diff options
-rw-r--r-- | sbin/photurisd/kernel.c | 93 |
1 files changed, 52 insertions, 41 deletions
diff --git a/sbin/photurisd/kernel.c b/sbin/photurisd/kernel.c index 3741fb61a0e..e414aab1855 100644 --- a/sbin/photurisd/kernel.c +++ b/sbin/photurisd/kernel.c @@ -39,7 +39,7 @@ */ #ifndef lint -static char rcsid[] = "$Id: kernel.c,v 1.12 2000/12/12 01:53:41 provos Exp $"; +static char rcsid[] = "$Id: kernel.c,v 1.13 2000/12/13 08:36:27 provos Exp $"; #endif #include <time.h> @@ -201,15 +201,15 @@ int init_kernel(void) { if ((sd = socket(PF_KEY, SOCK_RAW, PF_KEY_V2)) == -1) - log_fatal("socket(PF_KEY) for IPSec keyengine in init_kernel()"); + log_fatal(__FUNCTION__": socket(PF_KEY) for IPSec keyengine"); if ((regsd = socket(PF_KEY, SOCK_RAW, PF_KEY_V2)) == -1) - log_fatal("socket() for PFKEY register in init_kernel()"); + log_fatal(__FUNCTION__": socket() for PFKEY register"); pfkey_seq = 0; pfkey_pid = getpid(); if (kernel_register(regsd) == -1) - log_fatal("PFKEY socket registration failed in init_kernel()"); + log_fatal(__FUNCTION__": PFKEY socket registration failed"); return (1); } @@ -294,11 +294,11 @@ kernel_xf_read(int sd, char *buffer, int blen, int seq) } len = sres->sadb_msg_len * 8; if (len >= BUFFER_SIZE) { - log_print("PFKEYV2 message len %d too big in kernel_xf_read()", len); + log_print(__FUNCTION__": PFKEYV2 message len %d too big", len); return (0); } if (read(sd, sres, len) != len) { - perror("read() in kernel_xf_read()"); + log_error(__FUNCTION__": read()"); return (0); } } while (seq && (sres->sadb_msg_seq != seq || @@ -306,7 +306,7 @@ kernel_xf_read(int sd, char *buffer, int blen, int seq) )); if (sres->sadb_msg_errno) { - LOG_DBG((LOG_KERNEL, 40, "kernel_xf_read: PFKEYV2 result: %s", + LOG_DBG((LOG_KERNEL, 40, __FUNCTION__": PFKEYV2 result: %s", strerror(sres->sadb_msg_errno))); errno = sres->sadb_msg_errno; return (0); @@ -328,7 +328,7 @@ kernel_register(int sd) struct iovec iov[1]; int cnt = 0; - LOG_DBG((LOG_KERNEL, 20, "kernel_register: fd %d", sd)); + LOG_DBG((LOG_KERNEL, 20, __FUNCTION__": fd %d", sd)); bzero(&smsg, sizeof(smsg)); @@ -344,7 +344,7 @@ kernel_register(int sd) smsg.sadb_msg_satype = SADB_SATYPE_ESP; if (!kernel_xf_set(regsd, buffer, BUFFER_SIZE, iov, cnt, smsg.sadb_msg_len*8)) { - log_error("kernel_xf_set() in kernel_reserve_single_spi()"); + log_error(__FUNCTION__": kernel_xf_set()"); return (-1); } @@ -353,7 +353,7 @@ kernel_register(int sd) smsg.sadb_msg_seq = pfkey_seq++; if (!kernel_xf_set(regsd, buffer, BUFFER_SIZE, iov, cnt, smsg.sadb_msg_len*8)) { - log_error("kernel_xf_set() in kernel_reserve_single_spi()"); + log_error(__FUNCTION__": kernel_xf_set()"); return (-1); } @@ -365,7 +365,8 @@ kernel_register(int sd) sres = (struct sadb_msg *)buffer; ssup = (struct sadb_supported *)(sres + 1); if (ssup->sadb_supported_exttype != SADB_EXT_SUPPORTED) { - log_print("SADB_REGISTER did not return a SADB_EXT_SUPORTED " + log_print(__FUNCTION__ + ": SADB_REGISTER did not return a SADB_EXT_SUPPORTED " "struct: %d in kernel_register()", ssup->sadb_supported_exttype); return (-1); @@ -374,7 +375,8 @@ kernel_register(int sd) len = ssup->sadb_supported_len * 8 - sizeof(*ssup); if (len != (ssup->sadb_supported_nauth + ssup->sadb_supported_nencrypt) * sizeof(struct sadb_alg)) { - log_print("SADB_SUPPORTED length mismatch in kernel_register()"); + log_print(__FUNCTION__ + ": SADB_SUPPORTED length mismatch in kernel_register()"); return (-1); } @@ -393,15 +395,19 @@ kernel_reserve_spi(char *src, char *dst, int options) u_int32_t spi; int proto; - LOG_DBG((LOG_KERNEL, 40, "kernel_reserve_spi: %s", src)); + LOG_DBG((LOG_KERNEL, 40, __FUNCTION__": %s %s %s", src, + options & IPSEC_OPT_ENC ? "ESP" : "", + options & IPSEC_OPT_AUTH ? "AH" : "")); if ((options & (IPSEC_OPT_ENC|IPSEC_OPT_AUTH)) != (IPSEC_OPT_ENC|IPSEC_OPT_AUTH)) { switch(options & (IPSEC_OPT_ENC|IPSEC_OPT_AUTH)) { case IPSEC_OPT_ENC: proto = IPPROTO_ESP; + break; default: proto = IPPROTO_AH; + break; } return kernel_reserve_single_spi(src, dst, 0, proto); } @@ -431,9 +437,6 @@ kernel_reserve_single_spi(char *srcaddress, char *dstaddress, u_int32_t spi, struct iovec iov[6]; int cnt = 0; - LOG_DBG((LOG_KERNEL, 40, "kernel_reserve_single_spi: %s, %08x", - srcaddress, spi)); - bzero(&src, sizeof(union sockaddr_union)); bzero(&dst, sizeof(union sockaddr_union)); bzero(iov, sizeof(iov)); @@ -498,19 +501,23 @@ kernel_reserve_single_spi(char *srcaddress, char *dstaddress, u_int32_t spi, /* get back SADB_EXT_SA */ if (!KERNEL_XF_SET(smsg.sadb_msg_len*8)) { - log_error("kernel_xf_set() in kernel_reserve_single_spi()"); + log_error(__FUNCTION__": kernel_xf_set()"); return (0); } sres = (struct sadb_msg *)buffer; ssa = (struct sadb_sa *)(sres + 1); if (ssa->sadb_sa_exttype != SADB_EXT_SA) { - log_print("SADB_GETSPI did not return a SADB_EXT_SA struct: %d", + log_print(__FUNCTION__ + ": SADB_GETSPI did not return a SADB_EXT_SA struct: %d", ssa->sadb_sa_exttype); return (0); } - return ntohl(ssa->sadb_sa_spi); + LOG_DBG((LOG_KERNEL, 40, __FUNCTION__": %s, %08x -> %08x", + srcaddress, spi, ntohl(ssa->sadb_sa_spi))); + + return (ntohl(ssa->sadb_sa_spi)); } int @@ -530,7 +537,7 @@ kernel_ah(attrib_t *ob, struct spiob *SPI, u_int8_t *secrets, int hmac) time_t now = time(NULL); if (xf == NULL || !