Chia-chi Yeh | 837a1c7 | 2009-06-26 09:40:31 +0800 | [diff] [blame] | 1 | /* |
Chia-chi Yeh | e9fc376 | 2011-07-07 03:20:34 -0700 | [diff] [blame] | 2 | * Copyright (C) 2011 The Android Open Source Project |
Chia-chi Yeh | 837a1c7 | 2009-06-26 09:40:31 +0800 | [diff] [blame] | 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
| 17 | #include <stdio.h> |
| 18 | #include <stdlib.h> |
| 19 | #include <string.h> |
Chia-chi Yeh | f8a6a76 | 2011-07-04 17:21:23 -0700 | [diff] [blame] | 20 | #include <unistd.h> |
Chia-chi Yeh | 8f3b388 | 2011-07-07 13:43:20 -0700 | [diff] [blame] | 21 | #include <sys/param.h> |
Chia-chi Yeh | 837a1c7 | 2009-06-26 09:40:31 +0800 | [diff] [blame] | 22 | #include <sys/types.h> |
| 23 | #include <sys/socket.h> |
Chia-chi Yeh | c454954 | 2009-07-22 06:46:14 +0800 | [diff] [blame] | 24 | #include <netinet/in.h> |
Chia-chi Yeh | 837a1c7 | 2009-06-26 09:40:31 +0800 | [diff] [blame] | 25 | #include <netinet/ip.h> |
Chia-chi Yeh | 7197eb7 | 2009-07-13 16:43:29 +0800 | [diff] [blame] | 26 | #include <netdb.h> |
Chia-chi Yeh | f8a6a76 | 2011-07-04 17:21:23 -0700 | [diff] [blame] | 27 | #include <fcntl.h> |
Chia-chi Yeh | 837a1c7 | 2009-06-26 09:40:31 +0800 | [diff] [blame] | 28 | |
| 29 | #include "config.h" |
Chia-chi Yeh | f8a6a76 | 2011-07-04 17:21:23 -0700 | [diff] [blame] | 30 | #include "gcmalloc.h" |
Chia-chi Yeh | 837a1c7 | 2009-06-26 09:40:31 +0800 | [diff] [blame] | 31 | #include "libpfkey.h" |
| 32 | #include "var.h" |
| 33 | #include "isakmp_var.h" |
| 34 | #include "isakmp.h" |
Chia-chi Yeh | dbbbd5f | 2011-07-12 13:21:42 -0700 | [diff] [blame] | 35 | #include "isakmp_xauth.h" |
Chia-chi Yeh | 837a1c7 | 2009-06-26 09:40:31 +0800 | [diff] [blame] | 36 | #include "vmbuf.h" |
Chia-chi Yeh | f8a6a76 | 2011-07-04 17:21:23 -0700 | [diff] [blame] | 37 | #include "crypto_openssl.h" |
Chia-chi Yeh | 837a1c7 | 2009-06-26 09:40:31 +0800 | [diff] [blame] | 38 | #include "oakley.h" |
| 39 | #include "ipsec_doi.h" |
| 40 | #include "algorithm.h" |
| 41 | #include "vendorid.h" |
Chia-chi Yeh | f8a6a76 | 2011-07-04 17:21:23 -0700 | [diff] [blame] | 42 | #include "schedule.h" |
| 43 | #include "pfkey.h" |
| 44 | #include "nattraversal.h" |
Chia-chi Yeh | 837a1c7 | 2009-06-26 09:40:31 +0800 | [diff] [blame] | 45 | #include "proposal.h" |
| 46 | #include "sainfo.h" |
| 47 | #include "localconf.h" |
| 48 | #include "remoteconf.h" |
| 49 | #include "sockmisc.h" |
| 50 | #include "grabmyaddr.h" |
| 51 | #include "plog.h" |
Chia-chi Yeh | bd5fa3c | 2009-07-07 16:24:13 +0800 | [diff] [blame] | 52 | #include "admin.h" |
| 53 | #include "privsep.h" |
Chia-chi Yeh | 514ffe2 | 2011-07-07 13:52:27 -0700 | [diff] [blame] | 54 | #include "throttle.h" |
Chia-chi Yeh | f8a6a76 | 2011-07-04 17:21:23 -0700 | [diff] [blame] | 55 | #include "misc.h" |
Chia-chi Yeh | 837a1c7 | 2009-06-26 09:40:31 +0800 | [diff] [blame] | 56 | |
Chia-chi Yeh | 837a1c7 | 2009-06-26 09:40:31 +0800 | [diff] [blame] | 57 | static struct localconf localconf; |
Chia-chi Yeh | 837a1c7 | 2009-06-26 09:40:31 +0800 | [diff] [blame] | 58 | static struct sainfo sainfo; |
| 59 | static char *pre_shared_key; |
Chia-chi Yeh | f8a6a76 | 2011-07-04 17:21:23 -0700 | [diff] [blame] | 60 | |
| 61 | static char *interface; |
Chia-chi Yeh | b0d8f17 | 2011-07-12 15:14:38 -0700 | [diff] [blame] | 62 | static struct sockaddr *targets[2]; |
Chia-chi Yeh | f8a6a76 | 2011-07-04 17:21:23 -0700 | [diff] [blame] | 63 | static struct { |
| 64 | struct sockaddr *addr; |
| 65 | int fd; |
Chia-chi Yeh | b0d8f17 | 2011-07-12 15:14:38 -0700 | [diff] [blame] | 66 | } sources[2]; |
Chia-chi Yeh | 837a1c7 | 2009-06-26 09:40:31 +0800 | [diff] [blame] | 67 | |
| 68 | struct localconf *lcconf = &localconf; |
| 69 | char *script_names[SCRIPT_MAX + 1]; |
Chia-chi Yeh | f8a6a76 | 2011-07-04 17:21:23 -0700 | [diff] [blame] | 70 | int f_local = 0; |
Chia-chi Yeh | 837a1c7 | 2009-06-26 09:40:31 +0800 | [diff] [blame] | 71 | |
Chia-chi Yeh | f8a6a76 | 2011-07-04 17:21:23 -0700 | [diff] [blame] | 72 | /*****************************************************************************/ |
Chia-chi Yeh | 837a1c7 | 2009-06-26 09:40:31 +0800 | [diff] [blame] | 73 | |
| 74 | static void add_sainfo_algorithm(int class, int algorithm, int length) |
