src - OpenBSD base system

diff options


context:
space:
mode:

author	Niklas Hallqvist <niklas@cvs.openbsd.org>	2001-06-05 00:17:50 +0000
committer	Niklas Hallqvist <niklas@cvs.openbsd.org>	2001-06-05 00:17:50 +0000
commit	8e6c3e7c8786612ca32cd1b37fe373994f13ac4b (patch)
tree	0d88ee4fd328942c00afd4789a231dc476155521 /sys
parent	47dae9154b0226f4c96808a892e9a390cbe0c28d (diff)

Make our pfkeyv2.h more RFC2367 compliant. Also fix some backwards

compatibility problems in isakmpd, at least 2.8 stable can compile current isakmpd now. angelos@ ok

Diffstat (limited to 'sys')

-rw-r--r--

sys/net/pfkeyv2.c

-rw-r--r--

sys/net/pfkeyv2.h

-rw-r--r--

sys/net/pfkeyv2_parsemessage.c

3 files changed, 96 insertions, 88 deletions

diff --git a/sys/net/pfkeyv2.c b/sys/net/pfkeyv2.c
index 7cae9ea92a9..92453ef5a67 100644
--- a/sys/net/pfkeyv2.c
+++ b/sys/net/pfkeyv2.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: pfkeyv2.c,v 1.62 2001/05/30 16:44:11 angelos Exp $ */

+/* $OpenBSD: pfkeyv2.c,v 1.63 2001/06/05 00:17:48 niklas Exp $ */

%%% copyright-nrl-97

@@ -71,12 +71,12 @@ void export_sa(void **, struct tdb *);

void export_key(void **, struct tdb *, int);

void export_auth(void **, struct tdb *, int);

-void import_auth(struct tdb *, struct sadb_cred *, int);

+void import_auth(struct tdb *, struct sadb_x_cred *, int);

void import_address(struct sockaddr *, struct sadb_address *);

void import_identity(struct tdb *, struct sadb_ident *, int);

void import_key(struct ipsecinit *, struct sadb_key *, int);

void import_lifetime(struct tdb *, struct sadb_lifetime *, int);

-void import_credentials(struct tdb *, struct sadb_cred *, int);

+void import_credentials(struct tdb *, struct sadb_x_cred *, int);

void import_sa(struct tdb *, struct sadb_sa *, struct ipsecinit *);

int pfkeyv2_create(struct socket *);

@@ -489,7 +489,7 @@ export_address(void **p, struct sockaddr *sa)

* Import authentication information into the TDB.

void

-import_auth(struct tdb *tdb, struct sadb_cred *sadb_auth, int dstauth)

+import_auth(struct tdb *tdb, struct sadb_x_cred *sadb_auth, int dstauth)

{

struct ipsec_ref **ipr;

@@ -502,15 +502,15 @@ import_auth(struct tdb *tdb, struct sadb_cred *sadb_auth, int dstauth)

ipr = &tdb->tdb_local_auth;

MALLOC(*ipr, struct ipsec_ref *, EXTLEN(sadb_auth) -

- sizeof(struct sadb_cred) + sizeof(struct ipsec_ref),

+ sizeof(struct sadb_x_cred) + sizeof(struct ipsec_ref),

M_CREDENTIALS, M_WAITOK);

- (*ipr)->ref_len = EXTLEN(sadb_auth) - sizeof(struct sadb_cred);

- switch (sadb_auth->sadb_cred_type)

+ (*ipr)->ref_len = EXTLEN(sadb_auth) - sizeof(struct sadb_x_cred);

+ switch (sadb_auth->sadb_x_cred_type)

{

- case SADB_AUTHTYPE_PASSPHRASE:

+ case SADB_X_AUTHTYPE_PASSPHRASE:

(*ipr)->ref_type = IPSP_AUTH_PASSPHRASE;

break;

- case SADB_AUTHTYPE_RSA:

+ case SADB_X_AUTHTYPE_RSA:

(*ipr)->ref_type = IPSP_AUTH_RSA;

break;

default:

