diff options
author | Hans-Joerg Hoexer <hshoexer@cvs.openbsd.org> | 2005-05-04 10:05:03 +0000 |
---|---|---|
committer | Hans-Joerg Hoexer <hshoexer@cvs.openbsd.org> | 2005-05-04 10:05:03 +0000 |
commit | 193abae5eded07143cc0c855da148cfca6c23a98 (patch) | |
tree | 76d84fa8901a81ef0f64daf11daf20385d92c1b8 /sbin | |
parent | a22baeec2285142cc4a94f0362d03b1d38102deb (diff) |
clean up KEY_API() wrapper.
ok ho@
Diffstat (limited to 'sbin')
-rw-r--r-- | sbin/isakmpd/app.c | 5 | ||||
-rw-r--r-- | sbin/isakmpd/connection.c | 5 | ||||
-rw-r--r-- | sbin/isakmpd/dpd.c | 5 | ||||
-rw-r--r-- | sbin/isakmpd/ipsec.c | 17 | ||||
-rw-r--r-- | sbin/isakmpd/sysdep.h | 18 | ||||
-rw-r--r-- | sbin/isakmpd/sysdep/openbsd/sysdep.c | 88 |
6 files changed, 22 insertions, 116 deletions
diff --git a/sbin/isakmpd/app.c b/sbin/isakmpd/app.c index bc7c913c123..1464b37a357 100644 --- a/sbin/isakmpd/app.c +++ b/sbin/isakmpd/app.c @@ -1,4 +1,4 @@ -/* $OpenBSD: app.c,v 1.11 2005/04/08 16:15:38 deraadt Exp $ */ +/* $OpenBSD: app.c,v 1.12 2005/05/04 10:05:01 hshoexer Exp $ */ /* $EOM: app.c,v 1.6 1999/05/01 20:21:06 niklas Exp $ */ /* @@ -40,6 +40,7 @@ #include "app.h" #include "log.h" #include "monitor.h" +#include "pf_key_v2.h" int app_socket; @@ -60,5 +61,5 @@ app_init(void) void app_handler(void) { - sysdep_app_handler(app_socket); + pf_key_v2_handler(app_socket); } diff --git a/sbin/isakmpd/connection.c b/sbin/isakmpd/connection.c index b3c4af95d8f..c631fe79162 100644 --- a/sbin/isakmpd/connection.c +++ b/sbin/isakmpd/connection.c @@ -1,4 +1,4 @@ -/* $OpenBSD: connection.c,v 1.31 2005/04/08 19:40:02 deraadt Exp $ */ +/* $OpenBSD: connection.c,v 1.32 2005/05/04 10:05:01 hshoexer Exp $ */ /* $EOM: connection.c,v 1.28 2000/11/23 12:21:18 niklas Exp $ */ /* @@ -42,6 +42,7 @@ #include "connection.h" #include "doi.h" #include "ipsec.h" +#include "pf_key_v2.h" /* XXX isakmp.h only required for compare_ids(). */ #include "isakmp.h" @@ -154,7 +155,7 @@ connection_checker(void *vconn) connection_checker, conn, &now); if (!conn->ev) log_print("connection_checker: could not add timer event"); - sysdep_connection_check(conn->name); + pf_key_v2_connection_check(conn->name); } /* Find the connection named NAME. */ diff --git a/sbin/isakmpd/dpd.c b/sbin/isakmpd/dpd.c index 4f81589a0b7..040b030a3b6 100644 --- a/sbin/isakmpd/dpd.c +++ b/sbin/isakmpd/dpd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dpd.c,v 1.12 2005/04/08 21:14:49 cloder Exp $ */ +/* $OpenBSD: dpd.c,v 1.13 2005/05/04 10:05:01 hshoexer Exp $ */ /* * Copyright (c) 2004 Håkan Olsson. All rights reserved. @@ -38,6 +38,7 @@ #include "isakmp_fld.h" #include "log.h" #include "message.h" +#include "pf_key_v2.h" #include "sa.h" #include "timer.h" #include "transport.h" @@ -274,7 +275,7 @@ dpd_check_time(struct sa *sa, void *v_arg) sa->transport->vtbl->get_src(sa->transport, &dst); gettimeofday(&tv, 0); - ksa = sysdep_ipsec_get_kernel_sa(proto->spi[1], proto->spi_sz[1], + ksa = pf_key_v2_get_kernel_sa(proto->spi[1], proto->spi_sz[1], proto->proto, dst); if (!ksa || !ksa->last_used) diff --git a/sbin/isakmpd/ipsec.c b/sbin/isakmpd/ipsec.c index bace4f0f49b..d04f9d1c600 100644 --- a/sbin/isakmpd/ipsec.c +++ b/sbin/isakmpd/ipsec.