| 75 | { |
| 76 | struct sainfoalg *p = calloc(1, sizeof(struct sainfoalg)); |
| 77 | p->alg = algorithm; |
| 78 | p->encklen = length; |
| 79 | |
| 80 | if (!sainfo.algs[class]) { |
| 81 | sainfo.algs[class] = p; |
| 82 | } else { |
| 83 | struct sainfoalg *q = sainfo.algs[class]; |
| 84 | while (q->next) { |
| 85 | q = q->next; |
| 86 | } |
| 87 | q->next = p; |
| 88 | } |
| 89 | } |
| 90 | |
Chia-chi Yeh | f8a6a76 | 2011-07-04 17:21:23 -0700 | [diff] [blame] | 91 | static void set_globals(char *interfaze, char *server) |
| 92 | { |
| 93 | struct addrinfo hints = { |
| 94 | .ai_flags = AI_NUMERICSERV, |
| 95 | #ifndef INET6 |
| 96 | .ai_family = AF_INET, |
| 97 | #else |
| 98 | .ai_family = AF_UNSPEC, |
| 99 | #endif |
| 100 | .ai_socktype = SOCK_DGRAM, |
| 101 | }; |
| 102 | struct addrinfo *info; |
| 103 | |
Chia-chi Yeh | b0d8f17 | 2011-07-12 15:14:38 -0700 | [diff] [blame] | 104 | if (getaddrinfo(server, "500", &hints, &info) != 0) { |
Chia-chi Yeh | f8a6a76 | 2011-07-04 17:21:23 -0700 | [diff] [blame] | 105 | do_plog(LLV_ERROR, "Cannot resolve address: %s\n", server); |
| 106 | exit(1); |
| 107 | } |
| 108 | if (info->ai_next) { |
| 109 | do_plog(LLV_WARNING, "Found multiple addresses. Use the first one.\n"); |
| 110 | } |
Chia-chi Yeh | b0d8f17 | 2011-07-12 15:14:38 -0700 | [diff] [blame] | 111 | targets[0] = dupsaddr(info->ai_addr); |
Chia-chi Yeh | f8a6a76 | 2011-07-04 17:21:23 -0700 | [diff] [blame] | 112 | freeaddrinfo(info); |
| 113 | |
| 114 | interface = interfaze; |
Chia-chi Yeh | b0d8f17 | 2011-07-12 15:14:38 -0700 | [diff] [blame] | 115 | sources[0].addr = getlocaladdr(targets[0]); |
| 116 | if (!sources[0].addr) { |
Chia-chi Yeh | f8a6a76 | 2011-07-04 17:21:23 -0700 | [diff] [blame] | 117 | do_plog(LLV_ERROR, "Cannot get local address\n"); |
| 118 | exit(1); |
| 119 | } |
Chia-chi Yeh | b0d8f17 | 2011-07-12 15:14:38 -0700 | [diff] [blame] | 120 | set_port(targets[0], 0); |
| 121 | set_port(sources[0].addr, 0); |
| 122 | sources[0].fd = -1; |
| 123 | sources[1].addr = dupsaddr(sources[0].addr); |
| 124 | sources[1].fd = -1; |
Chia-chi Yeh | f8a6a76 | 2011-07-04 17:21:23 -0700 | [diff] [blame] | 125 | |
| 126 | localconf.port_isakmp = PORT_ISAKMP; |
| 127 | localconf.port_isakmp_natt = PORT_ISAKMP_NATT; |
| 128 | localconf.default_af = AF_INET; |
Chia-chi Yeh | e9fc376 | 2011-07-07 03:20:34 -0700 | [diff] [blame] | 129 | localconf.pathinfo[LC_PATHTYPE_CERT] = "./"; |
Chia-chi Yeh | f8a6a76 | 2011-07-04 17:21:23 -0700 | [diff] [blame] | 130 | localconf.pad_random = LC_DEFAULT_PAD_RANDOM; |
| 131 | localconf.pad_randomlen = LC_DEFAULT_PAD_RANDOM; |
| 132 | localconf.pad_strict = LC_DEFAULT_PAD_STRICT; |
| 133 | localconf.pad_excltail = LC_DEFAULT_PAD_EXCLTAIL; |
| 134 | localconf.retry_counter = 10; |
| 135 | localconf.retry_interval = 3; |
| 136 | localconf.count_persend = LC_DEFAULT_COUNT_PERSEND; |
| 137 | localconf.secret_size = LC_DEFAULT_SECRETSIZE; |
| 138 | localconf.retry_checkph1 = LC_DEFAULT_RETRY_CHECKPH1; |
| 139 | localconf.wait_ph2complete = LC_DEFAULT_WAIT_PH2COMPLETE; |
| 140 | localconf.natt_ka_interval = LC_DEFAULT_NATT_KA_INTERVAL; |
| 141 | |
| 142 | sainfo.lifetime = IPSECDOI_ATTR_SA_LD_SEC_DEFAULT; |
| 143 | sainfo.lifebyte = IPSECDOI_ATTR_SA_LD_KB_MAX; |
| 144 | add_sainfo_algorithm(algclass_ipsec_auth, IPSECDOI_ATTR_AUTH_HMAC_SHA1, 0); |
| 145 | add_sainfo_algorithm(algclass_ipsec_auth, IPSECDOI_ATTR_AUTH_HMAC_MD5, 0); |
Chia-chi Yeh | f82b826 | 2011-07-13 18:07:54 -0700 | [diff] [blame] | 146 | add_sainfo_algorithm(algclass_ipsec_enc, IPSECDOI_ESP_AES, 256); |
| 147 | add_sainfo_algorithm(algclass_ipsec_enc, IPSECDOI_ESP_AES, 128); |
Chia-chi Yeh | f8a6a76 | 2011-07-04 17:21:23 -0700 | [diff] [blame] | 148 | add_sainfo_algorithm(algclass_ipsec_enc, IPSECDOI_ESP_3DES, 0); |
| 149 | add_sainfo_algorithm(algclass_ipsec_enc, IPSECDOI_ESP_DES, 0); |
Chia-chi Yeh | f8a6a76 | 2011-07-04 17:21:23 -0700 | [diff] [blame] | 150 | } |
| 151 | |
| 152 | /*****************************************************************************/ |
| 153 | |
| 154 | static int policy_match(struct sadb_address *address) |
Chia-chi Yeh | 3473d8e | 2011-05-31 13:26:30 -0700 | [diff] [blame] | 155 | { |
| 156 | if (address) { |