@@ -520,7 +520,7 @@ import_auth(struct tdb *tdb, struct sadb_cred *sadb_auth, int dstauth)

}

(*ipr)->ref_count = 1;

(*ipr)->ref_malloctype = M_CREDENTIALS;

- bcopy((void *) sadb_auth + sizeof(struct sadb_cred),

+ bcopy((void *) sadb_auth + sizeof(struct sadb_x_cred),

(*ipr) + 1, (*ipr)->ref_len);

}

@@ -528,7 +528,7 @@ import_auth(struct tdb *tdb, struct sadb_cred *sadb_auth, int dstauth)

* Import a set of credentials into the TDB.

void

-import_credentials(struct tdb *tdb, struct sadb_cred *sadb_cred, int dstcred)

+import_credentials(struct tdb *tdb, struct sadb_x_cred *sadb_cred, int dstcred)

{

struct ipsec_ref **ipr;

@@ -541,15 +541,15 @@ import_credentials(struct tdb *tdb, struct sadb_cred *sadb_cred, int dstcred)

ipr = &tdb->tdb_local_cred;

MALLOC(*ipr, struct ipsec_ref *, EXTLEN(sadb_cred) -

- sizeof(struct sadb_cred) + sizeof(struct ipsec_ref),

+ sizeof(struct sadb_x_cred) + sizeof(struct ipsec_ref),

M_CREDENTIALS, M_WAITOK);

- (*ipr)->ref_len = EXTLEN(sadb_cred) - sizeof(struct sadb_cred);

- switch (sadb_cred->sadb_cred_type)

+ (*ipr)->ref_len = EXTLEN(sadb_cred) - sizeof(struct sadb_x_cred);

+ switch (sadb_cred->sadb_x_cred_type)

{

- case SADB_CREDTYPE_X509:

+ case SADB_X_CREDTYPE_X509:

(*ipr)->ref_type = IPSP_CRED_X509;

break;

- case SADB_CREDTYPE_KEYNOTE:

+ case SADB_X_CREDTYPE_KEYNOTE:

(*ipr)->ref_type = IPSP_CRED_KEYNOTE;

break;

default:

@@ -559,7 +559,7 @@ import_credentials(struct tdb *tdb, struct sadb_cred *sadb_cred, int dstcred)

}

(*ipr)->ref_count = 1;

(*ipr)->ref_malloctype = M_CREDENTIALS;

- bcopy((void *) sadb_cred + sizeof(struct sadb_cred),

+ bcopy((void *) sadb_cred + sizeof(struct sadb_x_cred),

(*ipr) + 1, (*ipr)->ref_len);

}

@@ -594,7 +594,7 @@ import_identity(struct tdb *tdb, struct sadb_ident *sadb_ident, int type)

case SADB_IDENTTYPE_USERFQDN:

(*ipr)->ref_type = IPSP_IDENTITY_USERFQDN;

break;

- case SADB_IDENTTYPE_CONNECTION:

+ case SADB_X_IDENTTYPE_CONNECTION:

(*ipr)->ref_type = IPSP_IDENTITY_CONNECTION;

break;

default:

@@ -612,26 +612,26 @@ void

export_credentials(void **p, struct tdb *tdb, int dstcred)

{

struct ipsec_ref **ipr;

- struct sadb_cred *sadb_cred = (struct sadb_cred *) *p;

+ struct sadb_x_cred *sadb_cred = (struct sadb_x_cred *) *p;

if (dstcred == PFKEYV2_CRED_REMOTE)

ipr = &tdb->tdb_remote_cred;

else

ipr = &tdb->tdb_local_cred;

- sadb_cred->sadb_cred_len = (sizeof(struct sadb_cred) +

- PADUP((*ipr)->ref_len)) / sizeof(uint64_t);

+ sadb_cred->sadb_x_cred_len = (sizeof(struct sadb_x_cred) +

+ PADUP((*ipr)->ref_len)) / sizeof(uint64_t);

switch ((*ipr)->ref_type)

{

case IPSP_CRED_KEYNOTE:

