno=%d, satype=%d(%s), len=%d, res=%d, seq=%d, pid=%d.\n",
-                 pfkey_msg->sadb_msg_version,
-                 pfkey_msg->sadb_msg_type,
-                 pfkey_v2_sadb_type_string(pfkey_msg->sadb_msg_type),
-                 pfkey_msg->sadb_msg_errno,
-                 pfkey_msg->sadb_msg_satype,
-                 satype2name(pfkey_msg->sadb_msg_satype),
-                 pfkey_msg->sadb_msg_len,
-                 pfkey_msg->sadb_msg_reserved,
-                 pfkey_msg->sadb_msg_seq,
-                 pfkey_msg->sadb_msg_pid);
-
-       if(ext_parsers == NULL) ext_parsers = ext_default_parsers;
-
-       pfkey_extensions_init(extensions);
-
-       remain = pfkey_msg->sadb_msg_len;
-       remain -= sizeof(struct sadb_msg) / IPSEC_PFKEYv2_ALIGN;
-
-       pfkey_ext = (struct sadb_ext*)((char*)pfkey_msg +
-                                      sizeof(struct sadb_msg));
-
-       extensions[0] = (struct sadb_ext *) pfkey_msg;
-
-
-       if(pfkey_msg->sadb_msg_version != PF_KEY_V2) {
-               DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                       "pfkey_msg_parse: "
-                       "not PF_KEY_V2 msg, found %d, should be %d.\n",
-                       pfkey_msg->sadb_msg_version,
-                       PF_KEY_V2);
-               SENDERR(EINVAL);
-       }
-
-       if(!pfkey_msg->sadb_msg_type) {
-               DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                       "pfkey_msg_parse: "
-                       "msg type not set, must be non-zero..\n");
-               SENDERR(EINVAL);
-       }
-
-       if(pfkey_msg->sadb_msg_type > SADB_MAX) {
-               DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                       "pfkey_msg_parse: "
-                       "msg type=%d > max=%d.\n",
-                       pfkey_msg->sadb_msg_type,
-                       SADB_MAX);
-               SENDERR(EINVAL);
-       }
-
-       switch(pfkey_msg->sadb_msg_type) {
-       case SADB_GETSPI:
-       case SADB_UPDATE:
-       case SADB_ADD:
-       case SADB_DELETE:
-       case SADB_GET:
-       case SADB_X_GRPSA:
-       case SADB_X_ADDFLOW:
-               if(!satype2proto(pfkey_msg->sadb_msg_satype)) {
-                       DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                                 "pfkey_msg_parse: "
-                                 "satype %d conversion to proto failed for msg_type %d (%s).\n",
-                                 pfkey_msg->sadb_msg_satype,
-                                 pfkey_msg->sadb_msg_type,
-                                 pfkey_v2_sadb_type_string(pfkey_msg->sadb_msg_type));
-                       SENDERR(EINVAL);
-               } else {
-                       DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                                 "pfkey_msg_parse: "
-                                 "satype %d(%s) conversion to proto gives %d for msg_type %d(%s).\n",
-                                 pfkey_msg->sadb_msg_satype,
-                                 satype2name(pfkey_msg->sadb_msg_satype),
-                                 satype2proto(pfkey_msg->sadb_msg_satype),
-                                 pfkey_msg->sadb_msg_type,
-                                 pfkey_v2_sadb_type_string(pfkey_msg->sadb_msg_type));
-               }
-               /* fall through */
-       case SADB_ACQUIRE:
-       case SADB_REGISTER:
-       case SADB_EXPIRE:
-               if(!pfkey_msg->sadb_msg_satype) {
-                       DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                                 "pfkey_msg_parse: "
-                                 "satype is zero, must be non-zero for msg_type %d(%s).\n",
-                                 pfkey_msg->sadb_msg_type,
-                                 pfkey_v2_sadb_type_string(pfkey_msg->sadb_msg_type));
-                       SENDERR(EINVAL);
-               }
-       default:
-               break;
-       }
-
-       /* errno must not be set in downward messages */
-       /* this is not entirely true... a response to an ACQUIRE could return an error */
-       if((dir == EXT_BITS_IN) && (pfkey_msg->sadb_msg_type != SADB_ACQUIRE) && pfkey_msg->sadb_msg_errno) {
-               DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                           "pfkey_msg_parse: "
-                           "errno set to %d.\n",
-                           pfkey_msg->sadb_msg_errno);
-               SENDERR(EINVAL);
-       }
-
-       DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW,
-                 "pfkey_msg_parse: "
-                 "remain=%d, ext_type=%d(%s), ext_len=%d.\n",
