xref: /freebsd/lib/libipsec/pfkey.c (revision 3d6a94db1010319dc65736100089d6dd5ff90e46)
1 /*	$KAME: pfkey.c,v 1.46 2003/08/26 03:37:06 itojun Exp $	*/
2 
3 /*-
4  * SPDX-License-Identifier: BSD-3-Clause
5  *
6  * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
7  * All rights reserved.
8  *
9  * Redistribution and use in source and binary forms, with or without
10  * modification, are permitted provided that the following conditions
11  * are met:
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions and the following disclaimer.
14  * 2. Redistributions in binary form must reproduce the above copyright
15  *    notice, this list of conditions and the following disclaimer in the
16  *    documentation and/or other materials provided with the distribution.
17  * 3. Neither the name of the project nor the names of its contributors
18  *    may be used to endorse or promote products derived from this software
19  *    without specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31  * SUCH DAMAGE.
32  */
33 
34 #include <sys/cdefs.h>
35 __FBSDID("$FreeBSD$");
36 
37 #include <sys/types.h>
38 #include <sys/param.h>
39 #include <sys/socket.h>
40 #include <net/pfkeyv2.h>
41 #include <netipsec/key_var.h>
42 #include <netinet/in.h>
43 #include <netipsec/ipsec.h>
44 
45 #include <stdlib.h>
46 #include <stdint.h>
47 #include <unistd.h>
48 #include <string.h>
49 #include <errno.h>
50 
51 #include "ipsec_strerror.h"
52 #include "libpfkey.h"
53 
54 #define CALLOC(size, cast) (cast)calloc(1, (size))
55 
56 static int findsupportedmap(int);
57 static int setsupportedmap(struct sadb_supported *);
58 static struct sadb_alg *findsupportedalg(u_int, u_int);
59 static int pfkey_send_x1(int, u_int, u_int, u_int, struct sockaddr *,
60 	struct sockaddr *, u_int32_t, u_int32_t, u_int, caddr_t,
61 	u_int, u_int, u_int, u_int, u_int, u_int32_t, u_int32_t,
62 	u_int32_t, u_int32_t, u_int32_t);
63 static int pfkey_send_x2(int, u_int, u_int, u_int,
64 	struct sockaddr *, struct sockaddr *, u_int32_t);
65 static int pfkey_send_x3(int, u_int, u_int);
66 static int pfkey_send_x4(int, u_int, struct sockaddr *, u_int,
67 	struct sockaddr *, u_int, u_int, u_int64_t, u_int64_t,
68 	char *, int, u_int32_t);
69 static int pfkey_send_x5(int, u_int, u_int32_t);
70 
71 static caddr_t pfkey_setsadbmsg(caddr_t, caddr_t, u_int, u_int,
72 	u_int, u_int32_t, pid_t);
73 static caddr_t pfkey_setsadbsa(caddr_t, caddr_t, u_int32_t, u_int,
74 	u_int, u_int, u_int32_t);
75 static caddr_t pfkey_setsadbxreplay(caddr_t, caddr_t, uint32_t);
76 static caddr_t pfkey_setsadbaddr(caddr_t, caddr_t, u_int,
77 	struct sockaddr *, u_int, u_int);
78 static caddr_t pfkey_setsadbkey(caddr_t, caddr_t, u_int, caddr_t, u_int);
79 static caddr_t pfkey_setsadblifetime(caddr_t, caddr_t, u_int, u_int32_t,
80 	u_int32_t, u_int32_t, u_int32_t);
81 static caddr_t pfkey_setsadbxsa2(caddr_t, caddr_t, u_int32_t, u_int32_t);
82 
83 /*
84  * make and search supported algorithm structure.
85  */
86 static struct sadb_supported *ipsec_supported[] = { NULL, NULL, NULL, NULL };
87 
88 static int supported_map[] = {
89 	SADB_SATYPE_AH,
90 	SADB_SATYPE_ESP,
91 	SADB_X_SATYPE_IPCOMP,
92 	SADB_X_SATYPE_TCPSIGNATURE
93 };
94 
95 static int
96 findsupportedmap(int satype)
97 {
98 	int i;
99 
100 	for (i = 0; i < sizeof(supported_map)/sizeof(supported_map[0]); i++)
101 		if (supported_map[i] == satype)
102 			return i;
103 	return -1;
104 }
105 
106 static struct sadb_alg *
107 findsupportedalg(u_int satype, u_int alg_id)
108 {
109 	int algno;
110 	int tlen;
111 	caddr_t p;
112 
113 	/* validity check */
114 	algno = findsupportedmap(satype);
115 	if (algno == -1) {
116 		__ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
117 		return NULL;
118 	}
119 	if (ipsec_supported[algno] == NULL) {
120 		__ipsec_errcode = EIPSEC_DO_GET_SUPP_LIST;
121 		return NULL;
122 	}
123 
124 	tlen = ipsec_supported[algno]->sadb_supported_len
125 		- sizeof(struct sadb_supported);
126 	p = (caddr_t)(ipsec_supported[algno] + 1);
127 	while (tlen > 0) {
128 		if (tlen < sizeof(struct sadb_alg)) {
129 			/* invalid format */
130 			break;
131 		}
132 		if (((struct sadb_alg *)p)->sadb_alg_id == alg_id)
133 			return (struct sadb_alg *)p;
134 
135 		tlen -= sizeof(struct sadb_alg);
136 		p += sizeof(struct sadb_alg);
137 	}
138 
139 	__ipsec_errcode = EIPSEC_NOT_SUPPORTED;
140 	return NULL;
141 }
142 
143 static int
144 setsupportedmap(struct sadb_supported *sup)
145 {
146 	struct sadb_supported **ipsup;
147 
148 	switch (sup->sadb_supported_exttype) {
149 	case SADB_EXT_SUPPORTED_AUTH:
150 		ipsup = &ipsec_supported[findsupportedmap(SADB_SATYPE_AH)];
151 		break;
152 	case SADB_EXT_SUPPORTED_ENCRYPT:
153 		ipsup = &ipsec_supported[findsupportedmap(SADB_SATYPE_ESP)];
154 		break;
155 	default:
156 		__ipsec_errcode = EIPSEC_INVAL_SATYPE;
157 		return -1;
158 	}
159 
160 	if (*ipsup)
161 		free(*ipsup);
162 
163 	*ipsup = malloc(sup->sadb_supported_len);
164 	if (!*ipsup) {
165 		__ipsec_set_strerror(strerror(errno));
166 		return -1;
167 	}
168 	memcpy(*ipsup, sup, sup->sadb_supported_len);
169 
170 	return 0;
171 }
172 
173 /*
174  * check key length against algorithm specified.
175  * This function is called with SADB_EXT_SUPPORTED_{AUTH,ENCRYPT} as the
176  * augument, and only calls to ipsec_check_keylen2();
177  * keylen is the unit of bit.
178  * OUT:
179  *	-1: invalid.
180  *	 0: valid.
181  */
182 int
183 ipsec_check_keylen(u_int supported, u_int alg_id, u_int keylen)
184 {
185 	int satype;
186 
187 	/* validity check */
188 	switch (supported) {
189 	case SADB_EXT_SUPPORTED_AUTH:
190 		satype = SADB_SATYPE_AH;
191 		break;
192 	case SADB_EXT_SUPPORTED_ENCRYPT:
193 		satype = SADB_SATYPE_ESP;
194 		break;
195 	default:
196 		__ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
197 		return -1;
198 	}
199 
200 	return ipsec_check_keylen2(satype, alg_id, keylen);
201 }
202 
203 /*
204  * check key length against algorithm specified.
205  * satype is one of satype defined at pfkeyv2.h.
206  * keylen is the unit of bit.
207  * OUT:
208  *	-1: invalid.
209  *	 0: valid.
210  */
211 int
212 ipsec_check_keylen2(u_int satype, u_int alg_id, u_int keylen)
213 {
214 	struct sadb_alg *alg;
215 
216 	alg = findsupportedalg(satype, alg_id);
217 	if (!alg)
218 		return -1;
219 
220 	if (keylen < alg->sadb_alg_minbits || keylen > alg->sadb_alg_maxbits) {
221 		__ipsec_errcode = EIPSEC_INVAL_KEYLEN;
222 		return -1;
223 	}
224 
225 	__ipsec_errcode = EIPSEC_NO_ERROR;
226 	return 0;
227 }
228 
229 /*
230  * get max/min key length against algorithm specified.
231  * satype is one of satype defined at pfkeyv2.h.
232  * keylen is the unit of bit.
233  * OUT:
234  *	-1: invalid.
235  *	 0: valid.
236  */
237 int
238 ipsec_get_keylen(u_int supported, u_int alg_id, struct sadb_alg *alg0)
239 {
240 	struct sadb_alg *alg;
241 	u_int satype;
242 
243 	/* validity check */
244 	if (!alg0) {
245 		__ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
246 		return -1;
247 	}
248 
249 	switch (supported) {
250 	case SADB_EXT_SUPPORTED_AUTH:
251 		satype = SADB_SATYPE_AH;
252 		break;
253 	case SADB_EXT_SUPPORTED_ENCRYPT:
254 		satype = SADB_SATYPE_ESP;
255 		break;
256 	default:
257 		__ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
258 		return -1;
259 	}
260 
261 	alg = findsupportedalg(satype, alg_id);
262 	if (!alg)
263 		return -1;
264 
265 	memcpy(alg0, alg, sizeof(*alg0));
266 
267 	__ipsec_errcode = EIPSEC_NO_ERROR;
268 	return 0;
269 }
270 
271 /*
272  * set the rate for SOFT lifetime against HARD one.
