| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
1 | /* $NetBSD: ipsec_doi.c,v 1.23.4.9 2008/06/18 07:30:19 mgrooms Exp $ */ | | 1 | /* $NetBSD: ipsec_doi.c,v 1.23.4.10 2009/06/19 07:32:52 tteras Exp $ */ |
2 | | | 2 | |
3 | /* Id: ipsec_doi.c,v 1.55 2006/08/17 09:20:41 vanhu Exp */ | | 3 | /* Id: ipsec_doi.c,v 1.55 2006/08/17 09:20:41 vanhu Exp */ |
4 | | | 4 | |
5 | /* | | 5 | /* |
6 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. | | 6 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. |
7 | * All rights reserved. | | 7 | * All rights reserved. |
8 | * | | 8 | * |
9 | * Redistribution and use in source and binary forms, with or without | | 9 | * Redistribution and use in source and binary forms, with or without |
10 | * modification, are permitted provided that the following conditions | | 10 | * modification, are permitted provided that the following conditions |
11 | * are met: | | 11 | * are met: |
12 | * 1. Redistributions of source code must retain the above copyright | | 12 | * 1. Redistributions of source code must retain the above copyright |
13 | * notice, this list of conditions and the following disclaimer. | | 13 | * notice, this list of conditions and the following disclaimer. |
14 | * 2. Redistributions in binary form must reproduce the above copyright | | 14 | * 2. Redistributions in binary form must reproduce the above copyright |
| @@ -4371,64 +4371,78 @@ ipsecdoi_id2sockaddr(buf, saddr, prefixl | | | @@ -4371,64 +4371,78 @@ ipsecdoi_id2sockaddr(buf, saddr, prefixl |
4371 | /* | | 4371 | /* |
4372 | * make printable string from ID payload except of general header. | | 4372 | * make printable string from ID payload except of general header. |
4373 | */ | | 4373 | */ |
4374 | char * | | 4374 | char * |
4375 | ipsecdoi_id2str(id) | | 4375 | ipsecdoi_id2str(id) |
4376 | const vchar_t *id; | | 4376 | const vchar_t *id; |
4377 | { | | 4377 | { |
4378 | #define BUFLEN 512 | | 4378 | #define BUFLEN 512 |
4379 | char * ret = NULL; | | 4379 | char * ret = NULL; |
4380 | int len = 0; | | 4380 | int len = 0; |
4381 | char *dat; | | 4381 | char *dat; |
4382 | static char buf[BUFLEN]; | | 4382 | static char buf[BUFLEN]; |
4383 | struct ipsecdoi_id_b *id_b = (struct ipsecdoi_id_b *)id->v; | | 4383 | struct ipsecdoi_id_b *id_b = (struct ipsecdoi_id_b *)id->v; |
4384 | struct sockaddr saddr; | | 4384 | struct sockaddr_storage saddr_storage; |
| | | 4385 | struct sockaddr *saddr; |
| | | 4386 | struct sockaddr_in *saddr_in; |
| | | 4387 | struct sockaddr_in6 *saddr_in6; |
4385 | u_int plen = 0; | | 4388 | u_int plen = 0; |
4386 | | | 4389 | |
| | | 4390 | saddr = (struct sockaddr *)&saddr_storage; |
| | | 4391 | saddr_in = (struct sockaddr_in *)&saddr_storage; |
| | | 4392 | saddr_in6 = (struct sockaddr_in6 *)&saddr_storage; |
| | | 4393 | |
| | | 4394 | |
4387 | switch (id_b->type) { | | 4395 | switch (id_b->type) { |
4388 | case IPSECDOI_ID_IPV4_ADDR: | | 4396 | case IPSECDOI_ID_IPV4_ADDR: |
4389 | case IPSECDOI_ID_IPV4_ADDR_SUBNET: | | 4397 | case IPSECDOI_ID_IPV4_ADDR_SUBNET: |
4390 | case IPSECDOI_ID_IPV4_ADDR_RANGE: | | 4398 | case IPSECDOI_ID_IPV4_ADDR_RANGE: |
4391 | | | 4399 | |
4392 | #ifndef __linux__ | | 4400 | #ifndef __linux__ |
4393 | saddr.sa_len = sizeof(struct sockaddr_in); | | 4401 | saddr->sa_len = sizeof(struct sockaddr_in); |
4394 | #endif | | 4402 | #endif |
4395 | saddr.sa_family = AF_INET; | | 4403 | saddr->sa_family = AF_INET; |