Chia-chi Yeh | b0d8f17 | 2011-07-12 15:14:38 -0700 | [diff] [blame] | 157 | struct sockaddr *addr = PFKEY_ADDR_SADDR(address); |
| 158 | return cmpsaddr(addr, targets[0]) < CMPSADDR_MISMATCH || |
| 159 | cmpsaddr(addr, targets[1]) < CMPSADDR_MISMATCH; |
Chia-chi Yeh | 3473d8e | 2011-05-31 13:26:30 -0700 | [diff] [blame] | 160 | } |
| 161 | return 0; |
| 162 | } |
| 163 | |
Chia-chi Yeh | 837a1c7 | 2009-06-26 09:40:31 +0800 | [diff] [blame] | 164 | /* flush; spdflush; */ |
| 165 | static void flush() |
| 166 | { |
Chia-chi Yeh | 3473d8e | 2011-05-31 13:26:30 -0700 | [diff] [blame] | 167 | struct sadb_msg *p; |
| 168 | int replies = 0; |
Chia-chi Yeh | 837a1c7 | 2009-06-26 09:40:31 +0800 | [diff] [blame] | 169 | int key = pfkey_open(); |
Chia-chi Yeh | 3473d8e | 2011-05-31 13:26:30 -0700 | [diff] [blame] | 170 | |
| 171 | if (pfkey_send_dump(key, SADB_SATYPE_UNSPEC) <= 0 || |
| 172 | pfkey_send_spddump(key) <= 0) { |
Chia-chi Yeh | b0d8f17 | 2011-07-12 15:14:38 -0700 | [diff] [blame] | 173 | do_plog(LLV_ERROR, "Cannot dump SAD and SPD\n"); |
Chia-chi Yeh | 3473d8e | 2011-05-31 13:26:30 -0700 | [diff] [blame] | 174 | exit(1); |
Chia-chi Yeh | 837a1c7 | 2009-06-26 09:40:31 +0800 | [diff] [blame] | 175 | } |
Chia-chi Yeh | 3473d8e | 2011-05-31 13:26:30 -0700 | [diff] [blame] | 176 | |
| 177 | for (p = NULL; replies < 2 && (p = pfkey_recv(key)) != NULL; free(p)) { |
| 178 | caddr_t q[SADB_EXT_MAX + 1]; |
| 179 | |
| 180 | if (p->sadb_msg_type != SADB_DUMP && |
| 181 | p->sadb_msg_type != SADB_X_SPDDUMP) { |
| 182 | continue; |
| 183 | } |
| 184 | replies += !p->sadb_msg_seq; |
| 185 | |
| 186 | if (p->sadb_msg_errno || pfkey_align(p, q) || pfkey_check(q)) { |
| 187 | continue; |
| 188 | } |
Chia-chi Yeh | f8a6a76 | 2011-07-04 17:21:23 -0700 | [diff] [blame] | 189 | if (policy_match((struct sadb_address *)q[SADB_EXT_ADDRESS_SRC]) || |
| 190 | policy_match((struct sadb_address *)q[SADB_EXT_ADDRESS_DST])) { |
Chia-chi Yeh | 3473d8e | 2011-05-31 13:26:30 -0700 | [diff] [blame] | 191 | p->sadb_msg_type = (p->sadb_msg_type == SADB_DUMP) ? |
| 192 | SADB_DELETE : SADB_X_SPDDELETE; |
| 193 | p->sadb_msg_reserved = 0; |
| 194 | p->sadb_msg_seq = 0; |
| 195 | pfkey_send(key, p, PFKEY_UNUNIT64(p->sadb_msg_len)); |
| 196 | } |
| 197 | } |
| 198 | |
| 199 | pfkey_close(key); |
Chia-chi Yeh | 837a1c7 | 2009-06-26 09:40:31 +0800 | [diff] [blame] | 200 | } |
| 201 | |
| 202 | /* flush; spdflush; |
Chia-chi Yeh | f8a6a76 | 2011-07-04 17:21:23 -0700 | [diff] [blame] | 203 | * spdadd src dst protocol -P out ipsec esp/transport//require; OR |
| 204 | * spdadd src any protocol -P out ipsec esp/tunnel/local-remote/require; */ |
| 205 | static void spdadd(struct sockaddr *src, struct sockaddr *dst, |
| 206 | int protocol, struct sockaddr *local, struct sockaddr *remote) |
Chia-chi Yeh | 837a1c7 | 2009-06-26 09:40:31 +0800 | [diff] [blame] | 207 | { |
| 208 | struct __attribute__((packed)) { |
| 209 | struct sadb_x_policy p; |
| 210 | struct sadb_x_ipsecrequest q; |
Chia-chi Yeh | f8a6a76 | 2011-07-04 17:21:23 -0700 | [diff] [blame] | 211 | char addresses[sizeof(struct sockaddr_storage) * 2]; |
Chia-chi Yeh | 837a1c7 | 2009-06-26 09:40:31 +0800 | [diff] [blame] | 212 | } policy; |
Chia-chi Yeh | 837a1c7 | 2009-06-26 09:40:31 +0800 | [diff] [blame] | 213 | |
Chia-chi Yeh | f8a6a76 | 2011-07-04 17:21:23 -0700 | [diff] [blame] | 214 | struct sockaddr_storage any = { |
| 215 | #ifndef __linux__ |
| 216 | .ss_len = src->sa_len, |
| 217 | #endif |
| 218 | .ss_family = src->sa_family, |
| 219 | }; |
| 220 | |
| 221 | int src_prefix = (src->sa_family == AF_INET) ? 32 : 128; |
| 222 | int dst_prefix = src_prefix; |
| 223 | int length = 0; |
| 224 | int key; |
| 225 | |
| 226 | /* Fill default values. */ |
Chia-chi Yeh | 837a1c7 | 2009-06-26 09:40:31 +0800 | [diff] [blame] | 227 | memset(&policy, 0, sizeof(policy)); |
Chia-chi Yeh | 837a1c7 | 2009-06-26 09:40:31 +0800 | [diff] [blame] | 228 | policy.p.sadb_x_policy_exttype = SADB_X_EXT_POLICY; |
| 229 | policy.p.sadb_x_policy_type = IPSEC_POLICY_IPSEC; |
| 230 | policy.p.sadb_x_policy_dir = IPSEC_DIR_OUTBOUND; |
| 231 | #ifdef HAVE_PFKEY_POLICY_PRIORITY |
| 232 | policy.p.sadb_x_policy_priority = PRIORITY_DEFAULT; |
| 233 | #endif |
