Browse code

ims_ipsec_pcscf: clang-format for coherent indentation and coding style

Daniel-Constantin Mierla authored on 30/05/2022 10:58:18
Showing 1 changed files
... ...
@@ -50,1072 +50,1149 @@ extern ip_addr_t ipsec_listen_ip_addr;
50 50
 extern ip_addr_t ipsec_listen_ip_addr6;
51 51
 extern int xfrm_user_selector;
52 52
 
53
-struct xfrm_buffer {
54
-    char buf[NLMSG_DELETEALL_BUF_SIZE];
55
-    int offset;
53
+struct xfrm_buffer
54
+{
55
+	char buf[NLMSG_DELETEALL_BUF_SIZE];
56
+	int offset;
56 57
 };
57 58
 
58
-struct del_tunnels {
59
-    void *contacts;
60
-    struct xfrm_buffer delmsg_buf;
59
+struct del_tunnels
60
+{
61
+	void *contacts;
62
+	struct xfrm_buffer delmsg_buf;
61 63
 };
62 64
 
63 65
 //
64 66
 // This file contains all Linux specific IPSec code.
65 67
 //
66 68
 
67
-struct mnl_socket* init_mnl_socket()
69
+struct mnl_socket *init_mnl_socket()
68 70
 {
69
-    struct mnl_socket*  mnl_socket = mnl_socket_open(NETLINK_XFRM);
70
-    if(NULL == mnl_socket) {
71
-        LM_ERR("Error opening a MNL socket\n");
72
-        return NULL;
73
-    }
74
-
75
-    if(mnl_socket_bind(mnl_socket, 0, MNL_SOCKET_AUTOPID) < 0) {
76
-        LM_ERR("Error binding a MNL socket\n");
77
-        close_mnl_socket(mnl_socket);
78
-        return NULL;
79
-    }
80
-
81
-    return mnl_socket;
71
+	struct mnl_socket *mnl_socket = mnl_socket_open(NETLINK_XFRM);
72
+	if(NULL == mnl_socket) {
73
+		LM_ERR("Error opening a MNL socket\n");
74
+		return NULL;
75
+	}
76
+
77
+	if(mnl_socket_bind(mnl_socket, 0, MNL_SOCKET_AUTOPID) < 0) {
78
+		LM_ERR("Error binding a MNL socket\n");
79
+		close_mnl_socket(mnl_socket);
80
+		return NULL;
81
+	}
82
+
83
+	return mnl_socket;
82 84
 }
83 85
 
84
-void close_mnl_socket(struct mnl_socket* sock)
86
+void close_mnl_socket(struct mnl_socket *sock)
85 87
 {
86
-    if(mnl_socket_close(sock) != 0) {
87
-        LM_WARN("Error closing netlink socket\n");
88
-    }
88
+	if(mnl_socket_close(sock) != 0) {
89
+		LM_WARN("Error closing netlink socket\n");
90
+	}
89 91
 }
90 92
 
91
-static void string_to_key(char* dst, const str key_string)
93
+static void string_to_key(char *dst, const str key_string)
92 94
 {
93
-    int i = 0;
94
-    char *pos = key_string.s;
95
+	int i = 0;
96
+	char *pos = key_string.s;
95 97
 
96
-    for (i = 0; i < key_string.len/2; i++) {
97
-        sscanf(pos, "%2hhx", &dst[i]);
98
-        pos += 2;
99
-    }
98
+	for(i = 0; i < key_string.len / 2; i++) {
99
+		sscanf(pos, "%2hhx", &dst[i]);
100
+		pos += 2;
101
+	}
100 102
 }
101 103
 
102
-static uint choose_nlmsg_seq (void)
104
+static uint choose_nlmsg_seq(void)
103 105
 {
104
-    static double Tini=0;
105
-    struct timespec ts;
106
-    ksr_clock_gettime(&ts);
107
-    return(1000*(ts.tv_sec - Tini + (ts.tv_nsec * 1E-9))); // us
106
+	static double Tini = 0;
107
+	struct timespec ts;
108
+	ksr_clock_gettime(&ts);
109
+	return (1000 * (ts.tv_sec - Tini + (ts.tv_nsec * 1E-9))); // us
108 110
 }
109 111
 