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsec.c,v 1.117 2005/04/08 23:15:26 hshoexer Exp $ */ +/* $OpenBSD: ipsec.c,v 1.118 2005/05/04 10:05:01 hshoexer Exp $ */ /* $EOM: ipsec.c,v 1.143 2000/12/11 23:57:42 niklas Exp $ */ /* @@ -64,6 +64,7 @@ #include "math_group.h" #include "message.h" #include "nat_traversal.h" +#include "pf_key_v2.h" #include "prf.h" #include "sa.h" #include "timer.h" @@ -359,15 +360,15 @@ ipsec_finalize_exchange(struct message *msg) for (proto = TAILQ_FIRST(&sa->protos), last_proto = 0; proto; proto = TAILQ_NEXT(proto, link)) { - if (sysdep_ipsec_set_spi(sa, proto, + if (pf_key_v2_set_spi(sa, proto, 0, isakmp_sa) || (last_proto && - sysdep_ipsec_group_spis(sa, + pf_key_v2_group_spis(sa, last_proto, proto, 0)) || - sysdep_ipsec_set_spi(sa, proto, + pf_key_v2_set_spi(sa, proto, 1, isakmp_sa) || (last_proto && - sysdep_ipsec_group_spis(sa, + pf_key_v2_group_spis(sa, last_proto, proto, 1))) /* * XXX Tear down this @@ -413,7 +414,7 @@ ipsec_finalize_exchange(struct message *msg) if (!(sa->flags & SA_FLAG_ONDEMAND || conf_get_str("General", "Acquire-Only") || acquire_only) && - sysdep_ipsec_enable_sa(sa, isakmp_sa)) + pf_key_v2_enable_sa(sa, isakmp_sa)) /* XXX Tear down this exchange. */ return; @@ -1409,7 +1410,7 @@ ipsec_delete_spi(struct sa *sa, struct proto *proto, int incoming) if (sa->phase == 1) return; /* XXX Error handling? Is it interesting? */ - sysdep_ipsec_delete_spi(sa, proto, incoming); + pf_key_v2_delete_spi(sa, proto, incoming); } /* @@ -1505,7 +1506,7 @@ ipsec_get_spi(size_t *sz, u_int8_t proto, struct message *msg) transport->vtbl->get_src(transport, &dst); /* The peer is the source. */ transport->vtbl->get_dst(transport, &src); - return sysdep_ipsec_get_spi(sz, proto, src, dst, + return pf_key_v2_get_spi(sz, proto, src, dst, msg->exchange->seq); } } diff --git a/sbin/isakmpd/sysdep.h b/sbin/isakmpd/sysdep.h index d1e1fb83e82..9dfe0bde9d0 100644 --- a/sbin/isakmpd/sysdep.h +++ b/sbin/isakmpd/sysdep.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sysdep.h,v 1.24 2005/04/08 23:15:26 hshoexer Exp $ */ +/* $OpenBSD: sysdep.h,v 1.25 2005/05/04 10:05:01 hshoexer Exp $ */ /* $EOM: sysdep.h,v 1.17 2000/12/04 04:46:35 angelos Exp $ */ /* @@ -38,23 +38,7 @@ #include <string.h> #endif -struct proto; -struct sa; -struct sockaddr; - -extern void sysdep_app_handler(int); extern int sysdep_cleartext(int, int); -extern void sysdep_connection_check(char *); -extern int sysdep_ipsec_delete_spi(struct sa *, struct proto *, int); -extern int sysdep_ipsec_enable_sa(struct sa *, struct sa *); -extern u_int8_t *sysdep_ipsec_get_spi(size_t *, u_int8_t, struct sockaddr *, - struct sockaddr *, u_int32_t); -extern struct sa_kinfo *sysdep_ipsec_get_kernel_sa(u_int8_t *, size_t, - u_int8_t, struct sockaddr *); -extern int sysdep_ipsec_group_spis(struct sa *, struct proto *, - struct proto *, int); -extern int sysdep_ipsec_set_spi(struct sa *, struct proto *, int, - struct sa *); #if defined (USE_BOEHM_GC) /* diff --git a/sbin/isakmpd/sysdep/openbsd/sysdep.c b/sbin/isakmpd/sysdep/openbsd/sysdep.c index 5168fcdd330..d9cdb9935e2 100644 --- a/sbin/isakmpd/sysdep/openbsd/sysdep.c +++ b/sbin/isakmpd/sysdep/openbsd/sysdep.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sysdep.c,v 1.33 2005/04/08 23:15:26 hshoexer Exp $ */ +/* $OpenBSD: sysdep.c,v 1.34 2005/05/04 10:05:02 hshoexer Exp $ */ /* $EOM: sysdep.c,v 1.9 2000/12/04 04:46:35 angelos Exp $ */ /* @@ -39,59 +39,11 @@ #include "sysdep.h" -#include "monitor.h" -#include "util.h" - #include "app.h" -#include "conf.h" -#include "ipsec.h" - -#include "pf_key_v2.h" -#define KEY_API(x) pf_key_v2_##x - #include "log.h" +#include "monitor.h" +#include "util.h" -/* - * When select(2) has noticed our application needs attendance, this is what - * gets called. FD is the file descriptor causing the alarm. - */ -void -sysdep_app_handler(int fd) -{ - KEY_API(handler)(fd); -} - -/* Check that the connection named NAME is active, or else make it active. */ -void -sysdep_connection_check(char *name) -{ - KEY_API(connection_check)(name); -} - -/* - * Generate a SPI for protocol PROTO and the source/destination pair given by - * SRC, SRCLEN, DST & DSTLEN. Stash the SPI size in SZ. - */ -u_int8_t * -sysdep_ipsec_get_spi(size_t *sz, u_int8_t proto, struct sockaddr *src, - struct sockaddr *dst, u_int32_t seq) -{ - if (app_none) { - *sz = IPSEC_SPI_SIZE; - /* XXX should be random instead I think. */ - return (u_int8_t *)strdup("\x12\x34\x56\x78"); - } - return KEY_API(get_spi)(sz, proto, src, dst, seq); -} - -struct sa_kinfo * -sysdep_ipsec_get_kernel_sa(u_int8_t *spi, size_t spi_sz, u_int8_t proto, - struct sockaddr *dst) -{ - if (app_none) - return 0; - return KEY_API(get_kernel_sa)(spi, spi_sz, proto, dst); -} /* Force communication on socket FD to go in the clear. */ int @@ -180,37 +132,3 @@ sysdep_cleartext(int fd, int af) } return 0; } - -int -sysdep_ipsec_delete_spi(struct sa *sa, struct proto *proto, int incoming) -{ - if (app_none) - return 0; - return KEY_API(delete_spi)(sa, proto, incoming); -} - -int -sysdep_ipsec_enable_sa(struct sa *sa, struct sa *isakmp_sa) -{ - if (app_none) - return 0; - return KEY_API(enable_sa)(sa, isakmp_sa); -} - -int -sysdep_ipsec_group_spis(struct sa *sa, struct proto *proto1, - struct proto *proto2, int incoming) -{ - if (app_none) - return 0; - return KEY_API(group_spis)(sa, proto1, proto2, incoming); -} - -int -sysdep_ipsec_set_spi(struct sa *sa, struct proto *proto, int incoming, - struct sa *isakmp_sa) -{ - if (app_none) - return 0; - return KEY_API(set_spi) (sa,proto, incoming, isakmp_sa); -} |