- sadb_cred->sadb_cred_type = SADB_CREDTYPE_KEYNOTE;

+ sadb_cred->sadb_x_cred_type = SADB_X_CREDTYPE_KEYNOTE;

break;

case IPSP_CRED_X509:

- sadb_cred->sadb_cred_type = SADB_CREDTYPE_X509;

+ sadb_cred->sadb_x_cred_type = SADB_X_CREDTYPE_X509;

break;

}

- *p += sizeof(struct sadb_cred);

+ *p += sizeof(struct sadb_x_cred);

bcopy((*ipr) + 1, *p, (*ipr)->ref_len);

*p += PADUP((*ipr)->ref_len);

}

@@ -640,26 +640,26 @@ void

export_auth(void **p, struct tdb *tdb, int dstauth)

{

struct ipsec_ref **ipr;

- struct sadb_cred *sadb_auth = (struct sadb_cred *) *p;

+ struct sadb_x_cred *sadb_auth = (struct sadb_x_cred *) *p;

if (dstauth == PFKEYV2_AUTH_REMOTE)

ipr = &tdb->tdb_remote_auth;

else

ipr = &tdb->tdb_local_auth;

- sadb_auth->sadb_cred_len = (sizeof(struct sadb_cred) +

- PADUP((*ipr)->ref_len)) / sizeof(uint64_t);

+ sadb_auth->sadb_x_cred_len = (sizeof(struct sadb_x_cred) +

+ PADUP((*ipr)->ref_len)) / sizeof(uint64_t);

switch ((*ipr)->ref_type)

{

case IPSP_CRED_KEYNOTE:

- sadb_auth->sadb_cred_type = SADB_CREDTYPE_KEYNOTE;

+ sadb_auth->sadb_x_cred_type = SADB_X_CREDTYPE_KEYNOTE;

break;

case IPSP_CRED_X509:

- sadb_auth->sadb_cred_type = SADB_CREDTYPE_X509;

+ sadb_auth->sadb_x_cred_type = SADB_X_CREDTYPE_X509;

break;

}

- *p += sizeof(struct sadb_cred);

+ *p += sizeof(struct sadb_x_cred);

bcopy((*ipr) + 1, *p, (*ipr)->ref_len);

*p += PADUP((*ipr)->ref_len);

}

@@ -689,7 +689,7 @@ export_identity(void **p, struct tdb *tdb, int type)

sadb_ident->sadb_ident_type = SADB_IDENTTYPE_USERFQDN;

break;

case IPSP_IDENTITY_CONNECTION:

- sadb_ident->sadb_ident_type = SADB_IDENTTYPE_CONNECTION;

+ sadb_ident->sadb_ident_type = SADB_X_IDENTTYPE_CONNECTION;

break;

}

*p += sizeof(struct sadb_ident);

@@ -1448,7 +1448,7 @@ pfkeyv2_send(struct socket *socket, void *message, int len)

/* Find TDB */

sa2 = gettdb(ssa->sadb_sa_spi, sunionp,

- SADB_GETSPROTO(smsg->sadb_msg_satype));

+ SADB_X_GETSPROTO(smsg->sadb_msg_satype));

/* If there's no such SA, we're done */

if (sa2 == NULL)

@@ -1565,7 +1565,7 @@ pfkeyv2_send(struct socket *socket, void *message, int len)

s = spltdb();

sa2 = gettdb(ssa->sadb_sa_spi, sunionp,

- SADB_GETSPROTO(smsg->sadb_msg_satype));

+ SADB_X_GETSPROTO(smsg->sadb_msg_satype));

/* We can't add an existing SA! */

if (sa2 != NULL)

@@ -1660,7 +1660,7 @@ pfkeyv2_send(struct socket *socket, void *message, int len)

s = spltdb();

sa2 = gettdb(ssa->sadb_sa_spi, sunionp,

- SADB_GETSPROTO(smsg->sadb_msg_satype));

+ SADB_X_GETSPROTO(smsg->sadb_msg_satype));

if (sa2 == NULL)

{

rval = ESRCH;

