diff options
author | Niels Provos <provos@cvs.openbsd.org> | 1997-07-15 23:11:11 +0000 |
---|---|---|
committer | Niels Provos <provos@cvs.openbsd.org> | 1997-07-15 23:11:11 +0000 |
commit | 9843662ad45ddecb7ea944318208f9203baa4df9 (patch) | |
tree | 56b05097ec5be4d837ede02b382b61c0ac375118 | |
parent | b56305855b048ed0bf6503aa0a7765cf3d5b04ee (diff) |
flags for tunnels and replacing existing routes, sysctl! + tiny bug fix
-rw-r--r-- | sys/net/encap.c | 118 | ||||
-rw-r--r-- | sys/net/encap.h | 20 | ||||
-rw-r--r-- | sys/netinet/ip_ipsp.c | 4 | ||||
-rw-r--r-- | sys/netinet/ip_ipsp.h | 34 |
4 files changed, 135 insertions, 41 deletions
diff --git a/sys/net/encap.c b/sys/net/encap.c index ea0d210c4d4..911ca641397 100644 --- a/sys/net/encap.c +++ b/sys/net/encap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: encap.c,v 1.9 1997/07/14 08:46:39 provos Exp $ */ +/* $OpenBSD: encap.c,v 1.10 1997/07/15 23:11:08 provos Exp $ */ /* * The author of this code is John Ioannidis, ji@tla.org, @@ -164,12 +164,13 @@ va_dcl { #define SENDERR(e) do { error = e; goto flush;} while (0) struct sockaddr_encap encapdst, encapgw, encapnetmask; + struct in_addr alts, altm; int len, emlen, error = 0; + struct flow *flow, *flow2; struct encap_msghdr *emp; struct tdb *tdbp, *tdbp2; caddr_t buffer = 0; struct socket *so; - struct flow *flow; u_int32_t spi; va_list ap; @@ -454,10 +455,42 @@ va_dcl if (flow != (struct flow *) NULL) SENDERR(EEXIST); + /* Check for 0.0.0.0/255.255.255.255 if the flow is local */ + if (emp->em_ena_flags & ENABLE_FLAG_LOCAL) + { + alts.s_addr = INADDR_ANY; + altm.s_addr = INADDR_BROADCAST; + flow2 = find_flow(alts, altm, emp->em_ena_idst, + emp->em_ena_idmask, emp->em_ena_protocol, + emp->em_ena_sport, emp->em_ena_dport, tdbp); + if (flow2 != (struct flow *) NULL) + SENDERR(EEXIST); + } + flow = get_flow(); if (flow == (struct flow *) NULL) SENDERR(ENOBUFS); + if (emp->em_ena_flags & ENABLE_FLAG_LOCAL) + { + flow2 = get_flow(); + if (flow2 == (struct flow *) NULL) + { + FREE(flow, M_TDB); + SENDERR(ENOBUFS); + } + + flow2->flow_src.s_addr = INADDR_ANY; + flow2->flow_dst.s_addr = emp->em_ena_idst.s_addr; + flow2->flow_srcmask.s_addr = INADDR_BROADCAST; + flow2->flow_dstmask.s_addr = emp->em_ena_idmask.s_addr; + flow2->flow_proto = emp->em_ena_protocol; + flow2->flow_sport = emp->em_ena_sport; + flow2->flow_dport = emp->em_ena_dport; + + put_flow(flow2, tdbp); + } + flow->flow_src.s_addr = emp->em_ena_isrc.s_addr; flow->flow_dst.s_addr = emp->em_ena_idst.s_addr; flow->flow_srcmask.s_addr = emp->em_ena_ismask.s_addr; @@ -501,6 +534,14 @@ va_dcl encapnetmask.sen_dport = 0xffff; } + /* If this is set, delete any old route for this flow */ + if (emp->em_ena_flags & ENABLE_FLAG_REPLACE) + rtrequest(RTM_DELETE, (struct sockaddr *) &encapdst, + (struct sockaddr *) &encapgw, + (struct sockaddr *) &encapnetmask, + RTF_UP | RTF_GATEWAY | RTF_STATIC, + (struct rtentry **) 0); + /* Add the entry in