273  * If rate is more than 100 or equal to zero, then set to 100.
274  */
275 static u_int soft_lifetime_allocations_rate = PFKEY_SOFT_LIFETIME_RATE;
276 static u_int soft_lifetime_bytes_rate = PFKEY_SOFT_LIFETIME_RATE;
277 static u_int soft_lifetime_addtime_rate = PFKEY_SOFT_LIFETIME_RATE;
278 static u_int soft_lifetime_usetime_rate = PFKEY_SOFT_LIFETIME_RATE;
279 
280 u_int
281 pfkey_set_softrate(u_int type, u_int rate)
282 {
283 	__ipsec_errcode = EIPSEC_NO_ERROR;
284 
285 	if (rate > 100 || rate == 0)
286 		rate = 100;
287 
288 	switch (type) {
289 	case SADB_X_LIFETIME_ALLOCATIONS:
290 		soft_lifetime_allocations_rate = rate;
291 		return 0;
292 	case SADB_X_LIFETIME_BYTES:
293 		soft_lifetime_bytes_rate = rate;
294 		return 0;
295 	case SADB_X_LIFETIME_ADDTIME:
296 		soft_lifetime_addtime_rate = rate;
297 		return 0;
298 	case SADB_X_LIFETIME_USETIME:
299 		soft_lifetime_usetime_rate = rate;
300 		return 0;
301 	}
302 
303 	__ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
304 	return 1;
305 }
306 
307 /*
308  * get current rate for SOFT lifetime against HARD one.
309  * ATTENTION: ~0 is returned if invalid type was passed.
310  */
311 u_int
312 pfkey_get_softrate(u_int type)
313 {
314 	switch (type) {
315 	case SADB_X_LIFETIME_ALLOCATIONS:
316 		return soft_lifetime_allocations_rate;
317 	case SADB_X_LIFETIME_BYTES:
318 		return soft_lifetime_bytes_rate;
319 	case SADB_X_LIFETIME_ADDTIME:
320 		return soft_lifetime_addtime_rate;
321 	case SADB_X_LIFETIME_USETIME:
322 		return soft_lifetime_usetime_rate;
323 	}
324 
325 	return ~0;
326 }
327 
328 /*
329  * sending SADB_GETSPI message to the kernel.
330  * OUT:
331  *	positive: success and return length sent.
332  *	-1	: error occurred, and set errno.
333  */
334 int
335 pfkey_send_getspi(int so, u_int satype, u_int mode, struct sockaddr *src,
336     struct sockaddr *dst, u_int32_t min, uint32_t max, uint32_t reqid,
337     uint32_t seq)
338 {
339 	struct sadb_msg *newmsg;
340 	caddr_t ep;
341 	int len;
342 	int need_spirange = 0;
343 	caddr_t p;
344 	int plen;
345 
346 	/* validity check */
347 	if (src == NULL || dst == NULL) {
348 		__ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
349 		return -1;
350 	}
351 	if (src->sa_family != dst->sa_family) {
352 		__ipsec_errcode = EIPSEC_FAMILY_MISMATCH;
353 		return -1;
354 	}
355 	if (min > max || (min > 0 && min <= 255)) {
356 		__ipsec_errcode = EIPSEC_INVAL_SPI;
357 		return -1;
358 	}
359 	switch (src->sa_family) {
360 	case AF_INET:
361 		plen = sizeof(struct in_addr) << 3;
362 		break;
363 	case AF_INET6:
364 		plen = sizeof(struct in6_addr) << 3;
365 		break;
366 	default:
367 		__ipsec_errcode = EIPSEC_INVAL_FAMILY;
368 		return -1;
369 	}
370 
371 	/* create new sadb_msg to send. */
372 	len = sizeof(struct sadb_msg)
373 		+ sizeof(struct sadb_x_sa2)
374 		+ sizeof(struct sadb_address)
375 		+ PFKEY_ALIGN8(src->sa_len)
376 		+ sizeof(struct sadb_address)
377 		+ PFKEY_ALIGN8(dst->sa_len);
378 
379 	if (min > 255 && max < ~0) {
380 		need_spirange++;
381 		len += sizeof(struct sadb_spirange);
382 	}
383 
384 	if ((newmsg = CALLOC(len, struct sadb_msg *)) == NULL) {
385 		__ipsec_set_strerror(strerror(errno));
386 		return -1;
387 	}
388 	ep = ((caddr_t)newmsg) + len;
389 
390 	p = pfkey_setsadbmsg((caddr_t)newmsg, ep, SADB_GETSPI,
391 	    len, satype, seq, getpid());
392 	if (!p) {
393 		free(newmsg);
394 		return -1;
395 	}
396 
397 	p = pfkey_setsadbxsa2(p, ep, mode, reqid);
398 	if (!p) {
399 		free(newmsg);
400 		return -1;
401 	}
402 
403 	/* set sadb_address for source */
404 	p = pfkey_setsadbaddr(p, ep, SADB_EXT_ADDRESS_SRC, src, plen,
405 	    IPSEC_ULPROTO_ANY);
406 	if (!p) {
407 		free(newmsg);
408 		return -1;
409 	}
410 
411 	/* set sadb_address for destination */
412 	p = pfkey_setsadbaddr(p, ep, SADB_EXT_ADDRESS_DST, dst, plen,
413 	    IPSEC_ULPROTO_ANY);
414 	if (!p) {
415 		free(newmsg);
416 		return -1;
417 	}
418 
419 	/* processing spi range */
420 	if (need_spirange) {
421 		struct sadb_spirange spirange;
422 
423 		if (p + sizeof(spirange) > ep) {
424 			free(newmsg);
425 			return -1;
426 		}
427 
428 		memset(&spirange, 0, sizeof(spirange));
429 		spirange.sadb_spirange_len = PFKEY_UNIT64(sizeof(spirange));
430 		spirange.sadb_spirange_exttype = SADB_EXT_SPIRANGE;
431 		spirange.sadb_spirange_min = min;
432 		spirange.sadb_spirange_max = max;
433 
434 		memcpy(p, &spirange, sizeof(spirange));
435 
436 		p += sizeof(spirange);
437 	}
438 	if (p != ep) {
439 		free(newmsg);
440 		return -1;
441 	}
442 
443 	/* send message */
444 	len = pfkey_send(so, newmsg, len);
445 	free(newmsg);
446 
447 	if (len < 0)
448 		return -1;
449 
450 	__ipsec_errcode = EIPSEC_NO_ERROR;
451 	return len;
452 }
453 
454 /*
455  * sending SADB_UPDATE message to the kernel.
456  * The length of key material is a_keylen + e_keylen.
457  * OUT:
458  *	positive: success and return length sent.
459  *	-1	: error occurred, and set errno.
460  */
461 int
462 pfkey_send_update(int so, u_int satype, u_int mode, struct sockaddr *src,
463     struct sockaddr *dst, u_int32_t spi, u_int32_t reqid, u_int wsize,
464     caddr_t keymat, u_int e_type, u_int e_keylen, u_int a_type, u_int a_keylen,
465     u_int flags, u_int32_t l_alloc, u_int64_t l_bytes, u_int64_t l_addtime,
466     u_int64_t l_usetime, u_int32_t seq)
467 {
468 	int len;
469 	if ((len = pfkey_send_x1(so, SADB_UPDATE, satype, mode, src, dst, spi,
470 			reqid, wsize,
471 			keymat, e_type, e_keylen, a_type, a_keylen, flags,
472 			l_alloc, l_bytes, l_addtime, l_usetime, seq)) < 0)
473 		return -1;
474 
475 	return len;
476 }
477 
478 /*
479  * sending SADB_ADD message to the kernel.
480  * The length of key material is a_keylen + e_keylen.
481  * OUT:
482  *	positive: success and return length sent.
483  *	-1	: error occurred, and set errno.
484  */
485 int
486 pfkey_send_add(int so, u_int satype, u_int mode, struct sockaddr *src,
487     struct sockaddr *dst, u_int32_t spi, u_int32_t reqid, u_int wsize,
488     caddr_t keymat, u_int e_type, u_int e_keylen, u_int a_type, u_int a_keylen,
489     u_int flags, u_int32_t l_alloc, u_int64_t l_bytes, u_int64_t l_addtime,
490     u_int64_t l_usetime, u_int32_t seq)
491 {
492 	int len;
493 	if ((len = pfkey_send_x1(so, SADB_ADD, satype, mode, src, dst, spi,
494 			reqid, wsize,
495 			keymat, e_type, e_keylen, a_type, a_keylen, flags,
496 			l_alloc, l_bytes, l_addtime, l_usetime, seq)) < 0)
497 		return -1;
498 
499 	return len;
500 }
501 
502 /*
503  * sending SADB_DELETE message to the kernel.
504  * OUT:
505  *	positive: success and return length sent.
506  *	-1	: error occurred, and set errno.
507  */
508 int
509 pfkey_send_delete(int so, u_int satype, u_int mode, struct sockaddr *src,
510     struct sockaddr *dst, u_int32_t spi)
511 {
512 	int len;
513 	if ((len = pfkey_send_x2(so, SADB_DELETE, satype, mode, src, dst, spi)) < 0)
514 		return -1;
515 
516 	return len;
517 }
518 
519 /*
520  * sending SADB_DELETE without spi to the kernel.  This is
521  * the "delete all" request (an extension also present in
522  * Solaris).
