summaryrefslogtreecommitdiff
path: root/sbin
diff options
context:
space:
mode:
authorNiels Provos <provos@cvs.openbsd.org>2000-12-11 20:32:16 +0000
committerNiels Provos <provos@cvs.openbsd.org>2000-12-11 20:32:16 +0000
commitcd40f5ad40cd4912648f1cb155bf3167202ddc89 (patch)
tree899be9d91efe2a2e54f34007cf0f464d7093af92 /sbin
parent99d6fb1f5b489b0e62fcb603c5f6fbeeb11d37fb (diff)
remove lots of unnecssary code, on the way to new spd framework.
Diffstat (limited to 'sbin')
-rw-r--r--sbin/photurisd/config.c43
-rw-r--r--sbin/photurisd/config.h4
-rw-r--r--sbin/photurisd/handle_identity_request.c4
-rw-r--r--sbin/photurisd/handle_identity_response.c4
-rw-r--r--sbin/photurisd/handle_spi_update.c4
-rw-r--r--sbin/photurisd/kernel.c551
-rw-r--r--sbin/photurisd/kernel.h8
-rw-r--r--sbin/photurisd/photurisd.839
-rw-r--r--sbin/photurisd/photurisd.c11
-rw-r--r--sbin/photurisd/server.c5
-rw-r--r--sbin/photurisd/spi.c20
-rw-r--r--sbin/photurisd/spi.h6
-rw-r--r--sbin/photurisd/state.c4
-rw-r--r--sbin/photurisd/state.h5
14 files changed, 57 insertions, 651 deletions
diff --git a/sbin/photurisd/config.c b/sbin/photurisd/config.c
index 245dcfaa104..d4fdd10f9f3 100644
--- a/sbin/photurisd/config.c
+++ b/sbin/photurisd/config.c
@@ -33,7 +33,7 @@
*/
#ifndef lint
-static char rcsid[] = "$Id: config.c,v 1.2 2000/12/11 02:16:50 provos Exp $";
+static char rcsid[] = "$Id: config.c,v 1.3 2000/12/11 20:32:14 provos Exp $";
#endif
#define _CONFIG_C_
@@ -644,40 +644,6 @@ startup_parse(struct stateob *st, char *p2)
continue;
}
}
- } else if (!strncmp(p, OPT_TSRC, strlen(OPT_TSRC))) {
- p = strsep(&p3, "/");
- if (p == NULL || p3 == NULL) {
- log_error(0, "tsrc missing addr/mask in startup_parse()");
- continue;
- }
- if ((st->isrc = inet_addr(p)) == -1) {
- log_error(0, "invalid tsrc addr %s in startup_parse()",
- p);
- continue;
- }
- if ((st->ismask = inet_addr(p3)) == -1 &&
- strcmp(p3, "255.255.255.255")) {
- log_error(0, "invalid tsrc mask %s in startup_parse()",
- p3);
- st->isrc = -1;
- continue;
- }
- } else if (!strncmp(p, OPT_TDST, strlen(OPT_TDST))) {
- p = strsep(&p3, "/");
- if (p == NULL || p3 == NULL) {
- log_error(0, "tdst missing addr/mask in startup_parse()");
- continue;
- }
- if ((st->idst = inet_addr(p)) == -1) {
- log_error(0, "invalid tdst addr %s in startup_parse()", p);
- continue;
- }
- if ((st->idmask = inet_addr(p3)) == -1 &&
- strcmp(p3, "255.255.255.255")) {
- log_error(0, "invalid tdst mask %s in startup_parse()", p3);
- st->idst = -1;
- continue;
- }
}
}
}
@@ -697,9 +663,6 @@ startup_end(struct stateob *st)
if (st->flags == 0)
st->flags = IPSEC_OPT_ENC | IPSEC_OPT_AUTH;
- if (st->isrc != -1 && st->idst != -1 && st->isrc && st->idst)
- st->flags |= IPSEC_OPT_TUNNEL;
-
#ifdef DEBUG
printf("Starting exchange with: %s:%d and options:",
st->address, st->port);
@@ -707,10 +670,6 @@ startup_end(struct stateob *st)
printf("%s ", OPT_ENC);
if (st->flags & IPSEC_OPT_AUTH)
printf("%s ", OPT_AUTH);
- if (st->flags & IPSEC_OPT_TUNNEL)
- printf("(tunnel mode) ");
- else
- printf("(transport mode) ");
if (st->user != NULL)
printf("for user %s", st->user);
printf("\n");
diff --git a/sbin/photurisd/config.h b/sbin/photurisd/config.h
index 8eb1cc493e5..3feae374af3 100644
--- a/sbin/photurisd/config.h
+++ b/sbin/photurisd/config.h
@@ -27,7 +27,7 @@
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-/* $Id: config.h,v 1.1 1998/11/14 23:37:22 deraadt Exp $ */
+/* $Id: config.h,v 1.2 2000/12/11 20:32:15 provos Exp $ */
/*
* config.h:
* handling config
@@ -96,8 +96,6 @@ void reconfig(int sig);
# define OPT_ENC "enc"
# define OPT_AUTH "auth"
#define OPT_USER "user"
-#define OPT_TSRC "tsrc"
-#define OPT_TDST "tdst"
struct cfgx {
struct cfgx *next;
diff --git a/sbin/photurisd/handle_identity_request.c b/sbin/photurisd/handle_identity_request.c
index b25a4bf7c1b..3d3b1fd329d 100644
--- a/sbin/photurisd/handle_identity_request.c
+++ b/sbin/photurisd/handle_identity_request.c
@@ -33,7 +33,7 @@
*/
#ifndef lint
-static char rcsid[] = "$Id: handle_identity_request.c,v 1.1 1998/11/14 23:37:23 deraadt Exp $";
+static char rcsid[] = "$Id: handle_identity_request.c,v 1.2 2000/12/11 20:32:15 provos Exp $";
#endif
#include <stdio.h>
@@ -327,8 +327,6 @@ handle_identity_request(u_char *packet, int size, char *address,
/* Make session keys for User */
make_session_keys(st, spi);
- spi_set_tunnel(st, spi);
-
spi_insert(spi);
#ifdef IPSEC
kernel_insert_spi(st, spi);
diff --git a/sbin/photurisd/handle_identity_response.c b/sbin/photurisd/handle_identity_response.c
index d3618e4aa60..4378fb4de09 100644
--- a/sbin/photurisd/handle_identity_response.c
+++ b/sbin/photurisd/handle_identity_response.c
@@ -34,7 +34,7 @@
*/
#ifndef lint
-static char rcsid[] = "$Id: handle_identity_response.c,v 1.1 1998/11/14 23:37:24 deraadt Exp $";
+static char rcsid[] = "$Id: handle_identity_response.c,v 1.2 2000/12/11 20:32:15 provos Exp $";
