diff options
| author | Markus Friedl <markus@cvs.openbsd.org> | 2004-04-14 20:10:05 +0000 |
|---|---|---|
| committer | Markus Friedl <markus@cvs.openbsd.org> | 2004-04-14 20:10:05 +0000 |
| commit | 7ec57e725e45f82e2adefdc6b568217a39cf0aba (patch) | |
| tree | a2ed389313b1dc8bcd073aafe52db889b6c9785d | |
| parent | 4687d940feb1d5604031e67a52ab93c976d4c87c (diff) | |
simpler ipsp_aux_match() API; ok henning, hshoexer
| -rw-r--r-- | sys/netinet/ip_ipsp.c | 48 | ||||
| -rw-r--r-- | sys/netinet/ip_ipsp.h | 9 | ||||
| -rw-r--r-- | sys/netinet/ip_spd.c | 31 |
3 files changed, 43 insertions, 45 deletions
diff --git a/sys/netinet/ip_ipsp.c b/sys/netinet/ip_ipsp.c index 3f439e0a11e..47b280610af 100644 --- a/sys/netinet/ip_ipsp.c +++ b/sys/netinet/ip_ipsp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ipsp.c,v 1.157 2004/03/31 10:21:37 henning Exp $ */ +/* $OpenBSD: ip_ipsp.c,v 1.158 2004/04/14 20:10:04 markus Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr), @@ -354,31 +354,36 @@ gettdbbysrcdst(u_int32_t spi, union sockaddr_union *src, * already established TDBs. */ int -ipsp_aux_match(struct ipsec_ref *tsrcid, struct ipsec_ref *psrcid, - struct ipsec_ref *tdstid, struct ipsec_ref *pdstid, - struct ipsec_ref *tlcred, struct ipsec_ref *plcred, - struct ipsec_ref *trcred, struct ipsec_ref *prcred, - struct sockaddr_encap *tfilter, struct sockaddr_encap *pfilter, - struct sockaddr_encap *tfiltermask, struct sockaddr_encap *pfiltermask) +ipsp_aux_match(struct tdb *tdb, + struct ipsec_ref *psrcid, + struct ipsec_ref *pdstid, + struct ipsec_ref *plcred, + struct ipsec_ref *prcred, + struct sockaddr_encap *pfilter, + struct sockaddr_encap *pfiltermask) { if (psrcid != NULL) - if (tsrcid == NULL || !ipsp_ref_match(tsrcid, psrcid)) + if (tdb->tdb_srcid == NULL || + !ipsp_ref_match(tdb->tdb_srcid, psrcid)) return 0; if (pdstid != NULL) - if (tdstid == NULL || !ipsp_ref_match(tdstid, pdstid)) + if (tdb->tdb_dstid == NULL || + !ipsp_ref_match(tdb->tdb_dstid, pdstid)) return 0; if (plcred != NULL) - if (tlcred == NULL || !ipsp_ref_match(tlcred, plcred)) + if (tdb->tdb_local_cred == NULL || + !ipsp_ref_match(tdb->tdb_local_cred, plcred)) return 0; if (prcred != NULL) - if (trcred == NULL || !ipsp_ref_match(trcred, prcred)) + if (tdb->tdb_remote_cred == NULL || + !ipsp_ref_match(tdb->tdb_remote_cred, prcred)) return 0; /* Check for filter matches. */ - if (tfilter->sen_type) { + if (tdb->tdb_filter.sen_type) { /* * XXX We should really be doing a subnet-check (see * whether the TDB-associated filter is a subset @@ -386,9 +391,10 @@ ipsp_aux_match(struct ipsec_ref *tsrcid, struct ipsec_ref *psrcid, * most problems (all this will do is make every * policy get its own SAs). */ - if (bcmp(tfilter, pfilter, sizeof(struct sockaddr_encap)) || - bcmp(tfiltermask, pfiltermask, - sizeof(struct sockaddr_encap))) + if (bcmp(&tdb->tdb_filter, pfilter, + sizeof(struct sockaddr_encap)) || + bcmp(&tdb->tdb_filtermask, pfiltermask, + sizeof(struct sockaddr_encap))) return 0; } @@ -418,10 +424,8 @@ gettdbbyaddr(union sockaddr_union *dst, u_int8_t sproto, ((tdbp->tdb_flags & TDBF_INVALID) == 0) && (!bcmp(&tdbp->tdb_dst, dst, SA_LEN(&dst->sa)))) { /* Do IDs and local credentials match ? */ - if (!ipsp_aux_match(tdbp->tdb_srcid, srcid, - tdbp->tdb_dstid, dstid, tdbp->tdb_local_cred, - local_cred, NULL, NULL, &tdbp->tdb_filter, filter, - &tdbp->tdb_filtermask, filtermask)) + if (!ipsp_aux_match(tdbp, srcid, dstid, + local_cred, NULL, filter, filtermask)) continue; break; } @@ -452,10 +456,8 @@ gettdbbysrc(union sockaddr_union *src, u_int8_t