523  *
524  * OUT:
525  *	positive: success and return length sent
526  *	-1	: error occurred, and set errno
527  */
528 int
529 pfkey_send_delete_all(int so, u_int satype, u_int mode, struct sockaddr *src,
530     struct sockaddr *dst)
531 {
532 	struct sadb_msg *newmsg;
533 	int len;
534 	caddr_t p;
535 	int plen;
536 	caddr_t ep;
537 
538 	/* validity check */
539 	if (src == NULL || dst == NULL) {
540 		__ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
541 		return -1;
542 	}
543 	if (src->sa_family != dst->sa_family) {
544 		__ipsec_errcode = EIPSEC_FAMILY_MISMATCH;
545 		return -1;
546 	}
547 	switch (src->sa_family) {
548 	case AF_INET:
549 		plen = sizeof(struct in_addr) << 3;
550 		break;
551 	case AF_INET6:
552 		plen = sizeof(struct in6_addr) << 3;
553 		break;
554 	default:
555 		__ipsec_errcode = EIPSEC_INVAL_FAMILY;
556 		return -1;
557 	}
558 
559 	/* create new sadb_msg to reply. */
560 	len = sizeof(struct sadb_msg)
561 		+ sizeof(struct sadb_address)
562 		+ PFKEY_ALIGN8(src->sa_len)
563 		+ sizeof(struct sadb_address)
564 		+ PFKEY_ALIGN8(dst->sa_len);
565 
566 	if ((newmsg = CALLOC(len, struct sadb_msg *)) == NULL) {
567 		__ipsec_set_strerror(strerror(errno));
568 		return -1;
569 	}
570 	ep = ((caddr_t)newmsg) + len;
571 
572 	p = pfkey_setsadbmsg((caddr_t)newmsg, ep, SADB_DELETE, len, satype, 0,
573 	    getpid());
574 	if (!p) {
575 		free(newmsg);
576 		return -1;
577 	}
578 	p = pfkey_setsadbaddr(p, ep, SADB_EXT_ADDRESS_SRC, src, plen,
579 	    IPSEC_ULPROTO_ANY);
580 	if (!p) {
581 		free(newmsg);
582 		return -1;
583 	}
584 	p = pfkey_setsadbaddr(p, ep, SADB_EXT_ADDRESS_DST, dst, plen,
585 	    IPSEC_ULPROTO_ANY);
586 	if (!p || p != ep) {
587 		free(newmsg);
588 		return -1;
589 	}
590 
591 	/* send message */
592 	len = pfkey_send(so, newmsg, len);
593 	free(newmsg);
594 
595 	if (len < 0)
596 		return -1;
597 
598 	__ipsec_errcode = EIPSEC_NO_ERROR;
599 	return len;
600 }
601 
602 /*
603  * sending SADB_GET message to the kernel.
604  * OUT:
605  *	positive: success and return length sent.
606  *	-1	: error occurred, and set errno.
607  */
608 int
609 pfkey_send_get(int so, u_int satype, u_int mode, struct sockaddr *src,
610     struct sockaddr *dst, u_int32_t spi)
611 {
612 	int len;
613 	if ((len = pfkey_send_x2(so, SADB_GET, satype, mode, src, dst, spi)) < 0)
614 		return -1;
615 
616 	return len;
617 }
618 
619 /*
620  * sending SADB_REGISTER message to the kernel.
621  * OUT:
622  *	positive: success and return length sent.
623  *	-1	: error occurred, and set errno.
624  */
625 int
626 pfkey_send_register(int so, u_int satype)
627 {
628 	int len, algno;
629 
630 	if (satype == SADB_SATYPE_UNSPEC) {
631 		for (algno = 0;
632 		     algno < sizeof(supported_map)/sizeof(supported_map[0]);
633 		     algno++) {
634 			if (ipsec_supported[algno]) {
635 				free(ipsec_supported[algno]);
636 				ipsec_supported[algno] = NULL;
637 			}
638 		}
639 	} else {
640 		algno = findsupportedmap(satype);
641 		if (algno == -1) {
642 			__ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
643 			return -1;
644 		}
645 
646 		if (ipsec_supported[algno]) {
647 			free(ipsec_supported[algno]);
648 			ipsec_supported[algno] = NULL;
649 		}
650 	}
651 
652 	if ((len = pfkey_send_x3(so, SADB_REGISTER, satype)) < 0)
653 		return -1;
654 
655 	return len;
656 }
657 
658 /*
659  * receiving SADB_REGISTER message from the kernel, and copy buffer for
660  * sadb_supported returned into ipsec_supported.
661  * OUT:
662  *	 0: success and return length sent.
663  *	-1: error occurred, and set errno.
664  */
665 int
666 pfkey_recv_register(int so)
667 {
668 	pid_t pid = getpid();
669 	struct sadb_msg *newmsg;
670 	int error = -1;
671 
672 	/* receive message */
673 	for (;;) {
674 		if ((newmsg = pfkey_recv(so)) == NULL)
675 			return -1;
676 		if (newmsg->sadb_msg_type == SADB_REGISTER &&
677 		    newmsg->sadb_msg_pid == pid)
678 			break;
679 		free(newmsg);
680 	}
681 
682 	/* check and fix */
683 	newmsg->sadb_msg_len = PFKEY_UNUNIT64(newmsg->sadb_msg_len);
684 
685 	error = pfkey_set_supported(newmsg, newmsg->sadb_msg_len);
686 	free(newmsg);
687 
688 	if (error == 0)
689 		__ipsec_errcode = EIPSEC_NO_ERROR;
690 
691 	return error;
692 }
693 
694 /*
695  * receiving SADB_REGISTER message from the kernel, and copy buffer for
696  * sadb_supported returned into ipsec_supported.
697  * NOTE: sadb_msg_len must be host order.
698  * IN:
699  *	tlen: msg length, it's to makeing sure.
700  * OUT:
701  *	 0: success and return length sent.
702  *	-1: error occurred, and set errno.
703  */
704 int
705 pfkey_set_supported(struct sadb_msg *msg, int tlen)
706 {
707 	struct sadb_supported *sup;
708 	caddr_t p;
709 	caddr_t ep;
710 
711 	/* validity */
712 	if (msg->sadb_msg_len != tlen) {
713 		__ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
714 		return -1;
715 	}
716 
717 	p = (caddr_t)msg;
718 	ep = p + tlen;
719 
720 	p += sizeof(struct sadb_msg);
721 
722 	while (p < ep) {
723 		sup = (struct sadb_supported *)p;
724 		if (ep < p + sizeof(*sup) ||
725 		    PFKEY_EXTLEN(sup) < sizeof(*sup) ||
726 		    ep < p + sup->sadb_supported_len) {
727 			/* invalid format */
728 			break;
729 		}
730 
731 		switch (sup->sadb_supported_exttype) {
732 		case SADB_EXT_SUPPORTED_AUTH:
733 		case SADB_EXT_SUPPORTED_ENCRYPT:
734 			break;
735 		default:
736 			__ipsec_errcode = EIPSEC_INVAL_SATYPE;
737 			return -1;
738 		}
739 
740 		/* fixed length */
741 		sup->sadb_supported_len = PFKEY_EXTLEN(sup);
742 
743 		/* set supported map */
744 		if (setsupportedmap(sup) != 0)
745 			return -1;
746 
747 		p += sup->sadb_supported_len;
748 	}
749 
750 	if (p != ep) {
751 		__ipsec_errcode = EIPSEC_INVAL_SATYPE;
752 		return -1;
753 	}
754 
755 	__ipsec_errcode = EIPSEC_NO_ERROR;
756 
757 	return 0;
758 }
759 
760 /*
761  * sending SADB_FLUSH message to the kernel.
762  * OUT:
763  *	positive: success and return length sent.
764  *	-1	: error occurred, and set errno.
765  */
766 int
767 pfkey_send_flush(int so, u_int satype)
768 {
769 	int len;
770 
771 	if ((len = pfkey_send_x3(so, SADB_FLUSH, satype)) < 0)
772 		return -1;
773 
774 	return len;
775 }
776 
777 /*
778  * sending SADB_DUMP message to the kernel.
779  * OUT:
780  *	positive: success and return length sent.
781  *	-1	: error occurred, and set errno.
782  */
783 int
784 pfkey_send_dump(int so, u_int satype)
785 {
786 	int len;
787 
788 	if ((len = pfkey_send_x3(so, SADB_DUMP, satype)) < 0)
789 		return -1;
790 
791 	return len;
792 }
793 
794 /*
795  * sending SADB_X_PROMISC message to the kernel.
796  * NOTE that this function handles promisc mode toggle only.
797  * IN:
798  *	flag:	set promisc off if zero, set promisc on if non-zero.
799  * OUT:
800  *	positive: success and return length sent.
801  *	-1	: error occurred, and set errno.
802  *	0     : error occurred, and set errno.
803  *	others: a pointer to new allocated buffer in which supported
804  *	        algorithms is.
805  */
806 int
807 pfkey_send_promisc_toggle(int so, int flag)
808 {
809 	int len;
810 
811 	if ((len = pfkey_send_x3(so, SADB_X_PROMISC, (flag ? 1 : 0))) < 0)
812 		return -1;
813 
814 	return len;
815 }
816 
817 /*
818  * sending SADB_X_SPDADD message to the kernel.
819  * OUT:
820  *	positive: success and return length sent.
821  *	-1	: error occurred, and set errno.
