src - OpenBSD base system

diff options


context:
space:
mode:

author	Hakan Olsson <ho@cvs.openbsd.org>	1999-08-10 11:38:14 +0000
committer	Hakan Olsson <ho@cvs.openbsd.org>	1999-08-10 11:38:14 +0000
commit	1b63af547fc61424806835cbd2c3bdfa4aa1a05a (patch)
tree	31a45040e0002f9d3d7e5fd89ad2b5fd91f70264
parent	6b9957a8038b645f5984d1b4eb10013c4ce17a19 (diff)

Support SADB_DUMP. Misc code cleanup. angelos@ ok.

Diffstat

-rw-r--r--

sys/net/pfkeyv2.c

280

1 files changed, 67 insertions, 213 deletions

diff --git a/sys/net/pfkeyv2.c b/sys/net/pfkeyv2.c
index 7b250783eb5..efbb1a123ff 100644
--- a/sys/net/pfkeyv2.c
+++ b/sys/net/pfkeyv2.c

@@ -100,7 +100,9 @@ int pfkeyv2_get(struct tdb *, void **, void **);

int pfkeyv2_release(struct socket *);

int pfkeyv2_send(struct socket *, void *, int);

int pfkeyv2_sendmessage(void **, int, struct socket *, u_int8_t, int);

+int pfkeyv2_dump_walker(struct tdb *, void *);

int pfkeyv2_flush_walker(struct tdb *, void *);

+int pfkeyv2_get_proto_alg(u_int8_t, u_int8_t *, int *);

#define EXTLEN(x) (((struct sadb_ext *)(x))->sadb_ext_len * sizeof(uint64_t))

#define PADUP(x) (((x) + sizeof(uint64_t) - 1) & ~(sizeof(uint64_t) - 1))

@@ -649,7 +651,6 @@ struct dump_state {

struct socket *socket;

};

-#if 0 /* XXX Need to add a tdb_walk routine for this to work */

int

pfkeyv2_dump_walker(struct tdb *sa, void *state)

{

@@ -672,18 +673,59 @@ pfkeyv2_dump_walker(struct tdb *sa, void *state)

return 0;

}

-#endif /* 0 */

int

-pfkeyv2_flush_walker(struct tdb *sa, void *xf_type_vp)

+pfkeyv2_flush_walker(struct tdb *sa, void *satype_vp)

{

- if (!(*((u_short *)xf_type_vp)) ||

- sa->tdb_xform->xf_type == *((u_short *)xf_type_vp))

+ if (!(*((u_int8_t *)satype_vp)) ||

+ sa->tdb_satype == *((u_int8_t *)satype_vp))

tdb_delete(sa, 0, 0);

return 0;

}

int

+pfkeyv2_get_proto_alg(u_int8_t satype, u_int8_t *sproto, int *alg)

+ switch (satype) {

+ case SADB_SATYPE_AH:

+ case SADB_X_SATYPE_AH_OLD:

+ if (!ah_enable)

+ return EOPNOTSUPP;

+ *sproto = IPPROTO_AH;

+ if(alg != NULL)

+ *alg = satype == SADB_SATYPE_AH ? XF_NEW_AH : XF_OLD_AH;

+ break;

+ case SADB_SATYPE_ESP:

+ case SADB_X_SATYPE_ESP_OLD:

+ if (!esp_enable)

+ return EOPNOTSUPP;

+ *sproto = IPPROTO_ESP;

+ if(alg != NULL)

+ *alg = satype == SADB_SATYPE_ESP ? XF_NEW_ESP : XF_OLD_ESP;

+ break;

+ case SADB_X_SATYPE_IPIP:

+ *sproto = IPPROTO_IPIP;

+ if (alg != NULL)

+ *alg = XF_IP4;

+ break;

+#ifdef TCP_SIGNATURE

+ case SADB_X_SATYPE_TCPSIGNATURE:

+ *sproto = IPPROTO_TCP;

+ if (alg != NULL)