#endif
#include <stdio.h>
@@ -274,8 +274,6 @@ handle_identity_response(u_char *packet, int size, char *address,
/* Session keys for User */
make_session_keys(st, spi);
- spi_set_tunnel(st, spi);
-
spi_insert(spi);
#ifdef IPSEC
kernel_insert_spi(st, spi);
diff --git a/sbin/photurisd/handle_spi_update.c b/sbin/photurisd/handle_spi_update.c
index a0dd91725cb..401d8f808d0 100644
--- a/sbin/photurisd/handle_spi_update.c
+++ b/sbin/photurisd/handle_spi_update.c
@@ -34,7 +34,7 @@
*/
#ifndef lint
-static char rcsid[] = "$Id: handle_spi_update.c,v 1.2 1999/03/27 21:18:00 provos Exp $";
+static char rcsid[] = "$Id: handle_spi_update.c,v 1.3 2000/12/11 20:32:15 provos Exp $";
#endif
#include <stdio.h>
@@ -176,8 +176,6 @@ handle_spi_update(u_char *packet, int size, char *address,
bcopy(st->icookie, spi->icookie, COOKIE_SIZE);
spi->lifetime = time(NULL) + lifetime;
- spi_set_tunnel(st, spi);
-
make_session_keys(st, spi);
spi_insert(spi);
diff --git a/sbin/photurisd/kernel.c b/sbin/photurisd/kernel.c
index fba0e02469e..71e19885ffe 100644
--- a/sbin/photurisd/kernel.c
+++ b/sbin/photurisd/kernel.c
@@ -39,7 +39,7 @@
*/
#ifndef lint
-static char rcsid[] = "$Id: kernel.c,v 1.8 2000/12/11 02:16:50 provos Exp $";
+static char rcsid[] = "$Id: kernel.c,v 1.9 2000/12/11 20:32:15 provos Exp $";
#endif
#include <time.h>
@@ -170,7 +170,7 @@ kernel_valid(attrib_t *enc, attrib_t *auth)
return AT_ENC;
if (!(xf_auth->flags & ESP_NEW))
return AT_AUTH;
- return 0;
+ return (0);
}
/*
@@ -185,7 +185,7 @@ kernel_valid_auth(attrib_t *auth, u_int8_t *flag, u_int16_t size)
transform *xf_auth = kernel_get_transform(auth->id);
if (xf_auth == NULL)
- return -1; /* We don't know this attribute */
+ return (-1); /* We don't know this attribute */
for (i=0; i<size; i++) {
switch (flag[i]) {
@@ -198,11 +198,11 @@ kernel_valid_auth(attrib_t *auth, u_int8_t *flag, u_int16_t size)
}
if (!hmac && !(xf_auth->flags & AH_OLD))
- return -1;
+ return (-1);
if (hmac && !(xf_auth->flags & AH_NEW))
- return -1;
+ return (-1);
- return 0;
+ return (0);
}
int
@@ -219,7 +219,7 @@ init_kernel(void)
if (kernel_register(regsd) == -1)
crit_error(0, "PFKEY socket registration failed in init_kernel()");
- return 1;
+ return (1);
}
int
@@ -262,12 +262,12 @@ kernel_xf_set(int sd, char *buffer, int blen, struct iovec *iov,
if (writev(sd, iov, cnt) != len) {
perror("writev() in kernel_xf_set()");
- return 0;
+ return (0);
}
if (buffer)
return kernel_xf_read(sd, buffer, blen, seq);
- return 1;
+ return (1);
}
int
@@ -284,16 +284,16 @@ kernel_xf_read(int sd, char *buffer, int blen, int seq)
do {
if (recv(sd, sres, sizeof(*sres), MSG_PEEK) != sizeof(*sres)) {
perror("read() in kernel_xf_read()");
- return 0;
+ return (0);
}
len = sres->sadb_msg_len * 8;
if (len >= BUFFER_SIZE) {
log_error(0, "PFKEYV2 message len %d too big in kernel_xf_read()", len);
- return 0;
+ return (0);
}
if (read(sd, sres, len) != len) {
perror("read() in kernel_xf_read()");
- return 0;
+ return (0);
}
} while (seq && (sres->sadb_msg_seq != seq ||
(sres->sadb_msg_pid && sres->sadb_msg_pid != pfkey_pid)
@@ -302,13 +302,13 @@ kernel_xf_read(int sd, char *buffer, int blen, int seq)
if (sres->sadb_msg_errno) {
log_error(0, "kernel_xf_read: PFKEYV2 result: %s",
strerror(sres->sadb_msg_errno));
- return 0;
+ return (0);
}
if (sres->sadb_msg_pid && sres->sadb_msg_pid != pfkey_pid)
return (0);
- return 1;
+ return (1);
}
int
@@ -338,7 +338,7 @@ kernel_register(int sd)
if (!kernel_xf_set(regsd, buffer, BUFFER_SIZE, iov, cnt,
smsg.sadb_msg_len*8)) {
log_error(1, "kernel_xf_set() in kernel_reserve_single_spi()");
- return -1;
+ return (-1);
}
/* Register for ESP */
@@ -347,7 +347,7 @@ kernel_register(int sd)
if (!kernel_xf_set(regsd, buffer, BUFFER_SIZE, iov, cnt,
smsg.sadb_msg_len*8)) {
log_error(1, "kernel_xf_set() in kernel_reserve_single_spi()");
- return -1;
+ return (-1);
}
/*
@@ -361,14 +361,14 @@ kernel_register(int sd)
log_error(0, "SADB_REGISTER did not return a SADB_EXT_SUPORTED "
"struct: %d in kernel_register()",
ssup->sadb_supported_exttype);
- return -1;
+ return (-1);
}
len = ssup->sadb_supported_len * 8 - sizeof(*ssup);
if (len != (ssup->sadb_supported_nauth + ssup->sadb_supported_nencrypt) *
sizeof(struct sadb_alg)) {
log_error(0, "SADB_SUPPORTED length mismatch in kernel_register()");
- return -1;
+ return (-1);
}
salg = (struct sadb_alg *)(ssup + 1);
@@ -377,7 +377,7 @@ kernel_register(int sd)
for (cnt = 0; cnt < ssup->sadb_supported_nencrypt; cnt++, salg++)
kernel_transform_seen(salg->sadb_alg_type, XF_ENC);
- return 0;
+ return (0);
}
u_int32_t
@@ -491,7 +491,7 @@ kernel_reserve_single_spi(char *srcaddress, char *dstaddress, u_int32_t spi,
if (!KERNEL_XF_SET(smsg.sadb_msg_len*8)) {
log_error(1, "kernel_xf_set() in kernel_reserve_single_spi()");
- return 0;
+ return (0);
}
sres = (struct sadb_msg *)buffer;