822  */
823 int
824 pfkey_send_spdadd(int so, struct sockaddr *src, u_int prefs,
825     struct sockaddr *dst, u_int prefd, u_int proto, caddr_t policy,
826     int policylen, u_int32_t seq)
827 {
828 	int len;
829 
830 	if ((len = pfkey_send_x4(so, SADB_X_SPDADD,
831 				src, prefs, dst, prefd, proto,
832 				0, 0,
833 				policy, policylen, seq)) < 0)
834 		return -1;
835 
836 	return len;
837 }
838 
839 /*
840  * sending SADB_X_SPDADD message to the kernel.
841  * OUT:
842  *	positive: success and return length sent.
843  *	-1	: error occurred, and set errno.
844  */
845 int
846 pfkey_send_spdadd2(int so, struct sockaddr *src, u_int prefs,
847     struct sockaddr *dst, u_int prefd, u_int proto, u_int64_t ltime,
848     u_int64_t vtime, caddr_t policy, int policylen, u_int32_t seq)
849 {
850 	int len;
851 
852 	if ((len = pfkey_send_x4(so, SADB_X_SPDADD,
853 				src, prefs, dst, prefd, proto,
854 				ltime, vtime,
855 				policy, policylen, seq)) < 0)
856 		return -1;
857 
858 	return len;
859 }
860 
861 /*
862  * sending SADB_X_SPDUPDATE message to the kernel.
863  * OUT:
864  *	positive: success and return length sent.
865  *	-1	: error occurred, and set errno.
866  */
867 int
868 pfkey_send_spdupdate(int so, struct sockaddr *src, u_int prefs,
869     struct sockaddr *dst, u_int prefd, u_int proto, caddr_t policy,
870     int policylen, u_int32_t seq)
871 {
872 	int len;
873 
874 	if ((len = pfkey_send_x4(so, SADB_X_SPDUPDATE,
875 				src, prefs, dst, prefd, proto,
876 				0, 0,
877 				policy, policylen, seq)) < 0)
878 		return -1;
879 
880 	return len;
881 }
882 
883 /*
884  * sending SADB_X_SPDUPDATE message to the kernel.
885  * OUT:
886  *	positive: success and return length sent.
887  *	-1	: error occurred, and set errno.
888  */
889 int
890 pfkey_send_spdupdate2(int so, struct sockaddr *src, u_int prefs,
891     struct sockaddr *dst, u_int prefd, u_int proto, u_int64_t ltime,
892     u_int64_t vtime, caddr_t policy, int policylen, u_int32_t seq)
893 {
894 	int len;
895 
896 	if ((len = pfkey_send_x4(so, SADB_X_SPDUPDATE,
897 				src, prefs, dst, prefd, proto,
898 				ltime, vtime,
899 				policy, policylen, seq)) < 0)
900 		return -1;
901 
902 	return len;
903 }
904 
905 /*
906  * sending SADB_X_SPDDELETE message to the kernel.
907  * OUT:
908  *	positive: success and return length sent.
909  *	-1	: error occurred, and set errno.
910  */
911 int
912 pfkey_send_spddelete(int so, struct sockaddr *src, u_int prefs,
913     struct sockaddr *dst, u_int prefd, u_int proto, caddr_t policy,
914     int policylen, u_int32_t seq)
915 {
916 	int len;
917 
918 	if (policylen != sizeof(struct sadb_x_policy)) {
919 		__ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
920 		return -1;
921 	}
922 
923 	if ((len = pfkey_send_x4(so, SADB_X_SPDDELETE,
924 				src, prefs, dst, prefd, proto,
925 				0, 0,
926 				policy, policylen, seq)) < 0)
927 		return -1;
928 
929 	return len;
930 }
931 
932 /*
933  * sending SADB_X_SPDDELETE message to the kernel.
934  * OUT:
935  *	positive: success and return length sent.
936  *	-1	: error occurred, and set errno.
937  */
938 int
939 pfkey_send_spddelete2(int so, u_int32_t spid)
940 {
941 	int len;
942 
943 	if ((len = pfkey_send_x5(so, SADB_X_SPDDELETE2, spid)) < 0)
944 		return -1;
945 
946 	return len;
947 }
948 
949 /*
950  * sending SADB_X_SPDGET message to the kernel.
951  * OUT:
952  *	positive: success and return length sent.
953  *	-1	: error occurred, and set errno.
954  */
955 int
956 pfkey_send_spdget(int so, u_int32_t spid)
957 {
958 	int len;
959 
960 	if ((len = pfkey_send_x5(so, SADB_X_SPDGET, spid)) < 0)
961 		return -1;
962 
963 	return len;
964 }
965 
966 /*
967  * sending SADB_X_SPDSETIDX message to the kernel.
968  * OUT:
969  *	positive: success and return length sent.
970  *	-1	: error occurred, and set errno.
971  */
972 int
973 pfkey_send_spdsetidx(int so, struct sockaddr *src, u_int prefs,
974     struct sockaddr *dst, u_int prefd, u_int proto, caddr_t policy,
975     int policylen, u_int32_t seq)
976 {
977 	int len;
978 
979 	if (policylen != sizeof(struct sadb_x_policy)) {
980 		__ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
981 		return -1;
982 	}
983 
984 	if ((len = pfkey_send_x4(so, SADB_X_SPDSETIDX,
985 				src, prefs, dst, prefd, proto,
986 				0, 0,
987 				policy, policylen, seq)) < 0)
988 		return -1;
989 
990 	return len;
991 }
992 
993 /*
994  * sending SADB_SPDFLUSH message to the kernel.
995  * OUT:
996  *	positive: success and return length sent.
997  *	-1	: error occurred, and set errno.
998  */
999 int
1000 pfkey_send_spdflush(int so)
1001 {
1002 	int len;
1003 
1004 	if ((len = pfkey_send_x3(so, SADB_X_SPDFLUSH, SADB_SATYPE_UNSPEC)) < 0)
1005 		return -1;
1006 
1007 	return len;
1008 }
1009 
1010 /*
1011  * sending SADB_SPDDUMP message to the kernel.
1012  * OUT:
1013  *	positive: success and return length sent.
1014  *	-1	: error occurred, and set errno.
1015  */
1016 int
1017 pfkey_send_spddump(int so)
1018 {
1019 	int len;
1020 
1021 	if ((len = pfkey_send_x3(so, SADB_X_SPDDUMP, SADB_SATYPE_UNSPEC)) < 0)
1022 		return -1;
1023 
1024 	return len;
1025 }
1026 
1027 /* sending SADB_ADD or SADB_UPDATE message to the kernel */
1028 static int
1029 pfkey_send_x1(int so, u_int type, u_int satype, u_int mode,
1030     struct sockaddr *src, struct sockaddr *dst, u_int32_t spi, u_int32_t reqid,
1031     u_int wsize, caddr_t keymat, u_int e_type, u_int e_keylen, u_int a_type,
1032     u_int a_keylen, u_int flags, u_int32_t l_alloc, u_int32_t l_bytes,
1033     u_int32_t l_addtime, u_int32_t l_usetime, u_int32_t seq)
1034 {
1035 	struct sadb_msg *newmsg;
1036 	int len;
1037 	caddr_t p;
1038 	int plen;
1039 	caddr_t ep;
1040 
1041 	/* validity check */
1042 	if (src == NULL || dst == NULL) {
1043 		__ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
1044 		return -1;
1045 	}
1046 	if (src->sa_family != dst->sa_family) {
1047 		__ipsec_errcode = EIPSEC_FAMILY_MISMATCH;
1048 		return -1;
1049 	}
1050 	switch (src->sa_family) {
1051 	case AF_INET:
1052 		plen = sizeof(struct in_addr) << 3;
1053 		break;
1054 	case AF_INET6:
1055 		plen = sizeof(struct in6_addr) << 3;
1056 		break;
1057 	default:
1058 		__ipsec_errcode = EIPSEC_INVAL_FAMILY;
1059 		return -1;
1060 	}
1061 
1062 	switch (satype) {
1063 	case SADB_SATYPE_ESP:
1064 		if (e_type == SADB_EALG_NONE) {
1065 			__ipsec_errcode = EIPSEC_NO_ALGS;
1066 			return -1;
1067 		}
1068 		break;
1069 	case SADB_SATYPE_AH:
1070 		if (e_type != SADB_EALG_NONE) {
1071 			__ipsec_errcode = EIPSEC_INVAL_ALGS;
1072 			return -1;
1073 		}
1074 		if (a_type == SADB_AALG_NONE) {
1075 			__ipsec_errcode = EIPSEC_NO_ALGS;
1076 			return -1;
1077 		}
1078 		break;
1079 	case SADB_X_SATYPE_IPCOMP:
1080 		if (e_type == SADB_X_CALG_NONE) {
1081 			__ipsec_errcode = EIPSEC_INVAL_ALGS;
1082 			return -1;
1083 		}
1084 		if (a_type != SADB_AALG_NONE) {
1085 			__ipsec_errcode = EIPSEC_NO_ALGS;
1086 			return -1;
1087 		}