+ *alg = XF_TCPSIGNATURE;

+ break;

+#endif /* TCP_SIGNATURE */

+ default: /* Nothing else supported */

+ return EOPNOTSUPP;

+ }

+ return 0;

+int

pfkeyv2_send(struct socket *socket, void *message, int len)

{

void *headers[SADB_EXT_MAX + 1];

@@ -747,54 +789,10 @@ pfkeyv2_send(struct socket *socket, void *message, int len)

case SADB_GETSPI:

bzero(&sa, sizeof(struct tdb));

- switch (((struct sadb_msg *)headers[0])->sadb_msg_satype) {

- case SADB_SATYPE_AH:

- if (!ah_enable) {

- rval = EOPNOTSUPP;

- goto ret;

- }

- sa.tdb_sproto = IPPROTO_AH;

- break;

- case SADB_SATYPE_ESP:

- if (!esp_enable) {

- rval = EOPNOTSUPP;

- goto ret;

- }

- sa.tdb_sproto = IPPROTO_ESP;

- break;

- case SADB_X_SATYPE_AH_OLD:

- if (!ah_enable) {

- rval = EOPNOTSUPP;

- goto ret;

- }

- sa.tdb_sproto = IPPROTO_AH;

- break;

- case SADB_X_SATYPE_ESP_OLD:

- if (!esp_enable) {

- rval = EOPNOTSUPP;

- goto ret;

- }

- sa.tdb_sproto = IPPROTO_ESP;

- break;

- case SADB_X_SATYPE_IPIP:

- sa.tdb_sproto = IPPROTO_IPIP;

- break;

-#ifdef TCP_SIGNATURE

- case SADB_X_SATYPE_TCPSIGNATURE:

- sa.tdb_sproto = IPPROTO_TCP;

- break;

-#endif /* TCP_SIGNATURE */

+ sa.tdb_satype = ((struct sadb_msg *)headers[0])->sadb_msg_satype;

+ if ((rval = pfkeyv2_get_proto_alg(sa.tdb_satype, &sa.tdb_sproto, 0)))

+ goto ret;

- default: /* Nothing else supported */

- rval = EOPNOTSUPP;

- goto ret;

- }

import_address((struct sockaddr *)&sa.tdb_src,

headers[SADB_EXT_ADDRESS_SRC]);

import_address((struct sockaddr *)&sa.tdb_dst,

@@ -836,59 +834,11 @@ pfkeyv2_send(struct socket *socket, void *message, int len)

bzero(freeme, sizeof(struct tdb));

newsa = (struct tdb *)freeme;

bzero(&ii, sizeof(struct ipsecinit));

- switch (((struct sadb_msg *)headers[0])->sadb_msg_satype) {

- case SADB_SATYPE_AH:

- if (!ah_enable) {

- rval = EOPNOTSUPP;

- goto splxret;

- }

- newsa->tdb_sproto = IPPROTO_AH;

- alg = XF_NEW_AH;

- break;

- case SADB_SATYPE_ESP:

- if (!esp_enable) {

- rval = EOPNOTSUPP;

- goto splxret;

- }

- newsa->tdb_sproto = IPPROTO_ESP;

- alg = XF_NEW_ESP;

- break;

- case SADB_X_SATYPE_AH_OLD:

- if (!ah_enable) {

- rval = EOPNOTSUPP;

- goto splxret;

- }

- newsa->tdb_sproto = IPPROTO_AH;

- alg = XF_OLD_AH;

- break;

- case SADB_X_SATYPE_ESP_OLD:

- if (!esp_enable) {

- rval = EOPNOTSUPP;

- goto splxret;

- }

- newsa->tdb_sproto = IPPROTO_ESP;

- alg = XF_OLD_ESP;

- break;

- case SADB_X_SATYPE_IPIP:

- newsa->tdb_sproto = IPPROTO_IPIP;

- alg = XF_IP4;

- break;

-#ifdef TCP_SIGNATURE

- case SADB_X_SATYPE_TCPSIGNATURE:

- newsa->tdb_sproto = IPPROTO_TCP;

- alg = XF_TCPSIGNATURE;

- break;

-#endif /* TCP_SIGNATURE */

- default: /* Nothing else supported */

- rval = EOPNOTSUPP;

- goto splxret;

- }

+ newsa->tdb_satype = ((struct sadb_msg *)headers[0])->sadb_msg_satype;

+ if ((rval = pfkeyv2_get_proto_alg(newsa->tdb_satype,

+ &newsa->tdb_sproto, &alg)))

+ goto splxret;

import_sa(newsa, headers[SADB_EXT_SA], &ii);

import_address((struct sockaddr *)&newsa->tdb_src,

@@ -969,59 +919,11 @@ pfkeyv2_send(struct socket *socket, void *message, int len)

int alg;

bzero(&ii, sizeof(struct ipsecinit));

- switch (((struct sadb_msg *)headers[0])->sadb_msg_satype) {

- case SADB_SATYPE_AH:

- if (!ah_enable) {

- rval = EOPNOTSUPP;

- goto splxret;

- }

- newsa->tdb_sproto = IPPROTO_AH;

- alg = XF_NEW_AH;

- break;

- case SADB_SATYPE_ESP:

- if (!esp_enable) {

- rval = EOPNOTSUPP;

- goto splxret;

- }

- newsa->tdb_sproto = IPPROTO_ESP;

- alg = XF_NEW_ESP;

- break;

- case SADB_X_SATYPE_AH_OLD:

- if (!ah_enable) {

- rval = EOPNOTSUPP;

- goto splxret;

- }

- newsa->tdb_sproto = IPPROTO_AH;

- alg = XF_OLD_AH;

- break;

- case SADB_X_SATYPE_ESP_OLD:

- if (!esp_enable) {

- rval = EOPNOTSUPP;

- goto splxret;

- }

- newsa->tdb_sproto = IPPROTO_ESP;

- alg = XF_OLD_ESP;

- break;

- case SADB_X_SATYPE_IPIP:

- newsa->tdb_sproto = IPPROTO_IPIP;

- alg = XF_IP4;

- break;

-#ifdef TCP_SIGNATURE

- case SADB_X_SATYPE_TCPSIGNATURE:

- newsa->tdb_sproto = IPPROTO_TCP;

- alg = XF_TCPSIGNATURE;

- break;

-#endif /* TCP_SIGNATURE */

- default: /* Nothing else supported */

- rval = EOPNOTSUPP;

- goto splxret;

- }

+ newsa->tdb_satype = ((struct sadb_msg *)headers[0])->sadb_msg_satype;

+ if ((rval == pfkeyv2_get_proto_alg(newsa->tdb_satype,

+ &newsa->tdb_sproto, &alg)))

+ goto splxret;

import_sa(newsa, headers[SADB_EXT_SA], &ii);

import_address((struct sockaddr *)&newsa->tdb_src,

@@ -1137,37 +1039,20 @@ pfkeyv2_send(struct socket *socket, void *message, int len)

switch(((struct sadb_msg *)headers[0])->sadb_msg_satype)

{

case SADB_SATYPE_UNSPEC:

- i = 0;

- break;

case SADB_SATYPE_AH:

- i = XF_NEW_AH;

- break;

case SADB_SATYPE_ESP:

- i = XF_NEW_ESP;

- break;

case SADB_X_SATYPE_AH_OLD:

- i = XF_OLD_AH;

- break;

case SADB_X_SATYPE_ESP_OLD:

- i = XF_OLD_ESP;

- break;

case SADB_X_SATYPE_IPIP:

- i = XF_IP4;

- break;

-#if 0 /* Not yet */

+#ifdef TCP_SIGNATURE

case SADB_X_SATYPE_TCPSIGNATURE:

- i = XF_TCPSIGNATURE;

- break;

-#endif

- default:

- rval = EINVAL; /* Unknown/unsupported type */

- }

- if (!rval)