@@ -499,7 +499,7 @@ kernel_reserve_single_spi(char *srcaddress, char *dstaddress, u_int32_t spi,
if (ssa->sadb_sa_exttype != SADB_EXT_SA) {
log_error(0, "SADB_GETSPI did not return a SADB_EXT_SA struct: %d",
ssa->sadb_sa_exttype);
- return 0;
+ return (0);
}
return ntohl(ssa->sadb_sa_spi);
@@ -523,7 +523,7 @@ kernel_ah(attrib_t *ob, struct spiob *SPI, u_int8_t *secrets, int hmac)
if (xf == NULL || !(xf->flags & XF_AUTH)) {
log_error(0, "%d is not an auth transform in kernel_ah()", ob->id);
- return -1;
+ return (-1);
}
bzero(&sa, sizeof(sa));
@@ -580,8 +580,6 @@ kernel_ah(attrib_t *ob, struct spiob *SPI, u_int8_t *secrets, int hmac)
sr.sadb_sa_state = SADB_SASTATE_MATURE;
sr.sadb_sa_auth = xf->kernel_id;
sr.sadb_sa_encrypt = 0;
- if (SPI->flags & SPI_TUNNEL)
- sr.sadb_sa_flags |= SADB_X_SAFLAGS_TUNNEL;
if (!hmac)
sr.sadb_sa_flags |= SADB_X_SAFLAGS_NOREPLAY;
sa.sadb_msg_len += sr.sadb_sa_len;
@@ -610,13 +608,11 @@ kernel_ah(attrib_t *ob, struct spiob *SPI, u_int8_t *secrets, int hmac)
iov[cnt].iov_base = secrets;
len += iov[cnt++].iov_len = ((ob->klen + 7) / 8) * 8;
- kernel_debug(("kernel_ah: %08x. %s-Mode\n",
- ntohl(sr.sadb_sa_spi),
- SPI->flags & SPI_TUNNEL ? "Tunnel" : "Transport"));
+ kernel_debug(("kernel_ah: %08x\n", ntohl(sr.sadb_sa_spi)));
if (!KERNEL_XF_SET(len)) {
log_error(1, "kernel_xf_set() in kernel_ah()");
- return -1;
+ return (-1);
}
return ob->klen;
}
@@ -643,7 +639,7 @@ kernel_esp(attrib_t *ob, attrib_t *ob2, struct spiob *SPI, u_int8_t *secrets)
if (ob->type & AT_AUTH) {
if (ob2 == NULL || ob2->type != AT_ENC) {
log_error(0, "No encryption after auth given in kernel_esp()");
- return -1;
+ return (-1);
}
attenc = ob2;
attauth = ob;
@@ -658,13 +654,13 @@ kernel_esp(attrib_t *ob, attrib_t *ob2, struct spiob *SPI, u_int8_t *secrets)
}
} else {
log_error(0, "No encryption transform given in kernel_esp()");
- return -1;
+ return (-1);
}
xf_enc = kernel_get_transform(attenc->id);
if ((xf_enc->flags & ESP_OLD) && attauth != NULL) {
log_error(0, "Old ESP does not support AH in kernel_esp()");
- return -1;
+ return (-1);
}
if (attauth != NULL)
@@ -703,8 +699,6 @@ kernel_esp(attrib_t *ob, attrib_t *ob2, struct spiob *SPI, u_int8_t *secrets)
sr.sadb_sa_flags |= SADB_X_SAFLAGS_RANDOMPADDING;
sr.sadb_sa_flags |= SADB_X_SAFLAGS_NOREPLAY;
}
- if (SPI->flags & SPI_TUNNEL)
- sr.sadb_sa_flags |= SADB_X_SAFLAGS_TUNNEL;
sa.sadb_msg_len += sr.sadb_sa_len;
iov[cnt].iov_base = &sr;
@@ -771,414 +765,16 @@ kernel_esp(attrib_t *ob, attrib_t *ob2, struct spiob *SPI, u_int8_t *secrets)
iov[cnt++].iov_len = ((attauth->klen + 7) / 8) * 8;
}
- kernel_debug(("kernel_esp: %08x. %s-Mode\n",
- ntohl(sr.sadb_sa_spi),
- SPI->flags & SPI_TUNNEL ? "Tunnel" : "Transport"));
+ kernel_debug(("kernel_esp: %08x\n", ntohl(sr.sadb_sa_spi)));
if (!KERNEL_XF_SET(sa.sadb_msg_len * 8)) {
log_error(1, "kernel_xf_set() in kernel_esp()");
- return -1;
+ return (-1);
}
return attenc->klen + (attauth ? attauth->klen : 0);
}
-/* Group an ESP SPI with an AH SPI */
-
-int
-kernel_group_spi(char *address, u_int8_t *spi)
-{
-#ifndef OPENBSD_IPSEC_API_VERSION
- struct sadb_msg smsg;
- struct sadb_sa sa, sa2;
- struct sadb_address sad1, sad2;
- struct sadb_protocol sproto;
- union sockaddr_union dst1, dst2;
- struct iovec iov[8];
- int cnt = 0;
- u_int32_t SPI;
-
- SPI = SPITOINT(spi);
-
- bzero(&smsg, sizeof(smsg));
- bzero(&sa, sizeof(sa));
- bzero(&sa2, sizeof(sa2));
- bzero(&sad1, sizeof(sad1));
- bzero(&sad2, sizeof(sad2));
- bzero(&dst1, sizeof(dst1));
- bzero(&dst2, sizeof(dst2));
-
- smsg.sadb_msg_version = PF_KEY_V2;
- smsg.sadb_msg_seq = pfkey_seq++;
- smsg.sadb_msg_pid = pfkey_pid;
- smsg.sadb_msg_type = SADB_X_GRPSPIS;
- smsg.sadb_msg_satype = SADB_SATYPE_ESP;
- smsg.sadb_msg_len = sizeof(smsg) / 8;
-
- iov[cnt].iov_base = &smsg;
- iov[cnt++].iov_len = sizeof(smsg);
-
- sa.sadb_sa_len = sizeof(sa) / 8;
- sa.sadb_sa_exttype = SADB_EXT_SA;
- sa.sadb_sa_spi = htonl(SPI);
- sa.sadb_sa_state = SADB_SASTATE_MATURE;
- smsg.sadb_msg_len += sa.sadb_sa_len;
-
- iov[cnt].iov_base = &sa;
- iov[cnt++].iov_len = sizeof(sa);
-
- sa2.sadb_sa_len = sizeof(sa2) / 8;
- sa2.sadb_sa_exttype = SADB_X_EXT_SA2;
- sa2.sadb_sa_spi = htonl(SPI);
- sa2.sadb_sa_state = SADB_SASTATE_MATURE;
- smsg.sadb_msg_len += sa2.sadb_sa_len;
-
- iov[cnt].iov_base = &sa2;
- iov[cnt++].iov_len = sizeof(sa2);
-
- sad1.sadb_address_len = (sizeof(sad1) + sizeof(struct sockaddr_in)) / 8;
- sad1.sadb_address_exttype = SADB_EXT_ADDRESS_DST;
- iov[cnt].iov_base = &sad1;
- iov[cnt++].iov_len = sizeof(sad1);
- dst1.sin.sin_family = AF_INET;
- dst1.sin.sin_len = sizeof(struct sockaddr_in);
- dst1.sin.sin_addr.s_addr = inet_addr(address);
- smsg.sadb_msg_len += sad1.sadb_address_len;
- iov[cnt].iov_base = &dst1;
- iov[cnt++].iov_len = sizeof(struct sockaddr_in);
-
- sad2.sadb_address_len = (sizeof(sad2) + sizeof(struct sockaddr_in)) / 8;