1088 		break;
1089 	case SADB_X_SATYPE_TCPSIGNATURE:
1090 		if (e_type != SADB_EALG_NONE) {
1091 			__ipsec_errcode = EIPSEC_INVAL_ALGS;
1092 			return -1;
1093 		}
1094 		if (a_type != SADB_X_AALG_TCP_MD5) {
1095 			__ipsec_errcode = EIPSEC_INVAL_ALGS;
1096 			return -1;
1097 		}
1098 		break;
1099 	default:
1100 		__ipsec_errcode = EIPSEC_INVAL_SATYPE;
1101 		return -1;
1102 	}
1103 
1104 	/* create new sadb_msg to reply. */
1105 	len = sizeof(struct sadb_msg)
1106 		+ sizeof(struct sadb_sa)
1107 		+ sizeof(struct sadb_x_sa2)
1108 		+ sizeof(struct sadb_address)
1109 		+ PFKEY_ALIGN8(src->sa_len)
1110 		+ sizeof(struct sadb_address)
1111 		+ PFKEY_ALIGN8(dst->sa_len)
1112 		+ sizeof(struct sadb_lifetime)
1113 		+ sizeof(struct sadb_lifetime);
1114 
1115 	if (wsize > UINT8_MAX) {
1116 		if (wsize > (UINT32_MAX - 32) >> 3) {
1117 			__ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
1118 			return (-1);
1119 		}
1120 		len += sizeof(struct sadb_x_sa_replay);
1121 	}
1122 	if (e_type != SADB_EALG_NONE)
1123 		len += (sizeof(struct sadb_key) + PFKEY_ALIGN8(e_keylen));
1124 	if (a_type != SADB_AALG_NONE)
1125 		len += (sizeof(struct sadb_key) + PFKEY_ALIGN8(a_keylen));
1126 
1127 	if ((newmsg = CALLOC(len, struct sadb_msg *)) == NULL) {
1128 		__ipsec_set_strerror(strerror(errno));
1129 		return -1;
1130 	}
1131 	ep = ((caddr_t)newmsg) + len;
1132 
1133 	p = pfkey_setsadbmsg((caddr_t)newmsg, ep, type, len,
1134 	                     satype, seq, getpid());
1135 	if (!p) {
1136 		free(newmsg);
1137 		return -1;
1138 	}
1139 	p = pfkey_setsadbsa(p, ep, spi, wsize, a_type, e_type, flags);
1140 	if (!p) {
1141 		free(newmsg);
1142 		return -1;
1143 	}
1144 	p = pfkey_setsadbxsa2(p, ep, mode, reqid);
1145 	if (!p) {
1146 		free(newmsg);
1147 		return -1;
1148 	}
1149 	if (wsize > UINT8_MAX) {
1150 		p = pfkey_setsadbxreplay(p, ep, wsize);
1151 		if (!p) {
1152 			free(newmsg);
1153 			return (-1);
1154 		}
1155 	}
1156 	p = pfkey_setsadbaddr(p, ep, SADB_EXT_ADDRESS_SRC, src, plen,
1157 	    IPSEC_ULPROTO_ANY);
1158 	if (!p) {
1159 		free(newmsg);
1160 		return -1;
1161 	}
1162 	p = pfkey_setsadbaddr(p, ep, SADB_EXT_ADDRESS_DST, dst, plen,
1163 	    IPSEC_ULPROTO_ANY);
1164 	if (!p) {
1165 		free(newmsg);
1166 		return -1;
1167 	}
1168 
1169 	if (e_type != SADB_EALG_NONE) {
1170 		p = pfkey_setsadbkey(p, ep, SADB_EXT_KEY_ENCRYPT,
1171 		                   keymat, e_keylen);
1172 		if (!p) {
1173 			free(newmsg);
1174 			return -1;
1175 		}
1176 	}
1177 	if (a_type != SADB_AALG_NONE) {
1178 		p = pfkey_setsadbkey(p, ep, SADB_EXT_KEY_AUTH,
1179 		                   keymat + e_keylen, a_keylen);
1180 		if (!p) {
1181 			free(newmsg);
1182 			return -1;
1183 		}
1184 	}
1185 
1186 	/* set sadb_lifetime for destination */
1187 	p = pfkey_setsadblifetime(p, ep, SADB_EXT_LIFETIME_HARD,
1188 			l_alloc, l_bytes, l_addtime, l_usetime);
1189 	if (!p) {
1190 		free(newmsg);
1191 		return -1;
1192 	}
1193 	p = pfkey_setsadblifetime(p, ep, SADB_EXT_LIFETIME_SOFT,
1194 			l_alloc, l_bytes, l_addtime, l_usetime);
1195 	if (!p || p != ep) {
1196 		free(newmsg);
1197 		return -1;
1198 	}
1199 
1200 	/* send message */
1201 	len = pfkey_send(so, newmsg, len);
1202 	free(newmsg);
1203 
1204 	if (len < 0)
1205 		return -1;
1206 
1207 	__ipsec_errcode = EIPSEC_NO_ERROR;
1208 	return len;
1209 }
1210 
1211 /* sending SADB_DELETE or SADB_GET message to the kernel */
1212 static int
1213 pfkey_send_x2(int so, u_int type, u_int satype, u_int mode,
1214     struct sockaddr *src, struct sockaddr *dst, u_int32_t spi)
1215 {
1216 	struct sadb_msg *newmsg;
1217 	int len;
1218 	caddr_t p;
1219 	int plen;
1220 	caddr_t ep;
1221 
1222 	/* validity check */
1223 	if (src == NULL || dst == NULL) {
1224 		__ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
1225 		return -1;
1226 	}
1227 	if (src->sa_family != dst->sa_family) {
1228 		__ipsec_errcode = EIPSEC_FAMILY_MISMATCH;
1229 		return -1;
1230 	}
1231 	switch (src->sa_family) {
1232 	case AF_INET:
1233 		plen = sizeof(struct in_addr) << 3;
1234 		break;
1235 	case AF_INET6:
1236 		plen = sizeof(struct in6_addr) << 3;
1237 		break;
1238 	default:
1239 		__ipsec_errcode = EIPSEC_INVAL_FAMILY;
1240 		return -1;
1241 	}
1242 
1243 	/* create new sadb_msg to reply. */
1244 	len = sizeof(struct sadb_msg)
1245 		+ sizeof(struct sadb_sa)
1246 		+ sizeof(struct sadb_address)
1247 		+ PFKEY_ALIGN8(src->sa_len)
1248 		+ sizeof(struct sadb_address)
1249 		+ PFKEY_ALIGN8(dst->sa_len);
1250 
1251 	if ((newmsg = CALLOC(len, struct sadb_msg *)) == NULL) {
1252 		__ipsec_set_strerror(strerror(errno));
1253 		return -1;
1254 	}
1255 	ep = ((caddr_t)newmsg) + len;
1256 
1257 	p = pfkey_setsadbmsg((caddr_t)newmsg, ep, type, len, satype, 0,
1258 	    getpid());
1259 	if (!p) {
1260 		free(newmsg);
1261 		return -1;
1262 	}
1263 	p = pfkey_setsadbsa(p, ep, spi, 0, 0, 0, 0);
1264 	if (!p) {
1265 		free(newmsg);
1266 		return -1;
1267 	}
1268 	p = pfkey_setsadbaddr(p, ep, SADB_EXT_ADDRESS_SRC, src, plen,
1269 	    IPSEC_ULPROTO_ANY);
1270 	if (!p) {
1271 		free(newmsg);
1272 		return -1;
1273 	}
1274 	p = pfkey_setsadbaddr(p, ep, SADB_EXT_ADDRESS_DST, dst, plen,
1275 	    IPSEC_ULPROTO_ANY);
1276 	if (!p || p != ep) {
1277 		free(newmsg);
1278 		return -1;
1279 	}
1280 
1281 	/* send message */
1282 	len = pfkey_send(so, newmsg, len);
1283 	free(newmsg);
1284 
1285 	if (len < 0)
1286 		return -1;
1287 
1288 	__ipsec_errcode = EIPSEC_NO_ERROR;
1289 	return len;
1290 }
1291 
1292 /*
1293  * sending SADB_REGISTER, SADB_FLUSH, SADB_DUMP or SADB_X_PROMISC message
1294  * to the kernel
1295  */
1296 static int
1297 pfkey_send_x3(int so, u_int type, u_int satype)
1298 {
1299 	struct sadb_msg *newmsg;
1300 	int len;
1301 	caddr_t p;
1302 	caddr_t ep;
1303 
1304 	/* validity check */
1305 	switch (type) {
1306 	case SADB_X_PROMISC:
1307 		if (satype != 0 && satype != 1) {
1308 			__ipsec_errcode = EIPSEC_INVAL_SATYPE;
1309 			return -1;
1310 		}
1311 		break;
1312 	default:
1313 		switch (satype) {
1314 		case SADB_SATYPE_UNSPEC:
1315 		case SADB_SATYPE_AH:
1316 		case SADB_SATYPE_ESP:
1317 		case SADB_X_SATYPE_IPCOMP:
1318 		case SADB_X_SATYPE_TCPSIGNATURE:
1319 			break;
1320 		default:
1321 			__ipsec_errcode = EIPSEC_INVAL_SATYPE;
1322 			return -1;
1323 		}
1324 	}
1325 
1326 	/* create new sadb_msg to send. */
1327 	len = sizeof(struct sadb_msg);
1328 
1329 	if ((newmsg = CALLOC(len, struct sadb_msg *)) == NULL) {
1330 		__ipsec_set_strerror(strerror(errno));
1331 		return -1;
1332 	}
1333 	ep = ((caddr_t)newmsg) + len;
1334 
1335 	p = pfkey_setsadbmsg((caddr_t)newmsg, ep, type, len, satype, 0,
1336 	    getpid());
1337 	if (!p || p != ep) {
1338 		free(newmsg);
1339 		return -1;
1340 	}
1341 
1342 	/* send message */
1343 	len = pfkey_send(so, newmsg, len);
1344 	free(newmsg);
1345 
1346 	if (len < 0)
1347 		return -1;
1348 
1349 	__ipsec_errcode = EIPSEC_NO_ERROR;
1350 	return len;
1351 }
1352 
1353 /* sending SADB_X_SPDADD message to the kernel */