(xf->flags & XF_AUTH)) { - log_print("%d is not an auth transform in kernel_ah()", ob->id); + log_print(__FUNCTION__": %d is not an auth transform", ob->id); return (-1); } @@ -616,10 +623,10 @@ kernel_ah(attrib_t *ob, struct spiob *SPI, u_int8_t *secrets, int hmac) iov[cnt].iov_base = secrets; len += iov[cnt++].iov_len = ((ob->klen + 7) / 8) * 8; - LOG_DBG((LOG_KERNEL, 35, "kernel_ah: %08x", ntohl(sr.sadb_sa_spi))); + LOG_DBG((LOG_KERNEL, 35, __FUNCTION__": %08x", ntohl(sr.sadb_sa_spi))); if (!KERNEL_XF_SET(len)) { - log_error("kernel_xf_set() in kernel_ah()"); + log_error(__FUNCTION__": kernel_xf_set()"); return (-1); } return ob->klen; @@ -646,7 +653,7 @@ kernel_esp(attrib_t *ob, attrib_t *ob2, struct spiob *SPI, u_int8_t *secrets) if (ob->type & AT_AUTH) { if (ob2 == NULL || ob2->type != AT_ENC) { - log_print("No encryption after auth given in kernel_esp()"); + log_print(__FUNCTION__": No encryption after auth given"); return (-1); } attenc = ob2; @@ -661,13 +668,13 @@ kernel_esp(attrib_t *ob, attrib_t *ob2, struct spiob *SPI, u_int8_t *secrets) sec2 = secrets + ob->klen; } } else { - log_print("No encryption transform given in kernel_esp()"); + log_print(__FUNCTION__": No encryption transform given"); return (-1); } xf_enc = kernel_get_transform(attenc->id); if ((xf_enc->flags & ESP_OLD) && attauth != NULL) { - log_print("Old ESP does not support AH in kernel_esp()"); + log_print(__FUNCTION__": Old ESP does not support AH"); return (-1); } @@ -701,8 +708,7 @@ kernel_esp(attrib_t *ob, attrib_t *ob2, struct spiob *SPI, u_int8_t *secrets) sr.sadb_sa_state = SADB_SASTATE_MATURE; sr.sadb_sa_auth = attauth ? xf_auth->kernel_id : 0; sr.sadb_sa_encrypt = xf_enc->kernel_id; - if (xf_enc->flags & ESP_OLD) - { + if (xf_enc->flags & ESP_OLD) { sr.sadb_sa_flags |= SADB_X_SAFLAGS_HALFIV; sr.sadb_sa_flags |= SADB_X_SAFLAGS_RANDOMPADDING; sr.sadb_sa_flags |= SADB_X_SAFLAGS_NOREPLAY; @@ -773,10 +779,10 @@ kernel_esp(attrib_t *ob, attrib_t *ob2, struct spiob *SPI, u_int8_t *secrets) iov[cnt++].iov_len = ((attauth->klen + 7) / 8) * 8; } - LOG_DBG((LOG_KERNEL, 35, "kernel_esp: %08x", ntohl(sr.sadb_sa_spi))); + LOG_DBG((LOG_KERNEL, 35, __FUNCTION__": %08x", ntohl(sr.sadb_sa_spi))); if (!KERNEL_XF_SET(sa.sadb_msg_len * 8)) { - log_error("kernel_xf_set() in kernel_esp()"); + log_error(__FUNCTION__": kernel_xf_set()"); return (-1); } @@ -848,10 +854,10 @@ kernel_delete_spi(char *address, u_int32_t spi, int proto) iov[cnt++].iov_len = sizeof(sr); - LOG_DBG((LOG_KERNEL, 30, "kernel_delete_spi: %08x", spi)); + LOG_DBG((LOG_KERNEL, 30, __FUNCTION__": %08x", spi)); if (!KERNEL_XF_SET(sa.sadb_msg_len * 8) && errno != ESRCH) { - log_error("kernel_xf_set() in kernel_delete_spi()"); + log_error(__FUNCTION__": kernel_xf_set()"); return (-1); } @@ -890,7 +896,7 @@ kernel_insert_spi(struct stateob *st, struct spiob *SPI) while (count < espsize && (atesp == NULL || atah == NULL)) { if ((attprop = getattrib(esp[count])) == NULL) { - log_print("Unknown attribute %d for ESP in kernel_insert_spi()", + log_print(__FUNCTION__": Unknown