- sad2.sadb_address_exttype = SADB_X_EXT_DST2;
- iov[cnt].iov_base = &sad2;
- iov[cnt++].iov_len = sizeof(sad2);
- dst2.sin.sin_family = AF_INET;
- dst2.sin.sin_len = sizeof(struct sockaddr_in);
- dst2.sin.sin_addr.s_addr = inet_addr(address);
- smsg.sadb_msg_len += sad2.sadb_address_len;
- iov[cnt].iov_base = &dst2;
- iov[cnt++].iov_len = sizeof(struct sockaddr_in);
-
- sproto.sadb_protocol_len = sizeof(sproto) / 8;
- sproto.sadb_protocol_exttype = SADB_X_EXT_PROTOCOL;
- sproto.sadb_protocol_proto = SADB_SATYPE_AH;
- smsg.sadb_msg_len += sproto.sadb_protocol_len;
- iov[cnt].iov_base = &sproto;
- iov[cnt++].iov_len = sizeof(sproto);
-
- kernel_debug(("kernel_group_spi: %s, %08x\n", address, SPI));
-
- if (!KERNEL_XF_SET(smsg.sadb_msg_len*8)) {
- log_error(1, "kernel_xf_set() in kernel_group_spi()");
- return -1;
- }
-#endif
-
- return 1;
-}
-
-int
-kernel_bind_spis(struct spiob *spi1, struct spiob *spi2)
-{
-#ifndef OPENBSD_IPSEC_API_VERSION
- struct sadb_msg smsg;
- struct sadb_sa sa, sa2;
- struct sadb_address sad1, sad2;
- struct sadb_protocol sproto;
- union sockaddr_union dst1, dst2;
- struct iovec iov[8];
- int cnt = 0;
- u_int32_t inspi = SPITOINT(spi1->SPI);
- u_int32_t outspi = SPITOINT(spi2->SPI);
-
- bzero(&smsg, sizeof(smsg));
- bzero(&sa, sizeof(sa));
- bzero(&sa2, sizeof(sa2));
- bzero(&sad1, sizeof(sad1));
- bzero(&sad2, sizeof(sad2));
- bzero(&dst1, sizeof(dst1));
- bzero(&dst2, sizeof(dst2));
-
- smsg.sadb_msg_version = PF_KEY_V2;
- smsg.sadb_msg_seq = pfkey_seq++;
- smsg.sadb_msg_pid = pfkey_pid;
- smsg.sadb_msg_type = SADB_X_BINDSA;
- smsg.sadb_msg_satype = spi1->flags & SPI_ESP ?
- SADB_SATYPE_ESP : SADB_SATYPE_AH;
- smsg.sadb_msg_len = sizeof(smsg) / 8;
-
- iov[cnt].iov_base = &smsg;
- iov[cnt++].iov_len = sizeof(smsg);
-
- sa.sadb_sa_len = sizeof(sa) / 8;
- sa.sadb_sa_exttype = SADB_EXT_SA;
- sa.sadb_sa_spi = htonl(inspi);
- sa.sadb_sa_state = SADB_SASTATE_MATURE;
- smsg.sadb_msg_len += sa.sadb_sa_len;
-
- iov[cnt].iov_base = &sa;
- iov[cnt++].iov_len = sizeof(sa);
-
- sa2.sadb_sa_len = sizeof(sa2) / 8;
- sa2.sadb_sa_exttype = SADB_X_EXT_SA2;
- sa2.sadb_sa_spi = htonl(outspi);
- sa2.sadb_sa_state = SADB_SASTATE_MATURE;
- smsg.sadb_msg_len += sa2.sadb_sa_len;
-
- iov[cnt].iov_base = &sa2;
- iov[cnt++].iov_len = sizeof(sa2);
-
- sad1.sadb_address_len = (sizeof(sad1) + sizeof(struct sockaddr_in)) / 8;
- sad1.sadb_address_exttype = SADB_EXT_ADDRESS_DST;
- iov[cnt].iov_base = &sad1;
- iov[cnt++].iov_len = sizeof(sad1);
- dst1.sin.sin_family = AF_INET;
- dst1.sin.sin_len = sizeof(struct sockaddr_in);
- dst1.sin.sin_addr.s_addr = inet_addr(spi1->local_address);
- smsg.sadb_msg_len += sad1.sadb_address_len;
- iov[cnt].iov_base = &dst1;
- iov[cnt++].iov_len = sizeof(struct sockaddr_in);
-
- sad2.sadb_address_len = (sizeof(sad2) + sizeof(struct sockaddr_in)) / 8;
- sad2.sadb_address_exttype = SADB_X_EXT_DST2;
- iov[cnt].iov_base = &sad2;
- iov[cnt++].iov_len = sizeof(sad2);
- dst2.sin.sin_family = AF_INET;
- dst2.sin.sin_len = sizeof(struct sockaddr_in);
- dst2.sin.sin_addr.s_addr = inet_addr(spi2->address);
- smsg.sadb_msg_len += sad2.sadb_address_len;
- iov[cnt].iov_base = &dst2;
- iov[cnt++].iov_len = sizeof(struct sockaddr_in);
-
- sproto.sadb_protocol_len = sizeof(sproto) / 8;
- sproto.sadb_protocol_exttype = SADB_X_EXT_PROTOCOL;
- sproto.sadb_protocol_proto = spi2->flags & SPI_ESP ?
- SADB_SATYPE_ESP : SADB_SATYPE_AH;
- smsg.sadb_msg_len += sproto.sadb_protocol_len;
- iov[cnt].iov_base = &sproto;
- iov[cnt++].iov_len = sizeof(sproto);
-
- kernel_debug(("kernel_bind_spi: <%s, %08x> -> <%s, %08x>\n",
- spi1->local_address, inspi, spi2->address, outspi));
-
- if (!KERNEL_XF_SET(smsg.sadb_msg_len*8)) {
- log_error(1, "kernel_xf_set() in kernel_bind_spi()");
- return -1;
- }
-#endif
-
- return 1;
-}
-
-int
-kernel_enable_spi(in_addr_t isrc, in_addr_t ismask,
- in_addr_t idst, in_addr_t idmask,
- char *address, u_int8_t *spi, int proto, int flags)
-{
-#ifndef OPENBSD_IPSEC_API_VERSION
- struct sadb_msg smsg;
- struct sadb_sa sa;
- struct sadb_address sad, sad1, sad2, sad3, sad4;
- union sockaddr_union dst, osrc, osmask, odst, odmask;
- struct iovec iov[12];
- u_int32_t SPI;
- int cnt = 0;
- SPI = SPITOINT(spi);
-
- bzero(&smsg, sizeof(smsg));
- bzero(&sa, sizeof(sa));
- bzero(&sad, sizeof(sad));
- bzero(&sad1, sizeof(sad1));
- bzero(&sad2, sizeof(sad2));
- bzero(&sad3, sizeof(sad3));
- bzero(&sad4, sizeof(sad4));
- bzero(&dst, sizeof(dst));
- bzero(&osrc, sizeof(osrc));
- bzero(&osmask, sizeof(osmask));
- bzero(&odst, sizeof(odst));
- bzero(&odmask, sizeof(odmask));
-
- smsg.sadb_msg_len = sizeof(smsg) / 8;
- smsg.sadb_msg_version = PF_KEY_V2;
- smsg.sadb_msg_seq = pfkey_seq++;
- smsg.sadb_msg_pid = pfkey_pid;
- smsg.sadb_msg_type = SADB_X_ADDFLOW;
- smsg.sadb_msg_satype = proto == IPPROTO_ESP ?