sproto, ((tdbp->tdb_flags & TDBF_INVALID) == 0) && (!bcmp(&tdbp->tdb_src, src, SA_LEN(&src->sa)))) { /* Check whether IDs match */ - if (!ipsp_aux_match(tdbp->tdb_srcid, dstid, - tdbp->tdb_dstid, srcid, NULL, NULL, NULL, NULL, - &tdbp->tdb_filter, filter, &tdbp->tdb_filtermask, - filtermask)) + if (!ipsp_aux_match(tdbp, dstid, srcid, NULL, NULL, + filter, filtermask)) continue; break; } diff --git a/sys/netinet/ip_ipsp.h b/sys/netinet/ip_ipsp.h index 60c29da701c..eff4092f7f3 100644 --- a/sys/netinet/ip_ipsp.h +++ b/sys/netinet/ip_ipsp.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ipsp.h,v 1.126 2004/01/22 14:38:28 markus Exp $ */ +/* $OpenBSD: ip_ipsp.h,v 1.127 2004/04/14 20:10:04 markus Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr), @@ -673,10 +673,9 @@ extern ssize_t ipsec_hdrsz(struct tdb *); extern void ipsec_adjust_mtu(struct mbuf *, u_int32_t); extern int ipsp_print_tdb(struct tdb *, char *, size_t); extern struct ipsec_acquire *ipsec_get_acquire(u_int32_t); -extern int ipsp_aux_match(struct ipsec_ref *, struct ipsec_ref *, - struct ipsec_ref *, struct ipsec_ref *, struct ipsec_ref *, - struct ipsec_ref *, struct ipsec_ref *, struct ipsec_ref *, - struct sockaddr_encap *, struct sockaddr_encap *, +extern int ipsp_aux_match(struct tdb *, + struct ipsec_ref *, struct ipsec_ref *, + struct ipsec_ref *, struct ipsec_ref *, struct sockaddr_encap *, struct sockaddr_encap *); #endif /* _KERNEL */ #endif /* _NETINET_IPSP_H_ */ diff --git a/sys/netinet/ip_spd.c b/sys/netinet/ip_spd.c index e6fc4b951d1..4928b0d9bb4 100644 --- a/sys/netinet/ip_spd.c +++ b/sys/netinet/ip_spd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_spd.c,v 1.47 2002/11/12 13:38:41 dhartmei Exp $ */ +/* $OpenBSD: ip_spd.c,v 1.48 2004/04/14 20:10:04 markus Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) * @@ -355,12 +355,10 @@ ipsp_spd_lookup(struct mbuf *m, int af, int hlen, int *error, int direction, ipo->ipo_tdb->tdb_dst.sa.sa_len)) goto nomatchout; - if (!ipsp_aux_match(ipo->ipo_tdb->tdb_srcid, - ipo->ipo_srcid, ipo->ipo_tdb->tdb_dstid, - ipo->ipo_dstid, ipo->ipo_tdb->tdb_local_cred, - ipo->ipo_local_cred, NULL, NULL, - &ipo->ipo_tdb->tdb_filter, &ipo->ipo_addr, - &ipo->ipo_tdb->tdb_filtermask, &ipo->ipo_mask)) + if (!ipsp_aux_match(ipo->ipo_tdb, + ipo->ipo_srcid, ipo->ipo_dstid, + ipo->ipo_local_cred, NULL, + &ipo->ipo_addr, &ipo->ipo_mask)) goto nomatchout; /* Cached entry is good. */ @@ -966,12 +964,11 @@ ipsp_spd_inp(struct mbuf *m, int af, int hlen, int *error, int direction, if (tdbp->tdb_sproto == inp->inp_ipo->ipo_sproto && !bcmp(&tdbp->tdb_src, &inp->inp_ipo->ipo_dst, SA_LEN(&tdbp->tdb_src.sa)) && - ipsp_aux_match(tdbp->tdb_srcid, - inp->inp_ipo->ipo_srcid, tdbp->tdb_dstid, - inp->inp_ipo->ipo_dstid, NULL, NULL, - NULL, NULL, &tdbp->tdb_filter, + ipsp_aux_match(tdbp, + inp->inp_ipo->ipo_srcid, + inp->inp_ipo->ipo_dstid, + NULL, NULL, &inp->inp_ipo->ipo_addr, - &tdbp->tdb_filtermask, &inp->inp_ipo->ipo_mask)) goto justreturn; else { @@ -992,11 +989,11 @@ ipsp_spd_inp(struct mbuf *m, int af, int hlen, int *error, int direction, tdbp->tdb_sproto == inp->inp_ipo->ipo_sproto && !bcmp(&tdbp->tdb_src, &inp->inp_ipo->ipo_dst, SA_LEN(&tdbp->tdb_src.sa)) && - ipsp_aux_match(tdbp->tdb_srcid, - inp->inp_ipo->ipo_srcid, tdbp->tdb_dstid, - inp->inp_ipo->ipo_dstid, NULL, NULL, - NULL, NULL, &tdbp->tdb_filter, - &inp->inp_ipo->ipo_addr, &tdbp->tdb_filtermask, + ipsp_aux_match(tdbp, + inp->inp_ipo->ipo_srcid, + inp->inp_ipo->ipo_dstid, + NULL, NULL, + &inp->inp_ipo->ipo_addr, &inp->inp_ipo->ipo_mask)) goto justreturn; |