1354 static int
1355 pfkey_send_x4(int so, u_int type, struct sockaddr *src, u_int prefs,
1356     struct sockaddr *dst, u_int prefd, u_int proto, u_int64_t ltime,
1357     u_int64_t vtime, char *policy, int policylen, u_int32_t seq)
1358 {
1359 	struct sadb_msg *newmsg;
1360 	int len;
1361 	caddr_t p;
1362 	int plen;
1363 	caddr_t ep;
1364 
1365 	/* validity check */
1366 	if (src == NULL || dst == NULL) {
1367 		__ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
1368 		return -1;
1369 	}
1370 	if (src->sa_family != dst->sa_family) {
1371 		__ipsec_errcode = EIPSEC_FAMILY_MISMATCH;
1372 		return -1;
1373 	}
1374 
1375 	switch (src->sa_family) {
1376 	case AF_INET:
1377 		plen = sizeof(struct in_addr) << 3;
1378 		break;
1379 	case AF_INET6:
1380 		plen = sizeof(struct in6_addr) << 3;
1381 		break;
1382 	default:
1383 		__ipsec_errcode = EIPSEC_INVAL_FAMILY;
1384 		return -1;
1385 	}
1386 	if (prefs > plen || prefd > plen) {
1387 		__ipsec_errcode = EIPSEC_INVAL_PREFIXLEN;
1388 		return -1;
1389 	}
1390 
1391 	/* create new sadb_msg to reply. */
1392 	len = sizeof(struct sadb_msg)
1393 		+ sizeof(struct sadb_address)
1394 		+ PFKEY_ALIGN8(src->sa_len)
1395 		+ sizeof(struct sadb_address)
1396 		+ PFKEY_ALIGN8(src->sa_len)
1397 		+ sizeof(struct sadb_lifetime)
1398 		+ policylen;
1399 
1400 	if ((newmsg = CALLOC(len, struct sadb_msg *)) == NULL) {
1401 		__ipsec_set_strerror(strerror(errno));
1402 		return -1;
1403 	}
1404 	ep = ((caddr_t)newmsg) + len;
1405 
1406 	p = pfkey_setsadbmsg((caddr_t)newmsg, ep, type, len,
1407 	    SADB_SATYPE_UNSPEC, seq, getpid());
1408 	if (!p) {
1409 		free(newmsg);
1410 		return -1;
1411 	}
1412 	p = pfkey_setsadbaddr(p, ep, SADB_EXT_ADDRESS_SRC, src, prefs, proto);
1413 	if (!p) {
1414 		free(newmsg);
1415 		return -1;
1416 	}
1417 	p = pfkey_setsadbaddr(p, ep, SADB_EXT_ADDRESS_DST, dst, prefd, proto);
1418 	if (!p) {
1419 		free(newmsg);
1420 		return -1;
1421 	}
1422 	p = pfkey_setsadblifetime(p, ep, SADB_EXT_LIFETIME_HARD,
1423 			0, 0, ltime, vtime);
1424 	if (!p || p + policylen != ep) {
1425 		free(newmsg);
1426 		return -1;
1427 	}
1428 	memcpy(p, policy, policylen);
1429 
1430 	/* send message */
1431 	len = pfkey_send(so, newmsg, len);
1432 	free(newmsg);
1433 
1434 	if (len < 0)
1435 		return -1;
1436 
1437 	__ipsec_errcode = EIPSEC_NO_ERROR;
1438 	return len;
1439 }
1440 
1441 /* sending SADB_X_SPDGET or SADB_X_SPDDELETE message to the kernel */
1442 static int
1443 pfkey_send_x5(int so, u_int type, u_int32_t spid)
1444 {
1445 	struct sadb_msg *newmsg;
1446 	struct sadb_x_policy xpl;
1447 	int len;
1448 	caddr_t p;
1449 	caddr_t ep;
1450 
1451 	/* create new sadb_msg to reply. */
1452 	len = sizeof(struct sadb_msg)
1453 		+ sizeof(xpl);
1454 
1455 	if ((newmsg = CALLOC(len, struct sadb_msg *)) == NULL) {
1456 		__ipsec_set_strerror(strerror(errno));
1457 		return -1;
1458 	}
1459 	ep = ((caddr_t)newmsg) + len;
1460 
1461 	p = pfkey_setsadbmsg((caddr_t)newmsg, ep, type, len,
1462 	    SADB_SATYPE_UNSPEC, 0, getpid());
1463 	if (!p) {
1464 		free(newmsg);
1465 		return -1;
1466 	}
1467 
1468 	if (p + sizeof(xpl) != ep) {
1469 		free(newmsg);
1470 		return -1;
1471 	}
1472 	memset(&xpl, 0, sizeof(xpl));
1473 	xpl.sadb_x_policy_len = PFKEY_UNIT64(sizeof(xpl));
1474 	xpl.sadb_x_policy_exttype = SADB_X_EXT_POLICY;
1475 	xpl.sadb_x_policy_id = spid;
1476 	memcpy(p, &xpl, sizeof(xpl));
1477 
1478 	/* send message */
1479 	len = pfkey_send(so, newmsg, len);
1480 	free(newmsg);
1481 
1482 	if (len < 0)
1483 		return -1;
1484 
1485 	__ipsec_errcode = EIPSEC_NO_ERROR;
1486 	return len;
1487 }
1488 
1489 /*
1490  * open a socket.
1491  * OUT:
1492  *	-1: fail.
1493  *	others : success and return value of socket.
1494  */
1495 int
1496 pfkey_open(void)
1497 {
1498 	int so;
1499 	int bufsiz_current, bufsiz_wanted;
1500 	int ret;
1501 	socklen_t len;
1502 
1503 	if ((so = socket(PF_KEY, SOCK_RAW, PF_KEY_V2)) < 0) {
1504 		__ipsec_set_strerror(strerror(errno));
1505 		return -1;
1506 	}
1507 
1508 	/*
1509 	 * This is a temporary workaround for KAME PR 154.
1510 	 * Don't really care even if it fails.
1511 	 */
1512 	/* Try to have 128k. If we have more, do not lower it. */
1513 	bufsiz_wanted = 128 * 1024;
1514 	len = sizeof(bufsiz_current);
1515 	ret = getsockopt(so, SOL_SOCKET, SO_SNDBUF,
1516 		&bufsiz_current, &len);
1517 	if ((ret < 0) || (bufsiz_current < bufsiz_wanted))
1518 		(void)setsockopt(so, SOL_SOCKET, SO_SNDBUF,
1519 			&bufsiz_wanted, sizeof(bufsiz_wanted));
1520 
1521 	/* Try to have have at least 2MB. If we have more, do not lower it. */
1522 	bufsiz_wanted = 2 * 1024 * 1024;
1523 	len = sizeof(bufsiz_current);
1524 	ret = getsockopt(so, SOL_SOCKET, SO_RCVBUF,
1525 		&bufsiz_current, &len);
1526 	if (ret < 0)
1527 		bufsiz_current = 128 * 1024;
1528 
1529 	for (; bufsiz_wanted > bufsiz_current; bufsiz_wanted /= 2) {
1530 		if (setsockopt(so, SOL_SOCKET, SO_RCVBUF,
1531 				&bufsiz_wanted, sizeof(bufsiz_wanted)) == 0)
1532 			break;
1533 	}
1534 
1535 	__ipsec_errcode = EIPSEC_NO_ERROR;
1536 	return so;
1537 }
1538 
1539 /*
1540  * close a socket.
1541  * OUT:
1542  *	 0: success.
1543  *	-1: fail.
1544  */
1545 void
1546 pfkey_close(int so)
1547 {
1548 	(void)close(so);
1549 
1550 	__ipsec_errcode = EIPSEC_NO_ERROR;
1551 	return;
1552 }
1553 
1554 /*
1555  * receive sadb_msg data, and return pointer to new buffer allocated.
1556  * Must free this buffer later.
1557  * OUT:
1558  *	NULL	: error occurred.
1559  *	others	: a pointer to sadb_msg structure.
1560  *
1561  * XXX should be rewritten to pass length explicitly
1562  */
1563 struct sadb_msg *
1564 pfkey_recv(int so)
1565 {
1566 	struct sadb_msg buf, *newmsg;
1567 	int len, reallen;
1568 
1569 	while ((len = recv(so, (caddr_t)&buf, sizeof(buf), MSG_PEEK)) < 0) {
1570 		if (errno == EINTR)
1571 			continue;
1572 		__ipsec_set_strerror(strerror(errno));
1573 		return NULL;
1574 	}
1575 
1576 	if (len < sizeof(buf)) {
1577 		recv(so, (caddr_t)&buf, sizeof(buf), 0);
1578 		__ipsec_errcode = EIPSEC_MAX;
1579 		return NULL;
1580 	}
1581 
1582 	/* read real message */
1583 	reallen = PFKEY_UNUNIT64(buf.sadb_msg_len);
1584 	if ((newmsg = CALLOC(reallen, struct sadb_msg *)) == NULL) {
1585 		__ipsec_set_strerror(strerror(errno));
1586 		return NULL;
1587 	}
1588 
1589 	while ((len = recv(so, (caddr_t)newmsg, reallen, 0)) < 0) {
1590 		if (errno == EINTR)
1591 			continue;
1592 		__ipsec_set_strerror(strerror(errno));
1593 		free(newmsg);
1594 		return NULL;
1595 	}
1596 
1597 	if (len != reallen) {
1598 		__ipsec_errcode = EIPSEC_SYSTEM_ERROR;
1599 		free(newmsg);
1600 		return NULL;
1601 	}
1602 
1603 	/* don't trust what the kernel says, validate! */
1604 	if (PFKEY_UNUNIT64(newmsg->sadb_msg_len) != len) {
1605 		__ipsec_errcode = EIPSEC_SYSTEM_ERROR;
1606 		free(newmsg);
1607 		return NULL;
1608 	}
1609 
1610 	__ipsec_errcode = EIPSEC_NO_ERROR;
1611 	return newmsg;
1612 }
1613 
1614 /*
1615  * send message to a socket.