the routing table */ error = rtrequest(RTM_ADD, (struct sockaddr *) &encapdst, (struct sockaddr *) &encapgw, @@ -511,9 +552,47 @@ va_dcl if (error) { delete_flow(flow, tdbp); + if (emp->em_ena_flags & ENABLE_FLAG_LOCAL) + delete_flow(flow2, tdbp); SENDERR(error); } + /* If this is a "local" packet flow */ + if (emp->em_ena_flags & ENABLE_FLAG_LOCAL) + { + encapdst.sen_ip_src.s_addr = INADDR_ANY; + encapnetmask.sen_ip_src.s_addr = INADDR_BROADCAST; + + if (emp->em_ena_flags & ENABLE_FLAG_REPLACE) + rtrequest(RTM_DELETE, (struct sockaddr *) &encapdst, + (struct sockaddr *) &encapgw, + (struct sockaddr *) &encapnetmask, + RTF_UP | RTF_GATEWAY | RTF_STATIC, + (struct rtentry **) 0); + + error = rtrequest(RTM_ADD, (struct sockaddr *) &encapdst, + (struct sockaddr *) &encapgw, + (struct sockaddr *) &encapnetmask, + RTF_UP | RTF_GATEWAY | RTF_STATIC, + (struct rtentry **) 0); + + if (error) + { + encapdst.sen_ip_src.s_addr = emp->em_ena_isrc.s_addr; + encapnetmask.sen_ip_src.s_addr = emp->em_ena_ismask.s_addr; + + rtrequest(RTM_DELETE, (struct sockaddr *) &encapdst, + (struct sockaddr *) &encapgw, + (struct sockaddr *) &encapnetmask, + RTF_UP | RTF_GATEWAY | RTF_STATIC, + (struct rtentry **) 0); + + delete_flow(flow, tdbp); + delete_flow(flow2, tdbp); + SENDERR(error); + } + } + error = 0; break; @@ -533,6 +612,18 @@ va_dcl if (flow == (struct flow *) NULL) SENDERR(ENOENT); + if (emp->em_ena_flags & ENABLE_FLAG_LOCAL) + { + alts.s_addr = INADDR_ANY; + altm.s_addr = INADDR_BROADCAST; + + flow2 = find_flow(alts, altm, emp->em_ena_idst, + emp->em_ena_idmask, emp->em_ena_protocol, + emp->em_ena_sport, emp->em_ena_dport, tdbp); + if (flow2 == (struct flow *) NULL) + SENDERR(ENOENT); + } + /* Setup the encap fields */ encapdst.sen_len = SENT_IP4_LEN; encapdst.sen_family = AF_ENCAP; @@ -566,7 +657,7 @@ va_dcl encapnetmask.sen_dport = 0xffff; } - /* Add the entry in the routing table */ + /* Delete the entry */ error = rtrequest(RTM_DELETE, (struct sockaddr *) &encapdst, (struct sockaddr *) &encapgw, (struct sockaddr *) &encapnetmask, @@ -575,6 +666,27 @@ va_dcl delete_flow(flow, tdbp); + if (error) + SENDERR(error); + + if (emp->em_ena_flags & ENABLE_FLAG_LOCAL) + { + + encapdst.sen_ip_src.s_addr = INADDR_ANY; + encapnetmask.sen_ip_src.s_addr = INADDR_BROADCAST; + + error = rtrequest(RTM_DELETE, (struct sockaddr *) &encapdst, + (struct sockaddr *) &encapgw, + (struct sockaddr *) &encapnetmask, + RTF_UP | RTF_GATEWAY | RTF_STATIC, + (struct rtentry **) 0); + + delete_flow(flow2, tdbp); + + if (error) + SENDERR(error); + } + break; case EMT_NOTIFY: diff --git a/sys/net/encap.h b/sys/net/encap.h index 0c4ddf25bf0..8ee2cec21dd 100644 --- a/sys/net/encap.h +++ b/sys/net/encap.h @@ -1,4 +1,4 @@ -/* $OpenBSD: encap.h,v 1.8 1997/07/14 08:46:40 provos Exp $ */ +/* $OpenBSD: encap.h,v 1.9 1997/07/15 23:11:09 provos Exp $ */ /* * The author of this code is John Ioannidis, ji@tla.org, @@ -231,7 +231,7 @@ struct encap_msghdr