- SADB_SATYPE_ESP : SADB_SATYPE_AH;
- iov[cnt].iov_base = &smsg;
- iov[cnt++].iov_len = sizeof(smsg);
-
- sa.sadb_sa_len = sizeof(sa) / 8;
- sa.sadb_sa_exttype = SADB_EXT_SA;
- sa.sadb_sa_state = SADB_SASTATE_MATURE;
- sa.sadb_sa_spi = htonl(SPI);
- sa.sadb_sa_flags = flags;
- smsg.sadb_msg_len += sa.sadb_sa_len;
- iov[cnt].iov_base = &sa;
- iov[cnt++].iov_len = sizeof(sa);
-
- sad.sadb_address_len = (sizeof(sad) + sizeof(struct sockaddr_in)) / 8;
- sad.sadb_address_exttype = SADB_EXT_ADDRESS_DST;
- smsg.sadb_msg_len += sad.sadb_address_len;
- iov[cnt].iov_base = &sad;
- iov[cnt++].iov_len = sizeof(sad);
-
- dst.sin.sin_family = AF_INET;
- dst.sin.sin_len = sizeof(struct sockaddr_in);
- dst.sin.sin_addr.s_addr = inet_addr(address);
- iov[cnt].iov_base = &dst;
- iov[cnt++].iov_len = sizeof(struct sockaddr_in);
-
- sad1.sadb_address_exttype = SADB_X_EXT_SRC_FLOW;
- sad2.sadb_address_exttype = SADB_X_EXT_SRC_MASK;
- sad3.sadb_address_exttype = SADB_X_EXT_DST_FLOW;
- sad4.sadb_address_exttype = SADB_X_EXT_DST_MASK;
-
- sad1.sadb_address_len = (sizeof(sad1) + sizeof(struct sockaddr_in)) / 8;
- sad2.sadb_address_len = (sizeof(sad2) + sizeof(struct sockaddr_in)) / 8;
- sad3.sadb_address_len = (sizeof(sad3) + sizeof(struct sockaddr_in)) / 8;
- sad4.sadb_address_len = (sizeof(sad4) + sizeof(struct sockaddr_in)) / 8;
-
- osrc.sin.sin_family = odst.sin.sin_family = AF_INET;
- osmask.sin.sin_family = odmask.sin.sin_family = AF_INET;
- osrc.sin.sin_len = odst.sin.sin_len = sizeof(struct sockaddr_in);
- osmask.sin.sin_len = sizeof(struct sockaddr_in);
- odmask.sin.sin_len = sizeof(struct sockaddr_in);
-
- osrc.sin.sin_addr.s_addr = isrc;
- osmask.sin.sin_addr.s_addr = ismask;
- odst.sin.sin_addr.s_addr = idst;
- odmask.sin.sin_addr.s_addr = idmask;
- smsg.sadb_msg_len += sad1.sadb_address_len * 4;
-
- iov[cnt].iov_base = &sad1;
- iov[cnt++].iov_len = sizeof(sad1);
- iov[cnt].iov_base = &osrc;
- iov[cnt++].iov_len = sizeof(struct sockaddr_in);
-
- iov[cnt].iov_base = &sad2;
- iov[cnt++].iov_len = sizeof(sad2);
- iov[cnt].iov_base = &osmask;
- iov[cnt++].iov_len = sizeof(struct sockaddr_in);
-
- iov[cnt].iov_base = &sad3;
- iov[cnt++].iov_len = sizeof(sad3);
- iov[cnt].iov_base = &odst;
- iov[cnt++].iov_len = sizeof(struct sockaddr_in);
-
- iov[cnt].iov_base = &sad4;
- iov[cnt++].iov_len = sizeof(sad4);
- iov[cnt].iov_base = &odmask;
- iov[cnt++].iov_len = sizeof(struct sockaddr_in);
-
- kernel_debug(("kernel_enable_spi: %08x\n", SPI));
-
- if (!KERNEL_XF_SET(smsg.sadb_msg_len*8)) {
- log_error(1, "kernel_xf_set() in kernel_enable_spi()");
- return -1;
- }
-#endif
-
- return 1;
-}
-
-int
-kernel_disable_spi(in_addr_t isrc, in_addr_t ismask,
- in_addr_t idst, in_addr_t idmask,
- char *address, u_int8_t *spi, int proto, int flags)
-{
-#ifndef OPENBSD_IPSEC_API_VERSION
- struct sadb_msg smsg;
- struct sadb_sa sa;
- struct sadb_address sad1, sad2, sad3, sad4;
- union sockaddr_union osrc, osmask, odst, odmask;
- struct iovec iov[12];
- u_int32_t SPI;
- int cnt = 0;
- SPI = SPITOINT(spi);
-
- bzero(&smsg, sizeof(smsg));
- bzero(&sa, sizeof(sa));
- bzero(&sad1, sizeof(sad1));
- bzero(&sad2, sizeof(sad2));
- bzero(&sad3, sizeof(sad3));
- bzero(&sad4, sizeof(sad4));
- bzero(&osrc, sizeof(osrc));
- bzero(&osmask, sizeof(osmask));
- bzero(&odst, sizeof(odst));
- bzero(&odmask, sizeof(odmask));
-
- smsg.sadb_msg_len = sizeof(smsg) / 8;
- smsg.sadb_msg_version = PF_KEY_V2;
- smsg.sadb_msg_seq = pfkey_seq++;
- smsg.sadb_msg_pid = pfkey_pid;
- smsg.sadb_msg_type = SADB_X_DELFLOW;
- smsg.sadb_msg_satype = proto == IPPROTO_ESP ?