110
-int add_sa(struct mnl_socket* nl_sock, const struct ip_addr *src_addr_param, const struct ip_addr *dest_addr_param, int s_port, int d_port, int long id, str ck, str ik, str r_alg, str r_ealg)
112
+int add_sa(struct mnl_socket *nl_sock, const struct ip_addr *src_addr_param,
113
+		const struct ip_addr *dest_addr_param, int s_port, int d_port,
114
+		int long id, str ck, str ik, str r_alg, str r_ealg)
111 115
 {
112
-    char l_msg_buf[MNL_SOCKET_BUFFER_SIZE];
113
-    char l_auth_algo_buf[XFRM_TMPLS_BUF_SIZE];
114
-    char l_enc_algo_buf[XFRM_TMPLS_BUF_SIZE];
115
-    struct nlmsghdr* l_nlh = NULL;
116
-    struct xfrm_usersa_info* l_xsainfo = NULL;
117
-
118
-    struct xfrm_algo* l_auth_algo = NULL;
119
-    struct xfrm_algo* l_enc_algo  = NULL;
120
-
121
-
122
-    memset(l_msg_buf, 0, sizeof(l_msg_buf));
123
-    memset(l_auth_algo_buf, 0, sizeof(l_auth_algo_buf));
124
-    memset(l_enc_algo_buf, 0, sizeof(l_enc_algo_buf));
125
-
126
-    // nlmsghdr initialization
127
-    l_nlh = mnl_nlmsg_put_header(l_msg_buf);
128
-    l_nlh->nlmsg_flags = NLM_F_REQUEST | NLM_F_CREATE | NLM_F_EXCL;
129
-    l_nlh->nlmsg_type = XFRM_MSG_NEWSA;
130
-    l_nlh->nlmsg_seq = choose_nlmsg_seq();
131
-    l_nlh->nlmsg_pid = id;
132
-
133
-    // add Security association
134
-    l_xsainfo = (struct xfrm_usersa_info*)mnl_nlmsg_put_extra_header(l_nlh, sizeof(struct xfrm_usersa_info));
135
-    l_xsainfo->sel.family       = dest_addr_param->af;
136
-    if(dest_addr_param->af == AF_INET6) {
137
-        memcpy(l_xsainfo->sel.daddr.a6, dest_addr_param->u.addr32, sizeof(l_xsainfo->sel.daddr.a6));
138
-        memcpy(l_xsainfo->sel.saddr.a6, src_addr_param->u.addr32, sizeof(l_xsainfo->sel.saddr.a6));
139
-        l_xsainfo->sel.prefixlen_d  = 128;
140
-        l_xsainfo->sel.prefixlen_s  = 128;
141
-    }
142
-    else {
143
-        l_xsainfo->sel.daddr.a4     = dest_addr_param->u.addr32[0];
144
-        l_xsainfo->sel.saddr.a4     = src_addr_param->u.addr32[0];
145
-        l_xsainfo->sel.prefixlen_d  = 32;
146
-        l_xsainfo->sel.prefixlen_s  = 32;
147
-    }
148
-    l_xsainfo->sel.dport        = htons(d_port);
149
-    l_xsainfo->sel.dport_mask   = 0xFFFF;
150
-    l_xsainfo->sel.sport        = htons(s_port);
151
-    l_xsainfo->sel.sport_mask   = 0xFFFF;
152
-    l_xsainfo->sel.user         = htonl(xfrm_user_selector);
153
-
154
-    if(dest_addr_param->af == AF_INET6) {
155
-        memcpy(l_xsainfo->id.daddr.a6, dest_addr_param->u.addr32, sizeof(l_xsainfo->id.daddr.a6));
156
-        memcpy(l_xsainfo->saddr.a6, src_addr_param->u.addr32, sizeof(l_xsainfo->saddr.a6));
157
-    }
158
-    else {
159
-        l_xsainfo->id.daddr.a4      = dest_addr_param->u.addr32[0];
160
-        l_xsainfo->saddr.a4         = src_addr_param->u.addr32[0];
161
-    }
162
-    l_xsainfo->id.spi           = htonl(id);
163
-    l_xsainfo->id.proto         = IPPROTO_ESP;
164
-
165
-    l_xsainfo->lft.soft_byte_limit      = XFRM_INF;
166
-    l_xsainfo->lft.hard_byte_limit      = XFRM_INF;
167
-    l_xsainfo->lft.soft_packet_limit    = XFRM_INF;
168
-    l_xsainfo->lft.hard_packet_limit    = XFRM_INF;
169
-    l_xsainfo->reqid                    = id;
170
-    l_xsainfo->family                   = dest_addr_param->af;
171
-    l_xsainfo->mode                     = XFRM_MODE_TRANSPORT;
172
-    l_xsainfo->replay_window            = 32;
173
-
174
-    // Add authentication algorithm for this SA
175
-    // 3GPP TS 33.203 Annex I
176
-    // NOTE: hmac-md5-96 and des-ede3-cbc has been deprecated in Rel12+
177
-
178
-    // The cast below is performed because alg_key from struct xfrm_algo is char[0]
179
-    // The point is to provide a continuous chunk of memory with the key in it
180
-    l_auth_algo = (struct xfrm_algo *)l_auth_algo_buf;
181
-
182
-    // Set the proper algorithm by r_alg str
183
-    if(strncasecmp(r_alg.s, "hmac-md5-96", r_alg.len) == 0) {
184
-        strcpy(l_auth_algo->alg_name,"md5");
185
-        l_auth_algo->alg_key_len = ik.len * 4;
186
-        string_to_key(l_auth_algo->alg_key, ik);