- {

+#endif /* TCP_SIGNATURE */

s = spltdb();

- tdb_walk(pfkeyv2_flush_walker, (u_short *)&i);

+ tdb_walk(pfkeyv2_flush_walker,

+ (u_int8_t *)&(((struct sadb_msg *)headers[0])->sadb_msg_satype));

goto splxret;

+ default:

+ rval = EINVAL; /* Unknown/unsupported type */

}

break;

}

@@ -1178,10 +1063,8 @@ pfkeyv2_send(struct socket *socket, void *message, int len)

dump_state.sadb_msg = (struct sadb_msg *)headers[0];

dump_state.socket = socket;

-#if 0 /* notyet */

if (!(rval = tdb_walk(pfkeyv2_dump_walker, &dump_state)))

goto realret;

-#endif

if ((rval == ENOMEM) || (rval == ENOBUFS))

rval = 0;

@@ -1718,28 +1601,7 @@ pfkeyv2_acquire(struct tdb *tdb, int rekey)

((struct sadb_msg *)headers[0])->sadb_msg_type = SADB_ACQUIRE;

((struct sadb_msg *)headers[0])->sadb_msg_len = i / sizeof(uint64_t);

((struct sadb_msg *)headers[0])->sadb_msg_seq = pfkeyv2_seq++;

- j = tdb->tdb_xform->xf_type;

- switch (j)

- {

- case XF_OLD_AH:

- j = SADB_X_SATYPE_AH_OLD;

- break;

- case XF_OLD_ESP:

- j = SADB_X_SATYPE_ESP_OLD;

- break;

- case XF_NEW_AH:

- j = SADB_SATYPE_AH;

- break;

- case XF_NEW_ESP:

- j = SADB_SATYPE_ESP;

- break;

- }

- ((struct sadb_msg *)headers[0])->sadb_msg_satype = j;

+ ((struct sadb_msg *)headers[0])->sadb_msg_satype = tdb->tdb_satype;

headers[SADB_EXT_ADDRESS_SRC] = p;

p += sizeof(struct sadb_address) + PADUP(SA_LEN(&tdb->tdb_src.sa));

@@ -1860,24 +1722,16 @@ pfkeyv2_expire(struct tdb *sa, u_int16_t type)

{

int rval = 0;

int i;

- u_int8_t satype;

void *p, *headers[SADB_EXT_MAX+1], *buffer = NULL;

switch (sa->tdb_sproto) {

case IPPROTO_AH:

- satype = sa->tdb_xform->xf_type == XF_OLD_AH ? SADB_X_SATYPE_AH_OLD : SADB_SATYPE_AH;

- break;

case IPPROTO_ESP:

- satype = sa->tdb_xform->xf_type == XF_OLD_ESP ? SADB_X_SATYPE_ESP_OLD : SADB_SATYPE_ESP;

- break;

case IPPROTO_IPIP:

- satype = SADB_X_SATYPE_IPIP;

- break;

#ifdef TCP_SIGNATURE

case IPPROTO_TCP:

- satype = SADB_X_SATYPE_TCPSIGNATURE;

- break;

#endif /* TCP_SIGNATURE */

+ break;

default:

rval = EOPNOTSUPP;

goto ret;

@@ -1902,7 +1756,7 @@ pfkeyv2_expire(struct tdb *sa, u_int16_t type)

p += sizeof(struct sadb_msg);

((struct sadb_msg *)headers[0])->sadb_msg_version = PF_KEY_V2;

((struct sadb_msg *)headers[0])->sadb_msg_type = SADB_EXPIRE;

- ((struct sadb_msg *)headers[0])->sadb_msg_satype = satype;

+ ((struct sadb_msg *)headers[0])->sadb_msg_satype = sa->tdb_satype;

((struct sadb_msg *)headers[0])->sadb_msg_len = i / sizeof(uint64_t);

((struct sadb_msg *)headers[0])->sadb_msg_seq = pfkeyv2_seq++;