-                 remain,
-                 pfkey_ext->sadb_ext_type,
-                 pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type),
-                 pfkey_ext->sadb_ext_len);
-
-       DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW,
-               "pfkey_msg_parse: "
-               "extensions permitted=%08x, required=%08x.\n",
-               extensions_bitmaps[dir][EXT_BITS_PERM][pfkey_msg->sadb_msg_type],
-               extensions_bitmaps[dir][EXT_BITS_REQ][pfkey_msg->sadb_msg_type]);
-
-       extensions_seen = 1;
-
-       while( (remain * IPSEC_PFKEYv2_ALIGN) >= sizeof(struct sadb_ext) ) {
-               /* Is there enough message left to support another extension header? */
-               if(remain < pfkey_ext->sadb_ext_len) {
-                       DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                               "pfkey_msg_parse: "
-                               "remain %d less than ext len %d.\n",
-                               remain, pfkey_ext->sadb_ext_len);
-                       SENDERR(EINVAL);
-               }
-
-               DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW,
-                       "pfkey_msg_parse: "
-                       "parsing ext type=%d(%s) remain=%d.\n",
-                       pfkey_ext->sadb_ext_type,
-                       pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type),
-                       remain);
-
-               /* Is the extension header type valid? */
-               if((pfkey_ext->sadb_ext_type > SADB_EXT_MAX) || (!pfkey_ext->sadb_ext_type)) {
-                       DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                               "pfkey_msg_parse: "
-                               "ext type %d(%s) invalid, SADB_EXT_MAX=%d.\n",
-                               pfkey_ext->sadb_ext_type,
-                               pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type),
-                               SADB_EXT_MAX);
-                       SENDERR(EINVAL);
-               }
-
-               /* Have we already seen this type of extension? */
-               if((extensions_seen & ( 1 << pfkey_ext->sadb_ext_type )) != 0)
-               {
-                       DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                               "pfkey_msg_parse: "
-                               "ext type %d(%s) already seen.\n",
-                               pfkey_ext->sadb_ext_type,
-                               pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type));
-                       SENDERR(EINVAL);
-               }
-
-               /* Do I even know about this type of extension? */
-               if(ext_parsers[pfkey_ext->sadb_ext_type]==NULL) {
-                       DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                               "pfkey_msg_parse: "
-                               "ext type %d(%s) unknown, ignoring.\n",
-                               pfkey_ext->sadb_ext_type,
-                               pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type));
-                       goto next_ext;
-               }
-
-               /* Is this type of extension permitted for this type of message? */
-               if(!(extensions_bitmaps[dir][EXT_BITS_PERM][pfkey_msg->sadb_msg_type] &
-                    1<<pfkey_ext->sadb_ext_type)) {
-                       DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                               "pfkey_msg_parse: "
-                               "ext type %d(%s) not permitted, exts_perm_in=%08x, 1<<type=%08x\n",
-                               pfkey_ext->sadb_ext_type,
-                               pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type),
-                               extensions_bitmaps[dir][EXT_BITS_PERM][pfkey_msg->sadb_msg_type],
-                               1<<pfkey_ext->sadb_ext_type);
-                       SENDERR(EINVAL);
-               }
-
-               DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT,
-                         "pfkey_msg_parse: "
-                         "remain=%d ext_type=%d(%s) ext_len=%d parsing ext 0p%p with parser %s.\n",
-                         remain,
-                         pfkey_ext->sadb_ext_type,
-                         pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type),
-                         pfkey_ext->sadb_ext_len,
-                         pfkey_ext,
-                         ext_parsers[pfkey_ext->sadb_ext_type]->parser_name);
-
-               /* Parse the extension */
-               if((error =
