diff options
| author | Niels Provos <provos@cvs.openbsd.org> | 1997-07-26 20:55:18 +0000 |
|---|---|---|
| committer | Niels Provos <provos@cvs.openbsd.org> | 1997-07-26 20:55:18 +0000 |
| commit | 7d5f399b683c9ed01619ad69554ad89ec341c017 (patch) | |
| tree | d25a0f8a57578a04e69202c656a6df704616f81e /sbin | |
| parent | eea6cbb06bf3ee67dcbe3c349482a113f94205af (diff) | |
reserve SPIs for correct protos: ah and/or esp.
Diffstat (limited to 'sbin')
| -rw-r--r-- | sbin/ipsec/photurisd/kernel.c | 38 | ||||
| -rw-r--r-- | sbin/ipsec/photurisd/kernel.h | 6 | ||||
| -rw-r--r-- | sbin/ipsec/photurisd/spi.c | 4 |
3 files changed, 41 insertions, 7 deletions
diff --git a/sbin/ipsec/photurisd/kernel.c b/sbin/ipsec/photurisd/kernel.c index 16aa1015b41..4ac77a8b703 100644 --- a/sbin/ipsec/photurisd/kernel.c +++ b/sbin/ipsec/photurisd/kernel.c @@ -29,7 +29,7 @@ */ #ifndef lint -static char rcsid[] = "$Id: kernel.c,v 1.2 1997/07/23 12:28:51 provos Exp $"; +static char rcsid[] = "$Id: kernel.c,v 1.3 1997/07/26 20:55:16 provos Exp $"; #endif #include <sys/param.h> @@ -110,7 +110,37 @@ kernel_xf_read(struct encap_msghdr *em, int msglen) } u_int32_t -kernel_reserve_spi(char *srcaddress) +kernel_reserve_spi(char *srcaddress, int options) +{ + u_int32_t spi; + int proto; + + if (options & (IPSEC_OPT_ENC|IPSEC_OPT_AUTH) != + (IPSEC_OPT_ENC|IPSEC_OPT_AUTH)) { + switch(options & (IPSEC_OPT_ENC|IPSEC_OPT_AUTH)) { + case IPSEC_OPT_ENC: + proto = IPPROTO_ESP; + default: + proto = IPPROTO_AH; + } + return kernel_reserve_single_spi(srcaddress, 0, proto); + } + + if (!(spi = kernel_reserve_single_spi(srcaddress, 0, IPPROTO_ESP))) + return spi; + + /* Try to get the same spi for ah and esp */ + while (!kernel_reserve_single_spi(srcaddress, spi, IPPROTO_AH)) { + kernel_delete_spi(srcaddress, (u_int8_t *)&spi, IPPROTO_ESP); + if (!(spi = kernel_reserve_single_spi(srcaddress, 0, IPPROTO_ESP))) + return spi; + } + + return spi; +} + +u_int32_t +kernel_reserve_single_spi(char *srcaddress, u_int32_t spi, int proto) { struct encap_msghdr *em; @@ -122,8 +152,9 @@ kernel_reserve_spi(char *srcaddress) em->em_version = PFENCAP_VERSION_1; em->em_type = EMT_RESERVESPI; - em->em_gen_spi = 0; + em->em_gen_spi = spi; em->em_gen_dst.s_addr = inet_addr(srcaddress); + em->em_gen_sproto = proto; if (!kernel_xf_set(em)) return 0; @@ -133,6 +164,7 @@ kernel_reserve_spi(char *srcaddress) return em->em_gen_spi; } + int kernel_md5(char *srcaddress, char *dstaddress, u_int8_t *spi, u_int8_t *secret, int tunnel) diff --git a/sbin/ipsec/photurisd/kernel.h b/sbin/ipsec/photurisd/kernel.h index 9f72bc44bff..ad1ac0020d4 100644 --- a/sbin/ipsec/photurisd/kernel.h +++ b/sbin/ipsec/photurisd/kernel.h @@ -27,7 +27,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -/* $Id: kernel.h,v 1.2 1997/07/23 12:28:52 provos Exp $ */ +/* $Id: kernel.h,v 1.3 1997/07/26 20:55:16 provos Exp $ */ /* * kernel.h: * security paramter index creation. @@ -62,7 +62,9 @@ int kernel_delete_spi(char *address, u_int8_t *spi, int proto); #define EXTERN extern #endif -EXTERN u_int32_t kernel_reserve_spi( char *srcaddress); +EXTERN u_int32_t kernel_reserve_spi( char *srcaddress, int options); +EXTERN u_int32_t kernel_reserve_single_spi(char *srcaddress, u_int32_t spi, + int proto); EXTERN int kernel_insert_spi(struct spiob *SPI); EXTERN int kernel_unlink_spi(struct spiob *ospi); diff --git a/sbin/ipsec/photurisd/spi.c b/sbin/ipsec/photurisd/spi.c index e73d97ac12d..e6c8a4dbbeb 100644 --- a/sbin/ipsec/photurisd/spi.c +++ b/sbin/ipsec/photurisd/spi.c @@ -33,7 +33,7 @@ */ #ifndef lint -static char rcsid[] = "$Id: spi.c,v 1.3 1997/07/23 12:28:54 provos Exp $"; +static char rcsid[] = "$Id: spi.c,v 1.4 1997/07/26 20:55:17 provos Exp $"; #endif #define _SPI_C_ @@ -156,7 +156,7 @@ make_spi(struct stateob *st, char *local_address, for(i=0; i<SPI_SIZE; i++) { if(i%4 == 0) #ifdef IPSEC - tmp = kernel_reserve_spi(local_address); + tmp = kernel_reserve_spi(local_address, st->flags); #else tmp = arc4random(); #endif |