@@ -1676,7 +1676,7 @@ pfkeyv2_send(struct socket *socket, void *message, int len)

case SADB_X_ASKPOLICY:

/* Get the relevant policy */

- ipa = ipsec_get_acquire(((struct sadb_policy *) headers[SADB_X_EXT_POLICY])->sadb_policy_seq);

+ ipa = ipsec_get_acquire(((struct sadb_x_policy *) headers[SADB_X_EXT_POLICY])->sadb_x_policy_seq);

if (ipa == NULL)

{

rval = ESRCH;

@@ -1696,7 +1696,7 @@ pfkeyv2_send(struct socket *socket, void *message, int len)

s = spltdb();

sa2 = gettdb(ssa->sadb_sa_spi, sunionp,

- SADB_GETSPROTO(smsg->sadb_msg_satype));

+ SADB_X_GETSPROTO(smsg->sadb_msg_satype));

if (sa2 == NULL)

{

rval = ESRCH;

@@ -1826,7 +1826,7 @@ pfkeyv2_send(struct socket *socket, void *message, int len)

s = spltdb();

tdb1 = gettdb(ssa->sadb_sa_spi, sunionp,

- SADB_GETSPROTO(smsg->sadb_msg_satype));

+ SADB_X_GETSPROTO(smsg->sadb_msg_satype));

if (tdb1 == NULL)

{

rval = ESRCH;

@@ -1839,7 +1839,7 @@ pfkeyv2_send(struct socket *socket, void *message, int len)

sa_proto = ((struct sadb_protocol *) headers[SADB_X_EXT_PROTOCOL]);

tdb2 = gettdb(ssa->sadb_sa_spi, sunionp,

- SADB_GETSPROTO(sa_proto->sadb_protocol_proto));

+ SADB_X_GETSPROTO(sa_proto->sadb_protocol_proto));

if (tdb2 == NULL)

{

rval = ESRCH;

@@ -2056,27 +2056,27 @@ pfkeyv2_send(struct socket *socket, void *message, int len)

switch (((struct sadb_protocol *) headers[SADB_X_EXT_FLOW_TYPE])->sadb_protocol_proto)

{

- case FLOW_X_TYPE_USE:

+ case SADB_X_FLOW_TYPE_USE:

ipo->ipo_type = IPSP_IPSEC_USE;

break;

- case FLOW_X_TYPE_ACQUIRE:

+ case SADB_X_FLOW_TYPE_ACQUIRE:

ipo->ipo_type = IPSP_IPSEC_ACQUIRE;

break;

- case FLOW_X_TYPE_REQUIRE:

+ case SADB_X_FLOW_TYPE_REQUIRE:

ipo->ipo_type = IPSP_IPSEC_REQUIRE;

break;

- case FLOW_X_TYPE_DENY:

+ case SADB_X_FLOW_TYPE_DENY:

ipo->ipo_type = IPSP_DENY;

break;

- case FLOW_X_TYPE_BYPASS:

+ case SADB_X_FLOW_TYPE_BYPASS:

ipo->ipo_type = IPSP_PERMIT;

break;

- case FLOW_X_TYPE_DONTACQ:

+ case SADB_X_FLOW_TYPE_DONTACQ:

ipo->ipo_type = IPSP_IPSEC_DONTACQ;

break;

@@ -2112,7 +2112,7 @@ pfkeyv2_send(struct socket *socket, void *message, int len)

ipo->ipo_src.sa.sa_len = src->sa.sa_len;

}

- ipo->ipo_sproto = SADB_GETSPROTO(smsg->sadb_msg_satype);

+ ipo->ipo_sproto = SADB_X_GETSPROTO(smsg->sadb_msg_satype);

if (ipo->ipo_srcid)

{

ipsp_reffree(ipo->ipo_srcid);

diff --git a/sys/net/pfkeyv2.h b/sys/net/pfkeyv2.h
index 7677e8d4a29..371714dc037 100644
--- a/sys/net/pfkeyv2.h
+++ b/sys/net/pfkeyv2.h

@@ -12,7 +12,11 @@ didn't get a copy, you may request one from <license@ipv6.nrl.navy.mil>.