1616  * OUT:
1617  *	 others: success and return length sent.
1618  *	-1     : fail.
1619  */
1620 int
1621 pfkey_send(int so, struct sadb_msg *msg, int len)
1622 {
1623 	if ((len = send(so, (caddr_t)msg, len, 0)) < 0) {
1624 		__ipsec_set_strerror(strerror(errno));
1625 		return -1;
1626 	}
1627 
1628 	__ipsec_errcode = EIPSEC_NO_ERROR;
1629 	return len;
1630 }
1631 
1632 /*
1633  * %%% Utilities
1634  * NOTE: These functions are derived from netkey/key.c in KAME.
1635  */
1636 /*
1637  * set the pointer to each header in this message buffer.
1638  * IN:	msg: pointer to message buffer.
1639  *	mhp: pointer to the buffer initialized like below:
1640  *		caddr_t mhp[SADB_EXT_MAX + 1];
1641  * OUT:	-1: invalid.
1642  *	 0: valid.
1643  *
1644  * XXX should be rewritten to obtain length explicitly
1645  */
1646 int
1647 pfkey_align(struct sadb_msg *msg, caddr_t *mhp)
1648 {
1649 	struct sadb_ext *ext;
1650 	int i;
1651 	caddr_t p;
1652 	caddr_t ep;	/* XXX should be passed from upper layer */
1653 
1654 	/* validity check */
1655 	if (msg == NULL || mhp == NULL) {
1656 		__ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
1657 		return -1;
1658 	}
1659 
1660 	/* initialize */
1661 	for (i = 0; i < SADB_EXT_MAX + 1; i++)
1662 		mhp[i] = NULL;
1663 
1664 	mhp[0] = (caddr_t)msg;
1665 
1666 	/* initialize */
1667 	p = (caddr_t) msg;
1668 	ep = p + PFKEY_UNUNIT64(msg->sadb_msg_len);
1669 
1670 	/* skip base header */
1671 	p += sizeof(struct sadb_msg);
1672 
1673 	while (p < ep) {
1674 		ext = (struct sadb_ext *)p;
1675 		if (ep < p + sizeof(*ext) || PFKEY_EXTLEN(ext) < sizeof(*ext) ||
1676 		    ep < p + PFKEY_EXTLEN(ext)) {
1677 			/* invalid format */
1678 			break;
1679 		}
1680 
1681 		/* duplicate check */
1682 		/* XXX Are there duplication either KEY_AUTH or KEY_ENCRYPT ?*/
1683 		if (mhp[ext->sadb_ext_type] != NULL) {
1684 			__ipsec_errcode = EIPSEC_INVAL_EXTTYPE;
1685 			return -1;
1686 		}
1687 
1688 		/* set pointer */
1689 		switch (ext->sadb_ext_type) {
1690 		case SADB_EXT_SA:
1691 		case SADB_EXT_LIFETIME_CURRENT:
1692 		case SADB_EXT_LIFETIME_HARD:
1693 		case SADB_EXT_LIFETIME_SOFT:
1694 		case SADB_EXT_ADDRESS_SRC:
1695 		case SADB_EXT_ADDRESS_DST:
1696 		case SADB_EXT_ADDRESS_PROXY:
1697 		case SADB_EXT_KEY_AUTH:
1698 			/* XXX should to be check weak keys. */
1699 		case SADB_EXT_KEY_ENCRYPT:
1700 			/* XXX should to be check weak keys. */
1701 		case SADB_EXT_IDENTITY_SRC:
1702 		case SADB_EXT_IDENTITY_DST:
1703 		case SADB_EXT_SENSITIVITY:
1704 		case SADB_EXT_PROPOSAL:
1705 		case SADB_EXT_SUPPORTED_AUTH:
1706 		case SADB_EXT_SUPPORTED_ENCRYPT:
1707 		case SADB_EXT_SPIRANGE:
1708 		case SADB_X_EXT_POLICY:
1709 		case SADB_X_EXT_SA2:
1710 		case SADB_X_EXT_NAT_T_TYPE:
1711 		case SADB_X_EXT_NAT_T_SPORT:
1712 		case SADB_X_EXT_NAT_T_DPORT:
1713 		case SADB_X_EXT_NAT_T_OAI:
1714 		case SADB_X_EXT_NAT_T_OAR:
1715 		case SADB_X_EXT_NAT_T_FRAG:
1716 		case SADB_X_EXT_SA_REPLAY:
1717 		case SADB_X_EXT_NEW_ADDRESS_SRC:
1718 		case SADB_X_EXT_NEW_ADDRESS_DST:
1719 			mhp[ext->sadb_ext_type] = (caddr_t)ext;
1720 			break;
1721 		default:
1722 			__ipsec_errcode = EIPSEC_INVAL_EXTTYPE;
1723 			return -1;
1724 		}
1725 
1726 		p += PFKEY_EXTLEN(ext);
1727 	}
1728 
1729 	if (p != ep) {
1730 		__ipsec_errcode = EIPSEC_INVAL_SADBMSG;
1731 		return -1;
1732 	}
1733 
1734 	__ipsec_errcode = EIPSEC_NO_ERROR;
1735 	return 0;
1736 }
1737 
1738 /*
1739  * check basic usage for sadb_msg,
1740  * NOTE: This routine is derived from netkey/key.c in KAME.
1741  * IN:	msg: pointer to message buffer.
1742  *	mhp: pointer to the buffer initialized like below:
1743  *
1744  *		caddr_t mhp[SADB_EXT_MAX + 1];
1745  *
1746  * OUT:	-1: invalid.
1747  *	 0: valid.
1748  */
1749 int
1750 pfkey_check(caddr_t *mhp)
1751 {
1752 	struct sadb_msg *msg;
1753 
1754 	/* validity check */
1755 	if (mhp == NULL || mhp[0] == NULL) {
1756 		__ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
1757 		return -1;
1758 	}
1759 
1760 	msg = (struct sadb_msg *)mhp[0];
1761 
1762 	/* check version */
1763 	if (msg->sadb_msg_version != PF_KEY_V2) {
1764 		__ipsec_errcode = EIPSEC_INVAL_VERSION;
1765 		return -1;
1766 	}
1767 
1768 	/* check type */
1769 	if (msg->sadb_msg_type > SADB_MAX) {
1770 		__ipsec_errcode = EIPSEC_INVAL_MSGTYPE;
1771 		return -1;
1772 	}
1773 
1774 	/* check SA type */
1775 	switch (msg->sadb_msg_satype) {
1776 	case SADB_SATYPE_UNSPEC:
1777 		switch (msg->sadb_msg_type) {
1778 		case SADB_GETSPI:
1779 		case SADB_UPDATE:
1780 		case SADB_ADD:
1781 		case SADB_DELETE:
1782 		case SADB_GET:
1783 		case SADB_ACQUIRE:
1784 		case SADB_EXPIRE:
1785 			__ipsec_errcode = EIPSEC_INVAL_SATYPE;
1786 			return -1;
1787 		}
1788 		break;
1789 	case SADB_SATYPE_ESP:
1790 	case SADB_SATYPE_AH:
1791 	case SADB_X_SATYPE_IPCOMP:
1792 	case SADB_X_SATYPE_TCPSIGNATURE:
1793 		switch (msg->sadb_msg_type) {
1794 		case SADB_X_SPDADD:
1795 		case SADB_X_SPDDELETE:
1796 		case SADB_X_SPDGET:
1797 		case SADB_X_SPDDUMP:
1798 		case SADB_X_SPDFLUSH:
1799 			__ipsec_errcode = EIPSEC_INVAL_SATYPE;
1800 			return -1;
1801 		}
1802 		break;
1803 	case SADB_SATYPE_RSVP:
1804 	case SADB_SATYPE_OSPFV2:
1805 	case SADB_SATYPE_RIPV2:
1806 	case SADB_SATYPE_MIP:
1807 		__ipsec_errcode = EIPSEC_NOT_SUPPORTED;
1808 		return -1;
1809 	case 1:	/* XXX: What does it do ? */
1810 		if (msg->sadb_msg_type == SADB_X_PROMISC)
1811 			break;
1812 		/*FALLTHROUGH*/
1813 	default:
1814 		__ipsec_errcode = EIPSEC_INVAL_SATYPE;
1815 		return -1;
1816 	}
1817 
1818 	/* check field of upper layer protocol and address family */
1819 	if (mhp[SADB_EXT_ADDRESS_SRC] != NULL
1820 	 && mhp[SADB_EXT_ADDRESS_DST] != NULL) {
1821 		struct sadb_address *src0, *dst0;
1822 
1823 		src0 = (struct sadb_address *)(mhp[SADB_EXT_ADDRESS_SRC]);
1824 		dst0 = (struct sadb_address *)(mhp[SADB_EXT_ADDRESS_DST]);
1825 
1826 		if (src0->sadb_address_proto != dst0->sadb_address_proto) {
1827 			__ipsec_errcode = EIPSEC_PROTO_MISMATCH;
1828 			return -1;
1829 		}
1830 
1831 		if (PFKEY_ADDR_SADDR(src0)->sa_family
1832 		 != PFKEY_ADDR_SADDR(dst0)->sa_family) {
1833 			__ipsec_errcode = EIPSEC_FAMILY_MISMATCH;
1834 			return -1;
1835 		}
1836 
1837 		switch (PFKEY_ADDR_SADDR(src0)->sa_family) {
1838 		case AF_INET:
1839 		case AF_INET6:
1840 			break;
1841 		default:
1842 			__ipsec_errcode = EIPSEC_INVAL_FAMILY;
1843 			return -1;
1844 		}
1845 
1846 		/*
1847 		 * prefixlen == 0 is valid because there must be the case
1848 		 * all addresses are matched.