187
-    } else if(strncasecmp(r_alg.s, "hmac-sha-1-96", r_alg.len) == 0) {
188
-        strcpy(l_auth_algo->alg_name,"sha1");
189
-        str ik1;
190
-        ik1.len = ik.len+8;
191
-        ik1.s = pkg_malloc (ik1.len+1);
192
-        if (ik1.s == NULL) {
193
-            LM_ERR("Error allocating memory\n");
194
-            return -1;
195
-        }
196
-        memcpy (ik1.s,ik.s,ik.len);
197
-        ik1.s[ik.len]=0;
198
-        strcat (ik1.s,"00000000");
199
-        l_auth_algo->alg_key_len = ik1.len * 4;
200
-        string_to_key(l_auth_algo->alg_key, ik1);
201
-        pkg_free(ik1.s);
202
-    } else {
203
-        LM_DBG("Creating security associations: UNKNOW Auth Algorithm\n");
204
-        return -1;
205
-    }
206
-
207
-    mnl_attr_put(l_nlh, XFRMA_ALG_AUTH, sizeof(struct xfrm_algo) + l_auth_algo->alg_key_len, l_auth_algo);
208
-
209
-    // add encription algorithm for this SA
210
-    l_enc_algo = (struct xfrm_algo *)l_enc_algo_buf;
211
-    // cipher_null, des,  des3_ede, aes
212
-    if (strncasecmp(r_ealg.s,"aes-cbc",r_ealg.len) == 0) {
213
-        strcpy(l_enc_algo->alg_name,"aes");
214
-        l_enc_algo->alg_key_len = ck.len * 4;
215
-        string_to_key(l_enc_algo->alg_key, ck);
216
-    } else if (strncasecmp(r_ealg.s,"des-ede3-cbc",r_ealg.len) == 0) {
217
-        strcpy(l_enc_algo->alg_name,"des3_ede");
218
-        str ck1;
219
-        ck1.len = ck.len+ck.len/2;
220
-        ck1.s = pkg_malloc (ck1.len+1);
221
-        if (ck1.s == NULL) {
222
-            LM_ERR("Error allocating memory\n");
223
-            return -1;
224
-        }
225
-        memcpy (ck1.s,ck.s,ck.len);
226
-        memcpy (ck1.s+ck.len,ck.s,ck.len/2);
227
-        l_enc_algo->alg_key_len = ck1.len * 4;
228
-        string_to_key(l_enc_algo->alg_key, ck1);
229
-        pkg_free(ck1.s);
230
-    } else if (strncasecmp(r_ealg.s,"null",r_ealg.len) == 0) {
231
-        strcpy(l_enc_algo->alg_name,"cipher_null");
232
-        l_enc_algo->alg_key_len = 0;
233
-    } else {
234
-        LM_DBG("Creating security associations: UNKNOW Enc Algorithm\n");
235
-        return -1;
236
-    }
237
-
238
-    mnl_attr_put(l_nlh, XFRMA_ALG_CRYPT, sizeof(struct xfrm_algo) + l_enc_algo->alg_key_len, l_enc_algo);
239
-
240
-    // send it to Netlink socket
241
-    if(mnl_socket_sendto(nl_sock, l_nlh, l_nlh->nlmsg_len) < 0)
242
-    {
243
-        LM_ERR("Failed to send Netlink message for SA creation, error: %s\n", strerror(errno));
244
-        return -3;
245
-    }
246
-
247
-    return 0;
116
+	char l_msg_buf[MNL_SOCKET_BUFFER_SIZE];
117
+	char l_auth_algo_buf[XFRM_TMPLS_BUF_SIZE];
118
+	char l_enc_algo_buf[XFRM_TMPLS_BUF_SIZE];
119
+	struct nlmsghdr *l_nlh = NULL;
120
+	struct xfrm_usersa_info *l_xsainfo = NULL;
121
+
122
+	struct xfrm_algo *l_auth_algo = NULL;
123
+	struct xfrm_algo *l_enc_algo = NULL;
124
+
125
+
126
+	memset(l_msg_buf, 0, sizeof(l_msg_buf));
127
+	memset(l_auth_algo_buf, 0, sizeof(l_auth_algo_buf));
128
+	memset(l_enc_algo_buf, 0, sizeof(l_enc_algo_buf));
129
+
130
+	// nlmsghdr initialization
131
+	l_nlh = mnl_nlmsg_put_header(l_msg_buf);
132
+	l_nlh->nlmsg_flags = NLM_F_REQUEST | NLM_F_CREATE | NLM_F_EXCL;
133
+	l_nlh->nlmsg_type = XFRM_MSG_NEWSA;
134
+	l_nlh->nlmsg_seq = choose_nlmsg_seq();
135
+	l_nlh->nlmsg_pid = id;
136
+
137
+	// add Security association
138
+	l_xsainfo = (struct xfrm_usersa_info *)mnl_nlmsg_put_extra_header(
139
+			l_nlh, sizeof(struct xfrm_usersa_info));
140
+	l_xsainfo->sel.family = dest_addr_param->af;
141
+	if(dest_addr_param->af == AF_INET6) {
142
+		memcpy(l_xsainfo->sel.daddr.a6, dest_addr_param->u.addr32,
143
+				sizeof(l_xsainfo->sel.daddr.a6));
144
+		memcpy(l_xsainfo->sel.saddr.a6, src_addr_param->u.addr32,
145
+				sizeof(l_xsainfo->sel.saddr.a6));
146
+		l_xsainfo->sel.prefixlen_d = 128;
147
+		l_xsainfo->sel.prefixlen_s = 128;
148
+	} else {
149
+		l_xsainfo->sel.daddr.a4 = dest_addr_param->u.addr32[0];
150
+		l_xsainfo->sel.saddr.a4 = src_addr_param->u.addr32[0];
151
+		l_xsainfo->sel.prefixlen_d = 32;
152