#ifndef _NET_PFKEY_V2_H

#define _NET_PFKEY_V2_H 1

-#define PF_KEY_V2 2

+#define PF_KEY_V2 2

+#define PFKEYV2_REVISION 199806L

+/* This should be updated whenever the API is altered. */

+#define _OPENBSD_IPSEC_API_VERSION 2

#define SADB_RESERVED 0

#define SADB_GETSPI 1

@@ -157,22 +161,24 @@ struct sadb_protocol {

uint16_t sadb_protocol_reserved2;

};

-struct sadb_policy {

- uint16_t sadb_policy_len;

- uint16_t sadb_policy_exttype;

- u_int32_t sadb_policy_seq;

+struct sadb_x_policy {

+ uint16_t sadb_x_policy_len;

+ uint16_t sadb_x_policy_exttype;

+ u_int32_t sadb_x_policy_seq;

};

-struct sadb_cred {

- uint16_t sadb_cred_len;

- uint16_t sadb_cred_exttype;

- uint16_t sadb_cred_type;

- uint16_t sadb_cred_reserved;

+struct sadb_x_cred {

+ uint16_t sadb_x_cred_len;

+ uint16_t sadb_x_cred_exttype;

+ uint16_t sadb_x_cred_type;

+ uint16_t sadb_x_cred_reserved;

};

-#define SADB_GETSPROTO(x) ( (x) == SADB_SATYPE_AH ? IPPROTO_AH :\

+#ifdef _KERNEL

+#define SADB_X_GETSPROTO(x) ( (x) == SADB_SATYPE_AH ? IPPROTO_AH :\

(x) == SADB_SATYPE_ESP ? IPPROTO_ESP :\

IPPROTO_IPIP )