- SADB_SATYPE_ESP : SADB_SATYPE_AH;
- iov[cnt].iov_base = &smsg;
- iov[cnt++].iov_len = sizeof(smsg);
-
- sa.sadb_sa_len = sizeof(sa) / 8;
- sa.sadb_sa_exttype = SADB_EXT_SA;
- sa.sadb_sa_state = SADB_SASTATE_MATURE;
- sa.sadb_sa_spi = htonl(SPI);
- sa.sadb_sa_flags = flags;
- smsg.sadb_msg_len += sa.sadb_sa_len;
- iov[cnt].iov_base = &sa;
- iov[cnt++].iov_len = sizeof(sa);
-
- sad1.sadb_address_exttype = SADB_X_EXT_SRC_FLOW;
- sad2.sadb_address_exttype = SADB_X_EXT_SRC_MASK;
- sad3.sadb_address_exttype = SADB_X_EXT_DST_FLOW;
- sad4.sadb_address_exttype = SADB_X_EXT_DST_MASK;
-
- sad1.sadb_address_len = (sizeof(sad1) + sizeof(struct sockaddr_in)) / 8;
- sad2.sadb_address_len = (sizeof(sad2) + sizeof(struct sockaddr_in)) / 8;
- sad3.sadb_address_len = (sizeof(sad3) + sizeof(struct sockaddr_in)) / 8;
- sad4.sadb_address_len = (sizeof(sad4) + sizeof(struct sockaddr_in)) / 8;
-
- osrc.sin.sin_family = odst.sin.sin_family = AF_INET;
- osmask.sin.sin_family = odmask.sin.sin_family = AF_INET;
- osrc.sin.sin_len = odst.sin.sin_len = sizeof(struct sockaddr_in);
- osmask.sin.sin_len = sizeof(struct sockaddr_in);
- odmask.sin.sin_len = sizeof(struct sockaddr_in);
-
- osrc.sin.sin_addr.s_addr = isrc;
- osmask.sin.sin_addr.s_addr = ismask;
- odst.sin.sin_addr.s_addr = idst;
- odmask.sin.sin_addr.s_addr = idmask;
- smsg.sadb_msg_len += sad1.sadb_address_len * 4;
-
- iov[cnt].iov_base = &sad1;
- iov[cnt++].iov_len = sizeof(sad1);
- iov[cnt].iov_base = &osrc;
- iov[cnt++].iov_len = sizeof(struct sockaddr_in);
-
- iov[cnt].iov_base = &sad2;
- iov[cnt++].iov_len = sizeof(sad2);
- iov[cnt].iov_base = &osmask;
- iov[cnt++].iov_len = sizeof(struct sockaddr_in);
-
- iov[cnt].iov_base = &sad3;
- iov[cnt++].iov_len = sizeof(sad3);
- iov[cnt].iov_base = &odst;
- iov[cnt++].iov_len = sizeof(struct sockaddr_in);
-
- iov[cnt].iov_base = &sad4;
- iov[cnt++].iov_len = sizeof(sad4);
- iov[cnt].iov_base = &odmask;
- iov[cnt++].iov_len = sizeof(struct sockaddr_in);
-
- kernel_debug(("kernel_disable_spi: %08x\n", SPI));
-
- if (!KERNEL_XF_SET(smsg.sadb_msg_len*8)) {
- log_error(1, "kernel_xf_set() in kernel_disable_spi()");
- return -1;
- }
-#endif
-
- return 1;
-}
-
/*
* Remove a single SPI from the kernel database.
*/
@@ -1248,10 +844,10 @@ kernel_delete_spi(char *address, u_int32_t spi, int proto)
if (!KERNEL_XF_SET(sa.sadb_msg_len * 8)) {
log_error(1, "kernel_xf_set() in kernel_delete_spi()");
- return -1;
+ return (-1);
}
- return 1;
+ return (1);
}
/*
@@ -1267,7 +863,6 @@ kernel_insert_spi(struct stateob *st, struct spiob *SPI)
u_int8_t *attributes;
u_int16_t attribsize, ahsize, espsize;
u_int8_t *secrets, *ah, *esp;
- struct spiob *spi2;
attrib_t *attprop;
int offset, proto = 0;
@@ -1289,7 +884,7 @@ kernel_insert_spi(struct stateob *st, struct spiob *SPI)
if ((attprop = getattrib(esp[count])) == NULL) {
log_error(0, "Unknown attribute %d for ESP in kernel_insert_spi()",
esp[count]);
- return -1;
+ return (-1);
}
if (atesp == NULL && attprop->type == AT_ENC)
atesp = attprop;
@@ -1300,15 +895,12 @@ kernel_insert_spi(struct stateob *st, struct spiob *SPI)
}
if (atesp == NULL) {
log_error(0, "No encryption attribute in ESP section for SA(%08x, %s->%s) in kernel_insert()", SPITOINT(SPI->SPI), SPI->local_address, SPI->address);
- return -1;
+ return (-1);
}
- if (vpn_mode)
- SPI->flags |= SPI_TUNNEL;
-
offset = kernel_esp(atesp, atah, SPI, secrets);
if (offset == -1)
- return -1;
+ return (-1);
secrets += offset;
}
@@ -1320,7 +912,7 @@ kernel_insert_spi(struct stateob *st, struct spiob *SPI)
if ((attprop = getattrib(ah[count])) == NULL) {
log_error(0, "Unknown attribute %d for AH in kernel_insert_spi()",
ah[count]);
- return -1;
+ return (-1);
}
if(atah == NULL && (attprop->type & AT_AUTH))
atah = attprop;
@@ -1339,17 +931,12 @@ kernel_insert_spi(struct stateob *st, struct spiob *SPI)
if (atah == NULL) {
log_error(0, "No authentication attribute in AH section for SA(%08x, %s->%s) in kernel_insert()", SPITOINT(SPI->SPI), SPI->local_address, SPI->address);
- return -1;
+ return (-1);
}
- if (vpn_mode && esp == NULL)
- SPI->flags |= SPI_TUNNEL;
- else
- SPI->flags &= ~SPI_TUNNEL;
-
offset = kernel_ah(atah, SPI, secrets, hmac);
if (offset == -1)
- return -1;
+ return (-1);
secrets += offset;
}
@@ -1361,57 +948,17 @@ kernel_insert_spi(struct stateob *st, struct spiob *SPI)
SPI->flags &= ~SPI_ESP;
}
-#if OPENBSD_IPSEC_API_VERSION == 1
/*
* Inform the kernel that we obtained the requested SA
*/
kernel_notify_result(st, SPI, proto);
-#else
- /* Group the SPIs for User */
- if (!(SPI->flags & SPI_OWNER) && ah != NULL && esp != NULL) {
- if (kernel_group_spi(SPI->address, spi) == -1)
- log_error(0, "kernel_group_spi() in kernel_insert_spi()");
- }
- if (!(SPI->flags & SPI_OWNER)) {