+		l_xsainfo->sel.prefixlen_s = 32;
153
+	}
154
+	l_xsainfo->sel.dport = htons(d_port);
155
+	l_xsainfo->sel.dport_mask = 0xFFFF;
156
+	l_xsainfo->sel.sport = htons(s_port);
157
+	l_xsainfo->sel.sport_mask = 0xFFFF;
158
+	l_xsainfo->sel.user = htonl(xfrm_user_selector);
159
+
160
+	if(dest_addr_param->af == AF_INET6) {
161
+		memcpy(l_xsainfo->id.daddr.a6, dest_addr_param->u.addr32,
162
+				sizeof(l_xsainfo->id.daddr.a6));
163
+		memcpy(l_xsainfo->saddr.a6, src_addr_param->u.addr32,
164
+				sizeof(l_xsainfo->saddr.a6));
165
+	} else {
166
+		l_xsainfo->id.daddr.a4 = dest_addr_param->u.addr32[0];
167
+		l_xsainfo->saddr.a4 = src_addr_param->u.addr32[0];
168
+	}
169
+	l_xsainfo->id.spi = htonl(id);
170
+	l_xsainfo->id.proto = IPPROTO_ESP;
171
+
172
+	l_xsainfo->lft.soft_byte_limit = XFRM_INF;
173
+	l_xsainfo->lft.hard_byte_limit = XFRM_INF;
174
+	l_xsainfo->lft.soft_packet_limit = XFRM_INF;
175
+	l_xsainfo->lft.hard_packet_limit = XFRM_INF;
176
+	l_xsainfo->reqid = id;
177
+	l_xsainfo->family = dest_addr_param->af;
178
+	l_xsainfo->mode = XFRM_MODE_TRANSPORT;
179
+	l_xsainfo->replay_window = 32;
180
+
181
+	// Add authentication algorithm for this SA
182
+	// 3GPP TS 33.203 Annex I
183
+	// NOTE: hmac-md5-96 and des-ede3-cbc has been deprecated in Rel12+
184
+
185
+	// The cast below is performed because alg_key from struct xfrm_algo is char[0]
186
+	// The point is to provide a continuous chunk of memory with the key in it
187
+	l_auth_algo = (struct xfrm_algo *)l_auth_algo_buf;
188
+
189
+	// Set the proper algorithm by r_alg str
190
+	if(strncasecmp(r_alg.s, "hmac-md5-96", r_alg.len) == 0) {
191
+		strcpy(l_auth_algo->alg_name, "md5");
192
+		l_auth_algo->alg_key_len = ik.len * 4;
193
+		string_to_key(l_auth_algo->alg_key, ik);
194
+	} else if(strncasecmp(r_alg.s, "hmac-sha-1-96", r_alg.len) == 0) {
195
+		strcpy(l_auth_algo->alg_name, "sha1");
196
+		str ik1;
197
+		ik1.len = ik.len + 8;
198
+		ik1.s = pkg_malloc(ik1.len + 1);
199
+		if(ik1.s == NULL) {
200
+			LM_ERR("Error allocating memory\n");
201
+			return -1;
202
+		}
203
+		memcpy(ik1.s, ik.s, ik.len);
204
+		ik1.s[ik.len] = 0;
205
+		strcat(ik1.s, "00000000");
206
+		l_auth_algo->alg_key_len = ik1.len * 4;
207
+		string_to_key(l_auth_algo->alg_key, ik1);
208
+		pkg_free(ik1.s);
209
+	} else {
210
+		LM_DBG("Creating security associations: UNKNOW Auth Algorithm\n");
211
+		return -1;
212
+	}
213
+
214
+	mnl_attr_put(l_nlh, XFRMA_ALG_AUTH,
215
+			sizeof(struct xfrm_algo) + l_auth_algo->alg_key_len, l_auth_algo);
216
+
217
+	// add encription algorithm for this SA
218
+	l_enc_algo = (struct xfrm_algo *)l_enc_algo_buf;
219
+	// cipher_null, des,  des3_ede, aes
220
+	if(strncasecmp(r_ealg.s, "aes-cbc", r_ealg.len) == 0) {
221
+		strcpy(l_enc_algo->alg_name, "aes");
222
+		l_enc_algo->alg_key_len = ck.len * 4;
223
+		string_to_key(l_enc_algo->alg_key, ck);
224
+	} else if(strncasecmp(r_ealg.s, "des-ede3-cbc", r_ealg.len) == 0) {
225
+		strcpy(l_enc_algo->alg_name, "des3_ede");
226
+		str ck1;
227
+		ck1.len = ck.len + ck.len / 2;
228
+		ck1.s = pkg_malloc(ck1.len + 1);
229
+		if(ck1.s == NULL) {
230
+			LM_ERR("Error allocating memory\n");
231
+			return -1;
232
+		}
233
+		memcpy(ck1.s, ck.s, ck.len);
234
+		memcpy(ck1.s + ck.len, ck.s, ck.len / 2);
235
+		l_enc_algo->alg_key_len = ck1.len * 4;
236
+		string_to_key(l_enc_algo->alg_key, ck1);
237
+		pkg_free(ck1.s);
238
+	} else if(strncasecmp(r_ealg.s, "null", r_ealg.len) == 0) {
239
+		strcpy(l_enc_algo->alg_name, "cipher_null");
240
+		l_enc_algo->alg_key_len = 0;
241
+	} else {
242
+		LM_DBG("Creating security associations: UNKNOW Enc Algorithm\n");
243
+		return -1;
244
+	}
245
+
246
+	mnl_attr_put(l_nlh, XFRMA_ALG_CRYPT,
247
+			sizeof(struct xfrm_algo) + l_enc_algo->alg_key_len, l_enc_algo);
248
+
249
+	// send it to Netlink socket
250
+	if(mnl_socket_sendto(nl_sock, l_nlh, l_nlh->nlmsg_len) < 0) {
251
+		LM_ERR("Failed to send Netlink message for SA creation, error: %s\n",
252
+				strerror(errno));
253
+		return -3;
254
+	}
255
+
256
+	return 0;
248 257
 }
249 258
 
