summaryrefslogtreecommitdiff
path: root/sys
diff options
context:
space:
mode:
authorAngelos D. Keromytis <angelos@cvs.openbsd.org>2000-09-29 19:00:15 +0000
committerAngelos D. Keromytis <angelos@cvs.openbsd.org>2000-09-29 19:00:15 +0000
commit4665b240988d0a86d57610b6f4759283bf848071 (patch)
tree491e8d794c340c6e6884858cf1620869f78cdbd4 /sys
parent9b051c09161d8fb6282dc3032146f5d0b24a1f48 (diff)
Don't use an SA payload for ADDFLOW/DELFLOW.
Diffstat (limited to 'sys')
-rw-r--r--sys/net/pfkeyv2.c38
-rw-r--r--sys/net/pfkeyv2_parsemessage.c8
2 files changed, 5 insertions, 41 deletions
diff --git a/sys/net/pfkeyv2.c b/sys/net/pfkeyv2.c
index d7972265736..b37c7b3441e 100644
--- a/sys/net/pfkeyv2.c
+++ b/sys/net/pfkeyv2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfkeyv2.c,v 1.44 2000/09/21 02:38:32 angelos Exp $ */
+/* $OpenBSD: pfkeyv2.c,v 1.45 2000/09/29 19:00:13 angelos Exp $ */
/*
%%% copyright-nrl-97
This software is Copyright 1997-1998 by Randall Atkinson, Ronald Lee,
@@ -1475,7 +1475,6 @@ pfkeyv2_send(struct socket *socket, void *message, int len)
u_int8_t transproto = 0;
u_int8_t direction;
int exists = 0;
- struct tdb *ktdb = NULL;
direction = (((struct sadb_protocol *) headers[SADB_X_EXT_FLOW_TYPE])->sadb_protocol_direction);
if ((direction != IPSP_DIRECTION_IN) &&
@@ -1485,8 +1484,6 @@ pfkeyv2_send(struct socket *socket, void *message, int len)
goto ret;
}
- ssa = (struct sadb_sa *) headers[SADB_EXT_SA];
-
/* If the security protocol wasn't specified, pretend it was ESP */
if (smsg->sadb_msg_satype == 0)
smsg->sadb_msg_satype = SADB_SATYPE_ESP;
@@ -1651,39 +1648,6 @@ pfkeyv2_send(struct socket *socket, void *message, int len)
sizeof(struct sockaddr_encap));
}
- /*
- * A direct "hint" was provided, try to locate TDB. If we
- * don't find it, return an error, since it was expected
- * that we'd be able to find the TDB. Be careful with any
- * previously pointed to TDB.
- */
- if (ssa && ssa->sadb_sa_spi && sunionp)
- {
- ktdb = ipo->ipo_tdb; /* Hold for now */
-
- s = spltdb();
- ipo->ipo_tdb = gettdb(ssa->sadb_sa_spi, sunionp,
- SADB_GETSPROTO(smsg->sadb_msg_satype));
- if (ipo->ipo_tdb == NULL)
- {
- if (!exists)
- FREE(ipo, M_TDB);
- else
- ipsec_delete_policy(ipo);
- rval = ESRCH;
- goto splxret;
- }
- else
- {
- if (ktdb)
- TAILQ_REMOVE(&ktdb->tdb_policy_head, ipo, ipo_tdb_next);
- TAILQ_INSERT_HEAD(&ipo->ipo_tdb->tdb_policy_head, ipo,
- ipo_tdb_next);
- }
-
- splx(s);
- }
-
switch (((struct sadb_protocol *) headers[SADB_X_EXT_FLOW_TYPE])->sadb_protocol_proto)
{
case FLOW_X_TYPE_USE:
diff --git a/sys/net/pfkeyv2_parsemessage.c b/sys/net/pfkeyv2_parsemessage.c
index 1c1e7ab3b2c..6977e074b25 100644
--- a/sys/net/pfkeyv2_parsemessage.c
+++ b/sys/net/pfkeyv2_parsemessage.c
@@ -86,9 +86,9 @@ uint32_t sadb_exts_allowed_in[SADB_MAX+1] =
/* X_PROMISC */
0,
/* X_ADDFLOW */
- BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST | BITMAP_SA | BITMAP_X_SRC_MASK | BITMAP_X_DST_MASK | BITMAP_X_PROTOCOL | BITMAP_X_SRC_FLOW | BITMAP_X_DST_FLOW | BITMAP_X_FLOW_TYPE | BITMAP_IDENTITY_SRC | BITMAP_IDENTITY_DST,
+ BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST | BITMAP_X_SRC_MASK | BITMAP_X_DST_MASK | BITMAP_X_PROTOCOL | BITMAP_X_SRC_FLOW | BITMAP_X_DST_FLOW | BITMAP_X_FLOW_TYPE | BITMAP_IDENTITY_SRC | BITMAP_IDENTITY_DST,
/* X_DELFLOW */
- BITMAP_X_SRC_MASK | BITMAP_X_DST_MASK | BITMAP_X_PROTOCOL | BITMAP_X_SRC_FLOW | BITMAP_X_DST_FLOW | BITMAP_SA | BITMAP_ADDRESS_DST | BITMAP_X_FLOW_TYPE,
+ BITMAP_X_SRC_MASK | BITMAP_X_DST_MASK | BITMAP_X_PROTOCOL | BITMAP_X_SRC_FLOW | BITMAP_X_DST_FLOW | BITMAP_X_FLOW_TYPE,
/* X_GRPSPIS */
BITMAP_SA | BITMAP_X_SA2 | BITMAP_X_DST2 | BITMAP_ADDRESS_DST | BITMAP_X_PROTOCOL,
};
@@ -154,9 +154,9 @@ uint32_t sadb_exts_allowed_out[SADB_MAX+1] =
/* X_PROMISC */
0,
/* X_ADDFLOW */
- BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST | BITMAP_SA | BITMAP_X_SRC_MASK | BITMAP_X_DST_MASK | BITMAP_X_PROTOCOL | BITMAP_X_SRC_FLOW | BITMAP_X_DST_FLOW | BITMAP_X_FLOW_TYPE | BITMAP_IDENTITY_SRC | BITMAP_IDENTITY_DST,
+ BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST | BITMAP_X_SRC_MASK | BITMAP_X_DST_MASK | BITMAP_X_PROTOCOL | BITMAP_X_SRC_FLOW | BITMAP_X_DST_FLOW | BITMAP_X_FLOW_TYPE | BITMAP_IDENTITY_SRC | BITMAP_IDENTITY_DST,
/* X_DELFLOW */
- BITMAP_X_SRC_MASK | BITMAP_X_DST_MASK | BITMAP_X_PROTOCOL | BITMAP_X_SRC_FLOW | BITMAP_X_DST_FLOW | BITMAP_SA | BITMAP_ADDRESS_DST | BITMAP_X_FLOW_TYPE,
+ BITMAP_X_SRC_MASK | BITMAP_X_DST_MASK | BITMAP_X_PROTOCOL | BITMAP_X_SRC_FLOW | BITMAP_X_DST_FLOW | BITMAP_X_FLOW_TYPE,
/* X_GRPSPIS */
BITMAP_SA | BITMAP_X_SA2 | BITMAP_X_DST2 | BITMAP_ADDRESS_DST | BITMAP_X_PROTOCOL,
};