- if (!(SPI->flags & SPI_NOTIFY) || vpn_mode) {
- if (kernel_enable_spi(SPI->isrc, SPI->ismask,
- SPI->idst, SPI->idmask,
- SPI->address, spi, proto,
- SADB_X_SAFLAGS_REPLACEFLOW |
- (vpn_mode ? /*ENABLE_FLAG_MODIFY*/ : 0)) == -1)
- log_error(0, "kernel_enable_spi() in kernel_insert_spi()");
- } else {
- /*
- * Inform the kernel that we obtained the requested SA
- */
- kernel_notify_result(st, SPI, proto);
- }
- }
-#endif
-
- /* Is this what people call perfect forward security ? */
+ /* Erase keys */
bzero(SPI->sessionkey, SPI->sessionkeysize);
free(SPI->sessionkey);
SPI->sessionkey = NULL; SPI->sessionkeysize = 0;
- /* Bind the pair of SPI in the state object */
- if (SPI->flags & SPI_OWNER)
- spi2 = spi_find(SPI->address, st->uSPI);
- else
- spi2 = spi_find(SPI->local_address, st->oSPI);
-
- if (!spi2) {
- log_error(0, "kernel_insert_spi(): can not find second SPI");
- return 0;
- }
-
- if (SPI->flags & SPI_OWNER)
- kernel_bind_spis(SPI, spi2);
- else
- kernel_bind_spis(spi2, SPI);
-
- return 1;
+ return (1);
}
/*
@@ -1439,34 +986,16 @@ kernel_unlink_spi(struct spiob *ospi)
AT_AH_ATTRIB);
if (esp != NULL) {
- int flag = (vpn_mode ? /*ENABLE_FLAG_MODIFY*/ : 0);
- if (!(ospi->flags & SPI_OWNER) &&
- kernel_disable_spi(ospi->isrc, ospi->ismask,
- ospi->idst, ospi->idmask,
- ospi->address, ospi->SPI,
- IPPROTO_ESP, flag) == -1)
- log_error(0, "kernel_disable_spi() in kernel_unlink_spi()");
-
if (kernel_delete_spi(p, SPITOINT(ospi->SPI), IPPROTO_ESP) == -1)
log_error(0, "kernel_delete_spi() in kernel_unlink_spi()");
}
if (ah != NULL) {
- if (esp == NULL) {
- int flag = (vpn_mode ? /*ENABLE_FLAG_MODIFY*/ : 0);
- if (!(ospi->flags & SPI_OWNER) &&
- kernel_disable_spi(ospi->isrc, ospi->ismask,
- ospi->idst, ospi->idmask,
- ospi->address, ospi->SPI,
- IPPROTO_AH, flag) == -1)
- log_error(0, "kernel_disable_spi() in kernel_unlink_spi()");
- }
-
if (kernel_delete_spi(p, SPITOINT(ospi->SPI), IPPROTO_AH) == -1)
log_error(0, "kernel_delete_spi() in kernel_unlink_spi()");
}
- return 1;
+ return (1);
}
/*
diff --git a/sbin/photurisd/kernel.h b/sbin/photurisd/kernel.h
index ed49f72da79..d36f81d3310 100644
--- a/sbin/photurisd/kernel.h
+++ b/sbin/photurisd/kernel.h
@@ -27,7 +27,7 @@
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-/* $Id: kernel.h,v 1.5 2000/11/17 19:32:56 millert Exp $ */
+/* $Id: kernel.h,v 1.6 2000/12/11 20:32:15 provos Exp $ */
/*
* kernel.h:
* security paramter index creation.
@@ -90,12 +90,6 @@ int kernel_esp(attrib_t *ob, attrib_t *ob2, struct spiob *SPI,
int kernel_group_spi(char *address, u_int8_t *spi);
int kernel_bind_spis(struct spiob *spi1, struct spiob *spi2);
-int kernel_enable_spi(in_addr_t isrc, in_addr_t ismask,
- in_addr_t idst, in_addr_t idmask,
- char *address, u_int8_t *spi, int proto, int flags);
-int kernel_disable_spi(in_addr_t isrc, in_addr_t ismask,
- in_addr_t idst, in_addr_t idmask,
- char *address, u_int8_t *spi, int proto, int flags);
int kernel_delete_spi(char *address, u_int32_t spi, int proto);
int kernel_request_sa(void *em /* struct encap_msghdr *em */);
diff --git a/sbin/photurisd/photurisd.8 b/sbin/photurisd/photurisd.8
index 85a90a01090..706b370807d 100644
--- a/sbin/photurisd/photurisd.8
+++ b/sbin/photurisd/photurisd.8
@@ -1,4 +1,4 @@
-.\" $OpenBSD: photurisd.8,v 1.7 2000/03/18 22:56:02 aaron Exp $
+.\" $OpenBSD: photurisd.8,v 1.8 2000/12/11 20:32:15 provos Exp $
.\"
.\" Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
.\" All rights reserved.
@@ -38,7 +38,7 @@
.Nd IPSec key management daemon
.Sh SYNOPSIS
.Nm photurisd
-.Op Fl cvi
+.Op Fl ci
.Op Fl d Ar directory
.Op Fl p Ar port
.Sh DESCRIPTION
@@ -59,13 +59,6 @@ The options are as follows:
The
.Fl c
option is used to force a primality check of the bootstrapped moduli.
-.It Fl v
-The
-.Fl v
-options is used to start
-.Xr photurisd 8
-in VPN (Virtual Private Network) mode, see
-.Xr vpn 8 .
.It Fl i
The
.Fl i
@@ -229,32 +222,6 @@ Possible values are
.Dq enc
and
.Dq auth .
-.It Ic tsrc
-If both
-.Ic tsrc
-and
-.Ic tdst
-(see below) are specified, a tunnel (IP over IP) is setup.
-The
-.Ic tsrc
-option is a network address with netmask used for matching the source
-IP address of a packet.
-When both the source and the destination
-addresses match their respective options the packet will be routed into the
-tunnel.
-.It Ic tdst
-If both
-.Ic tsrc
-(see above) and
-.Ic tdst
-are specified, a tunnel (IP over IP) is setup.
-The
-.Ic tdst
-option is a network address with netmask used for matching the destination
-IP address of a packet.
-When both the source and the destination
-addresses match their respective options the packet will be routed into the
-tunnel.
.It Ic exchange_lifetime
Determines the lifetime of the exchange.