250 259
 
251
-int remove_sa(struct mnl_socket* nl_sock, str src_addr_param, str dest_addr_param, int s_port, int d_port, int long id, unsigned int af)
260
+int remove_sa(struct mnl_socket *nl_sock, str src_addr_param,
261
+		str dest_addr_param, int s_port, int d_port, int long id,
262
+		unsigned int af)
252 263
 {
253
-    char* src_addr = NULL;
254
-    char* dest_addr = NULL;
255
-
256
-    // convert input IP addresses to char*
257
-    if((src_addr = pkg_malloc(src_addr_param.len+1)) == NULL) {
258
-        LM_ERR("Error allocating memory for src addr during SA removal\n");
259
-        return -1;
260
-    }
261
-
262
-    if((dest_addr = pkg_malloc(dest_addr_param.len+1)) == NULL) {
263
-        pkg_free(src_addr);
264
-        LM_ERR("Error allocating memory for dest addr during SA removal\n");
265
-        return -2;
266
-    }
267
-
268
-    memset(src_addr, 0, src_addr_param.len+1);
269
-    memset(dest_addr, 0, dest_addr_param.len+1);
270
-
271
-    memcpy(src_addr, src_addr_param.s, src_addr_param.len);
272
-    memcpy(dest_addr, dest_addr_param.s, dest_addr_param.len);
273
-
274
-    struct {
275
-        struct nlmsghdr n;
276
-        struct xfrm_usersa_id   xsid;
277
-        char buf[XFRM_TMPLS_BUF_SIZE];
278
-
279
-    } req = {
280
-        .n.nlmsg_len    = NLMSG_LENGTH(sizeof(req.xsid)),
281
-        .n.nlmsg_flags  = NLM_F_REQUEST,
282
-        .n.nlmsg_type   = XFRM_MSG_DELSA,
283
-        .n.nlmsg_pid    = id,
284
-        .xsid.spi       = htonl(id),
285
-        .xsid.family    = af,
286
-        .xsid.proto     = IPPROTO_ESP
287
-    };
288
-
289
-    xfrm_address_t saddr;
290
-    memset(&saddr, 0, sizeof(saddr));
291
-
292
-    if(af == AF_INET6){
293
-        ip_addr_t ip_addr;
294
-
295
-        if(str2ipxbuf(&dest_addr_param, &ip_addr) < 0){
296
-            LM_ERR("Unable to convert dest address [%.*s]\n", dest_addr_param.len, dest_addr_param.s);
297
-            pkg_free(src_addr);
298
-            pkg_free(dest_addr);
299
-            return -1;
300
-        }
301
-        memcpy(req.xsid.daddr.a6, ip_addr.u.addr32, sizeof(req.xsid.daddr.a6));
302
-
303
-        memset(&ip_addr, 0, sizeof(ip_addr_t));
304
-        if(str2ipxbuf(&src_addr_param, &ip_addr) < 0){
305
-            LM_ERR("Unable to convert src address [%.*s]\n", src_addr_param.len, src_addr_param.s);
306
-            pkg_free(src_addr);
307
-            pkg_free(dest_addr);
308
-            return -1;
309
-        }
310
-        memcpy(saddr.a6, ip_addr.u.addr32, sizeof(saddr.a6));
311
-    }else{
312
-        req.xsid.daddr.a4   = inet_addr(dest_addr);
313
-        saddr.a4            = inet_addr(src_addr);
314
-    }
315
-
316
-    mnl_attr_put(&req.n, XFRMA_SRCADDR, sizeof(saddr), (void *)&saddr);
317
-
318
-    if(mnl_socket_sendto(nl_sock, &req.n, req.n.nlmsg_len) < 0)
319
-    {
320
-        LM_ERR("Failed to send Netlink message, error: %s\n", strerror(errno));
321
-        pkg_free(src_addr);
322
-        pkg_free(dest_addr);
323
-        return -1;
324
-    }
325
-
326
-    pkg_free(src_addr);
327
-    pkg_free(dest_addr);
328
-
329
-    return 0;
264
+	char *src_addr = NULL;
265
+	char *dest_addr = NULL;
266
+
267
+	// convert input IP addresses to char*
268
+	if((src_addr = pkg_malloc(src_addr_param.len + 1)) == NULL) {
269
+		LM_ERR("Error allocating memory for src addr during SA removal\n");
270
+		return -1;
271
+	}
272
+
273
+	if((dest_addr = pkg_malloc(dest_addr_param.len + 1)) == NULL) {
274
+		pkg_free(src_addr);
275
+		LM_ERR("Error allocating memory for dest addr during SA removal\n");
276
+		return -2;
277
+	}
278
+
279
+	memset(src_addr, 0, src_addr_param.len + 1);
280
+	memset(dest_addr, 0, dest_addr_param.len + 1);
281
+
282
+	memcpy(src_addr, src_addr_param.s, src_addr_param.len);
283
+	memcpy(dest_addr, dest_addr_param.s, dest_addr_param.len);
284
+
285
+	struct
286
+	{
287
+		struct nlmsghdr n;
288
+		struct xfrm_usersa_id xsid;
289
+		char buf[XFRM_TMPLS_BUF_SIZE];
290
+
291
+	} req = {.n.nlmsg_len = NLMSG_LENGTH(sizeof(req.xsid)),
292
+			.n.nlmsg_flags = NLM_F_REQUEST,
293
+			.n.nlmsg_type = XFRM_MSG_DELSA,
294
+			.n.nlmsg_pid = id,
295
+			.xsid.spi = htonl(id),
296
+			.xsid.family = af,
297
+			.xsid.proto = IPPROTO_ESP};
298
+
299
+	xfrm_address_t saddr;
300
+	memset(&saddr, 0, sizeof(saddr));
301
+
302
+	if(af == AF_INET6) {
303
+		ip_addr_t ip_addr;
304
+
305
+		if(str2ipxbuf(&dest_addr_param, &ip_addr) < 0) {
306
+			LM_ERR("Unable to convert dest address [%.*s]\n",
307
+					dest_addr_param.len, dest_addr_param.s);
308
+			pkg_free(src_addr);
309
+			pkg_free(dest_addr);
310
+			return -1;
311
+		}
312
+		memcpy(req.xsid.daddr.a6, ip_addr.u.addr32, sizeof(req.xsid.daddr.a6));
313
+
314
+		memset(&ip_addr, 0, sizeof(ip_addr_t));
315
+		if(str2ipxbuf(&src_addr_param, &ip_addr) < 0) {
316
+			LM_ERR("Unable to convert src address [%.*s]\n", src_addr_param.len,
317
+					src_addr_param.s);
318
+			pkg_free(src_addr);
319
+			pkg_free(dest_addr);
320
+			return -1;
321
+		}
322
+		memcpy(saddr.a6, ip_addr.u.addr32, sizeof(saddr.a6));
323
+	} else {
324
+		req.xsid.daddr.a4 = inet_addr(dest_addr);
325
+		saddr.a4 = inet_addr(src_addr);
326
+	}
327
+
328
+	mnl_attr_put(&req.n, XFRMA_SRCADDR, sizeof(saddr), (void *)&saddr);
329
+
330
+	if(mnl_socket_sendto(nl_sock, &req.n, req.n.nlmsg_len) < 0) {
331
+		LM_ERR("Failed to send Netlink message, error: %s\n", strerror(errno));
332
+		pkg_free(src_addr);
333
+		pkg_free(dest_addr);
334
+		return -1;
335
+	}
336
+
337
+	pkg_free(src_addr);
338
+	pkg_free(dest_addr);
339
+
340
+	return 0;
330 341
 }
331 342
 
