1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71
|
#include <syslog.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include "peers.h"
struct sa_desc *local_sa_list = NULL;
struct sa_desc *remote_sa_list = NULL;
struct peer_desc peers[MAX_PEERS];
unsigned short peer_num = 0;
#define encap_hmac_cmp(e,s,hm,se,ss) \
((e)->hmac_compute((e),0,(s),(hm),(se),(ss)))
/*
* Find the peer record associated with a given local SPI.
*/
struct peer_desc *peer_find(unsigned long spi, struct encap_method *encap)
{
unsigned short i;
for (i = 0; i < peer_num; i++) {
if (peers[i].local_sa->spi == spi
&& peers[i].local_sa->em == encap)
return peers+i;
}
syslog (LOG_ALERT, "unknown spi %ld", spi);
return NULL;
}
int encap_hmac_recv_peer(struct encap_method *encap,
struct in_addr *src_ip,
struct peer_desc *peer)
{
if (encap_hmac_cmp(encap, src_ip,
peer->local_sa->hm,
peer->local_sa->auth_secret,
peer->local_sa->auth_secret_size) != 0) {
syslog (LOG_ERR, "HMAC mismatch from %s",
inet_ntoa(*src_ip));
return -1;
}
return 0;
}
/*
* Find the SA record for a given local SPI.
*/
struct sa_desc *find_local_sa(unsigned long spi, struct encap_method *encap)
{
struct sa_desc *sap;
for (sap = local_sa_list; sap; sap = sap->next)
if (sap->spi == spi && (encap == NULL || sap->em == encap))
return sap;
syslog (LOG_ALERT, "unknown local SPI %ld", spi);
return NULL;
}
/*
* Find the SA record for a given remote SPI.
*/
struct sa_desc *find_remote_sa(unsigned long spi, struct encap_method *encap)
{
struct sa_desc *sap;
for (sap = remote_sa_list; sap; sap = sap->next)
if (sap->spi == spi && (encap == NULL || sap->em == encap))
return sap;
syslog (LOG_ALERT, "unknown remote SPI %ld", spi);
return NULL;
}
|