Commit | Line | Data |
---|---|---|
86530b38 AT |
1 | /* |
2 | * $Id: libnet_build_ipsec.c,v 1.19 2005/11/29 22:41:39 carlosc Exp $ | |
3 | * | |
4 | * libnet | |
5 | * libnet_build_ipsec.c - IP packet assembler | |
6 | * | |
7 | * Copyright (c) 1998 - 2004 Mike D. Schiffman <mike@infonexus.com> | |
8 | * Copyright (c) 2002 Jose Nazario <jose@crimelabs.net> | |
9 | * All rights reserved. | |
10 | * | |
11 | * Redistribution and use in source and binary forms, with or without | |
12 | * modification, are permitted provided that the following conditions | |
13 | * are met: | |
14 | * 1. Redistributions of source code must retain the above copyright | |
15 | * notice, this list of conditions and the following disclaimer. | |
16 | * 2. Redistributions in binary form must reproduce the above copyright | |
17 | * notice, this list of conditions and the following disclaimer in the | |
18 | * documentation and/or other materials provided with the distribution. | |
19 | * | |
20 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND | |
21 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
22 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
23 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | |
24 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
25 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
26 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
27 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
28 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
29 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
30 | * SUCH DAMAGE. | |
31 | * | |
32 | */ | |
33 | ||
34 | #if (HAVE_CONFIG_H) | |
35 | #include "../include/config.h" | |
36 | #endif | |
37 | #if (!(_WIN32) || (__CYGWIN__)) | |
38 | #include "../include/libnet.h" | |
39 | #else | |
40 | #include "../include/win32/libnet.h" | |
41 | #endif | |
42 | ||
43 | ||
44 | libnet_ptag_t | |
45 | libnet_build_ipsec_esp_hdr(u_int32_t spi, u_int32_t seq, u_int32_t iv, | |
46 | u_int8_t *payload, u_int32_t payload_s, libnet_t *l, libnet_ptag_t ptag) | |
47 | { | |
48 | u_int32_t n, h; | |
49 | libnet_pblock_t *p; | |
50 | struct libnet_esp_hdr esp_hdr; | |
51 | ||
52 | if (l == NULL) | |
53 | { | |
54 | return (-1); | |
55 | } | |
56 | ||
57 | n = LIBNET_IPSEC_ESP_HDR_H + payload_s;/* size of memory block */ | |
58 | h = 0; | |
59 | ||
60 | memset(&esp_hdr, 0, sizeof(esp_hdr)); | |
61 | esp_hdr.esp_spi = htonl(spi); /* SPI */ | |
62 | esp_hdr.esp_seq = htonl(seq); /* ESP sequence number */ | |
63 | esp_hdr.esp_iv = htonl(iv); /* initialization vector */ | |
64 | ||
65 | /* | |
66 | * Find the existing protocol block if a ptag is specified, or create | |
67 | * a new one. | |
68 | */ | |
69 | p = libnet_pblock_probe(l, ptag, n, LIBNET_PBLOCK_IPSEC_ESP_HDR_H); | |
70 | if (p == NULL) | |
71 | { | |
72 | return (-1); | |
73 | } | |
74 | ||
75 | n = libnet_pblock_append(l, p, (u_int8_t *)&esp_hdr, LIBNET_IPSEC_ESP_HDR_H); | |
76 | if (n == -1) | |
77 | { | |
78 | goto bad; | |
79 | } | |
80 | ||
81 | if ((payload && !payload_s) || (!payload && payload_s)) | |
82 | { | |
83 | snprintf(l->err_buf, LIBNET_ERRBUF_SIZE, | |
84 | "%s(): payload inconsistency\n", __func__); | |
85 | goto bad; | |
86 | } | |
87 | ||
88 | if (payload && payload_s) | |
89 | { | |
90 | n = libnet_pblock_append(l, p, payload, payload_s); | |
91 | if (n == -1) | |
92 | { | |
93 | goto bad; | |
94 | } | |
95 | } | |
96 | ||
97 | return (ptag ? ptag : libnet_pblock_update(l, p, h, | |
98 | LIBNET_PBLOCK_IPSEC_ESP_HDR_H)); | |
99 | bad: | |
100 | libnet_pblock_delete(l, p); | |
101 | return (-1); | |
102 | } | |
103 | ||
104 | ||
105 | libnet_ptag_t | |
106 | libnet_build_ipsec_esp_ftr(u_int8_t len, u_int8_t nh, int8_t *auth, | |