332 343
 
333
-int add_policy(struct mnl_socket* mnl_socket, const struct ip_addr *src_addr_param, const struct ip_addr *dest_addr_param, int src_port, int dst_port, int long p_id, enum ipsec_policy_direction dir)
344
+int add_policy(struct mnl_socket *mnl_socket,
345
+		const struct ip_addr *src_addr_param,
346
+		const struct ip_addr *dest_addr_param, int src_port, int dst_port,
347
+		int long p_id, enum ipsec_policy_direction dir)
334 348
 {
335
-    char                            l_msg_buf[MNL_SOCKET_BUFFER_SIZE];
336
-    char                            l_tmpls_buf[XFRM_TMPLS_BUF_SIZE];
337
-    struct nlmsghdr*                l_nlh;
338
-    struct xfrm_userpolicy_info*    l_xpinfo;
339
-
340
-    memset(l_msg_buf, 0, sizeof(l_msg_buf));
341
-    memset(l_tmpls_buf, 0, sizeof(l_tmpls_buf));
342
-
343
-    // nlmsghdr initialization
344
-    l_nlh = mnl_nlmsg_put_header(l_msg_buf);
345
-    l_nlh->nlmsg_flags  = NLM_F_REQUEST | NLM_F_CREATE | NLM_F_EXCL;
346
-    l_nlh->nlmsg_type   = XFRM_MSG_NEWPOLICY;
347
-    l_nlh->nlmsg_seq    = time(NULL);
348
-    l_nlh->nlmsg_pid    = p_id;
349
-
350
-    // add OUT policy
351
-    l_xpinfo = (struct xfrm_userpolicy_info*)mnl_nlmsg_put_extra_header(l_nlh, sizeof(struct xfrm_userpolicy_info));
352
-    l_xpinfo->sel.family        = dest_addr_param->af;
353
-    if(dest_addr_param->af == AF_INET6) {
354
-        memcpy(l_xpinfo->sel.daddr.a6, dest_addr_param->u.addr32, sizeof(l_xpinfo->sel.daddr.a6));
355
-        memcpy(l_xpinfo->sel.saddr.a6, src_addr_param->u.addr32, sizeof(l_xpinfo->sel.saddr.a6));
356
-        l_xpinfo->sel.prefixlen_d  = 128;
357
-        l_xpinfo->sel.prefixlen_s  = 128;
358
-    }
359
-    else {
360
-        l_xpinfo->sel.daddr.a4     = dest_addr_param->u.addr32[0];
361
-        l_xpinfo->sel.saddr.a4     = src_addr_param->u.addr32[0];
362
-        l_xpinfo->sel.prefixlen_d  = 32;
363
-        l_xpinfo->sel.prefixlen_s  = 32;
364
-    }
365
-    l_xpinfo->sel.dport         = htons(dst_port);
366
-    l_xpinfo->sel.dport_mask    = 0xFFFF;
367
-    l_xpinfo->sel.sport         = htons(src_port);
368
-    l_xpinfo->sel.sport_mask    = 0xFFFF;
369
-    //l_xpinfo->sel.proto         = sel_proto;
370
-    l_xpinfo->sel.user          = htonl(xfrm_user_selector);
371
-
372
-    l_xpinfo->lft.soft_byte_limit   = XFRM_INF;
373
-    l_xpinfo->lft.hard_byte_limit   = XFRM_INF;
374
-    l_xpinfo->lft.soft_packet_limit = XFRM_INF;
375
-    l_xpinfo->lft.hard_packet_limit = XFRM_INF;
376
-    l_xpinfo->priority              = 2080;
377
-    l_xpinfo->action                = XFRM_POLICY_ALLOW;
378
-    l_xpinfo->share                 = XFRM_SHARE_ANY;
379
-
380
-    if (dir == IPSEC_POLICY_DIRECTION_IN) {
381
-        l_xpinfo->dir               = XFRM_POLICY_IN;
382
-    }
383
-    else if(dir == IPSEC_POLICY_DIRECTION_OUT) {
384
-        l_xpinfo->dir               = XFRM_POLICY_OUT;
385
-    }
386
-    else {
387
-        LM_ERR("Invalid direction parameter passed to add_policy: %d\n", dir);
388
-
389
-        return -3;
390
-    }
391
-
392
-    // xfrm_user_tmpl initialization
393
-    struct xfrm_user_tmpl* l_tmpl = (struct xfrm_user_tmpl*)l_tmpls_buf;
394
-    l_tmpl->id.proto    = IPPROTO_ESP;
395
-    l_tmpl->family      = dest_addr_param->af;
396
-    if(dest_addr_param->af == AF_INET6) {
397
-        memcpy(l_tmpl->id.daddr.a6, dest_addr_param->u.addr32, sizeof(l_tmpl->id.daddr.a6));
398
-        memcpy(l_tmpl->saddr.a6, src_addr_param->u.addr32, sizeof(l_tmpl->saddr.a6));
399
-    }
400
-    else {
401
-        l_tmpl->id.daddr.a4        = dest_addr_param->u.addr32[0];
402
-        l_tmpl->saddr.a4           = src_addr_param->u.addr32[0];
403
-    }
404
-    l_tmpl->reqid       = p_id;
405
-    l_tmpl->mode        = XFRM_MODE_TRANSPORT;
