diff options
author | Niklas Hallqvist <niklas@cvs.openbsd.org> | 1999-03-24 17:00:48 +0000 |
---|---|---|
committer | Niklas Hallqvist <niklas@cvs.openbsd.org> | 1999-03-24 17:00:48 +0000 |
commit | b80bafe0d8f1a9085de8d083a14ff60715858dba (patch) | |
tree | b6137a507e85d0e7ba52a5690e0d70db514efad3 /sys/net | |
parent | c9431262f61a02240623605f326aa66eb0668b65 (diff) |
Implement lifetime expiration notifications. Fix some typos. Remove statics.
Diffstat (limited to 'sys/net')
-rw-r--r-- | sys/net/pfkeyv2.c | 124 | ||||
-rw-r--r-- | sys/net/pfkeyv2.h | 11 |
2 files changed, 106 insertions, 29 deletions
diff --git a/sys/net/pfkeyv2.c b/sys/net/pfkeyv2.c index 53ee477b6a2..b57ff0f9903 100644 --- a/sys/net/pfkeyv2.c +++ b/sys/net/pfkeyv2.c @@ -59,9 +59,7 @@ struct pfkeyv2_socket { static struct pfkeyv2_socket *pfkeyv2_sockets = NULL; -#if 0 /* XXX */ static uint32_t pfkeyv2_seq = 1; -#endif static int nregistered = 0; static int npromisc = 0; @@ -83,16 +81,28 @@ static struct sadb_alg aalgs[] = { extern int pfkey_register(struct pfkey_version *version); int pfkey_unregister(struct pfkey_version *version); int pfkey_sendup(struct socket *socket, struct mbuf *packet, int more); -int pfkeyv2_parsemessage(void *p, int len, void **headers); + +void export_address(void **, struct sockaddr *); +void export_identity(void **, struct tdb *, int); +void export_lifetime(void **, struct tdb *, int); +void export_sa(void **, struct tdb *); +void import_address(struct sockaddr *, struct sadb_address *); +void import_identity(struct tdb *, struct sadb_ident *, int); +void import_key(struct ipsecinit *, struct sadb_key *, int); +void import_lifetime(struct tdb *, struct sadb_lifetime *, int); +void import_sa(struct tdb *, struct sadb_sa *, struct ipsecinit *); +int pfdatatopacket(void *, int, struct mbuf **); int pfkeyv2_acquire(void *); -int pfkeyv2_init(void); -int pfkeyv2_cleanup(void); -int pfkeyv2_expire(struct tdb *); +int pfkeyv2_create(struct socket *); +int pfkeyv2_get(struct tdb *, void **, void **); +int pfkeyv2_release(struct socket *); +int pfkeyv2_send(struct socket *, void *, int); +int pfkeyv2_sendmessage(void **, int, struct socket *, u_int8_t, int); #define EXTLEN(x) (((struct sadb_ext *)(x))->sadb_ext_len * sizeof(uint64_t)) #define PADUP(x) (((x) + sizeof(uint64_t) - 1) & ~(sizeof(uint64_t) - 1)) -static int +int pfdatatopacket(void *data, int len, struct mbuf **packet) { if (!