Chia-chi Yeh | 837a1c7 | 2009-06-26 09:40:31 +0800 | [diff] [blame] | 234 | policy.q.sadb_x_ipsecrequest_proto = IPPROTO_ESP; |
| 235 | policy.q.sadb_x_ipsecrequest_mode = IPSEC_MODE_TRANSPORT; |
| 236 | policy.q.sadb_x_ipsecrequest_level = IPSEC_LEVEL_REQUIRE; |
| 237 | |
Chia-chi Yeh | f8a6a76 | 2011-07-04 17:21:23 -0700 | [diff] [blame] | 238 | /* Deal with tunnel mode. */ |
| 239 | if (!dst) { |
| 240 | policy.q.sadb_x_ipsecrequest_mode = IPSEC_MODE_TUNNEL; |
| 241 | dst = (struct sockaddr *)&any; |
| 242 | dst_prefix = 0; |
| 243 | |
| 244 | length = sysdep_sa_len(local); |
| 245 | memcpy(policy.addresses, local, length); |
| 246 | memcpy(&policy.addresses[length], remote, length); |
| 247 | length += length; |
| 248 | |
Chia-chi Yeh | b0d8f17 | 2011-07-12 15:14:38 -0700 | [diff] [blame] | 249 | /* Also use the source address to filter policies. */ |
| 250 | targets[1] = dupsaddr(src); |
Chia-chi Yeh | f8a6a76 | 2011-07-04 17:21:23 -0700 | [diff] [blame] | 251 | } |
| 252 | |
| 253 | /* Fix lengths. */ |
| 254 | length += sizeof(policy.q); |
| 255 | policy.q.sadb_x_ipsecrequest_len = length; |
| 256 | length += sizeof(policy.p); |
| 257 | policy.p.sadb_x_policy_len = PFKEY_UNIT64(length); |
| 258 | |
| 259 | /* Always do a flush before adding the new policy. */ |
Chia-chi Yeh | 3473d8e | 2011-05-31 13:26:30 -0700 | [diff] [blame] | 260 | flush(); |
Chia-chi Yeh | f8a6a76 | 2011-07-04 17:21:23 -0700 | [diff] [blame] | 261 | key = pfkey_open(); |
| 262 | if (pfkey_send_spdadd(key, src, src_prefix, dst, dst_prefix, protocol, |
| 263 | (caddr_t)&policy, length, 0) <= 0) { |
Chia-chi Yeh | 3473d8e | 2011-05-31 13:26:30 -0700 | [diff] [blame] | 264 | do_plog(LLV_ERROR, "Cannot initialize SAD and SPD\n"); |
Chia-chi Yeh | 7197eb7 | 2009-07-13 16:43:29 +0800 | [diff] [blame] | 265 | exit(1); |
Chia-chi Yeh | 837a1c7 | 2009-06-26 09:40:31 +0800 | [diff] [blame] | 266 | } |
| 267 | pfkey_close(key); |
Chia-chi Yeh | c454954 | 2009-07-22 06:46:14 +0800 | [diff] [blame] | 268 | atexit(flush); |
Chia-chi Yeh | 837a1c7 | 2009-06-26 09:40:31 +0800 | [diff] [blame] | 269 | } |
| 270 | |
Chia-chi Yeh | f8a6a76 | 2011-07-04 17:21:23 -0700 | [diff] [blame] | 271 | /*****************************************************************************/ |
| 272 | |
| 273 | static void add_proposal(struct remoteconf *remoteconf, |
| 274 | int auth, int hash, int encryption, int length) |
| 275 | { |
| 276 | struct isakmpsa *p = racoon_calloc(1, sizeof(struct isakmpsa)); |
| 277 | p->prop_no = 1; |
| 278 | p->lifetime = OAKLEY_ATTR_SA_LD_SEC_DEFAULT; |
| 279 | p->enctype = encryption; |
| 280 | p->encklen = length; |
| 281 | p->authmethod = auth; |
| 282 | p->hashtype = hash; |
| 283 | p->dh_group = OAKLEY_ATTR_GRP_DESC_MODP1024; |
| 284 | p->vendorid = VENDORID_UNKNOWN; |
| 285 | |
| 286 | if (!remoteconf->proposal) { |
| 287 | p->trns_no = 1; |
| 288 | remoteconf->proposal = p; |
| 289 | } else { |
| 290 | struct isakmpsa *q = remoteconf->proposal; |
| 291 | while (q->next) { |
| 292 | q = q->next; |
| 293 | } |
| 294 | p->trns_no = q->trns_no + 1; |
| 295 | q->next = p; |
| 296 | } |
| 297 | } |
| 298 | |
Chia-chi Yeh | dbbbd5f | 2011-07-12 13:21:42 -0700 | [diff] [blame] | 299 | static vchar_t *get_certificate(char *type, char *file) |
| 300 | { |
| 301 | char path[PATH_MAX + 1]; |
| 302 | vchar_t *certificate = NULL; |
| 303 | |
| 304 | getpathname(path, sizeof(path), LC_PATHTYPE_CERT, file); |
| 305 | certificate = eay_get_x509cert(path); |
| 306 | if (!certificate) { |
| 307 | do_plog(LLV_ERROR, "Cannot load %s certificate\n", type); |
| 308 | exit(1); |
| 309 | } |
| 310 | return certificate; |
| 311 | } |
| 312 | |
| 313 | static void set_certificates(struct remoteconf *remoteconf, |
| 314 | char *user_private_key, char *user_certificate, char *ca_certificate) |
| 315 | { |
| 316 | remoteconf->myprivfile = user_private_key; |
| 317 | remoteconf->mycertfile = user_certificate; |
| 318 | if (user_certificate) { |
| 319 | remoteconf->mycert = get_certificate("user", user_certificate); |
| 320 | } |
| 321 | if (!ca_certificate[0]) { |
| 322 | remoteconf->verify_cert = FALSE; |
| 323 | } else { |
| 324 | remoteconf->cacertfile = ca_certificate; |
| 325 | remoteconf->cacert = get_certificate("CA", ca_certificate); |
| 326 | } |