406
-    l_tmpl->aalgos      = (~(__u32)0);
407
-    l_tmpl->ealgos      = (~(__u32)0);
408
-    l_tmpl->calgos      = (~(__u32)0);
409
-
410
-    mnl_attr_put(l_nlh, XFRMA_TMPL, sizeof(struct xfrm_user_tmpl), l_tmpl);
411
-
412
-    if(mnl_socket_sendto(mnl_socket, l_nlh, l_nlh->nlmsg_len) < 0)
413
-    {
414
-        LM_ERR("Failed to send Netlink message, error: %s\n", strerror(errno));
415
-        return -4;
416
-    }
417
-
418
-    return 0;
349
+	char l_msg_buf[MNL_SOCKET_BUFFER_SIZE];
350
+	char l_tmpls_buf[XFRM_TMPLS_BUF_SIZE];
351
+	struct nlmsghdr *l_nlh;
352
+	struct xfrm_userpolicy_info *l_xpinfo;
353
+
354
+	memset(l_msg_buf, 0, sizeof(l_msg_buf));
355
+	memset(l_tmpls_buf, 0, sizeof(l_tmpls_buf));
356
+
357
+	// nlmsghdr initialization
358
+	l_nlh = mnl_nlmsg_put_header(l_msg_buf);
359
+	l_nlh->nlmsg_flags = NLM_F_REQUEST | NLM_F_CREATE | NLM_F_EXCL;
360
+	l_nlh->nlmsg_type = XFRM_MSG_NEWPOLICY;
361
+	l_nlh->nlmsg_seq = time(NULL);
362
+	l_nlh->nlmsg_pid = p_id;
363
+
364
+	// add OUT policy
365
+	l_xpinfo = (struct xfrm_userpolicy_info *)mnl_nlmsg_put_extra_header(
366
+			l_nlh, sizeof(struct xfrm_userpolicy_info));
367
+	l_xpinfo->sel.family = dest_addr_param->af;
368
+	if(dest_addr_param->af == AF_INET6) {
369
+		memcpy(l_xpinfo->sel.daddr.a6, dest_addr_param->u.addr32,
370
+				sizeof(l_xpinfo->sel.daddr.a6));
371
+		memcpy(l_xpinfo->sel.saddr.a6, src_addr_param->u.addr32,
372
+				sizeof(l_xpinfo->sel.saddr.a6));
373
+		l_xpinfo->sel.prefixlen_d = 128;
374
+		l_xpinfo->sel.prefixlen_s = 128;
375
+	} else {
376
+		l_xpinfo->sel.daddr.a4 = dest_addr_param->u.addr32[0];
377
+		l_xpinfo->sel.saddr.a4 = src_addr_param->u.addr32[0];
378
+		l_xpinfo->sel.prefixlen_d = 32;
379
+		l_xpinfo->sel.prefixlen_s = 32;
380
+	}
381
+	l_xpinfo->sel.dport = htons(dst_port);
382
+	l_xpinfo->sel.dport_mask = 0xFFFF;
383
+	l_xpinfo->sel.sport = htons(src_port);
384
+	l_xpinfo->sel.sport_mask = 0xFFFF;
385
+	//l_xpinfo->sel.proto         = sel_proto;
386
+	l_xpinfo->sel.user = htonl(xfrm_user_selector);
387
+
388
+	l_xpinfo->lft.soft_byte_limit = XFRM_INF;
389
+	l_xpinfo->lft.hard_byte_limit = XFRM_INF;
390
+	l_xpinfo->lft.soft_packet_limit = XFRM_INF;
391
+	l_xpinfo->lft.hard_packet_limit = XFRM_INF;
392
+	l_xpinfo->priority = 2080;
393
+	l_xpinfo->action = XFRM_POLICY_ALLOW;
394
+	l_xpinfo->share = XFRM_SHARE_ANY;
395
+
396
+	if(dir == IPSEC_POLICY_DIRECTION_IN) {
397
+		l_xpinfo->dir = XFRM_POLICY_IN;
398
+	} else if(dir == IPSEC_POLICY_DIRECTION_OUT) {
399
+		l_xpinfo->dir = XFRM_POLICY_OUT;
400
+	} else {
401
+		LM_ERR("Invalid direction parameter passed to add_policy: %d\n", dir);
402
+
403
+		return -3;
404
+	}
405
+
406
+	// xfrm_user_tmpl initialization
407
+	struct xfrm_user_tmpl *l_tmpl = (struct xfrm_user_tmpl *)l_tmpls_buf;
408
+	l_tmpl->id.proto = IPPROTO_ESP;
409
+	l_tmpl->family = dest_addr_param->af;
410
+	if(dest_addr_param->af == AF_INET6) {
411
+		memcpy(l_tmpl->id.daddr.a6, dest_addr_param->u.addr32,
412
+				sizeof(l_tmpl->id.daddr.a6));
413
+		memcpy(l_tmpl->saddr.a6, src_addr_param->u.addr32,
414
+				sizeof(l_tmpl->saddr.a6));
415
+	} else {
416
+		l_tmpl->id.daddr.a4 = dest_addr_param->u.addr32[0];
417
+		l_tmpl->saddr.a4 = src_addr_param->u.addr32[0];
418
+	}
419
+	l_tmpl->reqid = p_id;
420
+	l_tmpl->mode = XFRM_MODE_TRANSPORT;
421
+	l_tmpl->aalgos = (~(__u32)0);
422
+	l_tmpl->ealgos = (~(__u32)0);
423
+	l_tmpl->calgos = (~(__u32)0);
424
+
425
+	mnl_attr_put(l_nlh, XFRMA_TMPL, sizeof(struct xfrm_user_tmpl), l_tmpl);
426
+
427
+	if(mnl_socket_sendto(mnl_socket, l_nlh, l_nlh->nlmsg_len) < 0) {
428
+		LM_ERR("Failed to send Netlink message, error: %s\n", strerror(errno));
429
+		return -4;
430
+	}
431
+
432
+	return 0;
419 433
 }
420 434
 