4396 | ((struct sockaddr_in *)&saddr)->sin_port = IPSEC_PORT_ANY; | | 4404 | |
4397 | memcpy(&((struct sockaddr_in *)&saddr)->sin_addr, | | 4405 | saddr_in->sin_port = IPSEC_PORT_ANY; |
| | | 4406 | memcpy(&saddr_in->sin_addr, |
4398 | id->v + sizeof(*id_b), sizeof(struct in_addr)); | | 4407 | id->v + sizeof(*id_b), sizeof(struct in_addr)); |
4399 | break; | | 4408 | break; |
4400 | #ifdef INET6 | | 4409 | #ifdef INET6 |
4401 | case IPSECDOI_ID_IPV6_ADDR: | | 4410 | case IPSECDOI_ID_IPV6_ADDR: |
4402 | case IPSECDOI_ID_IPV6_ADDR_SUBNET: | | 4411 | case IPSECDOI_ID_IPV6_ADDR_SUBNET: |
4403 | case IPSECDOI_ID_IPV6_ADDR_RANGE: | | 4412 | case IPSECDOI_ID_IPV6_ADDR_RANGE: |
4404 | | | 4413 | |
4405 | #ifndef __linux__ | | 4414 | #ifndef __linux__ |
4406 | saddr.sa_len = sizeof(struct sockaddr_in6); | | 4415 | saddr->sa_len = sizeof(struct sockaddr_in6); |
4407 | #endif | | 4416 | #endif |
4408 | saddr.sa_family = AF_INET6; | | 4417 | saddr->sa_family = AF_INET6; |
4409 | ((struct sockaddr_in6 *)&saddr)->sin6_port = IPSEC_PORT_ANY; | | 4418 | |
4410 | memcpy(&((struct sockaddr_in6 *)&saddr)->sin6_addr, | | 4419 | saddr_in6->sin6_port = IPSEC_PORT_ANY; |
| | | 4420 | memcpy(&saddr_in6->sin6_addr, |
4411 | id->v + sizeof(*id_b), sizeof(struct in6_addr)); | | 4421 | id->v + sizeof(*id_b), sizeof(struct in6_addr)); |
| | | 4422 | saddr_in6->sin6_scope_id = |
| | | 4423 | (IN6_IS_ADDR_LINKLOCAL(&saddr_in6->sin6_addr) |
| | | 4424 | ? ((struct sockaddr_in6 *)id_b)->sin6_scope_id |
| | | 4425 | : 0); |
4412 | break; | | 4426 | break; |
4413 | #endif | | 4427 | #endif |
4414 | } | | 4428 | } |
4415 | | | 4429 | |
4416 | switch (id_b->type) { | | 4430 | switch (id_b->type) { |
4417 | case IPSECDOI_ID_IPV4_ADDR: | | 4431 | case IPSECDOI_ID_IPV4_ADDR: |
4418 | #ifdef INET6 | | 4432 | #ifdef INET6 |
4419 | case IPSECDOI_ID_IPV6_ADDR: | | 4433 | case IPSECDOI_ID_IPV6_ADDR: |
4420 | #endif | | 4434 | #endif |
4421 | len = snprintf( buf, BUFLEN, "%s", saddrwop2str(&saddr)); | | 4435 | len = snprintf( buf, BUFLEN, "%s", saddrwop2str(saddr)); |
4422 | break; | | 4436 | break; |
4423 | | | 4437 | |
4424 | case IPSECDOI_ID_IPV4_ADDR_SUBNET: | | 4438 | case IPSECDOI_ID_IPV4_ADDR_SUBNET: |
4425 | #ifdef INET6 | | 4439 | #ifdef INET6 |
4426 | case IPSECDOI_ID_IPV6_ADDR_SUBNET: | | 4440 | case IPSECDOI_ID_IPV6_ADDR_SUBNET: |
4427 | #endif | | 4441 | #endif |
4428 | { | | 4442 | { |
4429 | u_char *p; | | 4443 | u_char *p; |
4430 | u_int max; | | 4444 | u_int max; |
4431 | int alen = sizeof(struct in_addr); | | 4445 | int alen = sizeof(struct in_addr); |
4432 | | | 4446 | |
4433 | switch (id_b->type) { | | 4447 | switch (id_b->type) { |
4434 | case IPSECDOI_ID_IPV4_ADDR_SUBNET: | | 4448 | case IPSECDOI_ID_IPV4_ADDR_SUBNET: |
| @@ -4464,62 +4478,66 @@ ipsecdoi_id2str(id) | | | @@ -4464,62 +4478,66 @@ ipsecdoi_id2str(id) |
4464 | if (plen < max) { | | 4478 | if (plen < max) { |
4465 | u_int l = 0; | | 4479 | u_int l = 0; |
4466 | u_char b = ~(*p); | | 4480 | u_char b = ~(*p); |
4467 | | | 4481 | |
4468 | while (b) { | | 4482 | while (b) { |
4469 | b >>= 1; | | 4483 | b >>= 1; |
4470 | l++; | | 4484 | l++; |
4471 | } | | 4485 | } |
4472 | | | 4486 | |
4473 | l = 8 - l; | | 4487 | l = 8 - l; |
4474 | plen += l; | | 4488 | plen += l; |
4475 | } | | 4489 | } |
4476 | | | 4490 | |