| 327 | remoteconf->idvtype = IDTYPE_ASN1DN; |
| 328 | } |
| 329 | |
| 330 | static vchar_t *strtovchar(char *string) |
| 331 | { |
Chia-chi Yeh | 1070097 | 2011-07-12 18:06:57 -0700 | [diff] [blame] | 332 | vchar_t *vchar = string ? vmalloc(strlen(string) + 1) : NULL; |
Chia-chi Yeh | dbbbd5f | 2011-07-12 13:21:42 -0700 | [diff] [blame] | 333 | if (vchar) { |
| 334 | memcpy(vchar->v, string, vchar->l); |
| 335 | } |
| 336 | return vchar; |
| 337 | } |
| 338 | |
| 339 | #ifdef ENABLE_HYBRID |
| 340 | |
| 341 | static void set_xauth_and_more(struct remoteconf *remoteconf, |
| 342 | char *username, char *password, char *phase1_up, char *script_arg) |
| 343 | { |
| 344 | struct xauth_rmconf *xauth = racoon_calloc(1, sizeof(struct xauth_rmconf)); |
Chia-chi Yeh | 1070097 | 2011-07-12 18:06:57 -0700 | [diff] [blame] | 345 | xauth->login = strtovchar(username); |
| 346 | xauth->pass = strtovchar(password); |
Chia-chi Yeh | dbbbd5f | 2011-07-12 13:21:42 -0700 | [diff] [blame] | 347 | remoteconf->xauth = xauth; |
| 348 | remoteconf->mode_cfg = TRUE; |
| 349 | remoteconf->script[SCRIPT_PHASE1_UP] = strtovchar(phase1_up); |
| 350 | script_names[SCRIPT_PHASE1_UP] = script_arg; |
| 351 | } |
| 352 | |
| 353 | #endif |
| 354 | |
Chia-chi Yeh | 7197eb7 | 2009-07-13 16:43:29 +0800 | [diff] [blame] | 355 | void setup(int argc, char **argv) |
Chia-chi Yeh | 837a1c7 | 2009-06-26 09:40:31 +0800 | [diff] [blame] | 356 | { |
Chia-chi Yeh | dbbbd5f | 2011-07-12 13:21:42 -0700 | [diff] [blame] | 357 | struct remoteconf *remoteconf = NULL; |
Chia-chi Yeh | 837a1c7 | 2009-06-26 09:40:31 +0800 | [diff] [blame] | 358 | int auth; |
Chia-chi Yeh | 837a1c7 | 2009-06-26 09:40:31 +0800 | [diff] [blame] | 359 | |
Chia-chi Yeh | f8a6a76 | 2011-07-04 17:21:23 -0700 | [diff] [blame] | 360 | if (argc > 2) { |
| 361 | set_globals(argv[1], argv[2]); |
Chia-chi Yeh | 837a1c7 | 2009-06-26 09:40:31 +0800 | [diff] [blame] | 362 | |
Chia-chi Yeh | f8a6a76 | 2011-07-04 17:21:23 -0700 | [diff] [blame] | 363 | /* Initialize everything else. */ |
| 364 | eay_init(); |
| 365 | initrmconf(); |
| 366 | oakley_dhinit(); |
| 367 | compute_vendorids(); |
| 368 | sched_init(); |
| 369 | if (pfkey_init() < 0 || isakmp_init() < 0) { |
| 370 | exit(1); |
| 371 | } |
Chia-chi Yeh | 837a1c7 | 2009-06-26 09:40:31 +0800 | [diff] [blame] | 372 | #ifdef ENABLE_NATT |
Chia-chi Yeh | f8a6a76 | 2011-07-04 17:21:23 -0700 | [diff] [blame] | 373 | natt_keepalive_init(); |
Chia-chi Yeh | 837a1c7 | 2009-06-26 09:40:31 +0800 | [diff] [blame] | 374 | #endif |
| 375 | |
Chia-chi Yeh | f8a6a76 | 2011-07-04 17:21:23 -0700 | [diff] [blame] | 376 | /* Create remote configuration. */ |
| 377 | remoteconf = newrmconf(); |
| 378 | remoteconf->etypes = racoon_calloc(1, sizeof(struct etypes)); |
| 379 | remoteconf->etypes->type = ISAKMP_ETYPE_IDENT; |
| 380 | remoteconf->ike_frag = TRUE; |
Chia-chi Yeh | f82b826 | 2011-07-13 18:07:54 -0700 | [diff] [blame] | 381 | remoteconf->pcheck_level = PROP_CHECK_CLAIM; |
Chia-chi Yeh | f8a6a76 | 2011-07-04 17:21:23 -0700 | [diff] [blame] | 382 | remoteconf->gen_policy = TRUE; |
| 383 | remoteconf->nat_traversal = TRUE; |
Chia-chi Yeh | b0d8f17 | 2011-07-12 15:14:38 -0700 | [diff] [blame] | 384 | remoteconf->remote = dupsaddr(targets[0]); |
Chia-chi Yeh | f8a6a76 | 2011-07-04 17:21:23 -0700 | [diff] [blame] | 385 | set_port(remoteconf->remote, localconf.port_isakmp); |
Chia-chi Yeh | 837a1c7 | 2009-06-26 09:40:31 +0800 | [diff] [blame] | 386 | } |
| 387 | |
Chia-chi Yeh | f8a6a76 | 2011-07-04 17:21:23 -0700 | [diff] [blame] | 388 | /* Set authentication method and credentials. */ |
| 389 | if (argc == 6 && !strcmp(argv[3], "udppsk")) { |
Chia-chi Yeh | dbbbd5f | 2011-07-12 13:21:42 -0700 | [diff] [blame] | 390 | pre_shared_key = argv[4]; |
Chia-chi Yeh | f8a6a76 | 2011-07-04 17:21:23 -0700 | [diff] [blame] | 391 | remoteconf->idvtype = IDTYPE_ADDRESS; |
| 392 | auth = OAKLEY_ATTR_AUTH_METHOD_PSKEY; |
Chia-chi Yeh | dbbbd5f | 2011-07-12 13:21:42 -0700 | [diff] [blame] | 393 | |
Chia-chi Yeh | b0d8f17 | 2011-07-12 15:14:38 -0700 | [diff] [blame] | 394 | set_port(targets[0], atoi(argv[5])); |
| 395 | spdadd(sources[0].addr, targets[0], IPPROTO_UDP, NULL, NULL); |