+#endif

#define SADB_EXT_RESERVED 0

#define SADB_EXT_SA 1

@@ -259,15 +265,16 @@ struct sadb_cred {

#define SADB_X_SAFLAGS_RANDOMPADDING 0x080 /* Random ESP padding */

#define SADB_X_SAFLAGS_NOREPLAY 0x100 /* No replay counter */

-#define SADB_IDENTTYPE_RESERVED 0

-#define SADB_IDENTTYPE_PREFIX 1

-#define SADB_IDENTTYPE_FQDN 2

-#define SADB_IDENTTYPE_USERFQDN 3

-#define SADB_IDENTTYPE_CONNECTION 4

-#define SADB_IDENTTYPE_MAX 4

+#define SADB_IDENTTYPE_RESERVED 0

+#define SADB_IDENTTYPE_PREFIX 1

+#define SADB_IDENTTYPE_FQDN 2

+#define SADB_IDENTTYPE_USERFQDN 3

+#define SADB_X_IDENTTYPE_CONNECTION 4

+#define SADB_IDENTTYPE_MAX 4

#define SADB_KEY_FLAGS_MAX 0

+#ifdef _KERNEL

#define PFKEYV2_LIFETIME_HARD 0

#define PFKEYV2_LIFETIME_SOFT 1

#define PFKEYV2_LIFETIME_CURRENT 2

@@ -284,31 +291,32 @@ struct sadb_cred {

#define PFKEYV2_SENDMESSAGE_UNICAST 1

#define PFKEYV2_SENDMESSAGE_REGISTERED 2

#define PFKEYV2_SENDMESSAGE_BROADCAST 3

+#endif /* _KERNEL */

-#define SADB_CREDTYPE_NONE 0

-#define SADB_CREDTYPE_X509 1 /* ASN1 encoding of the certificate */

-#define SADB_CREDTYPE_KEYNOTE 2 /* NUL-terminated buffer */

-#define SADB_CREDTYPE_MAX 3

+#define SADB_X_CREDTYPE_NONE 0

+#define SADB_X_CREDTYPE_X509 1 /* ASN1 encoding of the certificate */

+#define SADB_X_CREDTYPE_KEYNOTE 2 /* NUL-terminated buffer */

+#define SADB_X_CREDTYPE_MAX 3

+#ifdef _KERNEL

#define PFKEYV2_AUTH_LOCAL 0

#define PFKEYV2_AUTH_REMOTE 1

#define PFKEYV2_CRED_LOCAL 0

#define PFKEYV2_CRED_REMOTE 1

+#endif /* _KERNEL */

-#define SADB_AUTHTYPE_NONE 0

-#define SADB_AUTHTYPE_PASSPHRASE 1

-#define SADB_AUTHTYPE_RSA 2

-#define SADB_AUTHTYPE_MAX 2

-#define FLOW_X_TYPE_USE 1

-#define FLOW_X_TYPE_ACQUIRE 2

-#define FLOW_X_TYPE_REQUIRE 3

-#define FLOW_X_TYPE_BYPASS 4

-#define FLOW_X_TYPE_DENY 5

-#define FLOW_X_TYPE_DONTACQ 6

-#define OPENBSD_IPSEC_API_VERSION 1

+#define SADB_X_AUTHTYPE_NONE 0

+#define SADB_X_AUTHTYPE_PASSPHRASE 1

+#define SADB_X_AUTHTYPE_RSA 2

+#define SADB_X_AUTHTYPE_MAX 2

+#define SADB_X_FLOW_TYPE_USE 1

+#define SADB_X_FLOW_TYPE_ACQUIRE 2

+#define SADB_X_FLOW_TYPE_REQUIRE 3

+#define SADB_X_FLOW_TYPE_BYPASS 4

+#define SADB_X_FLOW_TYPE_DENY 5

+#define SADB_X_FLOW_TYPE_DONTACQ 6

#ifdef _KERNEL

struct tdb;

diff --git a/sys/net/pfkeyv2_parsemessage.c b/sys/net/pfkeyv2_parsemessage.c
index 6cb22bff990..825d7840374 100644
--- a/sys/net/pfkeyv2_parsemessage.c
+++ b/sys/net/pfkeyv2_parsemessage.c

@@ -314,7 +314,7 @@ pfkeyv2_parsemessage(void *p, int len, void **headers)

return EINVAL;

break;

case SADB_X_EXT_POLICY:

- if (i != sizeof(struct sadb_policy))

+ if (i != sizeof(struct sadb_x_policy))

return EINVAL;

break;

case SADB_EXT_LIFETIME_CURRENT:

@@ -423,30 +423,30 @@ pfkeyv2_parsemessage(void *p, int len, void **headers)

case SADB_X_EXT_LOCAL_AUTH:

case SADB_X_EXT_REMOTE_AUTH:

{

- struct sadb_cred *sadb_cred = (struct sadb_cred *)p;

+ struct sadb_x_cred *sadb_cred = (struct sadb_x_cred *)p;

- if (i < sizeof(struct sadb_cred))

+ if (i < sizeof(struct sadb_x_cred))

return EINVAL;

- if (sadb_cred->sadb_cred_type > SADB_AUTHTYPE_MAX)

+ if (sadb_cred->sadb_x_cred_type > SADB_X_AUTHTYPE_MAX)

return EINVAL;

- if (sadb_cred->sadb_cred_reserved)

+ if (sadb_cred->sadb_x_cred_reserved)

return EINVAL;

}

break;

case SADB_X_EXT_LOCAL_CREDENTIALS:

case SADB_X_EXT_REMOTE_CREDENTIALS:

{

- struct sadb_cred *sadb_cred = (struct sadb_cred *)p;

+ struct sadb_x_cred *sadb_cred = (struct sadb_x_cred *)p;

- if (i < sizeof(struct sadb_cred))

+ if (i < sizeof(struct sadb_x_cred))

return EINVAL;

- if (sadb_cred->sadb_cred_type > SADB_CREDTYPE_MAX)

+ if (sadb_cred->sadb_x_cred_type > SADB_X_CREDTYPE_MAX)

return EINVAL;

- if (sadb_cred->sadb_cred_reserved)

+ if (sadb_cred->sadb_x_cred_reserved)

return EINVAL;

}

break;