(*packet = m_devget(data, len, 0, NULL, NULL))) @@ -101,7 +111,7 @@ pfdatatopacket(void *data, int len, struct mbuf **packet) return 0; } -static int +int pfkeyv2_create(struct socket *socket) { struct pfkeyv2_socket *pfkeyv2_socket; @@ -120,7 +130,7 @@ pfkeyv2_create(struct socket *socket) return 0; } -static int +int pfkeyv2_release(struct socket *socket) { struct pfkeyv2_socket **pp; @@ -148,7 +158,7 @@ pfkeyv2_release(struct socket *socket) return 0; } -static void +void import_sa(struct tdb *tdb, struct sadb_sa *sadb_sa, struct ipsecinit *ii) { if (!sadb_sa) @@ -176,7 +186,7 @@ import_sa(struct tdb *tdb, struct sadb_sa *sadb_sa, struct ipsecinit *ii) tdb->tdb_flags |= TDBF_INVALID; } -static void +void export_sa(void **p, struct tdb *tdb) { struct sadb_sa *sadb_sa = (struct sadb_sa *)*p; @@ -207,7 +217,7 @@ export_sa(void **p, struct tdb *tdb) *p += sizeof(struct sadb_sa); } -static void +void import_lifetime(struct tdb *tdb, struct sadb_lifetime *sadb_lifetime, int type) { struct expiration *exp; @@ -288,7 +298,7 @@ import_lifetime(struct tdb *tdb, struct sadb_lifetime *sadb_lifetime, int type) } } -static void +void export_lifetime(void **p, struct tdb *tdb, int type) { struct sadb_lifetime *sadb_lifetime = (struct sadb_lifetime *)*p; @@ -340,7 +350,7 @@ export_lifetime(void **p, struct tdb *tdb, int type) *p += sizeof(struct sadb_lifetime); } -static void +void import_address(struct sockaddr *sa, struct sadb_address *sadb_address) { int salen; @@ -370,7 +380,7 @@ import_address(struct sockaddr *sa, struct sadb_address *sadb_address) sa->sa_len = salen; } -static void +void export_address(void **p, struct sockaddr *sa) { struct sadb_address *sadb_address = (struct sadb_address *)*p; @@ -384,7 +394,7 @@ export_address(void **p, struct sockaddr *sa) *p += PADUP(SA_LEN(sa)); } -static void +void import_identity(struct tdb *tdb, struct sadb_ident *sadb_ident, int type) { if (!sadb_ident) @@ -409,7 +419,7 @@ import_identity(struct tdb *tdb, struct sadb_ident *sadb_ident, int type) } } -static void +void export_identity(void **p, struct tdb *tdb, int type) { struct sadb_ident *sadb_ident = (struct sadb_ident *)*p; @@ -429,7 +439,7 @@ export_identity(void **p, struct tdb *tdb, int type) } } -static void +void import_key(struct ipsecinit *ii, struct sadb_key *sadb_key, int type) { if (!sadb_key) @@ -444,7 +454,7 @@ import_key(struct ipsecinit *ii, struct sadb_key *sadb_key, int type) } } -static int +int pfkeyv2_sendmessage(void **headers, int mode, struct socket *socket, u_int8_t satype, int count) { @@ -555,7 +565,7 @@ ret: extern uint32_t sadb_exts_allowed_out[SADB_MAX+1]; extern uint32_t sadb_exts_required_out[SADB_MAX+1]; -static int +int pfkeyv2_get(struct tdb *sa, void **headers, void **buffer) { int rval, i; @@ -646,7 +656,7 @@ struct dump_state { }; #if 0 /* XXX Need to add a tdb_walk routine for this to work */ -static int +int pfkeyv2_dump_walker(struct tdb *sa, void *state) { struct dump_state *dump_state = (struct dump_state *)state; @@ -670,7 +680,7 @@ pfkeyv2_dump_walker(struct tdb *sa, void *state) } #endif /* 0 */ -static int +int pfkeyv2_send(struct socket *socket, void *message, int len) { void *headers[SADB_EXT_MAX + 1]; @@ -1521,10 +1531,74 @@ ret: } int -pfkeyv2_expire(struct