attribute %d for ESP", esp[count]); return (-1); } @@ -902,7 +908,8 @@ kernel_insert_spi(struct stateob *st, struct spiob *SPI) count += esp[count+1]+2; } if (atesp == NULL) { - log_print("No encryption attribute in ESP section for SA(%08x, %s->%s) in kernel_insert()", SPITOINT(SPI->SPI), SPI->local_address, SPI->address); + log_print(__FUNCTION__": No encryption attribute in ESP section for SA(%08x, %s->%s)", + SPITOINT(SPI->SPI), SPI->local_address, SPI->address); return (-1); } @@ -918,7 +925,7 @@ kernel_insert_spi(struct stateob *st, struct spiob *SPI) while (count < ahsize) { if ((attprop = getattrib(ah[count])) == NULL) { - log_print("Unknown attribute %d for AH in kernel_insert_spi()", + log_print(__FUNCTION__": Unknown attribute %d for AH", ah[count]); return (-1); } @@ -938,7 +945,8 @@ kernel_insert_spi(struct stateob *st, struct spiob *SPI) } if (atah == NULL) { - log_print("No authentication attribute in AH section for SA(%08x, %s->%s) in kernel_insert()", SPITOINT(SPI->SPI), SPI->local_address, SPI->address); + log_print(__FUNCTION__": No authentication attribute in AH section for SA(%08x, %s->%s)", + SPITOINT(SPI->SPI), SPI->local_address, SPI->address); return (-1); } @@ -995,12 +1003,12 @@ kernel_unlink_spi(struct spiob *ospi) if (esp != NULL) { if (kernel_delete_spi(p, SPITOINT(ospi->SPI), IPPROTO_ESP) == -1) - log_print("kernel_delete_spi() in kernel_unlink_spi()"); + log_print(__FUNCTION__": kernel_delete_spi()"); } if (ah != NULL) { if (kernel_delete_spi(p, SPITOINT(ospi->SPI), IPPROTO_AH) == -1) - log_print("kernel_delete_spi() in kernel_unlink_spi()"); + log_print(__FUNCTION__": kernel_delete_spi()"); } return (1); @@ -1020,15 +1028,17 @@ kernel_handle_notify(int sd) if (!kernel_xf_read(regsd, buffer, BUFFER_SIZE, 0)) return; - LOG_DBG((LOG_KERNEL, 60, "Got PFKEYV2 message: type %d", + LOG_DBG((LOG_KERNEL, 60, __FUNCTION__": Got PFKEYV2 message: type %d", sres->sadb_msg_type)); switch (sres->sadb_msg_type) { case SADB_EXPIRE: - log_print("PFKEYV2 SA Expiration - not yet supported."); + LOG_DBG((LOG_KERNEL, 40, __FUNCTION__ + ": PFKEYV2 SA Expiration - not yet supported.")); return; case SADB_ACQUIRE: - LOG_DBG((LOG_KERNEL, 60, "Got Notify SA Request (SADB_ACQUIRE): %d", + LOG_DBG((LOG_KERNEL, 60, __FUNCTION__ + ": Got Notify SA Request (SADB_ACQUIRE): %d", sres->sadb_msg_len * 8)); LOG_DBG_BUF((LOG_KERNEL, 60, "acquire buf", (u_char *)sres, sres->sadb_msg_len * 8)); @@ -1141,7 +1151,8 @@ kernel_request_sa(struct sadb_msg *sadb) if (st == NULL) { /* No established exchange found, start a new one */ if ((st = state_new()) == NULL) { - log_print("state_new() failed in kernel_request_sa() for remote ip %s", + log_print(__FUNCTION__ + ": state_new() failed for remote ip %s", dstbuf); return (-1); } |