sync with pfkey rfc. you need to rebuild ipsecadm and isakmpd after this.

okay angelos@

3 files changed, 52 insertions, 44 deletions

diff --git a/sys/net/pfkeyv2.c b/sys/net/pfkeyv2.c
index ed0c168f1e3..c596d6e50e5 100644
--- a/sys/net/pfkeyv2.c
+++ b/sys/net/pfkeyv2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfkeyv2.c,v 1.51 2000/11/17 05:08:14 angelos Exp $ */
+/* $OpenBSD: pfkeyv2.c,v 1.52 2000/12/14 18:07:29 provos Exp $ */
 /*
 %%% copyright-nrl-97
 This software is Copyright 1997-1998 by Randall Atkinson, Ronald Lee,
@@ -1515,7 +1515,7 @@ pfkeyv2_send(struct socket *socket, void *message, int len)
 	    pfkeyv2_socket->flags |= PFKEYV2_SOCKETFLAGS_REGISTERED;
 	    nregistered++;
 
-	    i = sizeof(struct sadb_supported) + sizeof(ealgs) + sizeof(aalgs);
+	    i = sizeof(struct sadb_supported) + sizeof(ealgs);
 
 	    if (!(freeme = malloc(i, M_PFKEY, M_DONTWAIT)))
 	    {
@@ -1523,6 +1523,27 @@ pfkeyv2_send(struct socket *socket, void *message, int len)
 		goto ret;
 	    }
       
+	    bzero(freeme, i);
+
+	    ssup = (struct sadb_supported *) freeme;
+	    ssup->sadb_supported_len = i / sizeof(uint64_t);
+
+	    {
+		void *p = freeme + sizeof(struct sadb_supported);
+
+		bcopy(&ealgs[0], p, sizeof(ealgs));
+	    }
+
+	    headers[SADB_EXT_SUPPORTED_ENCRYPT] = freeme;
+
+	    i = sizeof(struct sadb_supported) + sizeof(aalgs);
+
+	    if (!(freeme = malloc(i, M_PFKEY, M_DONTWAIT)))
+	    {
+		rval = ENOMEM;
+		goto ret;
+	    }
+
 	    /* Keep track what this socket has registered for */
 	    pfkeyv2_socket->registration |= (1 << ((struct sadb_msg *)message)->sadb_msg_satype);
       
@@ -1530,21 +1551,16 @@ pfkeyv2_send(struct socket *socket, void *message, int len)
 
 	    ssup = (struct sadb_supported *) freeme;
 	    ssup->sadb_supported_len = i / sizeof(uint64_t);
-	    ssup->sadb_supported_nauth = sizeof(aalgs) /
-					 sizeof(struct sadb_alg);
-	    ssup->sadb_supported_nencrypt = sizeof(ealgs) /
-					    sizeof(struct sadb_alg);
 
 	    {
 		void *p = freeme + sizeof(struct sadb_supported);
 
 		bcopy(&aalgs[0], p, sizeof(aalgs));
-		p += sizeof(aalgs);
-		bcopy(&ealgs[0], p, sizeof(ealgs));
 	    }
 
-	     headers[SADB_EXT_SUPPORTED] = freeme;
-	     break;
+	    headers[SADB_EXT_SUPPORTED_AUTH] = freeme;
+
+	    break;
 
 	case SADB_ACQUIRE:
 	case SADB_EXPIRE:
diff --git a/sys/net/pfkeyv2.h b/sys/net/pfkeyv2.h
index 263832b1d64..acd5c1bbef8 100644
--- a/sys/net/pfkeyv2.h
+++ b/sys/net/pfkeyv2.h
@@ -130,13 +130,11 @@ struct sadb_comb {
 struct sadb_supported {
   uint16_t sadb_supported_len;
   uint16_t sadb_supported_exttype;
-  uint8_t sadb_supported_nauth;
-  uint8_t sadb_supported_nencrypt;
-  uint16_t sadb_supported_reserved;
+  uint32_t sadb_supported_reserved;
 };
 
 struct sadb_alg {
-  uint8_t sadb_alg_type;
+  uint8_t sadb_alg_id;
   uint8_t sadb_alg_ivlen;
   uint16_t sadb_alg_minbits;
   uint16_t sadb_alg_maxbits;
@@ -183,18 +181,19 @@ struct sadb_policy {
 #define SADB_EXT_IDENTITY_DST         11
 #define SADB_EXT_SENSITIVITY          12
 #define SADB_EXT_PROPOSAL             13
-#define SADB_EXT_SUPPORTED            14
-#define SADB_EXT_SPIRANGE             15
-#define SADB_X_EXT_SRC_MASK           16
-#define SADB_X_EXT_DST_MASK           17
-#define SADB_X_EXT_PROTOCOL           18
-#define SADB_X_EXT_FLOW_TYPE          19
-#define SADB_X_EXT_SRC_FLOW           20
-#define SADB_X_EXT_DST_FLOW           21
-#define SADB_X_EXT_SA2                22
-#define SADB_X_EXT_DST2               23
-#define SADB_X_EXT_POLICY             24
-#define SADB_EXT_MAX                  24
+#define SADB_EXT_SUPPORTED_AUTH	      14
+#define SADB_EXT_SUPPORTED_ENCRYPT    15
+#define SADB_EXT_SPIRANGE             16
+#define SADB_X_EXT_SRC_MASK           17
+#define SADB_X_EXT_DST_MASK           18
+#define SADB_X_EXT_PROTOCOL           19
+#define SADB_X_EXT_FLOW_TYPE          20
+#define SADB_X_EXT_SRC_FLOW           21
+#define SADB_X_EXT_DST_FLOW           22
+#define SADB_X_EXT_SA2                23
+#define SADB_X_EXT_DST2               24
+#define SADB_X_EXT_POLICY             25
+#define SADB_EXT_MAX                  25
 