1849 		 */
1850 	}
1851 
1852 	__ipsec_errcode = EIPSEC_NO_ERROR;
1853 	return 0;
1854 }
1855 
1856 /*
1857  * set data into sadb_msg.
1858  * `buf' must has been allocated sufficiently.
1859  */
1860 static caddr_t
1861 pfkey_setsadbmsg(caddr_t buf, caddr_t lim, u_int type, u_int tlen,
1862     u_int satype, u_int32_t seq, pid_t pid)
1863 {
1864 	struct sadb_msg *p;
1865 	u_int len;
1866 
1867 	p = (struct sadb_msg *)buf;
1868 	len = sizeof(struct sadb_msg);
1869 
1870 	if (buf + len > lim)
1871 		return NULL;
1872 
1873 	memset(p, 0, len);
1874 	p->sadb_msg_version = PF_KEY_V2;
1875 	p->sadb_msg_type = type;
1876 	p->sadb_msg_errno = 0;
1877 	p->sadb_msg_satype = satype;
1878 	p->sadb_msg_len = PFKEY_UNIT64(tlen);
1879 	p->sadb_msg_reserved = 0;
1880 	p->sadb_msg_seq = seq;
1881 	p->sadb_msg_pid = (u_int32_t)pid;
1882 
1883 	return(buf + len);
1884 }
1885 
1886 /*
1887  * copy secasvar data into sadb_address.
1888  * `buf' must has been allocated sufficiently.
1889  */
1890 static caddr_t
1891 pfkey_setsadbsa(caddr_t buf, caddr_t lim, u_int32_t spi, u_int wsize,
1892     u_int auth, u_int enc, u_int32_t flags)
1893 {
1894 	struct sadb_sa *p;
1895 	u_int len;
1896 
1897 	p = (struct sadb_sa *)buf;
1898 	len = sizeof(struct sadb_sa);
1899 
1900 	if (buf + len > lim)
1901 		return NULL;
1902 
1903 	memset(p, 0, len);
1904 	p->sadb_sa_len = PFKEY_UNIT64(len);
1905 	p->sadb_sa_exttype = SADB_EXT_SA;
1906 	p->sadb_sa_spi = spi;
1907 	p->sadb_sa_replay = wsize > UINT8_MAX ? UINT8_MAX: wsize;
1908 	p->sadb_sa_state = SADB_SASTATE_LARVAL;
1909 	p->sadb_sa_auth = auth;
1910 	p->sadb_sa_encrypt = enc;
1911 	p->sadb_sa_flags = flags;
1912 
1913 	return(buf + len);
1914 }
1915 
1916 /*
1917  * Set data into sadb_x_sa_replay.
1918  * `buf' must has been allocated sufficiently.
1919  */
1920 static caddr_t
1921 pfkey_setsadbxreplay(caddr_t buf, caddr_t lim, uint32_t wsize)
1922 {
1923 	struct sadb_x_sa_replay *p;
1924 	u_int len;
1925 
1926 	p = (struct sadb_x_sa_replay *)buf;
1927 	len = sizeof(struct sadb_x_sa_replay);
1928 
1929 	if (buf + len > lim)
1930 		return (NULL);
1931 
1932 	memset(p, 0, len);
1933 	p->sadb_x_sa_replay_len = PFKEY_UNIT64(len);
1934 	p->sadb_x_sa_replay_exttype = SADB_X_EXT_SA_REPLAY;
1935 	/* Convert wsize from bytes to number of packets. */
1936 	p->sadb_x_sa_replay_replay = wsize << 3;
1937 
1938 	return (buf + len);
1939 }
1940 
1941 /*
1942  * set data into sadb_address.
1943  * `buf' must has been allocated sufficiently.
1944  * prefixlen is in bits.
1945  */
1946 static caddr_t
1947 pfkey_setsadbaddr(caddr_t buf, caddr_t lim, u_int exttype,
1948     struct sockaddr *saddr, u_int prefixlen, u_int ul_proto)
1949 {
1950 	struct sadb_address *p;
1951 	u_int len;
1952 
1953 	p = (struct sadb_address *)buf;
1954 	len = sizeof(struct sadb_address) + PFKEY_ALIGN8(saddr->sa_len);
1955 
1956 	if (buf + len > lim)
1957 		return NULL;
1958 
1959 	memset(p, 0, len);
1960 	p->sadb_address_len = PFKEY_UNIT64(len);
1961 	p->sadb_address_exttype = exttype & 0xffff;
1962 	p->sadb_address_proto = ul_proto & 0xff;
1963 	p->sadb_address_prefixlen = prefixlen;
1964 	p->sadb_address_reserved = 0;
1965 
1966 	memcpy(p + 1, saddr, saddr->sa_len);
1967 
1968 	return(buf + len);
1969 }
1970 
1971 /*
1972  * set sadb_key structure after clearing buffer with zero.
1973  * OUT: the pointer of buf + len.
1974  */
1975 static caddr_t
1976 pfkey_setsadbkey(caddr_t buf, caddr_t lim, u_int type, caddr_t key, u_int keylen)
1977 {
1978 	struct sadb_key *p;
1979 	u_int len;
1980 
1981 	p = (struct sadb_key *)buf;
1982 	len = sizeof(struct sadb_key) + PFKEY_ALIGN8(keylen);
1983 
1984 	if (buf + len > lim)
1985 		return NULL;
1986 
1987 	memset(p, 0, len);
1988 	p->sadb_key_len = PFKEY_UNIT64(len);
1989 	p->sadb_key_exttype = type;
1990 	p->sadb_key_bits = keylen << 3;
1991 	p->sadb_key_reserved = 0;
1992 
1993 	memcpy(p + 1, key, keylen);
1994 
1995 	return buf + len;
1996 }
1997 
1998 /*
1999  * set sadb_lifetime structure after clearing buffer with zero.
2000  * OUT: the pointer of buf + len.
2001  */
2002 static caddr_t
2003 pfkey_setsadblifetime(caddr_t buf, caddr_t lim, u_int type, u_int32_t l_alloc,
2004     u_int32_t l_bytes, u_int32_t l_addtime, u_int32_t l_usetime)
2005 {
2006 	struct sadb_lifetime *p;
2007 	u_int len;
2008 
2009 	p = (struct sadb_lifetime *)buf;
2010 	len = sizeof(struct sadb_lifetime);
2011 
2012 	if (buf + len > lim)
2013 		return NULL;
2014 
2015 	memset(p, 0, len);
2016 	p->sadb_lifetime_len = PFKEY_UNIT64(len);
2017 	p->sadb_lifetime_exttype = type;
2018 
2019 	switch (type) {
2020 	case SADB_EXT_LIFETIME_SOFT:
2021 		p->sadb_lifetime_allocations
2022 			= (l_alloc * soft_lifetime_allocations_rate) /100;
2023 		p->sadb_lifetime_bytes
2024 			= (l_bytes * soft_lifetime_bytes_rate) /100;
2025 		p->sadb_lifetime_addtime
2026 			= (l_addtime * soft_lifetime_addtime_rate) /100;
2027 		p->sadb_lifetime_usetime
2028 			= (l_usetime * soft_lifetime_usetime_rate) /100;
2029 		break;
2030 	case SADB_EXT_LIFETIME_HARD:
2031 		p->sadb_lifetime_allocations = l_alloc;
2032 		p->sadb_lifetime_bytes = l_bytes;
2033 		p->sadb_lifetime_addtime = l_addtime;
2034 		p->sadb_lifetime_usetime = l_usetime;
2035 		break;
2036 	}
2037 
2038 	return buf + len;
2039 }
2040 
2041 /*
2042  * copy secasvar data into sadb_address.
2043  * `buf' must has been allocated sufficiently.
2044  */
2045 static caddr_t
2046 pfkey_setsadbxsa2(caddr_t buf, caddr_t lim, u_int32_t mode0, u_int32_t reqid)
2047 {
2048 	struct sadb_x_sa2 *p;
2049 	u_int8_t mode = mode0 & 0xff;
2050 	u_int len;
2051 
2052 	p = (struct sadb_x_sa2 *)buf;
2053 	len = sizeof(struct sadb_x_sa2);
2054 
2055 	if (buf + len > lim)
2056 		return NULL;
2057 
2058 	memset(p, 0, len);
2059 	p->sadb_x_sa2_len = PFKEY_UNIT64(len);
2060 	p->sadb_x_sa2_exttype = SADB_X_EXT_SA2;
2061 	p->sadb_x_sa2_mode = mode;
2062 	p->sadb_x_sa2_reqid = reqid;
2063 
2064 	return(buf + len);
2065 }
2066