Chia-chi Yeh | dbbbd5f | 2011-07-12 13:21:42 -0700 | [diff] [blame] | 396 | } else if (argc == 8 && !strcmp(argv[3], "udprsa")) { |
| 397 | set_certificates(remoteconf, argv[4], argv[5], argv[6]); |
Chia-chi Yeh | f8a6a76 | 2011-07-04 17:21:23 -0700 | [diff] [blame] | 398 | auth = OAKLEY_ATTR_AUTH_METHOD_RSASIG; |
Chia-chi Yeh | dbbbd5f | 2011-07-12 13:21:42 -0700 | [diff] [blame] | 399 | |
Chia-chi Yeh | b0d8f17 | 2011-07-12 15:14:38 -0700 | [diff] [blame] | 400 | set_port(targets[0], atoi(argv[7])); |
| 401 | spdadd(sources[0].addr, targets[0], IPPROTO_UDP, NULL, NULL); |
Chia-chi Yeh | dbbbd5f | 2011-07-12 13:21:42 -0700 | [diff] [blame] | 402 | #ifdef ENABLE_HYBRID |
| 403 | } else if (argc == 10 && !strcmp(argv[3], "xauthpsk")) { |
| 404 | pre_shared_key = argv[5]; |
| 405 | remoteconf->idvtype = IDTYPE_ADDRESS; |
| 406 | if (*argv[4]) { |
| 407 | remoteconf->idv = strtovchar(argv[4]); |
| 408 | /* We might want to add some heuristics to detect the type? */ |
| 409 | remoteconf->idvtype = IDTYPE_KEYID; |
| 410 | } |
| 411 | set_xauth_and_more(remoteconf, argv[6], argv[7], argv[8], argv[9]); |
| 412 | auth = OAKLEY_ATTR_AUTH_METHOD_XAUTH_PSKEY_I; |
| 413 | } else if (argc == 11 && !strcmp(argv[3], "xauthrsa")) { |
| 414 | set_certificates(remoteconf, argv[4], argv[5], argv[6]); |
| 415 | set_xauth_and_more(remoteconf, argv[7], argv[8], argv[9], argv[10]); |
| 416 | auth = OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSASIG_I; |
| 417 | } else if (argc == 9 && !strcmp(argv[3], "hybridrsa")) { |
| 418 | set_certificates(remoteconf, NULL, NULL, argv[4]); |
| 419 | set_xauth_and_more(remoteconf, argv[5], argv[6], argv[7], argv[8]); |
| 420 | auth = OAKLEY_ATTR_AUTH_METHOD_HYBRID_RSA_I; |
| 421 | #endif |
Chia-chi Yeh | f8a6a76 | 2011-07-04 17:21:23 -0700 | [diff] [blame] | 422 | } else { |
Chia-chi Yeh | dbbbd5f | 2011-07-12 13:21:42 -0700 | [diff] [blame] | 423 | printf("Usage: %s <interface> <server> [...], where [...] can be:\n" |
| 424 | " udppsk <pre-shared-key> <port>\n" |
| 425 | " udprsa <user-private-key> <user-cert> <ca-cert> <port>\n" |
| 426 | #ifdef ENABLE_HYBRID |
| 427 | " xauthpsk <identifier> <pre-shared-key>" |
| 428 | " <username> <password> <phase1-up> <script-arg>\n" |
| 429 | " xauthrsa <user-private-key> <user-cert> <ca-cert>" |
| 430 | " <username> <password> <phase1-up> <script-arg>\n" |
| 431 | " hybridrsa <ca-cert>" |
| 432 | " <username> <password> <phase1-up> <script-arg>\n" |
| 433 | #endif |
| 434 | "", argv[0]); |
Chia-chi Yeh | f8a6a76 | 2011-07-04 17:21:23 -0700 | [diff] [blame] | 435 | exit(0); |
| 436 | } |
Chia-chi Yeh | 837a1c7 | 2009-06-26 09:40:31 +0800 | [diff] [blame] | 437 | |
Chia-chi Yeh | f8a6a76 | 2011-07-04 17:21:23 -0700 | [diff] [blame] | 438 | /* Add proposals. */ |
| 439 | add_proposal(remoteconf, auth, |
Chia-chi Yeh | f82b826 | 2011-07-13 18:07:54 -0700 | [diff] [blame] | 440 | OAKLEY_ATTR_HASH_ALG_SHA, OAKLEY_ATTR_ENC_ALG_AES, 256); |
| 441 | add_proposal(remoteconf, auth, |
| 442 | OAKLEY_ATTR_HASH_ALG_MD5, OAKLEY_ATTR_ENC_ALG_AES, 256); |
| 443 | add_proposal(remoteconf, auth, |
| 444 | OAKLEY_ATTR_HASH_ALG_SHA, OAKLEY_ATTR_ENC_ALG_AES, 128); |
| 445 | add_proposal(remoteconf, auth, |
| 446 | OAKLEY_ATTR_HASH_ALG_MD5, OAKLEY_ATTR_ENC_ALG_AES, 128); |
| 447 | add_proposal(remoteconf, auth, |
Chia-chi Yeh | f8a6a76 | 2011-07-04 17:21:23 -0700 | [diff] [blame] | 448 | OAKLEY_ATTR_HASH_ALG_SHA, OAKLEY_ATTR_ENC_ALG_3DES, 0); |
| 449 | add_proposal(remoteconf, auth, |
| 450 | OAKLEY_ATTR_HASH_ALG_MD5, OAKLEY_ATTR_ENC_ALG_3DES, 0); |
| 451 | add_proposal(remoteconf, auth, |
| 452 | OAKLEY_ATTR_HASH_ALG_SHA, OAKLEY_ATTR_ENC_ALG_DES, 0); |
| 453 | add_proposal(remoteconf, auth, |
| 454 | OAKLEY_ATTR_HASH_ALG_MD5, OAKLEY_ATTR_ENC_ALG_DES, 0); |
Chia-chi Yeh | f8a6a76 | 2011-07-04 17:21:23 -0700 | [diff] [blame] | 455 | |
| 456 | /* Install remote configuration. */ |
| 457 | insrmconf(remoteconf); |
| 458 | |
| 459 | /* Create ISAKMP sockets. */ |
Chia-chi Yeh | b0d8f17 | 2011-07-12 15:14:38 -0700 | [diff] [blame] | 460 | set_port(sources[0].addr, localconf.port_isakmp); |
| 461 | sources[0].fd = isakmp_open(sources[0].addr, FALSE); |
| 462 | if (sources[0].fd == -1) { |
Chia-chi Yeh | 0ed3271 | 2011-07-12 14:06:46 -0700 | [diff] [blame] | 463 | do_plog(LLV_ERROR, "Cannot create ISAKMP socket\n"); |