After an exchange expires
@@ -282,8 +249,6 @@ entry:
.Pp
.Bd -literal
dst=134.100.106.2 port=468 options=auth
-tsrc=134.100.104.0/255.255.255.255
-tdst=134.100.106.0/255.255.255.255
.Ed
.Sh SEE ALSO
.Xr startkey 1 ,
diff --git a/sbin/photurisd/photurisd.c b/sbin/photurisd/photurisd.c
index 1821fd5e528..fba902f912b 100644
--- a/sbin/photurisd/photurisd.c
+++ b/sbin/photurisd/photurisd.c
@@ -32,7 +32,7 @@
*/
#ifndef lint
-static char rcsid[] = "$Id: photurisd.c,v 1.4 1999/12/17 18:57:03 deraadt Exp $";
+static char rcsid[] = "$Id: photurisd.c,v 1.5 2000/12/11 20:32:15 provos Exp $";
#endif
#define _PHOTURIS_C_
@@ -71,7 +71,6 @@ usage(void)
fprintf(f, "usage: photurisd [-cvi] [-d directory] [-p port]\n");
fprintf(f, "\t-c check primes on startup\n");
- fprintf(f, "\t-v start in VPN mode\n");
fprintf(f, "\t-i ignore startup file %s\n", PHOTURIS_STARTUP);
fprintf(f, "\t-d specifies the startup dir\n");
fprintf(f, "\t-p specifies the local port to bind to\n");
@@ -120,16 +119,12 @@ main(int argc, char **argv)
daemon_mode = 0;
global_port = 0;
- vpn_mode = 0;
- while ((ch = getopt(argc, argv, "vcid:p:")) != -1)
+ while ((ch = getopt(argc, argv, "cid:p:")) != -1)
switch((char)ch) {
case 'c':
primes = 1;
break;
- case 'v':
- vpn_mode = 1;
- break;
case 'i':
ignore = 1;
break;
@@ -181,7 +176,7 @@ main(int argc, char **argv)
init_server();
/* Startup preconfigured exchanges */
- if( !ignore && !vpn_mode)
+ if(!ignore)
init_startup();
server();
diff --git a/sbin/photurisd/server.c b/sbin/photurisd/server.c
index c9558334e6e..cb9f5f868f3 100644
--- a/sbin/photurisd/server.c
+++ b/sbin/photurisd/server.c
@@ -35,7 +35,7 @@
*/
#ifndef lint
-static char rcsid[] = "$Id: server.c,v 1.2 2000/12/11 02:16:50 provos Exp $";
+static char rcsid[] = "$Id: server.c,v 1.3 2000/12/11 20:32:15 provos Exp $";
#endif
#define _SERVER_C_
@@ -285,11 +285,12 @@ server(void)
if (select(sockets[num_ifs-1]+1,
readfds, (fd_set *) NULL, (fd_set *) NULL,
- (timeout.tv_sec == -1 ? NULL : &timeout)) < 0)
+ (timeout.tv_sec == -1 ? NULL : &timeout)) < 0) {
if (errno == EINTR)
continue;
else
crit_error(1, "select() in server()");
+ }
for (i=0; i<num_ifs; i++) {
if (FD_ISSET(sockets[i], readfds)) {
diff --git a/sbin/photurisd/spi.c b/sbin/photurisd/spi.c
index f51cae995db..4444d68da77 100644
--- a/sbin/photurisd/spi.c
+++ b/sbin/photurisd/spi.c
@@ -33,7 +33,7 @@
*/
#ifndef lint
-static char rcsid[] = "$Id: spi.c,v 1.2 1999/03/27 21:18:02 provos Exp $";
+static char rcsid[] = "$Id: spi.c,v 1.3 2000/12/11 20:32:15 provos Exp $";
#endif
#define _SPI_C_
@@ -105,24 +105,6 @@ make_spi(struct stateob *st, char *local_address,
return 0;
}
-int
-spi_set_tunnel(struct stateob *st, struct spiob *spi)
-{
- if (st->flags & IPSEC_OPT_TUNNEL) {
- spi->flags |= SPI_TUNNEL;
- spi->isrc = st->isrc;
- spi->ismask = st->ismask;
- spi->idst = st->idst;
- spi->idmask = st->idmask;
- } else {
- spi->isrc = inet_addr(spi->local_address);
- spi->ismask = inet_addr("255.255.255.255");
- spi->idst = inet_addr(spi->address);
- spi->idmask = inet_addr("255.255.255.255");
- }
- return 1;
-}
-
int
spi_insert(struct spiob *ob)
diff --git a/sbin/photurisd/spi.h b/sbin/photurisd/spi.h
index 5bb7edd9516..19ca0535560 100644
--- a/sbin/photurisd/spi.h
+++ b/sbin/photurisd/spi.h
@@ -27,7 +27,7 @@
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-/* $Id: spi.h,v 1.2 1999/03/27 21:18:02 provos Exp $ */
+/* $Id: spi.h,v 1.3 2000/12/11 20:32:15 provos Exp $ */
/*
* spi.h:
* security paramter index creation.
@@ -50,15 +50,12 @@
#define SPI_OWNER 1
#define SPI_NOTIFY 2
-#define SPI_TUNNEL 4
#define SPI_ESP 8 /* Is used for ESP */
struct spiob {
struct spiob *next; /* Linked list */
char *address;
char *local_address;
- in_addr_t isrc, ismask;
- in_addr_t idst, idmask;
int flags;
u_int8_t SPI[SPI_SIZE]; /* SPI */
u_int8_t icookie[COOKIE_SIZE]; /* Initator cookie */
@@ -74,7 +71,6 @@ EXTERN int make_spi(struct stateob *st, char *local_address,
u_int8_t *SPI, time_t *lifetime,
u_int8_t **attributes, u_int16_t *attribsize);
-EXTERN int spi_set_tunnel(struct stateob *st, struct spiob *spi);
EXTERN int spi_insert(struct spiob *);
EXTERN int spi_unlink(struct spiob *);
EXTERN struct spiob *spi_new(char *, u_int8_t *);
diff --git a/sbin/photurisd/state.c b/sbin/photurisd/state.c
index d97e83b4787..528ef0e1a7d 100644
--- a/sbin/photurisd/state.c
+++ b/sbin/photurisd/state.c
@@ -120,10 +120,6 @@ state_copy_flags(struct stateob *src, struct stateob *dst)
dst->user = strdup(src->user);
dst->flags = src->flags;
- dst->isrc = src->isrc;
- dst->ismask = src->ismask;
- dst->idst = src->idst;
- dst->idmask = src->idmask;
strncpy(dst->address, src->address, sizeof(src->address)-1);
dst->address[sizeof(dst->address)-1] = 0;
diff --git a/sbin/photurisd/state.h b/sbin/photurisd/state.h
index a43dd63b20e..f33b37dda8e 100644
--- a/sbin/photurisd/state.h
+++ b/sbin/photurisd/state.h
@@ -27,7 +27,7 @@
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-/* $Id: state.h,v 1.3 2000/12/11 02:16:51 provos Exp $ */
+/* $Id: state.h,v 1.4 2000/12/11 20:32:15 provos Exp $ */
/*
* state.h:
* state object
@@ -50,7 +50,6 @@
/* Possible values of flags */
#define IPSEC_OPT_ENC 0x0001 /* Negotiate encryption */
#define IPSEC_OPT_AUTH 0x0002 /* Negotiate authentication */
-#define IPSEC_OPT_TUNNEL 0x0004 /* Negotiate tunne mode */
#define IPSEC_OPT_REPLAY 0x0100 /* Encryption with replay protection */
#define IPSEC_OPT_ENC_AUTH 0x0200 /* Encryption with authentication */
#define IPSEC_OPT_XOR 0x0400 /* Encryption with XOR */
@@ -65,8 +64,6 @@ struct stateob {
char *user; /* User name for which do the exchange */
int flags; /* Possible flags for this exchange */
- in_addr_t isrc, ismask; /* Accept source for tunnel */
- in_addr_t idst, idmask; /* Accept destination for tunnel */
char address[16]; /* Remote address */
u_int16_t port; /* Remote port for Photuris daemon */