diff options
author | Todd T. Fries <todd@cvs.openbsd.org> | 2006-05-28 20:58:25 +0000 |
---|---|---|
committer | Todd T. Fries <todd@cvs.openbsd.org> | 2006-05-28 20:58:25 +0000 |
commit | f72aea568f2c98c596901ee3d743a2998c7c3260 (patch) | |
tree | de3d7ff530df2e0fd3e9c958eb6d8541f44b0658 /sbin/ipsecctl | |
parent | 981effaf560041db6d968d027db9a965425f687f (diff) |
fill in AF_INET6 cases
this does not complete v6 support for ipsecctl, but makes progress
ok hshoexer@
Diffstat (limited to 'sbin/ipsecctl')
-rw-r--r-- | sbin/ipsecctl/ipsecctl.h | 3 | ||||
-rw-r--r-- | sbin/ipsecctl/pfkey.c | 91 |
2 files changed, 73 insertions, 21 deletions
diff --git a/sbin/ipsecctl/ipsecctl.h b/sbin/ipsecctl/ipsecctl.h index b354bd5a18a..1d01529923b 100644 --- a/sbin/ipsecctl/ipsecctl.h +++ b/sbin/ipsecctl/ipsecctl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsecctl.h,v 1.32 2006/05/27 17:21:40 hshoexer Exp $ */ +/* $OpenBSD: ipsecctl.h,v 1.33 2006/05/28 20:58:24 todd Exp $ */ /* * Copyright (c) 2004, 2005 Hans-Joerg Hoexer <hshoexer@openbsd.org> * @@ -182,5 +182,6 @@ int ipsecctl_add_rule(struct ipsecctl * ipsec, struct ipsec_rule *); void ipsecctl_get_rules(struct ipsecctl *); int ike_print_config(struct ipsec_rule *, int); int ike_ipsec_establish(int, struct ipsec_rule *); +void set_ipmask(struct ipsec_addr_wrap *, u_int8_t); #endif /* _IPSECCTL_H_ */ diff --git a/sbin/ipsecctl/pfkey.c b/sbin/ipsecctl/pfkey.c index 3418e74e4ea..e486cc6568b 100644 --- a/sbin/ipsecctl/pfkey.c +++ b/sbin/ipsecctl/pfkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfkey.c,v 1.36 2006/04/19 16:10:50 hshoexer Exp $ */ +/* $OpenBSD: pfkey.c,v 1.37 2006/05/28 20:58:24 todd Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> * Copyright (c) 2003, 2004 Markus Friedl <markus@openbsd.org> @@ -75,48 +75,58 @@ pfkey_flow(int sd, u_int8_t satype, u_int8_t action, u_int8_t direction, bzero(&ssrc, sizeof(ssrc)); bzero(&smask, sizeof(smask)); + ssrc.ss_family = smask.ss_family = src->af; switch (src->af) { case AF_INET: ((struct sockaddr_in *)&ssrc)->sin_addr = src->address.v4; ssrc.ss_len = sizeof(struct sockaddr_in); - ssrc.ss_family = AF_INET; ((struct sockaddr_in *)&smask)->sin_addr = src->mask.v4; break; case AF_INET6: + ((struct sockaddr_in6 *)&ssrc)->sin6_addr = src->address.v6; + ssrc.ss_len = sizeof(struct sockaddr_in6); + ((struct sockaddr_in6 *)&smask)->sin6_addr = src->mask.v6; + break; default: warnx("unsupported address family %d", src->af); return -1; } - smask.ss_family = ssrc.ss_family; smask.ss_len = ssrc.ss_len; bzero(&sdst, sizeof(sdst)); bzero(&dmask, sizeof(dmask)); + sdst.ss_family = dmask.ss_family = dst->af; switch (dst->af) { case AF_INET: ((struct sockaddr_in *)&sdst)->sin_addr = dst->address.v4; sdst.ss_len = sizeof(struct sockaddr_in); - sdst.ss_family = AF_INET; ((struct sockaddr_in *)&dmask)->sin_addr = dst->mask.v4; break; case AF_INET6: + ((struct sockaddr_in6 *)&sdst)->sin6_addr = dst->address.v6; + sdst.ss_len = sizeof(struct