tdb *sa) +pfkeyv2_expire(struct tdb *sa, u_int16_t type) { - /* XXX missing */ - return 0; + int rval = 0; + int i; + u_int8_t satype; + void *p, *headers[SADB_EXT_MAX+1], *buffer; + + switch (sa->tdb_sproto) { + case IPPROTO_AH: + satype = sa->tdb_xform->xf_type == XF_OLD_AH ? SADB_SATYPE_X_AH_OLD : SADB_SATYPE_AH; + break; + case IPPROTO_ESP: + satype = sa->tdb_xform->xf_type == XF_OLD_ESP ? SADB_SATYPE_X_ESP_OLD : SADB_SATYPE_ESP; + break; + case IPPROTO_IPIP: + satype = SADB_SATYPE_X_IPIP; + break; + default: + rval = EOPNOTSUPP; + goto ret; + } + + i = sizeof(struct sadb_msg) + sizeof(struct sadb_sa) + + 2 * sizeof(struct sadb_lifetime) + + sizeof(struct sadb_address) + PADUP(SA_LEN(&sa->tdb_src.sa)) + + sizeof(struct sadb_address) + PADUP(SA_LEN(&sa->tdb_dst.sa)); + + if (!(p = malloc(i, M_TEMP, M_DONTWAIT))) { + rval = ENOMEM; + goto ret; + } + + bzero(headers, sizeof(headers)); + + buffer = p; + bzero(p, i); + + headers[0] = p; + p += sizeof(struct sadb_msg); + ((struct sadb_msg *)headers[0])->sadb_msg_version = PF_KEY_V2; + ((struct sadb_msg *)headers[0])->sadb_msg_type = SADB_EXPIRE; + ((struct sadb_msg *)headers[0])->sadb_msg_satype = satype; + ((struct sadb_msg *)headers[0])->sadb_msg_len = i / sizeof(uint64_t); + ((struct sadb_msg *)headers[0])->sadb_msg_seq = pfkeyv2_seq++; + + headers[SADB_EXT_SA] = p; + export_sa(&p, sa); + + headers[SADB_EXT_LIFETIME_CURRENT] = p; + export_lifetime(&p, sa, 2); + + headers[type] = p; + export_lifetime(&p, sa, type == SADB_EXT_LIFETIME_SOFT ? 1 : 0); + + headers[SADB_EXT_ADDRESS_SRC] = p; + export_address(&p, (struct sockaddr *)&sa->tdb_src); + + headers[SADB_EXT_ADDRESS_DST] = p; + export_address(&p, (struct sockaddr *)&sa->tdb_dst); + + if ((rval = pfkeyv2_sendmessage(headers, PFKEYV2_SENDMESSAGE_BROADCAST, + NULL, 0, 0))!= 0) + goto ret; + + rval = 0; + +ret: + return rval; } int diff --git a/sys/net/pfkeyv2.h b/sys/net/pfkeyv2.h index 31f68a9ec86..6945f81951e 100644 --- a/sys/net/pfkeyv2.h +++ b/sys/net/pfkeyv2.h @@ -230,7 +230,7 @@ struct sadb_protocol { #define SADB_SAFLAGS_X_HALFIV 0x02 /* Used for ESP-old */ #define SADB_SAFLAGS_X_TUNNEL 0x04 /* Force tunneling */ #define SADB_SAFLAGS_X_CHAINDEL 0x08 /* Delete whole SA chain */ -#define SADB_SAFLAGS_X_LOCALFLOW 0x10 /* Delete whole SA chain */ +#define SADB_SAFLAGS_X_LOCALFLOW 0x10 /* Add flow with 0.0.0.0 as src */ #define SADB_IDENTTYPE_RESERVED 0 #define SADB_IDENTTYPE_PREFIX 1 @@ -241,9 +241,12 @@ struct sadb_protocol { #define SADB_KEY_FLAGS_MAX 0 -#ifdef KERNEL +#ifdef _KERNEL +struct tdb; + int pfkeyv2_init(void); int pfkeyv2_cleanup(void); -int pfkeyv2_parsemessage(void *p, int len, void **headers); -#endif /* KERNEL */ +int pfkeyv2_parsemessage(void *, int, void **); +int pfkeyv2_expire(struct tdb *, u_int16_t); +#endif /* _KERNEL */ #endif /* _NET_PFKEY_V2_H */ |