 /* Fix pfkeyv2.c struct pfkeyv2_socket if SATYPE_MAX > 31 */
 #define SADB_SATYPE_UNSPEC		 0
diff --git a/sys/net/pfkeyv2_parsemessage.c b/sys/net/pfkeyv2_parsemessage.c
index 9d0acd8d4dd..3b8b8441b9e 100644
--- a/sys/net/pfkeyv2_parsemessage.c
+++ b/sys/net/pfkeyv2_parsemessage.c
@@ -43,7 +43,8 @@ you didn't get a copy, you may request one from <license@inner.net>.
 #define BITMAP_IDENTITY_DST            (1 << SADB_EXT_IDENTITY_DST)
 #define BITMAP_SENSITIVITY             (1 << SADB_EXT_SENSITIVITY)
 #define BITMAP_PROPOSAL                (1 << SADB_EXT_PROPOSAL)
-#define BITMAP_SUPPORTED               (1 << SADB_EXT_SUPPORTED)
+#define BITMAP_SUPPORTED_AUTH          (1 << SADB_EXT_SUPPORTED_AUTH)
+#define BITMAP_SUPPORTED_ENCRYPT       (1 << SADB_EXT_SUPPORTED_ENCRYPT)
 #define BITMAP_SPIRANGE                (1 << SADB_EXT_SPIRANGE)
 #define BITMAP_LIFETIME (BITMAP_LIFETIME_CURRENT | BITMAP_LIFETIME_HARD | BITMAP_LIFETIME_SOFT)
 #define BITMAP_ADDRESS (BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST | BITMAP_ADDRESS_PROXY)
@@ -149,7 +150,7 @@ uint32_t sadb_exts_allowed_out[SADB_MAX+1] =
   /* ACQUIRE */
   BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST | BITMAP_IDENTITY | BITMAP_PROPOSAL,
   /* REGISTER */
-  BITMAP_SUPPORTED,
+  BITMAP_SUPPORTED_AUTH | BITMAP_SUPPORTED_ENCRYPT,
   /* EXPIRE */
   BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS,
   /* FLUSH */
@@ -185,7 +186,7 @@ uint32_t sadb_exts_required_out[SADB_MAX+1] =
   /* ACQUIRE */
   0,
   /* REGISTER */
-  BITMAP_SUPPORTED,
+  BITMAP_SUPPORTED_AUTH | BITMAP_SUPPORTED_ENCRYPT,
   /* EXPIRE */
   BITMAP_SA | BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST,
   /* FLUSH */
@@ -491,7 +492,8 @@ pfkeyv2_parsemessage(void *p, int len, void **headers)
 	  }
 	}
         break;
-      case SADB_EXT_SUPPORTED:
+      case SADB_EXT_SUPPORTED_AUTH:
+      case SADB_EXT_SUPPORTED_ENCRYPT:
 	{
 	  struct sadb_supported *sadb_supported = (struct sadb_supported *)p;
 	  int j;
@@ -502,24 +504,15 @@ pfkeyv2_parsemessage(void *p, int len, void **headers)
 	  if (sadb_supported->sadb_supported_reserved)
 	    return EINVAL;
 
-	  if (i != ((sadb_supported->sadb_supported_nauth +
-		     sadb_supported->sadb_supported_nencrypt) *
-		    sizeof(struct sadb_alg)) + sizeof(struct sadb_supported))
-	    return EINVAL;
-
 	  {
 	    struct sadb_alg *sadb_alg = (struct sadb_alg *)(p + sizeof(struct sadb_supported));
-	    for (j = 0; j < sadb_supported->sadb_supported_nauth; j++) {
-	      if (sadb_alg->sadb_alg_type > SADB_AALG_MAX)
-		return EINVAL;
+	    int max_alg;
 
-	      if (sadb_alg->sadb_alg_reserved)
-		return EINVAL;
+	    max_alg = sadb_ext->sadb_ext_type == SADB_EXT_SUPPORTED_AUTH ?
+		    SADB_AALG_MAX : SADB_EALG_MAX;
 
-	      sadb_alg++;
-	    }
-	    for (j = 0; j < sadb_supported->sadb_supported_nencrypt; j++) {
-	      if (sadb_alg->sadb_alg_type > SADB_EALG_MAX)
+	    for (j = 0; j < sadb_supported->sadb_supported_len - 1; j++) {
+	      if (sadb_alg->sadb_alg_id > max_alg)
 		return EINVAL;
 
 	      if (sadb_alg->sadb_alg_reserved)