u_int16_t Dport; /* Destination port, if applicable */ u_int8_t Protocol; /* Transport mode for which protocol */ u_int8_t Sproto; /* IPsec protocol */ - u_int8_t Foo[2]; /* Alignment */ + u_int16_t Flags; } Ena; /* For general use: (in)validate, delete (chain), reserve */ @@ -245,11 +245,18 @@ struct encap_msghdr } Eu; }; -#define ENCAP_MSG_FIXED_LEN (2 * sizeof(u_int32_t)) +#define ENABLE_FLAG_REPLACE 1 +#define ENABLE_FLAG_LOCAL 2 + +#define ENCAP_MSG_FIXED_LEN (2 * sizeof(u_int32_t)) + +#define NOTIFY_SOFT_EXPIRE 0 /* Soft expiration of SA */ +#define NOTIFY_HARD_EXPIRE 1 /* Hard expiration of SA */ +#define NOTIFY_REQUEST_SA 2 /* Establish an SA */ -#define NOTIFY_SOFT_EXPIRE 0 /* Soft expiration of SA */ -#define NOTIFY_HARD_EXPIRE 1 /* Hard expiration of SA */ -#define NOTIFY_REQUEST_SA 2 /* Establish an SA */ +#define NOTIFY_SATYPE_CONF 0 /* SA should do encryption */ +#define NOTIFY_SATYPE_AUTH 1 /* SA should do authentication */ +#define NOTIFY_SATYPE_TUNNEL 2 /* SA should use tunneling */ #define em_ena_spi Eu.Ena.Spi #define em_ena_dst Eu.Ena.Dst @@ -261,6 +268,7 @@ struct encap_msghdr #define em_ena_dport Eu.Ena.Dport #define em_ena_protocol Eu.Ena.Protocol #define em_ena_sproto Eu.Ena.Sproto +#define em_ena_flags Eu.Ena.Flags #define em_gen_spi Eu.Gen.Spi #define em_gen_dst Eu.Gen.Dst diff --git a/sys/netinet/ip_ipsp.c b/sys/netinet/ip_ipsp.c index c5fde0aab9a..084fbec91af 100644 --- a/sys/netinet/ip_ipsp.c +++ b/sys/netinet/ip_ipsp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ipsp.c,v 1.13 1997/07/11 23:37:58 provos Exp $ */ +/* $OpenBSD: ip_ipsp.c,v 1.14 1997/07/15 23:11:10 provos Exp $ */ /* * The author of this code is John Ioannidis, ji@tla.org, @@ -236,6 +236,8 @@ put_flow(struct flow *flow, struct tdb *tdb) flow->flow_next = tdb->tdb_flow; flow->flow_prev = (struct flow *) NULL; + tdb->tdb_flow = flow; + flow->flow_sa = tdb; if (flow->flow_next) diff --git a/sys/netinet/ip_ipsp.h b/sys/netinet/ip_ipsp.h index 916bd228738..4f5e25b4a50 100644 --- a/sys/netinet/ip_ipsp.h +++ b/sys/netinet/ip_ipsp.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ipsp.h,v 1.12 1997/07/14 08:46:38 provos Exp $ */ +/* $OpenBSD: ip_ipsp.h,v 1.13 1997/07/15 23:11:10 provos Exp $ */ /* * The author of this code is John Ioannidis, ji@tla.org, @@ -154,38 +154,10 @@ extern unsigned char ipseczeroes[]; /* * Names for IPsec sysctl objects */ -#define IPSECCTL_ENCAP 28 -#define IPSECCTL_MAXID 29 +#define IPSECCTL_ENCAP 0 +#define IPSECCTL_MAXID 1 #define CTL_IPSEC_NAMES {\ - { 0, 0 }, \ - { 0, 0 }, \ - { 0, 0 }, \ - { 0, 0 }, \ - { 0, 0 }, \ - { 0, 0 }, \ - { 0, 0 }, \ - { 0, 0 }, \ - { 0, 0 }, \ - { 0, 0 }, \ - { 0, 0 }, \ - { 0, 0 }, \ - { 0, 0 }, \ - { 0, 0 }, \ - { 0, 0 }, \ - { 0, 0 }, \ - { 0, 0 }, \ - { 0, 0 }, \ - { 0, 0 }, \ - { 0, 0 }, \ - { 0, 0 }, \ - { 0, 0 }, \ - { 0, 0 }, \ - { 0, 0 }, \ - { 0, 0 }, \ - { 0, 0 }, \ - { 0, 0 }, \ - { 0, 0 }, \ { "encap", CTLTYPE_NODE }, \ } |