sockaddr_in6); + ((struct sockaddr_in6 *)&dmask)->sin6_addr = dst->mask.v6; + break; default: warnx("unsupported address family %d", dst->af); return -1; } - dmask.ss_family = sdst.ss_family; dmask.ss_len = sdst.ss_len; bzero(&slocal, sizeof(slocal)); if (local) { + slocal.ss_family = local->af; switch (local->af) { case AF_INET: ((struct sockaddr_in *)&slocal)->sin_addr = local->address.v4; slocal.ss_len = sizeof(struct sockaddr_in); - slocal.ss_family = AF_INET; break; case AF_INET6: + ((struct sockaddr_in6 *)&slocal)->sin6_addr = + local->address.v6; + slocal.ss_len = sizeof(struct sockaddr_in6); + break; default: warnx("unsupported address family %d", local->af); return -1; @@ -125,14 +135,18 @@ pfkey_flow(int sd, u_int8_t satype, u_int8_t action, u_int8_t direction, bzero(&speer, sizeof(speer)); if (peer) { + speer.ss_family = peer->af; switch (peer->af) { case AF_INET: ((struct sockaddr_in *)&speer)->sin_addr = peer->address.v4; speer.ss_len = sizeof(struct sockaddr_in); - speer.ss_family = AF_INET; break; case AF_INET6: + ((struct sockaddr_in6 *)&speer)->sin6_addr = + peer->address.v6; + speer.ss_len = sizeof(struct sockaddr_in6); + break; default: warnx("unsupported address family %d", peer->af); return -1; @@ -369,26 +383,32 @@ pfkey_sa(int sd, u_int8_t satype, u_int8_t action, u_int32_t spi, int iov_cnt, len, ret = 0; bzero(&ssrc, sizeof(ssrc)); + ssrc.ss_family = src->af; switch (src->af) { case AF_INET: ((struct sockaddr_in *)&ssrc)->sin_addr = src->address.v4; ssrc.ss_len = sizeof(struct sockaddr_in); - ssrc.ss_family = AF_INET; break; case AF_INET6: + ((struct sockaddr_in6 *)&ssrc)->sin6_addr = src->address.v6; + ssrc.ss_len = sizeof(struct sockaddr_in6); + break; default: warnx("unsupported address family %d", src->af); return -1; } bzero(&sdst, sizeof(sdst)); + sdst.ss_family = dst->af; switch (dst->af) { case AF_INET: ((struct sockaddr_in *)&sdst)->sin_addr = dst->address.v4; sdst.ss_len = sizeof(struct sockaddr_in); - sdst.ss_family = AF_INET; break; case AF_INET6: + ((struct sockaddr_in6 *)&sdst)->sin6_addr = dst->address.v6; + sdst.ss_len = sizeof(struct sockaddr_in6); + break; default: warnx("unsupported address family %d", dst->af); return -1; @@ -617,6 +637,7 @@ pfkey_parse(struct sadb_msg *msg, struct ipsec_rule *rule) struct sadb_ident *sident; struct sockaddr *sa; struct sockaddr_in *sa_in; + struct sockaddr_in6 *sa_in6; int len; switch (msg->sadb_msg_satype) { @@ -639,7 +660,7 @@ pfkey_parse(struct sadb_msg *msg, struct ipsec_rule *rule) for (ext = (struct sadb_ext *)(msg + 1); (size_t)((u_int8_t *)ext - (u_int8_t *)msg) < msg->sadb_msg_len * PFKEYV2_CHUNK && ext->sadb_ext_len > 0; - ext = (struct sadb_ext *)((u_int8_t *)ext + + ext = (struct sadb_ext *)((u_int8_t *)ext + ext->sadb_ext_len * PFKEYV2_CHUNK)) { switch (ext->sadb_ext_type) { case SADB_EXT_ADDRESS_SRC: @@ -650,13 +671,19 @@ pfkey_parse(struct sadb_msg *msg, struct ipsec_rule *rule) if (rule->local == NULL) err(1, "pfkey_parse: malloc"); + rule->local->af = sa->sa_family; switch (sa->sa_family) { case AF_INET: bcopy(&((struct sockaddr_in *)sa)->sin_addr, &rule->local->address.v4, sizeof(struct in_addr)); - rule->local->mask.addr32[0] = 0xffffffff; - rule->local->af = AF_INET; + set_ipmask(rule->local, 32); + break; + case AF_INET6: + bcopy(&((struct sockaddr_in6 *)sa)->sin6_addr, + &rule->local->address.v6, + sizeof(struct in6_addr)); + set_ipmask(rule->local, 128); break; default: return (1); @@ -672,13 +699,19 @@ pfkey_parse(struct sadb_msg *msg, struct ipsec_rule *rule) if (rule->peer == NULL) err(1, "pfkey_parse: malloc"); + rule->peer->af = sa->sa_family; switch (sa->sa_family) { case AF_INET: bcopy(&((struct sockaddr_in *)sa)->sin_addr, &rule->peer->address.v4, sizeof(struct in_addr)); - rule->peer->mask.addr32[0] = 0xffffffff; - rule->peer->af = AF_INET; + set_ipmask(rule->peer, 32); + break; + case AF_INET6: + bcopy(&((struct sockaddr_in6 *)sa)->sin6_addr, + &rule->peer->address.v6, + sizeof(struct in6_addr)); + set_ipmask(rule->peer, 128); break; default: return (1); @@ -778,12 +811,17 @@ pfkey_parse(struct sadb_msg *msg, struct ipsec_rule *rule) err(1, "pfkey_parse: calloc"); } + rule->src->af = sa->sa_family; switch (sa->sa_family) { case AF_INET: bcopy(&((struct sockaddr_in *)sa)->sin_addr, &rule->src->address.v4, sizeof(struct in_addr)); - rule->src->af = AF_INET; + break; + case AF_INET6: + bcopy(&((struct sockaddr_in6 *)sa)->sin6_addr, + &rule->src->address.v6, + sizeof(struct in6_addr)); break; default: return (1); @@ -801,14 +839,18 @@ pfkey_parse(struct sadb_msg *msg, struct ipsec_rule *rule) err(1, "pfkey_parse: calloc"); } + rule->dst->af = sa->sa_family; switch (sa->sa_family) { case AF_INET: bcopy(&((struct sockaddr_in *)sa)->sin_addr, &rule->dst->address.v4, sizeof(struct in_addr)); - rule->dst->af = AF_INET; break; - + case AF_INET6: + bcopy(&((struct sockaddr_in6 *)sa)->sin6_addr, + &rule->dst->address.v6, + sizeof(struct in6_addr)); + break; default: return (1); } @@ -826,12 +868,17 @@ pfkey_parse(struct sadb_msg *msg, struct ipsec_rule *rule) err(1, "pfkey_parse: calloc"); } + rule->src->af = sa->sa_family; switch (sa->sa_family) { case AF_INET: sa_in = (struct sockaddr_in *)sa; bcopy(&sa_in->sin_addr, &rule->src->mask.v4, sizeof(struct in_addr)); - rule->src->af = AF_INET; + break; + case AF_INET6: + sa_in6 = (struct sockaddr_in6 *)sa; + bcopy(&sa_in6->sin6_addr, &rule->src->mask.v6, + sizeof(struct in6_addr)); break; default: @@ -850,14 +897,18 @@ pfkey_parse(struct sadb_msg *msg, struct ipsec_rule *rule) err(1, "pfkey_parse: calloc"); } + rule->dst->af = sa->sa_family; switch (sa->sa_family) { case AF_INET: sa_in = (struct sockaddr_in *)sa; bcopy(&sa_in->sin_addr, &rule->dst->mask.v4, sizeof(struct in_addr)); - rule->dst->af = AF_INET; break; - + case AF_INET6: + sa_in6 = (struct sockaddr_in6 *)sa; + bcopy(&sa_in6->sin6_addr, &rule->dst->mask.v6, + sizeof(struct in6_addr)); + break; default: return (1); } |