107 | u_int8_t *payload, u_int32_t payload_s, libnet_t *l, | |
108 | libnet_ptag_t ptag) | |
109 | { | |
110 | /* XXX we need to know the size of auth */ | |
111 | u_int32_t n, h; | |
112 | libnet_pblock_t *p; | |
113 | struct libnet_esp_ftr esp_ftr; | |
114 | ||
115 | if (l == NULL) | |
116 | { | |
117 | return (-1); | |
118 | } | |
119 | ||
120 | n = LIBNET_IPSEC_ESP_FTR_H + payload_s;/* size of memory block */ | |
121 | h = 0; | |
122 | ||
123 | memset(&esp_ftr, 0, sizeof(esp_ftr)); | |
124 | esp_ftr.esp_pad_len = len; /* pad length */ | |
125 | esp_ftr.esp_nh = nh; /* next header pointer */ | |
126 | esp_ftr.esp_auth = auth; /* authentication data */ | |
127 | ||
128 | /* | |
129 | * Find the existing protocol block if a ptag is specified, or create | |
130 | * a new one. | |
131 | */ | |
132 | p = libnet_pblock_probe(l, ptag, n, LIBNET_PBLOCK_IPSEC_ESP_FTR_H); | |
133 | if (p == NULL) | |
134 | { | |
135 | return (-1); | |
136 | } | |
137 | ||
138 | n = libnet_pblock_append(l, p, (u_int8_t *)&esp_ftr, LIBNET_IPSEC_ESP_FTR_H); | |
139 | if (n == -1) | |
140 | { | |
141 | goto bad; | |
142 | } | |
143 | ||
144 | if ((payload && !payload_s) || (!payload && payload_s)) | |
145 | { | |
146 | snprintf(l->err_buf, LIBNET_ERRBUF_SIZE, | |
147 | "%s(): payload inconsistency\n", __func__); | |
148 | goto bad; | |
149 | } | |
150 | ||
151 | if (payload && payload_s) | |
152 | { | |
153 | n = libnet_pblock_append(l, p, payload, payload_s); | |
154 | if (n == -1) | |
155 | { | |
156 | goto bad; | |
157 | } | |
158 | } | |
159 | ||
160 | return (ptag ? ptag : libnet_pblock_update(l, p, h, | |
161 | LIBNET_PBLOCK_IPSEC_ESP_FTR_H)); | |
162 | bad: | |
163 | libnet_pblock_delete(l, p); | |
164 | return (-1); | |
165 | } | |
166 | ||
167 | ||
168 | libnet_ptag_t | |
169 | libnet_build_ipsec_ah(u_int8_t nh, u_int8_t len, u_int16_t res, | |
170 | u_int32_t spi, u_int32_t seq, u_int32_t auth, u_int8_t *payload, | |
171 | u_int32_t payload_s, libnet_t *l, libnet_ptag_t ptag) | |
172 | { | |
173 | u_int32_t n, h; | |
174 | libnet_pblock_t *p; | |
175 | struct libnet_ah_hdr ah_hdr; | |
176 | ||
177 | if (l == NULL) | |
178 | { | |
179 | return (-1); | |
180 | } | |
181 | ||
182 | n = LIBNET_IPSEC_AH_H + payload_s;/* size of memory block */ | |
183 | h = 0; | |
184 | ||
185 | /* | |
186 | * Find the existing protocol block if a ptag is specified, or create | |
187 | * a new one. | |
188 | */ | |
189 | p = libnet_pblock_probe(l, ptag, n, LIBNET_PBLOCK_IPSEC_AH_H); | |
190 | if (p == NULL) | |
191 | { | |
192 | return (-1); | |
193 | } | |
194 | ||
195 | memset(&ah_hdr, 0, sizeof(ah_hdr)); | |
196 | ah_hdr.ah_nh = nh; /* next header */ | |
197 | ah_hdr.ah_len = len; /* length */ | |
198 | ah_hdr.ah_res = (res ? htons(res) : 0); | |
199 | ah_hdr.ah_spi = htonl(spi); /* SPI */ | |
200 | ah_hdr.ah_seq = htonl(seq); /* AH sequence number */ | |
201 | ah_hdr.ah_auth = htonl(auth); /* authentication data */ | |
202 | ||
203 | n = libnet_pblock_append(l, p, (u_int8_t *)&ah_hdr, LIBNET_IPSEC_AH_H); | |
204 | if (n == -1) | |
205 | { | |
206 | goto bad; | |
207 | } | |
208 | ||
209 | if ((payload && !payload_s) || (!payload && payload_s)) | |
210 | { | |
211 | snprintf(l->err_buf, LIBNET_ERRBUF_SIZE, | |
212 | "%s(): payload inconsistency\n", __func__); | |
213 | goto bad; | |
214 | } | |
215 | ||
216 | if (payload && payload_s) | |
217 | { | |
218 | n = libnet_pblock_append(l, p, payload, payload_s); | |
219 | if (n == -1) | |
220 | { | |
221 | goto bad; | |
222 | } | |
223 | } | |
224 | ||
225 | return (ptag ? ptag : libnet_pblock_update(l, p, h, | |
226 | LIBNET_PBLOCK_IPSEC_AH_H)); | |
227 | bad: | |
228 | libnet_pblock_delete(l, p); | |
229 | return (-1); | |
230 | } | |
231 | ||
232 | /* EOF */ |