4477 | len = snprintf( buf, BUFLEN, "%s/%i", saddrwop2str(&saddr), plen); | | 4491 | len = snprintf( buf, BUFLEN, "%s/%i", saddrwop2str(saddr), plen); |
4478 | } | | 4492 | } |
4479 | break; | | 4493 | break; |
4480 | | | 4494 | |
4481 | case IPSECDOI_ID_IPV4_ADDR_RANGE: | | 4495 | case IPSECDOI_ID_IPV4_ADDR_RANGE: |
4482 | | | 4496 | |
4483 | len = snprintf( buf, BUFLEN, "%s-", saddrwop2str(&saddr)); | | 4497 | len = snprintf( buf, BUFLEN, "%s-", saddrwop2str(saddr)); |
4484 | | | 4498 | |
4485 | #ifndef __linux__ | | 4499 | #ifndef __linux__ |
4486 | saddr.sa_len = sizeof(struct sockaddr_in); | | 4500 | saddr->sa_len = sizeof(struct sockaddr_in); |
4487 | #endif | | 4501 | #endif |
4488 | saddr.sa_family = AF_INET; | | 4502 | saddr->sa_family = AF_INET; |
4489 | ((struct sockaddr_in *)&saddr)->sin_port = IPSEC_PORT_ANY; | | 4503 | saddr_in->sin_port = IPSEC_PORT_ANY; |
4490 | memcpy(&((struct sockaddr_in *)&saddr)->sin_addr, | | 4504 | memcpy(&saddr_in->sin_addr, |
4491 | id->v + sizeof(*id_b) + sizeof(struct in_addr), | | 4505 | id->v + sizeof(*id_b) + sizeof(struct in_addr), |
4492 | sizeof(struct in_addr)); | | 4506 | sizeof(struct in_addr)); |
4493 | | | 4507 | |
4494 | len += snprintf( buf + len, BUFLEN - len, "%s", saddrwop2str(&saddr)); | | 4508 | len += snprintf( buf + len, BUFLEN - len, "%s", saddrwop2str(saddr)); |
4495 | | | 4509 | |
4496 | break; | | 4510 | break; |
4497 | | | 4511 | |
4498 | #ifdef INET6 | | 4512 | #ifdef INET6 |
4499 | case IPSECDOI_ID_IPV6_ADDR_RANGE: | | 4513 | case IPSECDOI_ID_IPV6_ADDR_RANGE: |
4500 | | | 4514 | |
4501 | len = snprintf( buf, BUFLEN, "%s-", saddrwop2str(&saddr)); | | 4515 | len = snprintf( buf, BUFLEN, "%s-", saddrwop2str(saddr)); |
4502 | | | 4516 | |
4503 | #ifndef __linux__ | | 4517 | #ifndef __linux__ |
4504 | saddr.sa_len = sizeof(struct sockaddr_in6); | | 4518 | saddr->sa_len = sizeof(struct sockaddr_in6); |
4505 | #endif | | 4519 | #endif |
4506 | saddr.sa_family = AF_INET6; | | 4520 | saddr->sa_family = AF_INET6; |
4507 | ((struct sockaddr_in6 *)&saddr)->sin6_port = IPSEC_PORT_ANY; | | 4521 | saddr_in6->sin6_port = IPSEC_PORT_ANY; |
4508 | memcpy(&((struct sockaddr_in6 *)&saddr)->sin6_addr, | | 4522 | memcpy(&saddr_in6->sin6_addr, |
4509 | id->v + sizeof(*id_b) + sizeof(struct in6_addr), | | 4523 | id->v + sizeof(*id_b) + sizeof(struct in6_addr), |
4510 | sizeof(struct in6_addr)); | | 4524 | sizeof(struct in6_addr)); |
| | | 4525 | saddr_in6->sin6_scope_id = |
| | | 4526 | (IN6_IS_ADDR_LINKLOCAL(&saddr_in6->sin6_addr) |
| | | 4527 | ? ((struct sockaddr_in6 *)id_b)->sin6_scope_id |
| | | 4528 | : 0); |
4511 | | | 4529 | |
4512 | len += snprintf( buf + len, BUFLEN - len, "%s", saddrwop2str(&saddr)); | | 4530 | len += snprintf( buf + len, BUFLEN - len, "%s", saddrwop2str(saddr)); |
4513 | | | 4531 | |
4514 | break; | | 4532 | break; |
4515 | #endif | | 4533 | #endif |
4516 | | | 4534 | |
4517 | case IPSECDOI_ID_FQDN: | | 4535 | case IPSECDOI_ID_FQDN: |
4518 | case IPSECDOI_ID_USER_FQDN: | | 4536 | case IPSECDOI_ID_USER_FQDN: |
4519 | len = id->l - sizeof(*id_b); | | 4537 | len = id->l - sizeof(*id_b); |
4520 | if (len > BUFLEN) | | 4538 | if (len > BUFLEN) |
4521 | len = BUFLEN; | | 4539 | len = BUFLEN; |
4522 | memcpy(buf, id->v + sizeof(*id_b), len); | | 4540 | memcpy(buf, id->v + sizeof(*id_b), len); |
4523 | break; | | 4541 | break; |
4524 | | | 4542 | |
4525 | case IPSECDOI_ID_DER_ASN1_DN: | | 4543 | case IPSECDOI_ID_DER_ASN1_DN: |