Chia-chi Yeh | f8a6a76 | 2011-07-04 17:21:23 -0700 | [diff] [blame] | 464 | exit(1); |
| 465 | } |
| 466 | #ifdef ENABLE_NATT |
Chia-chi Yeh | b0d8f17 | 2011-07-12 15:14:38 -0700 | [diff] [blame] | 467 | set_port(sources[1].addr, localconf.port_isakmp_natt); |
| 468 | sources[1].fd = isakmp_open(sources[1].addr, TRUE); |
| 469 | if (sources[1].fd == -1) { |
Chia-chi Yeh | 0ed3271 | 2011-07-12 14:06:46 -0700 | [diff] [blame] | 470 | do_plog(LLV_WARNING, "Cannot create ISAKMP socket for NAT-T\n"); |
Chia-chi Yeh | f8a6a76 | 2011-07-04 17:21:23 -0700 | [diff] [blame] | 471 | } |
| 472 | #endif |
Chia-chi Yeh | dbbbd5f | 2011-07-12 13:21:42 -0700 | [diff] [blame] | 473 | |
| 474 | /* Start phase 1 negotiation for xauth. */ |
| 475 | if (remoteconf->xauth) { |
Chia-chi Yeh | b0d8f17 | 2011-07-12 15:14:38 -0700 | [diff] [blame] | 476 | isakmp_ph1begin_i(remoteconf, remoteconf->remote, sources[0].addr); |
Chia-chi Yeh | dbbbd5f | 2011-07-12 13:21:42 -0700 | [diff] [blame] | 477 | } |
Chia-chi Yeh | 837a1c7 | 2009-06-26 09:40:31 +0800 | [diff] [blame] | 478 | } |
| 479 | |
Chia-chi Yeh | f8a6a76 | 2011-07-04 17:21:23 -0700 | [diff] [blame] | 480 | /*****************************************************************************/ |
| 481 | |
Chia-chi Yeh | 837a1c7 | 2009-06-26 09:40:31 +0800 | [diff] [blame] | 482 | /* localconf.h */ |
| 483 | |
| 484 | vchar_t *getpskbyaddr(struct sockaddr *addr) |
| 485 | { |
Chia-chi Yeh | dbbbd5f | 2011-07-12 13:21:42 -0700 | [diff] [blame] | 486 | return strtovchar(pre_shared_key); |
Chia-chi Yeh | 837a1c7 | 2009-06-26 09:40:31 +0800 | [diff] [blame] | 487 | } |
| 488 | |
| 489 | vchar_t *getpskbyname(vchar_t *name) |
| 490 | { |
| 491 | return NULL; |
| 492 | } |
| 493 | |
| 494 | void getpathname(char *path, int length, int type, const char *name) |
| 495 | { |
Chia-chi Yeh | 8f3b388 | 2011-07-07 13:43:20 -0700 | [diff] [blame] | 496 | if (pname) { |
| 497 | snprintf(path, length, pname, name); |
Chia-chi Yeh | e9fc376 | 2011-07-07 03:20:34 -0700 | [diff] [blame] | 498 | } else { |
| 499 | strncpy(path, name, length); |
| 500 | } |
Chia-chi Yeh | fd76ec5 | 2011-07-07 12:28:27 -0700 | [diff] [blame] | 501 | path[length - 1] = '\0'; |
Chia-chi Yeh | 837a1c7 | 2009-06-26 09:40:31 +0800 | [diff] [blame] | 502 | } |
| 503 | |
Chia-chi Yeh | 514ffe2 | 2011-07-07 13:52:27 -0700 | [diff] [blame] | 504 | /* grabmyaddr.h */ |
| 505 | |
| 506 | int myaddr_getsport(struct sockaddr *addr) |
| 507 | { |
| 508 | return 0; |
| 509 | } |
| 510 | |
| 511 | int myaddr_getfd(struct sockaddr *addr) |
| 512 | { |
| 513 | #ifdef ENABLE_NATT |
Chia-chi Yeh | b0d8f17 | 2011-07-12 15:14:38 -0700 | [diff] [blame] | 514 | if (sources[1].fd != -1 && |
| 515 | cmpsaddr(addr, sources[1].addr) == CMPSADDR_MATCH) { |
| 516 | return sources[1].fd; |
Chia-chi Yeh | 514ffe2 | 2011-07-07 13:52:27 -0700 | [diff] [blame] | 517 | } |
| 518 | #endif |
Chia-chi Yeh | b0d8f17 | 2011-07-12 15:14:38 -0700 | [diff] [blame] | 519 | if (cmpsaddr(addr, sources[0].addr) < CMPSADDR_MISMATCH) { |
| 520 | return sources[0].fd; |
Chia-chi Yeh | 514ffe2 | 2011-07-07 13:52:27 -0700 | [diff] [blame] | 521 | } |
| 522 | return -1; |
| 523 | } |
| 524 | |
Chia-chi Yeh | f8a6a76 | 2011-07-04 17:21:23 -0700 | [diff] [blame] | 525 | /* privsep.h */ |
| 526 | |
| 527 | int privsep_socket(int domain, int type, int protocol) |
| 528 | { |
| 529 | int fd = socket(domain, type, protocol); |
| 530 | if ((domain == AF_INET || domain == AF_INET6) && setsockopt( |
| 531 | fd, SOL_SOCKET, SO_BINDTODEVICE, interface, strlen(interface))) { |
Chia-chi Yeh | 0ed3271 | 2011-07-12 14:06:46 -0700 | [diff] [blame] | 532 | do_plog(LLV_WARNING, "Cannot bind socket to %s\n", interface); |
Chia-chi Yeh | f8a6a76 | 2011-07-04 17:21:23 -0700 | [diff] [blame] | 533 | } |
| 534 | return fd; |
| 535 | } |
| 536 | |
| 537 | int privsep_bind(int fd, const struct sockaddr *addr, socklen_t addrlen) |
| 538 | { |
| 539 | return bind(fd, addr, addrlen); |
| 540 | } |
| 541 | |
| 542 | vchar_t *privsep_eay_get_pkcs1privkey(char *file) |
| 543 | { |
| 544 | return eay_get_pkcs1privkey(file); |
| 545 | } |
| 546 | |
Chia-chi Yeh | e4b1247 | 2011-07-12 17:14:47 -0700 | [diff] [blame] | 547 | static char *get_env(char * const *envp, char *key) |