421
-int remove_policy(struct mnl_socket* mnl_socket, str src_addr_param, str dest_addr_param, int src_port, int dst_port, int long p_id, unsigned int af, enum ipsec_policy_direction dir)
435
+int remove_policy(struct mnl_socket *mnl_socket, str src_addr_param,
436
+		str dest_addr_param, int src_port, int dst_port, int long p_id,
437
+		unsigned int af, enum ipsec_policy_direction dir)
422 438
 {
423
-    unsigned char policy_dir = 0;
424
-
425
-    if(dir == IPSEC_POLICY_DIRECTION_IN) {
426
-         policy_dir = XFRM_POLICY_IN;
427
-    }
428
-    else if(dir == IPSEC_POLICY_DIRECTION_OUT) {
429
-         policy_dir = XFRM_POLICY_OUT;
430
-    }
431
-    else {
432
-        LM_ERR("Invalid direction parameter passed to remove_policy: %d\n", dir);
433
-        return -1;
434
-    }
435
-
436
-    char* src_addr = NULL;
437
-    char* dest_addr = NULL;
438
-
439
-    // convert input IP addresses to char*
440
-    if((src_addr = pkg_malloc(src_addr_param.len+1)) == NULL) {
441
-        LM_ERR("Error allocating memory for src addr during SA removal\n");
442
-        return -1;
443
-    }
444
-
445
-    if((dest_addr = pkg_malloc(dest_addr_param.len+1)) == NULL) {
446
-        pkg_free(src_addr);
447
-        LM_ERR("Error allocating memory for dest addr during SA removal\n");
448
-        return -2;
449
-    }
450
-
451
-    memset(src_addr, 0, src_addr_param.len+1);
452
-    memset(dest_addr, 0, dest_addr_param.len+1);
453
-
454
-    memcpy(src_addr, src_addr_param.s, src_addr_param.len);
455
-    memcpy(dest_addr, dest_addr_param.s, dest_addr_param.len);
456
-
457
-    struct {
458
-        struct nlmsghdr n;
459
-        struct xfrm_userpolicy_id xpid;
460
-        char buf[XFRM_TMPLS_BUF_SIZE];
461
-    } req = {
462
-        .n.nlmsg_len            = NLMSG_LENGTH(sizeof(req.xpid)),
463
-        .n.nlmsg_flags          = NLM_F_REQUEST,
464
-        .n.nlmsg_type           = XFRM_MSG_DELPOLICY,
465
-        .n.nlmsg_pid            = p_id,
466
-        .xpid.dir               = policy_dir,
467
-        .xpid.sel.family        = af,
468
-        .xpid.sel.dport         = htons(dst_port),
469
-        .xpid.sel.dport_mask    = 0xFFFF,
470
-        .xpid.sel.sport         = htons(src_port),
471
-        .xpid.sel.sport_mask    = 0xFFFF,
472
-        .xpid.sel.user          = htonl(xfrm_user_selector)
473
-        //.xpid.sel.proto         = sel_proto
474
-    };
475
-
476
-    if(af == AF_INET6){
477
-        ip_addr_t ip_addr;
478
-
479
-        if(str2ipxbuf(&dest_addr_param, &ip_addr) < 0){
480
-            LM_ERR("Unable to convert dest address [%.*s]\n", dest_addr_param.len, dest_addr_param.s);
481
-            pkg_free(src_addr);
482
-            pkg_free(dest_addr);
483
-            return -1;
484
-        }
485
-        memcpy(req.xpid.sel.daddr.a6, ip_addr.u.addr32, sizeof(req.xpid.sel.daddr.a6));
486
-
487
-        if(str2ipxbuf(&src_addr_param, &ip_addr) < 0){
488
-            LM_ERR("Unable to convert src address [%.*s]\n", src_addr_param.len, src_addr_param.s);
489
-            pkg_free(src_addr);
490
-            pkg_free(dest_addr);
491
-            return -1;
492
-        }
493
-        memcpy(req.xpid.sel.saddr.a6, ip_addr.u.addr32, sizeof(req.xpid.sel.saddr.a6));
494
-
495
-        req.xpid.sel.prefixlen_d = 128;
496
-        req.xpid.sel.prefixlen_s = 128;
497
-    }else{
498
-        req.xpid.sel.daddr.a4       = inet_addr(dest_addr);
499
-        req.xpid.sel.saddr.a4       = inet_addr(src_addr);
500
-
501
-        req.xpid.sel.prefixlen_d    = 32;
502
-        req.xpid.sel.prefixlen_s    = 32;
503
-    }
504
-
505
-    if(mnl_socket_sendto(mnl_socket, &req.n, req.n.nlmsg_len) < 0)
506
-    {
507
-        LM_ERR("Failed to send Netlink message, error: %s\n", strerror(errno));
508
-        pkg_free(src_addr);
509
-        pkg_free(dest_addr);
510
-        return -1;
511
-    }
512
-
513
-    pkg_free(src_addr);
514
-    pkg_free(dest_addr);
515
-
516
-    return 0;
439
+	unsigned char policy_dir = 0;
440
+
441
+	if(dir == IPSEC_POLICY_DIRECTION_IN) {
442
+		policy_dir = XFRM_POLICY_IN;
443
+	} else if(dir == IPSEC_POLICY_DIRECTION_OUT) {
444
+		policy_dir = XFRM_POLICY_OUT;
445
+	} else {
446
+		LM_ERR("Invalid direction parameter passed to remove_policy: %d\n",
447
+				dir);
448
+		return -1;
449
+	}
450
+
451
+	char *src_addr = NULL;
452
+	char *dest_addr = NULL;
453
+
454
+	// convert input IP addresses to char*
455
+	if((src_addr = pkg_malloc(src_addr_param.len + 1)) == NULL) {
456
+		LM_ERR("Error allocating memory for src addr during SA removal\n");
457
+		return -1;
458
+	}
459
+
460
+	if((dest_addr = pkg_malloc(dest_addr_param.len + 1)) == NULL) {
461
+		pkg_free(src_addr);
462
+		LM_ERR("Error allocating memory for dest addr during SA removal\n");
463
+		return -2;
464
+	}
465
+
466
+	memset(src_addr, 0, src_addr_param.len + 1);
467
+	memset(dest_addr, 0, dest_addr_param.len + 1);
468
+
469
+	memcpy(src_addr, src_addr_param.s, src_addr_param.len);
470
+	memcpy(dest_addr, dest_addr_param.s, dest_addr_param.len);
471
+
472
+	struct
473
+	{
474
+		struct nlmsghdr n;
475
+		struct xfrm_userpolicy_id xpid;
476
+		char buf[XFRM_TMPLS_BUF_SIZE];
477
+	} req = {
478
+			.n.nlmsg_len = NLMSG_LENGTH(sizeof(req.xpid)),
479
+			.n.nlmsg_flags = NLM_F_REQUEST,
480
+			.n.nlmsg_type = XFRM_MSG_DELPOLICY,
481
+			.n.nlmsg_pid = p_id,
482
+			.xpid.dir = policy_dir,
483
+			.xpid.sel.family = af,
484
+			.xpid.sel.dport = htons(dst_port),
485
+			.xpid.sel.dport_mask = 0xFFFF,
486
+			.xpid.sel.sport = htons(src_port),
487
+			.xpid.sel.sport_mask = 0xFFFF,
488
+			.xpid.sel.user = htonl(xfrm_user_selector)
489
+			//.xpid.sel.proto         = sel_proto
490
+	};
491
+
492
+	if(af == AF_INET6) {
493
+		ip_addr_t ip_addr;
494
+
495
+		if(str2ipxbuf(&dest_addr_param, &ip_addr) < 0) {
496
+			LM_ERR("Unable to convert dest address [%.*s]\n",
497
+					dest_addr_param.len, dest_addr_param.s);
498
+			pkg_free(src_addr);
499
+			pkg_free(dest_addr);
500
+			return -1;
501
+		}
502
+		memcpy(req.xpid.sel.daddr.a6, ip_addr.u.addr32,
503
+				sizeof(req.xpid.sel.daddr.a6));
504
+
505
+		if(str2ipxbuf(&src_addr_param, &ip_addr) < 0) {
506
+			LM_ERR("Unable to convert src address [%.*s]\n", src_addr_param.len,
507
+					src_addr_param.s);
508
+			pkg_free(src_addr);
509
+			pkg_free(dest_addr);
510
+			return -1;
511
+		}
512
+		memcpy(req.xpid.sel.saddr.a6, ip_addr.u.addr32,
513
+				sizeof(req.xpid.sel.saddr.a6));
514
+
515
+		req.xpid.sel.prefixlen_d = 128;
516
+		req.xpid.sel.prefixlen_s = 128;
517
+	} else {