-                   (*ext_parsers[pfkey_ext->sadb_ext_type]->parser)(pfkey_ext))) {
-                       DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                               "pfkey_msg_parse: "
-                               "extension parsing for type %d(%s) failed with error %d.\n",
-                               pfkey_ext->sadb_ext_type,
-                               pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type),
-                               error);
-                       SENDERR(-error);
-               }
-               DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW,
-                       "pfkey_msg_parse: "
-                       "Extension %d(%s) parsed.\n",
-                       pfkey_ext->sadb_ext_type,
-                       pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type));
-
-               /* Mark that we have seen this extension and remember the header location */
-               extensions_seen |= ( 1 << pfkey_ext->sadb_ext_type );
-               extensions[pfkey_ext->sadb_ext_type] = pfkey_ext;
-
-       next_ext:
-               /* Calculate how much message remains */
-               remain -= pfkey_ext->sadb_ext_len;
-
-               if(!remain) {
-                       break;
-               }
-               /* Find the next extension header */
-               pfkey_ext = (struct sadb_ext*)((char*)pfkey_ext +
-                       pfkey_ext->sadb_ext_len * IPSEC_PFKEYv2_ALIGN);
-       }
-
-       if(remain) {
-               DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                       "pfkey_msg_parse: "
-                       "unexpected remainder of %d.\n",
-                       remain);
-               /* why is there still something remaining? */
-               SENDERR(EINVAL);
-       }
-
-       /* check required extensions */
-       DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT,
-               "pfkey_msg_parse: "
-               "extensions permitted=%08x, seen=%08x, required=%08x.\n",
-               extensions_bitmaps[dir][EXT_BITS_PERM][pfkey_msg->sadb_msg_type],
-               extensions_seen,
-               extensions_bitmaps[dir][EXT_BITS_REQ][pfkey_msg->sadb_msg_type]);
-
-       /* don't check further if it is an error return message since it
-          may not have a body */
-       if(pfkey_msg->sadb_msg_errno) {
-               SENDERR(-error);
-       }
-
-       if((extensions_seen &
-           extensions_bitmaps[dir][EXT_BITS_REQ][pfkey_msg->sadb_msg_type]) !=
-          extensions_bitmaps[dir][EXT_BITS_REQ][pfkey_msg->sadb_msg_type]) {
-               DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                       "pfkey_msg_parse: "
-                       "required extensions missing:%08x.\n",
-                       extensions_bitmaps[dir][EXT_BITS_REQ][pfkey_msg->sadb_msg_type] -
-                       (extensions_seen &
-                        extensions_bitmaps[dir][EXT_BITS_REQ][pfkey_msg->sadb_msg_type]));
-               SENDERR(EINVAL);
-       }
-
-       if((dir == EXT_BITS_IN) && (pfkey_msg->sadb_msg_type == SADB_X_DELFLOW)
-          && ((extensions_seen & SADB_X_EXT_ADDRESS_DELFLOW)
-              != SADB_X_EXT_ADDRESS_DELFLOW)
-          && (((extensions_seen & (1<<SADB_EXT_SA)) != (1<<SADB_EXT_SA))
-          || ((((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_flags
-               & SADB_X_SAFLAGS_CLEARFLOW)
-              != SADB_X_SAFLAGS_CLEARFLOW))) {
-               DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                       "pfkey_msg_parse: "
-                       "required SADB_X_DELFLOW extensions missing: either %08x must be present or %08x must be present with SADB_X_SAFLAGS_CLEARFLOW set.\n",
-                       SADB_X_EXT_ADDRESS_DELFLOW
-                       - (extensions_seen & SADB_X_EXT_ADDRESS_DELFLOW),
-                       (1<<SADB_EXT_SA) - (extensions_seen & (1<<SADB_EXT_SA)));
-               SENDERR(EINVAL);
-       }
-
-       switch(pfkey_msg->sadb_msg_type) {
-       case SADB_ADD:
-       case SADB_UPDATE:
-               /* check maturity */
-               if(((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_state !=
-                  SADB_SASTATE_MATURE) {
-                       DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM,
-                               "pfkey_msg_parse: "
-                               "state=%d for add or update should be MATURE=%d.\n",
-                               ((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_state,
-                               SADB_SASTATE_MATURE);
-