| 548 | { |
| 549 | int length = strlen(key); |
| 550 | while (*envp && (strncmp(*envp, key, length) || (*envp)[length] != '=')) { |
| 551 | ++envp; |
| 552 | } |
| 553 | return *envp ? &(*envp)[length + 1] : ""; |
| 554 | } |
| 555 | |
Chia-chi Yeh | cfc417e | 2011-07-13 14:05:22 -0700 | [diff] [blame] | 556 | static int skip_script = 0; |
Chia-chi Yeh | a9a07ac | 2011-07-19 18:29:16 -0700 | [diff] [blame] | 557 | extern const char *android_hook(char **envp); |
Chia-chi Yeh | 1070097 | 2011-07-12 18:06:57 -0700 | [diff] [blame] | 558 | |
Chia-chi Yeh | dbbbd5f | 2011-07-12 13:21:42 -0700 | [diff] [blame] | 559 | int privsep_script_exec(char *script, int name, char * const *envp) |
Chia-chi Yeh | f8a6a76 | 2011-07-04 17:21:23 -0700 | [diff] [blame] | 560 | { |
Chia-chi Yeh | cfc417e | 2011-07-13 14:05:22 -0700 | [diff] [blame] | 561 | if (skip_script) { |
| 562 | do_plog(LLV_WARNING, |
| 563 | "Phase 1 is up again. This time skip executing the script.\n"); |
Chia-chi Yeh | e4b1247 | 2011-07-12 17:14:47 -0700 | [diff] [blame] | 564 | } else { |
Chia-chi Yeh | cfc417e | 2011-07-13 14:05:22 -0700 | [diff] [blame] | 565 | /* Racoon ignores INTERNAL_IP6_ADDRESS, so we only do IPv4. */ |
| 566 | struct sockaddr *addr4 = str2saddr(get_env(envp, "INTERNAL_ADDR4"), |
| 567 | NULL); |
| 568 | struct sockaddr *local = str2saddr(get_env(envp, "LOCAL_ADDR"), |
| 569 | get_env(envp, "LOCAL_PORT")); |
| 570 | struct sockaddr *remote = str2saddr(get_env(envp, "REMOTE_ADDR"), |
| 571 | get_env(envp, "REMOTE_PORT")); |
Chia-chi Yeh | e4b1247 | 2011-07-12 17:14:47 -0700 | [diff] [blame] | 572 | |
Chia-chi Yeh | cfc417e | 2011-07-13 14:05:22 -0700 | [diff] [blame] | 573 | if (addr4 && local && remote) { |
| 574 | #ifdef ANDROID_CHANGES |
Chia-chi Yeh | a9a07ac | 2011-07-19 18:29:16 -0700 | [diff] [blame] | 575 | if (pname) { |
| 576 | script = (char *)android_hook((char **)envp); |
| 577 | } |
Chia-chi Yeh | cfc417e | 2011-07-13 14:05:22 -0700 | [diff] [blame] | 578 | #endif |
| 579 | spdadd(addr4, NULL, IPPROTO_IP, local, remote); |
| 580 | } else { |
| 581 | do_plog(LLV_ERROR, "Cannot get parameters for SPD policy.\n"); |
| 582 | exit(1); |
| 583 | } |
| 584 | |
| 585 | skip_script = 1; |
| 586 | racoon_free(addr4); |
| 587 | racoon_free(local); |
| 588 | racoon_free(remote); |
| 589 | return script_exec(script, name, envp); |
| 590 | } |
| 591 | return 0; |
Chia-chi Yeh | f8a6a76 | 2011-07-04 17:21:23 -0700 | [diff] [blame] | 592 | } |
| 593 | |
Chia-chi Yeh | 514ffe2 | 2011-07-07 13:52:27 -0700 | [diff] [blame] | 594 | int privsep_accounting_system(int port, struct sockaddr *addr, |
| 595 | char *user, int status) |
Chia-chi Yeh | f8a6a76 | 2011-07-04 17:21:23 -0700 | [diff] [blame] | 596 | { |
| 597 | return 0; |
| 598 | } |
| 599 | |
Chia-chi Yeh | 514ffe2 | 2011-07-07 13:52:27 -0700 | [diff] [blame] | 600 | int privsep_xauth_login_system(char *user, char *password) |
Chia-chi Yeh | f8a6a76 | 2011-07-04 17:21:23 -0700 | [diff] [blame] | 601 | { |
Chia-chi Yeh | f8a6a76 | 2011-07-04 17:21:23 -0700 | [diff] [blame] | 602 | return -1; |
| 603 | } |
| 604 | |
Chia-chi Yeh | 0ed3271 | 2011-07-12 14:06:46 -0700 | [diff] [blame] | 605 | /* misc.h */ |
| 606 | |
| 607 | int racoon_hexdump(void *data, size_t length) |
| 608 | { |
| 609 | return 0; |
| 610 | } |
| 611 | |
| 612 | void close_on_exec(int fd) |
| 613 | { |
| 614 | fcntl(fd, F_SETFD, FD_CLOEXEC); |
| 615 | } |
| 616 | |
| 617 | /* sainfo.h */ |
| 618 | |
| 619 | struct sainfo *getsainfo(const vchar_t *src, const vchar_t *dst, |
| 620 | const vchar_t *peer, const vchar_t *client, uint32_t remoteid) |
| 621 | { |
| 622 | return &sainfo; |
| 623 | } |
| 624 | |
| 625 | const char *sainfo2str(const struct sainfo *si) |
| 626 | { |
| 627 | return "*"; |
| 628 | } |
| 629 | |
Chia-chi Yeh | 514ffe2 | 2011-07-07 13:52:27 -0700 | [diff] [blame] | 630 | /* throttle.h */ |
Chia-chi Yeh | f8a6a76 | 2011-07-04 17:21:23 -0700 | [diff] [blame] | 631 | |
Chia-chi Yeh | 514ffe2 | 2011-07-07 13:52:27 -0700 | [diff] [blame] | 632 | int throttle_host(struct sockaddr *addr, int fail) |
Chia-chi Yeh | f8a6a76 | 2011-07-04 17:21:23 -0700 | [diff] [blame] | 633 | { |
| 634 | return 0; |
| 635 | } |