-struct peer_auth to store the SPIs, linked into struct peer

-add pfkey_auth_establish(), which sets up flows for both directions and
 stores the SPIs in above struct
-add (yet dummy) pfkey_auth_remove()

with markus, ok claudio markus

3 files changed, 45 insertions, 10 deletions

diff --git a/usr.sbin/bgpd/bgpd.h b/usr.sbin/bgpd/bgpd.h
index 51d264ad4d4..89b3f4f6577 100644
--- a/usr.sbin/bgpd/bgpd.h
+++ b/usr.sbin/bgpd/bgpd.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: bgpd.h,v 1.86 2004/01/28 11:03:32 markus Exp $ */
+/*	$OpenBSD: bgpd.h,v 1.87 2004/01/28 17:27:55 henning Exp $ */
 
 /*
  * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
@@ -323,7 +323,4 @@ int	control_init(void);
 void	control_cleanup(void);
 int	control_imsg_relay(struct imsg *);
 
-/* pfkey.c */
-int	pfkey_setkey(struct bgpd_addr *, struct bgpd_addr *, char *);
-
 #endif /* __BGPD_H__ */
diff --git a/usr.sbin/bgpd/pfkey.c b/usr.sbin/bgpd/pfkey.c
index a97dca91630..a130dcd1e7f 100644
--- a/usr.sbin/bgpd/pfkey.c
+++ b/usr.sbin/bgpd/pfkey.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pfkey.c,v 1.6 2004/01/28 14:24:29 markus Exp $ */
+/*	$OpenBSD: pfkey.c,v 1.7 2004/01/28 17:27:55 henning Exp $ */
 
 /*
  * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
@@ -29,6 +29,7 @@
 #include <unistd.h>
 
 #include "bgpd.h"
+#include "session.h"
 
 #define	PFKEY2_CHUNK sizeof(u_int64_t)
 #define	ROUNDUP(x) (((x) + (PFKEY2_CHUNK - 1)) & ~(PFKEY2_CHUNK - 1))
@@ -39,6 +40,8 @@ static u_int32_t	sadb_msg_seq = 1;
 int	pfkey_reply(int, u_int32_t *);
 int	pfkey_send(int, uint8_t, struct bgpd_addr *, struct bgpd_addr *,
     u_int32_t, char *);
+int	pfkey_setkey(struct bgpd_addr *, struct bgpd_addr *, char *,
+	    u_int32_t *);
 
 int
 pfkey_send(int sd, uint8_t mtype, struct bgpd_addr *src,
@@ -269,9 +272,9 @@ pfkey_reply(int sd, u_int32_t *spip)
 }
 
 int
-pfkey_setkey(struct bgpd_addr *src, struct bgpd_addr *dst, char *key)
+pfkey_setkey(struct bgpd_addr *src, struct bgpd_addr *dst, char *key,
+    u_int32_t *spi)
 {
-	u_int32_t	spi = 0;
 	int		sd;
 	int		ret = -1;
 
@@ -284,9 +287,9 @@ pfkey_setkey(struct bgpd_addr *src, struct bgpd_addr *dst, char *key)
 	}
 	if (pfkey_send(sd, SADB_GETSPI, src, dst, 0, NULL) < 0)
 		goto done;
-	if (pfkey_reply(sd, &spi) < 0)
+	if (pfkey_reply(sd, spi) < 0)
 		goto done;
-	if (pfkey_send(sd, SADB_UPDATE, src, dst, spi, key) < 0)
+	if (pfkey_send(sd, SADB_UPDATE, src, dst, *spi, key) < 0)
 		goto done;
 	if (pfkey_reply(sd, NULL) < 0)
 		goto done;
@@ -295,3 +298,28 @@ done:
 	close(sd);
 	return (ret);
 }
+
+int
+pfkey_auth_establish(struct peer *p)
+{
+	if (!p->conf.tcp_sign_key[0])
+		return (0);
+
+	if (!p->auth.spi_out)
+		if (pfkey_setkey(&p->conf.local_addr, &p->conf.remote_addr,
+		    p->conf.tcp_sign_key, &p->auth.spi_out) == -1)
+			return (-1);
+
+	if (!p->auth.spi_in)
+		if (pfkey_setkey(&p->conf.remote_addr, &p->conf.local_addr,
+		    p->conf.tcp_sign_key, &p->auth.spi_in) == -1)
+			return (-1);
+
+	return (0);
+}
+
+int
+pfkey_auth_remove(struct peer *p)
+{
+	return (0);
+}
diff --git a/usr.sbin/bgpd/session.h b/usr.sbin/bgpd/session.h
index 78bd04e78be..ecc22646cee 100644
--- a/usr.sbin/bgpd/session.h
+++ b/usr.sbin/bgpd/session.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: session.h,v 1.22 2004/01/22 20:59:17 henning Exp $ */
+/*	$OpenBSD: session.h,v 1.23 2004/01/28 17:27:55 henning Exp $ */
 
 /*
  * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
@@ -131,9 +131,15 @@ struct peer_stats {
 	time_t			 last_read;
 };
 
+struct peer_auth {
+	u_int32_t	spi_in;
+	u_int32_t	spi_out;
+};
+
 struct peer {
 	struct peer_config	 conf;
 	struct peer_stats	 stats;
+	struct peer_auth	 auth;
 	u_int32_t		 remote_bgpid;
 	u_int16_t		 holdtime;
 	enum session_state	 state;
@@ -186,3 +192,7 @@ void	control_shutdown(void);
 int	control_dispatch_msg(struct pollfd *, int);
 void	control_accept(int);
 void	control_close(int);
+
+/* pfkey.c */
+int	pfkey_auth_establish(struct peer *p);
+int	pfkey_auth_remove(struct peer *p);